On Wed, Sep 07, 2011 at 09:06:05AM -0400, Stefan Berger wrote:
First: There are two ways to encrypt the data.
One comes with the QCoW2 type of image and it comes for free. Set
the encryption flag when creating the QCoW2 file and one has to
provide a key to access the QCoW2. I found this mode problematic for
users since it required me to go through the monitor every time I
started the VM. Besides that the key is provided so late that all
devices are already initialized and if the wrong key was provided
the only thing the TPM can do is to go into shutdown mode since
there is state on the QCoW2 but it cannot be decrypted. This also
became problematic when doing migrations with libvirt for example
and one was to have a wrong key/password installed on the target
side -- graceful termination of the migration is impossible.
OK let's go back to this for a moment. Add a load
callback, access file there. On failure, return
an error. migration fails gracefully, and
management can retry, or migrate to another node,
or whatever.
What's the problem exactly?