Hello everyone,
I’m working with a server equipped with the MCX623106AC-CDAT (ConnectX-6 Dx), and I’m trying to make use of the AES-XTS block-level encryption for storage offloads as referenced in this NVIDIA datasheet.
However, I haven’t been able to find any detailed documentation or usage guidelines for this feature. It doesn’t seem to be covered in the ConnectX-6 user manual, and I haven’t seen any examples or configuration instructions online.
Has anyone successfully used this encryption feature?
Any pointers to official documentation, driver/firmware requirements, or configuration examples (perhaps via DOCA, MLNX_OFED, or firmware settings) would be greatly appreciated.
Thanks in advance!
Possibly a reference to IPsec Crypto Offloads (AES-XTS crypto offloads)–>
https://docs.nvidia.com/networking/display/nvidia-mlnx-ofed-documentation-v24-10-0-7-0-0.0.pdf
Or
NVIDIA DOCA Downloads | NVIDIA Developer (ref Bluefield or host)
I think a little more context is at play and needed here (full env deployment, elements, what is the use case or desire end goal) even if the CX6DX datasheet shows " AES-XTS block-level encryption for storage offloads".
I don’t think you will find instructions as simple as “How to deploy " AES-XTS block-level encryption for storage offloads”. Even if the adapter might be compliant & support this mode of operation.
Hi, thanks for the reply.
I’ve checked the MLNX_OFED documentation, and the only reference I found to AES-XTS is the line mentioning “AES-XTS in RDMA: Added support for plaintext AES-XTS DEKs.”
However, there are no further explanations on how to configure or make use of this feature—whether via mlx5 driver settings, user-space APIs (e.g., via pyverbs or rdma-core), or firmware toggles.
My goal is to explore hardware offload of AES-XTS encryption for block storage use cases, potentially integrating it with nvme-cli and rdma-core. The platform is a ConnectX-6 Dx (MCX623106AC-CDAT) NIC on a standard aarch64 host.
Thanks again!
