[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Crypted devices... where open them?
On Wednesday, July 1, 2020 2:05:50 PM CEST Niels Dettenbach wrote: > Am Mittwoch, 1. Juli 2020, 13:32:49 CEST schrieb J. Roeleveld: > > If the domU is not owned by the same person as who owns dom0, then the > > decryption should be handled in the domU as dom0 should not have access to > > the decription keys. > > This is the design of Xen arch. > > DomUs superuser by priciple is logically different from Dom0. In principle, yes. But I meant, are they all managed by the same entity, or is this a hosting environment where VMs are provided to customers. > > If you own both dom0 and domU, you can decide where to use the decryption > > keys. > > > In this case, I would decrypt it on the dom0. The reason being: > So if you "own" DomUs and Dom0, you may own the hardware too, so why not > doing it in the "storage hardware" (where lot of solutions exist too?)... ß) > #bitjoke Hardware solutions are, for me, on the same level as the dom0. > > 1) the dom0 should have less exposure, which means it will be more > > difficult to break into and grab the keys > > On the other hand, such a solution "within xen" would require significant > more complexity of Xen which itself would offers more exposure to attackers > onto the whole system (even the ones who did not use that "feature")... How would this require additional complexity? The block-device is unlocked on the dom0 and the unlocked block device is passed on to the domU. > The elegantness of xen is his simplicity. > > i would say: keep it simple and/or "fit your design"... Agree > Or use some crypto solutions integrated in the block device solution you > decide for to use for DomUs at "device level" and unlock it byself before > starting any DomUs - transparent to Xen itself. Xen allows scripting of such > stuff. See /etc/xen/scripts/block-* scripts for instance. > > > 2) the data will be accessible anyway as long as the drive is "decrypted", > > you probably mean "unlocked"... Yes, I quickly typed my reply and got the terminology wrong. > > which means as long as the machine is powered, the keys are not really > > needed. > > But same "applies" to DomU True, in my case, domUs are generally running for the same period as the host itself. Only time they are not running is when the host is off or the domU is being restarted. -- Joost
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |