-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 14.06.2016 22:44, ??????? ??????? wrote: > > Hello. Prompt please, whether it is possible to do using the grub? I copied > the hdd in the partition command: "dd if=/dev/sdb of=/dev/sda2" Can grub > open /dev/sda2 as a separate device with its partitions and transfer > control back. For example how can "kpartx". The general problem is this: I > want to make ESXi on LUKS encrypted partition. ESXi loader does not support > luks-encrypted. So I want to keep installed ESXi on luks encrypted > partition. I want to grub opened luks encrypted partition and boot ESXi > from there. ESXi uses multiple partitions for their work. Tell me, is it > possible? If it is possible that for this to be done? Thank you!
Hi. I am not directly involved in the GRUB project but I think I might be able to contribute something to your question. About the first part. I have no idea if GRUB can natively handle a partition which also starts with a partition table and use the inner partition. I guess the easiest way to do this would be to just fake the outer partition to include the partitions of /dev/sda2 or to specify the partition start and end somehow. Anyway. Your main question seems to be how to run ESXi (proprietary hypervisor by VMware) and potentially the data stores of it (where VMs images are stored) on a LUKS encrypted block device. To summarize, you intent to use GRUBs block device encryption support to transparently handle the encryption/decryption of /dev/sda2. As far as I understand it, GRUB would be able to decrypt/mount a partition in /dev/sda2 and load (to RAM) what ever executable is laying around there. The thing is that the next step would be to hand complete control over to this loaded executable. At this point, GRUB is not running anymore and the ESXi kernel will be booting on the machine. Then, ESXi will try to find it‘s OS partition(s) (which will probably fail since it is encrypted). So in short. What you have been asking is not possible with GRUB. What might be possible in case you really want to use ESXi would be kind of the [Blue Pill][1] approach. So you would start a small hypervisor before ESXi which does the encryption/decryption and then in that hypervisor start ESXi as its guest VM. I have never worked with nested virtualization but that could be interesting to see if that would work. Now, having all that said. I guess you just want a encrypted hypervisor plus VMs. In that case just drop ESXi and use a hypervisor solution which supports encryption out-of-the box. For example KVM with libvirt or Xen. In both cases, you would be able to setup FDE easily. You could also do the encryption in ESXi guests themselves. I am not sure but maybe ESXi also supports some kind of encryption, at least I haven’t seen such feature yet. But I am quite sure that would not include the complete system. [1]: https://en.wikipedia.org/wiki/Blue_Pill_%28software%29 - -- Live long and prosper Robin `ypid` Schneider -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXYZTIAAoJEIb9mAu/GkD4WAAQAIZCUVjKiZSgGgCrZZXq9rw2 3Y74+rq8iFTFl8rW5pXbMaG34h8/69MJBOZZnUt4QBVgNkE7bbYf9JxFjap/1PfR UbmUr/KlTOX0xEpig7zJOXkyohykE0X++wp7aytTzICFeyaiD7y1Md0fthtBuS2r gFXdFxy3t0FNHGuzGUzG8yG60HygL7lc/Wn+9hmqIIIInD3Nr3UxuXOMaC4thVSb ulLR3wwNxO/rP2uctnOYV0XRfMUkNpA28Oy02Rlen27QN3eNz8XE4Wt6BJxYLW5a FfwXiNUdNxazyUZc3t/eUSnsx7ukCbzR1oxCZrRWJr6MLcmPP/k+Qh4lKtp1qSet 9Uu6biqdidXrgo8v1V+nY4bU8goMl/R2QMQPNBB60A1fexoHBONdl9csAkMgWZyi Yi/PsaNkq4Ah8yjpRo2FcFpKrM4lnZBeK4eWaeyV/gQ5i7GUodygEb7uEHSrRQJU JXkViLt3X4s+01aocsg0SbRLAY5nwHo2tG3SVcaSCn46Y4996aKcuVD1dk7mjpxi U5TjiWXROagC7b7y8psd4DseZSmu5ggo4bWqQdIijuNxRmjdBTXmLn6Expt+AogA xl916DBVSevQsLQD8Cj9OXJxBbmzEq/G4MJ7fbaKRrRilzYiKcsH+iuR1QPYTR1J Ajf7Vt8d0E59aXIfTazY =nQSV -----END PGP SIGNATURE----- _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
