> -----Original Message----- > From: Peter Krempa <pkrempa@xxxxxxxxxx> > Sent: Friday, 10 March 2023 11:47 > To: Or Ozeri <ORO@xxxxxxxxxx> > Cc: libvir-list@xxxxxxxxxx; idryomov@xxxxxxxxx; Danny Harnik > <DANNYH@xxxxxxxxxx> > Subject: [EXTERNAL] Re: [PATCH v1 7/7] qemu: add support for librbd layered > encryption > > > @@ -5210,6 +5216,14 @@ > qemuDomainValidateStorageSource(virStorageSource *src, > > _("librbd encryption is supported only with RBD backed > disks")); > > return -1; > > } > > + > > + if (src->encryption->nsecrets > 1) { > > + if (!virQEMUCapsGet(qemuCaps, > QEMU_CAPS_RBD_ENCRYPTION_LAYERING)) { > > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", > > + _("librbd encryption layering is not supported by this > QEMU binary")); > > + return -1; > > + } > > As noted in previous patch you must here validate that also the disk is not an > SD card. > I tried searching the code to understand these questions: 1. How to tell that a disk is an SD card? 2. Why should using multiple secrets be prevented on an SD card disk? And why is a single secret OK? I could not find an answer to question 2. But I count on your expertise so we can ignore this question. The first question however must be answered in order to implement the check you talked about. My guess is the answer is (disk->bus == VIR_DOMAIN_DISK_BUS_SD). Is this correct? But then, you said the check is to be placed inside qemuDomainValidateStorageSource, which has the virStorageSource, but not the parent virDomainDiskDef. Do you suggest to extend the signature of qemuDomainValidateStorageSource with an additional "bool isSdDisk"?