From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>,
qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] blobstore disk format (was Re: Design of the blobstore)
Date: Wed, 28 Sep 2011 11:48:19 -0400 [thread overview]
Message-ID: <4E8341C3.8000104@linux.vnet.ibm.com> (raw)
In-Reply-To: <20110922063744.GB29819@redhat.com>
On 09/22/2011 02:37 AM, Michael S. Tsirkin wrote:
> On Wed, Sep 21, 2011 at 09:44:37PM -0400, Stefan Berger wrote:
>> On 09/19/2011 03:04 PM, Michael S. Tsirkin wrote:
>>> On Mon, Sep 19, 2011 at 12:22:02PM -0400, Stefan Berger wrote:
>>>> On 09/17/2011 03:28 PM, Michael S. Tsirkin wrote:
>>>>> On Fri, Sep 16, 2011 at 12:46:40PM -0400, Stefan Berger wrote:
>>>> The checksuming I think makes sense if encryption is being added so
>>>> decryption and testing for proper key material remains an NVRAM
>>>> operation rather than a device operation.
>>> Not sure how this addresses the question of what to do
>>> on checksum failure.
>>>
>> Checksum failure on an unencrypted blob would mean that the blob is
>> corrupted. In case of encryption 'corrupted' would overlap with a
>> 'badly decrypted' blob. In either way the startup of the device
>> cannot happen.
> With corruption - why not? A specific block being corrupted does not mean all
> data is lost.
>
Presumably if you feed bad data into a device it either has its own way
of integrity checking the blob (we actually do this for the TPM) or it
will blow up/show wrong behavior at some point - hopefully sooner rather
than later. Though the detection of bad data *can* be an NVRAM operation
rather than the operation of a device using the data stored in the NVRAM.
>> We could refuse the NVRAM key suggesting that likely
>> this is the wrong key for decryption but corruption is also
>> possible.
> I'm guessing that if we find a correct ber structure in the file, this
> most likely means the key is correct.
[I still would add at least a CRC32 (or maybe even a SHA1) for detection
of corruption of the ASN.1 encoded blob without having to hunt the data
through a ASN.1 decoder.]
If we now say that data should be encryptable even if QCoW2 wasn't used,
then is a command line option
-nvram id=<driveid>,key=<hex key>,...
something we should support to make the key applicable to the whole NVRAM?
Stefan
next prev parent reply other threads:[~2011-09-28 15:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-15 12:28 [Qemu-devel] blobstore disk format (was Re: Design of the blobstore) Michael S. Tsirkin
2011-09-15 14:33 ` Stefan Berger
2011-09-16 14:44 ` Michael S. Tsirkin
2011-09-16 16:46 ` Stefan Berger
2011-09-17 19:28 ` Michael S. Tsirkin
2011-09-19 16:22 ` Stefan Berger
2011-09-19 19:04 ` Michael S. Tsirkin
2011-09-22 1:44 ` Stefan Berger
2011-09-22 6:37 ` Michael S. Tsirkin
2011-09-28 15:48 ` Stefan Berger [this message]
2011-09-28 15:50 ` Daniel P. Berrange
2011-09-28 19:19 ` Stefan Berger
2011-10-02 9:18 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8341C3.8000104@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=armbru@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).