From owner-freebsd-geom@freebsd.org  Tue Sep 27 18:55:56 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFEDABECDEA
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Tue, 27 Sep 2016 18:55:56 +0000 (UTC)
 (envelope-from cyberleo@cyberleo.net)
Received: from mail.cyberleo.net (paka.cyberleo.net [216.226.128.180])
 by mx1.freebsd.org (Postfix) with ESMTP id D596EE28
 for <freebsd-geom@freebsd.org>; Tue, 27 Sep 2016 18:55:56 +0000 (UTC)
 (envelope-from cyberleo@cyberleo.net)
Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130])
 by mail.cyberleo.net (Postfix) with ESMTPSA id C4186466DC;
 Tue, 27 Sep 2016 14:49:23 -0400 (EDT)
Subject: Re: GELI on remotely hosted FreeBSD VM
To: zhaghzhagh@openmailbox.org, freebsd-geom@freebsd.org
References: <c1fb16ed32ccb40a0bb86d1af322d6eb@openmailbox.org>
From: CyberLeo Kitsana <cyberleo@cyberleo.net>
Message-ID: <429fb95a-27c0-46f7-e7be-faa77e31414c@cyberleo.net>
Date: Tue, 27 Sep 2016 13:49:23 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <c1fb16ed32ccb40a0bb86d1af322d6eb@openmailbox.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 18:55:57 -0000

On 09/27/2016 09:13 AM, zhaghzhagh@openmailbox.org wrote:
> Hello
> 
> Wonder if there is any security implication with GELI based full disk
> encryption and FreeBSD running on Xen based VM?
<snip>
> In general, would like to have a clearer picture about the effectiveness
> of full disk encryption in case of VM hosted at an 'unknown' physical
> location.

Disk encryption only protects against offline attacks, or certain
attacks on remote storage where the key is nowhere near the storage. If
an attacker has access to the host side of a running or paused VM, it is
equivalent to having physical access to a running machine; there is
little you can do to secure a machine against such an attacker.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo@CyberLeo.Net>

Furry Peace! - http://www.fur.com/peace/