I am using crytsetup with LUKS to encrypt a data drive, separate to the system drive, under Ubuntu 16.04. The issue I am facing is that this system will also be required to automatically start itself up in the event of power loss. The other constraint is that this system can not be connected to a network.
Essentially the only security risk with respect to the data is the case that someone physically steals the system with the HD on board. So of course I can provide an associated key to the drive but given that I have no network access, and yet I still require unattended rebooting, I’m a bit lost on how to proceed.
Looking for general thoughts on how to handle such a situation. Perhaps there are physical security solutions (i.e. self destructing USB -though who knows upon what condition given my requirements!) that might be helpful. Or really any comments from anyone who has faced the same constraint: i.e. encrypted drive with unattended reboot, and no network. Maybe I’m thinking about the problem the wrong way?
Thank you in advance.