rpms/s390utils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add support fro CEX4 devices to chzcrypt/lszcrypt (#847092)

Browse Source
This commit is contained in:
Dan Horák 2012-08-27 16:37:41 +02:00
parent 6a9781520b
commit bf8cdf527f
2 changed files with 396 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

396
s390-tools-1.19.0-fedora.patch
View File

@ -1,7 +1,7 @@
From 911c72bbf7ae362111593e82c4dfe730a44a1e8f Mon Sep 17 00:00:00 2001
From: Dan Horak <dan@danny.cz>
Date: Sun, 20 Jul 2008 09:24:05 +0200
Subject: [PATCH 1/4] s390-tools-1.5.3-zipl-zfcpdump-2
Subject: [PATCH 1/5] s390-tools-1.5.3-zipl-zfcpdump-2
---
common.mak | 4 ++--
@ -29,7 +29,7 @@ index 5321ccb..541a232 100644
From d8a4a2d505564e597cefab16871c35cfb6f06854 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Thu, 23 Apr 2009 11:46:01 +0200
Subject: [PATCH 2/4] s390-tools-1.8.1-fdasd-su
Subject: [PATCH 2/5] s390-tools-1.8.1-fdasd-su
---
fdasd/fdasd.c | 10 ++++++----
@ -63,7 +63,7 @@ index 842e72a..3ab81c0 100644
From 39ac18ef1622f4ae1254983530e120a7d036aff7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Fri, 19 Jun 2009 10:01:30 +0200
Subject: [PATCH 3/4] s390-tools-1.8.1-zipl-kdump-man
Subject: [PATCH 3/5] s390-tools-1.8.1-zipl-kdump-man
Description: Add kdump kernel installation instruction to zipl man page.
Symptom: User wants to prepare SCSI disk for dump, but has not installed
@ -95,7 +95,7 @@ index 01d18c5..e699b59 100644
From 0dc93d3f17430677e1e218124bef32730d4f35ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 21 Aug 2012 09:58:21 +0200
Subject: [PATCH 4/4] Support for new storage device on System z (rhbz#847086)
Subject: [PATCH 4/5] Support for new storage device on System z (rhbz#847086)
Allow Linux to access a new storage device as a block device using a new interface.
That includes the adaption of common IO functions to allow to attach, configure
@ -404,3 +404,391 @@ index 0000000..25a8a2a
--
1.7.7.6
From 93b91117cbe2c0d036bf10a8cc139bee2ba94caf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 27 Aug 2012 16:34:25 +0200
Subject: [PATCH 5/5] lszcrypt/chzcrypt: Add support for CEX4 crypto card
(rhbz#847092)
---
zconf/chzcrypt | 3 +
zconf/lszcrypt | 131 ++++++++++++++++++++++++++++++++++++++++++++++--------
zconf/lszcrypt.8 | 89 ++++++++++++++++++++++++++++---------
3 files changed, 183 insertions(+), 40 deletions(-)
diff --git a/zconf/chzcrypt b/zconf/chzcrypt
index e222d43..1a9f574 100755
--- a/zconf/chzcrypt
+++ b/zconf/chzcrypt
@@ -246,6 +246,9 @@ for DEV in $DEV_LIST ; do
echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2
exit 1
fi
+ if [ ! -w $DEV/online ] ; then
+ continue
+ fi
verbose "Setting cryptographic adapter $CARD $ONLINE_TEXT."
echo $ONLINE > "$DEV/online" 2> /dev/null
if [ "$( cat $DEV/online )" != "$ONLINE" ] ; then
diff --git a/zconf/lszcrypt b/zconf/lszcrypt
index a0c9473..2a371d4 100755
--- a/zconf/lszcrypt
+++ b/zconf/lszcrypt
@@ -1,6 +1,6 @@
#!/bin/bash
#==============================================================================
-# Copyright IBM Corp. 2008.
+# Copyright IBM Corp. 2012.
