Laszlo Ersek
2022-Jul-14 10:40 UTC
[Libguestfs] [guestfs-tools PATCH 2/2] sysprep: advise against cloning VMs with internal full disk encryption
This is relevant for sysprep because we recommend sysprep for facilitating cloning. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2106286 Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- sysprep/virt-sysprep.pod | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod index deeb5341e57c..232b9f24ba27 100644 --- a/sysprep/virt-sysprep.pod +++ b/sysprep/virt-sysprep.pod @@ -519,6 +519,13 @@ Either or both options can be used multiple times on the command line. =head1 SECURITY +Virtual machines that employ full disk encryption I<internally to the +guest> should not be considered for cloning and distribution, as it +provides multiple parties with the same internal volume key, enabling +any one such party to decrypt all the other clones. Refer to the L<LUKS +FAQ|https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md> for +details. + Although virt-sysprep removes some sensitive information from the guest, it does not pretend to remove all of it. You should examine the L</OPERATIONS> above and the guest afterwards. -- 2.19.1.3.g30247aa5d201
Richard W.M. Jones
2022-Jul-14 12:41 UTC
[Libguestfs] [guestfs-tools PATCH 2/2] sysprep: advise against cloning VMs with internal full disk encryption
On Thu, Jul 14, 2022 at 12:40:05PM +0200, Laszlo Ersek wrote:> This is relevant for sysprep because we recommend sysprep for facilitating > cloning. > > Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2106286 > Signed-off-by: Laszlo Ersek <lersek at redhat.com> > --- > sysprep/virt-sysprep.pod | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/sysprep/virt-sysprep.pod b/sysprep/virt-sysprep.pod > index deeb5341e57c..232b9f24ba27 100644 > --- a/sysprep/virt-sysprep.pod > +++ b/sysprep/virt-sysprep.pod > @@ -519,6 +519,13 @@ Either or both options can be used multiple times on the command line. > > =head1 SECURITY > > +Virtual machines that employ full disk encryption I<internally to the > +guest> should not be considered for cloning and distribution, as it > +provides multiple parties with the same internal volume key, enabling > +any one such party to decrypt all the other clones. Refer to the L<LUKS > +FAQ|https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md> for > +details. > + > Although virt-sysprep removes some sensitive information from the > guest, it does not pretend to remove all of it. You should examine > the L</OPERATIONS> above and the guest afterwards. > --For the whole series: Reviewed-by: Richard W.M. Jones <rjones at redhat.com> Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org