2013-05-03 22:25:37 +08:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
2017-07-27 01:01:25 +08:00
|
|
|
<!DOCTYPE html>
|
2013-05-03 22:25:37 +08:00
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
2009-08-20 03:50:10 +08:00
|
|
|
<body>
|
|
|
|
<h1>Storage volume encryption XML format</h1>
|
|
|
|
|
|
|
|
<ul id="toc"></ul>
|
|
|
|
|
2017-07-26 22:52:42 +08:00
|
|
|
<h2><a id="StorageEncryption">Storage volume encryption XML</a></h2>
|
2009-08-20 03:50:10 +08:00
|
|
|
|
|
|
|
<p>
|
|
|
|
Storage volumes may be encrypted, the XML snippet described below is used
|
|
|
|
to represent the details of the encryption. It can be used as a part
|
|
|
|
of a domain or storage configuration.
|
|
|
|
</p>
|
|
|
|
<p>
|
|
|
|
The top-level tag of volume encryption specification
|
|
|
|
is <code>encryption</code>, with a mandatory
|
|
|
|
attribute <code>format</code>. Currently defined values
|
2018-01-11 23:40:37 +08:00
|
|
|
of <code>format</code> are <code>default</code>, <code>qcow</code>,
|
|
|
|
and <code>luks</code>.
|
2009-08-20 03:50:10 +08:00
|
|
|
Each value of <code>format</code> implies some expectations about the
|
|
|
|
content of the <code>encryption</code> tag. Other format values may be
|
|
|
|
defined in the future.
|
|
|
|
</p>
|
|
|
|
<p>
|
|
|
|
The <code>encryption</code> tag can currently contain a sequence of
|
|
|
|
<code>secret</code> tags, each with mandatory attributes <code>type</code>
|
2016-05-30 19:47:46 +08:00
|
|
|
and either <code>uuid</code> or <code>usage</code>
|
|
|
|
(<span class="since">since 2.1.0</span>). The only currently defined
|
2016-07-11 18:59:03 +08:00
|
|
|
value of <code>type</code> is <code>volume</code>. The
|
2016-05-30 19:47:46 +08:00
|
|
|
<code>uuid</code> is "uuid" of the <code>secret</code> while
|
2016-07-11 18:59:03 +08:00
|
|
|
<code>usage</code> is the "usage" subelement field.
|
2016-05-30 19:47:46 +08:00
|
|
|
A secret value can be set in libvirt by the
|
|
|
|
<a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
|
|
|
|
<code>virSecretSetValue</code></a> API. Alternatively, if supported
|
2009-08-20 03:50:10 +08:00
|
|
|
by the particular volume format and driver, automatically generate a
|
|
|
|
secret value at the time of volume creation, and store it using the
|
|
|
|
specified <code>uuid</code>.
|
2011-04-02 06:02:10 +08:00
|
|
|
</p>
|
2017-07-26 22:52:42 +08:00
|
|
|
<h3><a id="StorageEncryptionDefault">"default" format</a></h3>
|
|
|
|
<h3><a id="StorageEncryptionQcow">"qcow" format</a></h3>
|
2009-08-20 03:50:10 +08:00
|
|
|
<p>
|
2018-06-21 04:21:50 +08:00
|
|
|
<span class="since">Since 4.5.0,</span> encryption formats
|
|
|
|
<code>default</code> and <code>qcow</code> may no longer be used
|
|
|
|
to create an encrypted volume. Usage of qcow encrypted volumes
|
|
|
|
in QEMU began phasing out in QEMU 2.3 and by QEMU 2.9 creation
|
|
|
|
of a qcow encrypted volume via qemu-img required usage of secret
|
|
|
|
objects, but that support was not added to libvirt.
|
2009-08-20 03:50:10 +08:00
|
|
|
</p>
|
2017-07-26 22:52:42 +08:00
|
|
|
<h3><a id="StorageEncryptionLuks">"luks" format</a></h3>
|
2016-06-02 03:01:31 +08:00
|
|
|
<p>
|
|
|
|
The <code>luks</code> format is specific to a luks encrypted volume
|
2016-07-11 18:59:03 +08:00
|
|
|
and the secret is used in order to either encrypt during volume creation
|
|
|
|
or decrypt the volume for usage by the domain. A single
|
|
|
|
<code><secret type='passphrase'...></code> element is expected.
|
2016-06-02 03:01:31 +08:00
|
|
|
<span class="since">Since 2.1.0</span>.
|
|
|
|
</p>
|
2016-06-02 07:21:26 +08:00
|
|
|
<p>
|
|
|
|
For volume creation, it is possible to specify the encryption
|
|
|
|
algorithm used to encrypt the luks volume. The following two
|
|
|
|
optional elements may be provided for that purpose. It is hypervisor
|
|
|
|
dependent as to which algorithms are supported. The default algorithm
|
|
|
|
used by the storage driver backend when using qemu-img to create
|
|
|
|
the volume is 'aes-256-cbc' using 'essiv' for initialization vector
|
|
|
|
generation and 'sha256' hash algorithm for both the cipher and the
|
|
|
|
initialization vector generation.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<dl>
|
|
|
|
<dt><code>cipher</code></dt>
|
|
|
|
<dd>This element describes the cipher algorithm to be used to either
|
|
|
|
encrypt or decrypt the luks volume. This element has the following
|
|
|
|
attributes:
|
|
|
|
<dl>
|
|
|
|
<dt><code>name</code></dt>
|
|
|
|
<dd>The name of the cipher algorithm used for data encryption,
|
|
|
|
such as 'aes', 'des', 'cast5', 'serpent', 'twofish', etc.
