1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2015-2019 Intel Corporation. 3 4Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver 5================================================== 6 7QAT documentation consists of three parts: 8 9* Details of the symmetric and asymmetric crypto services below. 10* Details of the :doc:`compression service <../compressdevs/qat_comp>` 11 in the compressdev drivers section. 12* Details of building the common QAT infrastructure and the PMDs to support the 13 above services. See :ref:`building_qat` below. 14 15 16Symmetric Crypto Service on QAT 17------------------------------- 18 19The QAT symmetric crypto PMD (hereafter referred to as `QAT SYM [PMD]`) provides 20poll mode crypto driver support for the following hardware accelerator devices: 21 22* ``Intel QuickAssist Technology DH895xCC`` 23* ``Intel QuickAssist Technology C62x`` 24* ``Intel QuickAssist Technology C3xxx`` 25* ``Intel QuickAssist Technology D15xx`` 26* ``Intel QuickAssist Technology C4xxx`` 27 28 29Features 30~~~~~~~~ 31 32The QAT SYM PMD has support for: 33 34Cipher algorithms: 35 36* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 37* ``RTE_CRYPTO_CIPHER_3DES_CTR`` 38* ``RTE_CRYPTO_CIPHER_AES128_CBC`` 39* ``RTE_CRYPTO_CIPHER_AES192_CBC`` 40* ``RTE_CRYPTO_CIPHER_AES256_CBC`` 41* ``RTE_CRYPTO_CIPHER_AES128_CTR`` 42* ``RTE_CRYPTO_CIPHER_AES192_CTR`` 43* ``RTE_CRYPTO_CIPHER_AES256_CTR`` 44* ``RTE_CRYPTO_CIPHER_AES_XTS`` 45* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2`` 46* ``RTE_CRYPTO_CIPHER_NULL`` 47* ``RTE_CRYPTO_CIPHER_KASUMI_F8`` 48* ``RTE_CRYPTO_CIPHER_DES_CBC`` 49* ``RTE_CRYPTO_CIPHER_AES_DOCSISBPI`` 50* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` 51* ``RTE_CRYPTO_CIPHER_ZUC_EEA3`` 52 53Hash algorithms: 54 55* ``RTE_CRYPTO_AUTH_SHA1`` 56* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 57* ``RTE_CRYPTO_AUTH_SHA224`` 58* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 59* ``RTE_CRYPTO_AUTH_SHA256`` 60* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 61* ``RTE_CRYPTO_AUTH_SHA384`` 62* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 63* ``RTE_CRYPTO_AUTH_SHA512`` 64* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 65* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` 66* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2`` 67* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 68* ``RTE_CRYPTO_AUTH_NULL`` 69* ``RTE_CRYPTO_AUTH_KASUMI_F9`` 70* ``RTE_CRYPTO_AUTH_AES_GMAC`` 71* ``RTE_CRYPTO_AUTH_ZUC_EIA3`` 72* ``RTE_CRYPTO_AUTH_AES_CMAC`` 73 74Supported AEAD algorithms: 75 76* ``RTE_CRYPTO_AEAD_AES_GCM`` 77* ``RTE_CRYPTO_AEAD_AES_CCM`` 78* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305`` 79 80Protocol offloads: 81 82* ``RTE_SECURITY_PROTOCOL_DOCSIS`` 83 84Supported Chains 85~~~~~~~~~~~~~~~~ 86 87All the usual chains are supported and also some mixed chains: 88 89.. table:: Supported hash-cipher chains for wireless digest-encrypted cases 90 91 +------------------+-----------+-------------+----------+----------+ 92 | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC | 93 +==================+===========+=============+==========+==========+ 94 | NULL CIPHER | Y | 2&3 | 2&3 | Y | 95 +------------------+-----------+-------------+----------+----------+ 96 | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 | 97 +------------------+-----------+-------------+----------+----------+ 98 | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 | 99 +------------------+-----------+-------------+----------+----------+ 100 | AES CTR | Y | 2&3 | 2&3 | Y | 101 +------------------+-----------+-------------+----------+----------+ 102 103* The combinations marked as "Y" are supported on all QAT hardware versions. 104* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only. 105 106 107Limitations 108~~~~~~~~~~~ 109 110* Only supports the session-oriented API implementation (session-less APIs are not supported). 111* SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple. 112* SNOW 3G (UIA2) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple. 113* No BSD support as BSD QAT kernel driver not available. 