There is an old but still reasonable solution with mkinitcpio hooks encrypt/sd-e... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		idorosen 6 hours ago \| parent \| context \| favorite \| on: Remotely unlocking an encrypted hard disk There is an old but still reasonable solution with mkinitcpio hooks encrypt/sd-encrypt + ssh, which is very easy to set up with EFI or grub2 onward. Tailscale is probably overkill for this use case, given that you're already exposing pre-/early- boot to the network by setting up interfaces that early. This became much more hermetic with secureboot and TPMs, too.

		help

kro 5 hours ago [–]

TPM definitely rises the effort by a lot to break it. But by default the communication with it is not encrypted, so especially for modules not built into the cpu wire/bus-tapping is a thing.

https://news.ycombinator.com/item?id=46676919

gruez 4 hours ago | [–]

Just use fTPM?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact