G'day list,

I'm trying to get access to PCICA crypto facilities on our z800 using RHEL
3, and having no luck at all.  Any wisdom from the list will be greatly
appreciated!

We are running z/VM 4.3, and have added CRYPTO APVIRT to the guest's
directory entry.  When we do Q CRYPTO, we get the following (which I
believe tells us that z/VM can see the hardware):

        Q CRYPTO
        Processor 00 Crypto Unit 1 usable
        There is no user enabled for PKSC Modify
        All users with directory authorization are enabled for key entry
        Crypto Adjunct Processor is installed
        Ready; T=0.01/0.01 17:10:09
        Q CRYPTO AP
        AP 00 PCICA Queue 07 is installed
        AP 01 PCICA Queue 07 is installed
        AP 02 PCICA Queue 07 is installed
        AP 03 PCICA Queue 07 is installed
        Ready; T=0.01/0.01 17:12:44

When we log the guest on and do Q CRYPTO, we get something a bit
different:

        Q CRYPTO
        No CAM or DAC Crypto Facilities defined
        AP 03 Queue 00 shared
        Ready; T=0.01/0.01 17:14:14

The AP and Queue numbers are different every time we log on (I read that
this is z/VM virtualising the queues to the real hardware on behalf of its
guests).  I'm a little concerned that the type of AP (PCICC or PCICA) is
not identified, though...

Then we IPL Linux, load the z90crypt module, and display
/proc/driver/z90crypt:

        z90crypt version: 1.1.3
        Cryptographic domain: 0
        Total device count: 0
        PCICA count: 0
        PCICC count: 0
        requestq count: 0
        pendingq count: 0
        Total open handles: 0

        Mask of online devices: 1 means PCICA, 2 means PCICC
            < row of 64 zeroes >

        Mask of waiting work element counts
            < row of 64 zeroes >

The test programs from the zSeries Crypto Guide Update redbook fail (the
tstcrtde program returns ENODEV, and the instructions for icacrtde say
"run this if the tstcrtde program was successful").

I have tried many combinations of the directory entries (with/without
DOMAIN on the CRYPTO statement, with/without CRYPTO on the CPU
statement), all with no success.

Does anyone have any hints/ideas on this?

Thanks in advance,
Vic


--
Vic Cross
Linux Centre of Compentency, IBM New Zealand
 (-- from home, in sunny Brisbane Australia --)

Reply via email to