I’m trying to build a headless server that has sensitive data on it and needs full disk encryption. I want it protected from physical theft and as far as I can brainstorm, that means at boot, the storage has to be unlocked manually. I know I can do this with remote access through remote console IPMI board but was wondering if I’ve just missed a way to solve this problem without using extra hardware. Have any of you homelabbers dealt with this problem set without using IPMI cards?
If someone physically has your disks unless you have on the drive encryption your fucked. Even then I dunno. If it was created by humans it can be cracked by humans.
Maybe better to move server to undisclosed location like a bank vault.