• @vegetaaaaaaa
    link
    English
    11 year ago

    I’d encrypt all disks. Nevertheless, it covers my ass when they retire the server after I used it.

    Good point. How do you unlock the disk at boot time? dropbear-initramfs and enter the passphrase manually every time it boots? Unencrypted /boot/ and store the decryption key in plaintext there?

    • z3bra
      link
      fedilink
      English
      21 year ago

      I run openbsd on all my servers so I would be entering the passphrase manually at boot time. Saving the key on unencrypted /boot is basically locking your door and leaving the key on it :)