Encrypting Virtual Machines

Here you can provide suggestions on how to improve the product, website, etc.
sej7278
Volunteer
Posts: 1003
Joined: 5. Sep 2008, 14:40
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Solaris, Linux, Windows, OS/2, MacOSX, FreeBSD
Contact:

Re: Encrypting Virtual Machines

Post by sej7278 »

lacis_alfredo wrote:Hi, I just tried using an encrypted partition in Ubuntu 10.04 host to host an XP guest. (I have several guests already, but hey are hosted in an unencrypted partition.)

I copied the guest using "VBoxManage clonehd ...." to the encrypted partition.

One small problem - when the Guest is booted, it tries to decrypt the whole 13Gb image first! It's been half-an-hour now, and it hasn't got to the "Windows XP Starting" screen yet.

Obviously this is not the way to do it. Any suggestions?
sounds like you're doing something very wrong there, i use full disk encryption on my boot and vdi disks and never notice any performance decrease.

you sure you're not encrypting just the vdi file using pgp or truecrypt rather than the host disk itself using dm-crypt?
emarin44
Posts: 6
Joined: 5. Aug 2010, 17:59
Primary OS: MS Windows XP
VBox Version: OSE Fedora
Guest OSses: Fedora 12
Location: Toronto, Ontario

Re: Encrypting Virtual Machines

Post by emarin44 »

This method encrypts the users Windows Desktop, My Document and Startup folder using folder redirection, truecrypt and Samba on a Linux guest running headless as a service.

This works for laptops and desktops and is totally transparent to users. I didn't want OVB to open a dos box at start up and found a open source utility at http://www.turtle.dds.nl/run/. To find out how to start OVB as a service go to http://thelivedevil.com/virtualbox/how- ... n-windows/

Assign an alias eth0:0 example 10.0.0.1 to Linux guest. Create a truecrypt volume and mount it in "/home/user/xp". Add a Samba share named XP and map it to the truecrypt volume.

[XP]
/home/user/xp

Redirect the Windows desktop, My Document and Startup folder to Samba share XP.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Desktop
\\10.0.0.1\XP\Desktop

Personal
\\10.0.0.1\XP\Documents

Startup
\\10.0.0.1\XP\Start Menu\Programs\Startup

Mount truecrypt volume at boot up. I added this to rc.local

truecrypt -k /mnt/sdb1/xp.key -p "" --protect-hidden=no --mount /home/user/xp_volume /home/user/xp

Place the truecrypt key on the USB drive.(or possibly a bluetooth phone)

If the laptop is lost or stolen truecrypt won't mount and the users Desktop, My Document and Startup are empty. : )

EM
Post Reply