Features/Block/Crypto

From QEMU
Revision as of 10:21, 22 March 2016 by DanielBerrange (talk | contribs) (Created page with '= Block Crypto Driver = The block crypto driver provides support for full disk encryption at the block layer. At time of writing it supports the LUKSv1 format. == To Do List ==…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Block Crypto Driver

The block crypto driver provides support for full disk encryption at the block layer. At time of writing it supports the LUKSv1 format.

To Do List

Secure header erase

Traditionally an application will merely delete a volume when it is done with it. For file based images this newly created images will never be able to see this previous data since file extents are always initialized to zero, but it is still visible in the underlying block storage device until the sectors are overwritten. For block based images (SCSI, LVM, NBD, iSCSI, RBD, etc) there are no guarantees in general that data from the block device will not be visible to future block devices that are created.

Applications could mitigate these risks by explicitly writing zeros across the entire image before deleting it, however, even this is not guaranteed to purge data, as storage devices don't all guarantee that the same underlying sectors are used when data is rewritten. Some devices provide a "secure erase" feature that can avoid this remapping and guarantee erase of original data. Wiping the whole image is also potentially inefficient because for formats like LUKSv1, in practice it is sufficient to just erase the key material stored in the image header

Applications using QEMU should not need to understand specifics about the encryption format, so should not be expected to figure out which region of disk they need to wipe to purge key material. This there is a need to extent the block layer with a "secure erase" feature to allow safe deletion of encrypted volumes.

Password management

Some disk formats such as LUKSv1 support multiple user passwords to unlock the device. The current impl only supports a single password in slot0 and does not provide a way to change it. There needs to be a block layer API feature to allow passwords to be added / removed from arbitrary slots. This indirectly allows for password changes by adding a new password and then subsequently removing the old password. This is preferrable to an in-place password change since it avoids risk of loosing access to encrypted data, if an I/O error occurrs half way through updating the existing password on disk.