top | item 45295507

(no title)

xrisk | 5 months ago

This is not the same thing is it? Arch Wiki mentions something about having to install a separate ssh server into initramfs to support ssh’ing into fully encrypted systems.

systemd-cryptenroll seems to be about storing encryption keys into the TPM so that they can be decrypted automatically at boot (?)

Apologies if I misunderstood something.

discuss

epistasis|5 months ago

I'm looking for what you're describing, some way to remote unlock a system. Is this the wiki page you're talking about?

https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote...

However, I'd prefer that the box is not on the general internet, but only over my tailscale net. I wonder if tailscale will also fit in the initramfs...

xrisk|5 months ago

Yeah I was looking at that page. Found this btw: https://github.com/darkrain42/tailscale-initramfs

conradev|5 months ago

and I imagine that the initramfs is not encrypted and trivially modifiable?

Apple is able to achieve this securely because their devices are not fully encrypted. They can authenticate/sign the unencrypted system partition.

klooney|5 months ago

https://mastodon.social/@pid_eins/113404099228886304

You auth the initrd too