Displaying information about cryptographic devices and AP queues
Use the lszcrypt command to display status information about your cryptographic devices and AP queues; alternatively, you can use sysfs.
About this task
For information about lszcrypt, see lszcrypt - Display cryptographic devices.
/sys/bus/ap/devices/card<XX>
where
<XX> is the two-digit hexadecimal device index for each
device.
For example, device 0x1a can be found under /sys/bus/ap/devices/card1a. The
sysfs directory contains a number of attributes with information about the AP queue.Attribute | Explanation |
---|---|
ap_functions | Read-only attribute that represents the function facilities that are installed on this adapter. |
API_ordinalnr | EP11 coprocessors only: Read-only attribute that displays the EP11 adapter's firmware API ordinal number. |
chkstop | Read-only attribute that is 1 if the adapter is in checkstop state and 0 otherwise. In checkstop state, the adapter is not available for processing cryptographic requests. |
config | Read-write attribute that represents the LPAR configuration status for this adapter, see Setting the LPAR configuration status. |
depth | Read-only attribute that represents the input queue length for this adapter. |
FW_version | EP11 coprocessors only: Read-only attribute that shows the major and minor firmware version in the format: <major_version>.<minor_version> |
hwtype | Read-only attribute the represents the numeric hardware
type as interpreted by the device driver. The following values are defined:
The |
raw_hwtype | Read-only attribute that represents the actual hardware type of the cryptographic adapter. |
max_msg_size | Read-only attribute that shows the upper limit, in bytes, for
requests and replies that are send to and received from this adapter. The AP bus and zcrypt device driver assign a request to an AP queue only if the request is within the upper limit of the queue's adapter. A request fails with ENODEV if no suitable adapter is available. A request fails with EMSGSIZE if the request size is within the limit, but the response exceeds it. The upper limit for CEX7A, CEX7C, CEX7P, and earlier adapters is 12288 bytes (12 KB). |
modalias | Read-only attribute that represents an internally used device bus-ID. |
online | Read-write attribute that shows whether the device is online (1) or offline (0). |
op_modes | EP11 coprocessors only: Read-only attribute that shows the adapter's enabled modes of operation. Enabled modes are always listed on a single line, with multiple modes separated by spaces. The line is empty if no known mode is enabled. |
pendingq_count | Read-only attribute that represents the number of requests in the hardware queue. |
request_count | Read-only attribute that represents the number of requests that are already processed by this device. |
requestq_count | Read-only attribute that represents the number of outstanding requests (not including the requests in the hardware queue). |
serialnr | For CCA and EP11 coprocessors only: Read-only attribute that shows the adapter serial number. The serial number is a unique ASCII string of 8 characters for CCA coprocessors and 16-characters for EP11 coprocessors. |
type | Read-only attribute with a name for the device type.
The following types are defined:
|
/sys/bus/ap/devices/card<XX>/<XX>.<YYYY>
/sys/devices/ap/card1a
/sys/devices/ap/card1a/1a.0005
/sys/devices/ap/card1a/1a.001f
/sys/devices/ap/card1a/1a.004d
Actions that you take on the cryptographic device also apply to its associated AP queues. Attributes like type and hwtype are inherited by the AP queues. The sysfs directory contains a number of attributes with information about the AP queues.
Attribute | Explanation |
---|---|
ap_functions | Read-only attribute that represents the function facilities that are available on this AP queue. Bits 16 and 17 describe the binding and association state of the queue inside a KVM guest that is running in secure-execution mode. |
chkstop | Read-only attribute that is 1 if the queue is in checkstop state and 0 otherwise. In checkstop state, no requests are sent to the AP queue. The queue is reset when it exits the checkstop state. |
config | Read-only attribute that shows the LPAR configuration status
of the AP queue, as configured(1) or not configured(0). The configuration status of an AP queue matches the configuration status of its cryptographic adapter. |
online | Read-write attribute that shows whether the AP queue is online (1) or offline (0). |
interrupt | Read-only attribute that represents the interrupt state (enabled or disabled) of the AP queue, and hence the request queue. |
mkvps | Read-only attribute with multiple lines of information about the master key states and verification patterns for CCA or EP11 coprocessors. See Investigating master key states and verification patterns. |
op_modes | EP11 coprocessors only: Read-only attribute that shows the adapter's enabled modes of operation. Enabled modes are always listed on a single line, with multiple modes separated by spaces. The line is empty if no known mode is enabled. |
reset | Read-only attribute that indicate the state of pending resets of the AP queues, and hence the request queue. |
pendingq_count | Read-only attribute that represents the number of requests in the hardware queue. |
request_count | Read-only attribute that represents the number of requests that are already processed by this AP queue. |
requestq_count | Read-only attribute that represents the number of outstanding requests (not including the requests in the hardware queue). |
se_associate | Read-write attribute that is available for KVM guests running in
secure-execution mode only:
|
se_bind | Read-write attribute that is available for KVM guests running in
secure-execution mode only:
|
To display status information about your cryptographic devices and AP queues, you can also use the lszcrypt command (see lszcrypt - Display cryptographic devices).