> Why not just expose it uncondtionally? Please see the comment in the following patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 The goal of this change is to allow some users to use AES with hardware-bound keys from user-space without compromising others. Best regards Tomas
