4767-002 Cryptographic Coprocessor (FC EJ32 and EJ33 for BSC; CCIN 4767)
Learn about the specifications and operating system requirements for the feature code (FC) EJ32
Overview
The 4767-002 Cryptographic Coprocessor is a PCI Express (PCIe) generation 1 (Gen1) x4 adapter. The secure-key adapter provides both cryptographic coprocessor and cryptographic accelerator functions in a single PCIe card. The 4767-002 Cryptographic Coprocessor is suited to applications that require high-speed, security-sensitive, RSA acceleration, cryptographic operations for data encryption and digital signing. Additionally, the adapter is useful in secure management, use of cryptographic keys, or custom cryptographic applications. It provides secure storage of cryptographic keys in a tamper-responding hardware security module that is certified to meet FIPS 140-2 level 4 security requirements (certificate #3164). The adapter runs in dedicated mode only.
FC EJ32 and EJ33 are identical cards and have the same CCIN of 4767. The different feature codes indicate whether a blind swap cassette is used and the type of cassette. FC EJ32 is not a blind-swap cassette, while FC EJ33 indicates a generation 3 blind-swap cassette.
Specifications
- Item
- Description
- Adapter FRU number
- Not applicable
- I/O bus architecture
- PCIe1 x4
- Slot requirement
- For details about slot priorities and placement rules, see PCIe adapter placement rules and slot priorities and select the system you are working on.
- Supported Systems
- POWER8® processor-based server
- 8247-21L, 8247-22L, and 8248-22A
- 8247-42L
- 9119-MME and 9119-MHE in the I/O drawer only
- 9080-MME and 9080-MHE
- Cables
- No cables are required
- Voltage
- 3.3 V
- Form factor
- Half-length, with full-height tail stock
- Dual card (Mother-daughter)
- Maximum number
- For details about the maximum number of adapters that are supported, see PCIe adapter placement rules and slot priorities and select the system you are working on.
- Attributes provided
- Supported cryptographic mode: Common Cryptographic Architecture (CCA)
- PPC 476 Processors run in lockstep and the outputs of each core are compared cycle by cycle
- Error Checking and Correction (ECC) protection on DDR3 memory
- Cryptographic key generation and random number generation
- Over 300 cryptographic algorithms and modes
- Byte wide parity protection on all internal registers and data paths wider than two bits
- RSA/ECC engines are protected by a duplicate engine which predicts the CRC of the result
- SHA, MD5, AES and DES engines are protected by running the same operation on two independent engines and the outputs are compared cycle by cycle.
Performance
| Operation | Operations per second |
|---|---|
| AES-CBC 128 bit (1KB) | > 7K |
| PK-CRT 1024 | > 5K |
| PK-CRT 2048 | > 3.5K |
| Key Gen RSA CRT 1024 bit | > 30 |
| Key Gen RSA CRT 2048 bit | > 7 |
| Key Gen RSA CRT 4096 bit | > 0.6 |
| Key Gen ECC-BP 192 | > 750 |
Operating system or partition requirements
- AIX®
- AIX Version 7.2D, or later
- AIX Version 7.1X, or later
- Linux:
- Red Hat Enterprise Linux Version 7.3, or later
- SUSE Linux Enterprise Server (SLES) 12 SP2, or later
- Ubuntu 16.04.01, or later
- IBM® i
- IBM i 7.3, or later
- IBM i 7.2, or later
Linux driver and firmware information
The 4767-002 Cryptographic Coprocessor's Linux drivers and firmware are not provided by the Linux distribution. To install and or update the Linux drivers and firmware, the user must download the Power Systems Linux drivers and firmware package. Refer to the IBM Power Systems information on the 4767-002 Cryptographic Coprocessor and follow the Linux drivers and firmware instructions at: Power Systems Information for the 4767-002 Cryptographic Coprocessor.
