Intel Engineers Begin Landing Open-Source Support For TDX, Intel Key Locker
Written by Michael Larabel in Intel on 24 September 2020 at 06:47 AM EDT. 4 Comments
INTEL --
Last month Intel published a whitepaper on TDX as Trust Domain Extensions as a means of better securing virtual machines. TDX allows for isolating VMs from the hypervisor and other non-VMM system software. Intel TDX builds off other recent work around MKTME memory encryption and other features. We are now beginning to see that software side support roll-out along with the also-new Key Locker instructions.

Last night hitting LLVM 12 Git was TDX instructions support. New instructions added are SEAMCALL for calling the SEAM VMX-root operation module, SEAMRET to return to the legacy VMX-root operation, SEAMOPS for SEAM operations, and TDCALL to call the SEAM module functions.


Similarly, hitting the GNU Assembler code-base overnight was also the TDX instructions being added. The patches nor comments reveal yet what CPU generation where we might see these TDX instructions supported, but given Intel's usual Linux/open-source patch timing, it wouldn't be until Sapphire Rapids at the very earliest but as much of the Sapphire Rapids enablement already happened I am guessing TDX might not debut until Granite Rapids.

Also new this week in the assembler land is Intel landing Key Locker instructions within the GNU repository.

Last week Intel published a white paper on Key Locker. Key Locker allows encrypting/decrypting data with an AES key without having access to the raw key. This Key Locker encryption is performed by converting AES keys into handles and work only on that system and until they are revoked. Intel aims with Key Locker to prevent hackers from obtaining actual AES keys by ensuring they are off-limits after the AES handles are created. Key Locker brings the AESENC128KL, AESENCWIDE128KL, AESDEC128KL, AESDECWIDE128KL, AESENC256KL, AESENCWIDE256KL, AESDEC256KL, AESDECWIDE256KL instructions for Key Locker for encrypt/decrypt with various key sizes and block configurations.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week