summaryrefslogtreecommitdiffstats
path: root/block
diff options
context:
space:
mode:
authorDaniel P. Berrange2016-03-21 15:11:48 +0100
committerKevin Wolf2016-03-30 12:12:15 +0200
commite6ff69bf5edfb0475903456a8c7f785635986540 (patch)
treef5e6bb34ce7c01439810547a75aac7ce56704fd6 /block
parentblock: add generic full disk encryption driver (diff)
downloadqemu-e6ff69bf5edfb0475903456a8c7f785635986540.tar.gz
qemu-e6ff69bf5edfb0475903456a8c7f785635986540.tar.xz
qemu-e6ff69bf5edfb0475903456a8c7f785635986540.zip
block: move encryption deprecation warning into qcow code
For a couple of releases we have been warning Encrypted images are deprecated Support for them will be removed in a future release. You can use 'qemu-img convert' to convert your image to an unencrypted one. This warning was issued by system emulators, qemu-img, qemu-nbd and qemu-io. Such a broad warning was issued because the original intention was to rip out all the code for dealing with encryption inside the QEMU block layer APIs. The new block encryption framework used for the LUKS driver does not rely on the unloved block layer API for encryption keys, instead using the QOM 'secret' object type. It is thus no longer appropriate to warn about encryption unconditionally. When the qcow/qcow2 drivers are converted to use the new encryption framework too, it will be practical to keep AES-CBC support present for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability with older QEMU versions and liberation of data from existing encrypted qcow2 files. This change moves the warning out of the generic block code and into the qcow/qcow2 drivers. Further, the warning is set to only appear when running the system emulators, since qemu-img, qemu-io, qemu-nbd are expected to support qcow2 encryption long term now that the maint burden has been eliminated. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/qcow.c9
-rw-r--r--block/qcow2.c8
2 files changed, 17 insertions, 0 deletions
diff --git a/block/qcow.c b/block/qcow.c
index 8ea8e5ceef..b6c2e6ec78 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -24,6 +24,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu-common.h"
+#include "qemu/error-report.h"
#include "block/block_int.h"
#include "sysemu/block-backend.h"
#include "qemu/module.h"
@@ -158,6 +159,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
}
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
+ if (bdrv_uses_whitelist() &&
+ s->crypt_method_header == QCOW_CRYPT_AES) {
+ error_report("qcow built-in AES encryption is deprecated");
+ error_printf("Support for it will be removed in a future release.\n"
+ "You can use 'qemu-img convert' to switch to an\n"
+ "unencrypted qcow image, or a LUKS raw image.\n");
+ }
+
bs->encrypted = 1;
}
s->cluster_bits = header.cluster_bits;
diff --git a/block/qcow2.c b/block/qcow2.c
index 642802971c..73c4f6b0ba 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -965,6 +965,14 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
}
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
+ if (bdrv_uses_whitelist() &&
+ s->crypt_method_header == QCOW_CRYPT_AES) {
+ error_report("qcow2 built-in AES encryption is deprecated");
+ error_printf("Support for it will be removed in a future release.\n"
+ "You can use 'qemu-img convert' to switch to an\n"
+ "unencrypted qcow2 image, or a LUKS raw image.\n");
+ }
+
bs->encrypted = 1;
}