From: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
To: Hannes Reinecke <hare@suse.de>
Cc: Jes Sorensen <jes@trained-monkey.org>, Xiao Ni <xni@redhat.com>,
Paul E Luse <paul.e.luse@linux.intel.com>,
Coly Li <colyli@suse.de>,
linux-raid@vger.kernel.org
Subject: Re: libsed in mdadm
Date: Wed, 23 Aug 2023 09:29:57 +0200 [thread overview]
Message-ID: <20230823092957.00001051@linux.intel.com> (raw)
In-Reply-To: <9106ad75-8c58-9edb-d066-e5ee332907d3@suse.de>
On Wed, 23 Aug 2023 08:00:51 +0200
Hannes Reinecke <hare@suse.de> wrote:
> On 8/22/23 22:54, Jes Sorensen wrote:
> > On 8/21/23 10:16, Mariusz Tkaczyk wrote:
> >> Hello,
> >> IMSM/VROC is going to support self-encrypted drives. With this feature you
> >> need to unlock the drives during boot-up in UEFI first. It is kind of
> >> protection from physical stealing.
> >>
> >> To ensure security, Linux have to respect that. It means that we need to
> >> determine if the drive support locking and do not allow to mix locked and
> >> unlocked drives in one IMSM array.
> >>
> >> To grab that information we will need to impose the "magic commands" to the
> >> drives. There is a libsed library, designed for such purposes:
> >> https://github.com/sedcli/sedcli
> >>
> >> So far I know, this library is not released under distributions (not
> >> handled by package managers) and that will bring not user friendly
> >> dependency- you will need to compile and install the lib first to build
> >> mdadm.
> >>
> >> The sedcli project is maintained in Intel, currently it is not in active
> >> development but there are no plans to drop it, interest around it is
> >> growing as you can see. It seems to be great opportunity for this project
> >> to become integrated with mainstream distributions when mdadm will start to
> >> require it.
> >>
> >> So, my questions are: Are we fine with adding this dependency? Are there
> >> big cons you see?
> >> Obviously, I will make it optional like libudev is.
> >>
> >> I can try to re-implement the functionality I need in mdadm but it is like
> >> reinventing the wheel.
> >>
> >> Any feedback will be appreciated.
> >
> > Hi Mariusz,
> >
> > I am not against adding it to mdadm, though I think a better approach is
> > to try and get the library built as a package for the distros.
> >
> > Did you look into that yet?
> >
> We (as in 'We as an OS distributor') actually evaluated packaging libsed
> some time ago, but decided against it as the original authors (namely
> Intel) apparently disbanded it. So before adding it to a distro there
> needs to be an active maintainer, and one would be looking to Intel here.
>
Thanks Hannes for feedback. I totally agree with you. I will raise it
internally.
Thanks,
Mariusz
next prev parent reply other threads:[~2023-08-23 7:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-21 14:16 libsed in mdadm Mariusz Tkaczyk
2023-08-22 20:54 ` Jes Sorensen
2023-08-23 6:00 ` Hannes Reinecke
2023-08-23 7:29 ` Mariusz Tkaczyk [this message]
2023-10-26 6:09 ` Mariusz Tkaczyk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230823092957.00001051@linux.intel.com \
--to=mariusz.tkaczyk@linux.intel.com \
--cc=colyli@suse.de \
--cc=hare@suse.de \
--cc=jes@trained-monkey.org \
--cc=linux-raid@vger.kernel.org \
--cc=paul.e.luse@linux.intel.com \
--cc=xni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).