[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlo
|
From: |
Max Reitz |
|
Subject: |
Re: [Qemu-block] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlock for encryption |
|
Date: |
Sat, 21 Jan 2017 20:07:57 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
On 03.01.2017 19:27, Daniel P. Berrange wrote:
> This converts the qcow2 driver to make use of the QCryptoBlock
> APIs for encrypting image content, using the legacyy QCow2 AES
> scheme.
>
> With this change it is now required to use the QCryptoSecret
> object for providing passwords, instead of the current block
> password APIs / interactive prompting.
>
> $QEMU \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -drive file=/home/berrange/encrypted.qcow2,aes-key-secret=sec0
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> block/qcow2-cluster.c | 47 +----------
> block/qcow2.c | 190
> +++++++++++++++++++++++++++++----------------
> block/qcow2.h | 5 +-
> qapi/block-core.json | 7 +-
> tests/qemu-iotests/049 | 2 +-
> tests/qemu-iotests/049.out | 4 +-
> tests/qemu-iotests/082.out | 27 +++++++
> tests/qemu-iotests/087 | 28 ++++++-
> tests/qemu-iotests/087.out | 6 +-
> tests/qemu-iotests/134 | 18 +++--
> tests/qemu-iotests/134.out | 10 +--
> tests/qemu-iotests/158 | 19 +++--
> tests/qemu-iotests/158.out | 14 +---
> 13 files changed, 219 insertions(+), 158 deletions(-)
[...]
> diff --git a/tests/qemu-iotests/134 b/tests/qemu-iotests/134
> index af618b8..c2458d8 100755
> --- a/tests/qemu-iotests/134
> +++ b/tests/qemu-iotests/134
> @@ -43,23 +43,31 @@ _supported_os Linux
>
>
> size=128M
> -IMGOPTS="encryption=on" _make_test_img $size
> +
> +SECRET="secret,id=sec0,data=astrochicken"
> +SECRETALT="secret,id=sec0,data=platypus"
> +
> +_make_test_img --object $SECRET -o "encryption=on,qcow-key-secret=sec0" $size
> +
> +IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,qcow-key-secret=sec0"
> +
> +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
While I agree that it makes sense to have this variable, we
unfortunately do not have it. Yet. ;-)
It should be defined somewhere and it should probably actually contain
all non-format options (such as the cache mode).
Max
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-block] [PATCH v1 07/15] iotests: fix 097 when run with qcow, (continued)
[Qemu-block] [PATCH v1 09/15] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/01/03
[Qemu-block] [PATCH v1 10/15] qcow2: make qcow2_encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/01/03
[Qemu-block] [PATCH v1 13/15] iotests: enable tests 134 and 158 to work with qcow (v1), Daniel P. Berrange, 2017/01/03
[Qemu-block] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/01/03
[Qemu-block] [PATCH v1 14/15] block: rip out all traces of password prompting, Daniel P. Berrange, 2017/01/03
[Qemu-block] [PATCH v1 15/15] block: remove all encryption handling APIs, Daniel P. Berrange, 2017/01/03
[Qemu-block] [PATCH v1 12/15] qcow2: add support for LUKS encryption format, Daniel P. Berrange, 2017/01/03