Content pfp
Content
@
0 reply
0 recast
0 reaction
Pawel Pokrywka pfp
Pawel Pokrywka
@pawelpokrywka
Do you use disk encryption? I've released a new version of cryptreboot, a tool for rebooting a Linux system with an encrypted disk that asks for the passphrase to unlock the disk before the reboot, rather than after as in case of normal reboot. This can be useful when rebooting remote or headless systems, where entering the passphrase typically requires local access. The entire process is handled using an in-memory initramfs patching, ensuring that secrets are handled securely and never touch the disk. Version 0.3.0 now includes native support for ZFS encryption. I'm planning to add more features, including passphrase-less reboots, which would be particularly beneficial for desktop users. If you'd like to try cryptreboot, here's a link. And if you've already tried it, I'd love to hear your feedback! https://phantomno.de/cryptreboot
2 replies
1 recast
4 reactions
Pawel Pokrywka pfp
Pawel Pokrywka
@pawelpokrywka
Hi @polymutex.eth, I'm solo staker too :) To answer your question: no, I don't plan to handle unplanned reboots, at least in cryptreboot. My idea is to keep it as a simple, drop-in replacement for reboot. I don't want cryptreboot to depend on altering the system configuration or introducing additional network devices. Maybe i will tackle this problem in my super-secret long-term project, but it will take some time ;-) If you don't mind adding complexity to your setup you can use Tang + Clevis, I found a good tutorial here: https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server/ People also do similar stuff you mentioned in your last comment. They move the ssh server to initramfs. There are tons of tutorials on dropbear + initramfs + luks. I agree on your view about introducing too much complexity to initramfs.
1 reply
0 recast
0 reaction
polymutex pfp
polymutex
@polymutex.eth
This is very cool. However as a solo staker my biggest problem is actually reboots from power outages, not planned ones from the command-line. As far as I can tell this does not work for unplanned reboots. Any plans to support this? (I'm not sure if it can work any other way than having some remote trusted server...)
1 reply
0 recast
1 reaction