upvote

points

by ycombinatrix4 hours ago |
comments
upvoteby FabCH2 hours ago|
next
[-]
Police show up and arrest you. Could be with reason, could be by accident. Maybe you did something wrong, maybe you didn’t. They also physically size your servers, and in doing so they unplug the system.

If you have disk encryption, your data now requires the police to force you to produce a password, which may or may not be within their powers, depending on the jurisdiction.

It’s strictly better to have full disk encryption and remote unlocking than no disk encryption at all, because it prevents such „system was switched off by accident“ attacks.

reply
upvoteby gruez1 hours ago|
parent|
[-]
>and in doing so they unplug the system.

They have kits that allow them to unplug the server from the wall without interrupting power supply, specifically so they don't lose the decryption keys.

reply
upvoteby izacus3 hours ago|
prev|
next
[-]
Security isn't a binary boolean though.
reply
upvoteby embedding-shape3 hours ago|
prev|
[-]
If only everyone shared the same use case :)

Maybe I have a server at home, with a locked cabinet and vibration sensors, that houses a server or two and they all use full disk encryption, but I still want to be able to reboot them without having to connect a physical keyboard to them. So no one has physical access, not even me, but I still want to be able to reboot them.

Or countless of other scenarios where it could be useful to be able to remotely unlock FDE.

reply
upvoteby jiveturkey2 hours ago|
parent|
[-]
That's not a counter-argument. You are protecting the physical access, and your threat model doesn't include someone willing to bypass your locks and sensors. (or it does and you just didn't go into those details.)

The argument was that physical access gives up the FDE key.

reply