[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [Qemu-devel] [PATCH v1 08/15] block: add generic full d
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-block] [Qemu-devel] [PATCH v1 08/15] block: add generic full disk encryption driver |
|
Date: |
Wed, 13 Jan 2016 16:47:47 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 |
On 01/12/2016 11:56 AM, Daniel P. Berrange wrote:
> Add a block driver that is capable of supporting any full disk
> encryption format. This utilizes the previously added block
> encryption code, and at this time supports the LUKS format.
>
> The driver code is capable of supporting any format supported
> by the QCryptoBlock module, so it registers one block driver
> for each format.
>
> At this time, the "luks" driver is registered. New LUKS
> compatible volume can be formatted using qemu-img
>
> $ qemu-img create --object secret,data=123456,id=sec0 \
> -f luks -o key-id=sec0,cipher-alg=aes-256,\
> cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
> demo.luks 10G
>
> @@ -1664,6 +1664,21 @@
> 'data': { 'file': 'BlockdevRef' } }
>
> ##
> +# @BlockdevOptionsLUKS
> +#
> +# Driver specific block device options for LUKS.
> +#
> +# @key-id: #optional the ID of a QCryptoSecret object providing
> +# the decryption key (since 2.6)
> +#
> +# Since: 2.6
> +##
> +{ 'struct': 'BlockdevOptionsLUKS',
> + 'base': 'BlockdevOptionsGenericFormat',
> + 'data': { '*key-id': 'str' } }
And if key-id is omitted, how does it work?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-block] [Qemu-devel] [PATCH v1 02/15] crypto: add support for PBKDF2 algorithm, (continued)
- [Qemu-block] [PATCH v1 03/15] crypto: add support for generating initialization vectors, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 11/15] qcow: make encrypt_sectors encrypt in place, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 09/15] qcow2: make qcow2_encrypt_sectors encrypt in place, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 07/15] block: add flag to indicate that no I/O will be performed, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 12/15] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 14/15] block: remove all encryption handling APIs, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 08/15] block: add generic full disk encryption driver, Daniel P. Berrange, 2016/01/12
- Re: [Qemu-block] [Qemu-devel] [PATCH v1 08/15] block: add generic full disk encryption driver,
Eric Blake <=
- [Qemu-block] [PATCH v1 15/15] block: remove support for legecy AES qcow/qcow2 encryption, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 05/15] crypto: add block encryption framework, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 04/15] crypto: add support for anti-forensic split algorithm, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 13/15] block: rip out all traces of password prompting, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 10/15] qcow2: convert QCow2 to use QCryptoBlock for encryption, Daniel P. Berrange, 2016/01/12