From: Markus Armbruster <armbru@redhat.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: "Kevin Wolf" <kwolf@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org,
"Max Reitz" <mreitz@redhat.com>, "John Snow" <jsnow@redhat.com>
Subject: Re: [PATCH 02/13] qcrypto-luks: implement encryption key management
Date: Tue, 21 Jan 2020 08:54:51 +0100 [thread overview]
Message-ID: <87r1zti6r8.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20200114193350.10830-3-mlevitsk@redhat.com> (Maxim Levitsky's message of "Tue, 14 Jan 2020 21:33:39 +0200")
Reviewing just the QAPI schema.
Maxim Levitsky <mlevitsk@redhat.com> writes:
> Next few patches will expose that functionality
> to the user.
>
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
> crypto/block-luks.c | 374 +++++++++++++++++++++++++++++++++++++++++++-
> qapi/crypto.json | 50 +++++-
> 2 files changed, 421 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index 4861db810c..349e95fed3 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> @@ -32,6 +32,7 @@
> #include "qemu/uuid.h"
>
> #include "qemu/coroutine.h"
> +#include "qemu/bitmap.h"
>
> /*
> * Reference for the LUKS format implemented here is
> @@ -70,6 +71,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot;
>
> #define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
>
> +#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000
> +#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
> +
> static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
> 'L', 'U', 'K', 'S', 0xBA, 0xBE
> };
> @@ -219,6 +223,9 @@ struct QCryptoBlockLUKS {
>
> /* Hash algorithm used in pbkdf2 function */
> QCryptoHashAlgorithm hash_alg;
> +
> + /* Name of the secret that was used to open the image */
> + char *secret;
> };
>
>
> @@ -1069,6 +1076,112 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
> return -1;
> }
>
> +/*
> + * Returns true if a slot i is marked as active
> + * (contains encrypted copy of the master key)
> + */
> +static bool
> +qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
> + unsigned int slot_idx)
> +{
> + uint32_t val = luks->header.key_slots[slot_idx].active;
> + return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
> +}
> +
> +/*
> + * Returns the number of slots that are marked as active
> + * (slots that contain encrypted copy of the master key)
> + */
> +static unsigned int
> +qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks)
> +{
> + size_t i = 0;
> + unsigned int ret = 0;
> +
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (qcrypto_block_luks_slot_active(luks, i)) {
> + ret++;
> + }
> + }
> + return ret;
> +}
> +
> +/*
> + * Finds first key slot which is not active
> + * Returns the key slot index, or -1 if it doesn't exist
> + */
> +static int
> +qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks)
> +{
> + size_t i;
> +
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (!qcrypto_block_luks_slot_active(luks, i)) {
> + return i;
> + }
> + }
> + return -1;
> +
> +}
> +
> +/*
> + * Erases an keyslot given its index
> + * Returns:
> + * 0 if the keyslot was erased successfully
> + * -1 if a error occurred while erasing the keyslot
> + *
> + */
> +static int
> +qcrypto_block_luks_erase_key(QCryptoBlock *block,
> + unsigned int slot_idx,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
> + g_autofree uint8_t *garbagesplitkey = NULL;
> + size_t splitkeylen = luks->header.master_key_len * slot->stripes;
> + size_t i;
> +
> + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> + assert(splitkeylen > 0);
> +
> + garbagesplitkey = g_new0(uint8_t, splitkeylen);
> +
> + /* Reset the key slot header */
> + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
> + slot->iterations = 0;
> + slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
> +
> + qcrypto_block_luks_store_header(block, writefunc, opaque, errp);
> +
> + /*
> + * Now try to erase the key material, even if the header
> + * update failed
> + */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS; i++) {
> + if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) {
> + /*
> + * If we failed to get the random data, still write
> + * at least zeros to the key slot at least once
> + */
> + if (i > 0) {
> + return -1;
> + }
> + }
> +
> + if (writefunc(block,
> + slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
> + garbagesplitkey,
> + splitkeylen,
> + opaque,
> + errp) != splitkeylen) {
> + return -1;
> + }
> + }
> + return 0;
> +}
>
> static int
> qcrypto_block_luks_open(QCryptoBlock *block,
