summaryrefslogtreecommitdiffstats
path: root/doc/guides/cryptodevs
diff options
context:
space:
mode:
authorLuca Boccassi <luca.boccassi@gmail.com>2017-11-08 14:15:11 +0000
committerLuca Boccassi <luca.boccassi@gmail.com>2017-11-08 14:45:54 +0000
commit055c52583a2794da8ba1e85a48cce3832372b12f (patch)
tree8ceb1cb78fbb46a0f341f8ee24feb3c6b5540013 /doc/guides/cryptodevs
parentf239aed5e674965691846e8ce3f187dd47523689 (diff)
New upstream version 17.11-rc3
Change-Id: I6a5baa40612fe0c20f30b5fa773a6cbbac63a685 Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Diffstat (limited to 'doc/guides/cryptodevs')
-rw-r--r--doc/guides/cryptodevs/aesni_gcm.rst4
-rw-r--r--doc/guides/cryptodevs/aesni_mb.rst21
-rw-r--r--doc/guides/cryptodevs/dpaa2_sec.rst8
-rw-r--r--doc/guides/cryptodevs/dpaa_sec.rst182
-rw-r--r--doc/guides/cryptodevs/features/aesni_mb.ini3
-rw-r--r--doc/guides/cryptodevs/features/default.ini4
-rw-r--r--doc/guides/cryptodevs/features/dpaa2_sec.ini1
-rw-r--r--doc/guides/cryptodevs/features/dpaa_sec.ini40
-rw-r--r--doc/guides/cryptodevs/features/mrvl.ini42
-rw-r--r--doc/guides/cryptodevs/features/openssl.ini3
-rw-r--r--doc/guides/cryptodevs/index.rst2
-rw-r--r--doc/guides/cryptodevs/mrvl.rst206
-rw-r--r--doc/guides/cryptodevs/openssl.rst1
-rw-r--r--doc/guides/cryptodevs/qat.rst1
14 files changed, 503 insertions, 15 deletions
diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index 6e9160aa..a1f58483 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -62,8 +62,8 @@ Installation
To build DPDK with the AESNI_GCM_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.46, which
-can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.46.zip>`_.
+The latest version of the library supported by this PMD is v0.47, which
+can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.47.zip>`_.
.. code-block:: console
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index b3b937fe..79e722c6 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -52,6 +52,8 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_AES192_CTR
* RTE_CRYPTO_CIPHER_AES256_CTR
* RTE_CRYPTO_CIPHER_AES_DOCSISBPI
+* RTE_CRYPTO_CIPHER_DES_CBC
+* RTE_CRYPTO_CIPHER_DES_DOCSISBPI
Hash algorithms:
@@ -76,8 +78,8 @@ Installation
To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.46, which
-can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.46.zip>`_.
+The latest version of the library supported by this PMD is v0.47, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.47.zip>`_.
.. code-block:: console
@@ -90,13 +92,14 @@ and the Multi-Buffer library version supported by them:
.. table:: DPDK and Multi-Buffer library version compatibility
- ============= ============================
- DPDK version Multi-buffer library version
- ============= ============================
- 2.2 - 16.11 0.43 - 0.44
- 17.02 0.44
- 17.05+ 0.45+
- ============= ============================
+ ============== ============================
+ DPDK version Multi-buffer library version
+ ============== ============================
+ 2.2 - 16.11 0.43 - 0.44
+ 17.02 0.44
+ 17.05 - 17.08 0.45 - 0.47
+ 17.11+ 0.47
+ ============== ============================
Initialization
diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 18d980eb..13474c18 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -183,17 +183,17 @@ The following dependencies are not part of DPDK and must be installed separately
SDK and related information can be obtained from: `NXP QorIQ SDK <http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX>`_.
-* **DPDK Helper Scripts**
+* **DPDK Extra Scripts**
DPAA2 based resources can be configured easily with the help of ready scripts
as provided in the DPDK helper repository.
- `DPDK Helper Scripts <https://github.com/qoriq-open-source/dpdk-helper>`_.
+ `DPDK Extra Scripts <https://github.com/qoriq-open-source/dpdk-extras>`_.
Currently supported by DPDK:
-* NXP SDK **2.0+**.
-* MC Firmware version **10.0.0** and higher.
+* NXP SDK **17.08+**.
+* MC Firmware version **10.3.1** and higher.
* Supported architectures: **arm64 LE**.
* Follow the DPDK :ref:`Getting Started Guide for Linux <linux_gsg>` to setup the basic DPDK environment.
diff --git a/doc/guides/cryptodevs/dpaa_sec.rst b/doc/guides/cryptodevs/dpaa_sec.rst
new file mode 100644
index 00000000..d3438cc3
--- /dev/null
+++ b/doc/guides/cryptodevs/dpaa_sec.rst
@@ -0,0 +1,182 @@
+.. BSD LICENSE
+ Copyright 2017 NXP.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of NXP nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+NXP DPAA CAAM (DPAA_SEC)
+========================
+
+The DPAA_SEC PMD provides poll mode crypto driver support for NXP DPAA CAAM
+hardware accelerator.
+
+Architecture
+------------
+
+SEC is the SOC's security engine, which serves as NXP's latest cryptographic
+acceleration and offloading hardware. It combines functions previously
+implemented in separate modules to create a modular and scalable acceleration
+and assurance engine. It also implements block encryption algorithms, stream
+cipher algorithms, hashing algorithms, public key algorithms, run-time
+integrity checking, and a hardware random number generator. SEC performs
+higher-level cryptographic operations than previous NXP cryptographic
+accelerators. This provides significant improvement to system level performance.
+
+DPAA_SEC is one of the hardware resource in DPAA Architecture. More information
+on DPAA Architecture is described in :ref:`dpaa_overview`.
+
+DPAA_SEC PMD is one of DPAA drivers which interacts with QBMAN to create,
+configure and destroy the device instance using queue pair with CAAM portal.
+
+DPAA_SEC PMD also uses some of the other hardware resources like buffer pools,
+queues, queue portals to store and to enqueue/dequeue data to the hardware SEC.
+
+Implementation
+--------------
+
+SEC provides platform assurance by working with SecMon, which is a companion
+logic block that tracks the security state of the SOC. SEC is programmed by
+means of descriptors (not to be confused with frame descriptors (FDs)) that
+indicate the operations to be performed and link to the message and
+associated data. SEC incorporates two DMA engines to fetch the descriptors,
+read the message data, and write the results of the operations. The DMA
+engine provides a scatter/gather capability so that SEC can read and write
+data scattered in memory. SEC may be configured by means of software for
+dynamic changes in byte ordering. The default configuration for this version
+of SEC is little-endian mode.
+
+Features
+--------
+
+The DPAA PMD has support for:
+
+Cipher algorithms:
+
+* ``RTE_CRYPTO_CIPHER_3DES_CBC``
+* ``RTE_CRYPTO_CIPHER_AES128_CBC``
+* ``RTE_CRYPTO_CIPHER_AES192_CBC``
+* ``RTE_CRYPTO_CIPHER_AES256_CBC``
+* ``RTE_CRYPTO_CIPHER_AES128_CTR``
+* ``RTE_CRYPTO_CIPHER_AES192_CTR``
+* ``RTE_CRYPTO_CIPHER_AES256_CTR``
+
+Hash algorithms:
+
+* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
+* ``RTE_CRYPTO_AUTH_MD5_HMAC``
+
+AEAD algorithms:
+
+* ``RTE_CRYPTO_AEAD_AES_GCM``
+
+Supported DPAA SoCs
+--------------------
+
+* LS1046A/LS1026A
+* LS1043A/LS1023A
+
+Limitations
+-----------
+
+* Chained mbufs are not supported.
+* Hash followed by Cipher mode is not supported
+* Only supports the session-oriented API implementation (session-less APIs are not supported).
+
+Prerequisites
+-------------
+
+DPAA_SEC driver has similar pre-requisites as described in :ref:`dpaa_overview`.
+The following dependencies are not part of DPDK and must be installed separately:
+
+* **NXP Linux SDK**
+
+ NXP Linux software development kit (SDK) includes support for the family
+ of QorIQ® ARM-Architecture-based system on chip (SoC) processors
+ and corresponding boards.
+
+ It includes the Linux board support packages (BSPs) for NXP SoCs,
+ a fully operational tool chain, kernel and board specific modules.
+
+ SDK and related information can be obtained from: `NXP QorIQ SDK <http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX>`_.
+
+* **DPDK Extras Scripts**
+
+ DPAA based resources can be configured easily with the help of ready scripts
+ as provided in the DPDK Extras repository.
+
+ `DPDK Extras Scripts <https://github.com/qoriq-open-source/dpdk-extras>`_.
+
+Currently supported by DPDK:
+
+* NXP SDK **2.0+**.
+* Supported architectures: **arm64 LE**.
+
+* Follow the DPDK :ref:`Getting Started Guide for Linux <linux_gsg>` to setup the basic DPDK environment.
+
+Pre-Installation Configuration
+------------------------------
+
+Config File Options
+~~~~~~~~~~~~~~~~~~~
+
+Basic DPAA config file options are described in :ref:`dpaa_overview`.
+In addition to those, the following options can be modified in the ``config`` file
+to enable DPAA_SEC PMD.
+
+Please note that enabling debugging options may affect system performance.
+
+* ``CONFIG_RTE_LIBRTE_PMD_DPAA_SEC`` (default ``n``)
+ By default it is only enabled in defconfig_arm64-dpaa-* config.
+ Toggle compilation of the ``librte_pmd_dpaa_sec`` driver.
+
+* ``CONFIG_RTE_LIBRTE_DPAA_SEC_DEBUG_INIT`` (default ``n``)
+ Toggle display of initialization related driver messages
+
+* ``CONFIG_RTE_LIBRTE_DPAA_SEC_DEBUG_DRIVER`` (default ``n``)
+ Toggle display of driver runtime messages
+
+* ``CONFIG_RTE_LIBRTE_DPAA_SEC_DEBUG_RX`` (default ``n``)
+ Toggle display of receive fast path run-time message
+
+* ``CONFIG_RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS``
+ By default it is set as 2048 in defconfig_arm64-dpaa-* config.
+ It indicates Number of sessions to create in the session memory pool
+ on a single DPAA SEC device.
+
+Installations
+-------------
+To compile the DPAA_SEC PMD for Linux arm64 gcc target, run the
+following ``make`` command:
+
+.. code-block:: console
+
+ cd <DPDK-source-directory>
+ make config T=arm64-dpaa-linuxapp-gcc install
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 03d8485d..fab07cb2 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -23,6 +23,9 @@ AES CTR (128) = Y
AES CTR (192) = Y
AES CTR (256) = Y
AES DOCSIS BPI = Y
+DES CBC = Y
+DES DOCSIS BPI = Y
+
;
; Supported authentication algorithms of the 'aesni_mb' crypto driver.
;
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 0926887b..18d66cb9 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -10,6 +10,7 @@ Symmetric crypto =
Asymmetric crypto =
Sym operation chaining =
HW Accelerated =
+Protocol offload =
CPU SSE =
CPU AVX =
CPU AVX2 =
@@ -68,3 +69,6 @@ ZUC EIA3 =
AES GCM (128) =
AES GCM (192) =
AES GCM (256) =
+AES CCM (128) =
+AES CCM (192) =
+AES CCM (256) =
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index c3bb3ddc..8fd07d6a 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -7,6 +7,7 @@
Symmetric crypto = Y
Sym operation chaining = Y
HW Accelerated = Y
+Protocol offload = Y
;
; Supported crypto algorithms of the 'dpaa2_sec' crypto driver.
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
new file mode 100644
index 00000000..0e8f5b2a
--- /dev/null
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -0,0 +1,40 @@
+;
+; Supported features of the 'dpaa_sec' crypto driver.
+;
+; Refer to default.ini for the full list of available PMD features.
+;
+[Features]
+Symmetric crypto = Y
+Sym operation chaining = Y
+HW Accelerated = Y
+
+;
+; Supported crypto algorithms of the 'dpaa_sec' crypto driver.
+;
+[Cipher]
+AES CBC (128) = Y
+AES CBC (192) = Y
+AES CBC (256) = Y
+AES CTR (128) = Y
+AES CTR (192) = Y
+AES CTR (256) = Y
+3DES CBC = Y
+
+;
+; Supported authentication algorithms of the 'dpaa_sec' crypto driver.
+;
+[Auth]
+MD5 HMAC = Y
+SHA1 HMAC = Y
+SHA224 HMAC = Y
+SHA256 HMAC = Y
+SHA384 HMAC = Y
+SHA512 HMAC = Y
+
+;
+; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
+;
+[AEAD]
+AES GCM (128) = Y
+AES GCM (192) = Y
+AES GCM (256) = Y
diff --git a/doc/guides/cryptodevs/features/mrvl.ini b/doc/guides/cryptodevs/features/mrvl.ini
new file mode 100644
index 00000000..6d2fe6aa
--- /dev/null
+++ b/doc/guides/cryptodevs/features/mrvl.ini
@@ -0,0 +1,42 @@
+; Supported features of the 'mrvl' crypto driver.
+;
+; Refer to default.ini for the full list of available PMD features.
