On 13.09.19 00:30, Maxim Levitsky wrote: > Now you can specify which slot to put the encryption key to > Plus add 'active' option which will let user erase the key secret > instead of adding it. > Check that active=true it when creating. > > Signed-off-by: Maxim Levitsky <mlevi...@redhat.com> > --- > block/crypto.c | 2 ++ > block/crypto.h | 16 +++++++++++ > block/qcow2.c | 2 ++ > crypto/block-luks.c | 26 +++++++++++++++--- > qapi/crypto.json | 19 ++++++++++++++ > tests/qemu-iotests/082.out | 54 ++++++++++++++++++++++++++++++++++++++ > 6 files changed, 115 insertions(+), 4 deletions(-)
(Just doing a cursory RFC-style review) I think we also want to reject unlock-secret if it’s given for creation; and I suppose it’d be more important to print which slots are OK than the slot the user has given. (It isn’t like we shouldn’t print that slot index, but it’s more likely the user knows that than what the limits are. I think.) Max
signature.asc
Description: OpenPGP digital signature
