Hi Max! > The way I see it now, and I might be wrong, is that the Linux kernel > is not supporting application to store apptag values unless it's using > some passthrough command. As Keith mentioned, there are various ways. But let's assume you are a multipathed storage device that says "Yes, I support encryption". And then one of the paths doesn't and just lets things go across the wire in plain text. I think most people would agree that would be a *bad* thing. The expectation is that when a device reports that a capability is enabled, that this capability is actually effective. Protection information is no different. The PI is part of the data and it needs to be validated by the recipient. Silently throwing away the protection information defies the very premise of why data integrity protection was defined in the first place. -- Martin K. Petersen Oracle Linux Engineering
