caption: Controls use of <ph name="AES_KL_NAME">AES Keylocker</ph> for user storage
encryption if supported
default: false
desc: |-
This policy controls whether the <ph name="AES_KL_NAME">AES Keylocker</ph> implementation is enabled for user storage encryption for <ph name="DM_CRYPT">dm-crypt</ph> user homes on ChromeOS, if supported.
This policy only applies to user homes which use <ph name="DM_CRYPT">dm-crypt</ph>) for encryption. Legacy user homes (those which do not use <ph name="DM_CRYPT">dm-crypt</ph>) do not support the use of <ph name="AES_KL_NAME">AES Keylocker</ph> and will default to using <ph name="AES_NI_NAME">AESNI</ph>.
If the policy value changes, existing <ph name="DM_CRYPT">dm-crypt</ph> user homes will be accessed using the encryption implementation configured by the policy because the <ph name="AES_ALGORITHM_NAME">AES</ph> implementations are compatible.
If the policy is disabled or not set, user storage encryption for <ph name="DM_CRYPT">dm-crypt</ph> user homes will default to using <ph name="AES_NI_NAME">AESNI</ph>.
device_only: true
example_value: true
features:
dynamic_refresh: true
per_profile: false
items:
- caption: Use <ph name="AES_KL_NAME">AES Keylocker</ph> as the encryption algorithm
for user storage encryption, if supported
value: true
- caption: Do not use <ph name="AES_KL_NAME">AES Keylocker</ph> as the encryption
algorithm for user storage encryption
value: false
owners:
- [email protected]
schema:
type: boolean
supported_on:
- chrome_os:99-
tags: []
type: main
generate_device_proto: False
Codebase Browser
chromium