> @@ -1099,6 +1212,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
>
> luks = g_new0(QCryptoBlockLUKS, 1);
> block->opaque = luks;
> + luks->secret = g_strdup(options->u.luks.key_secret);
>
> if (qcrypto_block_luks_load_header(block, readfunc, opaque, errp) < 0) {
> goto fail;
> @@ -1164,6 +1278,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
> fail:
> qcrypto_block_free_cipher(block);
> qcrypto_ivgen_free(block->ivgen);
> + g_free(luks->secret);
> g_free(luks);
> return -1;
> }
> @@ -1204,7 +1319,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
>
> memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
> if (!luks_opts.has_iter_time) {
> - luks_opts.iter_time = 2000;
> + luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
> }
> if (!luks_opts.has_cipher_alg) {
> luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
> @@ -1244,6 +1359,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
> optprefix ? optprefix : "");
> goto error;
> }
> + luks->secret = g_strdup(options->u.luks.key_secret);
> +
> password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
> if (!password) {
> goto error;
> @@ -1471,10 +1588,260 @@ qcrypto_block_luks_create(QCryptoBlock *block,
> qcrypto_block_free_cipher(block);
> qcrypto_ivgen_free(block->ivgen);
>
> + g_free(luks->secret);
> g_free(luks);
> return -1;
> }
>
> +/*
> + * Given LUKSKeyslotUpdate command, return @slots_bitmap with all slots
> + * that will be updated with new password (or erased)
> + * returns number of affected slots
> + */
> +static int qcrypto_block_luks_get_slots_bitmap(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + void *opaque,
> + const LUKSKeyslotUpdate *command,
> + unsigned long *slots_bitmap,
> + Error **errp)
> +{
> + const QCryptoBlockLUKS *luks = block->opaque;
> + size_t i;
> + int ret = 0;
> +
> + if (command->has_keyslot) {
> + /* keyslot set, select only this keyslot */
> + int keyslot = command->keyslot;
> +
> + if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
> + error_setg(errp,
> + "Invalid slot %u specified, must be between 0 and %u",
> + keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1);
> + goto error;
> + }
> + bitmap_set(slots_bitmap, keyslot, 1);
> + ret++;
> +
> + } else if (command->has_old_secret) {
> + /* initially select all active keyslots */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (qcrypto_block_luks_slot_active(luks, i)) {
> + bitmap_set(slots_bitmap, i, 1);
> + ret++;
> + }
> + }
> + } else {
> + /* find a free keyslot */
> + int slot = qcrypto_block_luks_find_free_keyslot(luks);
> +
> + if (slot == -1) {
> + error_setg(errp,
> + "Can't add a keyslot - all key slots are in use");
> + goto error;
> + }
> + bitmap_set(slots_bitmap, slot, 1);
> + ret++;
> + }
> +
> + if (command->has_old_secret) {
> + /* now deselect all keyslots that don't contain the password */
> + g_autofree uint8_t *tmpkey = g_new0(uint8_t,
> + luks->header.master_key_len);
> +
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + g_autofree char *old_password = NULL;
> + int rv;
> +
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> +
> + old_password = qcrypto_secret_lookup_as_utf8(command->old_secret,
> + errp);
> + if (!old_password) {
> + goto error;
> + }
> +
> + rv = qcrypto_block_luks_load_key(block,
> + i,
> + old_password,
> + tmpkey,
> + readfunc,
> + opaque,
> + errp);
> + if (rv == -1)
> + goto error;
> + else if (rv == 0) {
> + bitmap_clear(slots_bitmap, i, 1);
> + ret--;
> + }
> + }
> + }
> + return ret;
> +error:
> + return -1;
> +}
> +
> +/*
> + * Apply a single keyslot update command as described in @command
> + * Optionally use @unlock_secret to retrieve the master key
> + */
> +static int
> +qcrypto_block_luks_apply_keyslot_update(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + LUKSKeyslotUpdate *command,
> + const char *unlock_secret,
> + uint8_t **master_key,
> + bool force,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + g_autofree unsigned long *slots_bitmap = NULL;
> + int64_t iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
> + int slot_count;
> + size_t i;
> + char *new_password;
> + bool erasing;
> +
> + slots_bitmap = bitmap_new(QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> + slot_count = qcrypto_block_luks_get_slots_bitmap(block, readfunc, opaque,
> + command, slots_bitmap,
> + errp);
> + if (slot_count == -1) {
> + goto error;
> + }
> + /* no matching slots, so nothing to do */
> + if (slot_count == 0) {
> + error_setg(errp, "Requested operation didn't match any slots");
> + goto error;
> + }
> + /*
