Announcement

Collapse
No announcement yet.

Intel Back To Working On Key Locker For Linux After Tackling Big Performance Issue

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Intel Back To Working On Key Locker For Linux After Tackling Big Performance Issue

    Phoronix: Intel Back To Working On Key Locker For Linux After Tackling Big Performance Issue

    Going back to 2020 Intel's open-source engineers have been working on Key Locker support for Linux for that hardware feature introduced with Tigerlake CPUs. The Key Locker Linux support has been worked on now for nearly three years and finally after a hiatus a new version was sent out after they worked through a significant performance issue now being addressed with forthcoming firmware...

    Intel Back To Working On Key Locker For Linux After Tackling Big Performance Issue - Phoronix
    https://www.phoronix.com/news/Intel-Key-Locker-Linux-2023
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    Typo:
    into handles that are can then carry
    • Likes 2

    Comment

    • #3
      How is this different than TPM or U2F hardware token?
      Is this to protect my keys from hackers, or to protect some companies keys from me?
      • Likes 2

      Comment

      • #4
        Originally posted by uid313 View Post
        How is this different than TPM or U2F hardware token?
        Is this to protect my keys from hackers, or to protect some companies keys from me?
        In almost all cases it designed to simply protect keys... the problem is the "companies" get their keys in first so the hardware protects them from you
        • Likes 8

        Comment

        • #5
          Originally posted by zexelon View Post

          In almost all cases it designed to simply protect keys... the problem is the "companies" get their keys in first so the hardware protects them from you
          Unless you turn it off or otherwise restrict access to the TPM (so any given programs can't arbitrarily write to it). But yeah, in many cases this is less about securing the hardware owner's keys from malicious actors or to protect the actual copyright holders (writers, artists, musicians) from infringers. In reality it's meant to further enforce a business model of big name stakeholders' monopoly position of Amazon/Audible, Disney, Fox conglomerate, Comcast/TimeWarner, Microsoft, Adobe, etc. It has nothing to do with protecting the little guy at all, rather the reverse.
          • Likes 6

          Comment

          • #6
            Originally posted by stormcrow View Post

            Unless you turn it off or otherwise restrict access to the TPM (so any given programs can't arbitrarily write to it). But yeah, in many cases this is less about securing the hardware owner's keys from malicious actors or to protect the actual copyright holders (writers, artists, musicians) from infringers. In reality it's meant to further enforce a business model of big name stakeholders' monopoly position of Amazon/Audible, Disney, Fox conglomerate, Comcast/TimeWarner, Microsoft, Adobe, etc. It has nothing to do with protecting the little guy at all, rather the reverse.
            I believe you are mistaking the TPM with DRM.
            TPM is very useful to ensure your system booted in a known state, and to verify that no one tampered with the boot process.
            Combined with secureboot (with custom keys), disk encryption, SELinux and Linux Integrity Measurement Architecture (IMA), you can have a very safe system that is very hard to hack even with (time limited) physical access.
            • Likes 4

            Comment

            • #7
              User cert / key safety on Linux, at least on the desktop, is a total joke. Once you start up the key managers they are completely promiscuous. Google linux python keyring / linux python password, then grit your teeth and prepare yourself for a horror show.
              • Likes 1

              Comment

              • #8
                Originally posted by aviallon View Post

                I believe you are mistaking the TPM with DRM.
                TPM is very useful to ensure your system booted in a known state, and to verify that no one tampered with the boot process.
                Combined with secureboot (with custom keys), disk encryption, SELinux and Linux Integrity Measurement Architecture (IMA), you can have a very safe system that is very hard to hack even with (time limited) physical access.
                Indeed I learnt this on another Phoronix thread, TPM has nothing to do with DRM and you cant even use TPM to do conventional DRM because it would be way too slow (TPM is not fast enough to decrypt streams on the fly).

                Comment

                Previous template Next
                Working...
                X