mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

18K
active users

Proudly ashamed that I just kneecapped the full-disk #LUKS encryption on one of my personal #Linux servers.

I decided that the device was in a secure-enough location, and being able to auto-start on boot (e.g. after a power outage) was more important than protecting the drive contents.

This is the technique I used, which has the benefit that I can relatively easily reverse the change later on: web.archive.org/web/2014093022

Michał "rysiek" Woźniak · 🇺🇦

@HerraBRE heh, I still prefer unlock-via-SSH, even though evil maid and all that.

@rysiek I still use that for some of the data (an external backup drive), but the machine needs to boot far enough to be on the network and accessible for that to work...

This machine wasn't originally set up with this in mind, so it doesn't have separate root/home partitions.

@HerraBRE unlocking of LUKS root partition can be done directly in initramfs:
neilzone.co.uk/2021/06/unlocki

I use a version of this on a bunch of servers.

But yeah, it needs network access, obviously.

Anyway, whatever works. I am probably overdoing it with this. 😅

Photo of me, a white man with a short dark beard, and dark hair, posing with my thumb on my chin
neilzone.co.ukUnlocking a LUKS-encrypted partition via ssh on Debian 10 and Debian 11Update: since writing this, I’ve also tested it on Debian 11 RC2.

@HerraBRE Unlock via ssh is functionality added to the initrd, network configuration has to be pushed in to that via kernel parameters. I don't currently have documentation on the details at hand, but can look it up later. It doesn't require a specific system setup for later boot stages.

There's also the option of using a network service elsewhere for automatic unlock, but I don't remember what that was called 🙄

@rysiek