I have to install system on a remote server and I would like to follow the 4.11-beta1 idea. I would like to keep encrypted boot feature to protect from unauthorised replication and start of the system on a remote machine. I will also have to add an option to unlock the system over boot without kvm only with ssh session. Additionally I would like to add extra features like grsecurity available in older kernels and protect memory from attempt to access in controlled conditions when necessary.
Could you advice on this how to do it right? I would appreciate suggestions, I know that this will involve custom kernel compilation,
with Kind Regards