From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Andrea Bolognani <abologna@redhat.com>
Cc: Eric Blake <eblake@redhat.com>, Kevin Wolf <kwolf@redhat.com>,
qemu-block@nongnu.org, "Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org, armbru@redhat.com,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Richard W.M. Jones" <rjones@redhat.com>,
stefanha@redhat.com, Max Reitz <mreitz@redhat.com>
Subject: Re: [Qemu-devel] storing machine data in qcow images?
Date: Thu, 7 Jun 2018 13:38:47 +0100 [thread overview]
Message-ID: <20180607123847.GL28827@redhat.com> (raw)
In-Reply-To: <2afb9305deb37c8ca4f930235eaf52486ab0153e.camel@redhat.com>
On Thu, Jun 07, 2018 at 01:17:24PM +0200, Andrea Bolognani wrote:
> On Thu, 2018-06-07 at 11:22 +0100, Daniel P. Berrangé wrote:
> > On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> > > While hints might be considered a reasonable fit for qcow2, I think
> > > it's pretty hard to argue for embedding the NVRAM file in there,
> > > which to me signals quite clearly that an archive containing the
> > > disk image(s) *and* the configuration hints *and* other ancillary
> > > files such as the NVRAM is the only way to build a solution that's
> > > not dead on arrival.
> >
> > On a similar theme, I can imagine users wanting to provide a TPM
> > data blob too, and for AMD SEV we'd need to be able to provide a
> > DH key, and session blob too IIUC.
>
> I'm not familiar with the technologies you're talking about, but
> all that sounds like something very security sensitive and not
> something eg. the Fedora project would want to bake into their
> cloud images.
>
> Perhaps we should keep in mind that this kind of archive format
> lends itself quite naturally to both generic ready-made images and
> custom, fully configured images: in the former case it would only
> contain the few things mentione above, while in the latter it might
> also have security sensitive data that's specific to the deployment
> it's going to be used against.
I don't thonk there's any such distinction. A downstream user
may build generic ready-made images, or fully configured app
specific images. Both can contain the security sensitive data.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2018-06-07 12:38 UTC|newest]
Thread overview: 157+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-18 15:30 [Qemu-devel] storing machine data in qcow images? Michael S. Tsirkin
2018-05-18 16:49 ` Eduardo Habkost
2018-05-18 17:09 ` Daniel P. Berrangé
2018-05-18 17:41 ` Eduardo Habkost
2018-05-19 6:05 ` Markus Armbruster
2018-05-21 18:29 ` Eduardo Habkost
2018-05-21 18:44 ` Daniel P. Berrangé
2018-05-21 19:01 ` Eduardo Habkost
2018-05-23 11:19 ` Markus Armbruster
2018-05-23 12:13 ` Eduardo Habkost
