检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Figure 1 Financial customer data security on the cloud Objective 1: Core sensitive data only processed within the TEE confidential perimeter All persistent data on the cloud is encrypted by default.
Key export prevention: Working keys are encrypted using hardware identity public keys and imported to the HSMs built into QingTian cards. They cannot be exported from the hardware in plaintext.
Call the password obtaining APIs to obtain the ciphertext password of the public key encrypted using RSA. The API URI is in the format "GET /v2/{project_id}/servers/{server_id}/os-server-password".
For details, see Managing Encrypted EVS Disks.
If this parameter does not exist, the system disk will not be encrypted by default. __system__cmkid No String Specifies the CMK ID, which indicates encryption in metadata. This parameter is used with __system__encrypted.
You can also use an encrypted image to create ECSs. For details, see Encrypting Images. Constraints If you use a full-ECS image to create an ECS, the EVS disks associated with the full-ECS image do not support the function of creating disks from a data disk image.
If this parameter does not exist, the system disk will not be encrypted by default. __system__cmkid No String Specifies the CMK ID, which indicates encryption in metadata. This parameter is used with __system__encrypted.
44c6-a4a9-84a488e0e8d3", "rel": "self" }, { "href": "https://xxx/74610f3a5ad941998e91f076297ecf27/volumes/51f45e08-1d4f-44c6-a4a9-84a488e0e8d3", "rel": "bookmark" } ], "availability_zone": "az_test_01", "bootable": "false", "encrypted
An image created from an encrypted ECS will automatically be encrypted. Name Set a name for the image. Only letters, digits, spaces, underscores (_), hyphens (-), and periods (.) are allowed. It cannot start or end with a space.
This parameter is used only when an encrypted disk is created. If data disks are created using a data disk image, this parameter cannot be used.
Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption attribute. For details, see 4. Managing Encrypted EVS Disks (Optional) Set encryption parameters.
Constraints If this parameter does not exist, the disk will not be encrypted by default. Range 0: indicates a non-encrypted disk. 1: indicates an encrypted disk. Default Value N/A __system__cmkid No String Definition Specifies the CMK ID, which indicates encryption in metadata.
This parameter is used only when an encrypted disk is created. If data disks are created using a data disk image, this parameter cannot be used.
You can convert encrypted and unencrypted images into each other through in-region image replication. If you replicate an image shared with you, that image will become your private image.
Secure boot provides verification of the boot chain status to ensure that only encrypted and verified UEFI binary files are executed after the firmware is initialized. These binary files include UEFI drivers, primary boot loaders, and chain loading components.
/bash echo 'root:$6$V6azyeLwcD3CHlpY$BN3VVq18fmCkj66B4zdHLWevqcxlig' | chpasswd -e; In this command, $6$V6azyeLwcD3CHlpY$BN3VVq18fmCkj66B4zdHLWevqcxlig is the ciphertext password, which can be generated by performing the following steps: Run the following command to generate an encrypted
Set the dataInputStr parameter in /home/huawei-qingtian/enclave/qtsm-sdk-java/kms-cms-java/com/huawei/src/test/TestKmsCmsProxy.java to the encrypted ciphertext.
Check the number of ECSs in the batch. 400 Ecs.0119 An encrypted disk with an unavailable key cannot be attached to an ECS. An ECS cannot be attached with an encrypted disk with a disabled key. Change the key status. 400 Ecs.0120 The yearly/monthly ECS cannot be rebuilt.
