On 03/10/2015 11:26 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
>  block/qcow.c          | 5 +++++
>  block/qcow2.c         | 5 +++++
>  include/block/block.h | 3 +--
>  qemu-img.c            | 1 +
>  4 files changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/block/qcow.c b/block/qcow.c
> index 0558969..f54fc86 100644
> --- a/block/qcow.c
> +++ b/block/qcow.c
> @@ -155,6 +155,11 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
>      }
>      s->crypt_method_header = header.crypt_method;
>      if (s->crypt_method_header) {
> +        if (!(flags & BDRV_O_CRYPT_OK)) {
> +            error_setg(errp, "image is encrypted, use qemu-img to decrypt it");
> +            ret = -EINVAL;
> +            goto fail;
> +        }
>          bs->encrypted = 1;

I think this message will make it nicely through to libvirt, if libvirt
still tries to use encryption (although I didn't actually test it, as
qcow2 encryption is so broken that I've never actually tried using it).
 More importantly, patch 2/2 does something that can be observed via
'query-commands' introspection, so that newer libvirt can be made smart
enough to not even attempt to use encrypted images.

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org