1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
.TH "libnvme" 9 "enum nbft_security_flags" "December 2023" "API Manual" LINUX
.SH NAME
enum nbft_security_flags \- Security Profile Descriptor Flags (Figure 22)
.SH SYNOPSIS
enum nbft_security_flags {
.br
.BI " NBFT_SECURITY_VALID"
,
.br
.br
.BI " NBFT_SECURITY_IN_BAND_AUTH_MASK"
,
.br
.br
.BI " NBFT_SECURITY_IN_BAND_AUTH_NOT_SUPPORTED"
,
.br
.br
.BI " NBFT_SECURITY_IN_BAND_AUTH_NOT_REQUIRED"
,
.br
.br
.BI " NBFT_SECURITY_IN_BAND_AUTH_REQUIRED"
,
.br
.br
.BI " NBFT_SECURITY_AUTH_POLICY_LIST_MASK"
,
.br
.br
.BI " NBFT_SECURITY_AUTH_POLICY_LIST_NOT_SUPPORTED"
,
.br
.br
.BI " NBFT_SECURITY_AUTH_POLICY_LIST_DRIVER"
,
.br
.br
.BI " NBFT_SECURITY_AUTH_POLICY_LIST_ADMIN"
,
.br
.br
.BI " NBFT_SECURITY_SEC_CHAN_NEG_MASK"
,
.br
.br
.BI " NBFT_SECURITY_SEC_CHAN_NEG_NOT_SUPPORTED"
,
.br
.br
.BI " NBFT_SECURITY_SEC_CHAN_NEG_NOT_REQUIRED"
,
.br
.br
.BI " NBFT_SECURITY_SEC_CHAN_NEG_REQUIRED"
,
.br
.br
.BI " NBFT_SECURITY_SEC_POLICY_LIST_MASK"
,
.br
.br
.BI " NBFT_SECURITY_SEC_POLICY_LIST_NOT_SUPPORTED"
,
.br
.br
.BI " NBFT_SECURITY_SEC_POLICY_LIST_DRIVER"
,
.br
.br
.BI " NBFT_SECURITY_SEC_POLICY_LIST_ADMIN"
,
.br
.br
.BI " NBFT_SECURITY_CIPHER_RESTRICTED"
,
.br
.br
.BI " NBFT_SECURITY_AUTH_DH_GROUPS_RESTRICTED"
,
.br
.br
.BI " NBFT_SECURITY_SEC_HASH_FUNC_POLICY_LIST"
};
.SH Constants
.IP "NBFT_SECURITY_VALID" 12
Descriptor Valid: If set to 1h, then
this descriptor is valid. If cleared
to 0h, then this descriptor is not valid.
.IP "NBFT_SECURITY_IN_BAND_AUTH_MASK" 12
Mask to get the In-Band Authentication
Required field.
.IP "NBFT_SECURITY_IN_BAND_AUTH_NOT_SUPPORTED" 12
In-band authentication is not supported
by the NVM subsystem.
.IP "NBFT_SECURITY_IN_BAND_AUTH_NOT_REQUIRED" 12
In-band authentication is supported by
the NVM subsystem and is not required.
.IP "NBFT_SECURITY_IN_BAND_AUTH_REQUIRED" 12
In-band authentication is supported by
the NVM subsystem and is required.
.IP "NBFT_SECURITY_AUTH_POLICY_LIST_MASK" 12
Mask to get the Authentication Policy List
flag: This field indicates whether
authentication protocols were indicated
by policy from driver defaults or
administrative configuration.
.IP "NBFT_SECURITY_AUTH_POLICY_LIST_NOT_SUPPORTED" 12
Authentication Protocols Heap Object Reference
field Offset and Length are reserved.
.IP "NBFT_SECURITY_AUTH_POLICY_LIST_DRIVER" 12
Authentication Protocols Offset field and
the Authentication Protocols Length field
indicate a list of authentication protocols
used by the driver.
.IP "NBFT_SECURITY_AUTH_POLICY_LIST_ADMIN" 12
Authentication Protocols Offset field and
the Authentication Protocols Length field
indicate a list of authentication protocols
that were administratively set and used
by the driver.
.IP "NBFT_SECURITY_SEC_CHAN_NEG_MASK" 12
Mask to get the Secure Channel Negotiation
Required flag: This field indicates whether
secure channel negotiation (e.g. TLS)
is required.
.IP "NBFT_SECURITY_SEC_CHAN_NEG_NOT_SUPPORTED" 12
Secure channel negotiation is not supported
by the NVM subsystem.
.IP "NBFT_SECURITY_SEC_CHAN_NEG_NOT_REQUIRED" 12
Secure channel negotiation is supported
by the NVM subsystem and is not required.
.IP "NBFT_SECURITY_SEC_CHAN_NEG_REQUIRED" 12
Secure channel negotiation is supported
by the NVM subsystem and is required.
.IP "NBFT_SECURITY_SEC_POLICY_LIST_MASK" 12
Mask to get the Security Policy List flag:
This field indicates whether secure channel
protocols were indicated by policy from driver
defaults or administrative configuration.
.IP "NBFT_SECURITY_SEC_POLICY_LIST_NOT_SUPPORTED" 12
The Offset field and Length field in the
Secure Channel Algorithm Heap Object Reference
field are reserved.
.IP "NBFT_SECURITY_SEC_POLICY_LIST_DRIVER" 12
The Heap Object specified by the Secure Channel
Algorithm Heap Object Reference field indicates
a list of authentication protocols used
by the driver.
.IP "NBFT_SECURITY_SEC_POLICY_LIST_ADMIN" 12
The Heap Object specified by the Secure Channel
Algorithm Heap Object Reference field indicates
a list of authentication protocols that were
administratively set and used by the driver.
.IP "NBFT_SECURITY_CIPHER_RESTRICTED" 12
Cipher Suites Restricted by Policy: If set to 1h,
then the Cipher Suite Offset field and the
Ciper Suite Length field indicate a list
of supported cipher suites by the driver.
If cleared to 0h, then the Cipher Suite Offset
field and the Cipher Suite Length field
are reserved.
.IP "NBFT_SECURITY_AUTH_DH_GROUPS_RESTRICTED" 12
Authentication DH Groups Restricted
by Policy List: If set to 1h, then connections
shall use one of the authentication DH groups
in the Authentication DH Groups List is required.
If cleared to 0h, then no Authentication DH Groups
List is indicated and use of an authentication
DH Group is not required.
.IP "NBFT_SECURITY_SEC_HASH_FUNC_POLICY_LIST" 12
Secure Hash Functions Policy List: If set to 1h,
then connections shall use one of the secure
hash functions in the Secure Hash Functions
Policy List is required. If cleared to 0h,
then no Secure Hash Functions Policy
List is indicated and use of a secure
hash function is not required.
|
