qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive
Date: Thu, 10 Jan 2019 10:32:12 +0000
User-agent: Mutt/1.10.1 (2018-07-13) 
On Thu, Jan 10, 2019 at 12:05:32AM +0100, David Kozub wrote:
> On Mon, 7 Jan 2019, Stefan Hajnoczi wrote:
> 
> > QEMU supports LUKS encrypted disk images so no new code is needed for
> > the actual encryption.
> 
> Thanks for the feedback, Stefan. I know very little about qemu internals (I
> looked around a bit). One issue is: OPAL needs some persistent data outside
> of the actual user-visible data. How does that fit in with storage in QEMU?
> Perhaps the implementation could just occupy a fixed size of the associated
> storage for the OPAL state.

See block/crypto.c for the LUKS block driver.  Perhaps OPAL needs to
something similar (OPAL state + LUKS).

> > > Or, just a pass-through to a block device in the host - but a pass-through
> > > that would allow OPAL commands.
> > 
> > You can pass through a storage controller using PCI passthrough or you
> > can pass through a SCSI LUN, but there is no ATA passthrough.
> 
> I currently don't have a usable box for PCI passthrough. I'm thinking that
> ATA passthrough could be generally usable for any fiddling and perhaps not
> too difficult to implement.
> 
> If I understand QEMU sources correctly, this needs to touch hw/ide/core.c
> (ide_exec_cmd), either adding a layer for OPAL, or just forwarding ATA
> commands for pass-through. Right?

Yes.

Stefan

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]