diff options
| author | Hyman Huang <yong.huang@smartx.com> | 2024-01-30 13:37:23 +0800 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2024-02-09 12:50:37 +0000 |
| commit | 35286daeca43444aa1a9c7a36ffc499877eb6668 (patch) | |
| tree | 8c203112f360e726951417627460e51c63d10e19 /crypto/block-luks.c | |
| parent | d0112eb415bd1bfae3b61818d9ded936f05f1afb (diff) | |
block: Support detached LUKS header creation using qemu-img
Even though a LUKS header might be created with cryptsetup,
qemu-img should be enhanced to accommodate it as well.
Add the 'detached-header' option to specify the creation of
a detached LUKS header. This is how it is used:
$ qemu-img create --object secret,id=sec0,data=abc123 -f luks
> -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0
> -o detached-header=true header.luks
Using qemu-img or cryptsetup tools to query information of
an LUKS header image as follows:
Assume a detached LUKS header image has been created by:
$ dd if=/dev/zero of=test-header.img bs=1M count=32
$ dd if=/dev/zero of=test-payload.img bs=1M count=1000
$ cryptsetup luksFormat --header test-header.img test-payload.img
> --force-password --type luks1
Header image information could be queried using cryptsetup:
$ cryptsetup luksDump test-header.img
or qemu-img:
$ qemu-img info 'json:{"driver":"luks","file":{"filename":
> "test-payload.img"},"header":{"filename":"test-header.img"}}'
When using qemu-img, keep in mind that the entire disk
information specified by the JSON-format string above must be
supplied on the commandline; if not, an overlay check will reveal
a problem with the LUKS volume check logic.
Signed-off-by: Hyman Huang <yong.huang@smartx.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[changed to pass 'cflags' to block_crypto_co_create_generic]
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto/block-luks.c')
0 files changed, 0 insertions, 0 deletions