I use a headless server connected to nothing but an ethernet cable in my basement, and I’d prefer to allow the thing to boot by itself and start up without me needing to unlock the disk encryption every single time I do an update or power back on. Its a Dell 9500t NUC that I’m using it as a server and am wondering whether its possible to encrypt everything still.
I do generally use docker containers, so could I potentially encrypt just the containers themselves, assuming I’m worried about a smash and grab rather than someone keeping the machine powered up and reading my ram?
First reason I think of to use fde all the time even if it’s automatically unlocked, is it’s simple to securely delete everything all at once. Just delete all the keys or overwrite that section of the desk.
Second reason. It may run your vpn, with the server down you cannot connect to it and provide the decryption key unless you are connected to the same network.
There are some good answer around where the server can easily decrypt automatically as long as it is connected in your home but will likely fail at a thief’s home. These are a much safer setup than keeping data unencrypted even if they are not bullet proof.
Depends on how you want to define “securely”. A sufficiently motivated attacker could attack the remaining encrypted data, either through brute force or exploiting a weakness in the algorithm.
If you find an encrypted drive, it’s extremely unlikely you can recover anything from it. If there is no LUKS header, it’s pretty much impossible.