crypto-configuration object properties
The crypto configuration of a partition represents the elements that are required to enable the partition to make use of crypto adapters. The configuration is a nested structure, containing two pieces of information:
- A set of crypto adapters that will be used by this partition, and
- A set of Crypto Domain Configuration objects. (See Table 2.)
A crypto configuration that contains no crypto adapters and no crypto domain configurations is valid and is known as an empty crypto configuration. A non-empty configuration must contain at least 1 crypto adapter and at least 1 crypto domain configuration with an access-mode of "control-usage".
Name | Type | Description |
---|---|---|
crypto-adapter-uris | Array of String/ URI | Array of URIs listing all crypto adapters that this partition can use. |
crypto-domain-configurations | Array of crypto-domain-configuration objects | Array listing all crypto-domain-configuration objects for this partition. See Table 2. |
Name | Type | Description |
---|---|---|
domain-index | Integer | Index value that identifies the domain to which this configuration
applies. Minimum index is 0, maximum index depends on the CPC model. |
access-mode | String Enum | Specifies the way in which the partition can use this domain. Valid values
are:
|
Crypto configuration conflicts
- Have one (or more) adapter(s) in common, and
- Specified "control-usage" for one (or more) identical domain index(es).
No more than one of the partitions involved in a given crypto configuration conflict may be active or have reserved resources at any one point in time.
According to this definition, the crypto configuration of two partitions can have multiple conflicts (regarding different adapters and/or different domains).
It is also possible for a partition to be involved in conflicts with multiple other partitions. For example, Partition A has 3 crypto adapters in its configuration. Partition B has 2 of those and Partition C has the other one. Assuming they all have a control-usage domain in common, Partition A is now involved in a conflict with Partition B and a separate conflict with Partition C.
Such conflicts are only allowed for partitions that are in "stopped" state, and without reserved resources. That means the system will prevent the creation of conflicting crypto configuration for the set of active partitions, and the set of "stopped" partitions that have reserve-resources enabled.