|
|
|
|
Support of the specific algorithm is storage driver
|
|
|
|
implementation dependent.</dd>
|
|
|
|
<dt><code>size</code></dt>
|
|
|
|
<dd>The size of the cipher in bits, such as '256', '192', '128',
|
|
|
|
etc. Support of the specific size for a specific cipher is
|
|
|
|
hypervisor dependent.</dd>
|
|
|
|
<dt><code>mode</code></dt>
|
|
|
|
<dd>An optional cipher algorithm mode such as 'cbc', 'xts',
|
|
|
|
'ecb', etc. Support of the specific cipher mode is
|
|
|
|
hypervisor dependent.</dd>
|
|
|
|
<dt><code>hash</code></dt>
|
|
|
|
<dd>An optional master key hash algorithm such as 'md5', 'sha1',
|
|
|
|
'sha256', etc. Support of the specific hash algorithm is
|
|
|
|
hypervisor dependent.</dd>
|
|
|
|
</dl>
|
|
|
|
</dd>
|
|
|
|
<dt><code>ivgen</code></dt>
|
|
|
|
<dd>This optional element describes the initialization vector
|
|
|
|
generation algorithm used in conjunction with the
|
|
|
|
<code>cipher</code>. If the <code>cipher</code> is not provided,
|
|
|
|
then an error will be generated by the parser.
|
|
|
|
<dl>
|
|
|
|
<dt><code>name</code></dt>
|
|
|
|
<dd>The name of the algorithm, such as 'plain', 'plain64',
|
|
|
|
'essiv', etc. Support of the specific algorithm is hypervisor
|
|
|
|
dependent.</dd>
|
|
|
|
<dt><code>hash</code></dt>
|
|
|
|
<dd>An optional hash algorithm such as 'md5', 'sha1', 'sha256',
|
|
|
|
etc. Support of the specific ivgen hash algorithm is hypervisor
|
|
|
|
dependent.</dd>
|
|
|
|
</dl>
|
|
|
|
</dd>
|
|
|
|
</dl>
|
|
|
|
|
2009-08-20 03:50:10 +08:00
|
|
|
|
2017-07-26 22:52:42 +08:00
|
|
|
<h2><a id="example">Examples</a></h2>
|
2009-08-20 03:50:10 +08:00
|
|
|
|
2016-06-02 03:01:31 +08:00
|
|
|
<p>
|
2016-07-11 18:59:03 +08:00
|
|
|
Assuming a <a href="formatsecret.html#VolumeUsageType">
|
|
|
|
<code>luks volume type secret</code></a> is already defined,
|
2016-06-02 07:21:26 +08:00
|
|
|
a simple example specifying use of the <code>luks</code> format
|
|
|
|
for either volume creation without a specific cipher being defined or
|
|
|
|
as part of a domain volume definition:
|
2016-06-02 03:01:31 +08:00
|
|
|
</p>
|
|
|
|
<pre>
|
2016-11-12 06:40:27 +08:00
|
|
|
<encryption format='luks'>
|
|
|
|
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
|
|
|
|
</encryption>
|
2016-06-02 03:01:31 +08:00
|
|
|
</pre>
|
|
|
|
|
2016-06-02 07:21:26 +08:00
|
|
|
<p>
|
2016-07-11 18:59:03 +08:00
|
|
|
Here is an example specifying use of the <code>luks</code> format for
|
2020-12-24 17:31:55 +08:00
|
|
|
a specific cipher algorithm for volume creation.
|
|
|
|
<span class="since">Since 6.10.0,</span> the <code>target</code> format
|
|
|
|
can also support <code>qcow2</code> type with <code>luks</code> encryption.
|
2016-06-02 07:21:26 +08:00
|
|
|
</p>
|
|
|
|
<pre>
|
2016-11-12 06:40:27 +08:00
|
|
|
<volume>
|
|
|
|
<name>twofish.luks</name>
|
|
|
|
<capacity unit='G'>5</capacity>
|
|
|
|
<target>
|
|
|
|
<path>/var/lib/libvirt/images/demo.luks</path>
|
|
|
|
<format type='raw'/>
|
|
|
|
<encryption format='luks'>
|
|
|
|
<secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/>
|
|
|
|
<cipher name='twofish' size='256' mode='cbc' hash='sha256'/>
|
|
|
|
<ivgen name='plain64' hash='sha256'/>
|
|
|
|
</encryption>
|
|
|
|
</target>
|
|
|
|
</volume>
|
2016-06-02 07:21:26 +08:00
|
|
|
</pre>
|
|
|
|
|
2009-08-20 03:50:10 +08:00
|
|
|
</body>
|
|
|
|
</html>
|