#
# lszcrypt
#
@@ -8,6 +8,7 @@
#
# Author(s): Ralph Wuerthner <rwuerthn@de.ibm.com>
# Felix Beck <felix.beck@de.ibm.com>
+# Holger Dengler <hd@linux.vnet.ibm.com>
#
# This file is part of s390-tools
#
@@ -28,17 +29,29 @@
CMD="$( basename $0 )"
+CAP_RSA2K="RSA 2K Clear Key"
+CAP_RSA4K="RSA 4K Clear Key"
+CAP_CCA="CCA Secure Key"
+CAP_RNG="Long RNG"
+
+let MASK_RSA4K=0x60000000
+let MASK_COPRO=0x10000000
+let MASK_ACCEL=0x08000000
+
function print_usage() {
cat <<-EOF
Usage: $CMD [<options>] [<cryptographic adapter ids>]
+ $CMD -c|--capability <cryptographic adapter id>
Display zcrypt device and configuration information.
<options>
-b|--bus
Show AP bus attributes and exit.
+ -c|--capability <cryptographic adapter id>
+ Shows the capabilities of a cryptographic adapter.
-V|--verbose
Increase verbose level for cryptographic adapter information. Maximum
- verbose level is two.
+ verbose level is three.
-v|--version
Show version information and exit.
-h|--help
@@ -46,14 +59,14 @@ function print_usage() {
<cryptographic adapter ids>
List of cryptographic adapter ids separated by blanks which will be displayed.
- If not ids are given all available adapters are displayed.
+ If no ids are given all available adapters are displayed.
EOF
}
function print_version() {
cat <<-EOF
$CMD: version %S390_TOOLS_VERSION%
- Copyright IBM Corp. 2007
+ Copyright IBM Corp. 2012
EOF
}
@@ -89,6 +102,65 @@ show_bus() {
fi
}
+show_capability() {
+ CARD="$( printf "card%02x" "$1" 2> /dev/null )"
+ DEV=$SYSFS/devices/ap/$CARD
+ if [ ! -d $DEV ] ; then
+ echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2
+ exit 1
+ fi
+ HWTYPE="$( cat $DEV/hwtype 2> /dev/null )"
+ FUNCS="$( cat $DEV/ap_functions 2> /dev/null )"
+ # If sysfs attribute is missing, set functions to 0
+ if [ "x"$FUNCS == "x" ] ; then
+ FUNCS="0x00000000"
+ fi
+ # skip devices, which are not supported by zcrypt layer
+ if [ ! -r $DEV/type -a ! -r $DEV/online ] ; then
+ CAPS="Detailed capability information for $CARD"
+ CAPS+=" (hardware type $HWTYPE) is not available."
+ echo -e $CAPS
+ return;
+ fi
+ let FUNC_VAL=$FUNCS
+ CAPS="$CARD provides capability for:\n"
+ case $HWTYPE in
+ 6|8)
+ if (( FUNC_VAL&$MASK_RSA4K )) ; then
+ CAPS+="$CAP_RSA4K"
+ else
+ CAPS+="$CAP_RSA2K"
+ fi
+ ;;
+ 7|9)
+ CAPS+="$CAP_RSA4K\n"
+ CAPS+="$CAP_CCA\n"
+ CAPS+="$CAP_RNG"
+ ;;
+ 10)
+ if (( FUNC_VAL&$MASK_ACCEL )) ; then
+ if (( FUNC_VAL&$MASK_RSA4K )) ; then
+ CAPS+="$CAP_RSA4K"
+ else
+ CAPS+="$CAP_RSA2K"
+ fi
+ elif (( FUNC_VAL&$MASK_COPRO )) ; then
+ CAPS+="$CAP_RSA4K\n"
+ CAPS+="$CAP_CCA\n"
+ CAPS+="$CAP_RNG"
+ else
+ CAPS="Detailed capability information for $CARD"
+ CAPS+=" (hardware type $HWTYPE) is not available."
+ fi
+ ;;
+ *)
+ CAPS="Detailed capability information for $CARD"
+ CAPS+=" (hardware type $HWTYPE) is not available."
