In a cloud computing scenario, magnetic disk data of a virtual machine (Virtual Machine, VM), including data of a system disk and of a data disk, is under a security risk. If full disk encryption is performed on VM data and a key is held by a user, unauthorized personnel are incapable of obtaining data of the user. In this way, sensitive data of the user in the cloud is protected to a great degree.
A conventional full disk encryption technology, as a solution to terminal security, is already mature. In the conventional technology, before booting an operation system, that is, in a pre-boot (Pre-boot) phase, a key may be generated by a boot loader (boot loader) program according to a password input by the user. Data on the magnetic disk is decrypted by use of the key. The decrypted data includes an operation system (Operation System, OS), and the operation system may be booted after being decrypted.
In the foregoing conventional full disk encryption technology, the user executes an operation on a single terminal, and the boot loader program may obtain the key. However, in a cloud application scenario, a key needed by the VM needs to be obtained from an external cloud platform. Before the operation system of the VM is booted, the VM does not have an IP address and is incapable of communicating with the outside, thereby being incapable of obtaining the key. Therefore, the operation system of the VM cannot be booted, which causes the VM to be halted in the pre-boot phase.