Re: remote disk decryption on centos?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 3/12/21 1:51 PM, ept8ept8@xxxxxxxxxxx wrote:
Hi I was reading about how unlock encrypted root partition from remote
(unattended). I'd like asking what is compatible way for this in centos
and commonly used by administrators?


What's your threat model?  Are you trying to protect the system from physical theft, or are you trying to make sure the disks aren't readable when they're retired or fail?

For most purposes, I recommend enrolling the disk with the TPM2 chip, so that disks can be unlocked at boot without human intervention.  If theft is a concern, you'd need to ensure that the bootloader requires a password, and that the firmware boots only from the internal disk without a password:

    clevis luks bind -d /dev/VOLUME tpm2 '{"pcr_ids":"7"}'

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux