Linux 7.2 Preparing Intel Key Protection Technology "KPT" For Next-Gen QAT
([Intel] 5 Hours Ago
Intel Key Protection Technology)
- Reference: 0001639138
- News link: https://www.phoronix.com/news/Intel-KPT-For-QAT-Gen6
- Source link:
Going back to the launch of 1st Gen Xeon Scalable processors in 2017 was Intel Key Protection Technology (KPT) promoted and there have been Key Protection Technology references in QuickAssist (QAT) documentation since 2016. Surprisingly we are only now seeing Key Protection Technology references for the upstream Linux QAT driver as Intel engineers prepare for their next-gen "Gen6" QuickAssist hardware support.
Intel Key Protection Technology is for protecting keys by hardware encryption while they are in use, in flight, and at rest. With KPT, encryption keys are not exposed in plain text within host memory.for making QuickAssist hardware offloading more secure. Key Protection Technology has been advertised for years by Intel with their QAT-enabled Xeon Scalable processors but seemingly not supported by their mainline Linux driver.
Queued ahead of the Linux 7.2 kernel is [1]this patch in the crypto subsystem's development tree "cryptodev" for adding KPT support with Intel GEN6 QAT.
This includes plumbing the new sysfs interfaces for interacting with QAT KPT support and other infrastructure work with the QAT accelerator crypto driver for handling the Key Protection Technology. At first I was thinking it was just for new GEN6 only support, but going through the Linux source tree as of writing there are [2]no other hits around Key Protection Technology. Intel's open-source QAT library "QATlib" also [3]notes among its limitations is not supporting KPT:
So it seems that the upstream open-source Intel QAT code is finally catching up with KPT. As it's being implemented for QAT GEN6 devices, presumably there are some fundamental KPT improvements there making it more applicable. Intel last year [4]began adding QAT GEN6 support to the Linux kernel and with time exposing new features from [5]new telemetry to [6]better QAT Zstd support . In any event, with the code now being in the cryptodev branch, look for KPT on QAT GEN6 coming with Linux 7.2.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=fb98254a5eb9c5ddd22e9bffdd8ae709769bee9f
[2] https://github.com/search?q=repo%3Atorvalds%2Flinux%20%22Key%20Protection%20Technology%22&type=code
[3] https://github.com/intel/qatlib
[4] https://www.phoronix.com/news/Intel-QAT-GEN6-Linux-Driver
[5] https://www.phoronix.com/news/Linux-6.18-Crypto
[6] https://www.phoronix.com/news/Linux-7.1-Crypto-QAT-Zstd
Intel Key Protection Technology is for protecting keys by hardware encryption while they are in use, in flight, and at rest. With KPT, encryption keys are not exposed in plain text within host memory.for making QuickAssist hardware offloading more secure. Key Protection Technology has been advertised for years by Intel with their QAT-enabled Xeon Scalable processors but seemingly not supported by their mainline Linux driver.
Queued ahead of the Linux 7.2 kernel is [1]this patch in the crypto subsystem's development tree "cryptodev" for adding KPT support with Intel GEN6 QAT.
This includes plumbing the new sysfs interfaces for interacting with QAT KPT support and other infrastructure work with the QAT accelerator crypto driver for handling the Key Protection Technology. At first I was thinking it was just for new GEN6 only support, but going through the Linux source tree as of writing there are [2]no other hits around Key Protection Technology. Intel's open-source QAT library "QATlib" also [3]notes among its limitations is not supporting KPT:
So it seems that the upstream open-source Intel QAT code is finally catching up with KPT. As it's being implemented for QAT GEN6 devices, presumably there are some fundamental KPT improvements there making it more applicable. Intel last year [4]began adding QAT GEN6 support to the Linux kernel and with time exposing new features from [5]new telemetry to [6]better QAT Zstd support . In any event, with the code now being in the cryptodev branch, look for KPT on QAT GEN6 coming with Linux 7.2.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=fb98254a5eb9c5ddd22e9bffdd8ae709769bee9f
[2] https://github.com/search?q=repo%3Atorvalds%2Flinux%20%22Key%20Protection%20Technology%22&type=code
[3] https://github.com/intel/qatlib
[4] https://www.phoronix.com/news/Intel-QAT-GEN6-Linux-Driver
[5] https://www.phoronix.com/news/Linux-6.18-Crypto
[6] https://www.phoronix.com/news/Linux-7.1-Crypto-QAT-Zstd