diff options
Diffstat (limited to 'qemu-doc.texi')
| -rw-r--r-- | qemu-doc.texi | 57 |
1 files changed, 45 insertions, 12 deletions
diff --git a/qemu-doc.texi b/qemu-doc.texi index 185dd47a0..e6e20ebbd 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -536,21 +536,38 @@ support of multiple VM snapshots. Supported options: @table @code @item compat -Determines the qcow2 version to use. @code{compat=0.10} uses the traditional -image format that can be read by any QEMU since 0.10 (this is the default). +Determines the qcow2 version to use. @code{compat=0.10} uses the +traditional image format that can be read by any QEMU since 0.10. @code{compat=1.1} enables image format extensions that only QEMU 1.1 and -newer understand. Amongst others, this includes zero clusters, which allow -efficient copy-on-read for sparse images. +newer understand (this is the default). Amongst others, this includes +zero clusters, which allow efficient copy-on-read for sparse images. @item backing_file File name of a base image (see @option{create} subcommand) @item backing_fmt Image format of the base image @item encryption -If this option is set to @code{on}, the image is encrypted. +If this option is set to @code{on}, the image is encrypted with 128-bit AES-CBC. + +The use of encryption in qcow and qcow2 images is considered to be flawed by +modern cryptography standards, suffering from a number of design problems: + +@itemize @minus +@item The AES-CBC cipher is used with predictable initialization vectors based +on the sector number. This makes it vulnerable to chosen plaintext attacks +which can reveal the existence of encrypted data. +@item The user passphrase is directly used as the encryption key. A poorly +chosen or short passphrase will compromise the security of the encryption. +@item In the event of the passphrase being compromised there is no way to +change the passphrase to protect data in any qcow images. The files must +be cloned, using a different encryption passphrase in the new file. The +original file must then be securely erased using a program like shred, +though even this is ineffective with many modern storage technologies. +@end itemize -Encryption uses the AES format which is very secure (128 bit keys). Use -a long password (16 characters) to get maximum protection. +Use of qcow / qcow2 encryption is thus strongly discouraged. Users are +recommended to use an alternative encryption technology such as the +Linux dm-crypt / LUKS system. @item cluster_size Changes the qcow2 cluster size (must be between 512 and 2M). Smaller cluster @@ -654,6 +671,21 @@ Supported options: Specifies which VHD subformat to use. Valid options are @code{dynamic} (default) and @code{fixed}. @end table + +@item VHDX +Hyper-V compatible image format (VHDX). +Supported options: +@table @code +@item subformat +Specifies which VHDX subformat to use. Valid options are +@code{dynamic} (default) and @code{fixed}. +@item block_state_zero +Force use of payload blocks of type 'ZERO'. +@item block_size +Block size; min 1 MB, max 256 MB. 0 means auto-calculate based on image size. +@item log_size +Log size; min 1 MB. +@end table @end table @subsubsection Read-only formats @@ -1906,7 +1938,7 @@ The following options are specific to the PowerPC emulation: @item -g @var{W}x@var{H}[x@var{DEPTH}] -Set the initial VGA graphic mode. The default is 800x600x15. +Set the initial VGA graphic mode. The default is 800x600x32. @item -prom-env @var{string} @@ -1964,7 +1996,7 @@ QEMU emulates the following sun4m peripherals: @item IOMMU @item -TCX Frame buffer +TCX or cgthree Frame buffer @item Lance (Am7990) Ethernet @item @@ -1991,7 +2023,7 @@ firmware implementation. The goal is to implement a 100% IEEE A sample Linux 2.6 series kernel and ram disk image are available on the QEMU web site. There are still issues with NetBSD and OpenBSD, but -some kernel versions work. Please note that currently Solaris kernels +some kernel versions work. Please note that currently older Solaris kernels don't work probably due to interface issues between OpenBIOS and Solaris. @@ -2003,8 +2035,9 @@ The following options are specific to the Sparc32 emulation: @item -g @var{W}x@var{H}x[x@var{DEPTH}] -Set the initial TCX graphic mode. The default is 1024x768x8, currently -the only other possible mode is 1024x768x24. +Set the initial graphics mode. For TCX, the default is 1024x768x8 with the +option of 1024x768x24. For cgthree, the default is 1024x768x8 with the option +of 1152x900x8 for people who wish to use OBP. @item -prom-env @var{string} |