Device driver error codes
The coprocessor device driver monitors the status of its communication with the coprocessor and the coprocessor hardware-status registers.
Each time that the coprocessor is reset and the reset is not caused by a fault or tamper event, the coprocessor runs through a miniboot, its power-on self-test (POST), code loading, and status routines. During this process, the coprocessor attempts to coordinate with a host-system device driver. Coprocessor reset operations can occur because of power-on, a reset command sent from the device driver, or because of coprocessor internal activity such as completion of code updates.
The coprocessor fault or tamper-detection circuitry can also reset the coprocessor.
Programs such as the Coprocessor Load Utility (CLU) and the CCA Support Program can receive unusual status in the form of a 4-byte return code from the device driver.
The possible 4-byte codes, are of the form X'8xxxxxxx'. The codes that are frequently obtained are described in Table 1. If you encounter codes of the form XX'8340xxxx' or X'8440xxxx', and the code is not in the table,contact the IBM® cryptographic team through email from the Support page on the IBM product website at http://www.ibm.com/security/cryptocards.
| 4-byte
return code (hex) |
Reason | Descriptions |
|---|---|---|
| 8040FFBF | External intrusion | The intrusion arises due to optional electrical connection to the coprocessor. This condition can be reset. |
| 8040FFDA | Dead battery | The batteries have been allowed to run out of sufficient power or have been removed. The coprocessor is zeroized and is no longer functional. |
| 8040FFDB | X-ray tamper or dead battery | The coprocessor is zeroized and is no longer functional. |
| 8040FFDF | X-ray or dead battery | The coprocessor is zeroized and is no longer functional. |
| 8040FFEB | Temperature tamper | The high or low temperature limit has been exceeded. The coprocessor is zeroized and is no longer functional. |
| 8040FFF3 | Voltage tamper | The coprocessor is zeroized and is no longer functional. |
| V8040FFF9 | Mesh tamper | The coprocessor is zeroized and is no longer functional. |
| 8040FFFB | Reset bit is on | Low voltage was detected, the internal operating temperature of the coprocessor went out of limits, or the host driver sent a reset command. Try removing and reinserting the coprocessor into the PCI-X bus. |
| 8040FFFE | Battery warning | The battery power is marginal. For the procedure to be followed to replace the batteries, see the IBM 4764 PCI-X Cryptographic Coprocessor Installation Manual. |
| 804xxxxx (for example, 80400005) | General communication problem | Except for the prior X'8040xxxx' codes, additional conditions arose in host-coprocessor communication. Determine that the host system in fact has a coprocessor. Try removing and reinserting the coprocessor into the PCI-X bus. Run the CLU status command (ST). If problem persists, contact contact the IBM cryptographic team through email from the Support page on the IBM product website at http://www.ibm.com/security/cryptocards. |
| 8340xxxx | Miniboot-0 codes | This class of return code arises from the lowest-level of reset testing. If codes in this class occur, contact the IBM cryptographic team through email from the Support page on the IBM product website at http://www.ibm.com/security/cryptocards. |
| 8340038F | Random-number generation fault | Continuous monitoring of the random-number generator
has detected a possible problem. There is a small statistical probability
of this event occurring without indicating an actual ongoing problem.
Run the CLU status (ST) command at least twice to determine whether the condition can be cleared. |
| 8440xxxx | Miniboot-1 codes | This class of return code arises from the replaceable POST and code-loading code. |
| 844006B2 | Invalid signature | The signature on the data sent from the CLU utility to miniboot could not be validated by the miniboot. Be sure that you are using an appropriate file (for example, CR1 xxxxx.clu versus CE1 xxxxx.clu). If the problem persists, obtain the output of a CLU status report and forward the report with a description of the task you want to achieve to the IBM cryptographic team through email from the Support page on the IBM product website at http://www.ibm.com/security/cryptocards. |