Am 12.03.2015 um 17:58 hat Paolo Bonzini geschrieben: > > For cold plug, have a command line arg '--add-keys prompt' to > > indicate the user should be prompted on TTY to enter keys, > > This can even be the default if you have a human monitor open. > (Downside: the default human monitor, accessible with Ctrl-Alt-2, is not > easily discovered; same for Ctrl-A c for -nographic).
In some ancient version this actually worked as expected: When you started a VM with an encrypted image, the HMP monitor was active, and after providing the password, it switched to the graphical output. > > For managed usage we could allow > > '--add-keys fd=FDNUM' and just read keys from the file descriptor. > > For managed usage, options can also be passed via -readconfig like > > [object "mykey1"] > type=secret > secret=SECRETDATA Hopefully not using a real file, but /dev/fdset/something. Kevin
