is it possible to have zero access to the self hosted PVE incase of robbery

[virtualizerforlife]

If a thieves were to enter in to my house and I had my proxmox VE up and running, unencrypted. Doesn't this mean that they can access everything they want on my PVE serve (containers, services, etc.)?
If this is true, then how do I protect myself against thieves that could steal things inside of my proxmox?

Is it possible to run the server locally so that it is constantly "encrypted" and not accessible locally at all?
Also, if I were to enter the server remotely, then is it possible to access it without opening the local encryption first (maybe end-to-end encryption is the right word for this?)

My question is about encryption. I have not been able to find direct answer so I would like to ask about it here.

I'm still learning so I might have not used correct words and feel free to ask questions so I can try to specify

My current PVE is encrypted but I have to unlock it everytime I reboot, or open the server again so it stays unencrypted (I don't know if it's possible to keep it encrypted and run PVE + services + containers at the same time)

 

[leesteken]

If you can find a way to do this with Linux then you can probably also do this with Proxmox (and I'll help you if there are Proxmox specific issues). You might want to consider robbers that steal your computer wile keeping it powered, if you are a high-value and specific target. Anyway, this is not at all Proxmox specific and other Linux guides will most likely apply.

EDIT: Proxmox VE is a clustered enterprise hypervisor and the usual approach to this threat is to have a paid guard for the datacenter (that runs your many nodes) 24/7.

 

[virtualizerforlife]

If you can find a way to do this with Linux then you can probably also do this with Proxmox (and I'll help you if there are Proxmox specific issues). You might want to consider robbers that steal your computer wile keeping it powered, if you are a high-value and specific target. Anyway, this is not at all Proxmox specific and other Linux guides will most likely apply.

EDIT: Proxmox VE is a clustered enterprise hypervisor and the usual approach to this thread it to guard the datacenter (that runs your (many) nodes) 24/7.

What are the keywords specifically for this? I'm not sure if its zero trust, encryption, end-to-end encryption or something else? What I should be searching for?

How do you guard the datacenter? You don't mean physical guarding?

 

[leesteken]

How do you guard the datacenter? You don't mean physical guarding?

Yes, pay people protect your hardware against physical access. Your threat model depends on many factors such as how valuable is your data and how likely are you to be attacked in various ways.

EDIT: As I said, none of this is Proxmox specific. If you find a way to protect a generic Linux system against physical access (by robbers) then we can probably use if for Proxmox as well.

EDIT2: I think you can encrypt your data at rest and have the system work only if you enter a password at every startup. This protects the system against it being taken while it is powered off. Full disk encryption can work for Proxmox just as any other Linux. Is this enough for you? Or do you need protection against robbers stealing your UPS with your Proxmox (or bringing their own)?

EDIT3: Sure, you can make a failsafe that shuts down your Proxmox when it cannot find your personal WiFi. But what will you do if the robbers know about this and move the WiFi with it? In short, what is the threat model you want to protect against and how is it specific to Proxmox (compared to generic Debian GNU/Linux)? Proxmox is not a silver bullet that makes this easier.