this post was submitted on 16 Dec 2023
56 points (95.2% liked)

Selfhosted

40397 readers
708 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
56
Proper HDD clear process? (poptalk.scrubbles.tech)
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/selfhosted
 

Usually my process is very... hammer and drill related - but I have a family member who is interested in taking my latest batch of hard drives after I upgraded.

What are the best (linux) tools for the process? I'd like to run some tests to make sure they're good first and also do a full zero out of any data. (Used to be a raid if that matters)

Edit: Thanks all, process is officially started, will probably run for quite a while. Appreciate the advice!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 11 months ago (3 children)

Does one have to supply the password at each boot with what you are describing - this sounds like the password is somewhere in the partition table. If so what do I google to learn more?

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago)

There are many ways to setups full disk encryption on Linux, but the most common all involve LUKS. Providing a password at mount (during boot, for a root partition or perhaps later for a "data" volume) is a but more secure and more frequently done, but you can also use things like smart cards (like a Yubikey) or a keyfile (basically a file as the password rather than typed in) to decrypt.

So, to actually answer your question, if you dont want to type passwords and are okay with the security implementations of storing the key with/near the system, putting a keyfile on removable storage that normally stays plugged in but can be removed to secure your disks is a common compromise. Here's an approachable article about it.

Search terms: "luks", " keyfile", "evil maid"

[–] [email protected] 2 points 11 months ago

store it in tpm

[–] [email protected] 1 points 11 months ago

There's many different ways with different performance tradeoffs. for example for my Homeland server I've set it up that I have to enter it every boot, which isn't often. But I've also set it up to run a ssh server so I can enter it remotely.

On my work laptop I simply have to enter it on each boot, but it mostly just goes into suspend.

One could also have the key on a usb stick (or better use a yubikey) and unplug that whenever is reasonable.