What are the approaches available for fully encrypting a disk on a remote server (say, colocated in a datacenter)? On Windows, we can just turn on Bitlocker with a TPM. Then the server can reboot, and attacking either requires taking the machine while live and dumping RAM, or breaking the TPM. On Linux, what's available?
So far, I've found an IBM "blueprint" describing how to store dm-crypt keys in the TPM. Is this the best approach?
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/topic/liaai/tpm/liaaitpm_pdf.pdf