On Thu, Oct 06, 2022 at 03:33:34PM +0100, Richard W.M. Jones wrote: > > > Could you please provide an example on how to get such an encrypted disk > > > mounted? > > > > My understanding is that libguestfs (and guestfs-tools) do not currently > > support the kind of encrypted disk where the encryption is implemented > > by QEMU, at the qcow2 layer. > > I think the only sane way to do this at the moment is to open the > image first using qemu-nbd and then connect libguestfs to the NBD > socket. In other words something like this: > > $ qemu-nbd --object secret,id=sec0,data=secretpassword \ > --image-opts > driver=qcow2,file.filename=machine1.qcow2,encrypt.format=luks,encrypt.key-secret=sec0 > \ > -t -k /tmp/socket & > $ guestfish --format=raw -a 'nbd+unix:///?socket=/tmp/socket' -i
It may also be possible to use qemu-storage-daemon's fuse export to access the unencrypted contents without going through NBD; but the point remains the same of having qemu do the translation into a format that guestfish can access. I'm less familiar with the command line needed to set up a q-s-d fuse export; a quick google search found https://www.lightnetics.com/topic/31893/exporting-block-devices-as-raw-image-files-with-fuse which might be helpful in your explorations. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://listman.redhat.com/mailman/listinfo/libguestfs
