[conformal]

i always advocate for FDE, but that often has issues with remote serial console. the threat model of running without disk encryption is far worse for most bitcoin-related sites than the complexity associated with redundancy. if they get hacked, they are likely going to eat downtime anyhow.

as far as low-end solutions are concerned, a usb serial console adapter plus a few machines runs about USD 5K. set machines to redirect console to serial and have an OOB machine for unlocking downed servers.

i'd be interested to hear what kind of solutions there are for onsite tamper-resistant components.