Hi
On my server I have an unencrypted boot drive which decrypts an encrypted LUKS drive with my data on it.
I am aware that a skilled thief could access the encryption keys thatbare stored on the unencrypted boot drive and am looling for a chill and safe solution.
I know about dropbear to decrypt a luks boot drive and I was wondering about using proxmox and an encrypted VM.
What do you guys think are good ideas?
Thanks
Funnily enough I have written a system to do exactly that as a bachelor’s theses for IT security.
Places client certificates and a client inside the initrd and requests securely the key to unlock.
The sever waits for you to approve the request before providing the key. The key is only held in memory during boot.
I had a version that included for a hidden key provider and planned for a version that included time based auto unlocks etc.
I was planning to package that and release it as open source.
Still might do that.
But that is not an “unattended” reboot or am I mixing something up.