From: "Daniel P. Berrangé" <berrange@redhat.com>
To: yong.huang@smartx.com
Cc: qemu-devel@nongnu.org, Eric Blake <eblake@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Hanna Reitz <hreitz@redhat.com>, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [PATCH v4 5/7] block: Support detached LUKS header creation using qemu-img
Date: Fri, 9 Feb 2024 12:27:34 +0000 [thread overview]
Message-ID: <ZcYaNpZx5ungAzrt@redhat.com> (raw)
In-Reply-To: <c573cf4d985b0386e2e419fcccd92245800cdeca.1706586786.git.yong.huang@smartx.com>
On Tue, Jan 30, 2024 at 01:37:23PM +0800, yong.huang@smartx.com wrote:
> From: Hyman Huang <yong.huang@smartx.com>
>
> Even though a LUKS header might be created with cryptsetup,
> qemu-img should be enhanced to accommodate it as well.
>
> Add the 'detached-header' option to specify the creation of
> a detached LUKS header. This is how it is used:
> $ qemu-img create --object secret,id=sec0,data=abc123 -f luks
> > -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0
> > -o detached-header=true header.luks
>
> Using qemu-img or cryptsetup tools to query information of
> an LUKS header image as follows:
>
> Assume a detached LUKS header image has been created by:
> $ dd if=/dev/zero of=test-header.img bs=1M count=32
> $ dd if=/dev/zero of=test-payload.img bs=1M count=1000
> $ cryptsetup luksFormat --header test-header.img test-payload.img
> > --force-password --type luks1
>
> Header image information could be queried using cryptsetup:
> $ cryptsetup luksDump test-header.img
>
> or qemu-img:
> $ qemu-img info 'json:{"driver":"luks","file":{"filename":
> > "test-payload.img"},"header":{"filename":"test-header.img"}}'
>
> When using qemu-img, keep in mind that the entire disk
> information specified by the JSON-format string above must be
> supplied on the commandline; if not, an overlay check will reveal
> a problem with the LUKS volume check logic.
>
> Signed-off-by: Hyman Huang <yong.huang@smartx.com>
> ---
> block.c | 5 ++++-
> block/crypto.c | 10 +++++++++-
> block/crypto.h | 8 ++++++++
> qapi/crypto.json | 5 ++++-
> 4 files changed, 25 insertions(+), 3 deletions(-)
> diff --git a/block/crypto.c b/block/crypto.c
> index 8e7ee5e9ac..65426d3a16 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -791,6 +792,9 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename,
> PreallocMode prealloc;
> char *buf = NULL;
> int64_t size;
> + bool detached_hdr =
> + qemu_opt_get_bool(opts, "detached-header", false);
> + unsigned int cflags = 0;
> int ret;
> Error *local_err = NULL;
>
> @@ -830,6 +834,10 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename,
> goto fail;
> }
>
> + if (detached_hdr) {
> + cflags |= QCRYPTO_BLOCK_CREATE_DETACHED;
> + }
> +
We're setting cflags but not using it ever.
> /* Create format layer */
> ret = block_crypto_co_create_generic(bs, size, create_opts,
> prealloc, 0, errp);
This '0' here should be replaced by 'cflags', since you're
checking for QCRYPTO_BLOCK_CREATE_DETACHED inside the
block_crypto_co_create_generic method.
I'll make this change when I merge this, so no need to resend.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-02-09 12:28 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 5:37 [PATCH v4 0/7] Support generic Luks encryption yong.huang
2024-01-30 5:37 ` [PATCH v4 1/7] crypto: Support LUKS volume with detached header yong.huang
2024-01-31 10:55 ` Daniel P. Berrangé
2024-01-30 5:37 ` [PATCH v4 2/7] qapi: Make parameter 'file' optional for BlockdevCreateOptionsLUKS yong.huang
2024-02-19 14:22 ` Markus Armbruster
2024-02-20 7:31 ` Yong Huang
2024-02-20 8:55 ` Markus Armbruster
2024-02-20 9:13 ` Yong Huang
2024-02-20 9:41 ` Markus Armbruster
2024-02-20 10:09 ` Yong Huang
2024-01-30 5:37 ` [PATCH v4 3/7] crypto: Modify the qcrypto_block_create to support creation flags yong.huang
2024-01-31 10:59 ` Daniel P. Berrangé
2024-01-30 5:37 ` [PATCH v4 4/7] block: Support detached LUKS header creation using blockdev-create yong.huang
2024-01-31 11:49 ` Daniel P. Berrangé
2024-02-19 14:24 ` Markus Armbruster
2024-02-19 14:49 ` Markus Armbruster
2024-02-19 14:57 ` Daniel P. Berrangé
2024-02-19 15:02 ` Daniel P. Berrangé
2024-02-19 15:43 ` Markus Armbruster
2024-01-30 5:37 ` [PATCH v4 5/7] block: Support detached LUKS header creation using qemu-img yong.huang
2024-01-31 11:50 ` Daniel P. Berrangé
2024-02-09 12:27 ` Daniel P. Berrangé [this message]
2024-02-19 14:24 ` Markus Armbruster
2024-01-30 5:37 ` [PATCH v4 6/7] crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS yong.huang
2024-01-31 11:50 ` Daniel P. Berrangé
2024-01-30 5:37 ` [PATCH v4 7/7] tests: Add case for LUKS volume with detached header yong.huang
2024-01-31 11:53 ` Daniel P. Berrangé
2024-02-09 12:43 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZcYaNpZx5ungAzrt@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=yong.huang@smartx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).