GELI on remotely hosted FreeBSD VM
zhaghzhagh at openmailbox.org
zhaghzhagh at openmailbox.org
Tue Sep 27 14:23:46 UTC 2016
Hello
Wonder if there is any security implication with GELI based full disk
encryption and FreeBSD running on Xen based VM?
Here are some of my doubts:
1. Could the GELI passphrase revealed by having access to the VM's
memory snapshot? (At boot time when passphrase is prompted - probably
yes / during normal operation...)
2. Would it be possible to resume the VM from a snapshot and anyhow
force it to do a full disk read? (With / without knowing root / any
other user's credentials.)
...
In general, would like to have a clearer picture about the effectiveness
of full disk encryption in case of VM hosted at an 'unknown' physical
location.
Thanks!
More information about the freebsd-geom
mailing list