vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror_qemu/block
History
Daniel P. Berrange d85f4222b4 qcow: convert QCow to use QCryptoBlock for encryption 
This converts the qcow driver to make use of the QCryptoBlock
APIs for encrypting image content. This is only wired up to
permit use of the legacy QCow encryption format. Users who wish
to have the strong LUKS format should switch to qcow2 instead.

With this change it is now required to use the QCryptoSecret
object for providing passwords, instead of the current block
password APIs / interactive prompting.

  $QEMU \
    -object secret,id=sec0,file=/home/berrange/encrypted.pw \
    -drive file=/home/berrange/encrypted.qcow,encrypt.format=aes,\
           encrypt.key-secret=sec0

Though note that running QEMU system emulators with the AES
encryption is no longer supported, so while the above syntax
is valid, QEMU will refuse to actually run the VM in this
particular example.

Likewise when creating images with the legacy AES-CBC format

  qemu-img create -f qcow \
    --object secret,id=sec0,file=/home/berrange/encrypted.pw \
    -o encrypt.format=aes,encrypt.key-secret=sec0 \
    /home/berrange/encrypted.qcow 64M

Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170623162419.26068-10-berrange@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
 		2017-07-11 17:44:56 +02:00
..
Makefile.objs qed: Remove GenericCB 2017-06-26 14:51:14 +02:00
accounting.c block: make accounting thread-safe 2017-06-16 07:55:00 +08:00
backup.c block: Make bdrv_is_allocated() byte-based 2017-07-10 13:18:07 +02:00
blkdebug.c blkdebug: Support .bdrv_co_get_block_status 2017-07-10 13:18:05 +02:00
blkreplay.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
blkverify.c blkverify: Catch bs->exact_filename overflow 2017-06-26 14:54:46 +02:00
block-backend.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
bochs.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
cloop.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
commit.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
crypto.c qcow: convert QCow to use QCryptoBlock for encryption 2017-07-11 17:44:56 +02:00
crypto.h qcow: convert QCow to use QCryptoBlock for encryption 2017-07-11 17:44:56 +02:00
curl.c curl: do not do aio_poll when waiting for a free CURLState 2017-05-16 10:34:50 -04:00
dirty-bitmap.c block: protect modification of dirty bitmaps with a mutex 2017-06-16 07:55:00 +08:00
dmg-bz2.c dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
dmg.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
dmg.h dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
file-posix.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
file-win32.c block/file-*: *_parse_filename() and colons 2017-05-29 15:39:54 +02:00
gluster.c block/gluster.c: Handle qdict_array_entries() failure 2017-06-09 08:41:29 -04:00
io.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
iscsi-opts.c block/iscsi: statically link qemu_iscsi_opts 2017-01-27 18:07:58 +01:00
iscsi.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
linux-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
mirror.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
nbd-client.c nbd: fix NBD over TLS 2017-07-04 14:30:03 +02:00
nbd-client.h block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
nbd.c block: Do not strcmp() with NULL uri->scheme 2017-06-26 14:54:46 +02:00
nfs.c block: Do not strcmp() with NULL uri->scheme 2017-06-26 14:54:46 +02:00
null.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
parallels.c block: Add errp to b{lk,drv}_truncate() 2017-04-28 16:02:02 +02:00
qapi.c QAPI patches for 2017-06-09 2017-06-22 11:34:39 +01:00
qcow.c qcow: convert QCow to use QCryptoBlock for encryption 2017-07-11 17:44:56 +02:00
qcow2-cache.c qcow2: Remove stale comment 2016-11-25 13:51:30 +01:00
qcow2-cluster.c qcow2: Use offset_into_cluster() and offset_to_l2_index() 2017-06-26 14:51:13 +02:00
qcow2-refcount.c qcow2: Make distinction between zero cluster types obvious 2017-05-11 14:28:07 +02:00
qcow2-snapshot.c qcow2: Discard/zero clusters by byte count 2017-05-11 14:28:07 +02:00
qcow2.c block: deprecate "encryption=on" in favor of "encrypt.format=aes" 2017-07-11 17:44:55 +02:00
qcow2.h qcow2: Merge the writing of the COW regions with the guest data 2017-06-26 14:51:13 +02:00
qed-check.c qed: Use DIV_ROUND_UP 2016-06-07 18:19:24 +03:00
qed-cluster.c qed: Add coroutine_fn to I/O path functions 2017-06-26 14:51:15 +02:00
qed-l2-cache.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-table.c qed: Remove callback from qed_write_table() 2017-06-26 14:51:14 +02:00
qed.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
qed.h qed: Add coroutine_fn to I/O path functions 2017-06-26 14:51:15 +02:00
quorum.c qapi: merge QInt and QFloat in QNum 2017-06-20 14:31:31 +02:00
raw-format.c block: Simplify use of BDRV_BLOCK_RAW 2017-07-10 13:18:05 +02:00
rbd.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
replication.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
sheepdog.c block: Do not strcmp() with NULL uri->scheme 2017-06-26 14:54:46 +02:00
snapshot.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
ssh.c block: Do not strcmp() with NULL uri->scheme 2017-06-26 14:54:46 +02:00
stream.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
throttle-groups.c throttle: Update throttle-groups.c documentation 2017-06-26 14:51:13 +02:00
trace-events trace: Show blockjob actions via bytes, not sectors 2017-07-10 13:18:06 +02:00
vdi.c migration: Create migration/blocker.h 2017-05-17 12:04:59 +02:00
vhdx-endian.c vhdx: Use QEMU UUID API 2016-09-23 11:42:52 +08:00
vhdx-log.c block: Add errp to b{lk,drv}_truncate() 2017-04-28 16:02:02 +02:00
vhdx.c migration: Create migration/blocker.h 2017-05-17 12:04:59 +02:00
vhdx.h block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec 2014-12-12 15:42:22 +00:00
vmdk.c migration: Create migration/blocker.h 2017-05-17 12:04:59 +02:00
vpc.c block: Simplify use of BDRV_BLOCK_RAW 2017-07-10 13:18:05 +02:00
vvfat.c block: Make bdrv_is_allocated() byte-based 2017-07-10 13:18:07 +02:00
vxhs.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
win32-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
write-threshold.c block: use bdrv_add_before_write_notifier 2016-10-07 13:34:07 +02:00