News: 0001639138

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Linux 7.2 Preparing Intel Key Protection Technology "KPT" For Next-Gen QAT

([Intel] 5 Hours Ago Intel Key Protection Technology)


Going back to the launch of 1st Gen Xeon Scalable processors in 2017 was Intel Key Protection Technology (KPT) promoted and there have been Key Protection Technology references in QuickAssist (QAT) documentation since 2016. Surprisingly we are only now seeing Key Protection Technology references for the upstream Linux QAT driver as Intel engineers prepare for their next-gen "Gen6" QuickAssist hardware support.

Intel Key Protection Technology is for protecting keys by hardware encryption while they are in use, in flight, and at rest. With KPT, encryption keys are not exposed in plain text within host memory.for making QuickAssist hardware offloading more secure. Key Protection Technology has been advertised for years by Intel with their QAT-enabled Xeon Scalable processors but seemingly not supported by their mainline Linux driver.

Queued ahead of the Linux 7.2 kernel is [1]this patch in the crypto subsystem's development tree "cryptodev" for adding KPT support with Intel GEN6 QAT.

This includes plumbing the new sysfs interfaces for interacting with QAT KPT support and other infrastructure work with the QAT accelerator crypto driver for handling the Key Protection Technology. At first I was thinking it was just for new GEN6 only support, but going through the Linux source tree as of writing there are [2]no other hits around Key Protection Technology. Intel's open-source QAT library "QATlib" also [3]notes among its limitations is not supporting KPT:

So it seems that the upstream open-source Intel QAT code is finally catching up with KPT. As it's being implemented for QAT GEN6 devices, presumably there are some fundamental KPT improvements there making it more applicable. Intel last year [4]began adding QAT GEN6 support to the Linux kernel and with time exposing new features from [5]new telemetry to [6]better QAT Zstd support . In any event, with the code now being in the cryptodev branch, look for KPT on QAT GEN6 coming with Linux 7.2.



[1] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=fb98254a5eb9c5ddd22e9bffdd8ae709769bee9f

[2] https://github.com/search?q=repo%3Atorvalds%2Flinux%20%22Key%20Protection%20Technology%22&type=code

[3] https://github.com/intel/qatlib

[4] https://www.phoronix.com/news/Intel-QAT-GEN6-Linux-Driver

[5] https://www.phoronix.com/news/Linux-6.18-Crypto

[6] https://www.phoronix.com/news/Linux-7.1-Crypto-QAT-Zstd



Briefly stated, the findings are that when presented with an array of
data or a sequence of events in which they are instructed to discover
an underlying order, subjects show strong tendencies to perceive order
and causality in random arrays, to perceive a pattern or correlation
which seems a priori intuitively correct even when the actual correlation
in the data is counterintuitive, to jump to conclusions about the correct
hypothesis, to seek and to use only positive or confirmatory evidence, to
construe evidence liberally as confirmatory, to fail to generate or to
assess alternative hypotheses, and having thus managed to expose themselves
only to confirmatory instances, to be fallaciously confident of the validity
of their judgments (Jahoda, 1969; Einhorn and Hogarth, 1978). In the
analyzing of past events, these tendencies are exacerbated by failure to
appreciate the pitfalls of post hoc analyses.
-- A. Benjamin