After you set up the Crypto Express adapter in the Support Element, you must allow access
to it from your LPAR. You achieve this by using the Hardware Management Console (HMC) or the Support
Element (SE).
You can define a certain LPAR to use a domain (or multiple domains) as a usage domain and as a
control domain, or as a control domain only. You can retrieve this information from the Support
Element. Each adapter supports 16 domains (see Figure 1). The selected domains
apply to all selected adapters. For a more detailed information about planning the cryptographic
configuration, see IBM System z10 Enterprise Class Configuration Setup, SG24-7571. Figure 1. Cryptographic configuration for LPAR A2A In Figure 1, LPAR A2A
is defined to use and control the cryptographic domain number 11. It is also allowed to access the
crypto adapters numbers 0 and 7. They are brought online if they are present in the system, if the
LPAR is activated, and if the zcrypt device driver is loaded.
Linux™ kernels earlier than
version 4.9 can only use one crypto domain at a given time. In that case, if the LPAR contains
multiple domains, the kernel selects the default domain. Also, if for these kernel versions you
want to use a different default domain, you need to specify this domain as a parameter when loading
the ap main module of the zcrypt device driver.