Host virtual machine assisting booting of a fully-encrypted user virtual machine on a cloud environment

摘要

The disclosure provides a key transmission method and device of a virtual machine under full disk encryption during pre-boot. The method includes: pre-booting the virtual machine, where the virtual machine is in a full disk encryption state; during the pre-boot, establishing, by the virtual machine, a transmission channel with a cloud platform, where the cloud platform is configured to provide a key; requesting, by the virtual machine, the key from the cloud platform through the transmission channel, and receiving the key sent by the cloud platform; and decrypting, by the virtual machine, an operation system by using the key, and booting the operation system. In embodiments of the present disclosure, key transmission may be implemented during a pre-boot phase of the virtual machine, so as to boot the virtual machine.

主权项

1. A key transmission method of a user virtual machine, comprising:
sending, by the user virtual machine, a key request message to a host virtual machine through a transmission channel in a hypervisor, wherein the transmission channel in the hypervisor is allocated to the user virtual machine, a host operating system of the host virtual machine is not encrypted, and the user virtual machine is under full disk encryption during a pre-boot; sending, by the host virtual machine, the key request message to a cloud platform through an IP connection channel between the host virtual machine and the cloud platform, wherein the host virtual machine finishes booting the host operating system, obtains an IP address to establish the IP connection channel with the cloud platform without obtaining an IP address of the user virtual machine before the user virtual machine is booted, and wherein the cloud platform is configured to provide a key; receiving, by the host virtual machine, the key from the cloud platform through the IP connection channel; sending, by the host virtual machine, the key to the user virtual machine through the transmission channel in the hypervisor; receiving, by the user virtual machine, the key sent by the host virtual machine; and decrypting, by the user virtual machine, a user operating system by using the key and booting the user operating system.