From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <famz@redhat.com>,
qemu-block@nongnu.org
Subject: [Qemu-devel] [PATCH v2 10/17] block: add generic full disk encryption driver
Date: Wed, 20 Jan 2016 17:38:52 +0000 [thread overview]
Message-ID: <1453311539-1193-11-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1453311539-1193-1-git-send-email-berrange@redhat.com>
Add a block driver that is capable of supporting any full disk
encryption format. This utilizes the previously added block
encryption code, and at this time supports the LUKS format.
The driver code is capable of supporting any format supported
by the QCryptoBlock module, so it registers one block driver
for each format.
At this time, the "luks" driver is registered. New LUKS
compatible volume can be formatted using qemu-img
$ qemu-img create --object secret,data=123456,id=sec0 \
-f luks -o key-secret=sec0,cipher-alg=aes-256,\
cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
demo.luks 10G
And query its size
$ qemu-img info --object secret,data=123456,id=sec0 --source demo.luks,driver=luks,key-secret=sec0
image: json:{"key-secret": "sec0", "driver": "luks", "file": {"driver": "file", "filename": "demo.luks"}}
file format: luks
virtual size: 10.0G (10737416192 bytes)
disk size: 132K
All volumes created by this new 'luks' driver should be
capable of being opened by the kernel dm-crypt driver.
With this initial impl, not all volumes created with
dm-crypt can be opened by the QEMU 'luks' driver. This
is due to lack of support for certain algorithms, in
particular the 'xts' cipher mode. These limitations will
be addressed in a later series of patches, with the
intent that QEMU should be able to open anything that
dm-crypt LUKS supports.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/Makefile.objs | 2 +
block/crypto.c | 541 +++++++++++++++++++++++++++++++++++++++++++++++++++
qapi/block-core.json | 18 +-
3 files changed, 560 insertions(+), 1 deletion(-)
create mode 100644 block/crypto.c
diff --git a/block/Makefile.objs b/block/Makefile.objs
index 58ef2ef..12eae77 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -23,6 +23,8 @@ block-obj-$(CONFIG_LIBSSH2) += ssh.o
block-obj-y += accounting.o
block-obj-y += write-threshold.o
+block-obj-y += crypto.o
+
common-obj-y += stream.o
common-obj-y += commit.o
common-obj-y += backup.o
diff --git a/block/crypto.c b/block/crypto.c
new file mode 100644
index 0000000..2ba78bd
--- /dev/null
+++ b/block/crypto.c
@@ -0,0 +1,541 @@
+/*
+ * QEMU block full disk encryption
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "config-host.h"
+
+#include "block/block_int.h"
+#include "crypto/block.h"
+#include "qapi/opts-visitor.h"
+#include "qapi-visit.h"
+
+#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
+#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
+#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
+
+typedef struct BlockCrypto BlockCrypto;
+
+struct BlockCrypto {
+ QCryptoBlock *block;
+ CoMutex lock;
+};
+
+
+static int block_crypto_probe_generic(QCryptoBlockFormat format,
+ const uint8_t *buf,
+ int buf_size,
+ const char *filename)
+{
+ if (qcrypto_block_has_format(format,
+ buf, buf_size)) {
+ return 100;
+ } else {
+ return 0;
+ }
+}
+
+
+static ssize_t block_crypto_read_func(QCryptoBlock *block,
+ size_t offset,
+ uint8_t *buf,
+ size_t buflen,
+ Error **errp,
+ void *opaque)
+{
+ BlockDriverState *bs = opaque;
+ ssize_t ret;
+
+ ret = bdrv_pread(bs->file->bs, offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not read encryption header");
+ return ret;
+ }
+ return ret;
+}
+
+
+static ssize_t block_crypto_write_func(QCryptoBlock *block,
+ size_t offset,
+ const uint8_t *buf,
+ size_t buflen,
+ Error **errp,
