Re: Hang on
"cloud image that is encrypted by default": how would you expect that to work? More precisely, how are you planning on supplying the encryption key in a way that can't be intercepted by the host?
The only way I'm aware of is to use secure virtualization CPU functionality and that assumes that (a) the provider offers this in the first place and (b) that functionality doesn't have any vulnerabilities (which it does, at least for Intel and AMD).
Biting the hand that feeds IT
