2025-10-09 –, Krakow/ Business Value & Enterprise Adoption
The Linux on IBM Z (s390x) platform provides hardware-backed keys. These so called protected keys hide the clear keys from the Application and even the Operating System, while the platform provides instructions to do standard cryptographic operations with this key material.
The talk gives a brief introduction to this Hardware feature and why it was not possible to exploit it in OpenSSL prior to version 3.5.0. The main part of the talk will focus on how the new EVP_SKEY API changes the game and gives an insight to the implementation. As a summary, the talk gives some arguments why using hardware-backed keys (via the EVP_SKEY API) increases the security of applications.
The Linux on IBM Z (s390x) platform provides hardware-backed keys. The firmware of the machine provides key wrapping for symmetric and asymmetric keys by the firmware. Applications and also the Operating System only have access to the wrapped key material. The platform provides CPU instructions to do standard cryptographic operations with these wrapped keys.
While exploiting the asymmetric protected keys with the EVP PKEY API is very straight forward, it was impossible up to OpenSSL 3.4.0 to exploit symmetric protected keys, because the symmetric EVP key API is not able to handle transparent key-blobs.
The EVP SKEY API, which has been introduced with OpenSSL 3.5.0, changes the game. It allows to handle transparent key-blobs also for symmetric crypto operations. The protected-key provider (zpc-provider) uses this new EVP SKEY API to provide protected key exploitation for symmetric crypto algorithms, like AES stream-ciphers via the OpenSSL provider API. En- and Decoders for the related key-material are also provided.
The concept of hardware-backed keys is not unique to Linux on IBM Z. Other platforms, also embedded platforms, also provide similar concepts. The talk is also intended to provide suggestions for other platforms to make the existing Hardware features accessible to OpenSSL applications.
- Opensource Developer @ IBM
- Nominated community member for OpenSSL platform linux64-s390x
- Linux Kernel co-Maintainer for crypto-related stuff for s390 architecture
Reinhard Buendgen studied computer science at the universities of Karlsruhe and Delaware in Newark, DE. In 1991 he earned a Ph.D. in computer science at the University of Tuebingen. Until 1997 he worked at the University of Tuebingen as a researcher and lecturer. He joined IBM in 1997 where he held positions in software development, project management and as software development architect in the areas of parallel computing and RAS & High Availability for Linux on System Z. Currently he is a Senior Technical Staff Member at IBM being the Chief Architect Confidential Computing & Crypto Enablement for Linux on IBM Z and LinuxONE.