Comment on Proper HDD clear process?

<- View Parent
IlliteratiDomine@infosec.pub ⁨10⁩ ⁨months⁩ ago

There are many ways to setups full disk encryption on Linux, but the most common all involve LUKS. Providing a password at mount (during boot, for a root partition or perhaps later for a “data” volume) but you can also use things like smart cards (like a Yubikey) or a keyfile (basically a file as the password rather than typed in) to decrypt.

So, to actually answer your question, if you dont want to type passwords and are okay with the security implementations of storing the key with/near the system, putting a keyfile on removable storage that normally stays plugged in but can be removed to secure your disks is a common compromise. Here’s an approachable article about it.

Search terms: “luks”, " keyfile", “evil maid”

source
Sort:hotnewtop