On Mon, 7 Jan 2019, Stefan Hajnoczi wrote:
QEMU supports LUKS encrypted disk images so no new code is needed for
the actual encryption.
Thanks for the feedback, Stefan. I know very little about qemu internals
(I looked around a bit). One issue is: OPAL needs some persistent data
outside of the actual user-visible data. How does that fit in with storage
in QEMU? Perhaps the implementation could just occupy a fixed size of the
associated storage for the OPAL state.
Or, just a pass-through to a block device in the host - but a pass-through
that would allow OPAL commands.
You can pass through a storage controller using PCI passthrough or you
can pass through a SCSI LUN, but there is no ATA passthrough.
I currently don't have a usable box for PCI passthrough. I'm thinking
that ATA passthrough could be generally usable for any fiddling and
perhaps not too difficult to implement.
If I understand QEMU sources correctly, this needs to touch hw/ide/core.c
(ide_exec_cmd), either adding a layer for OPAL, or just forwarding ATA
commands for pass-through. Right?
Best regards,
David
