Simple question, probably a hard answer

I have a small headless Linux wheezy system running off an SDHC card.

It's too easy to "borrow" an SDHC and copy it and I want to keep my files secure...

Is there any way I can encrypt the software on the SDHC using something like the Ethernet MAC address or some other system-unique string as the key, with no need to enter a passphrase (which I can't easily do because its a headless rig)?

Alternatively, is there some kind of active socket encryption device I can place between the SDHC card and its system socket, or some other way of doing this I haven't thought of?

The easy answer is yes ..and no.

You can easily encrypt the card using LUKS as if it were any other storage device. What you need to do is rather than using a passphrase (thought setting one up is a wise backup) you need to use a keyfile. Since you want this standalone, and immune to local theft, the keyfile source will need to reside on a separate system, for example another server accessible over the network. This will require setting the system up so that it boots and is network ready before starting the decryption process.

For the second you're back to remotely locating the key device since you are trying to prevent local theft/intrusion while maintaining remote startup.

One way around all of it is to have the machine boot the necessary system software and then mount a remote encrypted volume thus separating the secured data from the potentially vulnerable server itself.

1 members found this post helpful.

Your suggestion of LUKS was enough to get me started, and now I've found a LUKS howto, so I'm off and running!

Many Thanks!