Configuring cryptographic adapter resources

In the configuration-XML, specify a VFIO mediated device as the host device.

Before you begin

The host must relinquish some of its cryptographic resources and assign them to a VFIO mediated device (see Preparing pass-through devices for cryptographic adapter resources).

About this task

Linux® on IBM® Z accesses cryptographic adapters through the zcrypt device driver and a generic device node. The cryptographic resources that are available through the device node depend on the configuration of the real or virtual hardware.

For a KVM guest, a subset of the host's cryptographic resources can be assigned to a VFIO mediated device, which is then passed through to the guest. VFIO mediated devices are identified by a UUID.

On the guest, cryptographic adapter resources are accessed through the generic device node, as usual. No guest device needs to be specified for these resources.

Procedure

Configure the device as a VFIO mediated device that uses the hostdev element (see <hostdev>).

hostdev mode attribute: subsystem

hostdev type attribute: mdev

hostdev model attribute: vfio-ap
Identify the device on the host with the address element as child of the source element (see <source> as child element of <hostdev> and <address> as child element of <source>).

address uuid attribute: <uuid>

hostdev mode attribute:	subsystem
hostdev type attribute:	mdev
hostdev model attribute:	vfio-ap

address uuid attribute:	`<uuid>`

Example


    <hostdev mode="subsystem" type="mdev" model="vfio-ap">
       <source>
         <address uuid="99e714ec-8eee-40fd-a26e-80ff3b1a2564"/>
       </source>
    </hostdev>

In the example, the UUID of the mediated device on the host is 99e714ec-8eee-40fd-a26e-80ff3b1a2564.