From the workstation /home partition to a certificate store on an embedded system, use cases abound for encrypting data at rest. The common goal is thwarting offline attacks by keeping the plaintext key material safe from where an attacker could extract it.

In his talk, Ahmad will give a brief introduction to the kernel's trusted key subsystem and his work in enabling it for unattended disk decryption on NXP's i.MX line of embedded SoCs.