Linux Driver Posted For Intel Silicon Security Engine Interface "ISSEI"
Since Intel Meteor Lake has been the Intel Silicon Security Engine to serve as a silicon root-of-trust for secure firmware loading, boot measurements, and similar functionality. This Intel Silicon Security Engine has been built on with Lunar Lake and Panther Lake as well as set to take on more importance with future Intel hardware platforms. We are now seeing a Linux driver come for this silicon RoT with the Intel Silicon Security Engine Interface (ISSEI).
Intel software engineer Alexander Usyskin posted today the patch series providing the initial Linux kernel plumbing around the Intel Silicon Security Engine Interface.
The Intel Security Engine has played a role in recent client platforms while the patch cover letter notes it will also play a role with Trust Domain Extensions (TDX) use-cases on future platforms, thus presumably coming to upcoming Intel Xeon processors as well. Presumably it's due to that future Intel Xeon server use why we are seeing this Linux kernel integration now rather than prior to the introduction of the client platforms.
The cover letter on the set of today's four patches elaborates on this ISSEI addition to the Linux kernel:
Intel software engineer Alexander Usyskin posted today the patch series providing the initial Linux kernel plumbing around the Intel Silicon Security Engine Interface.
👁 Intel Security Engine slide from Intel
The Intel Security Engine has played a role in recent client platforms while the patch cover letter notes it will also play a role with Trust Domain Extensions (TDX) use-cases on future platforms, thus presumably coming to upcoming Intel Xeon processors as well. Presumably it's due to that future Intel Xeon server use why we are seeing this Linux kernel integration now rather than prior to the introduction of the client platforms.
👁 Intel Security Engine diagram from Intel
The cover letter on the set of today's four patches elaborates on this ISSEI addition to the Linux kernel:
"The ISSEI (Intel Silicon Security Engine Interface) subsystem provides a communication channel between the host and the Silicon Security Engine.
This channel is used to get system measurements over SPDM protocol on Lunar Lake and Panther Lake platform and support for TDX use-cases on future platforms.
This series includes implementation of ISSEI communication protocol and transport module to transport data over HECI hardware.
The ISSEI uses the same HW module (HECI HW) as MEI, but the IP behind it is different (ISSE is not CSME) and protocol is different given ISSE hardware limitations. New driver allows clean split from MEI driver that drags ten years of backward compatibility with older platforms. Some paradigms were borrowed from MEI so two drivers look similar one to another."