Announcement

**uid313** · 15 May 2021, 07:15 AM

Is this for me to lock my keys so other's cant steal them?
Or is this for others to store keys on my computer and block me from accessing them?

**ThoreauHD** · 15 May 2021, 08:23 AM

Here's a comment. Remove the ME control chips from your motherboards, since that renders your keystore pointless. No point in changing the locks when Odin's Eye is already raping you.

**skeevy420** · 15 May 2021, 08:32 AM

Originally posted by uid313 View Post

Is this for me to lock my keys so other's cant steal them?
Or is this for others to store keys on my computer and block me from accessing them?

Here's what I'm wondering: Regardless of whose keys, does creating a fixed place to store them make it an easier attack vector? If they know the keys will be in the Key Locker....

**uid313** · 15 May 2021, 09:44 AM

Originally posted by skeevy420 View Post

Here's what I'm wondering: Regardless of whose keys, does creating a fixed place to store them make it an easier attack vector? If they know the keys will be in the Key Locker....

Well, it wouldn't be difficult to write a software that includes a list of well-known locations where to search for keys.
If you store it in your home directory, then any software you run can access those files. However, you may encrypt the file with a master password.
With this Intel solution I guess the kernel prevents software from accessing that region. But I don't know if it results in any real security benefits, because somehow it must still be read, even if via a system call that takes a password, then what is to prevent software from eavesdropping on the master password.

**Cape** · 16 May 2021, 03:46 AM

🤣😅

> C'mon goys! Store your private keys inside our vault!
> [rubbing hands intensifies]
> What?! No, why should we steal it using the ME chip?
> Did I tell you how fast is the new AVX1024768965 instruction?

**Guest** · 16 May 2021, 04:40 AM

Originally posted by uid313 View Post

Is this for me to lock my keys so other's cant steal them?
Or is this for others to store keys on my computer and block me from accessing them?

It can be used for both purposes. I can say with 100% certainty that this will be used on Tigerlake Chromebooks to protect DRM keys from the user.

It can also be used by us to protect our own AES keys (e.g LUKS encrypted partition keys). That would be nice. Although it's highly unlikely any company will work on implementing such a feature, since it only benefits individual users.

**Guest** · 16 May 2021, 04:41 AM

Originally posted by skeevy420 View Post

Here's what I'm wondering: Regardless of whose keys, does creating a fixed place to store them make it an easier attack vector? If they know the keys will be in the Key Locker....

Sure, but then the keys stored unencrypted in memory are also a target.........

Announcement

Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

Comment

Comment

Comment

Comment

Comment

Comment

Comment