From: keith.busch@intel.com (Keith Busch)
Subject: [PATCH v2 2/4] block: Add Sed-opal library
Date: Thu, 1 Dec 2016 13:22:39 -0500 [thread overview]
Message-ID: <20161201182239.GH21081@localhost.localdomain> (raw)
In-Reply-To: <20161201175343.GA6554@sbauer-Z170X-UD5>
On Thu, Dec 01, 2016@10:53:43AM -0700, Scott Bauer wrote:
> > Maybe. I need to look at the TCG spec again (oh my good, what a fucking
> > mess), but if I remember the context if it is the whole nvme controller
> > and not just a namespace, so a block_device might be the wrong context.
> > Then again we can always go from the block_device to the controller
> > fairly easily. So instead of adding the security operation to the
> > block_device_operations which we don't really need for now maybe we
> > should add a security_conext to the block device so that we can avoid
> > all the lookup code?
>
> I spent some time this morning reading through the numerous specs/documents,
> with a lot of coffee.
>
> Specifically in:
> https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_SWG_SIIS_Version_1_02_Revision_1_00_20111230.pdf
>
> 5.5.2
> Namespace
>
> A target that has multiple Namespaces MAY have multiple TPers. Each TPer
> SHALL be associated with a different Namespace. Every Namespace on a device
> is not required to have a TPer, but Namespaces that support the TCG Core
> specification commands and functionality SHALL have a TPer. A TPer SHALL only
> be associated with exactly one Namespace. A Namespace MAY have no TPer.
>
> From reading that it seems we will probably have to keep it at the block layer,
> since its possible to have a valid "Locking range 1" on n1 and a "Locking range 1"
> on n2.
Thanks for tracking that down! Specifically for NVMe, security
send/recieve requires NSID, so it is a little more difficult to get to
that if we're not using the abstracton that contains the namespace.
next prev parent reply other threads:[~2016-12-01 18:22 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-29 21:51 [PATCH v2 0/4] SED OPAL Library Scott Bauer
2016-11-29 21:51 ` [PATCH v2 1/4] include: Add definitions for sed Scott Bauer
2016-11-29 21:52 ` [PATCH v2 2/4] block: Add Sed-opal library Scott Bauer
2016-11-30 18:13 ` Keith Busch
2016-11-30 18:09 ` Scott Bauer
2016-12-01 0:50 ` Keith Busch
2016-12-01 10:04 ` Christoph Hellwig
2016-12-01 17:53 ` Scott Bauer
2016-12-01 18:22 ` Keith Busch [this message]
2016-12-09 17:45 ` Scott Bauer
2016-12-09 18:30 ` Christoph Hellwig
2016-12-09 18:50 ` Scott Bauer
2016-11-29 21:52 ` [PATCH v2 3/4] nvme: Implement resume_from_suspend and sed block ioctl Scott Bauer
2016-12-01 0:50 ` Keith Busch
2016-11-29 21:52 ` [PATCH v2 4/4] Maintainers: Add Information for SED Opal library Scott Bauer
2017-02-10 16:46 ` Elliott, Robert (Persistent Memory)
2017-02-10 16:44 ` Scott Bauer
2017-02-11 2:24 ` Elliott, Robert (Persistent Memory)
2017-02-13 8:04 ` hch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161201182239.GH21081@localhost.localdomain \
--to=keith.busch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).