[Openstack-security] [openstack/nova] SecurityImpact review request change I871af4018f99ddfcc8408708bdaaf480088ac477
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Dec 2 22:49:34 UTC 2013
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/40467
Log:
commit 7958e2cc89835e1ee9c0702b6c3b5edc52f465b1
Author: Dan Genin <Daniel.Genin at jhuapl.edu>
Date: Mon Dec 2 17:41:39 2013 -0500
Add ephemeral storage encryption for LVM back-end images
This patch adds ephemeral storage encryption for LVM back-end instances.
Encryption is implemented by passing all data written to and read from
the logical volumes through a dm-crypt layer. Most instance operations
such as pause/continue, suspend/resume, reboot, etc. are supported.
Snapshots are also supported but are not encrypted at present.
The proposed code provides data-at-rest security for all ephemeral
storage drives, preventing access to data while an instance is
shut down, or in case the compute host is shut down while an instance is
running.
Options controlling the encryption state, cipher and key size are
specified in the "ephemeral_storage_encryption" options group. The boolean
"enabled" option turn encryption on and off and the "cipher" and "key_size"
options specify the cipher and key size, respectively.
Note: depends on cryptsetup being installed.
Implements: blueprint encrypt-ephemeral-storage
Change-Id: I871af4018f99ddfcc8408708bdaaf480088ac477
docImpact
SecurityImpact
More information about the Openstack-security
mailing list