Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.1:Update
s390-tools
s390-tools-sles11sp3-lszcrypt-cex4-support.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File s390-tools-sles11sp3-lszcrypt-cex4-support.patch of Package s390-tools
Subject: [PATCH] [FEAT SEC1101] lszcrypt: Add support for CEX4 crypto cards From: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> Summary: lszcrypt: Add support for CEX4 crypto cards Description: CEX4 crypto cards are now supported by lszcrypt and chzcrypt. Card capabilities and pending request counters are displayed in verbose level 3. Upstream-ID: - Problem-ID: SEC1101 Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com> --- zconf/chzcrypt | 3 + zconf/lszcrypt | 131 +++++++++++++++++++++++++++++++++++++++++++++++-------- zconf/lszcrypt.8 | 89 ++++++++++++++++++++++++++++--------- 3 files changed, 183 insertions(+), 40 deletions(-) --- a/zconf/chzcrypt +++ b/zconf/chzcrypt @@ -246,6 +246,9 @@ for DEV in $DEV_LIST ; do echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2 exit 1 fi + if [ ! -w $DEV/online ] ; then + continue + fi verbose "Setting cryptographic adapter $CARD $ONLINE_TEXT." echo $ONLINE > "$DEV/online" 2> /dev/null if [ "$( cat $DEV/online )" != "$ONLINE" ] ; then --- a/zconf/lszcrypt +++ b/zconf/lszcrypt @@ -1,6 +1,6 @@ #!/bin/bash #============================================================================== -# Copyright IBM Corp. 2008. +# Copyright IBM Corp. 2012. # # lszcrypt # @@ -8,6 +8,7 @@ # # Author(s): Ralph Wuerthner <rwuerthn@de.ibm.com> # Felix Beck <felix.beck@de.ibm.com> +# Holger Dengler <hd@linux.vnet.ibm.com> # # This file is part of s390-tools # @@ -28,17 +29,29 @@ CMD="$( basename $0 )" +CAP_RSA2K="RSA 2K Clear Key" +CAP_RSA4K="RSA 4K Clear Key" +CAP_CCA="CCA Secure Key" +CAP_RNG="Long RNG" + +let MASK_RSA4K=0x60000000 +let MASK_COPRO=0x10000000 +let MASK_ACCEL=0x08000000 + function print_usage() { cat <<-EOF Usage: $CMD [<options>] [<cryptographic adapter ids>] + $CMD -c|--capability <cryptographic adapter id> Display zcrypt device and configuration information. <options> -b|--bus Show AP bus attributes and exit. + -c|--capability <cryptographic adapter id> + Shows the capabilities of a cryptographic adapter. -V|--verbose Increase verbose level for cryptographic adapter information. Maximum - verbose level is two. + verbose level is three. -v|--version Show version information and exit. -h|--help @@ -46,14 +59,14 @@ function print_usage() { <cryptographic adapter ids> List of cryptographic adapter ids separated by blanks which will be displayed. - If not ids are given all available adapters are displayed. + If no ids are given all available adapters are displayed. EOF } function print_version() { cat <<-EOF $CMD: version %S390_TOOLS_VERSION% - Copyright IBM Corp. 2007 + Copyright IBM Corp. 2012 EOF } @@ -89,6 +102,65 @@ show_bus() { fi } +show_capability() { + CARD="$( printf "card%02x" "$1" 2> /dev/null )" + DEV=$SYSFS/devices/ap/$CARD + if [ ! -d $DEV ] ; then + echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2 + exit 1 + fi + HWTYPE="$( cat $DEV/hwtype 2> /dev/null )" + FUNCS="$( cat $DEV/ap_functions 2> /dev/null )" + # If sysfs attribute is missing, set functions to 0 + if [ "x"$FUNCS == "x" ] ; then + FUNCS="0x00000000" + fi + # skip devices, which are not supported by zcrypt layer + if [ ! -r $DEV/type -a ! -r $DEV/online ] ; then + CAPS="Detailed capability information for $CARD" + CAPS+=" (hardware type $HWTYPE) is not available." + echo -e $CAPS + return; + fi + let FUNC_VAL=$FUNCS + CAPS="$CARD provides capability for:\n" + case $HWTYPE in + 6|8) + if (( FUNC_VAL&$MASK_RSA4K )) ; then + CAPS+="$CAP_RSA4K" + else + CAPS+="$CAP_RSA2K" + fi + ;; + 