My company is developing a device that is basically a Linux box with some attached hardware and proprietary software that is installed on several clients. What would be the best options to secure the contents of the hard drive so that it cannot be removed and inspected on another computer? Asking for a password on boot is not an option.
Answer
This exact question was asked on the Information Security stack a couple weeks ago. See https://security.stackexchange.com/questions/220774/how-to-use-fde-without-needing-to-share-the-encryption-password/220776
The short answers is FDE tied to a TPM. But there is a lot of good discussion about how depending on this is a bad idea.
Attribution
Source : Link , Question Author : Samir Zattar , Answer Author : longneck
