Prior to the HCR7780 release of ICSF, a DES master key was required on all systems. Starting with FMID HCR7780, this requirement is removed for non-CCF systems (CCF systems, however, still require a DES master key). The new master key activation procedure now permits any combination of master keys to be loaded.

The activation procedure for non-CCF systems selects the combination of master keys that will maximize the number of active coprocessors. ICSF checks the master keys available on the system (AES, DES, ECC and RSA) and determines validity based on the master keys used for the CKDS and PKDS. The master key verification patterns (MKVPs) contained in the header of the CKDS and PKDS are compared to the MKVPs of the master keys on the coprocessors. If they match, then the master key is valid. After determining the valid master keys for the system, it then selects the set of available master keys that will maximize the number of active coprocessors.

ECC master key support is based on the existence of CEX3C coprocessors with the Sept. 2010 or later licensed internal code (LIC). If a mixture of CEX3C coprocessors and older coprocessors exist on a system, then ECC support will be based solely on the state of the CEX3C coprocessors.

As coprocessor master keys are set or changed, additional function may become available.