[PATCH 1/9] nvme-auth: modify nvme_auth_transform_key() to return status
Sagi Grimberg
sagi at grimberg.me
Sun Nov 30 13:42:31 PST 2025
On 27/11/2025 10:01, Hannes Reinecke wrote:
> On 11/26/25 08:39, Sagi Grimberg wrote:
>> Patch title is misleading. The addition is the transformed secret
>> output...
>>
>> On 28/05/2025 17:05, Hannes Reinecke wrote:
>>> Modify nvme_auth_transform_key() to return a status and provide
>>> the transformed data as argument on the command line as raw data.
>>
>> The patch is missing the why explanation. I mean it looks fine, its
>> unclear
>> why we need this change.
>>
> To keep the knowledge of key contents inside the kernel keyring only,
> and avoid having to specify the key contents on the commandline (where
> it's prone to show up in audit logs).
> Also it allows for exteral provisioning of the keys; some other
> application can provision the keys in the kernel keyring, and
> nvme-cli can pick it up from there.
I wasn't referring to what the patchset is trying to solve for.
The "why" refers to "Modify nvme_auth_transform_key() to return a status
and provide the transformed data as argument on the command line as raw
data" What would help the reviewer is something along the lines of:
"preparing for XXX" or "in a following patch the caller will be using it
for XXX"
More information about the Linux-nvme
mailing list