Boot disk encryption

Google Distributed Cloud (GDC) air-gapped appliance uses Linux Unified Key Setup (LUKS) based disk encryption with Yubikeys.

For each GDC air-gapped appliance, three or more Yubikeys are shipped separately to the customer. The Yubikeys are FIPS 140-2 certified. For more information on the Yubikey model, see https://www.yubico.com/product/yubikey-5-nano-fips/.

The USB ports on each server blade of the device are enabled with USB dongles. The Yubikeys are inserted into the server machines as part of the device setup. After the installation completes, the Yubikeys must stay in the server until you remove them for transport or you return the system. Ensure that the Yubikeys are transferred separately from the appliance to protect against server theft.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-11-06 UTC.