On Thu, Dec 12, 2024 at 11:27:35AM +0000, Richard W.M. Jones wrote:
On Thu, Dec 12, 2024 at 03:10:15PM +0400, Denys Ostapenko wrote:
> >>I found it's surprisingly hard to access VeraCrypt partition inside
> >>VHD file.
> >
> >I'm not sure what VeraCrypt is, but I don't think we have support for
> >it in libguestfs, which is going to be a problem. Unless kernel /
> >cryptsetup knows about it somehow.
>
> VeraCrypt is a TrueCrypt fork (disk-encryption software),
> open-source and cross-platform.
>
> >On Thu, Dec 12, 2024 at 02:45:48AM +0400, Denys Ostapenko wrote:
> >>Is it possible to expose raw partition from libguestfs (and
> >>guestfish) as a mapper device? Like cryptsetup-open <partition>
> >><mapper>, but without password and decryption at all.
> >
> >I'm not sure what you mean by this. Do you mean, expose the encrypted
> >device as a block device on the host? (ie. guestmount)
>
> I have file.vhd and /dev/sda1 partition (VeraCrypt encrypted)
> inside. This partition is raw; guestfish can not recognize it,
> because without password VeraCrypt partition is indistinguishable
> from random. In Windows, out-of-the-box VHD mount tool creates
> device like \Device\Harddisk2\Partition1, so I can mount it in
> VeraCrypt. I have not found a way to ask guestfish/libguestfs to
> expose such raw partition from inside VHD as host block device.
Doesn't doing this work?
$ guestmount [--ro] -a guest.img -m /dev/sda1 /var/tmp/some_mountpoint
It's not a host block device, but near enough. It'll also be quite
slow because it's using FUSE.
If VeraCrypt can be taught how to access an NBD endpoint instead of
needing POSIX APIs, then you could do something with qemu-nbd &
nbdkit, although it's a little clunky because of the nested partition
and because qemu-nbd removed support for the '-P' option.
Can you just combine qemu-nbd with kpartx to setup devmapper
nodes for each partition:
qemu-nbd -c /dev/nbd0 guest.img
kpartx -a /dev/nbd0
will give you /dev/mapper/nbd0p1 which you can then access
with whatever you need for VeraCrypt on a host blockdev
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|