Egregoros

@paco

If you move storage between tenants, you must clear it to prevent information leakage. Modern storage is quite hard to reliably erase and firmware bugs may make it possible to accidentally expose old versions. If you encrypt with a key that is at least unique to the tenant then anyone who tries to exploit this kind of thing gets data that looks random. In many cases, the encryption layer is hard to bypass, so you get some bytes that are encrypted with one AES key and decrypted with another, which is indistinguishable from random.

@feld @paco

The Morello cluster we set up at MS was exposed for GitHub Actions runners. We forwarded the GitHub web hook thing to an Azure message queue thing that the head node read. When it received one, it used an exciting pile of expect scripts to talk to the serial console on a node to boot one of the machines. The node then booted with a read-only NFS mount as the root filesystem, generated a random key, and used that for a GELI-encryped read-write filesystem on the (200GB) local SSD. The GitHub Actions runner (actually, the portable Go rewrite) then pulled the job to run. At the end, we rebooted the node and the next job would get a new key for disk encryption.

If a job left any important data on a node, the next user would get the encrypted data and, unless they deleted the GELI layer, would get it decrypted with a different key. We didn't need to bother scrubbing anything between uses.