Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is not the same thing is it? Arch Wiki mentions something about having to install a separate ssh server into initramfs to support ssh’ing into fully encrypted systems.

systemd-cryptenroll seems to be about storing encryption keys into the TPM so that they can be decrypted automatically at boot (?)

Apologies if I misunderstood something.



I'm looking for what you're describing, some way to remote unlock a system. Is this the wiki page you're talking about?

https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote...

However, I'd prefer that the box is not on the general internet, but only over my tailscale net. I wonder if tailscale will also fit in the initramfs...


Yeah I was looking at that page. Found this btw: https://github.com/darkrain42/tailscale-initramfs


Thanks! I'm just getting back into Linux boot issues for the first time in multiple decades, and boy is it different than I remember.

It's pretty incredible to be able to dump all this stuff directly into the boot system. Now to see what Omarchy has done to give the fancy LUKS password entry...


and I imagine that the initramfs is not encrypted and trivially modifiable?

Apple is able to achieve this securely because their devices are not fully encrypted. They can authenticate/sign the unencrypted system partition.


https://mastodon.social/@pid_eins/113404099228886304

You auth the initrd too


This is super cool, thanks for the link! I’m glad they were able to leverage the TPM




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: