summaryrefslogtreecommitdiffstats
path: root/doc/guides/cryptodevs/qat.rst
diff options
context:
space:
mode:
authorLuca Boccassi <luca.boccassi@gmail.com>2018-11-01 11:59:50 +0000
committerLuca Boccassi <luca.boccassi@gmail.com>2018-11-01 12:00:19 +0000
commit8d01b9cd70a67cdafd5b965a70420c3bd7fb3f82 (patch)
tree208e3bc33c220854d89d010e3abf720a2e62e546 /doc/guides/cryptodevs/qat.rst
parentb63264c8342e6a1b6971c79550d2af2024b6a4de (diff)
New upstream version 18.11-rc1upstream/18.11-rc1
Change-Id: Iaa71986dd6332e878d8f4bf493101b2bbc6313bb Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Diffstat (limited to 'doc/guides/cryptodevs/qat.rst')
-rw-r--r--doc/guides/cryptodevs/qat.rst200
1 files changed, 144 insertions, 56 deletions
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index bdc58eb2..b2dfeb00 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -4,17 +4,30 @@
Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver
==================================================
-The QAT PMD provides poll mode crypto driver support for the following
+QAT documentation consists of three parts:
+
+* Details of the symmetric crypto service below.
+* Details of the `compression service <http://dpdk.org/doc/guides/compressdevs/qat_comp.html>`_
+ in the compressdev drivers section.
+* Details of building the common QAT infrastructure and the PMDs to support the
+ above services. See :ref:`building_qat` below.
+
+
+Symmetric Crypto Service on QAT
+-------------------------------
+
+The QAT crypto PMD provides poll mode crypto driver support for the following
hardware accelerator devices:
* ``Intel QuickAssist Technology DH895xCC``
* ``Intel QuickAssist Technology C62x``
* ``Intel QuickAssist Technology C3xxx``
* ``Intel QuickAssist Technology D15xx``
+* ``Intel QuickAssist Technology C4xxx``
Features
---------
+~~~~~~~~
The QAT PMD has support for:
@@ -50,14 +63,16 @@ Hash algorithms:
* ``RTE_CRYPTO_AUTH_KASUMI_F9``
* ``RTE_CRYPTO_AUTH_AES_GMAC``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
Limitations
------------
+~~~~~~~~~~~
* Only supports the session-oriented API implementation (session-less APIs are not supported).
* SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple.
@@ -69,104 +84,155 @@ Limitations
Extra notes on KASUMI F9
-------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~
When using KASUMI F9 authentication algorithm, the input buffer must be
-constructed according to the 3GPP KASUMI specifications (section 4.4, page 13):
-`<http://cryptome.org/3gpp/35201-900.pdf>`_.
-Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit)
-concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by
-between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits.
-Note that the actual message can be any length, specified in bits.
+constructed according to the
+`3GPP KASUMI specification <http://cryptome.org/3gpp/35201-900.pdf>`_
+(section 4.4, page 13). The input buffer has to have COUNT (4 bytes),
+FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) concatenated. After the DIRECTION
+bit, a single '1' bit is appended, followed by between 0 and 7 '0' bits, so that
+the total length of the buffer is multiple of 8 bits. Note that the actual
+message can be any length, specified in bits.
Once this buffer is passed this way, when creating the crypto operation,
-length of data to authenticate (op.sym.auth.data.length) must be the length
+length of data to authenticate "op.sym.auth.data.length" must be the length
of all the items described above, including the padding at the end.
-Also, offset of data to authenticate (op.sym.auth.data.offset)
+Also, offset of data to authenticate "op.sym.auth.data.offset"
must be such that points at the start of the COUNT bytes.
-Building the DPDK QAT cryptodev PMD
------------------------------------
+.. _building_qat:
+
+Building PMDs on QAT
+--------------------
+
+A QAT device can host multiple acceleration services:
+
+* symmetric cryptography
+* data compression
-To enable QAT crypto in DPDK, follow the instructions for modifying the compile-time
-configuration file as described `here <http://dpdk.org/doc/guides/linux_gsg/build_dpdk.html>`_.