2018-05-23 16:35 ` Markus Armbruster
2018-05-29 14:06 ` Dr. David Alan Gilbert
2018-06-05 21:58 ` Michal Suchánek
2018-05-21 20:18 ` Daniel P. Berrangé
2018-05-21 20:33 ` Eduardo Habkost
2018-05-24 9:58 ` Kashyap Chamarthy
2018-05-22 7:35 ` Gerd Hoffmann
2018-05-22 10:53 ` Eduardo Habkost
2018-05-22 14:19 ` Michael S. Tsirkin
2018-05-22 15:02 ` Kevin Wolf
2018-05-22 15:14 ` Eduardo Habkost
2018-05-23 2:12 ` Fam Zheng
2018-05-23 9:16 ` Kevin Wolf
2018-05-23 14:46 ` Michael S. Tsirkin
2018-05-24 11:17 ` Richard W.M. Jones
2018-05-29 14:03 ` Dr. David Alan Gilbert
2018-05-29 14:14 ` Eduardo Habkost
2018-05-29 14:51 ` Richard W.M. Jones
2018-05-29 15:31 ` Dr. David Alan Gilbert
2018-05-22 8:50 ` Philipp Hahn
2018-05-24 11:32 ` Richard W.M. Jones
2018-05-24 14:56 ` Michael S. Tsirkin
2018-05-24 15:08 ` Kevin Wolf
2018-05-24 15:19 ` Michael S. Tsirkin
2018-05-24 15:20 ` Richard W.M. Jones
2018-05-24 16:25 ` Markus Armbruster
2018-05-28 18:10 ` Max Reitz
2018-05-28 18:30 ` Richard W.M. Jones
2018-05-28 18:38 ` Kevin Wolf
2018-05-28 18:44 ` Max Reitz
2018-05-28 19:09 ` Kevin Wolf
2018-05-29 9:23 ` Max Reitz
2018-05-29 10:14 ` Kevin Wolf
2018-05-29 13:16 ` Eduardo Habkost
2018-05-28 21:20 ` Richard W.M. Jones
2018-05-28 21:25 ` Richard W.M. Jones
2018-05-29 6:44 ` Kevin Wolf
2018-05-29 10:14 ` Max Reitz
2018-06-05 9:21 ` Dr. David Alan Gilbert
2018-06-05 19:03 ` Eduardo Habkost
2018-06-05 19:47 ` Michael S. Tsirkin
2018-06-05 19:54 ` [Qemu-devel] [Qemu-block] " Eric Blake
2018-06-05 19:58 ` Richard W.M. Jones
2018-06-05 20:09 ` Eric Blake
2018-06-05 20:28 ` Michael S. Tsirkin
2018-06-05 20:46 ` Eric Blake
2018-06-05 21:26 ` Michael S. Tsirkin
2018-06-06 8:07 ` Dr. David Alan Gilbert
2018-06-06 6:23 ` Gerd Hoffmann
2018-06-05 20:06 ` Michael S. Tsirkin
2018-06-06 6:26 ` [Qemu-devel] " Gerd Hoffmann
2018-06-06 9:44 ` Dr. David Alan Gilbert
2018-06-06 13:35 ` Eduardo Habkost
2018-06-06 11:02 ` Max Reitz
2018-06-06 11:14 ` Dr. David Alan Gilbert
2018-06-06 11:26 ` Max Reitz
2018-06-06 12:00 ` Dr. David Alan Gilbert
2018-06-06 12:59 ` Max Reitz
2018-06-06 14:31 ` Dr. David Alan Gilbert
2018-06-06 14:37 ` Daniel P. Berrangé
2018-06-06 14:42 ` Dr. David Alan Gilbert
2018-06-06 14:51 ` Max Reitz
2018-06-06 15:05 ` Dr. David Alan Gilbert
2018-06-06 15:36 ` Eric Blake
2018-06-06 16:11 ` Michal Suchánek
2018-06-06 16:37 ` Eric Blake
2018-06-06 16:32 ` Daniel P. Berrangé
2018-06-06 16:36 ` Dr. David Alan Gilbert
2018-06-07 10:02 ` Andrea Bolognani
2018-06-07 10:22 ` Daniel P. Berrangé
2018-06-07 11:17 ` Andrea Bolognani
2018-06-07 12:38 ` Daniel P. Berrangé [this message]
2018-06-07 13:49 ` Dr. David Alan Gilbert
2018-06-07 14:06 ` Andrea Bolognani
2018-06-07 14:45 ` Dr. David Alan Gilbert
