[PATCH 01/18] nvme-keyring: register '.nvme' keyring and add CONFIG_NVME_TLS
Sagi Grimberg
sagi at grimberg.me
Wed Mar 29 07:49:00 PDT 2023
> Register a '.nvme' keyring to hold keys for TLS and DH-HMAC-CHAP and
> add a new config option NVME_TLS to enable support for NVMe-TCP/TLS.
> We need a separate keyring for NVMe as the configuration is done
> via individual commands (eg for configfs), and the usual per-session
> or per-process keyrings can't be used.
>
> Signed-off-by: Hannes Reinecke <hare at suse.de>
> ---
> drivers/nvme/common/Kconfig | 9 +++++++++
> drivers/nvme/common/Makefile | 1 +
> drivers/nvme/common/keyring.c | 36 +++++++++++++++++++++++++++++++++++
> drivers/nvme/host/core.c | 19 +++++++++++++++---
> include/linux/nvme-keyring.h | 12 ++++++++++++
> 5 files changed, 74 insertions(+), 3 deletions(-)
> create mode 100644 drivers/nvme/common/keyring.c
> create mode 100644 include/linux/nvme-keyring.h
>
> diff --git a/drivers/nvme/common/Kconfig b/drivers/nvme/common/Kconfig
> index 4514f44362dd..b6fff16da1fb 100644
> --- a/drivers/nvme/common/Kconfig
> +++ b/drivers/nvme/common/Kconfig
> @@ -2,3 +2,12 @@
>
> config NVME_COMMON
> tristate
> +
> +config NVME_TLS
> + bool "NVMe/TCP TLS encryption support"
> + depends on NVME_COMMON
depends on TLS as well? Or maybe select would be more appropriate?
> + select KEYS
> + help
> + Enables TLS encryption for NVMe/TCP using the netlink handshake API.
> +
> + If unsure, say N.
Would it not make sense to default it to y?
More information about the Linux-nvme
mailing list