Ubuntu – wake-on-lan (wol) a server with full-disk encryption

Ubuntuwake-on-lanzentyal

I have a server installed with zentyal 3.0.2 (based on ubuntu 12.04.2) with full-disk encryption.

While I successfully send the WOL packet and turn on the server, the boot process does not complete since the server disk is encrypted and I need to enter the valid pass phrase before proceeding.

Is there any application that can be used to send the pass phrase?

wol is really useful when we need to manage the server remotely.

Best Answer

To decrypt the boot volume you'll have to use some kind of lights-out management or Intelligent Platform Management Interface (IPMI). This will give you a remote console onto the server so you can type in that passphrase. Common examples of this are the ILO on HP servers or the DRAC on Dell servers.

If you're sending a WOL packet, I really doubt there's a lot of extra overhead in opening up a management console to type in the passphrase. With that said, this is an opportunity to revisit why you're doing all of this:

  • Why are you powering off the server? Servers are designed to stay on all the time, if you have a power constraint or similar you should explore some power saving options that allow you to leave the server running.
  • Why is the boot volume encrypted? On-disk encryption only really helps if you believe that the entire server will be physically stolen and someone will try to steal the data. Is your data worth stealing? What happens if someone steals it? Shouldn't you store your server in a place that's physically protected under lock and key?
  • Even if your disk is encrypted, it has to remain decrypted while the system runs. This means that if you get hacked, your on-disk encryption is worthless because the attacker just stole your unencrypted data off the running system.

Please think about why you're solving this problem and what business purpose it serves.

Related Topic