CEX8C information
Since the TKE catcher daemon listens on one particular numbered port, it is impossible to allow a legacy catcher daemon to co-exist with a newer catcher daemon. This must be the new TKE catcher to support the newest cryptographic coprocessors.
There are the following impacts:
- The newest TKE catcher must
support all in-service CPRB types:
- T6 (CCA 5.*, CCA 6.*, and CCA 7.*)
- T7 (CCA 8.*)
- libcsulcca.so supports access to both types of CPRBs.
CEX4C - CEX8C information
The TKE catcher daemon listens on a single port for management communication. This port number has not changed for the CEX4C or later release. Therefore, the new daemon supports TKE management communication to the CEX4C - CEX8S - CCA or later adapters. Special steps are taken in the install/uninstall and daemon management for the CEX4C or later release to ensure that the new daemon is running when it is available.
TKE versions for CEX*Cs
- TKE V7.2: CEX4Cs are reported by TKE 7.2 as CEX3Cs. CEX4Cs are only supported by TKE 7.2 or later if the Linux™ driver reports them as CEX4s.
- A TKE V8.0 or higher workstation is required to see CEX5Cs. CEX4Cs, and CEX3Cs.
- A TKE V9.0 or higher workstation is required to see CEX6Cs and to exploit PCI-HSM 2016 compliance mode.
- A TKE V9.2 workstation is required to manage CEX7C coprocessors.
- A TKE V10.0 workstation is required to manage CEX8C coprocessors.
For more information about the TKE workstation, see z/OS Cryptographic Services.