You didn't miss anything. That's the way it works. Workstation's virtual machine encryption is transparent to the VM.
There are two modes for VM encryption
- Partial encryption only encrypts certain configuration files in the VM that support a virtual TPM device. - The virtual disks are not encrypted.
- Full encryption encrypts all of the files that make up the virtual machine. That includes the virtual disks.
In either case, the guest operating system sees what it thinks is an unencrypted disk. The password you give to Workstation is the only one needed to unlock VMware's encryption. There is no linkage between encrypting a virtual machine and full disk encryption that may or may not be configured by the VM's guest operating system.
This also means that it is possible to configure guest operating system full disk encryption (e.g. LUKS for Linux or Bitlocker for Windows) and Workstation's encryption. That's' the case where you'd need 2 passwords to unlock a VM - one for Workstation and one in the VM) Also consider that if you chose full encryption from Workstation and configured full disk encryption in the VM's operating system you would be performing double encryption - with double the performance penalty.
------------------------------
- Paul (technogeezer)
vExpert 2025
------------------------------
Original Message:
Sent: Jun 30, 2025 09:36 AM
From: Marco Ricci
Subject: Guest encryption in Vmware Workstation
Hi all,
I am not too sure if I am missing something or that's the way it is. Let me just quickly explain. I encrypted the Ubuntu VM and then shut it down. Powered it on back again to see how and if the encryption would work. The only password I was asked was the one I created when I installed Ubuntu, nothing else. I thought I was going to be asked for an another password right at the beginning, before the Ubuntu password screen appears. Is this OK, I mean it works that way?
Thanks in advance.