Support modules

Edit online

6.18 LPAR mode z/VM guest KVM guest

A udev rule ensures that any separately compiled modules for which the hardware prerequisites are fulfilled are loaded automatically for you.

The following support modules for hardware-accelerated cryptographic operations can be compiled separately from the kernel. None of these modules have module parameters.
hmac_s390
As of IBM® z17 ™, enables hardware-acceleration for hash-based message authentication code (HMAC) with SHA-2 hashing algorithms (SHA-224, SHA-256, SHA-384 and SHA-512).
sha1_s390
enables hardware-acceleration for SHA-1 operations. sha1_s390 requires the sha_common module.
sha256_s390
enables hardware-acceleration for SHA-224 and SHA-256 operations. sha256_s390 requires the sha_common module.
sha512_s390
enables hardware-acceleration for SHA-384 and SHA-512 operations. sha512_s390 requires the sha_common module.
sha3_256_s390
enables hardware-acceleration for SHA3-224 and SHA3-256 operations. sha3_256_s390 requires the sha_common module.
sha3_512_s390
enables hardware-acceleration for SHA3-384 and SHA3-512 operations. sha3_512_s390 requires the sha_common module.
chacha_s390
enables hardware-acceleration for the ChaCha20 stream cipher (RFC 7539).
ghash_s390
enables hardware-acceleration for Galois hashes.
aes_s390
enables hardware-acceleration for AES encryption and decryption for the following modes of operation:
  • ECB, CBC, and CTR for key lengths 128, 192, and 256 bits.
  • XTS for key lengths 128 and 256 bits. As of IBM z17, with optimized performance (full XTS key instructions).
  • GCM for key lengths 128, 192, and 256 bits.
des_s390
enables hardware-acceleration for DES and TDES for the following modes of operation: ECB, CBC, and CTR.
crc32-vx_s390
enables hardware-acceleration for CRC-32 (IEEE 802.3 Ethernet) and CRC-32C (Castagnoli).
paes_s390
enables protected key AES encryption and decryption for the following modes of operation:
  • ECB, CBC, and CTR for key lengths 128, 192, and 256 bits
  • XTS for key lengths 128 and 256 bits
The paes_s390 kernel module includes a self test for each cypher that it provides. These self tests run for Linux® in FIPS mode or if the kernel is compiled to enable crypto self tests. As a prerequisite for a successful self test, at least one of the following conditions must be met:
  • The PCKMO instruction is enabled in the profile of the LPAR on which the Linux instance or its hosting hypervisor runs. To enable the PCKMO instruction, select the Permit AES Key import functions option in the CPACF Key Management Operations section.
  • The Linux instance can access a cryptographic adapter in CCA coprocessor mode.
  • The Linux instance can access a cryptographic adapter in EP11 coprocessor mode.

The paes_s390 module requires the pkey device driver, see Protected key device driver.

The module also requires a cryptographic adapter for creating and handling secure and protected keys:
  • To use CCA AES data or CCA AES cipher secure keys, the module requires a cryptographic adapter in CCA coprocessor mode.
  • To use EP11 secure keys, the module requires a cryptographic adapter in EP11 coprocessor mode.

The ciphers in the paes_s390 module can work with CCA secure data or cipher keys and with EP11 secure keys, for example, keys that are generated by the pkey device driver. XTS requires two secure keys.

Before the paes_s390 module uses secure keys in a cypher, it transforms them into protected keys. If a protected key becomes invalid, the paes_s390 module re-generates the protected key from the secure key.

phmac_s390
provides a hash-based message authentication (HMAC) implementation for protected keys, PHMAC, for hmac(sha224), hmac(sha256), hmac(sha384) and hmac(sha512) on IBM z17 .

The protected-key hash-based message authentication code (PHMAC) cryptographic authentication technique uses a hash function and a protected key to verify the authenticity of messages.

You must load the phmac_s390 module using modprobe phmac_s390.

To construct a PHMAC you have two options:
  • Derive a protected key from a clear key. This option requires PCKMO and thus the pkey_pckmo kernel module.
  • Use a retrievable secret. This option is only available within a KVM guest running in IBM Secure Execution mode. It requires the pkey_uv kernel module. To use this method, create an HMAC retrievable secret and insert it into the ultravisor. You can then address this secret through the protected key device driver and the ultravisor, and retrieve an HMAC protected key.

The phmac_s390 kernel module includes a self test for each algorithm it provides. These self tests run for Linux in FIPS mode or if the kernel is compiled to enable crypto self tests. As a prerequisite for a successful self test, the PCKMO instruction needs to be enabled and the pkey_pckmo kernel module needs to be active.

Mainframe hardware prior to z14: To use CPACF for AES-GCM operations, you must load both the aes_s390 and ghash_s390 module.
Tip: Load the modules with modprobe. modprobe handles dependencies on other modules for you.
Example: 
# modprobe sha512_s390