From owner-freebsd-geom@freebsd.org Tue Sep 27 14:23:46 2016 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 203C3BEC996 for ; Tue, 27 Sep 2016 14:23:46 +0000 (UTC) (envelope-from zhaghzhagh@openmailbox.org) Received: from mail2.openmailbox.org (mail2.openmailbox.org [62.4.1.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFBB1B92 for ; Tue, 27 Sep 2016 14:23:45 +0000 (UTC) (envelope-from zhaghzhagh@openmailbox.org) Received: by mail2.openmailbox.org (Postfix, from userid 1001) id 77CE51028B4; Tue, 27 Sep 2016 16:14:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1474985645; bh=klFgXVo0/CHvXbTE27UVY0sfoqvRXzXYFP83+pTucY0=; h=Date:From:To:Subject:From; b=0lU7FL/X7iQwYBdEzsQQUY6+5WJbN4ILnhhu7nhgV3ikv1NOiAP3b+vU1rihQu/Aq 8Tp8rvUX7jGva591smufOOr+oBKcDi7f/ACVpGnFfj5DYrrgQ/xWPgte4DhHKWiTpn E0sIb8UoWq+A6hBICaaXxWGf7tQEjzMP5TwIo8XY= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on h3 X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,BAYES_50 autolearn=no autolearn_force=no version=3.4.0 Received: from www.openmailbox.org (unknown [10.91.130.51]) by mail2.openmailbox.org (Postfix) with ESMTP id 85C83103C88 for ; Tue, 27 Sep 2016 16:13:57 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 27 Sep 2016 14:13:57 +0000 From: zhaghzhagh@openmailbox.org To: freebsd-geom@freebsd.org Subject: GELI on remotely hosted FreeBSD VM Message-ID: X-Sender: zhaghzhagh@openmailbox.org User-Agent: Roundcube Webmail/1.0.6 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2016 14:23:46 -0000 Hello Wonder if there is any security implication with GELI based full disk encryption and FreeBSD running on Xen based VM? Here are some of my doubts: 1. Could the GELI passphrase revealed by having access to the VM's memory snapshot? (At boot time when passphrase is prompted - probably yes / during normal operation...) 2. Would it be possible to resume the VM from a snapshot and anyhow force it to do a full disk read? (With / without knowing root / any other user's credentials.) ... In general, would like to have a clearer picture about the effectiveness of full disk encryption in case of VM hosted at an 'unknown' physical location. Thanks!