On Sat, Jan 05, 2019 at 07:27:03PM +0100, David Kozub wrote: > Hi, > > Can QEMU emulate an OPAL disk? The only relevant thing I found is a post > from 2017 about TPM that mentions OPAL: > https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg04586.html
CCing John Snow (IDE/ATA) and Kevin Wolf (QEMU block layer). > specifically this bit: > > > Well, at some point somebody's going to want us to implement this, > > but... they can do that when they do that. > > So I assume it is not implemented. (?) Right. > I agree with the sentiment expressed in the mail linked above w.r.t. OPAL > security. I'm interested in this from SW development/debugging/fiddling > perspective. A sufficient solution for me would not add any real encryption QEMU supports LUKS encrypted disk images so no new code is needed for the actual encryption. > but would respond to the various OPAL commands send via ATA TRUSTED > SEND/RECEIVE commands. > > In fact, a more generic solution would work for me: If it was possible to > send ATA commands from QEMU to a separate process which could then handle > them as it liked and reply back to QEMU. This could be useful for other > fiddling/debugging situations too. Might as well implement it in QEMU so users can easily take advantage of it without setting up external software. > Or, just a pass-through to a block device in the host - but a pass-through > that would allow OPAL commands. You can pass through a storage controller using PCI passthrough or you can pass through a SCSI LUN, but there is no ATA passthrough. > I'm grateful for any hints/ideas. Perhaps something like this is already > possible with QEMU? > > Best regards, > David >
signature.asc
Description: PGP signature
