Shutting down Host before Guest?

[nikolaypetrov8520]

Hi, guys! I have security-oriented question. I'm running Debian 11 Guest on Windows 11 Host. The VM file is on an external SSD, it's Virtual Box encrypted drive with LVM-volume (LUKS2 encrypted). If I understand correctly, if I shut-down the Guest, no one will be able to get inside (if he can't brute-force the password). But what if I just un-plug the cable from the computer (the Host)? Is it the same as shutting-down the Guest as well? Thanks!

[scottgus1]

The VM file is on an external SSD, it's Virtual Box encrypted

what if I just un-plug the cable from the computer? Is it the same as shutting-down the Guest

This is like yanking a hard drive out of a running computer. It's bad for the VM's running OS and is absolutely not a recommended way to shut down the VM. But the data on the disk is still encrypted. Folks should not be able to decrypt it.

[nikolaypetrov8520]

The VM file is on an external SSD, it's Virtual Box encrypted

what if I just un-plug the cable from the computer? Is it the same as shutting-down the Guest

This is like yanking a hard drive out of a running computer. It's bad for the VM's running OS and is absolutely not a recommended way to shut down the VM. But the data on the disk is still encrypted. Folks should not be able to decrypt it.

I was actually talking about some kind of emergency (if needed), even if the data is destroyed, it's not a problem. So if I understand correctly, there is no any kind of saved "running state" on the host/drive while using the VM which will not be closed in this situation? Which I guess means that the VM is running using the RAM only?

[scottgus1]

if I understand correctly, there is no any kind of saved "running state" on the host/drive while using the VM which will not be closed in this situation?

Well, this I'm not so sure about. Somewhere in the manual I read that Virtualbox defaults to holding the decryption info in the host RAM, so the VM can be paused or the host can go to sleep or some such and the VM will still be running. There could be a possibility that yanking the external drive might leave a running host process registering a disk-loss error which could maintain the decryption info in host RAM until the error message is closed. Just a theory, but it could happen. Folks conversant with the source code might be able to say more definitely.

Virtualbox has a dump-the-password command in the manual somewhere which changes the default behavior to not storing the decryption key in RAM. You'll have to hunt that up.

I'd lean toward a desktop shortcut with a system-wide key combination (does Windows still have those?) which would run a VboxManage command to immediately power off the VM:

VBoxManage controlvm "VM name" poweroff

This should kill the VM right away without requiring pulling the external drive. It's like a power loss for the VM's OS. Still not a good shutdown procedure, but I'd guess OS's are a bit more able to handle power loss than yanking the hard drive nowadays.

[nikolaypetrov8520]

if I understand correctly, there is no any kind of saved "running state" on the host/drive while using the VM which will not be closed in this situation?

Well, this I'm not so sure about. Somewhere in the manual I read that Virtualbox defaults to holding the decryption info in the host RAM, so the VM can be paused or the host can go to sleep or some such and the VM will still be running. There could be a possibility that yanking the external drive might leave a running host process registering a disk-loss error which could maintain the decryption info in host RAM until the error message is closed. Just a theory, but it could happen. Folks conversant with the source code might be able to say more definitely.

Virtualbox has a dump-the-password command in the manual somewhere which changes the default behavior to not storing the decryption key in RAM. You'll have to hunt that up.

I'd lean toward a desktop shortcut with a system-wide key combination (does Windows still have those?) which would run a VboxManage command to immediately power off the VM:

VBoxManage controlvm "VM name" poweroff

This should kill the VM right away without requiring pulling the external drive. It's like a power loss for the VM's OS. Still not a good shutdown procedure, but I'd guess OS's are a bit more able to handle power loss than yanking the hard drive nowadays.

Got it! Since I'll be using the Guest just for an hour a day and I won't leave it unattended, you just gave me an idea to make a keyboard shortcut to gracefully shutdown the machine. Thank you so much for your help!

[scottgus1]

keyboard shortcut to gracefully shutdown the machine

"Gracefully" would be:

VBoxManage controlvm "VM name" acpipowerbutton

which simulates a power button push on the VM's "computer case". Set the VM OS to respond to a power button push as a Shut Down command.

[fth0]

Somewhere in the manual I read that Virtualbox defaults to holding the decryption info in the host RAM, so the VM can be paused or the host can go to sleep or some such and the VM will still be running.

See Encryption of Disk Images.

Folks conversant with the source code might be able to say more definitely.

Note that this group of people is smaller than usual, because the source code of the VirtualBox Extension Pack is not freely available.