markomas

joined 1 year ago
[–] [email protected] 16 points 11 months ago (2 children)

Hi, Why not to do little bit diffrently?

  1. Server boots into unencrypted kernel with ssh server (it has just that ssh server)
  2. Then you connect remotely via ssh and provide password (unlock encrypted disks etc)
  3. Then system boots to encrypted environment which you unlocked at step 2
  4. profit

No second pc/raspberry is required

I have this done with luks on Debian: https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/ I think you can adapt something similar to your freebsd

Quick google search found:

https://forums.freebsd.org/threads/encrypted-root-with-unencrypted-preboot-and-reboot-r.74378/

https://github.com/Sec42/freebsd-remote-crypto