A walkthrough of how to remotely unlock an encrypted Linux hard drive at boot time by embedding Dropbear (an SSH server) and Tailscale into the initramfs. Since initramfs is a minimal Linux environment with systemd, tools can be added to it, enabling remote access before the main disk decrypts. Security considerations are addressed by limiting the environment to only showing the unlock screen. The approach currently requires Ethernet, though WireGuard or SSH tunnels are mentioned as alternatives.
Sort: