[Cryptech Core] integrate_mkmif

Paul Selkirk paul at psgd.org
Mon May 4 17:33:50 UTC 2020

Somewhat belatedly, I'd like to report that I've merged the
'integrate_mkmif' branch of the keywrap core. tldr: The keywrap core now
talks directly to the mkmif core. The only time the ARM ever gets to see
the KEK is when it initially writes it to the MKM. So even if an
attacker gets into the ARM, he still can't read the keys.

Performance is pretty much the same, not surprisingly. At least, it was
until it occurred to me to run cryptech_muxd without the -vv argument
I've been using for years. Without that verbose logging, I now see
signing speeds of 93.830 sig/sec with 4 signers vs 1 modexpng core.
(libhal/tests/parallel-signatures.py -c 4 -i 10000).


More information about the Core mailing list