Re: [PATCH RESEND v3 01/10] crypto: Introduce option and structure for detached LUKS header

Thu, 11 Jan 2024 06:36:43 -0800 

Hyman Huang <[email protected]> writes:

> Add the "header" option for the LUKS format. This field would be
> used to identify the blockdev's position where a detachable LUKS
> header is stored.
>
> In addition, introduce header field in struct BlockCrypto
>
> Signed-off-by: Hyman Huang <[email protected]>
> Reviewed-by: Daniel P. BerrangĂ© <[email protected]>
> Message-Id: 
> <5b99f60c7317092a563d7ca3fb4b414197015eb2.1701879996.git.yong.hu...@smartx.com>
> ---
>  block/crypto.c       | 1 +
>  qapi/block-core.json | 6 +++++-
>  2 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/block/crypto.c b/block/crypto.c
> index 921933a5e5..f82b13d32b 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -39,6 +39,7 @@ typedef struct BlockCrypto BlockCrypto;
>  struct BlockCrypto {
>      QCryptoBlock *block;
>      bool updating_keys;
> +    BdrvChild *header;  /* Reference to the detached LUKS header */
>  };
>  
>  
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index ca390c5700..10be08d08f 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -3352,11 +3352,15 @@
>  #     decryption key (since 2.6). Mandatory except when doing a
>  #     metadata-only probe of the image.
>  #
> +# @header: optional reference to the location of a blockdev
> +#     storing a detached LUKS header. (since 9.0)

This will come out like

    "header": "BlockdevRef" (optional)
       optional reference to the location of a blockdev storing a detached
       LUKS header. (since 9.0)

in the manual.  Scratch "optional".

Moreover, a BlockdevRef is a "Reference to a block device" (quote from
its doc comment), not a "reference to the location of a blockdev".
Better simplify to something like "block device holding a detached LUKS
header".

But that's just phrasing.  The contents could perhaps use improvement,
too.  Let's start with this question: what's a detachable LUKS header,
and why would anybody want to use it?

> +#
>  # Since: 2.9
>  ##
>  { 'struct': 'BlockdevOptionsLUKS',
>    'base': 'BlockdevOptionsGenericFormat',
> -  'data': { '*key-secret': 'str' } }
> +  'data': { '*key-secret': 'str',
> +            '*header': 'BlockdevRef'} }
>  
>  ##
>  # @BlockdevOptionsGenericCOWFormat:

Reply via email to