Re: [PATCH v3] virtio_blk: add SECURE ERASE command support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


在 2022/9/29 16:51, Alvaro Karsz 写道:

However, this means that even if host exposes VIRTIO_BLK_F_SECURE_ERASE
the host can not be sure guest will use secure erase.
Is this or can be a security problem?
If yes let's be strict and fail probe as current code does.
If not let's be flexible and ensure forward compatibility.


I can't think of any security problems.
Yes. And even if the device try to mandate VIRTIO_BLK_F_SECURE_ERASE, there's no guarantee that it has been implemented as what guest want. 

Guest might need to do encryption for extra assurance.

Thanks



Stefan, what do you think?
Are you ok with clearing the feature?



_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
[Index of Archives]     [KVM Development]     [Libvirt Development]     [Libvirt Users]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux