[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH RFC 0/2] Limit support for encrypted images to q
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-block] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img |
Date: |
Thu, 12 Mar 2015 17:58:23 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
On 10/03/2015 19:13, Daniel P. Berrange wrote:
> FWIW, I could see an improved interaction scheme working as follows
>
> First, introduce a new monitor command for setting named passwords,
>
> add_key mykey1 SECRETDATA
Or reuse object_add:
object_add secret,id=mykey1,secret=SECRETDATA
> Now, extend the blockdev_add so that you can provide key names
> by adding
>
> 'keyname': 'mykey1'
>
> as a parameter in the json args.
You can also add a command line option:
-secret id=mykey1,secret=SECRETDATA
or possibly:
-object secret,id=mykey1,secret=SECRETDATA
> For cold plug, have a command line arg '--add-keys prompt' to
> indicate the user should be prompted on TTY to enter keys,
This can even be the default if you have a human monitor open.
(Downside: the default human monitor, accessible with Ctrl-Alt-2, is not
easily discovered; same for Ctrl-A c for -nographic).
> For managed usage we could allow
> '--add-keys fd=FDNUM' and just read keys from the file descriptor.
For managed usage, options can also be passed via -readconfig like
[object "mykey1"]
type=secret
secret=SECRETDATA
Paolo
- Re: [Qemu-block] [Qemu-devel] [PATCH RFC 1/2] block: Limit opening of encrypted images to qemu-img, (continued)
Re: [Qemu-block] [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img, Daniel P. Berrange, 2015/03/10
Re: [Qemu-block] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img,
Paolo Bonzini <=