ltfs
ltfs copied to clipboard
LinearTapeFileSystem
Encryption Function Error?
Vendor ID = HP Product ID = Ultrium 6-SCSI Product Name =[Ultrium 6-SCSI]
I have HP Ultrium 6 tape drive and I try to use the encryption function. (my tape drive support it) I typed command 'mkltfs -d $SERIAL --kmi-backend=simple -o kmi_dki_for_format=$KEYINDEX -o kmi_dk_for_format=$KEY' but the message displayed. 'LTFS30243E Encryption feature is not supported on the drive: 8454.'
in [src > tape_drivers > linux > sg > sg_tape.c] I think the Function [is_encryption_capable] is not work properly. maybe '!' missing in if statement
if (IS_LTO(priv->drive_type)) { ltfsmsg(LTFS_ERR, 30243E, priv->drive_type); return -EDEV_INTERNAL_ERROR; }
Sorry the code might not be understandable. It looks encryption might work on both drive, LTO and Jaguar (only under T10 mode).
The backends below only allow LTO.
- cam (FreeBSD)
- lintape (Linux, obsoleted)
On the other hand, the backends below only Jaguar.
- sg (Linux)
- scsipi (NetBSD)
- iokit (MacOS)
I would like to make one more comment.
In the tape world, we have 4 basic encryption mode.
- None
- AME (Application Managed Encryption, by application itself)
- SME (System Managed Encryption, by tape driver)
- LME (Library Managed Encryption, by tape library)
In SME and LME, driver or library would fetch encryption key from a key server. So you need to import your key to a key server if you want to keep accessing the tape after you ingest the tape into a library. But I don't know Such kind of key server is existing or not.
Long story short, I never recommend to use encryption on SDE environment if you want to have a kind of access compatibility.
I think that's why the code in this area is remaining as a kind of "MONSTER".