Hi, As far as I know there is no good utility in open source allowing to manage Self-Encrypting Drives (SED) for data center scale usages and client usages. Let me first introduce example use cases for both scenarios: * Data center usages (automatic): when disk is initially provisioned for security disk key could be created automatically on key manager and supplied to disk. On subsequent reboot of server, when disk is locked, corresponding disk key could be retrieved from key manager and used to unlock that disk. Initial provisioning and unlock are example flows which could be automated in the SW. * Client usages: manual disk provisioning for security, managing users and locking ranges, crypto erase, drive repurposing, etc. We have built prototype code covering these functionalities and now we would like to productize it. We are looking for the right place to publish our SW, considering util-linux project as one of the options. The SW will likely consist of: * Libsed - shared object exposing programmatic interface for security management (Opal) of disk * Sedcli - command line utility covering both client and data center flows. Sedcli will use libsed for interaction with the drive, libkmip for interaction with OASIS KMIP based key manager and tpm2-tss to interact with TPM2 key manager * Udev rules - will be used to invoke sedcli to auto-provision or auto-unlock when new device is added to the OS (e.g. hot insert) * System.d scripts - will be used to invoke sedcli when key needs to be retrieved from network attached key manager * Config file - will define policies for example on which disk should be security managed or not We would like to contribute that SW into util-linux project. What do you think about adding this SW into util-linux? Thx, Andrzej
