[gsreenivas]

Actually no. There is no support for secure boot or proper encrypted storage with a protected key.

We prototyped on Pis a while back before we shipped our v1 but there are meaningful limitations.

[smoldesu]

1. Secure boot is supported on Raspberry Pi, just not out-of-the-box. There's plenty of solutions in this field for your respective needs.

2. Raspberry Pi supports LUKS perfectly fine, making disk encryption a snap.

[gsreenivas]

Would love to see what documentation you have around both of these points. I have not seen anything that indicates the SoC for the Pi supports eFuse or any other OTP storage.

[slenk]

Not OP, but this looks promising after a little searching: https://askubuntu.com/questions/599825/yubikey-two-factor-au...

[gsreenivas]

Great for laptops/desktops, horrible for servers. You would have to be present for the challenge/response on a reboot. Also, doesn't solve the secure boot issue. FDE w/o secure boot isn't particularly useful.