On Mon, May 18, 2020 at 11:28:03PM +0300, Alexey Krasikov wrote: > Add the ability for the secret object to obtain secret data from the > Linux in-kernel key managment and retention facility, as an extra option > to the existing ones: reading from a file or passing directly as a > string. > > The secret is identified by the key serial number. The upper layers > need to instantiate the key and make sure the QEMU process has access > permissions to read it. > > Signed-off-by: Alexey Krasikov <alex-krasi...@yandex-team.ru> > --- > configure | 38 ++++++++ > crypto/Makefile.objs | 1 + > crypto/secret_keyring.c | 148 ++++++++++++++++++++++++++++++++ > include/crypto/secret_keyring.h | 52 +++++++++++ > 4 files changed, 239 insertions(+) > create mode 100644 crypto/secret_keyring.c > create mode 100644 include/crypto/secret_keyring.h > > diff --git a/configure b/configure > index 0d69c360c0..1bae5ec0a1 100755 > --- a/configure > +++ b/configure
> ########################################## > # End of CC checks > @@ -6733,6 +6766,7 @@ echo "default devices $default_devices" > echo "plugin support $plugins" > echo "fuzzing support $fuzzing" > echo "gdb $gdb_bin" > +echo "Linux keyring support $secret_keyring" Remove the word "support" here and vertically align the value with the line above, otherwise the configure output summary looks odd. With that fixed, Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|