mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.

Administered by:

Server stats:

869
active users

BjarniBjarniBjarni 🙊 🇮🇸 🍏

Proudly ashamed that I just kneecapped the full-disk encryption on one of my personal servers.

I decided that the device was in a secure-enough location, and being able to auto-start on boot (e.g. after a power outage) was more important than protecting the drive contents.

This is the technique I used, which has the benefit that I can relatively easily reverse the change later on: web.archive.org/web/2014093022

@HerraBRE heh, I still prefer unlock-via-SSH, even though evil maid and all that.

@rysiek I still use that for some of the data (an external backup drive), but the machine needs to boot far enough to be on the network and accessible for that to work...

This machine wasn't originally set up with this in mind, so it doesn't have separate root/home partitions.

@HerraBRE unlocking of LUKS root partition can be done directly in initramfs:
neilzone.co.uk/2021/06/unlocki

I use a version of this on a bunch of servers.

But yeah, it needs network access, obviously.

Anyway, whatever works. I am probably overdoing it with this. 😅

neilzone.co.ukUnlocking a LUKS-encrypted partition via ssh on Debian 10 and Debian 11
More from Neil Brown

@HerraBRE Unlock via ssh is functionality added to the initrd, network configuration has to be pushed in to that via kernel parameters. I don't currently have documentation on the details at hand, but can look it up later. It doesn't require a specific system setup for later boot stages.

There's also the option of using a network service elsewhere for automatic unlock, but I don't remember what that was called 🙄

@rysiek