I’m happy with regular password FDE, i think i’m more likely to encounter hardware failure (and then need to read the drive from another machine) than theft of the drive.
It’s a good point though, I’m sure many people do need this feature. Ubuntu is “working on it” but so far i guess it’s mostly not working except for VMs
I have a media center that serves over the internet via VPN, I don’t want to leave it unencrypted but I also don’t want to have to go home and type in a pass every time California has a power outage, which is monthly during the dry fire season and >monthly during the “storm” season. I wouldn’t care as much for my personal laptop or anything, but for servers it seems like an absolute must have and…what is Linux for if not servers?
I think the traditional way to do that is via dm-crypt, which you can set up with an ssh server.
You can also use a network-shared file rather than a password for LUKS but it’s not as straightforward to set up as a password. If you are doing something like tailscale then it’d be unlocked as long as you are on the VPN
Typing in a password in-person at a data center would be a huge hassle, agreed
Unless you want tpm backed full disk encryption in which case… Good luck
One click for Mac and windows, a lifetime of fun for Linux (except arch w/sysdboot which works pretty good)
I’m happy with regular password FDE, i think i’m more likely to encounter hardware failure (and then need to read the drive from another machine) than theft of the drive.
It’s a good point though, I’m sure many people do need this feature. Ubuntu is “working on it” but so far i guess it’s mostly not working except for VMs
I have a media center that serves over the internet via VPN, I don’t want to leave it unencrypted but I also don’t want to have to go home and type in a pass every time California has a power outage, which is monthly during the dry fire season and >monthly during the “storm” season. I wouldn’t care as much for my personal laptop or anything, but for servers it seems like an absolute must have and…what is Linux for if not servers?
I think the traditional way to do that is via dm-crypt, which you can set up with an ssh server.
You can also use a network-shared file rather than a password for LUKS but it’s not as straightforward to set up as a password. If you are doing something like tailscale then it’d be unlocked as long as you are on the VPN
Typing in a password in-person at a data center would be a huge hassle, agreed