Oddbean new post about | logout
oscpacey | 1 years ago (raw) | export | reply | flag 
 Server 1 has an encrypted boot drive

Server 2 has the decryption key

Server 1 boot loader can authenticate to the remote server 2 and retrieve the key.

Q) What is the best thing server 2 can be?

An HSM probably but with a sensible budget?
A password manager server?
Some sort of enclave?
Something better?