+ void *opaque)
+{
+ BlockDriverState *bs = opaque;
+ ssize_t ret;
+
+ ret = bdrv_pwrite(bs, offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not write encryption header");
+ return ret;
+ }
+ return ret;
+}
+
+
+static ssize_t block_crypto_init_func(QCryptoBlock *block,
+ size_t headerlen,
+ Error **errp,
+ void *opaque)
+{
+ /* We don't need to do anything special to reserve space */
+ return 0;
+}
+
+
+static QemuOptsList block_crypto_runtime_opts_luks = {
+ .name = "crypto",
+ .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
+ .desc = {
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
+ .type = QEMU_OPT_STRING,
+ .help = "ID of the secret that provides the encryption key",
+ },
+ { /* end of list */ }
+ },
+};
+
+
+static QemuOptsList block_crypto_create_opts_luks = {
+ .name = "crypto",
+ .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
+ .desc = {
+ {
+ .name = BLOCK_OPT_SIZE,
+ .type = QEMU_OPT_SIZE,
+ .help = "Virtual disk size"
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
+ .type = QEMU_OPT_STRING,
+ .help = "ID of the secret that provides the encryption key",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of encryption cipher algorithm",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of encryption cipher mode",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of IV generator algorithm",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of IV generator hash algorithm",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of encryption hash algorithm",
+ },
+ { /* end of list */ }
+ },
+};
+
+
+static QCryptoBlockOpenOptions *
+block_crypto_open_opts_init(QCryptoBlockFormat format,
+ QemuOpts *opts,
+ Error **errp)
+{
+ OptsVisitor *ov;
+ QCryptoBlockOpenOptions *ret;
+ Error *local_err = NULL;
+
+ ret = g_new0(QCryptoBlockOpenOptions, 1);
+ ret->format = format;
+
+ ov = opts_visitor_new(opts);
+
+ switch (format) {
+ case Q_CRYPTO_BLOCK_FORMAT_LUKS:
+ ret->u.luks = g_new0(QCryptoBlockOptionsLUKS, 1);
+ visit_type_QCryptoBlockOptionsLUKS(opts_get_visitor(ov),
+ &ret->u.luks, "luks", &local_err);
+ break;
+
+ default:
+ error_setg(&local_err, "Unsupported block format %d", format);
+ break;
+ }
+
+ if (local_err) {
+ error_propagate(errp, local_err);
+ opts_visitor_cleanup(ov);
+ qapi_free_QCryptoBlockOpenOptions(ret);
+ return NULL;
+ }
+
+ opts_visitor_cleanup(ov);
+ return ret;
+}
+
+
+static QCryptoBlockCreateOptions *
+block_crypto_create_opts_init(QCryptoBlockFormat format,
+ QemuOpts *opts,
+ Error **errp)
+{
+ OptsVisitor *ov;
+ QCryptoBlockCreateOptions *ret;
+ Error *local_err = NULL;
+
+ ret = g_new0(QCryptoBlockCreateOptions, 1);
+ ret->format = format;
+
+ ov = opts_visitor_new(opts);
+
+ switch (format) {
+ case Q_CRYPTO_BLOCK_FORMAT_LUKS:
+ ret->u.luks = g_new0(QCryptoBlockCreateOptionsLUKS, 1);
+ visit_type_QCryptoBlockCreateOptionsLUKS(
+ opts_get_visitor(ov),
+ &ret->u.luks, "luks", &local_err);
+ break;
+
+ default:
+ error_setg(&local_err, "Unsupported block format %d", format);
+ break;
+ }
+
+ if (local_err) {
+ error_propagate(errp, local_err);
+ opts_visitor_cleanup(ov);
+ qapi_free_QCryptoBlockCreateOptions(ret);
+ return NULL;
+ }
+
+ opts_visitor_cleanup(ov);
+ return ret;
+}
+
+
+static int block_crypto_open_generic(QCryptoBlockFormat format,
+ QemuOptsList *opts_spec,
+ BlockDriverState *bs,
+ QDict *options,
+ int flags,
+ Error **errp)
+{
+ BlockCrypto *crypto = bs->opaque;
+ QemuOpts *opts = NULL;
+ Error *local_err = NULL;
+ int ret = -EINVAL;
+ QCryptoBlockOpenOptions *open_opts = NULL;
+ unsigned int cflags = 0;
+
+ opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
+ qemu_opts_absorb_qdict(opts, options, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ goto cleanup;
