January 14, 2020

239 words 2 mins read

Under Lock & Key: Using Hardware Protected Keys with the Linux Crypto API

Under Lock & Key: Using Hardware Protected Keys with the Linux Crypto API

The Linux Crypto API which provides potentially hardware accelerated cryptographic services to the Linux kernel and user space programs running under it, has a little known but extremely useful featur …

Talk Title Under Lock & Key: Using Hardware Protected Keys with the Linux Crypto API
Speakers Gilad Ben Yossef (Principal Software Engineer, Arm)
Conference Open Source Summit + ELC Europe
Conf Tag
Location Lyon, France
Date Oct 27-Nov 1, 2019
URL Talk Page
Slides Talk Slides
Video

The Linux Crypto API which provides potentially hardware accelerated cryptographic services to the Linux kernel and user space programs running under it, has a little known but extremely useful feature hidden away in the bowls of this under documented mechanism: the ability to perform cryptographic operations with keys which are locked away in a hardware vault and are not accessible for reading by software running on the main CPU.This feature, introduced silently (possibly too silently) by IBM for use with their s390 mainframes in 2016, has since been adopted for use in embedded systems by the author when compatible hardware is present and has the potential to provide a critical layer of security for secret keys in these complicated times haunted by the spectre of speculative execution side channel attacks.The presentation will explain the feature in depth, explain how to tell if your system of choice supports it, show case how to use the feature and some of the gotchas involved.

comments powered by Disqus