Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encr

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encr

From:	Michael S. Tsirkin
Subject:	Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption
Date:	Wed, 7 Sep 2011 21:55:36 +0300
User-agent:	Mutt/1.5.21 (2010-09-15)

On Thu, Sep 01, 2011 at 10:23:51PM -0400, Stefan Berger wrote:
> >>An additional 'layer' for reading and writing the blobs to the underlying
> >>block storage is added. This layer encrypts the blobs for writing if a key 
> >>is
> >>available. Similarly it decrypts the blobs after reading.

So a couple of further thoughts:
1. Raw storage should work too, and with e.g. NFS migration will be fine, right?
   So I'd say it's worth supporting.
2. File backed nvram is interesting outside tpm.
   For example,vpd and chassis number for pci, eeprom emulation for network 
cards.
   Using a file per device might be inconvenient though.
   So please think of a format and API that will allow sections
   for use by different devices.
3. Home-grown file formats give us enough trouble in migration.
   Could this use one of the variants of ASN.1?
   There are portable libraries to read/write that, even.

-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Michael S. Tsirkin, 2011/09/01
- Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Stefan Berger, 2011/09/01
  - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Michael S. Tsirkin, 2011/09/04
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Stefan Berger, 2011/09/06
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Michael S. Tsirkin, 2011/09/07
  - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Michael S. Tsirkin <=
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Stefan Berger, 2011/09/07
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Michael S. Tsirkin, 2011/09/08
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Stefan Berger, 2011/09/08
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Michael S. Tsirkin, 2011/09/08
    - Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption, Stefan Berger, 2011/09/08

Prev by Date: [Qemu-devel] [Bug 568614] Re: x86_64 host curses interface: spacing/garbling
Next by Date: Re: [Qemu-devel] [RFC PATCH 4/5] VFIO: Add PCI device support
Previous by thread: Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption
Next by thread: Re: [Qemu-devel] [PATCH V8 10/14] Encrypt state blobs using AES CBC encryption
Index(es):
- Date
- Thread