[PATCH 0/1] NVMe/TLS connection issues to SPDK
Chris Leech
cleech at redhat.com
Tue Aug 12 15:05:50 PDT 2025
On Sun, Jul 20, 2025 at 07:17:17PM -0700, Chris Leech wrote:
> I was attempting to debug connecting the Linux driver / libnvme /
> ktls-utils host stack to the SPDK nvmf_tgt over TLS, and ran into some
> issues.
>
> The TLS connection fails to complete a handshake because the TLS PSKs
> are different. The NVMe/TCP specified key derivation steps from the
> configured interchange format, to a retained PSK and finally the TLS
> PSK, is implemented incompatibly in libnvme and SPDK. After some
> investigation, I believe the SPDK implementation to be correct and am
> providing a libnvme patch to match it. With libnvme modified, I see the
> TLS handshake complete in tlshd.
Ug, the kernel has key derivation code for secure channel concatenation
and it has the same issue.
RFC patchs to follow, only tested with a quick blktests nvme/063
currently.
- Chris
More information about the Linux-nvme
mailing list