On 02/14/2018 02:21 PM, Benjamin Drung wrote: > If the UEFI is as secure as storing an unencrypted file on a hard > drive, I am satisfied. Or do you have a better idea where to store the > SSH keys for a diskless system that boots via network? I assume it would be best to use TPM for this (if your systems have TPM chips), it is designed for use-cases like this. Searching for "tpm ssh keys" gives a decent amount of results. Mostly targeted at user keys instead of server keys, so this might need some tinkering to get working.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