+ ;;
+ esac
+ echo -e $CAPS
+}
+
show_device() {
CARD="$1"
DEV="$SYSFS/bus/ap/devices/$CARD"
@@ -96,37 +168,48 @@ show_device() {
echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2
exit 1
fi
- if [ -r $DEV/type ] ; then
- TYPE="$( cat $DEV/type 2> /dev/null )"
- else
- TYPE=unknown
+ if [ ! -r $DEV/type -a ! -r $DEV/online ] ; then
+ # skip devices, which are not supported by zcrypt layer
+ return;
fi
- if [ -r $DEV/online ] ; then
- if [ "$( cat $DEV/online 2> /dev/null )" -eq 0 ] ; then
- ONLINE=offline
- else
- ONLINE=online
- fi
+ TYPE="$( cat $DEV/type 2> /dev/null )"
+ if [ "$( cat $DEV/online 2> /dev/null )" -eq 0 ] ; then
+ ONLINE=offline
else
- ONLINE=unknown
+ ONLINE=online
fi
case $VERBOSE in
0) echo "$CARD: $TYPE"
;;
1) printf "%s: %-11s %-7s\n" $CARD $TYPE $ONLINE
;;
- *)
+ 2)
HWTYPE="$( cat $DEV/hwtype 2> /dev/null )"
DEPTH="$( cat $DEV/depth 2> /dev/null )"
REQ_CNT="$( cat $DEV/request_count 2> /dev/null )"
printf "%s: %-11s %-7s hwtype=%-2d depth=%d request_count=%-10d\n" \
$CARD $TYPE $ONLINE $HWTYPE $DEPTH $REQ_CNT
+ ;;
+ *)
+ HWTYPE="$( cat $DEV/hwtype 2> /dev/null )"
+ DEPTH="$( cat $DEV/depth 2> /dev/null )"
+ REQ_CNT="$( cat $DEV/request_count 2> /dev/null )"
+ REQQ_CNT="$( cat $DEV/requestq_count 2> /dev/null )"
+ PENQ_CNT="$( cat $DEV/pendingq_count 2> /dev/null )"
+ FUNCS="$( cat $DEV/ap_functions 2> /dev/null )"
+ FMT="%s: %-11s %-7s hwtype=%-2d depth=%d"
+ FMT+=" request_count=%d pendingq_count=%d requestq_count=%d"
+ FMT+=" functions=%-10s\n"
+ printf "$FMT" \
+ $CARD $TYPE $ONLINE $HWTYPE $DEPTH \
+ $REQ_CNT $PENQ_CNT $REQQ_CNT \
+ $FUNCS
esac
}
# Parse command line
-TEMP=`getopt -o bhvV \
- --long bus,help,version,verbose \
+TEMP=`getopt -o bchvV \
+ --long bus,capability,help,version,verbose \
-n "$CMD" -- "$@"`
if [ $? != 0 ] ; then
exit 1
@@ -139,6 +222,8 @@ while true ; do
case "$1" in
-b|--bus) SHOW_BUS=1
shift;;
+ -c|--capability) SHOW_CAPABILITY=1
+ shift;;
-h|--help) print_usage
exit 0;;
-v|--version) print_version
@@ -168,7 +253,15 @@ fi
if [ -n "$SHOW_BUS" ] ; then
show_bus
exit 0
-fi
+fi
+
+if [ -n "$SHOW_CAPABILITY" ] ; then
+ if [ $# -ne 1 ] ; then
+ invalid_cmdline "capability option requires a single cryptographic device id"
+ fi
+ show_capability $@
+ exit 0
+fi
if [ $# -eq 0 ] ; then
DEVLIST="$( find $SYSFS/bus/ap/devices -name 'card*' -printf '%f\n' | sort )"
diff --git a/zconf/lszcrypt.8 b/zconf/lszcrypt.8
index 01d4fa7..e8ca6ce 100644
--- a/zconf/lszcrypt.8
+++ b/zconf/lszcrypt.8
@@ -4,11 +4,15 @@ lszcrypt \- display zcrypt device and configuration information
.SH SYNOPSIS
.TP 9
.B lszcrypt
-.RB "[ " -V " | " -VV " ] "
+.RB "[ " -V " | " -VV " | " -VVV " ] "
[
.I <device id>
[...]]
.TP
+.B lszcrypt
+.B -c
+<device id>
+.TP
.B lszcrypt -b
.TP
.B lszcrypt -h
@@ -18,50 +22,93 @@ lszcrypt \- display zcrypt device and configuration information
The
.B lszcrypt
command is used to display information about cryptographic adapters managed by
-zcrypt and zcrypt's AP bus attributes. Displayed information depends on the
+zcrypt and the AP bus attributes of zcrypt. Displayed information depends on the
kernel version.
.B lszcrypt
-requires that the sysfs filesystem is mounted.
+requires that sysfs is mounted.
.P
-The following information can be displayed for each cryptographic adapter: card
-type, online status, hardware card type, hardware queue depth, and request
-count. The following AP bus attributes can be displayed: AP domain,
-configuration timer, poll thread status, poll timeout, and AP interrupt status.
