grml-debootstrap icon indicating copy to clipboard operation
grml-debootstrap copied to clipboard

Published 20 hours ago verified publisher icon grml

encrypted VM images support

Open adrelanos opened this issue 5 years ago • 2 comments

Would be nice if encryption was supported for VM images (using standard dm-crypt).

This is interesting since (VM) raw images created by grml-debootstrap can also potentially be written (dd) to USB or other hard drives.

The masterkey would be known to the public but users could use cryptsetup-reencrypt to fix that once booted for the first time.

adrelanos avatar Apr 19 '19 11:04 adrelanos

It's possible. This guide explains using debootstrap on encrypted LVM.

http://www.coredump.us/index.php?n=Main.DebianEncryptedDebootstrap

adrelanos avatar Nov 29 '19 01:11 adrelanos

@adrelanos yeah, (full disk) encrypted systems are possible, but the way VM images are created is a bit more special, so that might not be entirely straight forward, though technically possible as well :)

mika avatar Nov 29 '19 07:11 mika