Modern CPUs have some RAM encryption features, but ultimately you’re running on hardware outside your control. Personally, I use full disk encryption (except for /boot) and unlock remotely via SSH, but that only helps against automatic scanning of the storage.
Dropbear + manual input, but I guess you could do that as a single command somehow. I rarely restart this machine, so copying the PW from my PW manager is acceptable for me.
Modern CPUs have some RAM encryption features, but ultimately you’re running on hardware outside your control. Personally, I use full disk encryption (except for /boot) and unlock remotely via SSH, but that only helps against automatic scanning of the storage.
Do you use dropbear and manually input the password to unlock the LUKS partition, or have you scripted something to automate that?
Dropbear + manual input, but I guess you could do that as a single command somehow. I rarely restart this machine, so copying the PW from my PW manager is acceptable for me.