Date: Thu, 21 May 2026 16:01:07 -0700 From: Pete Wright <pete@nomadlogic.org> To: Polarian <polarian@polarian.dev>, freebsd-questions@freebsd.org Subject: Re: Terminal server with consumer hardware Message-ID: <336e1325-ba66-4804-8c39-c7e7530adcce@nomadlogic.org> In-Reply-To: <20260521233422.001d364f@Hydrogen>
index | next in thread | previous in thread | raw e-mail
On 5/21/26 3:34 PM, Polarian wrote: > Hello list, > > This has been discussed on #freebsd a few times now with no success. > > A common reason you don't full disk encrypt servers is because it makes > unattended boot difficult. I believe TPM encryption is now supported > recently but undocumented (correct me if I am wrong), however TPM only > protects against decryption AFTER you dispose of the disks, if they > have the hardware and the disks, its pointless unless paired with > keydisk or passphrase. Keydisk works, but requires you to plug in the > keydisk to boot, making it infeasible to attend a boot remotely. This > leaves passphrase, which is possible to attend a boot remotely provided > you have access. > > Loader supports serial, or a KVM. KVM requires graphics, and on my > server there is no integrated graphics, this means powering a graphics > card (extra 10-15w) which if you are running 24/7, is more costly. > > This makes serial ideal, its simple, doesn't require much power, and > unlike a KVM, a cheap RPI is all you need. > > My setup is a RPI running OpenBSD which is accessible via ssh, > connected to the FreeBSD server by two WinChipHead CH9102/343/341/340 > (not sure which exact chip it is) TTL usb adapters, with the rx and tx > soldered together, transitively, a usb to usb serial adapter. > sorry may have missed this, but why not use IPMI and serial-over-lan? this is pretty much exactly the use-case it was created for, and most if not all server class motherboards support it. for systems where i need full-disk encryption of my root volume i'm able to provide pass key's via remote console, and it allows you to manage the devices hardware too. -pete -- Pete Wright pete@nomadlogic.orghome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?336e1325-ba66-4804-8c39-c7e7530adcce>