[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH WIP 04/30] qcow2: add a 'keyid' parameter to qco
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] [PATCH WIP 04/30] qcow2: add a 'keyid' parameter to qcow2 options |
|
Date: |
Mon, 23 Nov 2015 12:40:01 +0000 |
|
User-agent: |
Mutt/1.5.23 (2015-06-09) |
On Fri, Nov 20, 2015 at 03:15:27PM -0700, Eric Blake wrote:
> On 11/20/2015 11:04 AM, Daniel P. Berrange wrote:
> > Add a 'keyid' parameter that refers to the ID of a
> > QCryptoSecret instance that provides the encryption key.
> >
> > $QEMU \
> > -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> > -drive file=/home/berrange/encrypted.qcow2,keyid=sec0
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> > block/qcow2.c | 80
> > +++++++++++++++++++++++++++++++++++++---------------
> > block/qcow2.h | 1 +
> > qapi/block-core.json | 8 ++++--
> > 3 files changed, 64 insertions(+), 25 deletions(-)
>
> > +++ b/qapi/block-core.json
> > @@ -1698,7 +1698,7 @@
> > # Driver specific block device options for qcow.
> > #
> > # @keyid: #optional ID of the "secret" object providing the
> > -# AES decryption key.
> > +# AES decryption key (since 2.5)
> > #
> > # Since: 2.5
>
> I already pointed this out on the previous post, but this hunk is wrong
> (since the entire BlockdevOptionsQcow struct is new); it instead belongs...
>
> > ##
> > @@ -1742,6 +1742,9 @@
> > # caches. The interval is in seconds. The default
> > value
> > # is 0 and it disables this feature (since 2.5)
> > #
> > +# @keyid: #optional ID of the "secret" object providing the
> > +# AES decryption key.
>
> ...here as part of BlockdevOptionsQcow2. Also, I wonder if inheriting
> from BlockdevOptionsQcow is any easier here than just declaring keyid
> directly.
When I fully integrate LUKS support in qcow2, there will be several
more parameters added to this struct, which I won't be adding to
qcow, since I don't fancy doing any work on qcow code to improve
its encryption, since its essentially obsolte. So on this basis,
I don't think inheriting BlockdevOptionsQcow will have tangible
benefit.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
[Qemu-devel] [PATCH WIP 03/30] qcow: add a 'keyid' parameter to qcow options, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 17/30] crypto: add method for querying hash digest size, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 14/30] block: remove support for writing to qcow/qcow2 encrypted images, Daniel P. Berrange, 2015/11/20