mirror of https://github.com/proxmox/mirror_qemu
d85f4222b4
This converts the qcow driver to make use of the QCryptoBlock
APIs for encrypting image content. This is only wired up to
permit use of the legacy QCow encryption format. Users who wish
to have the strong LUKS format should switch to qcow2 instead.
With this change it is now required to use the QCryptoSecret
object for providing passwords, instead of the current block
password APIs / interactive prompting.
$QEMU \
-object secret,id=sec0,file=/home/berrange/encrypted.pw \
-drive file=/home/berrange/encrypted.qcow,encrypt.format=aes,\
encrypt.key-secret=sec0
Though note that running QEMU system emulators with the AES
encryption is no longer supported, so while the above syntax
is valid, QEMU will refuse to actually run the VM in this
particular example.
Likewise when creating images with the legacy AES-CBC format
qemu-img create -f qcow \
--object secret,id=sec0,file=/home/berrange/encrypted.pw \
-o encrypt.format=aes,encrypt.key-secret=sec0 \
/home/berrange/encrypted.qcow 64M
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170623162419.26068-10-berrange@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||
|---|---|---|
| .. | ||
| Makefile.objs | ||
| block-core.json | ||
| block.json | ||
| common.json | ||
| crypto.json | ||
| event.json | ||
| introspect.json | ||
| opts-visitor.c | ||
| qapi-clone-visitor.c | ||
| qapi-dealloc-visitor.c | ||
| qapi-util.c | ||
| qapi-visit-core.c | ||
| qmp-dispatch.c | ||
| qmp-event.c | ||
| qmp-registry.c | ||
| qobject-input-visitor.c | ||
| qobject-output-visitor.c | ||
| rocker.json | ||
| string-input-visitor.c | ||
| string-output-visitor.c | ||
| trace-events | ||
| trace.json | ||