Virtual machine image encryption
First Claim
1. A computer implemented method for encrypting a virtual machine image, the method comprising:
- locating an encrypted virtual machine image including an encryption boot loader;
extracting the encryption boot loader from the encrypted virtual machine image;
transmitting the extracted encryption boot loader to a designated trustee;
placing a pre-boot execution environment (PXE) on the encrypted virtual machine image; and
booting an operation system associated with the encrypted virtual machine image, wherein booting the operating system associated with encrypted virtual machine image includes;
receiving, from the PXE of the encrypted virtual machine image, a signal to initiate retrieval of the encryption boot loader from the designated trustee;
responsive to the signal from the PXE, retrieving the encryption boot loader from the designated trustee;
updating the encrypted virtual machine image to include the encryption boot loader; and
booting the operating system at the encrypted virtual machine using the encryption boot loader.
5 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure include systems and methods for encrypting a virtual machine image and accessing an encrypted virtual machine image. According to some embodiments an encryption module can encrypt a virtual machine image and place an encryption boot loader. The encryption boot loader may be extracted from the encrypted virtual machine image, be transmitted to, and stored at a key storage system. Upon a request to boot an operating system associated with the encrypted virtual machine image, a pre-boot execution environment may communicate with an image service to retrieve the encryption boot loader from the remote key storage system. The virtual machine image may therefore be decrypted suing the encryption boot loader, which may allow booting of the operating system.
-
Citations
14 Claims
-
1. A computer implemented method for encrypting a virtual machine image, the method comprising:
-
locating an encrypted virtual machine image including an encryption boot loader; extracting the encryption boot loader from the encrypted virtual machine image; transmitting the extracted encryption boot loader to a designated trustee; placing a pre-boot execution environment (PXE) on the encrypted virtual machine image; and booting an operation system associated with the encrypted virtual machine image, wherein booting the operating system associated with encrypted virtual machine image includes; receiving, from the PXE of the encrypted virtual machine image, a signal to initiate retrieval of the encryption boot loader from the designated trustee; responsive to the signal from the PXE, retrieving the encryption boot loader from the designated trustee; updating the encrypted virtual machine image to include the encryption boot loader; and booting the operating system at the encrypted virtual machine using the encryption boot loader. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
- a processor; and
a memory having instructions stored thereon, which when executed by the processor, cause the system to; locate an encrypted virtual machine image including an encryption boot loader; extract the encryption boot loader from an encrypted virtual machine image; transmit the extracted encryption boot loader to a designated trustee; place a pre-boot execution environment (PXE) on the encrypted virtual machine image; and boot an operation system associated with the encrypted virtual machine image, wherein the instructions in the memory to boot the operating system include further instructions, which when executed by the processor, cause the system to; receive, from the PXE of the encrypted virtual machine image, a signal to initiate retrieval of the encryption boot loader from the designated trustee; retrieve the encryption boot loader from the designated trustee in response to the received signal from the PXE; update the encrypted virtual machine image to include the encryption boot loader; and boot the operating system at the encrypted virtual machine using the encryption boot loader. - View Dependent Claims (9, 10, 11, 12, 13, 14)
- a processor; and
Specification