Let's say I want to protect the contents of my Desktop PC which I use in quite many occasions remotely.
I want to use Bitlocker with a startup key that only "activates" at a specific moment in time.
The setup I am thinking would be a Raspberry Pi Zero emulating a USB flash drive connected permanently to the PC. This Pi Zero would have an encrypted container with the startup key inside which would be mounted remotely only for a short time during the PC startup. After that the encrypted container would be unmounted.
How secure would be that scenario?
What factors should I take into account to have a secure mountable container on the RPi Zero?
What I want to achieve:
- PC with Bitlocker (TPM + startup key). Encrypted at rest but being able to start up remotely without typing any password, for further remote connection.
- Startup key that can only be used at a specific time. Encrypted at rest, mounted and dismounted remotely.
I am not interested in somebody hacking my PC while it is turned on, that would be a different threat model, but more like preventing somebody stealing my equipment and accessing my data, while at the same time retaining the comfort of me starting the system remotely.