Querying the encryption setting of a channel path
![]()
A read-only attribute shows the Fibre Channel Endpoint Security status of the connection to the DASD device.
About this task
Fibre Channel Endpoint Security (FCES) is a hardware feature that encrypts traffic between the Z host system and storage server transparently. You can read the current state of the FCES for a DASD from the fc_security attribute. The attribute is available per DASD device and per path.
- Authentication
- The connection is authenticated.
- Encryption
- The connection is encrypted.
- Inconsistent
- At least one of the operational paths is in a different state from all others.
- Unsupported
- The DASD device does not support FCES.
The sysfs attributes per path are organized in a directory called paths_info with sub-directories for each path. For example:
/sys/bus/ccw/devices/0.0.4711/paths_info/ |-- 0.38 | ’-- fc_security |-- 0.39 | ’-- fc_security |-- 0.3a | ’-- fc_security
For a path, the fc_security attribute can be Authentication, Encrypted, and Unsupported.
FCES
for a device is available if the fc_security sysfs attribute is
Encryption
.
Procedure
# lsdasd -l <device_bus_id>or, using lszdev:
# lszdev <device_bus_id> -a -c TYPE,ID,ATTR:fc_security,ATTRPATH:fc_securityAlternatively, you can read the sysfs attribute directly:
# cat /sys/bus/ccw/devices/<device_bus_id>/fc_security
where /sys/bus/ccw/devices/<device_bus_id> represents the device in sysfs.
Examples
- To query the FCES status for a device 0.0.4711, issue:
# lsdasd -l 0.0.4711 0.0.4711/dasdc/94:8 status: active type: ECKD ... ... fc_security: Encryption
This example indicates that the connection to the DASD is encrypted. - To query the FCES status for a device 0.0.4711 using the lszdev command,
issue:
# lszdev 0.0.4711 -a -c TYPE,ID,ATTR:fc_security,ATTRPATH:fc_security TYPE ID ATTR:fc_security ATTRPATH:fc_security dasd-eckd 0.0.4711 Encryption /sys/bus/ccw/drivers/dasd-eckd/0.0.4711/fc_security
- To query the FCES status for a device 0.0.4712 by reading from the
fc_security sysfs
attribute:
# cat /sys/bus/ccw/devices/0.0.4712/fc_security Unsupported
This example indicates that DASD 0.0.4712 does not support FCES. - To read the fc_security attribute of path 0.38 for DASD 0.0.4711,
issue:
# cat /sys/bus/ccw/devices/0.0.4711/paths_info/0.38/fc_security Encrypted