29.06.2016 06:47, Uzair Shamim пишет:
On 06/28/2016 11:05 PM, Greg Freemyer wrote:
I'm about to setup a new virtual box VM.
I see VB has the ability to encrypt the VM in full, or I can use LUKS to do it at the openSUSE level.
I don't want to do both due to paying double the performance hit.
Does anyone know the pros / cons of using VB to encrypt vs LUKS?
Can both achieve DOD level security?
If I go with LUKS, it will be a first for me. Is there a simple write-up of how to do that via the Yast Installer?
Thanks Greg -- Greg Freemyer www.IntelligentAvatar.net
Hi Greg,
I think one important question is: What are you trying to protect yourself from? (ie. what is the "threat")
If you just want to keep the content of the filesystem secret then LUKS will probably be the best way to go since I imagine it has far more documentation as well as being more close to something standardized so it would probably be easier to migrate between vms. IIRC the installer has an easy option to enable LUKS (https://openqa.opensuse.org/tests/217027#step/partitioning_lvm/1)
This is something relatively new and exists only in TW (may be it will appear in Leap 42.2, do not know). My experience so far was that while full disk encryption using LVM container was possible in installer, exact steps how to convince installer to do it are random and in any case you had to use expert mode for it. Also installer in the past forced unencrypted /boot. Not sure what it does now. ... quick test - it still offers separate /boot partition, but if you delete it in expert mode it does not complain. All this on legacy BIOS system with MBR - one of surprises found during last discussion on this was that installer behaves differently on BIOS/MBR and EFI/GPT.
Cant comment on VB as I dont use it.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org