Re: [PATCH v4 4/5] qemu: add librbd encryption engine
On Thu, Oct 21, 2021 at 11:40:20 +0000, Or Ozeri wrote:
Thanks for reviewing all of my patches!
I'm fine with you making any of the changes you suggested.
So the only change I need to make is "specify what's happening in the
storage driver"?
Can you elaborate what do you mean by that?
I can add something like:
For librbd engine, the encryption happens inside the librbd storage
driver, so block read/write requests coming in from the hypervisor (qemu)
are plaintext,
but encrypted by the storage driver before being persisted.
Is this the kind of thing you were thinking about?
I meant the libvirt storage driver, which provides the storage
pool/volume functionality.
The code in the storage driver can create encrypted qcow2 images. (not
on RBD IIRC), but is using qemu-img to do that, which doesn't use the
same code we use in the qemu driver to instantiate VMs.
So while qemu-img could use the librbd encryption engine, the storage
driver code can't control it in such way.
Similarly the code doesn't share the 'qemu' validation/post-parse checks
so the librbd and luks2 combinations are not rejected.