On Fri 10 Feb 2017 06:09:04 PM CET, Daniel P. Berrange wrote: > Update the qcow2 specification to describe how the LUKS header is > placed inside a qcow2 file, when using LUKS encryption for the > qcow2 payload instead of the legacy AES-CBC encryption > > Reviewed-by: Max Reitz <mre...@redhat.com> > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> + Byte 0 - 7: Offset into the image file at which the encryption > + header starts in bytes. Must be aligned to a cluster > + boundary. > + Byte 8 - 15: Length of the written encryption header in bytes. > + Note actual space allocated in the qcow2 file may > + be larger than this value, since it will be rounded > + to the nearest multiple of the cluster size. Any > + unused bytes in the allocated space will be initialized > + to 0. You are using tabs instead of spaces in these paragraphs. Those are the only tabs in the whole file so you probably want to change them. > +In the LUKS partition header, the "payload-offset" field will be > +calculated as normal for the LUKS spec. ie the size of the LUKS > +header, plus key material regions, plus padding. Its value is not > +used, however, since the qcow2 file format itself defines where > +the real payload offset is. If I understand this, the value of payload-offset is not used but it must be correct. Is payload-offset also relative to the start of the LUKS header? I assume that it is, but maybe it can be clarified like you did with key-material-offset. > +In the LUKS key slots header, the "key-material-offset" is relative > +to the start of the LUKS header clusters in the qcow2 container, > +not the start of the qcow2 file. Berto