7|9) + CAPS+="$CAP_RSA4K\n" + CAPS+="$CAP_CCA\n" + CAPS+="$CAP_RNG" + ;; + 10) + if (( FUNC_VAL&$MASK_ACCEL )) ; then + if (( FUNC_VAL&$MASK_RSA4K )) ; then + CAPS+="$CAP_RSA4K" + else + CAPS+="$CAP_RSA2K" + fi + elif (( FUNC_VAL&$MASK_COPRO )) ; then + CAPS+="$CAP_RSA4K\n" + CAPS+="$CAP_CCA\n" + CAPS+="$CAP_RNG" + else + CAPS="Detailed capability information for $CARD" + CAPS+=" (hardware type $HWTYPE) is not available." + fi + ;; + *) + CAPS="Detailed capability information for $CARD" + CAPS+=" (hardware type $HWTYPE) is not available." + ;; + esac + echo -e $CAPS +} + show_device() { CARD="$1" DEV="$SYSFS/bus/ap/devices/$CARD" @@ -96,37 +168,48 @@ show_device() { echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2 exit 1 fi - if [ -r $DEV/type ] ; then - TYPE="$( cat $DEV/type 2> /dev/null )" - else - TYPE=unknown + if [ ! -r $DEV/type -a ! -r $DEV/online ] ; then + # skip devices, which are not supported by zcrypt layer + return; fi - if [ -r $DEV/online ] ; then - if [ "$( cat $DEV/online 2> /dev/null )" -eq 0 ] ; then - ONLINE=offline - else - ONLINE=online - fi + TYPE="$( cat $DEV/type 2> /dev/null )" + if [ "$( cat $DEV/online 2> /dev/null )" -eq 0 ] ; then + ONLINE=offline else - ONLINE=unknown + ONLINE=online fi case $VERBOSE in 0) echo "$CARD: $TYPE" ;; 1) printf "%s: %-11s %-7s\n" $CARD $TYPE $ONLINE ;; - *) + 2) HWTYPE="$( cat $DEV/hwtype 2> /dev/null )" DEPTH="$( cat $DEV/depth 2> /dev/null )" REQ_CNT="$( cat $DEV/request_count 2> /dev/null )" printf "%s: %-11s %-7s hwtype=%-2d depth=%d request_count=%-10d\n" \ $CARD $TYPE $ONLINE $HWTYPE $DEPTH $REQ_CNT + ;; + *) + HWTYPE="$( cat $DEV/hwtype 2> /dev/null )" + DEPTH="$( cat $DEV/depth 2> /dev/null )" + REQ_CNT="$( cat $DEV/request_count 2> /dev/null )" + REQQ_CNT="$( cat $DEV/requestq_count 2> /dev/null )" + PENQ_CNT="$( cat $DEV/pendingq_count 2> /dev/null )" + FUNCS="$( cat $DEV/ap_functions 2> /dev/null )" + FMT="%s: %-11s %-7s hwtype=%-2d depth=%d" + FMT+=" request_count=%d pendingq_count=%d requestq_count=%d" + FMT+=" functions=%-10s\n" + printf "$FMT" \ + $CARD $TYPE $ONLINE $HWTYPE $DEPTH \ + $REQ_CNT $PENQ_CNT $REQQ_CNT \ + $FUNCS esac } # Parse command line -TEMP=`getopt -o bhvV \ - --long bus,help,version,verbose \ +TEMP=`getopt -o bchvV \ + --long bus,capability,help,version,verbose \ -n "$CMD" -- "$@"` if [ $? != 0 ] ; then exit 1 @@ -139,6 +222,8 @@ while true ; do case "$1" in -b|--bus) SHOW_BUS=1 shift;; + -c|--capability) SHOW_CAPABILITY=1 + shift;; -h|--help) print_usage exit 0;; -v|--version) print_version @@ -168,7 +253,15 @@ fi if [ -n "$SHOW_BUS" ] ; then show_bus exit 0 -fi +fi + +if [ -n "$SHOW_CAPABILITY" ] ; then + if [ $# -ne 1 ] ; then + invalid_cmdline "capability option requires a single cryptographic device id" + fi + show_capability $@ + exit 0 +fi if [ $# -eq 0 ] ; then DEVLIST="$( find $SYSFS/bus/ap/devices -name 'card*' -printf '%f\n' | sort )" --- a/zconf/lszcrypt.8 +++ b/zconf/lszcrypt.8 @@ -4,11 +4,15 @@ lszcrypt \- display zcrypt device and co .SH SYNOPSIS .TP 9 .B lszcrypt -.RB "[ " -V " | " -VV " ] " +.RB "[ " -V " | " -VV " | " -VVV " ] " [ .I <device id> [...]] .TP +.B lszcrypt +.B -c +<device id> +.TP .B lszcrypt -b .TP .B lszcrypt -h @@ -18,50 +22,93 @@ lszcrypt \- display zcrypt device and co The .B lszcrypt command is used to display information about cryptographic adapters managed by -zcrypt and zcrypt's AP bus attributes. Displayed information depends on the +zcrypt and the AP bus attributes of zcrypt. Displayed information depends on the kernel version. .B lszcrypt -requires that the sysfs filesystem is mounted. +requires that sysfs is mounted. .P -The following information can be displayed for each cryptographic adapter: card -type, online status, hardware card type, hardware