Re: [PATCH v4 1/7] crypto: Support LUKS volume with detached header

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrangé" <berrange@redhat.com>
To: yong.huang@smartx.com
Cc: qemu-devel@nongnu.org, Eric Blake <eblake@redhat.com>,
	Markus Armbruster <armbru@redhat.com>,
	Hanna Reitz <hreitz@redhat.com>, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [PATCH v4 1/7] crypto: Support LUKS volume with detached header
Date: Wed, 31 Jan 2024 10:55:06 +0000	[thread overview]
Message-ID: <ZbonCqvVUC7fH_I2@redhat.com> (raw)
In-Reply-To: <d597f01ce328442940f5dd4653cf7ec75fe0ce02.1706586786.git.yong.huang@smartx.com>

On Tue, Jan 30, 2024 at 01:37:19PM +0800, yong.huang@smartx.com wrote:
> From: Hyman Huang <yong.huang@smartx.com>
> 
> By enhancing the LUKS driver, it is possible to implement
> the LUKS volume with a detached header.
> 
> Normally a LUKS volume has a layout:
>   disk:  | header | key material | disk payload data |
> 
> With a detached LUKS header, you need 2 disks so getting:
>   disk1:  | header | key material |
>   disk2:  | disk payload data |
> 
> There are a variety of benefits to doing this:
>  * Secrecy - the disk2 cannot be identified as containing LUKS
>              volume since there's no header
>  * Control - if access to the disk1 is restricted, then even
>              if someone has access to disk2 they can't unlock
>              it. Might be useful if you have disks on NFS but
>              want to restrict which host can launch a VM
>              instance from it, by dynamically providing access
>              to the header to a designated host
>  * Flexibility - your application data volume may be a given
>                  size and it is inconvenient to resize it to
>                  add encryption.You can store the LUKS header
>                  separately and use the existing storage
>                  volume for payload
>  * Recovery - corruption of a bit in the header may make the
>               entire payload inaccessible. It might be
>               convenient to take backups of the header. If
>               your primary disk header becomes corrupt, you
>               can unlock the data still by pointing to the
>               backup detached header
> 
> Take the raw-format image as an example to introduce the usage
> of the LUKS volume with a detached header:
> 
> 1. prepare detached LUKS header images
> $ dd if=/dev/zero of=test-header.img bs=1M count=32
> $ dd if=/dev/zero of=test-payload.img bs=1M count=1000
> $ cryptsetup luksFormat --header test-header.img test-payload.img
> > --force-password --type luks1
> 
> 2. block-add a protocol blockdev node of payload image
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-add",
> > "arguments":{"node-name":"libvirt-1-storage", "driver":"file",
> > "filename":"test-payload.img"}}'
> 
> 3. block-add a protocol blockdev node of LUKS header as above.
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-add",
> > "arguments":{"node-name":"libvirt-2-storage", "driver":"file",
> > "filename": "test-header.img" }}'
> 
> 4. object-add the secret for decrypting the cipher stored in
>    LUKS header above
> $ virsh qemu-monitor-command vm '{"execute":"object-add",
> > "arguments":{"qom-type":"secret", "id":
> > "libvirt-2-storage-secret0", "data":"abc123"}}'
> 
> 5. block-add the raw-drived blockdev format node
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-add",
> > "arguments":{"node-name":"libvirt-1-format", "driver":"raw",
> > "file":"libvirt-1-storage"}}'
> 
> 6. block-add the luks-drived blockdev to link the raw disk
>    with the LUKS header by specifying the field "header"
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-add",
> > "arguments":{"node-name":"libvirt-2-format", "driver":"luks",
> > "file":"libvirt-1-format", "header":"libvirt-2-storage",
> > "key-secret":"libvirt-2-format-secret0"}}'
> 
> 7. hot-plug the virtio-blk device finally
> $ virsh qemu-monitor-command vm '{"execute":"device_add",
> > "arguments": {"num-queues":"1", "driver":"virtio-blk-pci",
> > "drive": "libvirt-2-format", "id":"virtio-disk2"}}'
> 
> Starting a VM with a LUKS volume with detached header is
> somewhat similar to hot-plug in that both maintaining the
> same json command while the starting VM changes the
> "blockdev-add/device_add" parameters to "blockdev/device".
> 
> Signed-off-by: Hyman Huang <yong.huang@smartx.com>
> ---
>  block/crypto.c         | 21 +++++++++++++++++++--
>  crypto/block-luks.c    | 11 +++++++----
>  include/crypto/block.h |  5 +++++
>  qapi/block-core.json   |  5 ++++-
>  4 files changed, 35 insertions(+), 7 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

next prev parent reply	other threads:[~2024-01-31 10:56 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-30  5:37 [PATCH v4 0/7] Support generic Luks encryption yong.huang
2024-01-30  5:37 ` [PATCH v4 1/7] crypto: Support LUKS volume with detached header yong.huang
2024-01-31 10:55   ` Daniel P. Berrangé [this message]
2024-01-30  5:37 ` [PATCH v4 2/7] qapi: Make parameter 'file' optional for BlockdevCreateOptionsLUKS yong.huang
2024-02-19 14:22   ` Markus Armbruster
2024-02-20  7:31     ` Yong Huang
2024-02-20  8:55       ` Markus Armbruster
2024-02-20  9:13         ` Yong Huang
2024-02-20  9:41           ` Markus Armbruster
2024-02-20 10:09             ` Yong Huang
2024-01-30  5:37 ` [PATCH v4 3/7] crypto: Modify the qcrypto_block_create to support creation flags yong.huang
2024-01-31 10:59   ` Daniel P. Berrangé
2024-01-30  5:37 ` [PATCH v4 4/7] block: Support detached LUKS header creation using blockdev-create yong.huang
2024-01-31 11:49   ` Daniel P. Berrangé
2024-02-19 14:24   ` Markus Armbruster
2024-02-19 14:49     ` Markus Armbruster
2024-02-19 14:57       ` Daniel P. Berrangé
2024-02-19 15:02         ` Daniel P. Berrangé
2024-02-19 15:43         ` Markus Armbruster
2024-01-30  5:37 ` [PATCH v4 5/7] block: Support detached LUKS header creation using qemu-img yong.huang
2024-01-31 11:50   ` Daniel P. Berrangé
2024-02-09 12:27   ` Daniel P. Berrangé
2024-02-19 14:24   ` Markus Armbruster
2024-01-30  5:37 ` [PATCH v4 6/7] crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS yong.huang
2024-01-31 11:50   ` Daniel P. Berrangé
2024-01-30  5:37 ` [PATCH v4 7/7] tests: Add case for LUKS volume with detached header yong.huang
2024-01-31 11:53   ` Daniel P. Berrangé
2024-02-09 12:43   ` Daniel P. Berrangé

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZbonCqvVUC7fH_I2@redhat.com \
    --to=berrange@redhat.com \
    --cc=armbru@redhat.com \
    --cc=eblake@redhat.com \
    --cc=hreitz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=yong.huang@smartx.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.