LOADIWKEY—Load Internal Wrapping Key with Key LockerInstruction Operand EncodingDescriptionThe LOADIWKEY1 instruction writes the Key Locker internal wrapping key, which is called IWKey. This IWKey is used by the ENCODEKEY* instructions to wrap keys into handles. Conversely, the AESENC/DEC*KL instructions use IWKey to unwrap those keys from the handles and help verify the handle integrity. For security reasons, no instruc-tion is designed to allow software to directly read the IWKey value.IWKey includes two cryptographic keys as well as metadata. The two cryptographic keys are loaded from register sources so that LOADIWKEY can be executed without the keys ever being in memory.The key input operands are:•The 256-bit encryption key is loaded from the two explicit operands.•The 128-bit integrity key is loaded from the implicit operand XMM0.The implicit operand EAX specifies the KeySource and whether backing up the key is permitted:•EAX[0] – When set, the wrapping key being initialized is not permitted to be backed up to platform-scoped storage.•EAX[4:1] – This specifies the KeySource, which is the type of key. Currently only two encodings are supported. A KeySource of 0 indicates that the key input operands described above should be directly stored as the internal wrapping keys. LOADIWKEY with a KeySource of 1 will have random numbers from the on-chip random number generator XORed with the source registers (including XMM0) so that the software that executes the LOADIWKEY does not know the actual IWKey encryption and integrity keys. Software can choose to put additional random data into the source registers so that other sources of random data are combined with the hardware random number generator supplied value. Software should always check ZF after executing LOADIWKEY with KeySource of 1 as this operation may fail due to it being unable to get sufficient full-entropy data from the on-chip random number generator. Both KeySource of 0 and 1 specify that IWKey be used with the AES-GCM-SIV algorithm. CPUID.19H.ECX[1] enumerates support for KeySource of 1. All other KeySource encodings are reserved.•EAX[31:5] – Reserved.Opcode/InstructionOp/ En64/32-bit ModeCPUID Feature FlagDescriptionF3 0F 38 DC 11:rrr:bbb LOADIWKEY xmm1, xmm2, <EAX>, <XMM0>AV/VKLLoad internal wrapping key from xmm1, xmm2, and XMM0.Op/EnTupleOperand 1Operand 2Operand 3Operand 4ANAModRM:reg (r)ModRM:r/m (r)Implicit EAX (r)Implicit XMM0 (r)1.Further details on Key Locker and usage of this instruction can be found here:https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html.
This UNOFFICIAL reference was generated from the official Intel® 64 and IA-32 Architectures Software Developer’s Manual by a dumb script. There is no guarantee that some parts aren't mangled or broken and is distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.