Comment by varispeed
12 days ago
How do you deal with something like this in a NAS? There is no way to enter password during boot.
If someone steals the NAS how easily can they get to the data? Assuming volumes are encrypted, but the are automatically mounted on boot?
How to ensure the data is safe in case of theft.
Instead of the luks key in tpm you can use a fido2 compatible hardware security usb token. For booting/unlocking it has to be plugged in then you can remove it. This is pretty convenient and secure against many threats like stealing the nas in my opinion.