2018-06-07 14:56 ` Andrea Bolognani
2018-06-07 15:25 ` Dr. David Alan Gilbert
2018-06-07 20:38 ` Gerd Hoffmann
2018-06-07 10:32 ` Richard W.M. Jones
2018-06-07 10:35 ` Dr. David Alan Gilbert
2018-06-07 10:36 ` Daniel P. Berrangé
2018-06-07 10:54 ` Andrea Bolognani
2018-06-07 19:24 ` Laszlo Ersek
2018-06-08 8:21 ` Dr. David Alan Gilbert
2018-06-08 8:41 ` Daniel P. Berrangé
2018-06-08 8:53 ` Dr. David Alan Gilbert
2018-06-07 21:19 ` Michael S. Tsirkin
2018-06-07 21:18 ` Michael S. Tsirkin
2018-06-07 10:51 ` Andrea Bolognani
2018-06-07 19:38 ` Laszlo Ersek
2018-06-06 17:49 ` Max Reitz
2018-06-06 15:09 ` Michael S. Tsirkin
2018-06-06 17:06 ` Max Reitz
2018-06-07 21:43 ` Michael S. Tsirkin
2018-06-09 21:34 ` Max Reitz
2018-06-11 2:06 ` Michael S. Tsirkin
2018-06-11 8:16 ` Michal Suchánek
2018-06-06 11:42 ` Richard W.M. Jones
2018-06-06 11:48 ` Daniel P. Berrangé
2018-06-06 11:53 ` Max Reitz
2018-06-06 12:03 ` Dr. David Alan Gilbert
2018-06-06 13:15 ` Max Reitz
2018-06-06 12:29 ` Richard W.M. Jones
2018-06-06 11:22 ` [Qemu-devel] [Qemu-block] " Peter Krempa
2018-06-06 10:32 ` [Qemu-devel] " Michal Suchánek
2018-06-06 11:02 ` Max Reitz
2018-06-06 11:19 ` Michal Suchánek
2018-06-06 11:32 ` Max Reitz
2018-06-06 11:37 ` Dr. David Alan Gilbert
2018-06-06 11:44 ` Max Reitz
2018-06-06 12:16 ` Dr. David Alan Gilbert
2018-06-06 13:22 ` Max Reitz
2018-06-06 14:02 ` Dr. David Alan Gilbert
2018-06-06 14:33 ` Max Reitz
2018-06-06 14:41 ` Dr. David Alan Gilbert
2018-06-06 14:55 ` Max Reitz
2018-06-06 15:25 ` Michal Suchánek
2018-06-06 18:02 ` Max Reitz
2018-06-06 18:33 ` Michal Suchánek
2018-06-06 18:36 ` Eduardo Habkost
2018-06-07 18:27 ` [Qemu-devel] [Qemu-block] " Kashyap Chamarthy
2018-06-06 13:42 ` [Qemu-devel] " Eduardo Habkost
2018-06-06 14:55 ` Michael S. Tsirkin
2018-06-06 14:57 ` Max Reitz
2018-06-11 14:10 ` Kevin Wolf
2018-06-06 14:46 ` Michael S. Tsirkin
2018-06-06 15:04 ` Max Reitz
2018-06-06 11:43 ` Michal Suchánek
2018-06-06 11:52 ` Max Reitz
2018-06-06 12:13 ` Michal Suchánek
2018-06-06 13:14 ` Max Reitz
2018-06-06 13:45 ` Michal Suchánek
2018-06-06 13:50 ` Daniel P. Berrangé
2018-06-06 14:14 ` Eduardo Habkost
2018-06-06 14:21 ` Max Reitz
2018-06-06 14:24 ` Daniel P. Berrangé
2018-06-06 14:17 ` Max Reitz
2018-06-06 16:10 ` Eduardo Habkost
2018-06-06 18:09 ` Max Reitz
2018-06-11 8:44 ` Richard W.M. Jones
2018-06-06 11:40 ` Richard W.M. Jones
2018-06-06 14:31 ` Michael S. Tsirkin
2018-06-06 14:43 ` Michael S. Tsirkin
2018-06-06 14:57 ` Eric Blake
2018-06-06 20:39 ` Eric Blake
2018-06-06 21:01 ` Gerd Hoffmann
2018-06-06 15:02 ` Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180607123847.GL28827@redhat.com \
--to=berrange@redhat.com \
--cc=abologna@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.