From: Eric Blake <eblake@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org
Subject: Re: [Qemu-devel] [PATCH WIP 04/30] qcow2: add a 'keyid' parameter to qcow2 options
Date: Fri, 20 Nov 2015 15:15:27 -0700 [thread overview]
Message-ID: <564F9B7F.2020101@redhat.com> (raw)
In-Reply-To: <1448042670-17433-5-git-send-email-berrange@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2045 bytes --]
On 11/20/2015 11:04 AM, Daniel P. Berrange wrote:
> Add a 'keyid' parameter that refers to the ID of a
> QCryptoSecret instance that provides the encryption key.
>
> $QEMU \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -drive file=/home/berrange/encrypted.qcow2,keyid=sec0
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> block/qcow2.c | 80 +++++++++++++++++++++++++++++++++++++---------------
> block/qcow2.h | 1 +
> qapi/block-core.json | 8 ++++--
> 3 files changed, 64 insertions(+), 25 deletions(-)
> +++ b/qapi/block-core.json
> @@ -1698,7 +1698,7 @@
> # Driver specific block device options for qcow.
> #
> # @keyid: #optional ID of the "secret" object providing the
> -# AES decryption key.
> +# AES decryption key (since 2.5)
> #
> # Since: 2.5
I already pointed this out on the previous post, but this hunk is wrong
(since the entire BlockdevOptionsQcow struct is new); it instead belongs...
> ##
> @@ -1742,6 +1742,9 @@
> # caches. The interval is in seconds. The default value
> # is 0 and it disables this feature (since 2.5)
> #
> +# @keyid: #optional ID of the "secret" object providing the
> +# AES decryption key.
...here as part of BlockdevOptionsQcow2. Also, I wonder if inheriting
from BlockdevOptionsQcow is any easier here than just declaring keyid
directly.
> +#
> # Since: 1.7
> ##
> { 'struct': 'BlockdevOptionsQcow2',
> @@ -1754,7 +1757,8 @@
> '*cache-size': 'int',
> '*l2-cache-size': 'int',
> '*refcount-cache-size': 'int',
> - '*cache-clean-interval': 'int' } }
> + '*cache-clean-interval': 'int',
> + '*keyid': 'str' } }
>
>
> ##
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2015-11-20 22:15 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 18:04 [Qemu-devel] [PATCH WIP 00/30] Support for full disk encryption Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 01/30] crypto: add QCryptoSecret object class for password/key handling Daniel P. Berrange
2015-11-20 22:09 ` Eric Blake
2015-11-23 12:33 ` Daniel P. Berrange
2015-11-23 13:39 ` Markus Armbruster
2015-11-23 14:43 ` Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 02/30] crypto: add support for loading encrypted x509 keys Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 03/30] qcow: add a 'keyid' parameter to qcow options Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 04/30] qcow2: add a 'keyid' parameter to qcow2 options Daniel P. Berrange
2015-11-20 22:15 ` Eric Blake [this message]
2015-11-23 12:40 ` Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 05/30] qom: add user_creatable_add & user_creatable_del methods Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 06/30] qemu-img: add support for --object command line arg Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 07/30] qemu-nbd: " Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 08/30] qemu-io: " Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 09/30] qemu-io: allow specifying image as a set of options args Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 10/30] qemu-nbd: " Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 11/30] qemu-img: " Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 12/30] block: rip out all traces of password prompting Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 13/30] block: remove all encryption handling APIs Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 14/30] block: remove support for writing to qcow/qcow2 encrypted images Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 15/30] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 16/30] crypto: add ability to query the cipher key, block & IV lens Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 17/30] crypto: add method for querying hash digest size Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 18/30] crypto: move QCryptoHashAlgorithm enum definition into QAPI Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 19/30] crypto: move QCryptoCipherAlgorithm/Mode enum definitions " Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 20/30] crypto: ensure qapi/crypto.json is listed in qapi-modules Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 21/30] crypto: add cryptographic random byte source Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 22/30] crypto: add support for PBKDF2 algorithm Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 23/30] crypto: add support for generating initialization vectors Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 24/30] crypto: add support for anti-forensic split algorithm Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 25/30] crypto: fix transposed arguments in cipher error message Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 26/30] crypto: add block encryption framework Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 27/30] crypto: implement the LUKS block encryption format Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 28/30] block: add generic full disk encryption driver Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 29/30] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2015-11-20 18:04 ` [Qemu-devel] [PATCH WIP 30/30] qcow2: add LUKS full disk encryption support Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=564F9B7F.2020101@redhat.com \
--to=eblake@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).