I imagine having an unencrypted disk in 2024 can be most charitably called 'an oversight', so there's little point in attempting to deal with them. (Remember we're talking about boxes with crowdstrike installed...)
Ahh, right. You'd need bitlocker keys. Although I wonder if the central key server could be queried to obtain each host's key?
Also makes me wonder about a software configuration management system that operated on disks while the virtual hosts were powered down. With windows it feels like that'd be at least very difficult, but Linux could definitely be managed that way. Like an immutable operating system where changes can only come from the central controller, and the OS itself is written with that in mind. Dunno what benefit that might bring, but it's a fun mental excursion.
Well, sure, the central key server will have been affected by this, but that's one VM to remediate/restore and would hopefully be done first. Or at least once people realize the key server is also down.
Are there VM platforms that can encrypt disks without giving the host access to the disk? Sure, they could use TPM or something, but that doesn't solve the problem.
Worst case, I imagine you could boot to the bootloader menu, then scrape the unwrapped bitlocker key from RAM.
(I agree that the org that mandated cloudstrike would collectively lay an egg if they realized this was possible.)
Also makes me wonder about a software configuration management system that operated on disks while the virtual hosts were powered down. With windows it feels like that'd be at least very difficult, but Linux could definitely be managed that way. Like an immutable operating system where changes can only come from the central controller, and the OS itself is written with that in mind. Dunno what benefit that might bring, but it's a fun mental excursion.