Re: [PATCH v2 3/4] nvme: Expose the tls_configured sysfs for secure concat connections
From: Alistair Francis
Date: Wed Nov 12 2025 - 21:08:42 EST
On Wed, Nov 12, 2025 at 5:08 PM Hannes Reinecke <hare@xxxxxxx> wrote:
>
> On 11/12/25 00:45, alistair23@xxxxxxxxx wrote:
> > From: Alistair Francis <alistair.francis@xxxxxxx>
> >
> > Signed-off-by: Alistair Francis <alistair.francis@xxxxxxx>
> > ---
> > v2:
> > - New patch
> >
> > drivers/nvme/host/sysfs.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
> > index 29430949ce2f..6d10e12136d0 100644
> > --- a/drivers/nvme/host/sysfs.c
> > +++ b/drivers/nvme/host/sysfs.c
> > @@ -838,7 +838,7 @@ static umode_t nvme_tls_attrs_are_visible(struct kobject *kobj,
> > !ctrl->opts->tls && !ctrl->opts->concat)
> > return 0;
> > if (a == &dev_attr_tls_configured_key.attr &&
> > - (!ctrl->opts->tls_key || ctrl->opts->concat))
> > + !ctrl->opts->concat)
> > return 0;
> > if (a == &dev_attr_tls_keyring.attr &&
> > !ctrl->opts->keyring)
>
> ??
>
> How can you have a configured TLS Key for secure concatenation?
I'm not sure I follow
`ctrl->opts->tls_key` is directly set at the end of the
`nvme_auth_secure_concat()` function, so it will be set for secure
concatenation.
> We generate the keys from the DH-CHAP key material, don't we?
I haven't checked that closely, but the key seems to be generated from
the CHAP hash id
Alistair
>
> Cheers,
>
> Hannes
> --
> Dr. Hannes Reinecke Kernel Storage Architect
> hare@xxxxxxx +49 911 74053 688
> SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
> HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich