[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 4/7] block: Support detached LUKS header creation using bl
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [PATCH v4 4/7] block: Support detached LUKS header creation using blockdev-create |
|
Date: |
Wed, 31 Jan 2024 11:49:01 +0000 |
|
User-agent: |
Mutt/2.2.12 (2023-09-09) |
On Tue, Jan 30, 2024 at 01:37:22PM +0800, yong.huang@smartx.com wrote:
> From: Hyman Huang <yong.huang@smartx.com>
>
> Firstly, enable the ability to choose the block device containing
> a detachable LUKS header by adding the 'header' parameter to
> BlockdevCreateOptionsLUKS.
>
> Secondly, when formatting the LUKS volume with a detachable header,
> truncate the payload volume to length without a header size.
>
> Using the qmp blockdev command, create the LUKS volume with a
> detachable header as follows:
>
> 1. add the secret to lock/unlock the cipher stored in the
> detached LUKS header
> $ virsh qemu-monitor-command vm '{"execute":"object-add",
> > "arguments":{"qom-type": "secret", "id": "sec0", "data": "foo"}}'
>
> 2. create a header img with 0 size
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-create",
> > "arguments":{"job-id":"job0", "options":{"driver":"file",
> > "filename":"/path/to/detached_luks_header.img", "size":0 }}}'
>
> 3. add protocol blockdev node for header
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-add",
> > "arguments": {"driver":"file", "filename":
> > "/path/to/detached_luks_header.img", "node-name":
> > "detached-luks-header-storage"}}'
>
> 4. create a payload img with 0 size
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-create",
> > "arguments":{"job-id":"job1", "options":{"driver":"file",
> > "filename":"/path/to/detached_luks_payload_raw.img", "size":0}}}'
>
> 5. add protocol blockdev node for payload
> $ virsh qemu-monitor-command vm '{"execute":"blockdev-add",
> > "arguments": {"driver":"file", "filename":
> > "/path/to/detached_luks_payload_raw.img", "node-name":
> > "luks-payload-raw-storage"}}'
>
> 6. do the formatting with 128M size
> $ virsh qemu-monitor-command c81_node1 '{"execute":"blockdev-create",
> > "arguments":{"job-id":"job2", "options":{"driver":"luks", "header":
> > "detached-luks-header-storage", "file":"luks-payload-raw-storage",
> > "size":134217728, "preallocation":"full", "key-secret":"sec0" }}}'
>
> Signed-off-by: Hyman Huang <yong.huang@smartx.com>
> ---
> block/crypto.c | 101 +++++++++++++++++++++++++++++++++++++++----
> qapi/block-core.json | 3 ++
> 2 files changed, 96 insertions(+), 8 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [PATCH v4 0/7] Support generic Luks encryption, yong . huang, 2024/01/30
- [PATCH v4 1/7] crypto: Support LUKS volume with detached header, yong . huang, 2024/01/30
- [PATCH v4 2/7] qapi: Make parameter 'file' optional for BlockdevCreateOptionsLUKS, yong . huang, 2024/01/30
- [PATCH v4 3/7] crypto: Modify the qcrypto_block_create to support creation flags, yong . huang, 2024/01/30
- [PATCH v4 4/7] block: Support detached LUKS header creation using blockdev-create, yong . huang, 2024/01/30
- Re: [PATCH v4 4/7] block: Support detached LUKS header creation using blockdev-create,
Daniel P . Berrangé <=
- [PATCH v4 5/7] block: Support detached LUKS header creation using qemu-img, yong . huang, 2024/01/30
- [PATCH v4 6/7] crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS, yong . huang, 2024/01/30
- [PATCH v4 7/7] tests: Add case for LUKS volume with detached header, yong . huang, 2024/01/30