Unloading the cryptographic device driver

Edit online

You might need to unload the cryptographic device driver, for example, to change the domain setting.

Unloading the device driver is somehow complicated because the catcher.exe daemon is always running, to be ready to receive TKE requests. To unload the device driver, for example, in preparation for a reload, you must stop the catcher.exe daemon. This can be done with the service management script /etc/init.d/CSUTKEcat using the stop argument, or on newer distributions providing systemd with systemctl stop CSUTKEcat. Only when the catcher.exe daemon is still shown by ps aux | grep catcher, use the ps command to find the PID for the daemon. Then use the kill <PID> command, or as a last method, use the kill -9 <PID> command to kill it.

Unloading of the device driver is only successful, if you stop all applications that access the main ap module and any of the running sub-modules before the unload. Unloading fails, if you miss to stop an involved application. In this case, the device driver requires a restart to be able to function as desired.

After reloading the device driver, you can restart the catcher.exe daemon (restarting TKE access) using the /etc/init.d/CSUTKEcat start command. See Files in the RPM or DEB for more details.

Note: If the cryptographic device driver is part of the kernel, you cannot unload it. In this case, you can directly edit domain settings via sysfs (see Checking the adapter settings).