Re: Expose raw partition by libguestfs?
by Richard W.M. Jones
On Thu, Dec 12, 2024 at 03:10:15PM +0400, Denys Ostapenko wrote:
> >>I found it's surprisingly hard to access VeraCrypt partition inside
> >>VHD file.
> >
> >I'm not sure what VeraCrypt is, but I don't think we have support for
> >it in libguestfs, which is going to be a problem. Unless kernel /
> >cryptsetup knows about it somehow.
>
> VeraCrypt is a TrueCrypt fork (disk-encryption software),
> open-source and cross-platform.
>
> >On Thu, Dec 12, 2024 at 02:45:48AM +0400, Denys Ostapenko wrote:
> >>Is it possible to expose raw partition from libguestfs (and
> >>guestfish) as a mapper device? Like cryptsetup-open <partition>
> >><mapper>, but without password and decryption at all.
> >
> >I'm not sure what you mean by this. Do you mean, expose the encrypted
> >device as a block device on the host? (ie. guestmount)
>
> I have file.vhd and /dev/sda1 partition (VeraCrypt encrypted)
> inside. This partition is raw; guestfish can not recognize it,
> because without password VeraCrypt partition is indistinguishable
> from random. In Windows, out-of-the-box VHD mount tool creates
> device like \Device\Harddisk2\Partition1, so I can mount it in
> VeraCrypt. I have not found a way to ask guestfish/libguestfs to
> expose such raw partition from inside VHD as host block device.
Doesn't doing this work?
$ guestmount [--ro] -a guest.img -m /dev/sda1 /var/tmp/some_mountpoint
It's not a host block device, but near enough. It'll also be quite
slow because it's using FUSE.
If VeraCrypt can be taught how to access an NBD endpoint instead of
needing POSIX APIs, then you could do something with qemu-nbd &
nbdkit, although it's a little clunky because of the nested partition
and because qemu-nbd removed support for the '-P' option.
> It could look like:
> guestfs_loopback_partition(g, "/dev/sda1", "file-vhd-sda1-mapper");
> // Creates /dev/mapper/file-vhd-sda1-mapper
> or even
> guestfs_loopback_disk(g, "file-vhd-mapper");
> instead of
> guestfs_mount(g, "/dev/sda1", "/media/file-vhd-sda1");
>
> VeraCrypt on Linux by itself creates /dev/mapper/veracrypt1
> decrypted block device from encrypted partition or file, and does
> not depend on filesystem inside. I wonder if there is similar
> approach in libguestfs to not depend on
> encryption/filesystem/filesystem integrity inside a virtual disk
> partition. Also, dmsetup allows to create a single block device from
> a few ranges of bytes of device or file, encrypted or not.
I think the best idea is probably to add VeraCrypt support to
libguestfs, but that's some work that I don't have time for that myself.
> My current workaround is to expose partition from non-fragmented VHD
> file (which is dd copy of disk with 512-byte footer) to block device
> by losetup/dmsetup, and then mount it by VeraCrypt. Fragmented VHDs
> are not working this way.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
3 weeks, 3 days
Re: Expose raw partition by libguestfs?
by Richard W.M. Jones
On Thu, Dec 12, 2024 at 02:45:48AM +0400, Denys Ostapenko wrote:
> Is it possible to expose raw partition from libguestfs (and
> guestfish) as a mapper device? Like cryptsetup-open <partition>
> <mapper>, but without password and decryption at all.
I'm not sure what you mean by this. Do you mean, expose the encrypted
device as a block device on the host? (ie. guestmount)
> I found it's surprisingly hard to access VeraCrypt partition inside
> VHD file.
I'm not sure what VeraCrypt is, but I don't think we have support for
it in libguestfs, which is going to be a problem. Unless kernel /
cryptsetup knows about it somehow.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
3 weeks, 3 days