diff --git a/module/icp/core/kcf_prov_tabs.c b/module/icp/core/kcf_prov_tabs.c
index d587867886..ac18c66e9d 100644
--- a/module/icp/core/kcf_prov_tabs.c
+++ b/module/icp/core/kcf_prov_tabs.c
@@ -206,24 +206,6 @@ kcf_alloc_provider_desc(const crypto_provider_info_t *info)
 	kcf_provider_desc_t *desc =
 	    kmem_zalloc(sizeof (kcf_provider_desc_t), KM_SLEEP);
 
-	/*
-	 * pd_description serves two purposes
-	 * - Appears as a blank padded PKCS#11 style string, that will be
-	 *   returned to applications in CK_SLOT_INFO.slotDescription.
-	 *   This means that we should not have a null character in the
-	 *   first CRYPTO_PROVIDER_DESCR_MAX_LEN bytes.
-	 * - Appears as a null-terminated string that can be used by
-	 *   other kcf routines.
-	 *
-	 * So, we allocate enough room for one extra null terminator
-	 * which keeps every one happy.
-	 */
-	desc->pd_description = kmem_alloc(CRYPTO_PROVIDER_DESCR_MAX_LEN + 1,
-	    KM_SLEEP);
-	(void) memset(desc->pd_description, ' ',
-	    CRYPTO_PROVIDER_DESCR_MAX_LEN);
-	desc->pd_description[CRYPTO_PROVIDER_DESCR_MAX_LEN] = '\0';
-
 	desc->pd_mech_list_count = info->pi_mech_list_count;
 	desc->pd_mechanisms = kmem_zalloc(sizeof (crypto_mech_info_t) *
 	    info->pi_mech_list_count, KM_SLEEP);
@@ -290,10 +272,6 @@ kcf_free_provider_desc(kcf_provider_desc_t *desc)
 
 	/* free the kernel memory associated with the provider descriptor */
 
-	if (desc->pd_description != NULL)
-		kmem_free(desc->pd_description,
-		    CRYPTO_PROVIDER_DESCR_MAX_LEN + 1);
-
 	if (desc->pd_mechanisms != NULL)
 		/* free the memory associated with the mechanism info's */
 		kmem_free(desc->pd_mechanisms, sizeof (crypto_mech_info_t) *
diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h
index 3c8f4d37ee..39fa6dafed 100644
--- a/module/icp/include/sys/crypto/impl.h
+++ b/module/icp/include/sys/crypto/impl.h
@@ -221,7 +221,7 @@ typedef struct kcf_provider_desc {
 	// int				pd_module_id;
 	// struct modctl			*pd_mctlp;
 	kcondvar_t			pd_remove_cv;
-	char				*pd_description;
+	const char				*pd_description;
 	uint_t				pd_flags;
 	uint_t				pd_hash_limit;
 	crypto_kcf_provider_handle_t	pd_kcf_prov_handle;
diff --git a/module/icp/include/sys/crypto/spi.h b/module/icp/include/sys/crypto/spi.h
index 2993caa4fb..25fba6dda8 100644
--- a/module/icp/include/sys/crypto/spi.h
+++ b/module/icp/include/sys/crypto/spi.h
@@ -267,7 +267,7 @@ typedef uint_t crypto_kcf_provider_handle_t;
  * pi_provider_dev must be specified with a different pi_provider_handle.
  */
 typedef struct crypto_provider_info {
-	char				*pi_provider_description;
+	const char				*pi_provider_description;
 	crypto_provider_type_t		pi_provider_type;
 	crypto_provider_handle_t	pi_provider_handle;
 	const crypto_ops_t			*pi_ops_vector;
diff --git a/module/icp/spi/kcf_spi.c b/module/icp/spi/kcf_spi.c
index 284b56b85f..3e66123508 100644
--- a/module/icp/spi/kcf_spi.c
+++ b/module/icp/spi/kcf_spi.c
@@ -96,19 +96,7 @@ crypto_register_provider(const crypto_provider_info_t *info,
 	prov_desc->pd_prov_handle = info->pi_provider_handle;
 
 	/* copy provider description string */
-	if (info->pi_provider_description != NULL) {
-		/*
-		 * pi_provider_descriptor is a string that can contain
-		 * up to CRYPTO_PROVIDER_DESCR_MAX_LEN + 1 characters
-		 * INCLUDING the terminating null character. A bcopy()
-		 * is necessary here as pd_description should not have
-		 * a null character. See comments in kcf_alloc_provider_desc()
-		 * for details on pd_description field.
-		 */
-		bcopy(info->pi_provider_description, prov_desc->pd_description,
-		    MIN(strlen(info->pi_provider_description),
-		    (size_t)CRYPTO_PROVIDER_DESCR_MAX_LEN));
-	}
+	prov_desc->pd_description = info->pi_provider_description;
 
 	/* Change from Illumos: the ops vector is persistent. */
 	if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) {