off topic: volatile USB stick available
Aaron Rainbolt
arraybolt3 at gmail.com
Fri Jun 24 22:07:58 UTC 2022
On Fri, Jun 24, 2022 at 2:43 PM Andre Tann <atann at alphasrv.net> wrote:
>
> On 24.06.22 17:23, ubuntu at howorth.org.uk wrote:
>
> > Why do you need the stick? Just store the key in the computer's RAM and
> > it will have the same effect, no? You could use a file in a tmpfs.
>
> How would the key survive a reboot then?
> Or a power down, followed by a wake-on-LAN a few hours later?
>
> The content of a volatile stick would survive these events if plugged
> into a always-on USB port.
If you wanted to do a lot of fiddling, you could possibly rig a
Raspberry Pi Zero to do exactly this.
https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/overview
Set it up as an Ethernet gadget, ensure that the Pi Zero doesn't have
a swapfile, mount a tmpfs to a folder in the Pi, and store the key
there. The server could then retrieve the key from the Pi at boot time
and decrypt the drive - possible solutions for doing so are available
here: https://serverfault.com/questions/884704/luks-automatic-unlock-of-with-key-file-on-remote-ubuntu-server
Server loses power, Pi loses power, key vanishes.
Also have a recovery strategy (key backed-up on a non-volatile flash
drive that you store somewhere safe) so that when the fateful day
comes that everything does lose power, you're not permanently locked
out of the server data.
More information about the ubuntu-users
mailing list