Author Topic: NASM is missing a more modern x86 instruction!  (Read 10488 times)

Offline ben321

  • Full Member
  • **
  • Posts: 185
NASM is missing a more modern x86 instruction!
« on: March 12, 2023, 03:56:01 AM »
NASM is not recognizing the instruction LOADIWKEY. While this can only be run at ring0 according to the documentation, it does exist, and therefore shouldn't be left out of the capabilities of NASM. It's the instruction to load the IWkey (Internal Wraping key, basically the master key) for the Key Locker system. Key Locker is Intel's secure on-chip facility for handling AES encryption and decryption (yes, you can actually do AES in hardware now, instead of coding the whole AES algorithm in software). When you load a key to encrypt or decrypt content, the CPU first encrypts the AES key with the IWkey. Then when you want to use the AES key to perform encryption or decryption, the CPU first decrypts the key internally (the unencrypted AES key, after initial creation, is never exposed to the rest of the system). After the key has been decrypted entirely within the CPU, it's then used to encrypt or decrypt the content in question. In this way, you can think of the IWkey as the master password in password management software. You can't get any of the passwords from the software, until you enter a master password to decrypt the stored passwords.

The IWkey is also not exposed to the rest of the system (again except during initial creation, unless you turn on a higher security level so it internally generates a random IWkey).

The official specifications for the Intel Key Locker can be found at:
https://www.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html

The section in this PDF document that deals with the instruction in question is section 3.12.