Intel Engineers Revise Key Locker Implementation For Linux

Going back to 2020 has been work by Intel's open-source engineers on implementing Key Locker support for Linux. Intel Key Locker allows for encrypting/decrypting data with an AES key without having access to the raw/actual key. AES keys are converted into handles with Intel Key Locker that can then be used for carrying out encryption/decryption on that system until revoked or system state changes. Intel engineers on Wednesday posted their seventh iteration of the patches for supporting Key Locker on Linux.

The Intel Key Locker work on Linux was on a temporary hiatus after hitting a big performance issue. With that having been resolved, over the past month there's been an uptick in work around the Linux kernel support for Intel Key Locker.

With the pending patches, Intel Key Locker support would be exposed on capable Intel processors while the patches do introduce a "nokeylocker" kernel command line option if wishing to force off the support at boot time for debug/testing purposes.

The Key Locker v7 patches were posted on Wednesday to address feedback from last month's patches. With the v7 patches all review comments from the prior round should be addressed. It will be interesting to see if this work is now deemed in good enough shape for upstreaming this summer.