[PATCH 1/9] nvme-auth: modify nvme_auth_transform_key() to return status
Hannes Reinecke
hare at suse.de
Mon Dec 1 00:49:48 PST 2025
On 11/30/25 22:42, Sagi Grimberg wrote:
>
>
> On 27/11/2025 10:01, Hannes Reinecke wrote:
>> On 11/26/25 08:39, Sagi Grimberg wrote:
>>> Patch title is misleading. The addition is the transformed secret
>>> output...
>>>
>>> On 28/05/2025 17:05, Hannes Reinecke wrote:
>>>> Modify nvme_auth_transform_key() to return a status and provide
>>>> the transformed data as argument on the command line as raw data.
>>>
>>> The patch is missing the why explanation. I mean it looks fine, its
>>> unclear
>>> why we need this change.
>>>
>> To keep the knowledge of key contents inside the kernel keyring only,
>> and avoid having to specify the key contents on the commandline (where
>> it's prone to show up in audit logs).
>> Also it allows for exteral provisioning of the keys; some other
>> application can provision the keys in the kernel keyring, and
>> nvme-cli can pick it up from there.
>
> I wasn't referring to what the patchset is trying to solve for.
> The "why" refers to "Modify nvme_auth_transform_key() to return a status
> and provide the transformed data as argument on the command line as raw
> data" What would help the reviewer is something along the lines of:
> "preparing for XXX" or "in a following patch the caller will be using it
> for XXX"
Ah, right. Will do for the next round.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list