Re: [Qemu-devel] QCOW2 cryptography and secure key handling

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] QCOW2 cryptography and secure key handling

From:	Benoît Canet
Subject:	Re: [Qemu-devel] QCOW2 cryptography and secure key handling
Date:	Wed, 24 Jul 2013 15:07:56 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

> There are two ways I could see it happening. Either integrate directly
> into the qcow2 file format, by mapping LUKS headers & key material
> blocks into the qcow2 header region in some manner.
> 
> Alternatively do it in a completely generic block driver, that qcow2
> (or any other qemu bdrv) calls into instead of the file bdrv. That
> way the entire LUKS format becomes the image file data payload. A
> separate block driver, could also allow LUKS to be layered ontop,
> so that metadata is encrypted too.  eg so you could end up with
> either layering
> 
>    QCow2 bdrv -> LUKS bdrv -> file bdrv
>    LUKS bdrv -> QCow2 bdrv -> file bdrv

I already tried the generic block driver approach on other project. (Quorum)
The problem is that it result in complex issues to make the driver works with
all QEMU features (think snapshots) and that no one has the funding to tackle
the infrastructure work required to solve this: writing BlockBackend and block
filters.

Best regards

Benoît

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/23
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/23
  - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/23
  - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/23
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Stefan Hajnoczi, 2013/07/23
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Kevin Wolf, 2013/07/23
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/23
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet <=
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Paolo Bonzini, 2013/07/24
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/24
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Paolo Bonzini, 2013/07/24
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/24
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Markus Armbruster, 2013/07/29
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Kevin Wolf, 2013/07/29
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/29
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/29
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/31
    - Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/31

Prev by Date: Re: [Qemu-devel] [PATCH] pc: limit 64 bit hole to 2G by default
Next by Date: Re: [Qemu-devel] [PULL trivial 2/5] slirp: remove mbuf(m_hdr, m_dat) indirection
Previous by thread: Re: [Qemu-devel] QCOW2 cryptography and secure key handling
Next by thread: Re: [Qemu-devel] QCOW2 cryptography and secure key handling
Index(es):
- Date
- Thread