Show Your Support: Did you know that the hundreds of articles written on Phoronix each month are mostly authored by one individual? Phoronix.com doesn't have a whole news room with unlimited resources and relies upon people reading our content without blocking ads and alternatively by people subscribing to Phoronix Premium for our ad-free service with other extra features.
Intel Engineers Begin Landing Open-Source Support For TDX, Intel Key Locker
Last night hitting LLVM 12 Git was TDX instructions support. New instructions added are SEAMCALL for calling the SEAM VMX-root operation module, SEAMRET to return to the legacy VMX-root operation, SEAMOPS for SEAM operations, and TDCALL to call the SEAM module functions.
Similarly, hitting the GNU Assembler code-base overnight was also the TDX instructions being added. The patches nor comments reveal yet what CPU generation where we might see these TDX instructions supported, but given Intel's usual Linux/open-source patch timing, it wouldn't be until Sapphire Rapids at the very earliest but as much of the Sapphire Rapids enablement already happened I am guessing TDX might not debut until Granite Rapids.
Also new this week in the assembler land is Intel landing Key Locker instructions within the GNU repository.
Last week Intel published a white paper on Key Locker. Key Locker allows encrypting/decrypting data with an AES key without having access to the raw key. This Key Locker encryption is performed by converting AES keys into handles and work only on that system and until they are revoked. Intel aims with Key Locker to prevent hackers from obtaining actual AES keys by ensuring they are off-limits after the AES handles are created. Key Locker brings the AESENC128KL, AESENCWIDE128KL, AESDEC128KL, AESDECWIDE128KL, AESENC256KL, AESENCWIDE256KL, AESDEC256KL, AESDECWIDE256KL instructions for Key Locker for encrypt/decrypt with various key sizes and block configurations.