4767-002 Cryptographic Coprocessor (FC EJ32 and EJ33 for BSC; CCIN 4767)

Learn about the specifications and operating system requirements for the feature code (FC) EJ32 and EJ33.

Overview

The 4767-002 Cryptographic Coprocessor is a PCI Express (PCIe) generation 3 (Gen3) x4 adapter. The secure-key adapter provides both cryptographic coprocessor and cryptographic accelerator functions in a single PCIe card. The 4767-002 Cryptographic Coprocessor is suited to applications that require high-speed, security-sensitive, RSA acceleration, cryptographic operations for data encryption and digital signing. Additionally, the adapter is useful in secure management, use of cryptographic keys, or custom cryptographic applications. It provides secure storage of cryptographic keys in a tamper-resistant hardware security module that is designed to meet FIPS 140-2 level 4 security requirements. The adapter runs in dedicated mode only.

FC EJ32 and EJ33 are identical cards and have the same CCIN of 4767. The different feature codes indicate whether a blind swap cassette is used and the type of cassette. FC EJ32 is not a blind-swap cassette, while FC EJ33 indicates a generation 3 blind-swap cassette.

Specifications

Item: Description
Adapter FRU number: Not applicable
I/O bus architecture: PCIe1 x4
Slot requirement: For details about slot priorities, maximums, and placement rules, see PCIe adapter placement rules and slot priorities and select the system you are working on.
Voltage: 3.3 V
Form factor: Half-length, with full-height tail stock; Dual card (Mother-daughter)

Attributes provided: Supported cryptographic mode: Common Cryptographic Architecture (CCA); PPC 476 Processors run in lockstep and the outputs of each core are compared cycle by cycle; Error Checking and Correction (ECC) protection on DDR3 memory; Cryptographic key generation and random number generation; Over 300 cryptographic algorithms and modes; Byte wide parity protection on all internal registers and data paths wider than two bits; RSA/ECC engines are protected by a duplicate engine which predicts the CRC of the result; SHA, MD5, AES and DES engines are protected by running the same operation on two independent engines and the outputs are compared cycle by cycle.

Performance

Table 1. 4767-002 Cryptographic Coprocessor Operation
Operation	Operations per second
AES-CBC 128 bit (1KB)	> 7K
PK-CRT 1024	> 5K
PK-CRT 2048	> 3.5K
Key Gen RSA CRT 1024 bit	> 30
Key Gen RSA CRT 2048 bit	> 7
Key Gen RSA CRT 4096 bit	> 0.6
Key Gen ECC-BP 192	> 750

Operating system or partition requirements

If you are installing a new feature, ensure that you have the software that is required to support the new feature and you must determine any prerequisites that must be met for this feature and the attached devices. For information about operating system and partition requirements, see one of the following topics:

The latest version of enabling libraries and utilities can be downloaded from the Fix Central website.
Power Systems Prerequisites website.
IBM System Storage Interoperation Center (SSIC) website.
The latest version of the device driver or IBM® Power® RAID adapter utilities (iprutils) can be downloaded from the IBM Service and Productivity Tools website.
For information about important notices for Linux on IBM Power Systems, see the Linux® on IBM website.

Linux driver and firmware information

The 4767-002 Cryptographic Coprocessor's Linux drivers and firmware are not provided by the Linux distribution. To install and or update the Linux drivers and firmware, the user must download the Power Systems Linux drivers and firmware package. Refer to the IBM Power Systems information on the 4767-002 Cryptographic Coprocessor and follow the Linux drivers and firmware instructions at: Power Systems Information for the 4767-002 Cryptographic Coprocessor .