Image and flavor defined ephemeral storage encryption
Image and flavor defined ephemeral storage encryption.
Blueprint information
- Status:
- Not started
- Approver:
- Sylvain Bauza
- Priority:
- Medium
- Drafter:
- Lee Yarwood
- Direction:
- Approved
- Assignee:
- melanie witt
- Definition:
- Approved
- Series goal:
- Accepted for 2024.2
- Implementation:
-
Deferred
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
WIP - Image and flavor defined ephemeral storage encryption
[20210122 gibi]: spec merged so the bp is approved to Wallaby
[20210602 gibi]: spec merged so the bp is approved to Xena
impl https:/
[2021-09-07 gibi]: We hit feature freeze so it is now deferred from Xena.
[20211117 bauzas] Spec was reproposed and then approved.
[20220225 bauzas] Implementation hit by FeatureFreeze, please repropose the blueprint/spec for the Zed release.
Implementation patches are actually in https:/
[20220614 bauzas] Spec was approved for the Zed cycle https:/
[20221115 bauzas] Spec got approved for Antelope https:/
Gerrit topic: https:/
Addressed by: https:/
imagebackend: Cache the key manager when disk is encrypted
Addressed by: https:/
libvirt: Configure and teardown ephemeral encryption secrets
Addressed by: https:/
Support resize with ephemeral encryption
Addressed by: https:/
Add encryption support to convert_image
Addressed by: https:/
Add encryption support to qemu-img rebase
Addressed by: https:/
Support snapshot with ephemeral encryption
Addressed by: https:/
Add reset_encryptio
Addressed by: https:/
Update driver BDMs with ephemeral encryption image properties
Addressed by: https:/
libvirt: Configure and teardown ephemeral encryption secrets
[20230307 bauzas] Deferred as implementation not merged in 2023.1
[20230707 bauzas] Spec approved for Bobcat https:/
[20230905 bauzas] Deferred as implementation not merged in 2023.2
Addressed by: https:/
Re-propose spec for ephemeral storage encryption
[20231114 bauzas] Spec got approved again for Caracal
Addressed by: https:/
Add hw_ephemeral_
Addressed by: https:/
Reject resize API requests with conflicting ephemeral encryption
Addressed by: https:/
Add backing_
Addressed by: https:/
Update ephemeral encryption specs to reflect implementation
Addressed by: https:/
Report ephemeral disk encryption in the metadata API
Addressed by: https:/
Documentation for ephemeral encryption
Addressed by: https:/
Consolidate vTPM and ephemeral encryption secret creation
Addressed by: https:/
Validate key manager create access in API
Addressed by: https:/
Support encrypted source images for qcow2
Addressed by: https:/
Remove use of (hw:|hw_
Addressed by: https:/
Create EncryptOptions object for ephemeral encryption
Addressed by: https:/
Add Glance standardized encryption image properties
Addressed by: https:/
Follow up for encryption secret create consolidation
Addressed by: https:/
Add database migration to ALTER encryption_options
[20240717 bauzas] Spec reapproved for the Dalmatian cycle
[20240828 melwitt] This has been deferred due to the CVE: OSSA-2024-001: Arbitrary file access through custom QCOW2 external data (https:/
Work Items
Dependency tree
* Blueprints in grey have been implemented.
