[Libguestfs] [PATCH v3 0/8] Windows BitLocker support.
Martin Kletzander
mkletzan at redhat.com
Mon Oct 12 14:14:27 UTC 2020
On Fri, Oct 09, 2020 at 04:33:53PM +0100, Richard W.M. Jones wrote:
>On Fri, Oct 09, 2020 at 05:02:57PM +0200, Martin Kletzander wrote:
>> Basically what I did was create a small disk, create one partition
>> over the whole disk, then cryptsetup luksFormat the partition, open
>> it and format it with a filesystem (without any LVM). That is one
>> of the things you were adding support for, but it is not limited to
>> Windows Bitlocker setup, it can just as well be a custom setup when
>> installing any Linux distro.
>>
>> Even after quite a bit of fighting, rebuilding the appliance and so
>> on I did not manage for it to show up in the list-filesystems or
>> even do a cryptsetup-open on the partition even though it uses an
>> appliance built from git master with the patches applied. But I'm
>> quite sure I could've done something wrong, so if that works for
>> you, that's enough.
>
>There's something in the test suite that already does this, so
>
> $ make && make -C test-data check
>
>should produce test-data/phony-guests/fedora-luks.img (see
>test-data/phony-guests/make-fedora-img.pl for how).
>
Not really what I meant. What I had in mind was something like this:
https://gitlab.com/nertpinx/libguestfs/-/commit/7c8ea3a35438f95dd822bd97c05a0b5fa0a702fa
which, according to me reading the code it might not have worked before your
series.
One more thing that I noticed when testing this a little bit more was that two
things were not updated:
- internal API usage (for example the mentioned make-fedora-img.pl still uses
luks_open)
- various docs still refer to any encryption as LUKS and there is *lot* of them
>This image can be opened:
>
> $ guestfish --ro -a test-data/phony-guests/fedora-luks.img -i
>
> Enter key or passphrase ("/dev/sda2"): FEDORA
>
> Welcome to guestfish, the guest filesystem shell for
> editing virtual machine filesystems and disk images.
>
> Type: ‘help’ for help on commands
> ‘man’ to read the manual
> ‘quit’ to quit the shell
>
> Operating system: Fedora release 14 (Phony)
> /dev/VG/Root mounted on /
> /dev/sda1 mounted on /boot
>
> ><fs> list-devices
> /dev/sda
> ><fs> list-partitions
> /dev/sda1
> /dev/sda2
> ><fs> vfs-type /dev/sda2
> crypto_LUKS
>
>However ...
>
>> Still, since you cannot do the test for Bitlocker, my idea was that
>> you could make the test for non-lvm parition encrypted by LUKS as
>> that would check some of the other code.
>
>... cryptsetup cannot create a new BitLocker disk, which is rather
>unfortunate. I created a BitLocker disk using Windows, and I'll
>privately send you a link, but because of the cryptsetup problem
>there's no way to automate this kind of test.
>
>Rich.
>
>--
>Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
>Read my programming and virtualization blog: http://rwmj.wordpress.com
>virt-df lists disk usage of guests without needing to install any
>software inside the virtual machine. Supports Linux and Windows.
>http://people.redhat.com/~rjones/virt-df/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20201012/397f4580/attachment.sig>
More information about the Libguestfs
mailing list