[RFC PATCH 00/18] nvme: In-kernel TLS support for TCP
Hannes Reinecke
hare at suse.de
Wed Mar 22 08:10:05 PDT 2023
On 3/22/23 13:53, Sagi Grimberg wrote:
>
>>>>>> Hi all,
>>>>>>
>>>>>> finally I've managed to put all things together and enable in-kernel
>>>>>> TLS support for NVMe-over-TCP.
>>>>>
>>>>> Hannes (and Chuck) this is great, I'm very happy to see this!
>>>>>
>>>>> I'll start a detailed review soon enough.
>>>>>
>>>>> Thank you for doing this.
>>>>>
>>>>>> The patchset is based on the TLS upcall mechanism from Chuck Lever
>>>>>> (cf '[PATCH v7 0/2] Another crack at a handshake upcall mechanism'
>>>>>> posted to the linux netdev list), and requires the 'tlshd' userspace
>>>>>> daemon (https://github.com/oracle/ktls-utils) for the actual TLS
>>>>>> handshake.
>>>>>
>>>>> Do you have an actual link to follow for this patch set?
>>>>
>>>> Sure.
>>>>
>>>> git.kernel.org:/pub/scm/linux/kernel/git/hare/scsi-devel.git
>>>> branch tls-netlink.v7
>>>
>>> I meant Chuck's posting on linux-netdev.
>>
>> To be found here:
>>
>> <https://www.spinics.net/lists/netdev/msg890047.html>
>
> Nice, it would be great to see code, if you have it, for nvme-cli and/or
> nvmetcli as well.
PR for libnvme: PR#599
PR for nvme-cli: PR#1868
which is just for updating 'nvme gen-tls-key' to allow the admin to
provision 'retained' PSKs in the kernel keyring.
For nvmetcli we actually don't need an update; everything works with the
existing code :-)
Cheers,
Hannes
More information about the Linux-nvme
mailing list