+These services are provided to DPDK applications via PMDs which register to
+implement the corresponding cryptodev and compressdev APIs. The PMDs use
+common QAT driver code which manages the QAT PCI device. They also depend on a
+QAT kernel driver being installed on the platform, see :ref:`qat_kernel` below.
-Quick instructions are as follows:
+Configuring and Building the DPDK QAT PMDs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+Further information on configuring, building and installing DPDK is described
+`here <http://dpdk.org/doc/guides/linux_gsg/build_dpdk.html>`_.
+
+
+Quick instructions for QAT cryptodev PMD are as follows:
.. code-block:: console
cd to the top-level DPDK directory
- make config T=x86_64-native-linuxapp-gcc
- sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT\)=n,\1=y,' build/.config
+ make defconfig
sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_SYM\)=n,\1=y,' build/.config
make
+Quick instructions for QAT compressdev PMD are as follows:
-.. _qat_kernel_installation:
+.. code-block:: console
-Dependency on the QAT kernel driver
------------------------------------
+ cd to the top-level DPDK directory
+ make defconfig
+ make
-To use the QAT PMD an SRIOV-enabled QAT kernel driver is required. The VF
-devices created and initialised by this driver will be used by the QAT PMD.
-Instructions for installation are below, but first an explanation of the
-relationships between the PF/VF devices and the PMDs visible to
-DPDK applications.
+Build Configuration
+~~~~~~~~~~~~~~~~~~~
+These are the build configuration options affecting QAT, and their default values:
-Acceleration services - cryptography and compression - are provided to DPDK
-applications via PMDs which register to implement the corresponding
-cryptodev and compressdev APIs.
+.. code-block:: console
-Each QuickAssist VF device can expose one cryptodev PMD and/or one compressdev PMD.
-These QAT PMDs share the same underlying device and pci-mgmt code, but are
-enumerated independently on their respective APIs and appear as independent
-devices to applications.
+ CONFIG_RTE_LIBRTE_PMD_QAT=y
+ CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
+ CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES=48
+ CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS=16
-.. Note::
+CONFIG_RTE_LIBRTE_PMD_QAT must be enabled for any QAT PMD to be built.
- Each VF can only be used by one DPDK process. It is not possible to share
- the same VF across multiple processes, even if these processes are using
- different acceleration services.
+The QAT cryptodev PMD has an external dependency on libcrypto, so is not
+built by default. CONFIG_RTE_LIBRTE_PMD_QAT_SYM should be enabled to build it.
- Conversely one DPDK process can use one or more QAT VFs and can expose both
- cryptodev and compressdev instances on each of those VFs.
+The QAT compressdev PMD has no external dependencies, so needs no configuration
+options and is built by default.
+The number of VFs per PF varies - see table below. If multiple QAT packages are
+installed on a platform then CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES should be
+adjusted to the number of VFs which the QAT common code will need to handle.
+Note, there is a separate config item for max cryptodevs CONFIG_RTE_CRYPTO_MAX_DEVS,
+if necessary this should be adjusted to handle the total of QAT and other devices
+which the process will use.
+
+QAT allocates internal structures to handle SGLs. For the compression service
+CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS can be changed if more segments are needed.
+An extra (max_inflight_ops x 16) bytes per queue_pair will be used for every increment.
Device and driver naming
-------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~
* The qat cryptodev driver name is "crypto_qat".
- The rte_cryptodev_devices_get() returns the devices exposed by this driver.
+ The "rte_cryptodev_devices_get()" returns the devices exposed by this driver.
* Each qat crypto device has a unique name, in format
- <pci bdf>_<service>, e.g. "0000:41:01.0_qat_sym".
- This name can be passed to rte_cryptodev_get_dev_id() to get the device_id.
+ "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_sym".
+ This name can be passed to "rte_cryptodev_get_dev_id()" to get the device_id.
.. Note::
- The qat crypto driver name is passed to the dpdk-test-crypto-perf tool in the -devtype parameter.
+ The qat crypto driver name is passed to the dpdk-test-crypto-perf tool in the "-devtype" parameter.
The qat crypto device name is in the format of the slave parameter passed to the crypto scheduler.
-* The qat compressdev driver name is "comp_qat".
+* The qat compressdev driver name is "compress_qat".
The rte_compressdev_devices_get() returns the devices exposed by this driver.