+The following information can be displayed for each cryptographic
+adapter: card type (symbolic), online status, hardware card
+type (numeric), installed function facilities, card capability, hardware
+queue depth, request count, number of requests in hardware queue, and
+the number of outstanding requests.
+The following AP bus attributes can be displayed: AP domain,
+configuration timer, poll thread status, poll timeout, and AP interrupt
+status.
.SH OPTIONS
.TP 8
.B -V, --verbose
-Increase verbose level for cryptographic adapter information. Maximum verbose
-level is two. At verbose level one card type and online status are displayed.
-At verbose level two card type, online status, hardware card type, hardware
-queue depth, and request count are displayed.
+Increases the verbose level for cryptographic adapter information.
+The maximum verbose level is three. At verbose level one card type
+and online status are displayed. At verbose level two card type,
+online status, hardware card type, hardware queue depth, and
+request count are displayed. At verbose level three card type,
+online status, hardware card type, hardware queue depth,
+request count, pending request queue count, outstanding
+request queue count, and installed function facilities are displayed.
.TP 8
.B <device id>
-Specifies a cryptographic adapter which will be displayed. A cryptographic
+Specifies a cryptographic adapter to display. A cryptographic
adapter can be specified either in decimal or hexadecimal notation using
a '0x' prefix. If no adapters are specified information about all available
-adapters will be displayed.
+adapters is displayed.
.TP 8
.B -b, --bus
-Show AP bus attributes and exit.
+Displays the AP bus attributes and exits.
+.TP 8
+.B -c, --capability <device id>
+Shows the capabilities of a cryptographic adapter of hardware type 6 or
+higher. The capabilities of a cryptographic adapter depend on the card
+type and the installed function facilities. A cryptographic adapter can
+provide one or more of the following capabilities:
+.RS
+.IP "o" 3
+RSA 2K Clear Key
+.IP "o"
+RSA 4K Clear Key
+.IP "o"
+CCA Secure Key
+.IP "o"
+Long RNG
+.RE
.TP 8
.B -h, --help
-Print help text and exit.
+Displays help text and exits.
.TP 8
.B -v, --version
-Print version information and exit.
+Displays version information and exits.
.SH EXAMPLES
.TP
.B lszcrypt -V
-Will display card type and online status of all available cryptographic
+Displays card type and online status of all available cryptographic
adapters.
.TP
.B lszcrypt -VV 0 1 10 12
-Will display card type, online status, hardware card type, hardware queue
-depth, and request count for cryptographic adapters in decimal notation 0, 1,
-10, and 12.
+Displays the card type in hexadecimal notation, online status,
+hardware card type, hardware queue depth, and request count for
+cryptographic adapters 0, 1, 10, and 12 in decimal notation.
+.TP
+.B lszcrypt -VVV 3 7 11
+Displays the card ID and the installed function facility in
+hexadecimal notation, as well as card type, online status, hardware
+card type, hardware queue depth, request count, pending request
+queue count, and outstanding request queue count for cryptographic
+adapters 3, 7, and 11 in decimal notation.
.TP
.B lszcrypt -b
-Will display AP bus information.
+Displays AP bus information.
+.TP
+.B lszcrypt -c 7
+.RS
+.br
+Coprocessor card07 provides capability for:
+.br
+CCA Secure Key
+.br
+RSA 4K Clear Key
+.br
+Long RNG
+.RE
.SH SEE ALSO
\fBchzcrypt\fR(8)
.SH AUTHOR
--
1.7.7.6

5
s390utils.spec
View File

@ -8,7 +8,7 @@ Name: s390utils
Summary: Utilities and daemons for IBM System/z
Group: System Environment/Base
Version: 1.19.0
Release: 1%{?dist}
Release: 2%{?dist}
Epoch: 2
License: GPLv2 and GPLv2+ and CPL
ExclusiveArch: s390 s390x
@ -857,6 +857,9 @@ User-space development files for the s390/s390x architecture.
%changelog
* Mon Aug 27 2012 Dan Horák <dan[at]danny.cz> 2:1.19.0-2
- add support fro CEX4 devices to chzcrypt/lszcrypt (#847092)
* Mon Aug 27 2012 Dan Horák <dan[at]danny.cz> 2:1.19.0-1
- updated to 1.19.0 (#804774)
- fixed syntax in s390.sh script (#851096)