[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using LUKS format to connect to an encrypted iscsi volume with libiscsi

From: Will Gorman
Subject: Using LUKS format to connect to an encrypted iscsi volume with libiscsi
Date: Wed, 6 Oct 2021 13:52:34 -0500

I'm attempting to use qemu-kvm (qemu-kvm-ev-2.12.0-44.1.el7_8.1) to run a VM that will be able to use an iscsi volume that has been encrypted with LUKS.  Below are the qemu command line arguments related to this volume:

-object secret,id=scsi1-0-0-1-luks-secret0,file=/root/qemuluks.key \
-drive file.driver=iscsi,file.portal=$TARGET_IP:3260,file.target=$TARGET_IQN,file.lun=0,file.transport=tcp,file.initiator-name=iqn.1994-05.com.redhat:host1,key-secret=sec0,format=luks,if=none,id=drive-scsi1-0-0-1 \
-device scsi-block,bus=scsi1.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi1-0-0-1,id=scsi1-0-0-1 \

When running the VM with qemu-kvm, I get the following error:

2021-09-22T20:26:04.975007Z qemu-kvm: -device scsi-block,bus=scsi1.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi1-0-0-1,id=scsi1-0-0-1: cannot get SG_IO version number: Operation not supported
Is this a SCSI device?

I think that it is at least using the key since if I intentionally provide an incorrect value for the key I get a different error about "Invalid password, cannot unlock any keyslot" but it gets further with the correct key.  Is it supported to use LUKS with the iscsi driver and libiscsi?  If so, are there any other configuration options I should be considering?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]