kernel TLS configuration, was: Re: [ANNOUNCE] ktls-utils 1.0.0
Christoph Hellwig
hch at infradead.org
Wed May 7 00:58:17 PDT 2025
On Wed, May 07, 2025 at 10:50:00AM +0300, Sagi Grimberg wrote:
> Just so I understand, this is a separate issue from passing the keyring to
> tlshd correct? Is the suggesting that nfs will create a special .nfs keyring
> similar to what nvme does?
Yeah.
> Note that nvme also allows the user to pass its own keyring (never tried
> it before - we probably need a blktest for it //hannes). So in this case,
> the
> possessor will need to set user READ perms on the key itself (assuming that
> it updated tlshd.conf to know this keyring)?
I think so. Or give user read permissions for the keys (which from
my limited undertanding renders the patches a bit useless).
Let me send out my current patches and discuss it there.
More information about the Linux-nvme
mailing list