On 2017-06-01 19:27, Daniel P. Berrange wrote: > This converts the qcow driver to make use of the QCryptoBlock > APIs for encrypting image content. This is only wired up to > permit use of the legacy QCow encryption format. Users who wish > to have the strong LUKS format should switch to qcow2 instead. > > With this change it is now required to use the QCryptoSecret > object for providing passwords, instead of the current block > password APIs / interactive prompting. >
Beware, nit picks incoming: > $QEMU \ > -object secret,id=sec0,filename=/home/berrange/encrypted.pw \> -drive > file=/home/berrange/encrypted.qcow,encrypt.format=qcow,\ encrypt.format should be "aes". > encrypt.key-secret=sec0 This doesn't work at all, though, because: Use of AES-CBC encrypted qcow images is no longer supported in system emulators You can use 'qemu-img convert' to convert your image to an alternative supported format, such as unencrypted qcow, or raw with the LUKS format instead. > > Likewise when creating images with the legacy AES-CBC format > > qemu-img create -f qcow \ > -object secret,id=sec0,filename=/home/berrange/encrypted.pw \ Should be --object. > -o encrypt.format=aes,encrypt.key-secret=sec0 \ > /home/berrange/encrypted.qcow There should be a size here to make it work. The patch itself does look good to me, though. Max > > Reviewed-by: Alberto Garcia <be...@igalia.com> > Reviewed-by: Eric Blake <ebl...@redhat.com> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > block/crypto.c | 10 +++ > block/crypto.h | 20 ++++-- > block/qcow.c | 198 > +++++++++++++++++++++++++-------------------------- > qapi/block-core.json | 38 +++++++++- > 4 files changed, 158 insertions(+), 108 deletions(-)
signature.asc
Description: OpenPGP digital signature
