qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] qed: Add QEMU Enhanced Disk format

From: Anthony Liguori
Subject: Re: [Qemu-devel] [RFC] qed: Add QEMU Enhanced Disk format
Date: Mon, 06 Sep 2010 07:52:41 -0500
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100713 Lightning/1.0b1 Thunderbird/3.0.6 
On 09/06/2010 06:18 AM, Daniel P. Berrange wrote:

I agree with ditching compression, but encryption is an important
capability which cannot be satisfactorily added at other layers
in the stack. While block devices / local filesystems can layer
in dm-crypt in the host, this is not possible with network/cluster
filesystems which account for a non-trivial target audience.
ecryptfs should work with NFS these days. If it still doesn't, it will in the not too distant future. 


  Adding
encryption inside the guest is sub-optimal because you cannot do
secure automation of guest startup. Either you require manaual
intervention to start every guest to enter the key, or if you
hardcode the key, then anyone who can access the guest disk image
can start the guest.
I think this belongs in the VFS level but from a format perspective, an encryption feature would be easy to add. 


+
+        if ((s->header.compat_features&  QED_CF_BACKING_FORMAT)) {
+            ret = qed_read_string(bs->file, s->header.backing_fmt_offset,
+                                  s->header.backing_fmt_size,
+                                  bs->backing_format,
+                                  sizeof(bs->backing_format));
+            if (ret<  0) {
+                return ret;
+            }
+        }

IMHO we should make the backing format compulsory with use of
the backing file. The only time probing is required is when
initially creating the child image, thereafter there's no
benefit to probing again.


Stefan originally made it mandatory but I asked to make it optional.
From a format specification perspective, backing_fmt introduces some problems. What does a backing_fmt of 'vmdk' mean outside of qemu?
More importantly, humans to create image formats by hand. Instead, they use tools like qemu-img. If you think we should for the specification of a backing file format in qemu-img, that's the place we should do it. 

Regards,

Anthony Liguori


Regards,
Daniel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]