Hi everyone, We use OpenBSD currently on physical hardware and manage it in our customers location. We want the option to give out VMs to host on customer premises and we'll still manage the VM (but not the VM platform).
The problem is not letting the customer access to our proprietary data as they could easily mount the virtual hard drive somewhere else. The obvious answer is disk encryption, but we can't require manual intervention to enter a passphrase or to provide a key. I'm sure I'll have to settle with obfuscation, which I'm OK with, but I'm curious if there is a good/best way to go about that. Is the only option to change things we need to hide into binaries? Compile the kernel with a key to decrypt? I've taken a look at how other vendors do it like Juniper. With their VM I can mount the boot partitions, but they only have boot information and the kernel. I can't mount the extended partitions, they don't even seem to be formatted with a filesystem. My guess is they compile the kernel with a key or something, but its just a guess. Thanks for any advice! Nate
