"Remote unlock of FDE" is a bit of a fairy tale. There is no such thing. The link below describes an example of a Linux system booting a minimal system via initrd - and making ssh available - so someone can log in and enter an password. But by definition this is NOT full disk encryption. /boot must be unencrypted for this to work. Your keys must be stored in the initrd image unencrypted for SSH to start up. So you are using one system in essence to bootstrap another system. Not FDE.
Real FDE can be achieved under Linux nowadays by leveraging the TPM for hardware key storage to unlock the root volume in recent versions of systemd. This obviates the need for remote unlock. To my understanding the tpm(4) driver under OpenBSD does not support this functionality (yet). You might look into being creative with the serial console. Regards Lloyd [email protected] wrote: > What's the current status of disk encryption remote unlock? > > All I can find is this thread: > https://tech.openbsd.narkive.com/tHp7tSOU/boot-network-for-remote-unlock-of-fde
