Purism decision about NSA’s Encryption Algorithm Speck in Linux Kernel 4.17

Very interesting news about Linux kernel 4.17. It integrates NSA’s ‘controversial’ encryption algorithm Speck for IoT devices. Of course NSA reject any request about opening the code of Speck.

It is important to talk about this because it is possible to disable it, but for instance, Arch Linux turns on Speck module by default.

Question :
Is Purism aware about this module and what will be your decision ? Turn it on or off by default ? What about Simon, the other module that the NSA would like to push into Linux kernel ?

Thank you very much.


Yes, we are aware, we will not ship it at all in our binary package for kernel.

For the other module: we will discuss this.


Just to make thing clear:

Even if it is enabled in our kernel, having it has absolutely no impact on kernel security - it is not used unless the user explicitly wants to use it for encryption. It’s only actually of use on low-power, low-specs devices, which you clearly don’t have if you run an amd64 CPU.

Thank you @mladen.

Sorry maybe I misunderstood, but your second answer suggests that Speck could be integrated into the kernel when the first message did not suggest it and was very reassuring.

Thanks to you, I understand that this kernel is used for IoT or low-spec devices but having a module enabled by default that I don’t need, and knowing that it comes from a very intrusive company worries me a bit.

Thank you very much for your feedback.

1 Like

Like I have already said, we will not ship it at all in our binary kernel package.

One of developers suggested that speck is not enabled in our kernel, you can check this with:

grep SPECK /boot/config-*

terminal command.