1

I have critical data, let's say machine learning code, GPG keys,... etc.

I would like to create a workstation that will work somewhere else- in someone else's premises.

I don't have concern that someone may try to hack the running computer. Instead, I don't want someone to steal the disk drive and the data stored on that disk drive.

Tutorials like this one guided me to setup a password for protection, but let's say that the place happens to have frequent power outages -- I will not be bothered to provide the password each time the PC reboots.

One solution I found, but it is a quite hard to implement, is LUKS that takes the key from TPM, but I have TPM2.0 which complicates things.

Would you please advice? Is it possible to decrypt LUKS (or a disk encrypted differently) non-interactively, during boot, keeping keys/password/code secure?

Kamil
  • 1,311
  • 2
  • 14
  • 31
  • [Gentoo Wiki - Self-Decrypting Server](https://wiki.gentoo.org/wiki/Custom_Initramfs/Examples#Self-Decrypting_Server) [(Archlinux)](https://gist.github.com/frostschutz/ca44c333887490ab3dcf2a3cd83c78fe) but calling it secure is a bit of a stretch. – frostschutz Sep 13 '18 at 13:21
  • You may go with this approach: https://unix.stackexchange.com/q/5017/171196 – arif Sep 13 '18 at 13:46

0 Answers0