Encryption, paranoia and virtual machines

Neil Watson tlug-neil-8agRmHhQ+n2CxnSzwYWP7Q at public.gmane.org
Fri Nov 25 16:57:49 UTC 2011


On Fri, Nov 25, 2011 at 11:42:16AM -0500, Alex Volkov wrote:
>If you host the machine then there is definitely value in installing
>them using encryption, and I'd do the same thing as Digimier said,
>crete logical volumes on physical host for guest machines, which are
>seen as whole disk and then install lvm on guest machine and encrypt
>only volumes containing private data, no point encrypting root fs.

Some interesting questions come from this paragraph.  What are the pros
and cons of encrypting the raw volume at the host level versus
encrypting on guest? On encrypting root fs, one might argue that with
physical access one could replace a binary in /bin if it were not
encrypted.

-- 
Neil Watson
Linux/UNIX Consultant
http://watson-wilson.ca
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list