• vegetaaaaaaa@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’d encrypt all disks. Nevertheless, it covers my ass when they retire the server after I used it.

    Good point. How do you unlock the disk at boot time? dropbear-initramfs and enter the passphrase manually every time it boots? Unencrypted /boot/ and store the decryption key in plaintext there?

    • z3bra@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I run openbsd on all my servers so I would be entering the passphrase manually at boot time. Saving the key on unencrypted /boot is basically locking your door and leaving the key on it :)