The LSVMTools project provides tools for shielding Linux VMs operating in the Microsoft(R) Windows Hyper-V environment. LSVMTools aims to protect Linux VMs from attack while at rest and in flight. It builds on the following technologies.
LSVMTools provides two main tools.
LVSMPREP prepares the Linux enviroment for shielding. After the image is prepared, it must be templatized and provisioned as described in the LSVM How-To document. LSVMPREP performs the following steps.
After these steps are performed, the image is ready to be templatized. See the LSVM How-To document for details.
LSVMLOAD becomes the primary EFI boot loader for the Linux VM. UEFI loads LSVMLOAD, assuming it passes certificate verification (LSVMLOAD must be signed by a certificate that Hyper-V trusts). LSVMLOAD performs the following steps.
The SHIM finds GRUB2 on the ESP ramdisk (copied from the encrypted boot partition by LSVMLOAD). The SHIM executes GRUB2, which is redirected to the boot ramdisk, where it finds:
GRUB2 executes the kernel and the initial ramdisk. The initial ramdisk mounts the boot and root partitions using the keyfile injected by LSVMLOAD.
LSVMLOAD works using unmodified SHIM and GRUB2 executables, making it possible to configure a Linux environment for shielding without having to change any programs along the boot chain.
LSVMTool current supports the following Linux distributions.
This section explains how to install from a binary distribution. Binary distributions can be downloaded from the following link.
These distributions include LSVMPREP and a signed LSVMLOAD.
Use the following commands to install the distibution.
# tar zxvf lsvmtools-1.0.0-x86_64.tar.gz
# cd lsvmtools-1.0.0-x86_64
# ./install
Created /opt/lsvmtools-1.0.0This installs LSVMTools in the following location.
/opt/lsvmtools-1.0.0Caution: Running LSVMPREP encrypts the boot partition and makes irreversible configuration changes to a virtual machine. Only run LSVMPREP to prepare an image for templatization.
To run LSVMPREP, execute the following commands as root.
# cd /opt/lsvmtools-1.0.0
# ./lsvmprep
***************************************************
* ____ _ _ _ _____ ___ ___ _ _ *
* / ___| / \ | | | |_ _|_ _/ _ \| \ | | *
* | | / _ \| | | | | | | | | | | \| | *
* | |___ / ___ \ |_| | | | | | |_| | |\ | *
* \____/_/ \_\___/ |_| |___\___/|_| \_| *
* *
* *
* LSVMPREP is about to encrypt the boot partition *
* and make irreversible configuration changes to *
* this machine. If you are certain you want to *
* proceed, type YES in uppercase and then press *
* enter; else press ENTER to terminate. *
* *
***************************************************
> _If LSVMPREP runs successfully, the image is ready to be templatized. See LSVM How-To for what to do next.
This section explains how to build LSVMTools from source, but note that LSVMPREP requires a signed LSVMLOAD image, which must be downloaded separately (see the previous section for details).
To build LSVMTools, type these commands.
# ./configure
# makeThese commands build LSVMPREP and an unsigned LSVMLOAD.
To run the tests, type:
# make testsIn case anything goes wrong, use the following command to recover LUKS keys.
# dmsetup table --showkeysLSVMTools
MIT License
Copyright (c) Microsoft Corporation. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWAREThis project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.