On 03.01.2017 19:27, Daniel P. Berrange wrote: > This series is a continuation of previous work to support LUKS in > QEMU. The existing merged code supports LUKS as a standalone > driver which can be layered over/under any other QEMU block device > driver. This works well when using LUKS over protocol drivers (file, > rbd, iscsi, etc, etc), but has some downsides when combined with > format drivers like qcow2.
When trying out whether compressed images are actually encrypted (which
they are not, as I wrote in my last reply to patch 12), I noticed that
the user interface still has some flaws:
One is that you actually can't convert to encrypted images any more, or
if you can, it doesn't seem obvious to me:
$ ./qemu-img convert -O qcow2 --object secret,id=sec0,data=12345 \
-o encryption-format=luks,luks-key-secret=sec0 \
foo.qcow2 bar.qcow2
qemu-img: Could not open 'bar.qcow2': Parameter 'key-secret' is required
for cipher
The issue is that you have to specify the key secret as a runtime
parameter in addition to the creation option. Not only is that a bit
cumbersome, but it's also impossible because --image-opts doesn't work
for the output image.
The second flaw is also visible above: The parameter is called
"luks-key-secret" here, not just "key-secret". The error message should
reflect that.
Max
signature.asc
Description: OpenPGP digital signature
