QUERY CRYPTO

Read syntax diagramSkip visual syntax diagram Query CRYPtoDOMainsUsersAPVIRTualPOLLing

Authorization

Privilege Class: A, B, C, E

Purpose

Use QUERY CRYPTO to display the status of the real crypto resources that are available on the system.

Operands

APVIRTual POLLing
requests a display of the polling setting of the shared pool.
DOMains
requests a display of installed crypto resources.
Users
requests a display of virtual machines that are logged on or disconnected and have access to the system's pool of shared crypto resources.

Usage Notes

  1. The set of crypto resources displayed is limited to the subset available to the logical partition or the virtual machine in which z/VM is running.
  2. For information on planning and managing crypto resources on a z/VM system, see Crypto Planning and Management in z/VM: CP Planning and Administration.
  3. A VIRTUAL version of this command, QUERY VIRTUAL CRYPTO, also exists to facilitate a per-userid version of this data request. In some cases the VIRTUAL keyword is optional, so the output of this command may supersede QUERY VIRTUAL output. For more information, please see QUERY VIRTUAL CRYPTO.

Responses

Response 1:

The following is the response to QUERY CRYPTO if AP crypto instructions are not installed: 
Crypto Adjunct Processor Instructions are not installed

Response 2:

The following is the response to QUERY CRYPTO if AP crypto instructions are installed:
Crypto Adjunct Processor Instructions are installed

Response 3:

The following is the response to QUERY CRYPTO DOMAINS if crypto adapters are installed:

    AP  AP            Dom Device      Config      Device 
    num type          num Status      State       Assignment 
AP  002 CEX7A  Domain 015 operational online      shared
AP  002 CEX7A  Domain 020 resetting   online      attached to userid
AP  003 UNKN   Domain 015 revoked     online      free
AP  003 UNKN   Domain 020 revoked     online      free
AP  005 CEX8A  Domain 015 operational offline     free, dedication planned
AP  005 CEX8A  Domain 020 operational offline     free
Note: The column headings are not included in the output and are shown here for clarity.

The output contains the following fields:

apnum
The apnum field indicates the three-digit crypto adapter number in decimal.
aptype
The aptype field indicates the crypto adapter type and mode. For dedicated resources, the value indicates the type and mode of the physical resource. For shared resources, the value indicates the maximal common subset of crypto express adapter capabilities that is available in the shared pools of all systems in the user's relocation domain that have the same mode. Shared crypto resources must be configured in accelerator or CCA-coprocessor mode. The value of the aptype field can be one of the following:
CEX3C
Crypto Express3 configured in CCA coprocessor mode
CEX3A
Crypto Express3 configured in accelerator mode
CEX4C
Crypto Express4 configured in CCA coprocessor mode
CEX4A
Crypto Express4 configured in accelerator mode
CEX4P
Crypto Express4 configured in EP11 coprocessor mode
CEX5C
Crypto Express5 configured in CCA coprocessor mode
CEX5A
Crypto Express5 configured in accelerator mode
CEX5P
Crypto Express5 configured in EP11 coprocessor mode
CEX6C
Crypto Express6 configured in CCA coprocessor mode
CEX6A
Crypto Express6 configured in accelerator mode
CEX6P
Crypto Express6 configured in EP11 coprocessor mode
CEX7C
Crypto Express7 configured in CCA coprocessor mode
CEX7A
Crypto Express7 configured in accelerator mode
CEX7P
Crypto Express7 configured in EP11 coprocessor mode
CEX8C
Crypto Express8 configured in CCA coprocessor mode
CEX8A
Crypto Express8 configured in accelerator mode
CEX8P
Crypto Express8 configured in EP11 coprocessor mode
NONE
There are no crypto resources attached to the shared pool.
UNKN
z/VM® is unable to determine the type of crypto adapter.
domnum
is the three-digit domain number in decimal. If the resource is shared, then 001 is assigned to the virtual domain number. If the resource is dedicated, then the actual hardware domain number of the resource is assigned.
device_status
can be any of the following:
operational
indicates that the crypto resource is installed and operational.
checkstop
indicates that the crypto resource is in a checkstop condition and is unavailable.
deconfigured
indicates that the adapter is deconfigured and unavailable. This could result from VARY OFF CRYPTO when the environment in which CP is running supports AP reconfiguration, or from an operation performed on the hardware maintenance console (HMC).
busy
indicates that the adapter is temporarily busy initializing or doing error recovery.
resetting
indicates that the resource is being reset.
revoked
indicates the resource was detected by CP, but has since been unassigned from the configuration. If the resource is added back into the configuration, the updated status will be reported. Otherwise, when CP no longer detects this resource in the configuration, it will not be reported in Q CRYPTO output.
unsupported
indicates the crypto resource status is unsupported by CP.
config_state
CP's logical view of the resource state, as controlled by VARY CRYPTO. Can be any of the following:
online
indicates that the crypto resource is online and available for use.
offline
indicates that the crypto resource is offline.
device_assignment
can be any of the following:
free, dedication planned
indicates that the crypto resource is not in use, however, it has been specified on a CRYPTO APDED statement in the online user directory.
attached to userid
indicates that the crypto resource is dedicated to a logged on virtual machine.
free
indicates that the crypto resource is not in use.
shared
indicates that the crypto resource is attached to the system for shared use.

This response is repeated for each crypto resource installed on the system.

Response 4:

The following is the response to QUERY CRYPTO DOMAINS if no crypto adapters are assigned to the zVM system.
No AP Crypto Domains are available

Response 5:

The following is the response to QUERY CRYPTO DOMAINS USERS.
  • The existing output for QUERY CRYPTO DOMAINS is displayed, followed by a blank line.
  • If there are no crypto resources available for sharing, the following message is displayed:
    There are no AP crypto resources available for shared use.
  • If there are virtual machines that are logged on or disconnected and have access to the shared crypto resources on the system, the following header is displayed, followed by a list of user IDs with up to six user IDs per line:
    Shared-Crypto Users:
  • If there are no virtual machines logged on or disconnected that have access to the shared crypto resources on the system, the following message is displayed:
    There are no shared-crypto users.

Response 6:

The following is the response to QUERY CRYPTO POLLING.

If CRYPTO APVIRTUAL POLLING is set ON, the following message is displayed: 
Shared-crypto polling is ON
If CRYPTO APVIRTUAL POLLING is set OFF, the following message is displayed: 
Shared-crypto polling is OFF

Messages

  • HCP002E Invalid operand - operand
  • HCP003E Invalid option - command contains extra options starting with option
  • HCP1014E A required option is missing.