diff options
author | Luca Boccassi <luca.boccassi@gmail.com> | 2018-11-01 11:59:50 +0000 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2018-11-01 12:00:19 +0000 |
commit | 8d01b9cd70a67cdafd5b965a70420c3bd7fb3f82 (patch) | |
tree | 208e3bc33c220854d89d010e3abf720a2e62e546 /doc/guides/cryptodevs/qat.rst | |
parent | b63264c8342e6a1b6971c79550d2af2024b6a4de (diff) |
New upstream version 18.11-rc1upstream/18.11-rc1
Change-Id: Iaa71986dd6332e878d8f4bf493101b2bbc6313bb
Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Diffstat (limited to 'doc/guides/cryptodevs/qat.rst')
-rw-r--r-- | doc/guides/cryptodevs/qat.rst | 200 |
1 files changed, 144 insertions, 56 deletions
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index bdc58eb2..b2dfeb00 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -4,17 +4,30 @@ Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver ================================================== -The QAT PMD provides poll mode crypto driver support for the following +QAT documentation consists of three parts: + +* Details of the symmetric crypto service below. +* Details of the `compression service <http://dpdk.org/doc/guides/compressdevs/qat_comp.html>`_ + in the compressdev drivers section. +* Details of building the common QAT infrastructure and the PMDs to support the + above services. See :ref:`building_qat` below. + + +Symmetric Crypto Service on QAT +------------------------------- + +The QAT crypto PMD provides poll mode crypto driver support for the following hardware accelerator devices: * ``Intel QuickAssist Technology DH895xCC`` * ``Intel QuickAssist Technology C62x`` * ``Intel QuickAssist Technology C3xxx`` * ``Intel QuickAssist Technology D15xx`` +* ``Intel QuickAssist Technology C4xxx`` Features --------- +~~~~~~~~ The QAT PMD has support for: @@ -50,14 +63,16 @@ Hash algorithms: * ``RTE_CRYPTO_AUTH_KASUMI_F9`` * ``RTE_CRYPTO_AUTH_AES_GMAC`` * ``RTE_CRYPTO_AUTH_ZUC_EIA3`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_AES_CCM`` Limitations ------------ +~~~~~~~~~~~ * Only supports the session-oriented API implementation (session-less APIs are not supported). * SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple. @@ -69,104 +84,155 @@ Limitations Extra notes on KASUMI F9 ------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~ When using KASUMI F9 authentication algorithm, the input buffer must be -constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): -`<http://cryptome.org/3gpp/35201-900.pdf>`_. -Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) -concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by -between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. -Note that the actual message can be any length, specified in bits. +constructed according to the +`3GPP KASUMI specification <http://cryptome.org/3gpp/35201-900.pdf>`_ +(section 4.4, page 13). The input buffer has to have COUNT (4 bytes), +FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) concatenated. After the DIRECTION +bit, a single '1' bit is appended, followed by between 0 and 7 '0' bits, so that +the total length of the buffer is multiple of 8 bits. Note that the actual +message can be any length, specified in bits. Once this buffer is passed this way, when creating the crypto operation, -length of data to authenticate (op.sym.auth.data.length) must be the length +length of data to authenticate "op.sym.auth.data.length" must be the length of all the items described above, including the padding at the end. -Also, offset of data to authenticate (op.sym.auth.data.offset) +Also, offset of data to authenticate "op.sym.auth.data.offset" must be such that points at the start of the COUNT bytes. -Building the DPDK QAT cryptodev PMD ------------------------------------ +.. _building_qat: + +Building PMDs on QAT +-------------------- + +A QAT device can host multiple acceleration services: + +* symmetric cryptography +* data compression -To enable QAT crypto in DPDK, follow the instructions for modifying the compile-time -configuration file as described `here <http://dpdk.org/doc/guides/linux_gsg/build_dpdk.html>`_. +These services are provided to DPDK applications via PMDs which register to +implement the corresponding cryptodev and compressdev APIs. The PMDs use +common QAT driver code which manages the QAT PCI device. They also depend on a +QAT kernel driver being installed on the platform, see :ref:`qat_kernel` below. -Quick instructions are as follows: +Configuring and Building the DPDK QAT PMDs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +Further information on configuring, building and installing DPDK is described +`here <http://dpdk.org/doc/guides/linux_gsg/build_dpdk.html>`_. + + +Quick instructions for QAT cryptodev PMD are as follows: .. code-block:: console cd to the top-level DPDK directory - make config T=x86_64-native-linuxapp-gcc - sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT\)=n,\1=y,' build/.config + make defconfig sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_SYM\)=n,\1=y,' build/.config make +Quick instructions for QAT compressdev PMD are as follows: -.. _qat_kernel_installation: +.. code-block:: console -Dependency on the QAT kernel driver ------------------------------------ + cd to the top-level DPDK directory + make defconfig + make -To use the QAT PMD an SRIOV-enabled QAT kernel driver is required. The VF -devices created and initialised by this driver will be used by the QAT PMD. -Instructions for installation are below, but first an explanation of the -relationships between the PF/VF devices and the PMDs visible to -DPDK applications. +Build Configuration +~~~~~~~~~~~~~~~~~~~ +These are the build configuration options affecting QAT, and their default values: -Acceleration services - cryptography and compression - are provided to DPDK -applications via PMDs which register to implement the corresponding -cryptodev and compressdev APIs. +.. code-block:: console -Each QuickAssist VF device can expose one cryptodev PMD and/or one compressdev PMD. -These QAT PMDs share the same underlying device and pci-mgmt code, but are -enumerated independently on their respective APIs and appear as independent -devices to applications. + CONFIG_RTE_LIBRTE_PMD_QAT=y + CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n + CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES=48 + CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS=16 -.. Note:: +CONFIG_RTE_LIBRTE_PMD_QAT must be enabled for any QAT PMD to be built. - Each VF can only be used by one DPDK process. It is not possible to share - the same VF across multiple processes, even if these processes are using - different acceleration services. +The QAT cryptodev PMD has an external dependency on libcrypto, so is not +built by default. CONFIG_RTE_LIBRTE_PMD_QAT_SYM should be enabled to build it. - Conversely one DPDK process can use one or more QAT VFs and can expose both - cryptodev and compressdev instances on each of those VFs. +The QAT compressdev PMD has no external dependencies, so needs no configuration +options and is built by default. +The number of VFs per PF varies - see table below. If multiple QAT packages are +installed on a platform then CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES should be +adjusted to the number of VFs which the QAT common code will need to handle. +Note, there is a separate config item for max cryptodevs CONFIG_RTE_CRYPTO_MAX_DEVS, +if necessary this should be adjusted to handle the total of QAT and other devices +which the process will use. + +QAT allocates internal structures to handle SGLs. For the compression service +CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS can be changed if more segments are needed. +An extra (max_inflight_ops x 16) bytes per queue_pair will be used for every increment. Device and driver naming ------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~ * The qat cryptodev driver name is "crypto_qat". - The rte_cryptodev_devices_get() returns the devices exposed by this driver. + The "rte_cryptodev_devices_get()" returns the devices exposed by this driver. * Each qat crypto device has a unique name, in format - <pci bdf>_<service>, e.g. "0000:41:01.0_qat_sym". - This name can be passed to rte_cryptodev_get_dev_id() to get the device_id. + "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_sym". + This name can be passed to "rte_cryptodev_get_dev_id()" to get the device_id. .. Note:: - The qat crypto driver name is passed to the dpdk-test-crypto-perf tool in the -devtype parameter. + The qat crypto driver name is passed to the dpdk-test-crypto-perf tool in the "-devtype" parameter. The qat crypto device name is in the format of the slave parameter passed to the crypto scheduler. -* The qat compressdev driver name is "comp_qat". +* The qat compressdev driver name is "compress_qat". The rte_compressdev_devices_get() returns the devices exposed by this driver. * Each qat compression device has a unique name, in format <pci bdf>_<service>, e.g. "0000:41:01.0_qat_comp". This name can be passed to rte_compressdev_get_dev_id() to get the device_id. +.. _qat_kernel: + +Dependency on the QAT kernel driver +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To use QAT an SRIOV-enabled QAT kernel driver is required. The VF +devices created and initialised by this driver will be used by the QAT PMDs. + +Instructions for installation are below, but first an explanation of the +relationships between the PF/VF devices and the PMDs visible to +DPDK applications. + +Each QuickAssist PF device exposes a number of VF devices. Each VF device can +enable one cryptodev PMD and/or one compressdev PMD. +These QAT PMDs share the same underlying device and pci-mgmt code, but are +enumerated independently on their respective APIs and appear as independent +devices to applications. + +.. Note:: + + Each VF can only be used by one DPDK process. It is not possible to share + the same VF across multiple processes, even if these processes are using + different acceleration services. + + Conversely one DPDK process can use one or more QAT VFs and can expose both + cryptodev and compressdev instances on each of those VFs. + Available kernel drivers ------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~ Kernel drivers for each device are listed in the following table. Scroll right -to check that the driver and device supports the servic you require. +to check that the driver and device supports the service you require. .. _table_qat_pmds_drivers: @@ -190,6 +256,8 @@ to check that the driver and device supports the servic you require. +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+ | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | Yes | No | +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+ + | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 | Yes | No | + +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+ The ``Driver`` column indicates either the Linux kernel version in which @@ -203,7 +271,7 @@ If you are running on a kernel which includes a driver for your device, see Installation using kernel.org driver ------------------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The examples below are based on the C62x device, if you have a different device use the corresponding values in the above table. @@ -274,7 +342,7 @@ To complete the installation follow the instructions in Installation using 01.org QAT driver ------------------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Download the latest QuickAssist Technology Driver from `01.org <https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches>`_. @@ -368,12 +436,12 @@ To complete the installation - follow instructions in `Binding the available VFs Binding the available VFs to the DPDK UIO driver ------------------------------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Unbind the VFs from the stock driver so they can be bound to the uio driver. For an Intel(R) QuickAssist Technology DH895xCC device -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The unbind command below assumes ``BDFs`` of ``03:01.00-03:04.07``, if your VFs are different adjust the unbind command below:: @@ -386,7 +454,7 @@ VFs are different adjust the unbind command below:: done For an Intel(R) QuickAssist Technology C62x device -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The unbind command below assumes ``BDFs`` of ``1a:01.00-1a:02.07``, ``3d:01.00-3d:02.07`` and ``3f:01.00-3f:02.07``, if your VFs are different @@ -406,7 +474,7 @@ adjust the unbind command below:: done For Intel(R) QuickAssist Technology C3xxx or D15xx device -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The unbind command below assumes ``BDFs`` of ``01:01.00-01:02.07``, if your VFs are different adjust the unbind command below:: @@ -419,7 +487,7 @@ VFs are different adjust the unbind command below:: done Bind to the DPDK uio driver -~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^ Install the DPDK igb_uio driver, bind the VF PCI Device id to it and use lspci to confirm the VF devices are now in use by igb_uio kernel driver, @@ -438,9 +506,29 @@ Another way to bind the VFs to the DPDK UIO driver is by using the cd to the top-level DPDK directory ./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1 +Testing +~~~~~~~ + +QAT crypto PMD can be tested by running the test application:: + + make defconfig + make test-build -j + cd ./build/app + ./test -l1 -n1 -w <your qat bdf> + RTE>>cryptodev_qat_autotest + +QAT compression PMD can be tested by running the test application:: + + make defconfig + sed -i 's,\(CONFIG_RTE_COMPRESSDEV_TEST\)=n,\1=y,' build/.config + make test-build -j + cd ./build/app + ./test -l1 -n1 -w <your qat bdf> + RTE>>compressdev_autotest + Debugging ----------------------------------------- +~~~~~~~~~ There are 2 sets of trace available via the dynamic logging feature: |