I'm setting up a home server which has full disk encryption enabled. In order to recover from a power failure the machine automatically reboots. I'm also able to unlock the disk remotely using ssh according to this topic: SSH to decrypt encrypted LVM during headless server boot?
The only thing missing is that I'm not informed when the machine reboots so that I know when to unlock the disk again.
Is there some kind of built-in functionality in GRUB2 that helps me achieve this or is my only option to set up an external site monitoring service?
Best Answer
This kind of functionality is far too advanced for GRUB. GRUB can't even talk over the network except for TFTP.
The SSH server that you saw runs under Linux. It is started early during the boot process, after the kernel has booted but before mounting the root filesystem. Linux runs programs from the initramfs (or initrd on older systems) before mounting the root filesystem; that's how you get a password prompt on the console when the root filesystem is encrypted, for example.
Initramfs typically have a set of BusyBox utilities. BusyBox can't send mail, but suggests the ssmtp utility as a companion for this task. You'll need to build a statically compiled version.
An alternative approach could be to install the dropbear client and send the email (or other form of notification) from another machine. You can use the
command=directive in anauthorized_keysfile to restrict the use of a key to one specific command.Yet another approach, if the machine is on a network segment which is protected from intrusion, could be to ping a dedicated port, or “port knock” some sequence, or send a ping with some constant payload.