[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive |
Date: |
Mon, 7 Jan 2019 09:16:18 +0000 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Sat, Jan 05, 2019 at 07:27:03PM +0100, David Kozub wrote:
> Hi,
>
> Can QEMU emulate an OPAL disk? The only relevant thing I found is a post
> from 2017 about TPM that mentions OPAL:
> https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg04586.html
CCing John Snow (IDE/ATA) and Kevin Wolf (QEMU block layer).
> specifically this bit:
>
> > Well, at some point somebody's going to want us to implement this,
> > but... they can do that when they do that.
>
> So I assume it is not implemented. (?)
Right.
> I agree with the sentiment expressed in the mail linked above w.r.t. OPAL
> security. I'm interested in this from SW development/debugging/fiddling
> perspective. A sufficient solution for me would not add any real encryption
QEMU supports LUKS encrypted disk images so no new code is needed for
the actual encryption.
> but would respond to the various OPAL commands send via ATA TRUSTED
> SEND/RECEIVE commands.
>
> In fact, a more generic solution would work for me: If it was possible to
> send ATA commands from QEMU to a separate process which could then handle
> them as it liked and reply back to QEMU. This could be useful for other
> fiddling/debugging situations too.
Might as well implement it in QEMU so users can easily take advantage of
it without setting up external software.
> Or, just a pass-through to a block device in the host - but a pass-through
> that would allow OPAL commands.
You can pass through a storage controller using PCI passthrough or you
can pass through a SCSI LUN, but there is no ATA passthrough.
> I'm grateful for any hints/ideas. Perhaps something like this is already
> possible with QEMU?
>
> Best regards,
> David
>
signature.asc
Description: PGP signature
- [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, David Kozub, 2019/01/05
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive,
Stefan Hajnoczi <=
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, David Kozub, 2019/01/09
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, John Snow, 2019/01/16
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, David Kozub, 2019/01/17
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, John Snow, 2019/01/17
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, David Kozub, 2019/01/23
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, John Snow, 2019/01/23
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, David Kozub, 2019/01/24
- Re: [Qemu-devel] Emulation of TCG OPAL self-encrypting drive, John Snow, 2019/01/24