On 2017-06-19 19:34, Daniel P. Berrange wrote: > This converts the qcow driver to make use of the QCryptoBlock > APIs for encrypting image content. This is only wired up to > permit use of the legacy QCow encryption format. Users who wish > to have the strong LUKS format should switch to qcow2 instead. > > With this change it is now required to use the QCryptoSecret > object for providing passwords, instead of the current block > password APIs / interactive prompting. > > $QEMU \ > -object secret,id=sec0,filename=/home/berrange/encrypted.pw \ > -drive file=/home/berrange/encrypted.qcow,encrypt.format=qcow,\
Still should be encrypt.format=aes, but, well... Let's just give it a Reviewed-by: Max Reitz <mre...@redhat.com> regardless. > encrypt.key-secret=sec0 > > Though note that running QEMU system emulators with the AES > encryption is no longer supported, so while the above syntax > is valid, QEMU will refuse to actually run the VM in this > particular example. > > Likewise when creating images with the legacy AES-CBC format > > qemu-img create -f qcow \ > --object secret,id=sec0,filename=/home/berrange/encrypted.pw \ > -o encrypt.format=aes,encrypt.key-secret=sec0 \ > /home/berrange/encrypted.qcow 64M > > Reviewed-by: Alberto Garcia <be...@igalia.com> > Reviewed-by: Eric Blake <ebl...@redhat.com> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > block/crypto.c | 10 +++ > block/crypto.h | 20 ++++-- > block/qcow.c | 198 > +++++++++++++++++++++++++-------------------------- > qapi/block-core.json | 38 +++++++++- > 4 files changed, 158 insertions(+), 108 deletions(-)
signature.asc
Description: OpenPGP digital signature