Intel Seeks More Comments From Developers On Key Locker Implementation For Linux

Written by Michael Larabel in Intel on 14 May 2021 at 05:50 PM EDT. 7 Comments
One of the features already found in new Intel "Tiger Lake" CPUs but not yet supported by the Linux kernel is Key Locker for securing AES keys on the system. Going back months there has been various patch series working toward Key Locker support while the actual patch series getting things ready for usage was just sent out again under a "request for comments" flag.

Last December was the Key Locker kernel patch series initially sent out as a request for comments. Intel Key Locker allows encrypting/decrypting data without the raw AES key but instead making use of a key handle that is in place until revoked by the system. The key when loaded is effectively sealed and then accessed by new Intel Key Locker instructions (AESENC128KL, AESENCWIDE128KL, AESDEC128KL, AESDECWIDE128KL, AESENC256KL, AESENCWIDE256KL, AESDEC256KL, and AESDECWIDE256KL) to reference the handle to a particular AES key. Intel Key Locker aims to protect AES keys by keeping the raw keys exposed for a minimal amount of time to reduce the chances they are compromised by rogue attackers. The Linux support for Key Locker is being implemented as a new "aeskl-intel" driver for the kernel's crypto subsystem.

A half-year has passed since the first RFC patch series while this Friday a second revision was send out and is still marked as RFC. This is still under a request for comments in the Intel developers hoping for more feedback from developers over the implementation. The updated patches refactor the AES-NI implementation and has other low-level code improvements.

Those interested in Key Locker can learn more via these latest patches.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week