That’s possible with the Pi4/5's secure boot as you can use that to establish a protected boot process that uses keys stored in the Pi's OTP memory. The keys should then be inaccessible even if you steal the hardware as the Pi will only boot into code signed by you. But that’s all pretty complicated. I think the far easier solution is to switch from rsync to something like restic. It does encryption out of the box, so the backup target's security doesn’t matter that much and you get a ton of additional benefits like deduplication and compression.
Statistics: Posted by dividuum — Mon Apr 22, 2024 7:38 am