[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH v3 0/8] Windows BitLocker support.



On Fri, Oct 09, 2020 at 04:33:53PM +0100, Richard W.M. Jones wrote:
On Fri, Oct 09, 2020 at 05:02:57PM +0200, Martin Kletzander wrote:
Basically what I did was create a small disk, create one partition
over the whole disk, then cryptsetup luksFormat the partition, open
it and format it with a filesystem (without any LVM).  That is one
of the things you were adding support for, but it is not limited to
Windows Bitlocker setup, it can just as well be a custom setup when
installing any Linux distro.

Even after quite a bit of fighting, rebuilding the appliance and so
on I did not manage for it to show up in the list-filesystems or
even do a cryptsetup-open on the partition even though it uses an
appliance built from git master with the patches applied.  But I'm
quite sure I could've done something wrong, so if that works for
you, that's enough.

There's something in the test suite that already does this, so

 $ make && make -C test-data check

should produce test-data/phony-guests/fedora-luks.img (see
test-data/phony-guests/make-fedora-img.pl for how).


Not really what I meant.  What I had in mind was something like this:

https://gitlab.com/nertpinx/libguestfs/-/commit/7c8ea3a35438f95dd822bd97c05a0b5fa0a702fa

which, according to me reading the code it might not have worked before your
series.

One more thing that I noticed when testing this a little bit more was that two
things were not updated:

 - internal API usage (for example the mentioned make-fedora-img.pl still uses
   luks_open)

 - various docs still refer to any encryption as LUKS and there is *lot* of them

This image can be opened:

 $ guestfish --ro -a test-data/phony-guests/fedora-luks.img -i

 Enter key or passphrase ("/dev/sda2"): FEDORA

 Welcome to guestfish, the guest filesystem shell for
 editing virtual machine filesystems and disk images.

 Type: ‘help’ for help on commands
       ‘man’ to read the manual
       ‘quit’ to quit the shell

 Operating system: Fedora release 14 (Phony)
 /dev/VG/Root mounted on /
 /dev/sda1 mounted on /boot

 ><fs> list-devices
 /dev/sda
 ><fs> list-partitions
 /dev/sda1
 /dev/sda2
 ><fs> vfs-type /dev/sda2
 crypto_LUKS

However ...

Still, since you cannot do the test for Bitlocker, my idea was that
you could make the test for non-lvm parition encrypted by LUKS as
that would check some of the other code.

... cryptsetup cannot create a new BitLocker disk, which is rather
unfortunate.  I created a BitLocker disk using Windows, and I'll
privately send you a link, but because of the cryptsetup problem
there's no way to automate this kind of test.

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]