Displaying information about cryptographic devices and AP queues

Red Hat Enterprise Linux 9.2 LPAR mode z/VM guest KVM guest

Use the lszcrypt command to display status information about your cryptographic devices and AP queues; alternatively, you can use sysfs.

About this task

For information about lszcrypt, see lszcrypt - Display cryptographic devices.

Each cryptographic adapter is represented in a sysfs directory of the form
/sys/bus/ap/devices/card<XX>
where <XX> is the two-digit hexadecimal device index for each device. For example, device 0x1a can be found under /sys/bus/ap/devices/card1a. The sysfs directory contains a number of attributes with information about the AP queue.
Table 1. Cryptographic adapter attributes
Attribute Explanation
ap_functions Read-only attribute that represents the function facilities that are installed on this device.
API_ordinalnr EP11 coprocessors only: Read-only attribute that displays the EP11 adapter's firmware API ordinal number.
chkstop Read-only attribute that is 1 if the adapter is in checkstop state and 0 otherwise. In checkstop state, the adapter is not available for processing cryptographic requests.
config Read-write attribute that represents the LPAR configuration status for this adapter, see Setting the LPAR configuration status.
depth Read-only attribute that represents the input queue length for this device.
FW_version EP11 coprocessors only: Read-only attribute that shows the major and minor firmware version in the format: <major_version>.<minor_version>
hwtype Read-only attribute that represents the numeric hardware type for this device. The following values are defined:
11
CEX5A, CEX5C, or CEX5P adapters.
12
CEX6A, CEX6C, or CEX6P adapters.
13
CEX7A, CEX7C, or CEX7P adapters.
14
CEX8A, CEX8C, or CEX8P adapters.

The hwtype attribute shows the hardware type as interpreted by the device driver. See also the raw_hwtype attribute.

raw_hwtype Read-only attribute that represents the original hardware type of the cryptographic adapter.
max_msg_size Read-only attribute that shows the upper limit in bytes that can be used by the AP bus, the zcrypt device driver, and user space applications for requests and replies sent to and received from this adapter.
modalias Read-only attribute that represents an internally used device bus-ID.
online Read-write attribute that shows whether the device is online (1) or offline (0).
op_modes EP11 coprocessors only: Read-only attribute that shows the adapter's enabled modes of operation. Enabled modes are always listed on a single line, with multiple modes separated by spaces. The line is empty if no known mode is enabled.
pendingq_count Read-only attribute that represents the number of requests in the hardware queue.
request_count Read-only attribute that represents the number of requests that are already processed by this device.
requestq_count Read-only attribute that represents the number of outstanding requests (not including the requests in the hardware queue).
serialnr For CCA and EP11 coprocessors only: Read-only attribute that shows the adapter serial number. The serial number is a unique ASCII string of 8 characters for CCA coprocessors and 16-characters for EP11 coprocessors.
type Read-only attribute with a name for the device type. The following types are defined:
  • CEX5A, CEX5C, CEX5P
  • CEX6A, CEX6C, CEX6P
  • CEX7A, CEX7C, CEX7P
  • CEX8A, CEX8C, CEX8P
Each AP queue is independently configurable and represented in a subdirectory of the cryptographic device it belongs to:
/sys/bus/ap/devices/card<XX>/<XX>.<YYYY>
where <XX> is the adapter ID of the cryptographic device and <YYYY> is the domain. For example, a cryptographic device with adapter ID 1a might have domains 5 (0005), 31 (001f), and 77 (004d) configured. The cryptographic device together with its AP queues would be represented in sysfs as:
/sys/devices/ap/card1a   
/sys/devices/ap/card1a/1a.0005
/sys/devices/ap/card1a/1a.001f
/sys/devices/ap/card1a/1a.004d

Actions that you take on the cryptographic device also apply to its associated AP queues. Attributes like type and hwtype are inherited by the AP queues. The sysfs directory contains a number of attributes with information about the AP queues.

Table 2. Attributes of the AP queues
Attribute Explanation
chkstop Read-only attribute that is 1 if the queue is in checkstop state and 0 otherwise. In checkstop state, no requests are sent to the AP queue. The queue is reset when it exits the checkstop state.
config Read-only attribute that shows the LPAR configuration status of the AP queue, as configured (1) or not configured (0). The configuration status of an AP queue matches the configuration status of its cryptographic adapter.
online Read-write attribute that shows whether the AP queue is online (1) or offline (0).
interrupt Read-only attribute that represents the interrupt state (enabled or disabled) of the AP queue, and hence the request queue.
mkvps Read-only attribute with multiple lines of information about the master key states and verification patterns for CCA or EP11 coprocessors. See Investigating master key states and verification patterns.
op_modes EP11 coprocessors only: Read-only attribute that shows the adapter's enabled modes of operation. Enabled modes are always listed on a single line, with multiple modes separated by spaces. The line is empty if no known mode is enabled.
reset Read-only attribute that indicate the state of pending resets of the AP queues, and hence the request queue.
pendingq_count Read-only attribute that represents the number of requests in the hardware queue.
request_count Read-only attribute that represents the number of requests that are already processed by this AP queue.
requestq_count Read-only attribute that represents the number of outstanding requests (not including the requests in the hardware queue).