From e04ef32244a5866eb0b60a28cc6e1450fac36d16 Mon Sep 17 00:00:00 2001
From: melanie witt <melwittt@gmail.com>
Date: Wed, 24 Jan 2018 20:07:10 +0000
Subject: [PATCH] Add release note for QEMU native LUKS decryption

Part of blueprint libvirt-qemu-native-luks

Change-Id: Ifad80fbad54e31986af5da265d37b8ce4a01ef10
---
 ...ative-luks-decryption-6e9ad8cc658be14d.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 releasenotes/notes/qemu-native-luks-decryption-6e9ad8cc658be14d.yaml

diff --git a/releasenotes/notes/qemu-native-luks-decryption-6e9ad8cc658be14d.yaml b/releasenotes/notes/qemu-native-luks-decryption-6e9ad8cc658be14d.yaml
new file mode 100644
index 000000000000..63dd2b961d76
--- /dev/null
+++ b/releasenotes/notes/qemu-native-luks-decryption-6e9ad8cc658be14d.yaml
@@ -0,0 +1,18 @@
+---
+features:
+  - |
+    QEMU 2.6.0 and Libvirt 2.2.0 allow LUKS encrypted RAW files, block devices
+    and network devices (such as rbd) to be decrypted natively by QEMU.
+    If qemu >= 2.6.0 and libvirt >= 2.2.0 are installed and the volume
+    encryption provider is 'luks', the libvirt driver will use native QEMU
+    decryption for encrypted volumes. The libvirt driver will generate a secret
+    to hold the LUKS passphrase for unlocking the volume and the volume driver
+    will use the secret to generate the required encryption XML for the disk.
+    QEMU will then be able to read from and write to the encrypted disk
+    natively, without the need of os-brick encryptors.
+
+    Instances that have attached encrypted volumes from before Queens will
+    continue to use os-brick encryptors after a live migration or direct
+    upgrade to Queens. A full reboot or another live migration between Queens
+    compute hosts is required before the instance will attempt to use QEMU
+    native LUKS decryption.