Comment 9 for bug 1793159

Thanks for your input Matthew!

I was already writing the use case summary (comment #8) when you responded in the mean time, so it isn't an answer to your post directly. Let me catch up on that:

I agree that the access to the dmcrypt endpoint is a serious issue. Cinder mitigated this by introducing native LUKS support for LibVirt/QEMU. Similar mechanisms could be evaluated for Nova's LUKS-based ephemeral storage as well, but this is out of scope of this topic and requires a separate discussion I think.

From reading your post, our defined scenario seems most similar to point number 3 of comment #7. I'm curious about your related statement:

> This is trivial to implement: document that operators should not configure NFS storage.

What shared storage method should operators configure for migration scenarios instead that would make the signature check unnecessary?