[PATCHv18 00/11] nvme: In-band authentication support
Hannes Reinecke
hare at suse.de
Wed Jul 6 22:54:29 PDT 2022
On 6/27/22 23:34, Chaitanya Kulkarni wrote:
> On 6/27/22 02:51, Hannes Reinecke wrote:
>> Hi all,
>>
>> recent updates to the NVMe spec have added definitions for in-band
>> authentication, and seeing that it provides some real benefit
>> especially for NVMe-TCP here's an attempt to implement it.
>>
>> Thanks to Nicolai Stange the crypto DH framework has been upgraded
>> to provide us with a FFDHE implementation; I've updated the patchset
>> to use the ephemeral key generation provided there.
>>
>> Note that this is just for in-band authentication. Secure
>> concatenation (ie starting TLS with the negotiated parameters)
>> requires a TLS handshake, which the in-kernel TLS implementation
>> does not provide. This is being worked on with a different patchset
>> which is still WIP.
>>
>> The nvme-cli support has already been merged; please use the latest
>> nvme-cli git repository to build the most recent version.
>>
>> A copy of this patchset can be found at
>> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
>> branch auth.v17
>>
>> The patchset is being cut against nvme-5.20.
>>
>
> I was able to run the V5 of blktets on this version see log below.
>
> I am seeing few error messages when I run with tcp and loop,
> please have a look to make sure they are the expected ones.
>
> In case they are expected ones lets filter them out since it will
> create confusion and people will start reporting these issues.
>
As indicated in my earlier mail, these errors _are_ expected, as we also
have to check if authentication fails is there's a mismatch of the
authentication keys.
But an authentication failure is an event which the admin definitely
should be made aware, so the kernel message is warranted.
So I'm not sure how one could filter them out ...
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman
More information about the Linux-nvme
mailing list