Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

Written by Michael Larabel in Intel on 14 May 2021 at 05:50 PM EDT. 7 Comments
INTEL
One of the features already found in new Intel "Tiger Lake" CPUs but not yet supported by the Linux kernel is Key Locker for securing AES keys on the system. Going back months there has been various patch series working toward Key Locker support while the actual patch series getting things ready for usage was just sent out again under a "request for comments" flag.

Last December was the Key Locker kernel patch series initially sent out as a request for comments. Intel Key Locker allows encrypting/decrypting data without the raw AES key but instead making use of a key handle that is in place until revoked by the system. The key when loaded is effectively sealed and then accessed by new Intel Key Locker instructions (AESENC128KL, AESENCWIDE128KL, AESDEC128KL, AESDECWIDE128KL, AESENC256KL, AESENCWIDE256KL, AESDEC256KL, and AESDECWIDE256KL) to reference the handle to a particular AES key. Intel Key Locker aims to protect AES keys by keeping the raw keys exposed for a minimal amount of time to reduce the chances they are compromised by rogue attackers. The Linux support for Key Locker is being implemented as a new "aeskl-intel" driver for the kernel's crypto subsystem.

A half-year has passed since the first RFC patch series while this Friday a second revision was send out and is still marked as RFC. This is still under a request for comments in the Intel developers hoping for more feedback from developers over the implementation. The updated patches refactor the AES-NI implementation and has other low-level code improvements.

Those interested in Key Locker can learn more via these latest patches.
7 Comments
Related News
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
Intel Compute Runtime 24.45.31740.9 Released Ahead Of The Arc B580 "Battlemage" Launch
Intel ANV Driver Improves Vulkan Image Compression Going Back To Tigerlake
Intel CEO Pat Gelsinger Retires
Turbostat Utility Lands New Features With Linux 6.13
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features