libvirt: Disconnect dm-crypt when encrypted instance is suspended or powered-off
The recently introduced LVM ephemeral storage encryption feature secures user data at rest. Current implementation makes user data unreadable after the instance has been terminated. While the instance is active (e.g., running, paused, suspended or powered off) on the compute host, the data is readable only by the super-user. This protection against unauthorized access can be strengthened further by disconnecting the dm-crypt device when an instance is suspended or powered off and flushing the encryption key from memory. The dm-crypt device is what allows the encrypted data to be accessed in the clear, so disconnecting it will render the data unreadable by anyone without the key.
Blueprint information
- Status:
- Not started
- Approver:
- John Garbutt
- Priority:
- Low
- Drafter:
- Joel Coffman
- Direction:
- Needs approval
- Assignee:
- Dane Fichter
- Definition:
- Pending Approval
- Series goal:
- None
- Implementation:
- Not started
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Spec changes:
Addressed by: https:/
Stop encrypted disk on instance suspend/power off
Addressed by: https:/
Stop encrypted disk on instance suspend/power off
Sorry, we have now hit the non-priority feature freeze for kilo. Please resubmit your spec for the L release. --johnthetubaguy 5th Feb 2015
Gerrit topic: https:/
Addressed by: https:/
libvirt: Clean up unit tests for _hard_reboot
Addressed by: https:/
libvirt: Remove unnecessary JSON conversions
Addressed by: https:/
libvirt: Replace stubs with mocks for test_dmcrypt
Addressed by: https:/
libvirt: Add logging for dm-crypt error conditions
Addressed by: https:/
libvirt: Add test case for suspend
It seems like the key patch is:
https:/
But there are lots of dependent patches that are required first, that don't need to be blocked by the freeze.
--johnthetubuagy
Sorry, we have now hit the non-priority feature freeze for Liberty. You will need to resubmit this blueprint for Mitaka or apply for an exception. For more details on why this is happening, and the rest of the process details, please see: https:/
--johnthetubaugy 3rd July 2015
Addressed by: https:/
Stop encrypted disk on instance suspend/power off
Pending Patches
-------
Addressed by: https:/
Disconnect dm-crypt on instance suspend/stop
Sorry, we have now hit the Non-Priority Feature Freeze for Mitaka. For more details please see: http://
--johnthetubaguy 2016.01.31
Addressed by: https:/
Stop encrypted disk on instance suspend/power off
This is re-approved for newton. The patch needs to be cleaned up and comments addressed. I've already asked johnthetubaguy to drop the procedural -2. -- mriedem 20160421
It looks like no one ever picked this up again for Newton and we're pretty much at non-priority feature freeze, so I'm deferring this for Newton. -- mriedem 20160629