+ }
+
+ open_opts = block_crypto_open_opts_init(format, opts, errp);
+ if (!open_opts) {
+ goto cleanup;
+ }
+
+ if (flags & BDRV_O_NO_IO) {
+ cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
+ }
+ crypto->block = qcrypto_block_open(open_opts,
+ block_crypto_read_func,
+ bs,
+ cflags,
+ errp);
+
+ if (!crypto->block) {
+ ret = -EIO;
+ goto cleanup;
+ }
+
+ bs->encrypted = 1;
+ bs->valid_key = 1;
+
+ qemu_co_mutex_init(&crypto->lock);
+
+ ret = 0;
+ cleanup:
+ qapi_free_QCryptoBlockOpenOptions(open_opts);
+ return ret;
+}
+
+
+static int block_crypto_create_generic(QCryptoBlockFormat format,
+ const char *filename,
+ QemuOpts *opts,
+ Error **errp)
+{
+ int ret = -EINVAL;
+ QCryptoBlockCreateOptions *create_opts = NULL;
+ BlockDriverState *bs = NULL;
+ QCryptoBlock *crypto = NULL;
+ uint64_t size = 0;
+
+ size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
+ BDRV_SECTOR_SIZE);
+
+ create_opts = block_crypto_create_opts_init(format, opts, errp);
+ if (!create_opts) {
+ return -1;
+ }
+
+ /* XXX Should we treat size as being total physical size
+ * of the image (ie payload + encryption header), or just
+ * the logical size of the image (ie payload). If the latter
+ * then we need to extend 'size' to include the header
+ * size */
+ qemu_opt_set_number(opts, BLOCK_OPT_SIZE, size, &error_abort);
+ ret = bdrv_create_file(filename, opts, errp);
+ if (ret < 0) {
+ goto cleanup;
+ }
+
+ ret = bdrv_open(&bs, filename, NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL,
+ errp);
+ if (ret < 0) {
+ goto cleanup;
+ }
+
+ crypto = qcrypto_block_create(create_opts,
+ block_crypto_init_func,
+ block_crypto_write_func,
+ bs,
+ errp);
+
+ if (!crypto) {
+ ret = -EIO;
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ qcrypto_block_free(crypto);
+ bdrv_unref(bs);
+ qapi_free_QCryptoBlockCreateOptions(create_opts);
+ return ret;
+}
+
+static void block_crypto_close(BlockDriverState *bs)
+{
+ BlockCrypto *crypto = bs->opaque;
+ qcrypto_block_free(crypto->block);
+}
+
+
+#define BLOCK_CRYPTO_MAX_SECTORS 32
+
+static coroutine_fn int
+block_crypto_co_readv(BlockDriverState *bs, int64_t sector_num,
+ int remaining_sectors, QEMUIOVector *qiov)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int cur_nr_sectors; /* number of sectors in current iteration */
+ uint64_t bytes_done = 0;
+ uint8_t *cipher_data = NULL;
+ QEMUIOVector hd_qiov;
+ int ret = 0;
+ size_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
+
+ qemu_iovec_init(&hd_qiov, qiov->niov);
+
+ qemu_co_mutex_lock(&crypto->lock);
+
+ while (remaining_sectors) {
+ cur_nr_sectors = remaining_sectors;
+
+ if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
+ cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
+ }
+ cipher_data =
+ qemu_try_blockalign(bs->file->bs, cur_nr_sectors * 512);
+
+ qemu_iovec_reset(&hd_qiov);
+ qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
+
+ qemu_co_mutex_unlock(&crypto->lock);
+ ret = bdrv_co_readv(bs->file->bs,
+ payload_offset + sector_num,
+ cur_nr_sectors, &hd_qiov);
+ qemu_co_mutex_lock(&crypto->lock);
+ if (ret < 0) {
+ goto cleanup;
+ }
+
+ if (qcrypto_block_decrypt(crypto->block,
+ sector_num,
+ cipher_data, cur_nr_sectors * 512,
+ NULL) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ qemu_iovec_from_buf(qiov, bytes_done,
+ cipher_data, cur_nr_sectors * 512);
+
+ remaining_sectors -= cur_nr_sectors;
+ sector_num += cur_nr_sectors;
+ bytes_done += cur_nr_sectors * 512;
+ }
+
+ cleanup:
+ qemu_co_mutex_unlock(&crypto->lock);
+
+ qemu_iovec_destroy(&hd_qiov);
+ qemu_vfree(cipher_data);
+
+ return ret;
+}
+
+
+static coroutine_fn int
+block_crypto_co_writev(BlockDriverState *bs, int64_t sector_num,
