[PATCH 1/1] libnvme: TLS PSK derivation fixes
John Meneghini
jmeneghi at redhat.com
Fri Aug 8 09:18:21 PDT 2025
On 7/28/25 3:12 AM, Hannes Reinecke wrote:
> So to avoid us having to synchronize against all of the others I think
> it might be easier to add a 'compat' flag of sorts to generate PSKs
> with the 'original' derivation algorithm, and then increase the
> libnvme version number once it's in.
> Then we can point the IHVs to that number so that they reference
> that version once their firmware is updated.
This is a really bad precedent. Do you really want to create a new QUIK nightmare for NVMe/TLS?
If you add a compat flag they you will NEVER be able to get rid of it.
We should fix this correctly now and break backwards compatibility. This will force implementations to do it right.
Do it now or it will never happen.
/John
>
> Cheers,
>
> Hannes
> --
More information about the Linux-nvme
mailing list