LUKS secure automated decryption
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I have critical data, let's say machine learning code
, GPG keys
,... etc.
I would like to create a workstation that will work somewhere else- in someone else's premises.
I don't have concern that someone may try to hack the running computer. Instead, I don't want someone to steal the disk drive and the data stored on that disk drive.
Tutorials like this one guided me to setup a password for protection, but let's say that the place happens to have frequent power outages -- I will not be bothered to provide the password each time the PC reboots.
One solution I found, but it is a quite hard to implement, is LUKS
that takes the key from TPM
, but I have TPM2.0
which complicates things.
Would you please advice? Is it possible to decrypt LUKS
(or a disk encrypted differently) non-interactively, during boot, keeping keys/password/code secure?
security luks cryptography
add a comment |Â
up vote
1
down vote
favorite
I have critical data, let's say machine learning code
, GPG keys
,... etc.
I would like to create a workstation that will work somewhere else- in someone else's premises.
I don't have concern that someone may try to hack the running computer. Instead, I don't want someone to steal the disk drive and the data stored on that disk drive.
Tutorials like this one guided me to setup a password for protection, but let's say that the place happens to have frequent power outages -- I will not be bothered to provide the password each time the PC reboots.
One solution I found, but it is a quite hard to implement, is LUKS
that takes the key from TPM
, but I have TPM2.0
which complicates things.
Would you please advice? Is it possible to decrypt LUKS
(or a disk encrypted differently) non-interactively, during boot, keeping keys/password/code secure?
security luks cryptography
Gentoo Wiki - Self-Decrypting Server (Archlinux) but calling it secure is a bit of a stretch.
â frostschutz
Sep 13 at 13:21
You may go with this approach: unix.stackexchange.com/q/5017/171196
â muhammad
Sep 13 at 13:46
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have critical data, let's say machine learning code
, GPG keys
,... etc.
I would like to create a workstation that will work somewhere else- in someone else's premises.
I don't have concern that someone may try to hack the running computer. Instead, I don't want someone to steal the disk drive and the data stored on that disk drive.
Tutorials like this one guided me to setup a password for protection, but let's say that the place happens to have frequent power outages -- I will not be bothered to provide the password each time the PC reboots.
One solution I found, but it is a quite hard to implement, is LUKS
that takes the key from TPM
, but I have TPM2.0
which complicates things.
Would you please advice? Is it possible to decrypt LUKS
(or a disk encrypted differently) non-interactively, during boot, keeping keys/password/code secure?
security luks cryptography
I have critical data, let's say machine learning code
, GPG keys
,... etc.
I would like to create a workstation that will work somewhere else- in someone else's premises.
I don't have concern that someone may try to hack the running computer. Instead, I don't want someone to steal the disk drive and the data stored on that disk drive.
Tutorials like this one guided me to setup a password for protection, but let's say that the place happens to have frequent power outages -- I will not be bothered to provide the password each time the PC reboots.
One solution I found, but it is a quite hard to implement, is LUKS
that takes the key from TPM
, but I have TPM2.0
which complicates things.
Would you please advice? Is it possible to decrypt LUKS
(or a disk encrypted differently) non-interactively, during boot, keeping keys/password/code secure?
security luks cryptography
security luks cryptography
edited Sep 13 at 13:26
Goro
5,47052460
5,47052460
asked Sep 13 at 13:03
Kamil
4291516
4291516
Gentoo Wiki - Self-Decrypting Server (Archlinux) but calling it secure is a bit of a stretch.
â frostschutz
Sep 13 at 13:21
You may go with this approach: unix.stackexchange.com/q/5017/171196
â muhammad
Sep 13 at 13:46
add a comment |Â
Gentoo Wiki - Self-Decrypting Server (Archlinux) but calling it secure is a bit of a stretch.
â frostschutz
Sep 13 at 13:21
You may go with this approach: unix.stackexchange.com/q/5017/171196
â muhammad
Sep 13 at 13:46
Gentoo Wiki - Self-Decrypting Server (Archlinux) but calling it secure is a bit of a stretch.
â frostschutz
Sep 13 at 13:21
Gentoo Wiki - Self-Decrypting Server (Archlinux) but calling it secure is a bit of a stretch.
â frostschutz
Sep 13 at 13:21
You may go with this approach: unix.stackexchange.com/q/5017/171196
â muhammad
Sep 13 at 13:46
You may go with this approach: unix.stackexchange.com/q/5017/171196
â muhammad
Sep 13 at 13:46
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f468792%2fluks-secure-automated-decryption%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Gentoo Wiki - Self-Decrypting Server (Archlinux) but calling it secure is a bit of a stretch.
â frostschutz
Sep 13 at 13:21
You may go with this approach: unix.stackexchange.com/q/5017/171196
â muhammad
Sep 13 at 13:46