nvme-tcp: enable TLS handshake upcall

Add a fabrics option 'tls' and start the TLS handshake upcall with the default PSK. When TLS is started the PSK key serial number is displayed in the sysfs attribute 'tls_key' Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org>
author: Hannes Reinecke <hare@suse.de> 2023-08-24 16:39:15 +0200
committer: Keith Busch <kbusch@kernel.org> 2023-10-11 10:11:55 -0700
commit: be8e82caa685997b524dc7e4932853fd2fbe6199 (patch)
tree: 257750d9a87d3fb1eb3166ded13c53cb6ba29ff3 /drivers/nvme/host/Kconfig
parent: e40d4eb84089eae14a3396ba8b0db7b1f24ef2f8 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/drivers/nvme/host/Kconfig b/drivers/nvme/host/Kconfig
index 2f6a7f8c94e8..a517030d7d50 100644
--- a/drivers/nvme/host/Kconfig
+++ b/drivers/nvme/host/Kconfig
@@ -92,6 +92,21 @@ config NVME_TCP
 
 	  If unsure, say N.
 
+config NVME_TCP_TLS
+	bool "NVMe over Fabrics TCP TLS encryption support"
+	depends on NVME_TCP
+	select NVME_COMMON
+	select NVME_KEYRING
+	select NET_HANDSHAKE
+	select KEYS
+	help
+	  Enables TLS encryption for NVMe TCP using the netlink handshake API.
+
+	  The TLS handshake daemon is availble at
+	  https://github.com/oracle/ktls-utils.
+
+	  If unsure, say N.
+
 config NVME_AUTH
 	bool "NVM Express over Fabrics In-Band Authentication"
 	depends on NVME_CORE
author	Hannes Reinecke <hare@suse.de>	2023-08-24 16:39:15 +0200
committer	Keith Busch <kbusch@kernel.org>	2023-10-11 10:11:55 -0700
commit	be8e82caa685997b524dc7e4932853fd2fbe6199 (patch)
tree	257750d9a87d3fb1eb3166ded13c53cb6ba29ff3 /drivers/nvme/host/Kconfig
parent	e40d4eb84089eae14a3396ba8b0db7b1f24ef2f8 (diff)