On 04/25/2017 10:38 AM, Daniel P. Berrange wrote: > This converts the qcow driver to make use of the QCryptoBlock > APIs for encrypting image content. This is only wired up to > permit use of the legacy QCow encryption format. Users who wish > to have the strong LUKS format should switch to qcow2 instead. > > With this change it is now required to use the QCryptoSecret > object for providing passwords, instead of the current block > password APIs / interactive prompting. > > $QEMU \ > -object secret,id=sec0,filename=/home/berrange/encrypted.pw \ > -drive file=/home/berrange/encrypted.qcow,encrypt.format=qcow,\ > encrypt.key-secret=sec0 > > Likewise when creating such images > > qemu-img create -f qcow \ > -object secret,id=sec0,filename=/home/berrange/encrypted.pw \ > -o encrypt.format=qcow,encrypt.key-secret=sec0 \ > /home/berrange/encrypted.qcow > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > block/crypto.c | 10 +++ > block/crypto.h | 20 ++++-- > block/qcow.c | 196 > +++++++++++++++++++++++++-------------------------- > qapi/block-core.json | 37 +++++++++- > 4 files changed, 156 insertions(+), 107 deletions(-) >
> +++ b/qapi/block-core.json > @@ -2277,6 +2277,41 @@ > 'mode': 'Qcow2OverlapCheckMode' } } > > ## > +# @BlockdevQcowEncryptionFormat: > +# @qcow: AES-CBC with plain64 initialization venctors s/venctors/vectors/ With that fixed, Reviewed-by: Eric Blake <ebl...@redhat.com> and it turned out much nicer than v5 ! -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