> + * slot is erased when the password is set to null, or empty string
> + * (for compatibility with command line)
> + */
> + erasing = command->new_secret->type == QTYPE_QNULL ||
> + strlen(command->new_secret->u.s) == 0;
> +
> + /* safety checks */
> + if (!force) {
> + if (erasing) {
> + if (slot_count == qcrypto_block_luks_count_active_slots(luks)) {
> + error_setg(errp,
> + "Requested operation will erase all active keyslots"
> + " which will erase all the data in the image"
> + " irreversibly - refusing operation");
> + goto error;
> + }
> + } else {
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> + if (qcrypto_block_luks_slot_active(luks, i)) {
> + error_setg(errp,
> + "Refusing to overwrite active slot %zu - "
> + "please erase it first", i);
> + goto error;
> + }
> + }
> + }
> + }
> +
> + /* setup the data needed for storing the new keyslot */
> + if (!erasing) {
> + /* Load the master key if it wasn't already loaded */
> + if (!*master_key) {
> + g_autofree char *old_password;
> + old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp);
> + if (!old_password) {
> + goto error;
> + }
> + *master_key = g_new0(uint8_t, luks->header.master_key_len);
> +
> + if (qcrypto_block_luks_find_key(block, old_password, *master_key,
> + readfunc, opaque, errp) < 0) {
> + error_append_hint(errp, "Failed to retrieve the master key");
> + goto error;
> + }
> + }
> + new_password = qcrypto_secret_lookup_as_utf8(command->new_secret->u.s,
> + errp);
> + if (!new_password) {
> + goto error;
> + }
> + if (command->has_iter_time) {
> + iter_time = command->iter_time;
> + }
> + }
> +
> + /* new apply the update */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> + if (erasing) {
> + if (qcrypto_block_luks_erase_key(block, i,
> + writefunc,
> + opaque,
> + errp)) {
> + error_append_hint(errp, "Failed to erase keyslot %zu", i);
> + goto error;
> + }
> + } else {
> + if (qcrypto_block_luks_store_key(block, i,
> + new_password,
> + *master_key,
> + iter_time,
> + writefunc,
> + opaque,
> + errp)) {
> + error_append_hint(errp, "Failed to write to keyslot %zu", i);
> + goto error;
> + }
> + }
> + }
> + return 0;
> +error:
> + return -EINVAL;
> +}
> +
> +static int
> +qcrypto_block_luks_amend_options(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + QCryptoBlockAmendOptions *options,
> + bool force,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + QCryptoBlockAmendOptionsLUKS *options_luks = &options->u.luks;
> + LUKSKeyslotUpdateList *ptr;
> + g_autofree uint8_t *master_key = NULL;
> + int ret;
> +
> + char *unlock_secret = options_luks->has_unlock_secret ?
> + options_luks->unlock_secret :
> + luks->secret;
> +
> + for (ptr = options_luks->keys; ptr; ptr = ptr->next) {
> + ret = qcrypto_block_luks_apply_keyslot_update(block, readfunc,
> + writefunc, opaque,
> + ptr->value,
> + unlock_secret,
> + &master_key,
> + force, errp);
> +
> + if (ret != 0) {
> + goto error;
> + }
> + }
> + return 0;
> +error:
> + return -1;
> +}
>
> static int qcrypto_block_luks_get_info(QCryptoBlock *block,
> QCryptoBlockInfo *info,
> @@ -1523,7 +1890,9 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
>
> static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
> {
> - g_free(block->opaque);
> + QCryptoBlockLUKS *luks = block->opaque;
> + g_free(luks->secret);
> + g_free(luks);
> }
>
>
> @@ -1560,6 +1929,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
> const QCryptoBlockDriver qcrypto_block_driver_luks = {
> .open = qcrypto_block_luks_open,
> .create = qcrypto_block_luks_create,
> + .amend = qcrypto_block_luks_amend_options,
> .get_info = qcrypto_block_luks_get_info,
> .cleanup = qcrypto_block_luks_cleanup,
> .decrypt = qcrypto_block_luks_decrypt,
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 9faebd03d4..e83847c71e 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -1,6 +1,8 @@
> # -*- Mode: Python -*-
> #
>
> +{ 'include': 'common.json' }
> +
> ##
> # = Cryptography
> ##
> @@ -310,6 +312,52 @@
> 'discriminator': 'format',
> 'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
>
> +##
> +# @LUKSKeyslotUpdate:
> +#
> +# @keyslot: If specified, will update only keyslot with this index
> +#
> +# @old-secret: If specified, will only update keyslots that
> +# can be opened with password which is contained in
> +# QCryptoSecret with @old-secret ID
> +#
> +# If neither @keyslot nor @old-secret is specified,
> +# first empty keyslot is selected for the update
> +#
> +# @new-secret: The ID of a QCryptoSecret object providing a new decryption
> +# key to place in all matching keyslots.
