Announcement

Collapse
No announcement yet.

Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

    Phoronix: Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

    One of the features already found in new Intel "Tiger Lake" CPUs but not yet supported by the Linux kernel is Key Locker for securing AES keys on the system. Going back months there has been various patch series working toward Key Locker support while the actual patch series getting things ready for usage was just sent out again under a "request for comments" flag...

    https://www.phoronix.com/scan.php?pa...-Locker-RFC-v2

  • #2
    Is this for me to lock my keys so other's cant steal them?
    Or is this for others to store keys on my computer and block me from accessing them?

    Comment


    • #3
      Here's a comment. Remove the ME control chips from your motherboards, since that renders your keystore pointless. No point in changing the locks when Odin's Eye is already raping you.

      Comment


      • #4
        Originally posted by uid313 View Post
        Is this for me to lock my keys so other's cant steal them?
        Or is this for others to store keys on my computer and block me from accessing them?
        Here's what I'm wondering: Regardless of whose keys, does creating a fixed place to store them make it an easier attack vector? If they know the keys will be in the Key Locker....

        Comment


        • #5
          Originally posted by skeevy420 View Post

          Here's what I'm wondering: Regardless of whose keys, does creating a fixed place to store them make it an easier attack vector? If they know the keys will be in the Key Locker....
          Well, it wouldn't be difficult to write a software that includes a list of well-known locations where to search for keys.
          If you store it in your home directory, then any software you run can access those files. However, you may encrypt the file with a master password.
          With this Intel solution I guess the kernel prevents software from accessing that region. But I don't know if it results in any real security benefits, because somehow it must still be read, even if via a system call that takes a password, then what is to prevent software from eavesdropping on the master password.

          Comment


          • #6
            🤣😅

            > C'mon goys! Store your private keys inside our vault!
            > [rubbing hands intensifies]
            > What?! No, why should we steal it using the ME chip?
            > Did I tell you how fast is the new AVX1024768965 instruction?

            Comment


            • #7
              Originally posted by uid313 View Post
              Is this for me to lock my keys so other's cant steal them?
              Or is this for others to store keys on my computer and block me from accessing them?
              It can be used for both purposes. I can say with 100% certainty that this will be used on Tigerlake Chromebooks to protect DRM keys from the user.

              It can also be used by us to protect our own AES keys (e.g LUKS encrypted partition keys). That would be nice. Although it's highly unlikely any company will work on implementing such a feature, since it only benefits individual users.

              Comment


              • #8
                Originally posted by skeevy420 View Post

                Here's what I'm wondering: Regardless of whose keys, does creating a fixed place to store them make it an easier attack vector? If they know the keys will be in the Key Locker....
                Sure, but then the keys stored unencrypted in memory are also a target.........

                Comment

                Working...
                X