Suitable partition encryption application
I'm looking for a partition encryption package and I imagine a compatible bootloader to do the following:
1. Encrypt root partition (boot partition can remain unencrypted if it doesn't contain unencrypted "decryption" information)
2. Encryption/Decryption method should utilize something specific about the hardware it is used on to form its key. This would mean that partitions cannot be unencrypted if the hard drive is moved to different hardware.
3. There should be no requirement for a password/passphrase to be entered during bootup, so if the server is restarted, no one should need to go to the server's console to enter a passkey.
I've read a few tutorials regarding encryption of the rootfs, they refer to a passkey for encryption...my concern with this is the drives can still be removed from the current hardware and installed into other hardware and still boot...or am I wrong about this?
I'm hoping that I can use something specific about the hardware (eg BIOS serial number) so the hard drives can't be removed and installed in another server.
I understand there could be a performance hit with this, that is acceptable as all common tasks are cached so this shouldn't be too much of a burden.
I look forward to your suggestions.