On Sat, Jan 24, 2026 at 04:21:28PM +0000, Crystal Kolipe wrote:
>On Sat, Jan 24, 2026 at 04:09:25PM +0000, tetrahedra@danwin1210.de wrote:
>> With the SSDs that are present on nearly all servers these days,
>> deleting data from the disk (e.g if it fails or if the disk is replaced)
>> is not possible to do reliably. The only solution is to encrypt all
>> system data (root, swap, etc) and then destroy the encryption key once
>> the disk is no longer needed.
>
>If that is the problem you are trying to solve, you could simply use a
>hard-coded passphrase or a keydisk volume on a permanently connected USB drive
>or even the same disk, (depending on the exact level of destroyability you
>want for the key data).
Permanently attaching a USB drive to a server rented in a remote
datacenter from a large provider like Hetzner or OVH is not necessarily
practical. At the very least, it will require coordination with the
hosting provider and payment of "remote hands" fees to have one of their
engineers insert your USB stick in the server you rented from them.
What's more, it makes it impossible to reliably destroy the encryption
key -- how do you ensure chain-of-custody and destruction of the USB
stick once the server is decomissioned?
Putting key material on the same disk does not solve the problem, since
data destruction on an SSD cannot be assured. Therefore, any plaintext
key material on the disk cannot be reliably destroyed. This negates the
whole point of the exercise.
>If you have a specific threat model that you are trying to protect against,
>and you believe that the only thing preventing you from doing that is the
>inability to enter a passphrase at the bootloader without being at a keyboard
>which is physically connected to the server, this suggests to me that your
>logic is flawed elsewhere. So it might be worth explaining exactly what you
>are trying to do.
Remote unlocking FDE using dropbear-initramfs is standard practice with
other operating systems, and is widely supported as a solution to the
problem of un-wipeable SSDs.
The other solutions presented in this thread are either clever but
unsupported (using TPMs) or impractical and fail to meet all
requirements (USB stick).
No comments:
Post a Comment