+ int remaining_sectors, QEMUIOVector *qiov)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int cur_nr_sectors; /* number of sectors in current iteration */
+ uint64_t bytes_done = 0;
+ uint8_t *cipher_data = NULL;
+ QEMUIOVector hd_qiov;
+ int ret = 0;
+ size_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
+
+ qemu_iovec_init(&hd_qiov, qiov->niov);
+
+ qemu_co_mutex_lock(&crypto->lock);
+
+ while (remaining_sectors) {
+ cur_nr_sectors = remaining_sectors;
+
+ if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
+ cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
+ }
+ cipher_data =
+ qemu_try_blockalign(bs->file->bs, cur_nr_sectors * 512);
+
+ qemu_iovec_to_buf(qiov, bytes_done,
+ cipher_data, cur_nr_sectors * 512);
+
+ if (qcrypto_block_encrypt(crypto->block,
+ sector_num,
+ cipher_data, cur_nr_sectors * 512,
+ NULL) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ qemu_iovec_reset(&hd_qiov);
+ qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
+
+ qemu_co_mutex_unlock(&crypto->lock);
+ ret = bdrv_co_writev(bs->file->bs,
+ payload_offset + sector_num,
+ cur_nr_sectors, &hd_qiov);
+ qemu_co_mutex_lock(&crypto->lock);
+ if (ret < 0) {
+ goto cleanup;
+ }
+
+ remaining_sectors -= cur_nr_sectors;
+ sector_num += cur_nr_sectors;
+ bytes_done += cur_nr_sectors * 512;
+ }
+
+ cleanup:
+ qemu_co_mutex_unlock(&crypto->lock);
+
+ qemu_iovec_destroy(&hd_qiov);
+ qemu_vfree(cipher_data);
+
+ return ret;
+}
+
+
+static int64_t block_crypto_getlength(BlockDriverState *bs)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int64_t len = bdrv_getlength(bs->file->bs);
+
+ ssize_t offset = qcrypto_block_get_payload_offset(crypto->block);
+
+ len -= (offset * 512);
+
+ return len;
+}
+
+#define BLOCK_CRYPTO_DRIVER(name, format) \
+ static int block_crypto_probe_ ## name(const uint8_t *buf, \
+ int buf_size, \
+ const char *filename) { \
+ return block_crypto_probe_generic(format, \
+ buf, buf_size, filename); \
+ } \
+ \
+ static int block_crypto_open_ ## name(BlockDriverState *bs, \
+ QDict *options, \
+ int flags, \
+ Error **errp) \
+ { \
+ return block_crypto_open_generic(format, \
+ &block_crypto_runtime_opts_ ## name, \
+ bs, options, flags, errp); \
+ } \
+ \
+ static int block_crypto_create_ ## name(const char *filename, \
+ QemuOpts *opts, \
+ Error **errp) \
+ { \
+ return block_crypto_create_generic(format, \
+ filename, opts, errp); \
+ } \
+ \
+ BlockDriver bdrv_crypto_ ## name = { \
+ .format_name = #name, \
+ .instance_size = sizeof(BlockCrypto), \
+ .bdrv_probe = block_crypto_probe_ ## name, \
+ .bdrv_open = block_crypto_open_ ## name, \
+ .bdrv_close = block_crypto_close, \
+ .bdrv_create = block_crypto_create_ ## name, \
+ .create_opts = &block_crypto_create_opts_ ## name, \
+ \
+ .bdrv_co_readv = block_crypto_co_readv, \
+ .bdrv_co_writev = block_crypto_co_writev, \
+ .bdrv_getlength = block_crypto_getlength, \
+ }
+
+BLOCK_CRYPTO_DRIVER(luks, Q_CRYPTO_BLOCK_FORMAT_LUKS);
+
+static void block_crypto_init(void)
+{
+ bdrv_register(&bdrv_crypto_luks);
+}
+
+block_init(block_crypto_init);
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 0a915ed..a194658 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1546,7 +1546,7 @@
{ 'enum': 'BlockdevDriver',
'data': [ 'archipelago', 'blkdebug', 'blkverify', 'bochs', 'cloop',
'dmg', 'file', 'ftp', 'ftps', 'host_cdrom', 'host_device',
- 'http', 'https', 'null-aio', 'null-co', 'parallels',
+ 'http', 'https', 'luks', 'null-aio', 'null-co', 'parallels',
'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'tftp', 'vdi', 'vhdx',
'vmdk', 'vpc', 'vvfat' ] }
@@ -1664,6 +1664,21 @@
'data': { 'file': 'BlockdevRef' } }
##
+# @BlockdevOptionsLUKS
+#
+# Driver specific block device options for LUKS.
+#
+# @key-secret: #optional the ID of a QCryptoSecret object providing
+# the decryption key (since 2.6)
+#
+# Since: 2.6
+##
+{ 'struct': 'BlockdevOptionsLUKS',
+ 'base': 'BlockdevOptionsGenericFormat',
+ 'data': { '*key-secret': 'str' } }
+
+
+##
# @BlockdevOptionsGenericCOWFormat
#
# Driver specific block device options for image format that have no option
@@ -2000,6 +2015,7 @@
'http': 'BlockdevOptionsFile',
'https': 'BlockdevOptionsFile',
# TODO iscsi: Wait for structured options
+ 'luks': 'BlockdevOptionsLUKS',
# TODO nbd: Should take InetSocketAddress for 'host'?
# TODO nfs: Wait for structured options
'null-aio': 'BlockdevOptionsNull',
--
2.5.0
next prev parent reply other threads:[~2016-01-20 17:39 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-20 17:38 [Qemu-devel] [PATCH v2 00/17] Support LUKS encryption in block devices Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 01/17] crypto: ensure qcrypto_hash_digest_len is always defined Daniel P. Berrange
2016-01-21 6:12 ` Fam Zheng
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 02/17] crypto: add cryptographic random byte source Daniel P. Berrange
2016-01-21 6:12 ` Fam Zheng
2016-01-21 8:59 ` Daniel P. Berrange
2016-02-04 17:44 ` Eric Blake
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 03/17] crypto: add support for PBKDF2 algorithm Daniel P. Berrange
2016-01-21 6:59 ` Fam Zheng
2016-01-21 10:59 ` Daniel P. Berrange
2016-02-04 22:14 ` Eric Blake
2016-02-05 9:23 ` Daniel P. Berrange
2016-02-05 10:13 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 04/17] crypto: add support for generating initialization vectors Daniel P. Berrange
2016-01-21 7:51 ` Fam Zheng
2016-01-21 11:00 ` Daniel P. Berrange
2016-02-04 22:57 ` Eric Blake
2016-02-05 10:23 ` Daniel P. Berrange
2016-02-05 13:23 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 05/17] crypto: add support for anti-forensic split algorithm Daniel P. Berrange
2016-01-21 8:37 ` Fam Zheng
2016-01-21 11:01 ` Daniel P. Berrange
2016-02-04 23:26 ` Eric Blake
2016-02-05 12:37 ` Daniel P. Berrange
2016-02-05 12:39 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 06/17] crypto: add block encryption framework Daniel P. Berrange
2016-02-05 0:23 ` Eric Blake
2016-02-05 12:43 ` Daniel P. Berrange
2016-02-05 18:48 ` Eric Blake
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 07/17] crypto: implement the LUKS block encryption format Daniel P. Berrange
2016-02-05 17:38 ` Eric Blake
2016-02-08 16:03 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 08/17] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-02-05 19:08 ` Eric Blake
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 09/17] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
2016-02-05 19:52 ` Eric Blake
2016-01-20 17:38 ` Daniel P. Berrange [this message]
2016-01-21 9:12 ` [Qemu-devel] [PATCH v2 10/17] block: add generic full disk encryption driver Fam Zheng
2016-01-21 11:02 ` Daniel P. Berrange
2016-01-21 13:01 ` Fam Zheng
2016-01-21 13:12 ` Daniel P. Berrange
2016-02-05 22:20 ` Eric Blake
2016-02-08 16:28 ` Daniel P. Berrange
2016-02-08 20:23 ` Eric Blake
2016-02-09 9:55 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 11/17] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2016-01-21 9:13 ` Fam Zheng
2016-02-05 23:22 ` Eric Blake
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 12/17] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2016-01-21 9:54 ` Fam Zheng
2016-01-21 10:50 ` Daniel P. Berrange
2016-01-21 13:56 ` Fam Zheng
2016-01-21 14:03 ` Daniel P. Berrange
2016-02-08 18:12 ` Eric Blake
2016-02-09 12:32 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 13/17] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-08 20:30 ` Eric Blake
2016-02-09 12:33 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 14/17] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-08 20:57 ` Eric Blake
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 15/17] block: rip out all traces of password prompting Daniel P. Berrange
2016-01-21 13:02 ` Fam Zheng
2016-01-21 13:11 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 16/17] block: remove all encryption handling APIs Daniel P. Berrange
2016-02-08 21:23 ` Eric Blake
2016-02-09 12:34 ` Daniel P. Berrange
2016-01-20 17:38 ` [Qemu-devel] [PATCH v2 17/17] block: remove support for legecy AES qcow/qcow2 encryption Daniel P. Berrange
2016-02-08 21:26 ` Eric Blake
2016-02-09 12:35 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453311539-1193-11-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).