[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Automating boot of Ubuntu on encrypted LVM?

  • To: xen-users@xxxxxxxxxxxxx
  • From: Rich Wales <richw@xxxxxxxxx>
  • Date: Mon, 15 Apr 2013 11:48:47 -0700
  • Delivery-date: Mon, 15 Apr 2013 18:49:46 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

Sorry for the delay in getting back to people on this.

My main security worry is the possibility that the server (in my home)
might be stolen by thieves.  I'm taking measures to secure the box
physically, of course, but in the event someone manages to make off
with the hardware, I want to make it very difficult for even a skilled
hacker to get at my data.

My original idea (automatic decryption of a domU's main partition via a
key file passed to the domU at creation time) should be doable by making
changes to the domU's /etc/crypttab file (then doing update-initramfs on
the domU).  The key file would reside in my home directory on the dom0,
which is encrypted using ecryptfs; thus, no one would be able to start
the domU or make any sense of the data in its LVM partition unless I
had first logged in to my account on the dom0 -- but once I had logged
in, I could create the domU and it would launch without further manual

The following article may be helpful for inspiration (though it doesn't
talk specifically about using Xen):


Since it would be very easy to mess things up badly by making a mistake
here, I'm going to wait until I have a lot of spare time to do this; in
the meantime, I'll continue to type a passphrase by hand whenever the
domU is started or restarted.

Rich Wales

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.