In versions of ICSF prior to FMID HCR7780, in order for a coprocessor to become active, a DES master key needed to be set on the coprocessor. Once the coprocessor was active, DES master key support, and the support of any other master key (an AES master key or an asymetric master key) set on the coprocessor, would then be available.
For FMIDs HCR7780, HCR7790, and HCR77A0, the activation procedure was designed to maximize the number of active coprocessors by selecting the set of master keys that are available on the majority of coprocessors. A DES master key is no longer required in order for a coprocessor to become active. Instead, any one of four master keys – the DES master key, the AES master key, the RSA master key (which in earlier releases was called the asymmetric master key), or the ECC master key – is enough for a coprocessor to become active. However, because the goal is to select the combination of master keys that will maximize the number of active coprocessors, if a certain master key is not set on all the same coprocessors, that master key support will not be available.
Starting with FMID HCR77A1, the activation procedure will use the master key verification patterns (MKVP) in the header record of the CKDS and PKDS to determine which coprocessors become active. If the MKVP of a master key is in the CKDS or PKDS, that master key must be loaded and the verification pattern of the current master key register must match the MKVP in the CKDS or PKDS. If all of the MKVPs in the CKDS and PKDS match the current master key registers, the coprocessor will become active. Otherwise, the status of the coprocessor is 'Master key incorrect'.
This applies to all master keys that the coprocessor supports. When there is a MKVP in the CKDS or PKDS and the coprocessor doesn't support that master key, it is ignored. When a MKVP is not in the CKDS or PKDS, the master key is ignored.
A migration health check is available to find any coprocessors that will not become active when starting HCR77A1 or later. The ICSFMIG77A1_COPROCESSOR_ACTIVE migration check is available for HCR7770, HR7780, HCR7790, and HCR77A0.