I've tested with encrypted individual media and whole VMs and it seems that whenever I suspend a VM afterwards I'm forced to provide the password for an encrypted media again. Using VBoxManage one is able to provide some configuration to influence this behaviour:
VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]
I've debugged the code and found that support for removeonsuspend seems to be available under the keyword clearOnSuspend:
vboxconnector.php:
public function remote_consoleAddDiskEncryptionPasswords($args) {
[...]
try {
$this->session->console->addDiskEncryptionPassword($creds['id'], $creds['password'], (bool)@$args['clearOnSuspend']);
$response['accepted'][] = $creds['id'];
} catch (Exception $e) {
[...]
}
The problem seems to be the JS, where no flag or such for clearOnSuspend is forwarded:
phpvirtualbox.js:
/* Get passwords and start VM Logic */
_getEncryptionPasswordsStartVM: function(vm, validIds) {
[...]
// vboxVMActions.start._getEncryptionPasswordsStartVM(vm);
$.when(vboxAjaxRequest('consoleAddDiskEncryptionPasswords',
{'vm':vm.id,'passwords':pwdata}))
[...]
},
The dialogue for password entry is already missing some flag or such as well:
mediumEncryptionPasswords.html:
function vboxMediumEncryptionPasswordsGet() {
[...]
encryptionPWs.push({
'id': $(rowlist[i]).data('vboxEncryptionId'),
'password': $(rowlist[i]).find('input').first().val()
});
[...]
}
The interesting thing about the code is that clearOnSuspend is casted to bool and according the PHP docs, a missing value would be false, which would lead to the desired effect, that the password would be cached by VirtualBox. clearOnSuspend false is documented that way in the SDK as well:
clearOnSuspend Flag whether to clear the password on VM suspend (due to a suspending host for example). The password must be supplied again before the VM can resume.
https://www.virtualbox.org/sdkref/interface_i_console.html#afa62b003141e327ec7845446498ae87b
But in the end, it's simply not working as expected... I additionally hacked the code to get that thing working by providing some checkbox for clearOnSuspend in the dialogue, but that didn't work either. Not with true and false, not with 1 and 0 and not with yes and no like documented for VBoxManage. I'm going to provide a pull request for code review...
I've tested with encrypted individual media and whole VMs and it seems that whenever I suspend a VM afterwards I'm forced to provide the password for an encrypted media again. Using
VBoxManageone is able to provide some configuration to influence this behaviour:I've debugged the code and found that support for
removeonsuspendseems to be available under the keywordclearOnSuspend:vboxconnector.php:
The problem seems to be the JS, where no flag or such for
clearOnSuspendis forwarded:phpvirtualbox.js:
The dialogue for password entry is already missing some flag or such as well:
mediumEncryptionPasswords.html:
The interesting thing about the code is that
clearOnSuspendis casted tobooland according the PHP docs, a missing value would befalse, which would lead to the desired effect, that the password would be cached by VirtualBox.clearOnSuspendfalseis documented that way in the SDK as well:https://www.virtualbox.org/sdkref/interface_i_console.html#afa62b003141e327ec7845446498ae87b
But in the end, it's simply not working as expected... I additionally hacked the code to get that thing working by providing some checkbox for
clearOnSuspendin the dialogue, but that didn't work either. Not withtrueandfalse, not with1and0and not withyesandnolike documented forVBoxManage. I'm going to provide a pull request for code review...