user0777

Encrypted ram is the solution however 99% of unraid users will not have encrypted ram.

RAM isn’t encrypted. Unraid stores the decryption key in RAM in plaintext.

No, we are talking about the case when the server is already on but locked.

I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked.

According to a thread on hacker news, the only mitigation for cold boot on unraid would be something involving RAM encryption (intel 13th gen and some AMD CPUs have this feature) https://news.ycombinator.com/item?id=38219731

Isn’t the whole point of LUKS to protect against physical attacks?

Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible

Assuming we use LUKS and encrypt a drive, according to this thread the decryption key is stored in RAM. Does this mean my server is susceptible to a cold boot attack? (https://en.wikipedia.org/wiki/Cold_boot_attack) Please forgive me if it's a dumb question.