From: "Jakowski, Andrzej" <andrzej.jakowski@intel.com>
To: "util-linux@vger.kernel.org" <util-linux@vger.kernel.org>
Subject: [RFC] utility for SED management
Date: Tue, 11 Jun 2019 06:30:51 +0000 [thread overview]
Message-ID: <548EA37F71F6AC4BB746F459732504FF7F1810E3@FMSMSX119.amr.corp.intel.com> (raw)
Hi,
As far as I know there is no good utility in open source allowing to manage
Self-Encrypting Drives (SED) for data center scale usages and client usages.
Let me first introduce example use cases for both scenarios:
* Data center usages (automatic): when disk is initially provisioned for
security disk key could be created automatically on key manager and supplied
to disk. On subsequent reboot of server, when disk is locked, corresponding
disk key could be retrieved from key manager and used to unlock that disk.
Initial provisioning and unlock are example flows which could be automated
in the SW.
* Client usages: manual disk provisioning for security, managing users and
locking ranges, crypto erase, drive repurposing, etc.
We have built prototype code covering these functionalities and now we would
like to productize it. We are looking for the right place to publish our SW,
considering util-linux project as one of the options. The SW will likely
consist of:
* Libsed - shared object exposing programmatic interface for security
management (Opal) of disk
* Sedcli - command line utility covering both client and data center flows.
Sedcli will use libsed for interaction with the drive, libkmip for
interaction with OASIS KMIP based key manager and tpm2-tss to interact with
TPM2 key manager
* Udev rules - will be used to invoke sedcli to auto-provision or auto-unlock
when new device is added to the OS (e.g. hot insert)
* System.d scripts - will be used to invoke sedcli when key needs to be
retrieved from network attached key manager
* Config file - will define policies for example on which disk should be
security managed or not
We would like to contribute that SW into util-linux project. What do you think
about adding this SW into util-linux?
Thx,
Andrzej
next reply other threads:[~2019-06-11 6:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-11 6:30 Jakowski, Andrzej [this message]
2019-06-12 13:40 ` [RFC] utility for SED management Karel Zak
2019-06-13 13:51 ` Jakowski, Andrzej
2019-06-14 7:48 ` Karel Zak
2019-06-14 9:01 ` Andrzej Jakowski
2019-06-14 10:04 ` Karel Zak
2019-06-14 10:35 ` Andrzej Jakowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=548EA37F71F6AC4BB746F459732504FF7F1810E3@FMSMSX119.amr.corp.intel.com \
--to=andrzej.jakowski@intel.com \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).