Content
@
0 reply
0 recast
0 reaction
Pawel Pokrywka
@pawelpokrywka
Do you use disk encryption? I've released a new version of cryptreboot, a tool for rebooting a Linux system with an encrypted disk that asks for the passphrase to unlock the disk before the reboot, rather than after as in case of normal reboot. This can be useful when rebooting remote or headless systems, where entering the passphrase typically requires local access. The entire process is handled using an in-memory initramfs patching, ensuring that secrets are handled securely and never touch the disk. Version 0.3.0 now includes native support for ZFS encryption. I'm planning to add more features, including passphrase-less reboots, which would be particularly beneficial for desktop users. If you'd like to try cryptreboot, here's a link. And if you've already tried it, I'd love to hear your feedback! https://phantomno.de/cryptreboot
2 replies
1 recast
4 reactions
Pawel Pokrywka
@pawelpokrywka
Hi @polymutex.eth, I'm solo staker too :) To answer your question: no, I don't plan to handle unplanned reboots, at least in cryptreboot. My idea is to keep it as a simple, drop-in replacement for reboot. I don't want cryptreboot to depend on altering the system configuration or introducing additional network devices. Maybe i will tackle this problem in my super-secret long-term project, but it will take some time ;-) If you don't mind adding complexity to your setup you can use Tang + Clevis, I found a good tutorial here: https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server/ People also do similar stuff you mentioned in your last comment. They move the ssh server to initramfs. There are tons of tutorials on dropbear + initramfs + luks. I agree on your view about introducing too much complexity to initramfs.
1 reply
0 recast
0 reaction
Pawel Pokrywka
@pawelpokrywka
Disk encryption is a broad topic, particularly if we want to talk about threat models, possible attacks and safety measures. This reply is already becoming too long, so I want go this route :) But let's go back to your problem of unplanned reboots due to power outages. How often and for how long do they occur? Let's say most power outages occur for no more than 30 minutes, and you experience 1 longer outage during a year. In this case, assuming you stake on mini PC, having a cheapest UPS would suffice if is ok for you to manually unlock the disk once every year and you accept being offline for few hours (a year). If not, then you should keep looking for different solutions.
1 reply
0 recast
0 reaction
