From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40029) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aJV8v-0004LI-8B for qemu-devel@nongnu.org; Wed, 13 Jan 2016 18:47:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aJV8u-0001Nw-30 for qemu-devel@nongnu.org; Wed, 13 Jan 2016 18:47:57 -0500 References: <1452624982-19332-1-git-send-email-berrange@redhat.com> <1452624982-19332-9-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <5696E223.5040809@redhat.com> Date: Wed, 13 Jan 2016 16:47:47 -0700 MIME-Version: 1.0 In-Reply-To: <1452624982-19332-9-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="vqm9QImomvVHe2LVi1qtMVib7IAfW9FGP" Subject: Re: [Qemu-devel] [PATCH v1 08/15] block: add generic full disk encryption driver List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --vqm9QImomvVHe2LVi1qtMVib7IAfW9FGP Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/12/2016 11:56 AM, Daniel P. Berrange wrote: > Add a block driver that is capable of supporting any full disk > encryption format. This utilizes the previously added block > encryption code, and at this time supports the LUKS format. >=20 > The driver code is capable of supporting any format supported > by the QCryptoBlock module, so it registers one block driver > for each format. >=20 > At this time, the "luks" driver is registered. New LUKS > compatible volume can be formatted using qemu-img >=20 > $ qemu-img create --object secret,data=3D123456,id=3Dsec0 \ > -f luks -o key-id=3Dsec0,cipher-alg=3Daes-256,\ > cipher-mode=3Dcbc,ivgen-alg=3Dplain64,hash-alg=3Dsha256 \ > demo.luks 10G >=20 > @@ -1664,6 +1664,21 @@ > 'data': { 'file': 'BlockdevRef' } } > =20 > ## > +# @BlockdevOptionsLUKS > +# > +# Driver specific block device options for LUKS. > +# > +# @key-id: #optional the ID of a QCryptoSecret object providing > +# the decryption key (since 2.6) > +# > +# Since: 2.6 > +## > +{ 'struct': 'BlockdevOptionsLUKS', > + 'base': 'BlockdevOptionsGenericFormat', > + 'data': { '*key-id': 'str' } } And if key-id is omitted, how does it work? --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --vqm9QImomvVHe2LVi1qtMVib7IAfW9FGP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWluIjAAoJEKeha0olJ0NqAXUH/373U+rOjVKcvdqwgoM6xkzu Ca41Dt22v0pJABSEGa++UwORQEM0qTQvQn3ad5q15lxH6b4aXWVi5HZmDDWuXU5P HlflU0+rToFLIx0XB/BST5EFpLAWv92RY2V9WrD925/XHVUnrwgGfhCD/u7IZmI6 Ddv1LYM6rAaBT2RGy4ihpeYfJx4q+Ssqrhj2yiJ+xafVS6VhZgcZehoSUAggqccf dPVgr5Xof4g88s7wbcwV0+Qs/co4mWTa8Jpzzvr+4Ef9BhSeRQVRfuSdkISNgyqY bgUE0rIE19ct6X1GMB1bXgAXoinJCkGT/fKFXHw0/M6S2hliOzNTPrAUaJuEuyM= =Mt0W -----END PGP SIGNATURE----- --vqm9QImomvVHe2LVi1qtMVib7IAfW9FGP--