> +# null/empty string erases all matching keyslots
I hate making the empty string do something completely different than a
non-empty string.
What about making @new-secret optional, and have absent @new-secret
erase?
> +# unless
> +# last valid keyslot is erased.
Leaves me to wonder what happens when I try. If I read your code
correctly, it's an error. Suggest "You cannot erase the last valid
keyslot".
Not documented here: "Refusing to overwrite active slot".
> +#
> +# @iter-time: number of milliseconds to spend in
> +# PBKDF passphrase processing
Default?
> +# Since: 5.0
> +##
> +{ 'struct': 'LUKSKeyslotUpdate',
> + 'data': {
> + '*keyslot': 'int',
> + '*old-secret': 'str',
> + 'new-secret' : 'StrOrNull',
> + '*iter-time' : 'int' } }
> +
> +
> +##
> +# @QCryptoBlockAmendOptionsLUKS:
> +#
> +# The options that can be changed on existing luks encrypted device
> +# @keys: list of keyslot updates to perform
> +# (updates are performed in order)
> +# @unlock-secret: use this secret to retrieve the current master key
> +# if not given will use the same secret as one
"as the one"?
> +# that was used to open the image
> +#
> +# Since: 5.0
> +##
> +{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
> + 'data' : {
> + 'keys': ['LUKSKeyslotUpdate'],
> + '*unlock-secret' : 'str' } }
> +
>
>
> ##
> @@ -324,4 +372,4 @@
> 'base': 'QCryptoBlockOptionsBase',
> 'discriminator': 'format',
> 'data': {
> - } }
> + 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
next prev parent reply other threads:[~2020-01-21 7:55 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-14 19:33 [PATCH 00/13] LUKS: encryption slot management using amend interface Maxim Levitsky
2020-01-14 19:33 ` [PATCH 01/13] qcrypto: add generic infrastructure for crypto options amendment Maxim Levitsky
2020-01-28 16:59 ` Daniel P. Berrangé
2020-01-29 17:49 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 02/13] qcrypto-luks: implement encryption key management Maxim Levitsky
2020-01-21 7:54 ` Markus Armbruster [this message]
2020-01-21 13:13 ` Maxim Levitsky
2020-01-28 17:11 ` Daniel P. Berrangé
2020-01-28 17:32 ` Daniel P. Berrangé
2020-01-29 17:54 ` Maxim Levitsky
2020-01-30 12:38 ` Kevin Wolf
2020-01-30 12:53 ` Daniel P. Berrangé
2020-01-30 14:23 ` Kevin Wolf
2020-01-30 14:30 ` Daniel P. Berrangé
2020-01-30 14:53 ` Markus Armbruster
2020-01-30 14:47 ` Markus Armbruster
2020-01-30 15:01 ` Daniel P. Berrangé
2020-01-30 16:37 ` Markus Armbruster
2020-02-05 8:24 ` Markus Armbruster
2020-02-05 9:30 ` Kevin Wolf
2020-02-05 10:03 ` Markus Armbruster
2020-02-05 11:02 ` Kevin Wolf
2020-02-05 14:31 ` Markus Armbruster
2020-02-06 13:44 ` Markus Armbruster
2020-02-06 13:49 ` Daniel P. Berrangé
2020-02-06 14:20 ` Max Reitz
2020-02-05 10:23 ` Daniel P. Berrangé
2020-02-05 14:31 ` Markus Armbruster
2020-02-06 13:20 ` Markus Armbruster
2020-02-06 13:36 ` Daniel P. Berrangé
2020-02-06 14:25 ` Kevin Wolf
2020-02-06 15:19 ` Markus Armbruster
2020-02-06 15:23 ` Maxim Levitsky
2020-01-30 15:45 ` Maxim Levitsky
2020-01-28 17:21 ` Daniel P. Berrangé
2020-01-30 12:58 ` Maxim Levitsky
