How safe is a VM Image with Whole Disk Encryption? I remember reading the encryption key will be stored on the page file of the machine that the VM is running on. Meaning it can be recovered/hacked with ease.

This is still an exploit?

???

i'm sure this is something that was fixed. something like that would not be something to just ignore and sweep under the carpet persae. i tried to do some research for you, but came up with nothing.

i'm sure this is something that was fixed. something like that would not be something to just ignore and sweep under the carpet persae. i tried to do some research for you, but came up with nothing.

from what ive read it has not.

There is nothing guaranteeing that a particular bit of memory will be paged to disk or not. Its the memory manager inside of the kernel that makes those decisions, often based on how much the piece of data is used. While there are some places in memory that you can be "sure" the kernel will never page to disk, when we're talking virtual machines all bets are off. As far as the host kernel is concerned, the RAM image of the guest machine is just application data (owned by the VM process) and can be paged out whenever the kernel feels like it.

In short, a VM image is not safe with whole disk encryption, unless the host OS also has an encrypted swapfile. Any portion of the guest OS RAM image may be paged to disk at any time, and this obviously must be protected. Also note that saving the guest OS state is not safe unless both the host OS swapfile and partition where the state information is saved to are both encrypted.

JigPu

okay thank you very much! good info.