Remote solution to decrypt disk at boot - eviltoast

Hi there ! I have a little box at home, hosting some little services for personal use under freebsd with a full disk encryption (geli). I’m never at home and long power outage often occurs so I always need to come back home to type my passphrase to decrypt the disk.

I was searching this week a solution to do it remotely and found the “poor-guy-kvm” solutions turning a Raspberry like board (beaglebone black in my case) in a hid keyboard. It works fine once the computer has booted but once reboot when the passphrase is asked before it loads the loader menu, nothing. When I plug an ordinary USB keyboard I can type my passphrase so USB module is loaded.

Am I missing something ? Am I trying something impossible ?

(I could’ve asked on freebsd forum but… Have to suscribe, presentation, etc… Long journey)

  • taladar@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Not sure about FreeBSD but under Linux I have used SSH based solutions in the past, specifically dracut-sshd to call systemd-tty-ask-password-agent and of course some early network configuration.

    • Jean-Mich Much@jlai.luOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah someone already told Me that some years ago (yeah, years ago…) but it doesn’t work exactly like that with freebsd , it’s possible but not full encrypted disk solution . thanks for your answer