This week the ratified NVMe™/TCP Transport Binding specification has been made available for public download. TCP is a new transport added to the family of existing NVMe™ transports; PCIe®, RDMA, and FC. NVMe/TCP defines the mapping of NVMe queues, NVMe-oF capsules and data delivery over the IETF Transport Control Protocol (TCP). The NVMe/TCP transport offers optional enhancements such as inline data integrity (DIGEST) and online Transport Layer Security (TLS).[…]
This week at the Flash Memory Summit, the Trusted Computing Group (TCG) and NVM Express (NVMe), put out a new joint white paper called “TCG Storage, Opal, and NVMe“. Opal is a set of specs from the TCG, designed to add TCG-style security to NVMe-based storage devices (‘self-encrypting drives’ (SED’), by adding new technology layers to manage encryption of user data, to enable features beyond ‘data at rest protection’. The ‘family’ of Opal specs include 3 levels: Opal, Opalite, and Pyrite, which provides a range of capabilities for vendors to choose from.
From their whitepaper’s summary, Oval offers these values to NVMe:
* Avoids the need to add security to NVM Express standard, or rely on proprietary functionality
* Leverages the existing storage security industry standard for a consistent set of requirements
* Commonly associated features enable a more consistent and secure overall solution
* Simplifies ecosystem enabling, validation, product identification, SKU management
* Reduces standardization to a more streamlined process
* Provides an extensible interface for additional value-adds to Opal/Opalite/Pyrite functionality, as well as other storage security features
I’m not sure if UEFI 2.5 has this ability or not. UEFI 2.5 did add some new NVMe and crypto storage interfaces, though.
PS: Going off-topic(?) a bit, but for NVMe and Linux, check out this doc from June:
Today AMI (American Megatrends, Inc.) launches a new enclosure solution for NVM Express SSD Subsystems. The controller is firmware-upgradable through SMBUS.
“A true, single-chip solution, the MG9095 backplane controller ships ready to use with no custom firmware or programming required,” said Subramonian Shankar, AMI CEO.
Read the full announcement:
Feng Tian of Intel recently checked in changes to the EDK-II trunk for the EFI_NVME_PASS_THRU_PROTOCOL, as part of the UEFI 2.5 checkins. This UEFI NVM Express protocol provides services that allow NVM Express commands to be sent to an NVM Express controller or to a specific namespace in a NVM Express controller.
I’ve found the definitions in the code, but not an implementation, so either the checkin hasn’t happened yet, I’ve missed it, or it’s a non-open source implementation that won’t be in the TianoCore code, I’m unclear. If you know, please speak up!
For more information, see: