14 Feb 2026 07:05:06 > Remote unlocking FDE using dropbear-initramfs is standard practice with > other operating systems, and is widely supported as a solution to the > problem of un-wipeable SSDs.
Look at Peter G reply but remember USB access and firmware implementations often written in C with lower standards than OpenBSD have their own issues. Aside from having far less faith in dropbear than OpenSSH. How is an initramfs different from booting OpenBSD and opening a softraid crypto volume once booted? It doesn't prevent physical tampering, does it? Having to have extra crypto volumes for e.g. /var/spool/smtpd might be a bit of a pain though.
