QEMU With E2K User Support
4652b8f3e1
This adds support for using LUKS as an encryption format
with the qcow2 file, using the new encrypt.format parameter
to request "luks" format. e.g.
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 \
test.qcow2 10G
The legacy "encryption=on" parameter still results in
creation of the old qcow2 AES format (and is equivalent
to the new 'encryption-format=aes'). e.g. the following are
equivalent:
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encryption=on,encrypt.key-secret=sec0 \
test.qcow2 10G
# qemu-img create --object secret,data=123456,id=sec0 \
-f qcow2 -o encryption-format=aes,encrypt.key-secret=sec0 \
test.qcow2 10G
With the LUKS format it is necessary to store the LUKS
partition header and key material in the QCow2 file. This
data can be many MB in size, so cannot go into the QCow2
header region directly. Thus the spec defines a FDE
(Full Disk Encryption) header extension that specifies
the offset of a set of clusters to hold the FDE headers,
as well as the length of that region. The LUKS header is
thus stored in these extra allocated clusters before the
main image payload.
Aside from all the cryptographic differences implied by
use of the LUKS format, there is one further key difference
between the use of legacy AES and LUKS encryption in qcow2.
For LUKS, the initialiazation vectors are generated using
the host physical sector as the input, rather than the
guest virtual sector. This guarantees unique initialization
vectors for all sectors when qcow2 internal snapshots are
used, thus giving stronger protection against watermarking
attacks.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170623162419.26068-14-berrange@redhat.com
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||
|---|---|---|
| accel | ||
| audio | ||
| backends | ||
| block | ||
| bsd-user | ||
| chardev | ||
| contrib | ||
| crypto | ||
| default-configs | ||
| disas | ||
| docs | ||
| dtc@558cd81bdd | ||
| fpu | ||
| fsdev | ||
| gdb-xml | ||
| hw | ||
| include | ||
| io | ||
| libdecnumber | ||
| linux-headers | ||
| linux-user | ||
| migration | ||
| nbd | ||
| net | ||
| pc-bios | ||
| pixman@87eea99e44 | ||
| po | ||
| qapi | ||
| qga | ||
| qobject | ||
| qom | ||
| replay | ||
| roms | ||
| scripts | ||
| slirp | ||
| stubs | ||
| target | ||
| tcg | ||
| tests | ||
| trace | ||
| ui | ||
| util | ||
| .dir-locals.el | ||
| .exrc | ||
| .gdbinit | ||
| .gitignore | ||
| .gitmodules | ||
| .mailmap | ||
| .shippable.yml | ||
| .travis.yml | ||
| arch_init.c | ||
| atomic_template.h | ||
| balloon.c | ||
| block.c | ||
| blockdev-nbd.c | ||
| blockdev.c | ||
| blockjob.c | ||
| bootdevice.c | ||
| bt-host.c | ||
| bt-vhci.c | ||
| Changelog | ||
| CODING_STYLE | ||
| configure | ||
| COPYING | ||
| COPYING.LIB | ||
| cpus-common.c | ||
| cpus.c | ||
| device_tree.c | ||
| device-hotplug.c | ||
| disas.c | ||
| dma-helpers.c | ||
| dump.c | ||
| exec.c | ||
| gdbstub.c | ||
| HACKING | ||
| hax-stub.c | ||
| hmp-commands-info.hx | ||
| hmp-commands.hx | ||
| hmp.c | ||
| hmp.h | ||
| ioport.c | ||
| iothread.c | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| Makefile.objs | ||
| Makefile.target | ||
| memory_ldst.inc.c | ||
| memory_mapping.c | ||
| memory.c | ||
| module-common.c | ||
| monitor.c | ||
| numa.c | ||
| os-posix.c | ||
| os-win32.c | ||
| qapi-schema.json | ||
| qdev-monitor.c | ||
| qdict-test-data.txt | ||
| qemu-bridge-helper.c | ||
| qemu-doc.texi | ||
| qemu-ga.texi | ||
| qemu-img-cmds.hx | ||
| qemu-img.c | ||
| qemu-img.texi | ||
| qemu-io-cmds.c | ||
| qemu-io.c | ||
| qemu-nbd.c | ||
| qemu-nbd.texi | ||
| qemu-option-trace.texi | ||
| qemu-options-wrapper.h | ||
| qemu-options.h | ||
| qemu-options.hx | ||
| qemu-seccomp.c | ||
| qemu-tech.texi | ||
| qemu.nsi | ||
| qemu.sasl | ||
| qmp.c | ||
| qtest.c | ||
| README | ||
| replication.c | ||
| replication.h | ||
| rules.mak | ||
| softmmu_template.h | ||
| thunk.c | ||
| tpm.c | ||
| trace-events | ||
| user-exec-stub.c | ||
| user-exec.c | ||
| VERSION | ||
| version.rc | ||
| vl.c | ||
QEMU README
===========
QEMU is a generic and open source machine & userspace emulator and
virtualizer.
