PDA

View Full Version : lto4 hardware encryption



robvanhooren
November 25th, 2009, 02:54 AM
(note to admin/mod: suggest move this to suggestions forum. thx.)

hi,

has any work been done on implementing LTO4 hardware encryption?

I understand that bacula has some pre/post scripting support; haven't seen this in amanda.

Not initially after a complex (read $$$) KMS option, just something to deliver/grok the requisite AES-GCM keystring in-band via SPIN/SPOUT before the tape dump/restore actions.

Perhaps the attached .c bits could be a useful starting ground for any interested committers.

Thoughts appreciated.

cheers,

R.

dustin
November 25th, 2009, 08:17 AM
Thanks! While I was at LISA in Baltimore, Andrew Schretter gave me code to do exactly the same thing.

I'd love to see this merged into the Amanda tape device as a property. The code Andrew sent was specific to the Linux sg driver. I can't tell what system your code is designed for.

Anyway, why don't you take a look at device-src/tape-*.c and see what you can do?

robvanhooren
November 25th, 2009, 09:18 AM
this was hacked out on an OpenVMS system... not too widespread I admit.
atm, I'm toying with porting it to a BSD box... I'll see what I can come up with and post again here if I feel up to it.

if you're more comfortable with Andy's code snippets, proceed they're probably cleaner ;-)

feel free to compare his code with the logic I had in the attachment. (will he let you post it here? or PM it to me for a look-see...)

once this feature is in, it's one more feather in the community's "no need to keep shelling out the annual EMC/Symantec ransom" cap.

(well, except for those shops who are mandated to use an automated KMS instead of having file-based key storage.)

cheers,

R.

dustin
November 25th, 2009, 09:46 AM
Here's his version.

I don't have an LTO4 system to test with, so I won't be working on this particular project, but if you or someone else wants to merge this into the tape-device, I'll be happy to offer advice and pointers.

bigfootnlc
December 6th, 2011, 11:50 AM
I know it's been a couple of years now, but I'm not finding anything more about this effort.

I don't see anything about it in the Release Notes.

Any updates???

Thanks!

jrichard
December 29th, 2011, 04:11 PM
Thanks! While I was at LISA in Baltimore, Andrew Schretter gave me code to do exactly the same thing.

I'd love to see this merged into the Amanda tape device as a property. The code Andrew sent was specific to the Linux sg driver. I can't tell what system your code is designed for.

Anyway, why don't you take a look at device-src/tape-*.c and see what you can do?


I've seen the VMS source a number of times. I'd dearly love to get my hands on a Linux port. I see the linux source now... I'll play with it and post my experiences.

Regards,

Jim