2020-02-15 14:51 ` QAPI schema for desired state of LUKS keyslots (was: [PATCH 02/13] qcrypto-luks: implement encryption key management) Markus Armbruster
2020-02-16 8:05 ` Maxim Levitsky
2020-02-17 6:45 ` QAPI schema for desired state of LUKS keyslots Markus Armbruster
2020-02-17 8:19 ` Maxim Levitsky
2020-02-17 10:37 ` QAPI schema for desired state of LUKS keyslots (was: [PATCH 02/13] qcrypto-luks: implement encryption key management) Kevin Wolf
2020-02-17 11:07 ` Maxim Levitsky
2020-02-24 14:46 ` Daniel P. Berrangé
2020-02-24 14:50 ` Maxim Levitsky
2020-02-17 12:28 ` QAPI schema for desired state of LUKS keyslots Markus Armbruster
2020-02-17 12:44 ` Eric Blake
2020-02-24 14:43 ` Daniel P. Berrangé
2020-02-24 14:45 ` QAPI schema for desired state of LUKS keyslots (was: [PATCH 02/13] qcrypto-luks: implement encryption key management) Daniel P. Berrangé
2020-02-25 12:15 ` Max Reitz
2020-02-25 16:48 ` QAPI schema for desired state of LUKS keyslots Markus Armbruster
2020-02-25 17:00 ` Max Reitz
2020-02-26 7:28 ` Markus Armbruster
2020-02-26 9:18 ` Maxim Levitsky
2020-02-25 17:18 ` Daniel P. Berrangé
2020-03-03 9:18 ` QAPI schema for desired state of LUKS keyslots (was: [PATCH 02/13] qcrypto-luks: implement encryption key management) Maxim Levitsky
2020-03-05 12:15 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 03/13] block: amend: add 'force' option Maxim Levitsky
2020-01-14 19:33 ` [PATCH 04/13] block: amend: separate amend and create options for qemu-img Maxim Levitsky
2020-01-28 17:23 ` Daniel P. Berrangé
2020-01-30 15:54 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 05/13] block/crypto: rename two functions Maxim Levitsky
2020-01-14 19:33 ` [PATCH 06/13] block/crypto: implement the encryption key management Maxim Levitsky
2020-01-28 17:27 ` Daniel P. Berrangé
2020-01-30 16:08 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 07/13] qcow2: extend qemu-img amend interface with crypto options Maxim Levitsky
2020-01-28 17:30 ` Daniel P. Berrangé
2020-01-30 16:09 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 08/13] iotests: filter few more luks specific create options Maxim Levitsky
2020-01-28 17:36 ` Daniel P. Berrangé
2020-01-30 16:12 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 09/13] qemu-iotests: qemu-img tests for luks key management Maxim Levitsky
2020-01-14 19:33 ` [PATCH 10/13] block: add generic infrastructure for x-blockdev-amend qmp command Maxim Levitsky
2020-01-21 7:59 ` Markus Armbruster
2020-01-21 13:58 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 11/13] block/crypto: implement blockdev-amend Maxim Levitsky
2020-01-28 17:40 ` Daniel P. Berrangé
2020-01-30 16:24 ` Maxim Levitsky
2020-01-14 19:33 ` [PATCH 12/13] block/qcow2: " Maxim Levitsky
2020-01-28 17:41 ` Daniel P. Berrangé
2020-01-14 19:33 ` [PATCH 13/13] iotests: add tests for blockdev-amend Maxim Levitsky
2020-01-14 21:16 ` [PATCH 00/13] LUKS: encryption slot management using amend interface no-reply
2020-01-16 14:01 ` Maxim Levitsky
2020-01-14 21:17 ` no-reply
2020-01-16 14:19 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1zti6r8.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).