[PATCH 1/9] nvme-auth: modify nvme_auth_transform_key() to return status
Hannes Reinecke
hare at suse.de
Thu Nov 27 00:01:35 PST 2025
On 11/26/25 08:39, Sagi Grimberg wrote:
> Patch title is misleading. The addition is the transformed secret output...
>
> On 28/05/2025 17:05, Hannes Reinecke wrote:
>> Modify nvme_auth_transform_key() to return a status and provide
>> the transformed data as argument on the command line as raw data.
>
> The patch is missing the why explanation. I mean it looks fine, its unclear
> why we need this change.
>
To keep the knowledge of key contents inside the kernel keyring only,
and avoid having to specify the key contents on the commandline (where
it's prone to show up in audit logs).
Also it allows for exteral provisioning of the keys; some other
application can provision the keys in the kernel keyring, and
nvme-cli can pick it up from there.
But I can put that in the patch description.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list