queue depth, and request -count. The following AP bus attributes can be displayed: AP domain, -configuration timer, poll thread status, poll timeout, and AP interrupt status. +The following information can be displayed for each cryptographic +adapter: card type (symbolic), online status, hardware card +type (numeric), installed function facilities, card capability, hardware +queue depth, request count, number of requests in hardware queue, and +the number of outstanding requests. +The following AP bus attributes can be displayed: AP domain, +configuration timer, poll thread status, poll timeout, and AP interrupt +status. .SH OPTIONS .TP 8 .B -V, --verbose -Increase verbose level for cryptographic adapter information. Maximum verbose -level is two. At verbose level one card type and online status are displayed. -At verbose level two card type, online status, hardware card type, hardware -queue depth, and request count are displayed. +Increases the verbose level for cryptographic adapter information. +The maximum verbose level is three. At verbose level one card type +and online status are displayed. At verbose level two card type, +online status, hardware card type, hardware queue depth, and +request count are displayed. At verbose level three card type, +online status, hardware card type, hardware queue depth, +request count, pending request queue count, outstanding +request queue count, and installed function facilities are displayed. .TP 8 .B <device id> -Specifies a cryptographic adapter which will be displayed. A cryptographic +Specifies a cryptographic adapter to display. A cryptographic adapter can be specified either in decimal or hexadecimal notation using a '0x' prefix. If no adapters are specified information about all available -adapters will be displayed. +adapters is displayed. .TP 8 .B -b, --bus -Show AP bus attributes and exit. +Displays the AP bus attributes and exits. +.TP 8 +.B -c, --capability <device id> +Shows the capabilities of a cryptographic adapter of hardware type 6 or +higher. The capabilities of a cryptographic adapter depend on the card +type and the installed function facilities. A cryptographic adapter can +provide one or more of the following capabilities: +.RS +.IP "o" 3 +RSA 2K Clear Key +.IP "o" +RSA 4K Clear Key +.IP "o" +CCA Secure Key +.IP "o" +Long RNG +.RE .TP 8 .B -h, --help -Print help text and exit. +Displays help text and exits. .TP 8 .B -v, --version -Print version information and exit. +Displays version information and exits. .SH EXAMPLES .TP .B lszcrypt -V -Will display card type and online status of all available cryptographic +Displays card type and online status of all available cryptographic adapters. .TP .B lszcrypt -VV 0 1 10 12 -Will display card type, online status, hardware card type, hardware queue -depth, and request count for cryptographic adapters in decimal notation 0, 1, -10, and 12. +Displays the card type in hexadecimal notation, online status, +hardware card type, hardware queue depth, and request count for +cryptographic adapters 0, 1, 10, and 12 in decimal notation. +.TP +.B lszcrypt -VVV 3 7 11 +Displays the card ID and the installed function facility in +hexadecimal notation, as well as card type, online status, hardware +card type, hardware queue depth, request count, pending request +queue count, and outstanding request queue count for cryptographic +adapters 3, 7, and 11 in decimal notation. .TP .B lszcrypt -b -Will display AP bus information. +Displays AP bus information. +.TP +.B lszcrypt -c 7 +.RS +.br +Coprocessor card07 provides capability for: +.br +CCA Secure Key +.br +RSA 4K Clear Key +.br +Long RNG +.RE .SH SEE ALSO \fBchzcrypt\fR(8) .SH AUTHOR
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor