[PATCH 07/12] nvme: Implement In-Band authentication
Max Gurtovoy
mgurtovoy at nvidia.com
Tue Mar 22 05:21:55 PDT 2022
On 3/22/2022 2:10 PM, Hannes Reinecke wrote:
> On 3/22/22 12:40, Max Gurtovoy wrote:
>> Hi Hannes,
>>
>> On 12/2/2021 5:23 PM, Hannes Reinecke wrote:
>>> Implement NVMe-oF In-Band authentication according to NVMe TPAR 8006.
>>> This patch adds two new fabric options 'dhchap_secret' to specify the
>>> pre-shared key (in ASCII respresentation according to NVMe 2.0 section
>>> 8.13.5.8 'Secret representation') and 'dhchap_ctrl_secret' to specify
>>> the pre-shared controller key for bi-directional authentication of both
>>> the host and the controller.
>>> Re-authentication can be triggered by writing the PSK into the new
>>> controller sysfs attribute 'dhchap_secret' or 'dhchap_ctrl_secret'.
>>
>> Can you please add to commit log an example of the process ?
>>
>> From target configuration through the 'nvme connect' cmd.
>>
>>
>
> Please check:
>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fhreinecke%2Fblktests%2Ftree%2Fauth.v3&data=04%7C01%7Cmgurtovoy%40nvidia.com%7C4e6a16198c834c87e2ac08da0bfd01fc%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637835478535167965%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OgZkPCwDUIllRWfKF0SoC6osWJy3hqAZouME3KDnIGQ%3D&reserved=0
>
>
> That contains the blktest scripts I'm using to validate the
> implementation.
>
blktest is great but for features in this magnitude I think we need to
add a simple usage example in the commit log or in the cover letter.
for someone that is not familiar with blktests, one should start reverse
engineering 4000 LOC to use it.
Cheers,
Max.
Thanks for implementing this important feature.
> Cheers,
>
> Hannes
More information about the Linux-nvme
mailing list