Content pfp
Content
@
0 reply
0 recast
0 reaction

Pawel Pokrywka pfp
Pawel Pokrywka
@pawelpokrywka
Do you use disk encryption? I've released a new version of cryptreboot, a tool for rebooting a Linux system with an encrypted disk that asks for the passphrase to unlock the disk before the reboot, rather than after as in case of normal reboot. This can be useful when rebooting remote or headless systems, where entering the passphrase typically requires local access. The entire process is handled using an in-memory initramfs patching, ensuring that secrets are handled securely and never touch the disk. Version 0.3.0 now includes native support for ZFS encryption. I'm planning to add more features, including passphrase-less reboots, which would be particularly beneficial for desktop users. If you'd like to try cryptreboot, here's a link. And if you've already tried it, I'd love to hear your feedback! https://phantomno.de/cryptreboot
2 replies
1 recast
4 reactions

polymutex pfp
polymutex
@polymutex.eth
This is very cool. However as a solo staker my biggest problem is actually reboots from power outages, not planned ones from the command-line. As far as I can tell this does not work for unplanned reboots. Any plans to support this? (I'm not sure if it can work any other way than having some remote trusted server...)
1 reply
0 recast
1 reaction

polymutex pfp
polymutex
@polymutex.eth
My current solution to this problem is to not encrypt my boot disk, but to encrypt all the rest of the files necessary for the node to work. This is enough for SSH to come up. When it reboots, I have to SSH and manually unlock the other partitions.
1 reply
0 recast
1 reaction

polymutex pfp
polymutex
@polymutex.eth
Would be cool to be able to move this logic to initramfs, although the idea of an initramfs that's smart enough to have a network stack and sshd running in it sounds scary as well.
0 reply
0 recast
1 reaction