I've got in situation when we have MySQL database with sensitive data and we physically cannot provide security of server where MySQL service is running, because some users must have administrative privileges on server. They can run service with skip-grant-tables or just copy all database files to USB flash drive.

I understand there's no absolute protection from stealing database in my case, but I want to make it much harder than just copying database files. Probably some on-the-fly file encryption/decryption layer while key is generated from machine's BIOS/harddrive serial number will be enough.

So is there a way to have database files encrypted? I'm interesting if someone already implemented encryption of storage engine's files, or how can I make it?