Skip to content

clearOnSuspend or removeonsuspend not supported for encrypted VMs/media. #56

Closed as not planned
Closed as not planned
clearOnSuspend or removeonsuspend not supported for encrypted VMs/media.#56
@ams-tschoening

Description

@ams-tschoening
ams-tschoening
opened on May 24, 2017

I've tested with encrypted individual media and whole VMs and it seems that whenever I suspend a VM afterwards I'm forced to provide the password for an encrypted media again. Using VBoxManage one is able to provide some configuration to influence this behaviour:

VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]

I've debugged the code and found that support for removeonsuspend seems to be available under the keyword clearOnSuspend:

vboxconnector.php:

	public function remote_consoleAddDiskEncryptionPasswords($args) {
[...]
    	    try {
    	        $this->session->console->addDiskEncryptionPassword($creds['id'], $creds['password'], (bool)@$args['clearOnSuspend']);
    	        $response['accepted'][] = $creds['id'];
    		} catch (Exception $e) {
[...]
	}

The problem seems to be the JS, where no flag or such for clearOnSuspend is forwarded:

phpvirtualbox.js:

		/* Get passwords and start VM Logic */
		_getEncryptionPasswordsStartVM: function(vm, validIds) {
[...]
             // vboxVMActions.start._getEncryptionPasswordsStartVM(vm);
                $.when(vboxAjaxRequest('consoleAddDiskEncryptionPasswords',
                        {'vm':vm.id,'passwords':pwdata}))
[...]
		},

The dialogue for password entry is already missing some flag or such as well:

mediumEncryptionPasswords.html:

function vboxMediumEncryptionPasswordsGet() {
[...]
        encryptionPWs.push({
            'id': $(rowlist[i]).data('vboxEncryptionId'),
            'password': $(rowlist[i]).find('input').first().val()
        });
[...]
}

The interesting thing about the code is that clearOnSuspend is casted to bool and according the PHP docs, a missing value would be false, which would lead to the desired effect, that the password would be cached by VirtualBox. clearOnSuspend false is documented that way in the SDK as well:

clearOnSuspend Flag whether to clear the password on VM suspend (due to a suspending host for example). The password must be supplied again before the VM can resume.

https://www.virtualbox.org/sdkref/interface_i_console.html#afa62b003141e327ec7845446498ae87b

But in the end, it's simply not working as expected... I additionally hacked the code to get that thing working by providing some checkbox for clearOnSuspend in the dialogue, but that didn't work either. Not with true and false, not with 1 and 0 and not with yes and no like documented for VBoxManage. I'm going to provide a pull request for code review...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions