[Openstack-security] [openstack/nova] SecurityImpact review request change I0dfc3ba8fa8317d9832b3b8fb62f348dc0567e71
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Feb 18 15:16:02 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/70228
Log:
commit fbb20325f7ce6ebd66dd1dfcb9aa15d79b0d7848
Author: Kaitlin Farr <kaitlin.farr at jhuapl.edu>
Date: Mon Feb 3 12:16:51 2014 -0500
Adds ephemeral storage encryption for Raw back-end images
This patch adds ephemeral storage encryption for Raw back-end instances.
Encryption is implemented by passing all data written to and read from
the logical volumes through a dm-crypt layer. Most instance operations
such as pause/continue, suspend/resume, reboot, etc. are supported.
Snapshots are also supported but are not encrypted at present. VM rescue
is not supported at present.
The proposed code provides data-at-rest security for all ephemeral
storage disks, preventing access to data while an instance is
shut down, or in case the compute host is shut down while an instance is
running.
Options controlling the encryption state, cipher and key size are
specified in the "ephemeral_storage_encryption" options group. The boolean
"enabled" option turns encryption on and off and the "cipher" and "key_size"
options specify the cipher and key size, respectively.
Note: depends on cryptsetup being installed.
Change-Id: I0dfc3ba8fa8317d9832b3b8fb62f348dc0567e71
Implements: blueprint encrypt-ephemeral-storage
DocImpact
SecurityImpact
More information about the Openstack-security
mailing list