On 10/05/22 16:06, Do Re wrote: > Hello all, > > background: One of my VM stopped working - on startup, I get the message > "No bootable device" in the virtual machine. > > I would like to inspect the corresponding image with libguestfs-tools. > > However, I don't know how to pass the encryption key to the tool. For > example: > > virt-ls -a /opt/vm_witherror/machine1.qcow2 / > libguestfs: trace: set_verbose true > libguestfs: trace: set_verbose = 0 > libguestfs: create: flags = 0, handle = 0x5645c40d6b00, program = virt-ls > libguestfs: trace: add_drive "/opt/vm_witherror/machine1.qcow2" > "readonly:true" > libguestfs: creating COW overlay to protect original drive content > libguestfs: trace: get_tmpdir > libguestfs: trace: get_tmpdir = "/tmp" > libguestfs: trace: disk_create "/tmp/libguestfsxECmri/overlay1.qcow2" > "qcow2" -1 "backingfile:/opt/vm_witherror/machine1.qcow2" > libguestfs: command: run: qemu-img > libguestfs: command: run: \ create > libguestfs: command: run: \ -f qcow2 > libguestfs: command: run: \ -o backing_file=/opt/vm_witherror/machine1.qcow2 > libguestfs: command: run: \ /tmp/libguestfsxECmri/overlay1.qcow2 > qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: Parameter > 'encrypt.key-secret' is required for cipher > Could not open backing image. > libguestfs: error: qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: > qemu-img exited with error status 1, see debug messages above > libguestfs: trace: disk_create = -1 (error) > libguestfs: trace: add_drive = -1 (error) > libguestfs: trace: close > libguestfs: closing guestfs handle 0x5645c40d6b00 (state 0) > libguestfs: command: run: rm > libguestfs: command: run: \ -rf /tmp/libguestfsxECmri > > > Could you please provide an example on how to get such an encrypted disk > mounted?
My understanding is that libguestfs (and guestfs-tools) do not currently support the kind of encrypted disk where the encryption is implemented by QEMU, at the qcow2 layer. The kind of encryption that's expected to work is where you use LUKS internally to the guest; in other words, where disk encryption is handled by the guest kernel, rather than by QEMU. Laszlo _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://listman.redhat.com/mailman/listinfo/libguestfs
