Does a tool/method exist which allows encrypting a Windows 7 system volume while providing the possibility to remotely unlock it via ssh during the boot phase? Is it even possible with Windows 7 (I guess it should be)?
On linux, a LUKS encrypted rootfs can be unlocked via ssh during the boot phase (also see /usr/share/doc/cryptsetup/README.remote.gz
on Debian).
The DiskCryptor project comes with a powerful bootloader which allows booting an encrypted system volume by unlocking it via USB or LAN (automatically providing the previously hard-coded password). However, I found no possibility to enter the required unlocking password over a ssh connection and I absolutely don't want to hard-code the password somewhere (not even in my (hopefully) secure LAN).
Therefore, a similar solution to the LUKS approach most probably involves a separate unencrypted boot partition with an ssh server and some boot magic which handles the unlocking and allows chain-loading the encrypted system partition with Windows 7.
Does anything like this exist or is being developed?
kexec
. This could be the holy grail: Booting into a LUKS-encrypted linux by unlocking it via ssh, then using kexec to directly boot a TrueCrypt-encrypted windows system volume from there using the TrueCrypt rescue disk. I'll try that. :)