+;
+[Features]
+Symmetric crypto = Y
+Sym operation chaining = Y
+
+;
+; Supported crypto algorithms of a default crypto driver.
+;
+[Cipher]
+AES CBC (128) = Y
+AES CBC (192) = Y
+AES CBC (256) = Y
+AES CTR (128) = Y
+AES CTR (192) = Y
+AES CTR (256) = Y
+3DES CBC = Y
+3DES CTR = Y
+
+;
+; Supported authentication algorithms of a default crypto driver.
+;
+[Auth]
+MD5 = Y
+MD5 HMAC = Y
+SHA1 = Y
+SHA1 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+AES GMAC = Y
+
+;
+; Supported AEAD algorithms of a default crypto driver.
+;
+[AEAD]
+AES GCM (128) = Y
diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index aeb2a500..385ec4e0 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -45,3 +45,6 @@ AES GMAC = Y
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
diff --git a/doc/guides/cryptodevs/index.rst b/doc/guides/cryptodevs/index.rst
index 361b82dd..6d4e15b9 100644
--- a/doc/guides/cryptodevs/index.rst
+++ b/doc/guides/cryptodevs/index.rst
@@ -40,8 +40,10 @@ Crypto Device Drivers
aesni_gcm
armv8
dpaa2_sec
+ dpaa_sec
kasumi
openssl
+ mrvl
null
scheduler
snow3g
diff --git a/doc/guides/cryptodevs/mrvl.rst b/doc/guides/cryptodevs/mrvl.rst
new file mode 100644
index 00000000..4e992fbb
--- /dev/null
+++ b/doc/guides/cryptodevs/mrvl.rst
@@ -0,0 +1,206 @@
+.. BSD LICENSE
+ Copyright(c) 2017 Marvell International Ltd.
+ Copyright(c) 2017 Semihalf.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+MRVL Crypto Poll Mode Driver
+============================
+
+The MRVL CRYPTO PMD (**librte_crypto_mrvl_pmd**) provides poll mode crypto driver
+support by utilizing MUSDK library, which provides cryptographic operations
+acceleration by using Security Acceleration Engine (EIP197) directly from
+user-space with minimum overhead and high performance.
+
+Features
+--------
+
+MRVL CRYPTO PMD has support for:
+
+* Symmetric crypto
+* Sym operation chaining
+* AES CBC (128)
+* AES CBC (192)
+* AES CBC (256)
+* AES CTR (128)
+* AES CTR (192)
+* AES CTR (256)
+* 3DES CBC
+* 3DES CTR
+* MD5
+* MD5 HMAC
+* SHA1
+* SHA1 HMAC
+* SHA256
+* SHA256 HMAC
+* SHA384
+* SHA384 HMAC
+* SHA512
+* SHA512 HMAC
+* AES GCM (128)
+
+Limitations
+-----------
+
+* Hardware only supports scenarios where ICV (digest buffer) is placed just
+ after the authenticated data. Other placement will result in error.
+
+* Before running crypto test suite it is advised to increase limit of
+ opened files:
+
+ .. code-block:: console
+
+ ulimit -n 20000
+
+Installation
+------------
+
+MRVL CRYPTO PMD driver compilation is disabled by default due to external dependencies.
+Currently there are two driver specific compilation options in
+``config/common_base`` available:
+
+- ``CONFIG_RTE_LIBRTE_MRVL_CRYPTO`` (default ``n``)
+
+ Toggle compilation of the librte_pmd_mrvl driver.
+
+- ``CONFIG_RTE_LIBRTE_MRVL_CRYPTO_DEBUG`` (default ``n``)
+
+ Toggle display of debugging messages.
+
+During compilation external MUSDK library, which provides direct access
+to Marvell's EIP197 cryptographic engine, is necessary. Library sources are
+available `here <https://github.com/MarvellEmbeddedProcessors/musdk-marvell/tree/musdk-armada-17.08>`__.
+
+Alternatively, prebuilt library can be downloaded from
+`Marvell Extranet <https://extranet.marvell.com>`_. Once approval has been
+granted, library can be found by typing ``musdk`` in the search box.
+
+For MUSDK library build instructions please refer to ``doc/musdk_get_started.txt``
+in library sources directory.
+
+MUSDK requires out of tree kernel modules to work. Kernel tree needed to build
+them is available
+`here <https://github.com/MarvellEmbeddedProcessors/linux-marvell/tree/linux-4.4.52-armada-17.08>`__.
+
+Initialization
+--------------
+
+After successfully building MRVL CRYPTO PMD, the following modules need to be
+loaded:
+
+.. code-block:: console
+
+ insmod musdk_uio.ko
+ insmod mvpp2x_sysfs.ko
+ insmod mv_pp_uio.ko
+ insmod mv_sam_uio.ko
+ insmod crypto_safexcel.ko
+
+- `musdk_uio.ko`, `mv_pp2_uio.ko` and `mv_sam_uio.ko` are distributed together with MUSDK library.
+- `crypto_safexcel.ko` is an in-kernel module.
+- `mvpp2x_sysfs.ko` can be build from sources available `here <https://github.com/MarvellEmbeddedProcessors/mvpp2x-marvell/tree/mvpp2x-armada-17.08>`__.
+
+The following parameters (all optional) are exported by the driver:
+
+* max_nb_queue_pairs: maximum number of queue pairs in the device (8 by default).
+* max_nb_sessions: maximum number of sessions that can be created (2048 by default).
+* socket_id: socket on which to allocate the device resources on.
+
+l2fwd-crypto example application can be used to verify MRVL CRYPTO PMD
+operation:
+
+.. code-block:: console
+
+ ./l2fwd-crypto --vdev=net_mrvl,iface=eth0 --vdev=crypto_mrvl -- \
+ --cipher_op ENCRYPT --cipher_algo aes-cbc \
+ --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
+ --auth_op GENERATE --auth_algo sha1-hmac \
+ --auth_key 10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f
+
+Example output:
+
+.. code-block:: console
+
+ [...]
+ AAD: at [0x7f253ceb80], len=
+ P ID 0 configuration ----
+ Port mode : KR
+ MAC status : disabled
+ Link status : link up
+ Port speed : 10G
+ Port duplex : full
+ Port: Egress enable tx_port_num=16 qmap=0x1
+ PORT: Port0 - link
+ P ID 0 configuration ----
+ Port mode : KR
+ MAC status : disabled
+ Link status : link down
+ Port speed : 10G
+ Port duplex : full
+ Port: Egress enable tx_port_num=16 qmap=0x1
+ Port 0, MAC address: 00:50:43:02:21:20
+
+
+ Checking link statusdone
+ Port 0 Link Up - speed 0 Mbps - full-duplex
+ Lcore 0: RX port 0
+ Allocated session pool on socket 0
+ eip197: 0:0 registers: paddr: 0xf2880000, vaddr: 0x0x7f56a80000
+ DMA buffer (131136 bytes) for CDR #0 allocated: paddr = 0xb0585e00, vaddr = 0x7f09384e00
+ DMA buffer (131136 bytes) for RDR #0 allocated: paddr = 0xb05a5f00, vaddr = 0x7f093a4f00
+ DMA buffers allocated for 2049 operations. Tokens - 256 bytes
+ Lcore 0: cryptodev 0
+ L2FWD: lcore 1 has nothing to do
+ L2FWD: lcore 2 has nothing to do
+ L2FWD: lcore 3 has nothing to do
+ L2FWD: entering main loop on lcore 0
+ L2FWD: -- lcoreid=0 portid=0
+ L2FWD: -- lcoreid=0 cryptoid=0
+ Options:-
+ nportmask: ffffffff
+ ports per lcore: 1
+ refresh period : 10000
+ single lcore mode: disabled
+ stats_printing: enabled
+ sessionless crypto: disabled
+
+ Crypto chain: Input --> Encrypt --> Auth generate --> Output
+
+ ---- Cipher information ---
+ Algorithm: aes-cbc
+ Cipher key: at [0x7f56db4e80], len=16
+ 00000000: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ................
+ IV: at [0x7f56db4b80], len=16
+ 00000000: 20 F0 63 0E 45 EB 2D 84 72 D4 13 6E 36 B5 AF FE | .c.E.-.r..n6...
+
+ ---- Authentication information ---
+ Algorithm: sha1-hmac
+ Auth key: at [0x7f56db4d80], len=16
+ 00000000: 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F | ................
+ IV: at [0x7f56db4a80], len=0
+ AAD: at [0x7f253ceb80], len=
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index f18a4567..243ea36a 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -67,6 +67,7 @@ Supported authentication algorithms:
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
Installation
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index a3fce7b8..cb17b6b3 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -90,6 +90,7 @@ Limitations
* No BSD support as BSD QAT kernel driver not available.
* ZUC EEA3/EIA3 is not supported by dh895xcc devices
* Maximum additional authenticated data (AAD) for GCM is 240 bytes long.
+* Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
Installation