[PATCH v4 0/4] Support PSK reauthentication (REPLACETLSPSK)
Alistair Francis
alistair23 at gmail.com
Sun Mar 1 19:42:05 PST 2026
On Tue, Dec 2, 2025 at 3:18 PM <alistair23 at gmail.com> wrote:
>
> From: Alistair Francis <alistair.francis at wdc.com>
>
> Allow userspace on the host to trigger a reauth (REPLACETLSPSK) from
> sysfs. This will replace the PSK for the admin queue when using
> a secure concat connection.
>
> This can be done by writing 0 to the `tls_configured_key` sysfs file,
> for example something like this
>
> ```shell
> echo 0 > /sys/devices/virtual/nvme-fabrics/ctl/nvme0/tls_configured_key
> ```
>
> `tls_configured_key` will only appear for concat connections as that is
> all that is supported.
>
> Reading `tls_configured_key` will return the current configured key, which
> changes after each REPLACETLSPSK operation.
>
> This series also include some fixes for the NVMe target code to ensure
> this works against a Linux NVMe target.
>
> v4:
> - Forcefully reset the connection after updating the keys
> v3:
> - Only trigger if a 0 is written to `tls_configured_key`
> - Add documentation
>
> Alistair Francis (4):
> nvmet-tcp: Don't error if TLS is enabed on a reset
> nvmet-tcp: Don't free SQ on authentication success
> nvme: Expose the tls_configured sysfs for secure concat connections
> nvme: Allow reauth from sysfs
This series is ready to merge. Can it be picked up?
Alistair
>
> Documentation/ABI/testing/sysfs-nvme | 13 ++++++++
> drivers/nvme/host/sysfs.c | 46 ++++++++++++++++++++++++--
> drivers/nvme/target/auth.c | 4 +--
> drivers/nvme/target/core.c | 2 +-
> drivers/nvme/target/fabrics-cmd-auth.c | 12 +++----
> drivers/nvme/target/nvmet.h | 4 +--
> 6 files changed, 68 insertions(+), 13 deletions(-)
> create mode 100644 Documentation/ABI/testing/sysfs-nvme
>
> --
> 2.51.1
>
More information about the Linux-nvme
mailing list