Hello, sorry for the lack of a better topic title.
I'm looking for a hardware device to secure a rack linux server in a certain way, and I'm trying to find out what to use.
The device has to offer the following security features:
- It houses a cryptographic key in a secure memory location that doesn't suffer from RAM "burn-in".
- Upon boot, GRUB should be able to retrieve the cryptographic key automatically for the purpose of decrypting a LUKS-encrypted rootfs partition (/boot included).
- It offers a way to securely wipe the stored cryptographic key(s) in a panic situation (i.e. a GPIO pin for chassis intrusion or via API)
- It has to have backup power available, so that in case the main power is lost, the device continues to operate and detect physical intrusions
- If the backup power is lost (battery depletes) then the keys are automatically wiped
Does anything like this exist? A TPM module may come close, but it doesn't have backup power, and if the power is lost it doesn't erase the stored keys.
