On Mon, Feb 16, 2015 at 06:19:04PM +0100, Henry Noack wrote: > it is possible to decrypt a kvm volume only by using the command line after > starting it? Encryption can be done at 3 levels: 1. Inside the guest. Just like you do on a physical machine with LUKS (dm-crypt), ecryptfs, TrueCrypt, etc. 2. In QEMU with qcow2, although this feature is not widely used and not up to modern disk encryption standards. 3. On the host using LUKS (dm-crypt), ecryptfs, TrueCrypt, etc or on the storage appliance. It depends what you are trying to achieve. Keep in mind that encrypting the disk image does not stop the host from seeing inside the guest. The host is always trusted, today's virtualization technology has this limitation. Stefan
Attachment:
pgpqhfjSDWYzL.pgp
Description: PGP signature
