Preventing mounting a virtual disk from onto another machine

agilevic asked:

Is it possible to build virtual machine (VMWare or VirtualBox) in such a way that a disk cannot be mounted or read if mounted to another virtual machine? A solution involving encrypting the volume in the host system is OK provided that no password will be required at boot and that all services from the protected volume can start at boot.

To give you a little background we are making demo of our software (a web service) available to prospects for download as a pre-configured virtual machine. We want to deter nosy prospects from looking inside or tampering with it. Our VM already has a single user mode disabled and GRUB is protected with a password but none of that matters is somebody mounts the volume to another virtual machine.

My answer:


In short, no. You can only make it more difficult and costly for someone to rip out your proprietary stuff from the VM image; you cannot make it impossible.

Once I have your disk image I can pretty much do whatever I want with it.

Even if you encrypt it and embed an encryption key somewhere within it, I can just poke through it until I find it.

The usual solution here is to use code obfuscation tools such as Zend Guard for PHP, Dotfuscator for .NET applications, etc.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.