[Openstack-security] [openstack/nova] SecurityImpact review request change I871af4018f99ddfcc8408708bdaaf480088ac477

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Dec 12 16:15:34 UTC 2013


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/40467

Log:
commit cbe5383107ae3a868d74ec0da944ac5a56b8521d
Author: Dan Genin <Daniel.Genin at jhuapl.edu>
Date:   Thu Dec 12 11:12:44 2013 -0500

    Add ephemeral storage encryption for LVM back-end images
    
    This patch adds ephemeral storage encryption for LVM back-end instances.
    Encryption is implemented by passing all data written to and read from
    the logical volumes through a dm-crypt layer. Most instance operations
    such as pause/continue, suspend/resume, reboot, etc. are supported.
    Snapshots are also supported but are not encrypted at present.
    
    The proposed code provides data-at-rest security for all ephemeral
    storage drives, preventing access to data while an instance is
    shut down, or in case the compute host is shut down while an instance is
    running.
    
    Options controlling the encryption state, cipher and key size are
    specified in the "ephemeral_storage_encryption" options group. The boolean
    "enabled" option turn encryption on and off and the "cipher" and "key_size"
    options specify the cipher and key size, respectively.
    
    Note: depends on cryptsetup being installed.
    
    Implements: blueprint encrypt-ephemeral-storage
    Change-Id: I871af4018f99ddfcc8408708bdaaf480088ac477
    docImpact
    SecurityImpact





More information about the Openstack-security mailing list