SecurityEdit online These device drivers and features support security aspects of Linux® on IBM® Z. Generic cryptographic device driverThe generic cryptographic device driver (zcrypt) supports cryptographic coprocessor and accelerator hardware. Cryptographic coprocessors provide secure key cryptographic operations for the IBM Common Cryptographic Architecture (CCA) and the Enterprise PKCS#11 feature (EP11). CCA and EP11 coprocessors operate as Hardware Security Modules (HSMs).Pseudorandom number generator device driverThe pseudorandom number generator (PRNG) device driver provides user-space applications with pseudorandom numbers generated by the IBM Z® CP Assist for Cryptographic Function (CPACF).True random-number generator device driverThe true random number generator (TRNG) device driver provides user-space applications with random data generated from the IBM Z® hardware CPACF true random source.Protected key device driverThe protected key device driver provides functions for generating and verifying protected keys.Hardware-accelerated in-kernel cryptographyIn-kernel cryptographic and checksum operations can be performed by platform-specific implementations instead of the generic implementations within the Linux kernel.FIPS modeIn Federal Information Processing Standard (FIPS) mode, the kernel enforces FIPS security standards, including FIPS 140-2.Instruction execution protectionThe instruction execution protection feature on IBM mainframes protects against data execution, similar to the NX feature on other architectures.Parent topic: Device Drivers, Features, and Commands - Linux kernel 6.18