QEMU is capable of emulating a complete machine in software without any
need for hardware virtualization support. By using dynamic translation,
it achieves very good performance. QEMU can also integrate with the Xen
and KVM hypervisors to provide emulated hardware while allowing the
hypervisor to manage the CPU. With hypervisor support, QEMU can achieve
near native performance for CPUs. When QEMU emulates CPUs directly it is
capable of running operating systems made for one machine (e.g. an ARMv7
board) on a different machine (e.g. an x86_64 PC board).
QEMU is also capable of providing userspace API virtualization for Linux
and BSD kernel interfaces. This allows binaries compiled against one
architecture ABI (e.g. the Linux PPC64 ABI) to be run on a host using a
different architecture ABI (e.g. the Linux x86_64 ABI). This does not
involve any hardware emulation, simply CPU and syscall emulation.
QEMU aims to fit into a variety of use cases. It can be invoked directly
by users wishing to have full control over its behaviour and settings.
It also aims to facilitate integration into higher level management
layers, by providing a stable command line interface and monitor API.
It is commonly invoked indirectly via the libvirt library when using
open source applications such as oVirt, OpenStack and virt-manager.
QEMU as a whole is released under the GNU General Public License,
version 2. For full licensing details, consult the LICENSE file.
Building
========
QEMU is multi-platform software intended to be buildable on all modern
Linux platforms, OS-X, Win32 (via the Mingw64 toolchain) and a variety
of other UNIX targets. The simple steps to build QEMU are:
mkdir build
cd build
../configure
make
Additional information can also be found online via the QEMU website:
http://qemu-project.org/Hosts/Linux
http://qemu-project.org/Hosts/Mac
http://qemu-project.org/Hosts/W32
Submitting patches
==================
The QEMU source code is maintained under the GIT version control system.
git clone git://git.qemu-project.org/qemu.git
When submitting patches, the preferred approach is to use 'git
format-patch' and/or 'git send-email' to format & send the mail to the
qemu-devel@nongnu.org mailing list. All patches submitted must contain
a 'Signed-off-by' line from the author. Patches should follow the
guidelines set out in the HACKING and CODING_STYLE files.
Additional information on submitting patches can be found online via
the QEMU website
http://qemu-project.org/Contribute/SubmitAPatch
http://qemu-project.org/Contribute/TrivialPatches
Bug reporting
=============
The QEMU project uses Launchpad as its primary upstream bug tracker. Bugs
found when running code built from QEMU git or upstream released sources
should be reported via:
https://bugs.launchpad.net/qemu/
If using QEMU via an operating system vendor pre-built binary package, it
is preferable to report bugs to the vendor's own bug tracker first. If
the bug is also known to affect latest upstream code, it can also be
reported via launchpad.
For additional information on bug reporting consult:
http://qemu-project.org/Contribute/ReportABug
Contact
=======
The QEMU community can be contacted in a number of ways, with the two
main methods being email and IRC
- qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
- #qemu on irc.oftc.net
Information on additional methods of contacting the community can be
found online via the QEMU website:
http://qemu-project.org/Contribute/StartHere
-- End