Illegal instruction (AES-NI?)

[muhazzz]

I have a strange problem with KMS on my Debian server: What could be wrong and how to solve this "Illegal instruction" thing?

[tarcieri]

My guess would be your server doesn't have AES-NI, or has AES-NI explicitly disabled in UEFI/BIOS. What CPU is it? I can at least tell you if AES-NI should theoretically be supported. Otherwise try checking your UEFI/BIOS for an option to enable AES-NI or some other "Enable AES acceleration"-style option.

If your server has a CPU which actually doesn't support AES-NI, and you built the KMS with the RUSTFLAGS to enable it i.e.

export RUSTFLAGS=-Ctarget-feature=+aes

...you will need to disable those. Note that the software fallback it will use instead has not been extensively tested for potential security issues that can arise in a soft AES implementation (e.g. cache timing sidechannels).

[tarcieri]

Alternatively, you can try to figure out which illegal instruction was executed by disassembling the program with gdb or lldb after it catches the SIGILL. In gdb that'd look something like:

$ gdb tmkms
(gdb) run yubihsm keys list
[...] (keep `cont`inuing until you get to the SIGILL)
(gdb) disassemble

[tarcieri]

Here is an upstream issue to do runtime detection for AES-NI support:

https://github.com/RustCrypto/block-ciphers/issues/25

[greg-szabo]

I ran into the same issue and it was AES-NI. (The Core2Duo I was using doesn't support the AES instruction set.) Disabling it resolved this issue. (I had others, but unrelated ones.)