-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
rhel-9.7
-
None
-
Low
-
rhel-virt-storage
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
Attempting to create a "thick" provisioned disk for use on a Windows VM.
In order to meet DISA/STIG requirements, CU must use bitlocker full disk encryption. However, when trying to use virtio as the bus type, Windows detects the disk as "thin".
Raw disk created with command:
qemu-img create -f raw -o preallocation=full /var/lib/libvirt/images/testdisk/testdisk_0.img 40
qcow2 disk created with command:
qemu-img create -f raw -o preallocation=full /var/lib/libvirt/images/testdisk/testdisk_0.img 40G
When using a bus type of 'sata', the CU notes that the encryption succeeds. However, a much reduced performance compared to virtio.
What is the impact of this issue to you?
CU must have full disk encryption to meet security requirements, and needs bus type virtio for performance
How reproducible is this bug?:
100%
Steps to reproduce
- Create a Windows 11 VM (or windows 10, or other variant)
- Attach a "fully allocated" disk to the VM (qcow or RAW)
- Install virtio drivers and change the bus type to virtio
- Attempt to do "full disk encryption" of the OS
Expected results
Encryption should complete
Actual results
Encryption fails due to the disk being detected as "thin" with the following error:
BitLocker encryption attempt yeilds:
Enabling Recovery Password protector for volume D
Enable-BitLockerInternal : BitLocker Drive Encryption only supports Used Space Only encryption on thin provisioned storage. (Exception from HRESULT: 0x803100A5)
