I would like to request a feature freeze exception for

        LVM ephemeral storage encryption[1].

The spec[2] for which was approved early in the Juno release cycle.

This feature provides security for data at-rest on compute nodes. The
proposed feature protects user data from disclosure due to disk block reuse
and improper storage media disposal among other threats and also eliminates
the need to sanitize LVM volumes.  The feature is crucial to data security
in OpenStack as explained in the OpenStack Security Guide[3] and benefits
cloud users and operators regardless of their industry and scale.

The feature was first submitted for review on August 6, 2013 and two of the
three patches implementing this feature were merged in Icehouse[4,5]. The
remaining patch has had approval from a core reviewer for most of the Icehouse
and Juno development cycles. The code is well vetted and ready to be merged.

The main concern about accepting this feature pertains to key management.
In particular, it uses Barbican to avoid storing keys on the compute host,
and Barbican at present has no gate testing.  However, the risk of
regression in case of failure to integrate Barbican is minimal because the
feature interacts with the key manager through an*existing*  abstract keymgr
interface, i.e., has no*explicit*  dependence on Barbican. Moreover, the
feature provides some measure of security even with the existing
place-holder key manager, for example, against disk block reuse attack.

For all of the above reasons I request a feature freeze exception for
LVM ephemeral storage encryption.

Best regards,


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

OpenStack-dev mailing list

Reply via email to