Querying the encryption setting of a channel path
A read-only attribute shows the Fibre Channel Endpoint Security status of the connection to the DASD device.
About this task
Fibre Channel Endpoint Security (FCES) is a hardware feature that encrypts traffic between the Z host system and storage server transparently. You can read the current state of the FCES for a DASD from the fc_security attribute. The attribute is available per DASD device and per path.
For a device, the attribute can take the following values:
- Authentication
- The connection is authenticated.
- Encryption
- The connection is encrypted.
- Inconsistent
- At least one of the operational paths is in a different state from all others.
- Unsupported
- The DASD device does not support FCES.
The sysfs attributes per path are organized in a directory called paths_info with sub-directories for each path. For example:
/sys/bus/ccw/devices/0.0.4711/paths_info/
|-- 0.38
| ’-- fc_security
|-- 0.39
| ’-- fc_security
|-- 0.3a
| ’-- fc_security
For a path, the fc_security attribute can be
Authentication, Encrypted, and
Unsupported.Procedure
FCES for a device is available if the fc_security sysfs attribute
is Encryption
.
To query the FCES status of a DASD device, issue a command of this form:
# lsdasd -l <device_bus_id>
or, using
lszdev:# lszdev <device_bus_id> -a -c TYPE,ID,ATTR:fc_security,ATTRPATH:fc_security
Alternatively,
you can read the sysfs attribute directly:# cat /sys/bus/ccw/devices/<device_bus_id>/fc_security
where /sys/bus/ccw/devices/<device_bus_id>
represents the
device in sysfs.
Examples
- To query the FCES status for a device 0.0.4711, issue:
This example indicates that the connection to the DASD is encrypted.# lsdasd -l 0.0.4711 0.0.4711/dasdc/94:8 status: active type: ECKD ... ... fc_security: Encryption
- To query the FCES status for a device 0.0.4711 using the lszdev command,
issue:
$ lszdev 0.0.4711 -a -c TYPE,ID,ATTR:fc_security,ATTRPATH:fc_security TYPE ID ATTR:fc_security ATTRPATH:fc_security dasd-eckd 0.0.4711 Encryption /sys/bus/ccw/drivers/dasd-eckd/0.0.4711/fc_security
- To query the FCES status for a device 0.0.4712 by reading from the
fc_security sysfs
attribute:
This example indicates that DASD 0.0.4712 does not support FCES.# cat /sys/bus/ccw/devices/0.0.4712/fc_security Unsupported
- To read the fc_security attribute of path 0.38 for DASD 0.0.4711,
issue:
# cat /sys/bus/ccw/devices/0.0.4711/paths_info/0.38/fc_security Encrypted