New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Looking for KVM VPS with ISO boot + vTPM + Host-level Firewall (LUKS setup)
Hi all,
I'm looking for a KVM VPS with the following:
- ISO boot (manual Ubuntu install with LUKS)
- vTPM support
- Host-level firewall (e.g. Proxmox style)
- Location: Malaysia or Singapore only
Specs:
- 1 vCPU (Ryzen or EPYC preferred)
- 8 GB
- 64 GB SSD or NVMe
- 100 Mbps or better (~5tb) | no overage billing | throttle speed if exceeded
- 1 IPv4
Use case: light SMTP for notifications
Paying yearly, no strict budget.
Thanks.
Best regards,
Caifeng
Comments
What is a point of having it if malicious hypervisor can dump guests RAM and extract LUKS encryption key?
Yes, a malicious hypervisor can dump guest RAM and extract LUKS keys. Congratulations on rediscovering the obvious.
The point of vTPM isn't to stop your host from going rogue... It's for measured boots, sealed secrets, and secure automation within a trusted environment. You know, real-world use cases..
If you think that possibility makes vTPM "pointless", either you don't understand how layered security works, or you're just pretending to sound smart.
Either way, thanks for pointing out exactly the kind of provider I'd avoid.
Good luck finding it on LET
Actually, I'm with Onidel, active on this forum, supports vTPM, ISO boot, and everything I asked for. Solid service, zero complaints.
This thread wasn't about "finding" anything. It's about diversifying providers, not getting lectured by someone who thinks security ends at "the host could be malicious."
Thanks anyways.
Why haven't you chosen AWS, Google and other reputable providers trusted by enterprises and governments?
Which big providers have this capability?
Who says I'm not using them?
You assumed a lot, threw a condescending comment, and now you're scrambling?
My point is just that you are looking at the wrong place. Security guarantees you need is not compatible with lowend nature. For sure there are a few premium providers like Onidel, but, again, I wish you luck finding another host here that can be trusted with anything requiring real-world TE.
Yo big mama..
So.. are you implying you cannot be trusted?
Just want to make sure I'm reading your sales pitch correctly.
Skhron is not suitable for storing classified information, such as health data. Until independent audits confirm the necessary compliance, it is just not feasible.
It’s no surprise to anyone that Skhron isn’t the best choice for keeping government secrets. Sorry to break your expectations
I wasn't expecting you to handle classified data. I was just hoping you could handle basic questions without spiraling into a TED Talk about your limitations.
But hey, thanks for the transparency. Makes it real easy to move on.
Then you should have made a proper question.
Appreciate the clarity though...
Hi!
Not sure if that's what you need but I think Oracle Cloud may fit your requirements. However that's considered a rather big cloud provider.
They have:
I don't know if you considered or have them already though.
I think it makes some sense. Not every malicious provider (or someone who breaches them) has the knowledge or motivation to dump RAM and extract keys. It's always an extra step if the data is LUKS-encrypted.
some serious arguments thrown around
Yes and no. I agree it is extra effort but I don't expect sophisticated attacker who gained an access to a hypervisor that contains lots of confidential information to be dumb enough to not dump all virtual machines RAM to further extract as much profit as possible from their attack.
On the contrary, for a provider who doesn't offer any kind of security guarantees suitable for classified data, I expect an attacker to be significantly less knowledgeable. Also, I estimate their intention as mostly disruption of service, not confidentiality impact.
I don’t understand your intentions.
Ignore the obvious troll. Just search for "confidential cloud computing" in your favourite search engine and you will find all big boys offering it.
Already using Alibaba, AWS, Azure, DigitalOcean, GCP, Huawei, Hetzner, IBM, Linode, Oracle, OVH, Scaleway, Tencent, Vultr.
Thank you for the recommendation.
I think so far only Onidel with this capabilities. Such a shame no one take effort for providing this.
https://advinservers.com/cloud
It requires a ticket but we can mount a TPM disk and custom ISO. Port 25 is blocked by default but we can also unblock that.
There is a firewall that is the exact same to what Proxmox provides in the VPS control panel.
Will try again waiting for your next promo
Hey Caifeng,
We can support both ISO boot and vTPM on our KVM VPS- just drop a note via ticket after ordering, and we'll enable it for your setup.
Singapore location is available, and the rest matches nicely too:
(You can configure any plan after choosing it, at the configuration stage)
You can check our configurations at https://vsys.host/cheap-vps-hosting (choose Singapore DC location) or open a chat if you want help tailoring the plan.