On Wed, 01/20 17:38, Daniel P. Berrange wrote:
> This converts the qcow2 driver to make use of the QCryptoBlock
> APIs for encrypting image content. As well as continued support
> for the legacy QCow2 encryption format, the appealing benefit
> is that it enables support for the LUKS format inside qcow2.
FWIW, with today's QEMU, it's possible to stack format drivers on top of each
other. In other words, even without this patch, we can make LUKS driver
encrypt/decrypt the qcow2 payload, while keeping them completely orthogonal.
It's someting like:
--------------------
| LUKS |
--------------------
|
v
--------------------
| qcow2 |
--------------------
|
v
--------------------
| file |
--------------------
The command line looks like this:
-drive driver=luks,file.driver=qcow2,file.file.driver=file,\
file.file.filename=$qcow2_image_whose_payload_is_in_luks_format
unfortunately I don't know how to create nested images with qemu-img. I tested
the nested qcow2 by attaching the outter image to a VM and running "qemu-img
create -f qcow2 /dev/vda" in guest shell. Kevin?
Fam
