File: qemu-native-luks-decryption-6e9ad8cc658be14d.yaml

package info (click to toggle)
nova 2%3A18.1.0-6
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 49,532 kB
  • sloc: python: 383,759; pascal: 1,610; xml: 1,184; sh: 917; makefile: 140; sql: 43
file content (18 lines) | stat: -rw-r--r-- 1,011 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
---
features:
  - |
    QEMU 2.6.0 and Libvirt 2.2.0 allow LUKS encrypted RAW files, block devices
    and network devices (such as rbd) to be decrypted natively by QEMU.
    If qemu >= 2.6.0 and libvirt >= 2.2.0 are installed and the volume
    encryption provider is 'luks', the libvirt driver will use native QEMU
    decryption for encrypted volumes. The libvirt driver will generate a secret
    to hold the LUKS passphrase for unlocking the volume and the volume driver
    will use the secret to generate the required encryption XML for the disk.
    QEMU will then be able to read from and write to the encrypted disk
    natively, without the need of os-brick encryptors.

    Instances that have attached encrypted volumes from before Queens will
    continue to use os-brick encryptors after a live migration or direct
    upgrade to Queens. A full reboot or another live migration between Queens
    compute hosts is required before the instance will attempt to use QEMU
    native LUKS decryption.