AIX Advanced Crypto Facility (ACF) now taps into Power in-core hardware acceleration for AES-GCM & GMAC. This enhancement delivers significant performance gains especially for IPsec, which leverages ACF for secure, high-speed encryption. Lab tests show up to close to 3x improvement in IPsec throughput with in-core acceleration enabled. 

Please refer this post for more details.  

https://community.ibm.com/community/user/blogs/swetha-narayana/2024/12/20/accelerate-aix-ipsec-with-the-help-of-power-in-cor 

ACF enhancements have been integrated into both AIX Encrypted Logical Volumes and Physical Volumes, resulting in significant IOPS improvements and reduced CPU usage. Lab tests have shown approximately a 15% performance gain for both Logical and Physical Volumes 

Platform KeyStore (PKS) now supports User-Space on AIX 

With FW950 + HMC 9.2.950, Applications on AIX can now securely store secrets in hardware backed NVRAM using PKS. 

Key features: 

With more exploiters using PKS, storage limitations in NVRAM became a concern. To address this, object wrapping was introduced in Power11 (FW1110), allowing more efficient use of PKS storage. 

Please refer this post for more details. 

https://community.ibm.com/community/user/blogs/soumya-mukherjee/2024/12/19/pks-for-userspace 

Audit API Gets Smarter in new AIX 

Fine grained control over audit records, support for custom audit events from user space apps. Check out this blog for more details.  
https://community.ibm.com/community/user/blogs/manjunath-a-pattanshetti/2024/12/11/aix-audit-api-enhancements?CommunityKey=daa942cb-b783-4fd3-ba27-a2d7462f9530 

Continuous Auditing Meets Zero Downtime: AIX LKU Now Supports All Audit Modes 

AIX Auditing is now fully compatible with Live Kernel Update (LKU), including both BIN and STREAM modes. This enhancement ensures continuous observability during live updates no more trade-offs between uptime and audit integrity 

Please refer this post for more details. 
https://community.ibm.com/community/user/blogs/manjunath-a-pattanshetti/2024/12/09/live-update-support-for-aix-auditing?CommunityKey=daa942cb-b783-4fd3-ba27-a2d7462f9530 

8 

 AIX Live Kernel Update Is Now Possible with Active IPsec Tunnels and IPsec filters 

No more downtime, with AIX LKU, you can now migrate active IPsec tunnels without rebooting or disrupting secure traffic. Traditionally, LKU failed if IPsec tunnels or filters were active. With a new LKU unable “ipsec_auto_migrateoption”, AIX can automatically tear down and restore IPsec during LKU, no manual intervention needed. 

Please refer this post for more details. 
https://community.ibm.com/community/user/blogs/mansi-jaiswal/2024/12/18/migrate-ipsec-tunnels-with-live-kernel-update 

AIX IPsec/IKEv2 now supports stronger cryptographic algorithms, reinforcing its position as a secure and enterprise grade networking solution. 

These enhancements align AIX IPsec/IKEv2 with modern security standards, making it suitable for environments requiring high assurance encryption and future proof cryptographic strength. Whether you're securing internal communications or building a zero-trust architecture, these updates ensure your AIX systems are ready for the next generation of secure networking. 

OpenSSL, 3.0.15.1001, is now available on AIX 

This release includes performance optimizations for the AES-GCM, AES-XTS, and AES-CFB algorithms, leveraging the in-core cryptographic acceleration capabilities of the IBM Power11 processor 
 

Trusted boot is now enabled with vTPM 2.0