Encryption of attached Cinder volumes

Registered by Laura Glendenning on 2012-11-29

The Cinder volumes for a virtual machine (VM) are currently not being encrypted. This makes the platforms hosting volumes for VMs high value targets because an attacker can break into a volume-hosting platform and read the data for many different VMs. Another issue is that the physical storage medium could be stolen, remounted, and accessed from a different machine. This blueprint addresses both of these vulnerabilities

The aim of this blueprint is to provide encryption of the VM's data before it is written to disk. The idea is similar to how self-encrypting drives work. Our goal is to present the VM a normal block storage device, but we will encrypt the bytes in the virtualization host before writing them to the disk. For more information, see the referenced specification.

Blueprint information

Status:
Complete
Approver:
Russell Bryant
Priority:
High
Drafter:
APL Development team for OpenStack
Direction:
Approved
Assignee:
APL Development team for OpenStack
Definition:
Approved
Series goal:
Accepted for havana
Implementation:
Implemented
Milestone target:
milestone icon 2013.2
Started by
Laura Glendenning on 2013-01-24
Completed by
Russell Bryant on 2013-09-11

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/encrypt-cinder-volumes,n,z

Addressed by: https://review.openstack.org/21262
    Added encryption support for volumes

If cinder is not given some sort of handle for the encryption key, then snapshot / clone / backup can never work. I think this needs some more thought on integrating cinder with the design --Duncan Thomas

Addressed by: https://review.openstack.org/30973
    Create key manager interface

Addressed by: https://review.openstack.org/30976
    Add encryption support for volumes

Blocked on a change going in to cinder: https://review.openstack.org/#/c/30974/

The cinder patch set has been approved and should merge later today. -- joel-coffman

Since this has been blocked for a while, I'm going to lower the priority, indicating that it's not going to block the Nova Havana release in case it doesn't get unblocked in time. --russellb

Addressed by: https://review.openstack.org/45103
    Add key manager implementation with static key

Addressed by: https://review.openstack.org/40467
    Add ephemeral storage encryption for LVM back-end images

Addressed by: https://review.openstack.org/45123
    Synchronize the key manager interface with Cinder

Gerrit topic: https://review.openstack.org/#q,topic:bp/encrypt-ephemeral-storage,n,z

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.