From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59950) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aSssN-00056E-7I for qemu-devel@nongnu.org; Mon, 08 Feb 2016 15:57:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aSssM-00041d-8N for qemu-devel@nongnu.org; Mon, 08 Feb 2016 15:57:39 -0500 References: <1453311539-1193-1-git-send-email-berrange@redhat.com> <1453311539-1193-15-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <56B9013B.10403@redhat.com> Date: Mon, 8 Feb 2016 13:57:31 -0700 MIME-Version: 1.0 In-Reply-To: <1453311539-1193-15-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NodFJFbW9PjgltSviAtL4ttKt2BN0Dod5" Subject: Re: [Qemu-devel] [PATCH v2 14/17] qcow: convert QCow to use QCryptoBlock for encryption List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Kevin Wolf , Fam Zheng , qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NodFJFbW9PjgltSviAtL4ttKt2BN0Dod5 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/20/2016 10:38 AM, Daniel P. Berrange wrote: > This converts the qcow2 driver to make use of the QCryptoBlock s/qcow2/qcow/ > APIs for encrypting image content. This is only wired up to > permit use of the legacy QCow encryption format. Users who wish > to have the strong LUKS format should switch to qcow2 instead. >=20 > With this change it is now required to use the QCryptoSecret > object for providing passwords, instead of the current block > password APIs / interactive prompting. >=20 > $QEMU \ > -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \ > -drive file=3D/home/berrange/encrypted.qcow,key-secret=3Dsec0 >=20 > Signed-off-by: Daniel P. Berrange > --- > block/qcow.c | 173 +++++++++++++++++++++++--------------------= -------- > qapi/block-core.json | 17 ++++- > 2 files changed, 93 insertions(+), 97 deletions(-) >=20 > +++ b/qapi/block-core.json > @@ -1756,6 +1756,21 @@ > 'mode': 'Qcow2OverlapCheckMode' } } > =20 > ## > +# @BlockdevOptionsQcow > +# > +# Driver specific block device options for qcow. > +# > +# @key-secret: #optional ID of the "secret" object providing the > +# AES decryption key. Maybe worth a mention that this is supported for decrypting old images, but not for use in creating new images (but then again, who creates new qcow images these days). With the commit typo fixed, Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --NodFJFbW9PjgltSviAtL4ttKt2BN0Dod5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWuQE7AAoJEKeha0olJ0NqOPUIAJMI/rxwBSzgjDW/9Y+onhqm kJgmaXZosLen0gXYpHDTte8dbXcV45NHFbUfFTQchPkTxaY84nP4T3Z4H6ODMtyn GPdQAbmZXya7rMaz09hHzByWaht4Y4ffLpplYmcIHUW6NkEvE+rCPmr/dkSsCD1u oVzVoOycW66rgfSRHBfanhhKWBIOW4E39QynbyVv0RQQwLesBIGZSKS7KdsM64to Nw34PzajwL8m2xnqvEXrzfQlwolkRi+qZ3xtfoqXwnCOKwFqxxcYsjXPOU4cHwIp HGGNaKA6UqinGLa6J/tLi6RzpILuNPxpscHskpKT71lHe4skb8oXQXVUqZktppQ= =i7h4 -----END PGP SIGNATURE----- --NodFJFbW9PjgltSviAtL4ttKt2BN0Dod5--