I appreciate everyones time, input and ideas on solutions.
I should probably clarify; this PC is litterally just in a shed / workshop of mine, its not a high value system but rather a Intel NUC which is a few years old (but much loved as it has served me well).
I understand that a lot of different encryption mechanisms can only be relied upon for their full protection when at rest / off, but in this scenario I am anticipating physical theft by a unsophisticated thief and assume it will be off when stolen. Considering the workshop is alarmed I'm not anticipating a burglar to be tampering, rebooting or working with the system whilst online, it's going to be a snatch and grab afair if anything happens.
It wont be storing any critical or highly sensitive information which may be attrative to sophistcated attackers, but rather I just wanted to limit damage from logged in browser sessions, keys or other credentials from being stolen if it were physically stolen from me.
I hadn't thought about running the system within a VM on it, which is crazy really considering as part of my work we run hundreds of servers many of which utilise different forms of virtualisation + and at home for personal use I use VirtualBox.
Whilst I do love virtual machines I have found the visual / graphical capabilities a little limiting at times and buggy, for a power use that uses a wide variety of applications. This system in the workshop will be using CNC/Laser software and working with graphics a lot. Still I could give virtualisation a go, it may be a good combo in this scenario.
I also love Raspberry Pi's so I thought the idea of using one of those as a out of band input device was cool. I also have access to a few Yubikeys and other 2FA possibilities so I really do appreciate all the ideas.
I'll have to see if my NUC has any inbuilt Intel out of band capabilities as well.
Bookmarks