IBM offers the Cryptographic Coprocessor Toolkit for the IBM 4767 PCIe Cryptographic Coprocessor. The Toolkit is available as a services offering on a custom contract basis. It can:
- be used to create or extend the application program that performs within the hardware security module (HSM)
- enable users to create entirely new applications for the HSM
- enable users to extend the functionality of IBM's CCA application program in the form of a user-defined extension (UDX)
- authenticate programs
- be used to interactively debug applications at the source level running in the HSM using its Interactive Code Analysis Tool (ICAT)
- A UDX must be deployed on a 4767 HSM installed on a supported server platform.
- The UDX development workstation is supported on 64-bit SUSE® (a Micro Focus Company) Linux Enterprise Server (SLES) and Red Hat® Enterprise Linux® (RHEL) operating systems.
- Toolkit coprocessor application code is compiled and linked using the GNU Compiler Collection (gcc).
- To learn more about the Toolkit, documentation is available for download in PDF format from the Library page under the heading IBM 4767 custom programming.
Custom application programs are loaded in Segment 3 of the HSM, which is the highest level of the HSM's four memory segments. Firmware loaded in Segment 3 can take full advantage of the embedded Linux operating system to perform security-sensitive tasks, cryptographic operations, or both.
A Toolkit custom contract normally provides education on preparing programs to operate within the HSM, a copy of the Toolkit, follow-up support, and assignment of a unique identifier for user code and certification of code-sign keys. Frequently a contract provides consultation to hasten application development, and sometimes provides for initial development by IBM. As needed, IBM is typically able to bid on development of your custom solution or extension.
Availability of the Toolkit, as well as applications created or extended with it, is subject to the export regulations of the United States Government, and in some cases to the import regulations of other countries.