Re: [Libguestfs] [PATCH v3 0/8] Windows BitLocker support.
On Fri, Oct 09, 2020 at 04:33:53PM +0100, Richard W.M. Jones wrote:
On Fri, Oct 09, 2020 at 05:02:57PM +0200, Martin Kletzander wrote:
> Basically what I did was create a small disk, create one partition
> over the whole disk, then cryptsetup luksFormat the partition, open
> it and format it with a filesystem (without any LVM). That is one
> of the things you were adding support for, but it is not limited to
> Windows Bitlocker setup, it can just as well be a custom setup when
> installing any Linux distro.
>
> Even after quite a bit of fighting, rebuilding the appliance and so
> on I did not manage for it to show up in the list-filesystems or
> even do a cryptsetup-open on the partition even though it uses an
> appliance built from git master with the patches applied. But I'm
> quite sure I could've done something wrong, so if that works for
> you, that's enough.
There's something in the test suite that already does this, so
$ make && make -C test-data check
should produce test-data/phony-guests/fedora-luks.img (see
test-data/phony-guests/make-fedora-img.pl for how).
Not really what I meant. What I had in mind was something like this:
https://gitlab.com/nertpinx/libguestfs/-/commit/7c8ea3a35438f95dd822bd97c...
which, according to me reading the code it might not have worked before your
series.
One more thing that I noticed when testing this a little bit more was that two
things were not updated:
- internal API usage (for example the mentioned make-fedora-img.pl still uses
luks_open)
- various docs still refer to any encryption as LUKS and there is *lot* of them
This image can be opened:
$ guestfish --ro -a test-data/phony-guests/fedora-luks.img -i
Enter key or passphrase ("/dev/sda2"): FEDORA
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.
Type: ‘help’ for help on commands
‘man’ to read the manual
‘quit’ to quit the shell
Operating system: Fedora release 14 (Phony)
/dev/VG/Root mounted on /
/dev/sda1 mounted on /boot
><fs> list-devices
/dev/sda
><fs> list-partitions
/dev/sda1
/dev/sda2
><fs> vfs-type /dev/sda2
crypto_LUKS
However ...
> Still, since you cannot do the test for Bitlocker, my idea was that
> you could make the test for non-lvm parition encrypted by LUKS as
> that would check some of the other code.
... cryptsetup cannot create a new BitLocker disk, which is rather
unfortunate. I created a BitLocker disk using Windows, and I'll
privately send you a link, but because of the cryptsetup problem
there's no way to automate this kind of test.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)