Hi
If anyone ever wants to create virtual machines on an encrypted hard disk then the notes here might help:
http://wiki.xensource.com/xenwiki/EncryptedPartitions
Chris
On Tue, Jan 09, 2007 at 03:27:19PM +0000, Chris Croome wrote:
Hi
If anyone ever wants to create virtual machines on an encrypted hard disk then the notes here might help:
That is a nice guide ! One question - you did the encryption on the raw block device (/dev/md1) and then created LVM volumes within it. Any reason you didn't do it the other way around. Eg, make /dev/md1 the PV in a VG, and then encrypt individual LVM logical volumes. There shouldn't be any real difference in securitywith the latter way, and it would remove the need to run 'vgscan' after running the luksOpen command. It would also let you use difference LUKS passwords on a per-VM basis if desired.
Regards, Dan.
i did the same a few days ago and the whole system freezes after i copied a few mb into the encrypted volume (with the newest kernel) i have no idea if it is related to this Problem --> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213414 but i assume not ..
Sven
"Daniel P. Berrange" berrange@redhat.com Sent by: fedora-xen-bounces@redhat.com 01/09/07 04:52 PM Please respond to "Daniel P. Berrange" berrange@redhat.com
To Chris Croome chris@webarchitects.co.uk cc xen-users@lists.xensource.com, fedora-xen@redhat.com Subject Re: [Fedora-xen] Encrypted virtual machines on Fedora Core 6
On Tue, Jan 09, 2007 at 03:27:19PM +0000, Chris Croome wrote:
Hi
If anyone ever wants to create virtual machines on an encrypted hard disk then the notes here might help:
That is a nice guide ! One question - you did the encryption on the raw block device (/dev/md1) and then created LVM volumes within it. Any reason you didn't do it the other way around. Eg, make /dev/md1 the PV in a VG, and then encrypt individual LVM logical volumes. There shouldn't be any real difference in securitywith the latter way, and it would remove the need to run 'vgscan' after running the luksOpen command. It would also let you use difference LUKS passwords on a per-VM basis if desired.
Regards, Dan.
Hi
On Tue 09-Jan-2007 at 03:52:20PM +0000, Daniel P. Berrange wrote:
On Tue, Jan 09, 2007 at 03:27:19PM +0000, Chris Croome wrote:
That is a nice guide ! One question - you did the encryption on the raw block device (/dev/md1) and then created LVM volumes within it. Any reason you didn't do it the other way around. Eg, make /dev/md1 the PV in a VG, and then encrypt individual LVM logical volumes. There shouldn't be any real difference in securitywith the latter way, and it would remove the need to run 'vgscan' after running the luksOpen command. It would also let you use difference LUKS passwords on a per-VM basis if desired.
Urm, no good reason, though I did want to just have to type one passphrase once when Dom0 boots and then be able to create and resize partitions on top of the crypted one without bothering with any LUKs stuff...
Also although I have been using LUKs for a while I'm not so experienced with LVM or Xen so it's been a learning curve and I didn't think of doing it the way you have suggested... ;-)
Chris