1
I am creating a VirtualBox VM that runs Ubuntu and I would like to have the virtual disk encrypted. Are there performance and/or security advantages to using the VirtualBox Disk Encryption over Ubuntu's LUKS disk encryption within the VM?
NoamChompsky
Posted 2019-06-06T18:41:15.500
Reputation: 13
0
As I understand it, the good point of the VB encryption is that you can easily change your mind, encrypt a VM that isn't or decrypt a VM which is, and use the result with VB. Making a decrypted image from a LUKS-encrypted one and vice-versa is likely possible but would be more complicated.
Also, with the VB encryption you can store the encryption passphrase in the VB config outside of the VM, so you can boot the VM without having to enter a decryption passphrase. Of course you have to keep the VB config safe to avoid disclosure of the passphrase.
xenoid
Posted 2019-06-06T18:41:15.500
Reputation: 7 552
Thanks for the information! – NoamChompsky – 2019-06-21T00:53:05.310
1Another benefit is that you can securely save the VM state to resume later. Encrypted VMs have their state file encrypted as well. In contrast, if using full-disk encryption features of the guest, saving the VM state will effectively leak the encryption key to the host's storage in the state file. – cdhowie – 2019-07-31T01:11:27.390