Hi Marco, On Fri, Oct 11, 2019 at 09:46:13AM +0100, Marco van Beek via GLLUG wrote: > On some VM offerings you get a remote KVM, which would allow you to get > "physical" console access, and then you could encrypt the whole OS and use > the KVM to enter the key on reboot. That should prevent anyone in the data > centre from using the disk image without your key.
I don't think you read the entirety of the email you replied to, which is possibly not surprising as it was large. The hosting company can read guest memory to obtain the LUKS key. Here is an example of doing it with the virtualisation stack called KVM (not the remote access kind of KVM you mentioned): https://blog.appsecco.com/breaking-full-disk-encryption-from-a-memory-dump-5a868c4fc81e Disk encryption will not stop an attacker who has a dump of both your memory and your block device. It will however exclude most attackers, and even state attackers can be put off by the extra hassle. For example, as I mentioned, the UK security services have asked me for disk snapshots of customers but even me saying I required a court order made them go away in 100% of cases. For them to proceed to ask me for a memory dump as well, so that they could try to sift through it and find the LUKS keys, would presumably require the customer to be of very great interest to them. A bored and unethical hosting company employee may be more willing to expend effort. Either way, it's clearly possible. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug