From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60935) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aMBwo-0002Hf-65 for qemu-devel@nongnu.org; Thu, 21 Jan 2016 04:54:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aMBwn-0008WN-BT for qemu-devel@nongnu.org; Thu, 21 Jan 2016 04:54:34 -0500 Date: Thu, 21 Jan 2016 17:54:23 +0800 From: Fam Zheng Message-ID: <20160121095423.GD31470@ad.usersys.redhat.com> References: <1453311539-1193-1-git-send-email-berrange@redhat.com> <1453311539-1193-13-git-send-email-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1453311539-1193-13-git-send-email-berrange@redhat.com> Subject: Re: [Qemu-devel] [PATCH v2 12/17] qcow2: convert QCow2 to use QCryptoBlock for encryption List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Kevin Wolf , qemu-devel@nongnu.org, qemu-block@nongnu.org On Wed, 01/20 17:38, Daniel P. Berrange wrote: > This converts the qcow2 driver to make use of the QCryptoBlock > APIs for encrypting image content. As well as continued support > for the legacy QCow2 encryption format, the appealing benefit > is that it enables support for the LUKS format inside qcow2. FWIW, with today's QEMU, it's possible to stack format drivers on top of each other. In other words, even without this patch, we can make LUKS driver encrypt/decrypt the qcow2 payload, while keeping them completely orthogonal. It's someting like: -------------------- | LUKS | -------------------- | v -------------------- | qcow2 | -------------------- | v -------------------- | file | -------------------- The command line looks like this: -drive driver=luks,file.driver=qcow2,file.file.driver=file,\ file.file.filename=$qcow2_image_whose_payload_is_in_luks_format unfortunately I don't know how to create nested images with qemu-img. I tested the nested qcow2 by attaching the outter image to a VM and running "qemu-img create -f qcow2 /dev/vda" in guest shell. Kevin? Fam