Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Steps for enabling/disabling cryptographic coprocessors (PCICC, PCIXCC, CEX2C, and CEX3C) z/OS Cryptographic Services ICSF System Programmer's Guide SA22-7520-17 |
|
With TKE 3.0 or higher you can disable/enable the PCICCs. With TKE V4.0 or higher, you can disable/enable the PCIXCCs/CEX2Cs. With TKE V6.0, you can disable/enable the CEX3Cs. When a PCICA, PCICC, PCIXCC, CEX2C, CEX2A, CEX3C, or CEX3A is deactivated through the Coprocessor Management Panel, the card is only deactivated for that one LPAR. When a PCICC, PCIXCC, CEX2C, or CEX3C is disabled by TKE, the card is disabled for the entire system, not just the LPAR that issued the disable. Intrusion Latch on the PCICC, PCIXCC, CEX2C, or CEX3CUnder normal operation, the intrusion latch on a PCICC, PCIXCC, CEX2C, or CEX3C is tripped when the card is removed. This causes all installation data, master keys, retained keys, roles and authorities to be zeroized in the card when it is reinstalled. If a situation arises where a PCIXCC, CEX2C, or CEX3C needs to be removed, for example, you need to remove your card for service, and you do not want the installation data to be cleared, perform this procedure to disable the PCIXCC, CEX2C, or CEX3C before removing. There is no similar procedure for the PCICC. This process will require you to switch between the TKE application, the ICSF Coprocessor Management panel, and the Support Element.
All installation data; master keys, retained keys, roles, and authorities should still be available. The PCIXCC, CEX2C, or CEX3C data was not cleared with the card removal because it was Disabled first via the TKE workstation. |
Copyright IBM Corporation 1990, 2014
|