From e9c030f2026b1b8e0399679600845c298aeb508d Mon Sep 17 00:00:00 2001 From: Harald Freudenberger Date: Mon, 21 Jan 2019 09:07:00 +0100 Subject: zcrypt: refine lszcrypt man page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added some explanations about the columns shown with the lszcrypt verbose output. Signed-off-by: Harald Freudenberger Signed-off-by: Jan Höppner --- zconf/zcrypt/lszcrypt.8 | 64 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/zconf/zcrypt/lszcrypt.8 b/zconf/zcrypt/lszcrypt.8 index 826e109..bd235ec 100644 --- a/zconf/zcrypt/lszcrypt.8 +++ b/zconf/zcrypt/lszcrypt.8 @@ -10,7 +10,7 @@ .\" nroff -man lszcrypt.8 .\" to process this source .\" -.TH LSZCRYPT 8 "OCT 2017" "s390-tools" +.TH LSZCRYPT 8 "JAN 2019" "s390-tools" .SH NAME lszcrypt \- display zcrypt device and configuration information .SH SYNOPSIS @@ -111,6 +111,68 @@ Displays help text and exits. .TP 8 .B -v, --version Displays version information and exits. +.SH VERBOSE LISTING DETAILS +Some of the columns showing up in verbose listing mode may need some +explanation: +.TP +.B TYPE and HWTYPE +The HWTYPE is a numeric value showing which type of hardware the zcrypt +device driver presumes that this crypto card is. The currently known values +are 7=CEX3C, 8=CEX3A, 10=CEX4, 11=CEX5 and 12=CEX6. +.br +The TYPE is a human readable value showing the hardware type and the basic +function type (A=Accelerator, C=CCA Coprocessor, P=EP11 Coprocessor). So +for example CEX6P means a CEX6 card in EP11 Coprocessor mode. +.TP +.B REQUESTS +This is the counter value of successful processed requests on card or queue +level. Successful here means the request was processed without any failure +in the whole processing chain. +.TP +.B PENDING +The underlying firmware and hardware layer usually provide some queuing +space for requests. When this queue is already filled up, the zcrypt device +driver maintains a software queue of pending requests. The sum of these +both values is displayed here and shows the amount of requests waiting for +processing on card or queue level. +.TP +.B FUNCTIONS +This column shows firmware and hardware function details: +.br +S - APSC available: card/queue can handle requests with the special bit +enabled. +.br +M - Accelerator card/queue with support for RSA ME with up to 4k key size. +.br +C - Accelerator card/queue with support for RSA CRT with up to 4k key size. +.br +D - Card/queue is providing CCA functions (this is the CCA Coprocessor mode). +.br +A - Card/queue is providing Accelerator functions (this is the Accelerator mode). +.br +X - Card/queue is providing EP11 functions (this is the EP11 Coprocessor mode). +.br +N - APXA available (ability to address more than 16 crypto cards and domains). +.br +F - Full function support (opposed to restricted function support, see below). +.br +R - Restricted function support. The F and R flag both reflect if a +hypervisor is somehow restricting this crypto resource in a virtual +environment. Dependent on the hypervisor configuration the crypto requests +may be filtered by the hypervisor to allow only a subset of functions +within the virtual runtime environment. For example a shared CCA +Coprocessor may be restricted by the hypervisor to allow only clear key +operations within the guests. +.TP +.B DRIVER +.br +Shows which card or queue device driver currently handles this crypto +resource. Currently known drivers are cex4card/cex4queue (CEX4-CEX6 +hardware), cex2card/cex2cqueue (CEX2C and CEX3C hardware), +cex2acard/cex2aqueue (CEX2A and CEX3A hardware) and vfio_ap (queue reserved +for use by kvm hypervisor for kvm guests and not accessible to host +applications). It is also valid to have no driver handling a queue which is +shown as a -no-driver- entry. .SH EXAMPLES .TP .B lszcrypt -- 2.13.7