A fix is available
APAR status
Closed as new function.
Error description
New function: RMF support for Cryptographic Express4S cards configured in PKCS11 coprocessor mode on the IBM zEnterprise EC12 (zEC12) server . This comprises collection and reporting of performance measurements for operations executed on Crypto Express4S PKCS11 coprocessors (CEX4P).
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: RMF users . * **************************************************************** * PROBLEM DESCRIPTION: RMF support for Cryptographic Express4S * * cards configured in PKCS11 coprocessor * * mode on the IBM zEnterprise EC12 * * (zEC12) server . This * * comprises collection and reporting of * * performance measurements for * * operations executed on Crypto * * Express4S PKCS11 coprocessors (CEX4P). * **************************************************************** * RECOMMENDATION: None. * **************************************************************** With this APAR, RMF's Monitor I Crypto data collection is extended to recognize performance measurements from CEX4 PKCS11 coprocessors. CEX4P measurements are stored in a new Cryptographic PKCS11 Coprocessor data section of SMF record 70 subtype 2 (z/OS V1.12 and above). +-------------------------------------------------------------+ FIXCAT=IBM.Device.Server.zEC12-2827.Exploitation/K keyword E2827/K +--------------------------------------------------------------+ The Postprocessor Crypto Activity report provides CEX4P measurements in the new CRYPTOGRAPHIC PKCS11 COPROCESSOR section. --------------------------------------------------------------- >>>>> SMF RECORD TYPE 70 TO 79 - RMF PRODUCT SECTION <<<<< The SMF record level change number SMFxxSRL at offset 51 (x33) changes to 102 (x66). >>>>> SMF RECORD TYPE 70 SUBTYPE 2 - CRYPTO ACTIVITY <<<<< The Header/Self-defining section is extended by new triplet fields (offset/length/number): OFFSET NAME LEN FORMAT DESCRIPTION ... 60 x3C SMF7025O 4 binary Offset to Cryptographic PKCS11 Coprocessor data section 64 x40 SMF7025L 2 binary Length of Cryptographic PKCS11 Coprocessor data section 66 x42 SMF7025N 2 binary Number of Cryptographic PKCS11 Coprocessor data sections A new Cryptographic PKCS11 Coprocessor data section is added: OFFSET NAME LEN FORMAT DESCRIPTION 0 x0 R7025AX 1 binary Crypto processor index 1 x1 R7025CT 1 binary Crypto processor type: Value Meaning 10 CEX4P 2 x2 R7025MSK 1 binary Validity bit mask. Each bit position represents the validity of a timer-counter pair that measures the execution time and number of operations on a cryptographic PKCS11 coprocessor. Bit Meaning When Set 0 Valid data for operations executed by slow asymmetric-key functions 1 Valid data for operations executed by fast asymmetric-key functions 2 Valid data for operations executed by symmetric-key functions (partial/incremental results) 3 Valid data for operations executed by symmetric-key functions (complete/final result) 4 Valid data for operations executed by asymmetric-key generation function 5-7 Reserved 3 x3 R7025MT 1 binary Reserved for diagnostic purpose 4 x4 4 binary Reserved 8 x8 R7025SF 8 float Scaling factor for this cryptographic PKCS11 coprocessor. Execution times in this data section have to be multiplied by this scaling factor to achieve a value in seconds. 16 x10 R7025SAT 8 float Aggregate execution time of operations executed by slow asymmetric-key functions. 24 x18 R7025SAC 8 float Number of operations executed by slow asymmetric-key functions. 32 x20 R7025FAT 8 float Aggregate execution time of operations executed by fast asymmetric-key functions. 40 x28 R7025FAC 8 float Number of operations executed by fast asymmetric-key functions. 48 x30 R7025SPT 8 float Aggregate execution time of operations executed by symmetric-key functions that return partial or incremental results. 56 x38 R7025SPC 8 float Number of operations executed by symmetric-key functions that return partial or incremental results. 64 x40 R7025SCT 8 float Aggregate execution time of operations executed by symmetric-key functions that return a complete or final result. 72 x48 R7025SCC 8 float Number of operations executed by symmetric-key functions that return a complete or final result. 80 x50 R7025AGT 8 float Aggregate execution time of operations executed by asymmetric-key generation function. 88 x58 R7025AGC 8 float Number of operations executed by asymmetric-key generation function. >>>>>> POSTPROCESSOR CRYPTO HARDWARE ACTIVITY REPORT <<<<<< The existing Cryptographic Coprocessor section of the Postprocessor Crypto Hardware Activity report is renamed to Cryptographic CCA Coprocessor section. The report is enhanced by the new Cryptographic PKCS11 Coprocessor section which provides performance measurements about secure public-key operations executed by symmetric or asymmetric cryptographic functions. Available fields in Cryptographic PKCS11 Coprocessor section: TYPE Type that defines the cryptographic PKCS11 coprocessor CEX4P Crypto Express4S PKCS11 coprocessor ID Index that specifies the cryptographic PKCS11 coprocessor TOTAL Rate, average execution time (in milliseconds) and utilization percentage for all operations executed on this cryptographic PKCS11 coprocessor OPERATIONS Rate, average execution time (in milliseconds) and DETAILS utilization percentage for operation, categorized by cryptographic function type: Type Meaning ASYM FAST Fast asymmetric-key function ASYM GEN Asymmetric-key generation function ASYM SLOW Slow asymmetric-key function SYMM COMPLETE Symmetric-key functions that returns a complete or final result SYMM PARTIAL Symmetric-key functions that return partial or incremental results +--------------------------------------------------------------+ >>>>>> POSTPROCESSOR OVERVIEW CONDITIONS <<<<<< Following new overview conditions are provided for SMF record type 70.2: CONDITIONS CONDITION ALGORITHM NAME --------------------------+---------+-------------------------- Cryptographic PKCS11 CRYPTR R7025SAC+R7025FAC+R7025SPC coprocessor total rate +R7025SCC+R7025AGC/ SMF70INT --------------------------+---------+-------------------------- Cryptographic PKCS11 CRYPTU (R7025SAT+R7025FAT+R7025SPT coprocessor total +R7025SCT+R7025AGT)* utilization R7025SF*100/SMF70INT --------------------------+---------+-------------------------- Cryptographic PKCS11 CRYPTE (R7025SAT+R7025FAT+R7025SPT coprocessor total average +R7025SCT+R7025AGT)* execution time (in milli- R7025SF*1000/ seconds) R7025SAC+R7025FAC+R7025SPC +R7025SCC+R7025AGC --------------------------+---------+-------------------------- Rate of operations executed CRYPSAR R7025SAC/SMF70INT by slow asymmetric-key functions --------------------------+---------+-------------------------- Utilization of operations CRYPSAU R7025SAT*R7025SF*100 executed by slow asymmetric /SMF70INT -key functions --------------------------+---------+-------------------------- Average execution time of CRYPSAE R7025SAT*R7025SF*1000 operations executed by slow /R7025SAC asymmetric-key functions --------------------------+---------+-------------------------- Rate of operations executed CRYPFAR R7025FAC/SMF70INT by fast asymmetric-key functions --------------------------+---------+-------------------------- Utilization of operations CRYPFAU R7025FAT*R7025SF*100 executed by fast asymmetric /SMF70INT -key functions --------------------------+---------+-------------------------- Average execution time of CRYPFAE R7025FAT*R7025SF*1000 operations executed by fast /R7025FAC asymmetric-key functions --------------------------+---------+-------------------------- Rate of operations executed CRYPSPR R7025SPC/SMF70INT by symmetric-key functions that return partial or incremental results --------------------------+---------+-------------------------- Utilization of operations CRYPSPU R7025SPT*R7025SF*100 executed by symmetric-key /SMF70INT functions that return partial or incremental results --------------------------+---------+-------------------------- Average execution time of CRYPSPE R7025SPT*R7025SF*1000 operations executed by /R7025SPC symmetric-key functions that return partial or incremental results --------------------------+---------+-------------------------- Rate of operations executed CRYPSCR R7025SCC/SMF70INT by symmetric-key functions that return a complete or final result --------------------------+---------+-------------------------- Utilization of operations CRYPSCU R7025SCT*R7025SF*100 executed by symmetric-key /SMF70INT functions that return a complete or final result --------------------------+---------+-------------------------- Average execution time of CRYPSCE R7025SCT*R7025SF*1000 operations executed by /R7025SCC symmetric-key functions that return a complete or final result --------------------------+---------+-------------------------- Rate of operations executed CRYPAGR R7025AGC/SMF70INT by asymmetric-key generation functions --------------------------+---------+-------------------------- Utilization of operations CRYPAGU R7025AGT*R7025SF*100 executed by asymmetric-key /SMF70INT generation functions --------------------------+---------+-------------------------- Average execution time of CRYPAGE R7025AGT*R7025SF*1000 operations executed by /R7025AGC asymmetric-key generation functions --------------------------+---------+-------------------------- All new overview conditions may be qualified by the index of the cryptographic PKCS11 coprocessor.
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
OA39562
Reported component name
RMF
Reported component ID
566527404
Reported release
770
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2012-05-11
Closed date
2012-11-06
Last modified date
2013-10-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA67118 UA67119
Modules/Macros
ERBDUCRY ERBEXCIT ERBEXCRY ERBMFBSR ERBMFDCY ERBMFICA ERBMFICY ERBMFIZS ERBMFLUV ERBMFRCY ERBPCTBL ERBPPASS ERBPPCOM ERBPPCON ERBRMFPP ERBSCAN ERBSMFI ERBSMF70 ERB3GCTC ERB3GSMF ERB3GSMM ERB3RTBR
Fix information
Fixed component name
RMF
Fixed component ID
566527404
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"770","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"770","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
07 October 2013