alt Hacker NewsDepends on the use case. If boot requires a password, the computer can never lose power or be rebooted without human presence. That’s not always practical.
Replies
prmoustache • 01/17/2025
That is what remote kvm are for and if you do that on commodity hardware you can start a tiny ssh server starting up from an initrd. Having said that an attacker with local access could change the initrd without your knowledge so that it logs the password you enter so it is not necessarily the most secure solution.
➕ show 1 reply
tucnak • 01/17/2025
Google: IPMI, BMC
You can reboot your full-disk-encryption server while you sleep. Obligatory plug: <https://www.recompile.se/mandos>
Disclosure: I am a co-author of Mandos.