[v2,0/6] Disk encryption status handling

Message ID	20240322115120.12325-1-blazej.kucman@intel.com (mailing list archive)
Headers	show Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C05F63EA9C for <linux-raid@vger.kernel.org>; Fri, 22 Mar 2024 11:51:48 +0000 (UTC) From: Blazej Kucman <blazej.kucman@intel.com> To: mariusz.tkaczyk@linux.intel.com, jes@trained-monkey.org Cc: linux-raid@vger.kernel.org Subject: [PATCH v2 0/6] Disk encryption status handling Date: Fri, 22 Mar 2024 12:51:14 +0100 Message-Id: <20240322115120.12325-1-blazej.kucman@intel.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Disk encryption status handling \| expand [v2,0/6] Disk encryption status handling [v2,1/6] mdadm: Move pr_vrb define to mdadm.h [v2,2/6] Add reading Opal NVMe encryption information [v2,3/6] Add reading SATA encryption information [v2,4/6] Add key ENCRYPTION_NO_VERIFY to conf [v2,5/6] imsm: print disk encryption information [v2,6/6] imsm: drive encryption policy implementation

Message ID

20240322115120.12325-1-blazej.kucman@intel.com (mailing list archive)

Headers

From: Blazej Kucman <blazej.kucman@intel.com>
To: mariusz.tkaczyk@linux.intel.com,
	jes@trained-monkey.org
Cc: linux-raid@vger.kernel.org
Subject: [PATCH v2 0/6] Disk encryption status handling
Date: Fri, 22 Mar 2024 12:51:14 +0100
Message-Id: <20240322115120.12325-1-blazej.kucman@intel.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Disk encryption status handling | expand

Message

Blazej Kucman March 22, 2024, 11:51 a.m. UTC

The purpose of this series is to add functionality of reading information
about the encryption status of OPAL NVMe/SATA and SATA drives and use this
information for purposes of IMSM metadata, which introduces restrictions
on the possibility of mixing disks with encryption enabled and disabled
because of security reasons.

Changes in V2:
- add separate patch for change location of pr_vrb(),
- add example results for usage of new feature to commit message in patch 5,
- adjust commit messages to 75 characters,
- general fixes after review.

Blazej Kucman (6):
  mdadm: Move pr_vrb define to mdadm.h
  Add reading Opal NVMe encryption information
  Add reading SATA encryption information
  Add key ENCRYPTION_NO_VERIFY to conf
  imsm: print disk encryption information
  imsm: drive encryption policy implementation

 Makefile           |   4 +-
 config.c           |  25 +-
 drive_encryption.c | 724 +++++++++++++++++++++++++++++++++++++++++++++
 drive_encryption.h |  37 +++
 mdadm.conf.5.in    |  16 +
 mdadm.h            |   4 +
 super-intel.c      | 117 +++++++-
 sysfs.c            |  29 ++
 8 files changed, 947 insertions(+), 9 deletions(-)
 create mode 100644 drive_encryption.c
 create mode 100644 drive_encryption.h

Comments

Mariusz Tkaczyk April 2, 2024, 6:32 a.m. UTC | #1

On Fri, 22 Mar 2024 12:51:14 +0100
Blazej Kucman <blazej.kucman@intel.com> wrote:

> The purpose of this series is to add functionality of reading information
> about the encryption status of OPAL NVMe/SATA and SATA drives and use this
> information for purposes of IMSM metadata, which introduces restrictions
> on the possibility of mixing disks with encryption enabled and disabled
> because of security reasons.
> 
> Changes in V2:
> - add separate patch for change location of pr_vrb(),
> - add example results for usage of new feature to commit message in patch 5,
> - adjust commit messages to 75 characters,
> - general fixes after review.
>

No more questions from community..
Applied!

Thanks,
Mariusz