[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH RFC 0/2] Limit support for encrypted images to q
Re: [Qemu-block] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img
Thu, 12 Mar 2015 17:58:23 +0100
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
On 10/03/2015 19:13, Daniel P. Berrange wrote:
> FWIW, I could see an improved interaction scheme working as follows
> First, introduce a new monitor command for setting named passwords,
> add_key mykey1 SECRETDATA
Or reuse object_add:
> Now, extend the blockdev_add so that you can provide key names
> by adding
> 'keyname': 'mykey1'
> as a parameter in the json args.
You can also add a command line option:
> For cold plug, have a command line arg '--add-keys prompt' to
> indicate the user should be prompted on TTY to enter keys,
This can even be the default if you have a human monitor open.
(Downside: the default human monitor, accessible with Ctrl-Alt-2, is not
easily discovered; same for Ctrl-A c for -nographic).
> For managed usage we could allow
> '--add-keys fd=FDNUM' and just read keys from the file descriptor.
For managed usage, options can also be passed via -readconfig like
Re: [Qemu-block] [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img, Daniel P. Berrange, 2015/03/10
Re: [Qemu-block] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img,
Paolo Bonzini <=
- Re: [Qemu-block] [Qemu-devel] [PATCH RFC 1/2] block: Limit opening of encrypted images to qemu-img, (continued)