This hasn’t happened to me yet but I was just thinking about it. Let’s say you have a server with an iGPU, and you use GPU passthrough to let VMs use the iGPU. And then one day the host’s ssh server breaks, maybe you did something stupid or there was a bad update. Are you fucked? How could you possibly recover, with no display and no SSH? The only thing I can think of is setting up serial access for emergencies like this, but I rarely hear about serial access nowadays so I wonder if there’s some other solution here.
😅 naa for me encryption a bigger risk than theft
That said, you should be able to decrypt your disks with the right key even on a live boot. Even if the secrets are in the tpm you should be able to use whatever your normal system uses to decrypt the disks.
If you don’t enter a password to boot, the keys are available. If you do, the password can decrypt the keys afaik.
Again, I don’t do this but that’s what I’ve picked up here and there so take it with a grain of salt I may be wrong.
Actually that might work. I thought that secure boot and disk encryption would prevent mounting the disk to a different system, but now I can’t think of any reason why it would. Good idea