[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 14/17] qcow: convert QCow to use QCryptoBlock
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v2 14/17] qcow: convert QCow to use QCryptoBlock for encryption |
Date: |
Mon, 8 Feb 2016 13:57:31 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 |
On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> This converts the qcow2 driver to make use of the QCryptoBlock
s/qcow2/qcow/
> APIs for encrypting image content. This is only wired up to
> permit use of the legacy QCow encryption format. Users who wish
> to have the strong LUKS format should switch to qcow2 instead.
>
> With this change it is now required to use the QCryptoSecret
> object for providing passwords, instead of the current block
> password APIs / interactive prompting.
>
> $QEMU \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -drive file=/home/berrange/encrypted.qcow,key-secret=sec0
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> block/qcow.c | 173
> +++++++++++++++++++++++----------------------------
> qapi/block-core.json | 17 ++++-
> 2 files changed, 93 insertions(+), 97 deletions(-)
>
> +++ b/qapi/block-core.json
> @@ -1756,6 +1756,21 @@
> 'mode': 'Qcow2OverlapCheckMode' } }
>
> ##
> +# @BlockdevOptionsQcow
> +#
> +# Driver specific block device options for qcow.
> +#
> +# @key-secret: #optional ID of the "secret" object providing the
> +# AES decryption key.
Maybe worth a mention that this is supported for decrypting old images,
but not for use in creating new images (but then again, who creates new
qcow images these days).
With the commit typo fixed,
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH v2 14/17] qcow: convert QCow to use QCryptoBlock for encryption,
Eric Blake <=