4769-001 Cryptographic Coprocessor (FC EJ35 and EJ37 for BSC; CCIN C0AF)

Learn about the specifications and operating system requirements for the feature code (FC) EJ35 and EJ37.

Overview

The 4769-001 Cryptographic Coprocessor is a PCI Express (PCIe) generation 3 (Gen3) x4 adapter. The secure-key adapter provides both cryptographic coprocessor and cryptographic accelerator functions in a single PCIe card. The 4769-001 Cryptographic Coprocessor is suited to applications that require high-speed, security-sensitive, RSA acceleration, cryptographic operations for data encryption and digital signing. Additionally, the adapter is useful in secure management, use of cryptographic keys, or custom cryptographic applications. It provides secure storage of cryptographic keys in a tamper-resistant hardware security module that is designed to meet FIPS 140-2 level 4 security requirements. The adapter runs in dedicated mode only.

FC EJ35 and EJ37 are identical cards and have the same CCIN of C0AF. The different feature codes indicate whether a blind swap cassette is used and the type of cassette. FC EJ35 is not a blind-swap cassette, while FC EJ37 indicates a generation 3 blind-swap cassette.

4769 Cryptographic Coprocessor — Figure 1. 4769-001 Cryptographic Coprocessor

Specifications

Item: Description
Adapter FRU number: 02JD572
I/O bus architecture: PCIe3 x4
Slot requirement: For details about slot priorities, maximums, and placement rules, see PCIe adapter placement rules and slot priorities and select the system you are working on.
Voltage: 3.3 V
Form factor: Half-length, with full-height tail stock

Attributes provided: Supported cryptographic mode: Common Cryptographic Architecture (CCA); PowerPC processors run in lockstep and the outputs of each core are compared cycle by cycle; Error Checking and Correction (ECC) protection on DDR4 memory; Cryptographic key generation and random number generation; Over 300 cryptographic algorithms and modes; Byte wide parity protection on all internal registers and data paths wider than two bits; RSA/ECC engines are protected by a duplicate engine which predicts the CRC of the result; SHA, MD5, AES and DES engines are protected by running the same operation on two independent engines and the outputs are compared cycle by cycle.

Operating system or partition requirements

If you are installing a new feature, ensure that you have the software that is required to support the new feature and you must determine any prerequisites that must be met for this feature and the attached devices. For information about operating system and partition requirements, see one of the following topics:

The latest version of enabling libraries and utilities can be downloaded from the Fix Central website.
Power Systems Prerequisites website.
For information about important notices for Linux on IBM Power Systems, see the Linux® on IBM website.