On Wed, 24 Jan 2024 20:15:18 +0400, Peter <[email protected]> wrote: >Still I am trying to understand encryption and decryption load goes to >general CP In case if you don't have CPACF or ICSF ?
There's no such thing as "don't have CPACF". All machines have it. It's on-chip and part of the instruction set. The only variable is whether or not the no-charge hardware cryptographic feature 3863 is enabled (in countries where it is offered). It controls the amount of function in CPACF and whether or not you can use the crypto cards. Let's assume you have the feature enabled. As Eric has replied, CPACF is focused on symmetric (shared key) cryptographic operations. That's because symmetric operations can be done quickly, and far more efficiently than doing it in software. But CPACF is not an offload operation. All of the cycles are on the processor. For asymmetric cryptography, CPACF offers some help, but the real acceleration comes with the crypto cards. It's very visible when you start up a subsystem that clients are trying to connect to. E.g. telnet server, CICS, db2. Hundreds or thousands of clients may all be trying to connect at the same time. Those TLS handshakes are significantly accelerated by offloading the asymmetric cryptography to the crypto cards where it runs in parallel to whatever is happening on the CP. Alan Altmark IBM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
