On 21 Feb 2017 14:42 +0100, from michaelof@xxxxxxxxxxxxxx: > But when asking the author of this article about some small > questions left, he stated his personal opinion that any encryption > on an externally hosted vserver/VPS would be a waste of time. > Because the to be entered at boot time deencryption passwords would > be stored in memory of the virtual machine (all is KVM based at this > company), they could easily be read from memory, in case of a "real" > attack. > > Coming to the point: As this sounds reasonable, is there any chance > to circumvent this issue? That post was a whole lot of text to ask "is there any way to protect data on a VPS guest against an attacker with full hypervisor access?". Basically, the answer to that is _no_. If the attacker has hypervisor access, they can snapshot the VM's RAM right along with the storage. Because the data encryption key is necessarily in RAM, the rest is simply a matter of going through the data structures in kernel memory to locate the key material. Nothing running inside the VM will know it ever happened. For the purposes of the above, CPU registers can be treated as identical to RAM. There has been some discussion on methods of encryption without exposing the key, but IIRC that's more about restricting exposure to the _guest_, not the _hypervisor_. That has some value, but does not against the threat model you describe. And I'm pretty sure not even that is widely implemented anywhere. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
