Re: Should I encrypt servers at my home lab?

[David Christensen <dpchrist@holgerdanske.com>]

On 10/6/25 05:36, Greg wrote:
> On 2025-10-06, David Christensen <dpchrist@holgerdanske.com> wrote:
> > On 10/5/25 05:12, Greg wrote:
> > > On 2025-10-05, David Christensen <dpchrist@holgerdanske.com> wrote:
> > > > Encrypting "at-rest data" is the starting point -- e.g. the disks are
> > > > powered off and an adversary tries to access the computer and/or disks.
> > > > <snip>
> > > > data inaccessible).  When I tried moving a password-enabled SED between
> > > > computers, I could not unlock the SED in the destination computer.  I
> > >
> > > That's a relief.
> >
> > I tried with only two computers and still am not certain if it was a
> > bug, a feature, or PEBKAC.  Look up the SED standards if it matters.
>
> I did a little bit, and you'd need to reveal at least the drive model,
> how it was locked, the OS on the target computer, and maybe something I
> haven't thought of in order to eliminate the uncertainty.

Computer #1:	Intel DQ67SW motherboard
Computer #2:	Dell Latitude E6520
SSD:		Intel SSD 520 Series


All SED operations were done via the BIOS/UEFI Setup (set/clear 
password) or POST (enter password).


The TPM chip was disabled via Setup in both computers.


Once the drive was unlocked, the OS (Windows, Debian) just saw it as a 
regular drive.


David