Shutting down Host before Guest?
-
- Posts: 3
- Joined: 13. Mar 2023, 23:57
Shutting down Host before Guest?
Hi, guys! I have security-oriented question. I'm running Debian 11 Guest on Windows 11 Host. The VM file is on an external SSD, it's Virtual Box encrypted drive with LVM-volume (LUKS2 encrypted). If I understand correctly, if I shut-down the Guest, no one will be able to get inside (if he can't brute-force the password). But what if I just un-plug the cable from the computer (the Host)? Is it the same as shutting-down the Guest as well? Thanks!
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Shutting down Host before Guest?
nikolaypetrov8520 wrote:The VM file is on an external SSD, it's Virtual Box encrypted
This is like yanking a hard drive out of a running computer. It's bad for the VM's running OS and is absolutely not a recommended way to shut down the VM. But the data on the disk is still encrypted. Folks should not be able to decrypt it.nikolaypetrov8520 wrote: what if I just un-plug the cable from the computer? Is it the same as shutting-down the Guest
-
- Posts: 3
- Joined: 13. Mar 2023, 23:57
Re: Shutting down Host before Guest?
I was actually talking about some kind of emergency (if needed), even if the data is destroyed, it's not a problem. So if I understand correctly, there is no any kind of saved "running state" on the host/drive while using the VM which will not be closed in this situation? Which I guess means that the VM is running using the RAM only?scottgus1 wrote:nikolaypetrov8520 wrote:The VM file is on an external SSD, it's Virtual Box encryptedThis is like yanking a hard drive out of a running computer. It's bad for the VM's running OS and is absolutely not a recommended way to shut down the VM. But the data on the disk is still encrypted. Folks should not be able to decrypt it.nikolaypetrov8520 wrote: what if I just un-plug the cable from the computer? Is it the same as shutting-down the Guest
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Shutting down Host before Guest?
Well, this I'm not so sure about. Somewhere in the manual I read that Virtualbox defaults to holding the decryption info in the host RAM, so the VM can be paused or the host can go to sleep or some such and the VM will still be running. There could be a possibility that yanking the external drive might leave a running host process registering a disk-loss error which could maintain the decryption info in host RAM until the error message is closed. Just a theory, but it could happen. Folks conversant with the source code might be able to say more definitely.nikolaypetrov8520 wrote:if I understand correctly, there is no any kind of saved "running state" on the host/drive while using the VM which will not be closed in this situation?
Virtualbox has a dump-the-password command in the manual somewhere which changes the default behavior to not storing the decryption key in RAM. You'll have to hunt that up.
I'd lean toward a desktop shortcut with a system-wide key combination (does Windows still have those?) which would run a VboxManage command to immediately power off the VM:
VBoxManage controlvm "VM name" poweroff
This should kill the VM right away without requiring pulling the external drive. It's like a power loss for the VM's OS. Still not a good shutdown procedure, but I'd guess OS's are a bit more able to handle power loss than yanking the hard drive nowadays.
-
- Posts: 3
- Joined: 13. Mar 2023, 23:57
Re: Shutting down Host before Guest?
Got it! Since I'll be using the Guest just for an hour a day and I won't leave it unattended, you just gave me an idea to make a keyboard shortcut to gracefully shutdown the machine. Thank you so much for your help!scottgus1 wrote:Well, this I'm not so sure about. Somewhere in the manual I read that Virtualbox defaults to holding the decryption info in the host RAM, so the VM can be paused or the host can go to sleep or some such and the VM will still be running. There could be a possibility that yanking the external drive might leave a running host process registering a disk-loss error which could maintain the decryption info in host RAM until the error message is closed. Just a theory, but it could happen. Folks conversant with the source code might be able to say more definitely.nikolaypetrov8520 wrote:if I understand correctly, there is no any kind of saved "running state" on the host/drive while using the VM which will not be closed in this situation?
Virtualbox has a dump-the-password command in the manual somewhere which changes the default behavior to not storing the decryption key in RAM. You'll have to hunt that up.
I'd lean toward a desktop shortcut with a system-wide key combination (does Windows still have those?) which would run a VboxManage command to immediately power off the VM:
VBoxManage controlvm "VM name" poweroff
This should kill the VM right away without requiring pulling the external drive. It's like a power loss for the VM's OS. Still not a good shutdown procedure, but I'd guess OS's are a bit more able to handle power loss than yanking the hard drive nowadays.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Shutting down Host before Guest?
"Gracefully" would be:nikolaypetrov8520 wrote:keyboard shortcut to gracefully shutdown the machine
VBoxManage controlvm "VM name" acpipowerbutton
which simulates a power button push on the VM's "computer case". Set the VM OS to respond to a power button push as a Shut Down command.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Shutting down Host before Guest?
See Encryption of Disk Images.scottgus1 wrote:Somewhere in the manual I read that Virtualbox defaults to holding the decryption info in the host RAM, so the VM can be paused or the host can go to sleep or some such and the VM will still be running.
Note that this group of people is smaller than usual, because the source code of the VirtualBox Extension Pack is not freely available.scottgus1 wrote:Folks conversant with the source code might be able to say more definitely.