[PATCHv12 00/11] nvme: In-band authentication support
Hannes Reinecke
hare at suse.de
Wed May 25 02:54:54 PDT 2022
On 5/18/22 13:22, Hannes Reinecke wrote:
> Hi all,
>
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
>
> Thanks to Nicolai Stange the crypto DH framework has been upgraded
> to provide us with a FFDHE implementation; I've updated the patchset
> to use the ephemeral key generation provided there.
>
> Note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters)
> requires a TLS handshake, which the in-kernel TLS implementation
> does not provide. This is being worked on with a different patchset
> which is still WIP.
>
> The nvme-cli support has already been merged; please use the latest
> nvme-cli git repository to build the most recent version.
>
> A copy of this patchset can be found at
> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
> branch auth.v12
>
> It is being cut against the latest master branch from Linus.
>
> As usual, comments and reviews are welcome.
>
How do we proceed here?
This has been lingering for quite some time now, without any real
progress. Despite everyone agreeing that we would need to have it.
Anything which is missing from my side?
Any other obstacles?
Thanks.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
More information about the Linux-nvme
mailing list