[Qemu-devel] Adding dmcrypt to QEMU block drivers

[Hamilton, Peter A.]

Hi qemu-devel,

I am a member of a development team based out of the Johns Hopkins University 
Applied Physics Laboratory. Over the past year and a half, we've been working 
with the OpenStack community on several security features for their Compute and 
Block Storage services that leverage encrypted data storage. One of these 
features, ephemeral storage encryption for qcow2-based virtual machines, would 
leverage the encryption functionality built into the qcow2 file format. 
However, there are significant issues with the security and implementation of 
the qcow2 encryption feature that preclude us from using it in OpenStack. For 
example, there is no support for the following security features: rekeying of 
encrypted images, key stretching, and cipher configurability.

After discussing some of these details with Daniel Berrange, we are interested 
in working with you to add and improve the encryption support offered by QEMU. 
In the past, Daniel has advocated the full adaptation of the LUKS file format 
used by dmcrypt, which we currently use in OpenStack. Our proposal would focus 
on adding a dmcrypt-style encryption layer above the QEMU block driver layer, 
which would transparently encrypt and decrypt all data written to or read from 
the underlying block device. This would provide encryption support for all 
backends and file formats supported by QEMU that leverage block drivers. Such 
support in QEMU provides significantly improved security and renders the 
existing encryption scheme provided by qcow2 obsolete.

My intent at the moment is to get a feel for your thoughts and concerns about 
this proposal and to determine who is currently working on QEMU security 
features or would be interested in working with us on this feature. I've found 
past discussions in the QEMU community addressing these encryption concerns but 
am unaware at the moment what the status is for those development efforts. I'd 
be happy to provide additional information about our past and current work on 
OpenStack security if anyone is interested.

Selected References:
OpenStack contributions
- our blueprint for encrypted block storage - 
https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes
- our blueprint for encrypted ephemeral storage - 
https://blueprints.launchpad.net/nova/+spec/encrypt-ephemeral-storage

QEMU security discussions
- proposals for improving QEMU encryption - 
https://lists.gnu.org/archive/html/qemu-devel/2013-07/msg03904.html
- prior discussion between myself and Daniel Berrange on encryption - 
http://lists.gnu.org/archive/html/qemu-devel/2013-06/msg04869.html
- patch describing qcow2 encryption issues - 
https://lists.gnu.org/archive/html/qemu-devel/2014-01/msg02802.html

Thanks for your time,
Peter Hamilton