[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] blobstore disk format (was Re: Design of the blobstore)

From: Stefan Berger
Subject: Re: [Qemu-devel] blobstore disk format (was Re: Design of the blobstore)
Date: Wed, 28 Sep 2011 15:19:45 -0400
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110621 Fedora/3.1.11-1.fc14 Lightning/1.0b3pre Thunderbird/3.1.11

On 09/28/2011 11:50 AM, Daniel P. Berrange wrote:
On Wed, Sep 28, 2011 at 11:48:19AM -0400, Stefan Berger wrote:
On 09/22/2011 02:37 AM, Michael S. Tsirkin wrote:

I'm guessing that if we find a correct ber structure in the file, this
most likely means the key is correct.
[I still would add at least a CRC32 (or maybe even a SHA1) for
detection of corruption of the ASN.1 encoded blob without having to
hunt the data through a ASN.1 decoder.]

If we now say that data should be encryptable even if QCoW2 wasn't
used, then is a command line option

-nvram id=<driveid>,key=<hex key>,...

something we should support to make the key applicable to the whole NVRAM?
Try to avoid requiring secret keys to be set on the command line...
At least allow setting them via a monitor command

Hm, this brings me back to the previous problem of the ordering of things that ended up being problematic:

In the case of encrypted QCoW2 the monitor queries for the password when the use types 'c' for continue. That happens *after* device's 'init' function was called and also *after* their 'reset' handler was invoked, so not being able to decrypt encrypted state blobs and not being able to feed devices with their persistent state even until the 'reset' handler was invoked. The password comes quite late.

The monitor reacts to key typing, which in turn is handled in the main_loop() in vl.c.

So, the solution could be that each NVRAM client also registers its reset handler (along with the DeviceState pointer). Each NVRAM client would have to be written in such a way that it ignores previous failed attempts to read its state due to the key coming so late and once the NVRAM has the key it invokes the reset handlers again, which now trigger the reading of the state in the NVRAM that now can be decrypted. Does this sound 'sane' or more like a 'hack' ?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]