Kicksecure on cloud

suse211213 · November 26, 2024, 5:04pm

When using kicksecure as instance on cloud with FDE
Where is key stored
How is the privacy and security
Does cloud provider in this case act as host system where everething can be monitored accessed.

Ram wipe worth it ?

Any related docs about vps to consider

Patrick · November 26, 2024, 5:17pm

suse211213 via Kicksecure Forums:

When using kicksecure as instance on cloud with FDE
Where is key stored
How is the privacy and security

Nothing special. Unspecific to Kicksecure.

Does cloud provider in this case act as host system where everething can be monitored accessed.

Yes.

Ram wipe worth it ?

Probably, but solving FDE on the server will be hard.

Any related docs about vps to consider

suse211213 · November 26, 2024, 6:13pm

What u mean .
You mean its hard to setup fde on server ?
As some provider provide guide on how to setup this through netinstall

Patrick · November 26, 2024, 7:45pm

And how do you boot the server and enter the full disk encryption password?

suse211213 · November 26, 2024, 11:04pm

From cloud manager dashboard and glish
First of all two config profiles are needed during netinstall

1- installer profile
2- boot profile

Enable option full virtualization prefered over para-virtualization

Booting

Adde disc & boot config
Boot this config , once instance is running .you click on launch console then click Glish then text pop up where luks passwd needed .

Not all cloud provider offer fde feature
Some are worse

Patrick · November 27, 2024, 1:45pm

Which is provided by the cloud, under cloud provider control, there’s a logging risk and this is also most likely non-freedom software?

I am not considering that sort of vendor specific, non-freedom software specific implementations due to these security concerns.

suse211213 · November 27, 2024, 5:02pm

Conclusion

Yes its like amazon aws etc
Vnc coud be used instead of glish .

But despite open source

memory can be inspected by the cloud’s owner - and the encryption key can be extracted wich is very unlikly and high risky for a company

As the main goal is only to protect files periodly inside vm
Fde woud be enough even not 100% secure .

Patrick · November 27, 2024, 5:08pm

Which are very hard to solve issues. I don’t think there’s much you can do. What you’re looking for is confidential computing. It doesn’t really exist at time of writing. Bits and pieces, our research can be found here:

But very far from anything actionable by users.

suse211213 · November 27, 2024, 10:55pm

This is it finally

I guessed that the computer freaks have chewed through all topics and everything related without exception