* Each qat compression device has a unique name, in format
<pci bdf>_<service>, e.g. "0000:41:01.0_qat_comp".
This name can be passed to rte_compressdev_get_dev_id() to get the device_id.
+.. _qat_kernel:
+
+Dependency on the QAT kernel driver
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To use QAT an SRIOV-enabled QAT kernel driver is required. The VF
+devices created and initialised by this driver will be used by the QAT PMDs.
+
+Instructions for installation are below, but first an explanation of the
+relationships between the PF/VF devices and the PMDs visible to
+DPDK applications.
+
+Each QuickAssist PF device exposes a number of VF devices. Each VF device can
+enable one cryptodev PMD and/or one compressdev PMD.
+These QAT PMDs share the same underlying device and pci-mgmt code, but are
+enumerated independently on their respective APIs and appear as independent
+devices to applications.
+
+.. Note::
+
+ Each VF can only be used by one DPDK process. It is not possible to share
+ the same VF across multiple processes, even if these processes are using
+ different acceleration services.
+
+ Conversely one DPDK process can use one or more QAT VFs and can expose both
+ cryptodev and compressdev instances on each of those VFs.
+
Available kernel drivers
-------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~
Kernel drivers for each device are listed in the following table. Scroll right
-to check that the driver and device supports the servic you require.
+to check that the driver and device supports the service you require.
.. _table_qat_pmds_drivers:
@@ -190,6 +256,8 @@ to check that the driver and device supports the servic you require.
+-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
| 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | Yes | No |
+-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
+ | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 | Yes | No |
+ +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
The ``Driver`` column indicates either the Linux kernel version in which
@@ -203,7 +271,7 @@ If you are running on a kernel which includes a driver for your device, see
Installation using kernel.org driver
-------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The examples below are based on the C62x device, if you have a different device
use the corresponding values in the above table.
@@ -274,7 +342,7 @@ To complete the installation follow the instructions in
Installation using 01.org QAT driver
-------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download the latest QuickAssist Technology Driver from `01.org
<https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches>`_.
@@ -368,12 +436,12 @@ To complete the installation - follow instructions in `Binding the available VFs
Binding the available VFs to the DPDK UIO driver
-------------------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unbind the VFs from the stock driver so they can be bound to the uio driver.
For an Intel(R) QuickAssist Technology DH895xCC device
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The unbind command below assumes ``BDFs`` of ``03:01.00-03:04.07``, if your
VFs are different adjust the unbind command below::
@@ -386,7 +454,7 @@ VFs are different adjust the unbind command below::
done
For an Intel(R) QuickAssist Technology C62x device
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The unbind command below assumes ``BDFs`` of ``1a:01.00-1a:02.07``,
``3d:01.00-3d:02.07`` and ``3f:01.00-3f:02.07``, if your VFs are different
@@ -406,7 +474,7 @@ adjust the unbind command below::
done
For Intel(R) QuickAssist Technology C3xxx or D15xx device
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The unbind command below assumes ``BDFs`` of ``01:01.00-01:02.07``, if your
VFs are different adjust the unbind command below::
@@ -419,7 +487,7 @@ VFs are different adjust the unbind command below::
done
Bind to the DPDK uio driver
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
Install the DPDK igb_uio driver, bind the VF PCI Device id to it and use lspci
to confirm the VF devices are now in use by igb_uio kernel driver,
@@ -438,9 +506,29 @@ Another way to bind the VFs to the DPDK UIO driver is by using the
cd to the top-level DPDK directory
./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1
+Testing
+~~~~~~~
+
+QAT crypto PMD can be tested by running the test application::
+
+ make defconfig
+ make test-build -j
+ cd ./build/app
+ ./test -l1 -n1 -w <your qat bdf>
+ RTE>>cryptodev_qat_autotest
+
+QAT compression PMD can be tested by running the test application::
+
+ make defconfig
+ sed -i 's,\(CONFIG_RTE_COMPRESSDEV_TEST\)=n,\1=y,' build/.config
+ make test-build -j
+ cd ./build/app
+ ./test -l1 -n1 -w <your qat bdf>
+ RTE>>compressdev_autotest
+
Debugging
-----------------------------------------
+~~~~~~~~~
There are 2 sets of trace available via the dynamic logging feature: