On Thu, Oct 07, 2021 at 14:21:19 -0500, Or Ozeri wrote: > This commit extends libvirt XML configuration to support a custom encryption engine. > This means that <encryption format="luks" engine="qemu"> becomes valid. > The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit. > If no engine is specified, qemu will be used (assuming qemu driver is used). > > Signed-off-by: Or Ozeri <oro@xxxxxxxxxx> > --- > docs/formatstorageencryption.html.in | 6 +++++ > docs/schemas/domainbackup.rng | 7 +++++ > docs/schemas/storagecommon.rng | 7 +++++ > src/conf/storage_encryption_conf.c | 27 ++++++++++++++++++- > src/conf/storage_encryption_conf.h | 9 +++++++ > src/qemu/qemu_block.c | 2 ++ > src/qemu/qemu_domain.c | 20 ++++++++++++++ > tests/qemustatusxml2xmldata/upgrade-out.xml | 6 ++--- > tests/qemuxml2argvdata/disk-nvme.xml | 2 +- > .../qemuxml2argvdata/encrypted-disk-usage.xml | 2 +- > tests/qemuxml2argvdata/luks-disks.xml | 4 +-- > tests/qemuxml2argvdata/user-aliases.xml | 2 +- > .../disk-slices.x86_64-latest.xml | 4 +-- > tests/qemuxml2xmloutdata/encrypted-disk.xml | 2 +- > .../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++----- > .../qemuxml2xmloutdata/luks-disks-source.xml | 10 +++---- > 16 files changed, 100 insertions(+), 24 deletions(-) > > diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in > index 7215c307d7..178fcd0d7c 100644 > --- a/docs/formatstorageencryption.html.in > +++ b/docs/formatstorageencryption.html.in > @@ -23,6 +23,12 @@ > content of the <code>encryption</code> tag. Other format values may be > defined in the future. > </p> > + <p> > + The <code>encryption</code> tag supports an optional <code>engine</code> > + tag, which allows selecting which component actually handles > + the encryption. Currently defined values of <code>engine</code> are > + <code>qemu</code>. > + </p> I'll add a note and possibly also a check that this works only in the qemu VM driver, and not in the storage driver as this part of the docs is shared between those two. > <p> > The <code>encryption</code> tag can currently contain a sequence of > <code>secret</code> tags, each with mandatory attributes <code>type</code> > @@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node, > xmlNodePtr *nodes = NULL; > virStorageEncryption *encdef = NULL; > virStorageEncryption *ret = NULL; > + g_autofree char *engine_str = NULL; This is unused. I'll remove it before pushing. > g_autofree char *format_str = NULL; > int n; > size_t i; Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