114* ZUC EEA3/EIA3 is not supported by dh895xcc devices 115* Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros. 116* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single 117 queue-pair all enqueues to the TX queue must be done from one thread and all dequeues 118 from the RX queue must be done from one thread, but enqueues and dequeues may be done 119 in different threads.) 120* A GCM limitation exists, but only in the case where there are multiple 121 generations of QAT devices on a single platform. 122 To optimise performance, the GCM crypto session should be initialised for the 123 device generation to which the ops will be enqueued. Specifically if a GCM 124 session is initialised on a GEN2 device, but then attached to an op enqueued 125 to a GEN3 device, it will work but cannot take advantage of hardware 126 optimisations in the GEN3 device. And if a GCM session is initialised on a 127 GEN3 device, then attached to an op sent to a GEN1/GEN2 device, it will not be 128 enqueued to the device and will be marked as failed. The simplest way to 129 mitigate this is to use the bdf whitelist to avoid mixing devices of different 130 generations in the same process if planning to use for GCM. 131* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check 132 the notes under the Available Kernel Drivers table below for specific details. 133* Out-of-place is not supported for combined Crypto-CRC DOCSIS security 134 protocol. 135* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC 136 DOCSIS security protocol. 137* Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS 138 security protocol. 139 140Extra notes on KASUMI F9 141~~~~~~~~~~~~~~~~~~~~~~~~ 142 143When using KASUMI F9 authentication algorithm, the input buffer must be 144constructed according to the 145`3GPP KASUMI specification <http://cryptome.org/3gpp/35201-900.pdf>`_ 146(section 4.4, page 13). The input buffer has to have COUNT (4 bytes), 147FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) concatenated. After the DIRECTION 148bit, a single '1' bit is appended, followed by between 0 and 7 '0' bits, so that 149the total length of the buffer is multiple of 8 bits. Note that the actual 150message can be any length, specified in bits. 151 152Once this buffer is passed this way, when creating the crypto operation, 153length of data to authenticate "op.sym.auth.data.length" must be the length 154of all the items described above, including the padding at the end. 155Also, offset of data to authenticate "op.sym.auth.data.offset" 156must be such that points at the start of the COUNT bytes. 157 158Asymmetric Crypto Service on QAT 159-------------------------------- 160 161The QAT asymmetric crypto PMD (hereafter referred to as `QAT ASYM [PMD]`) provides 162poll mode crypto driver support for the following hardware accelerator devices: 163 164* ``Intel QuickAssist Technology DH895xCC`` 165* ``Intel QuickAssist Technology C62x`` 166* ``Intel QuickAssist Technology C3xxx`` 167* ``Intel QuickAssist Technology D15xx`` 168* ``Intel QuickAssist Technology C4xxx`` 169 170The QAT ASYM PMD has support for: 171 172* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` 173* ``RTE_CRYPTO_ASYM_XFORM_MODINV`` 174 175Limitations 176~~~~~~~~~~~ 177 178* Big integers longer than 4096 bits are not supported. 179* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single 180 queue-pair all enqueues to the TX queue must be done from one thread and all dequeues 181 from the RX queue must be done from one thread, but enqueues and dequeues may be done 182 in different threads.) 183* RSA-2560, RSA-3584 are not supported 184 185.. _building_qat: 186 187Building PMDs on QAT 188-------------------- 189 190A QAT device can host multiple acceleration services: 191 192* symmetric cryptography 193* data compression 194* asymmetric cryptography 195 196These services are provided to DPDK applications via PMDs which register to 197implement the corresponding cryptodev and compressdev APIs. The PMDs use 198common QAT driver code which manages the QAT PCI device. They also depend on a 199QAT kernel driver being installed on the platform, see :ref:`qat_kernel` below. 200 201 202Configuring and Building the DPDK QAT PMDs 203~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 204 205 206Further information on configuring, building and installing DPDK is described 207:doc:`here <../linux_gsg/build_dpdk>`. 208 209 210Quick instructions for QAT cryptodev PMD are as follows: 211 212.. code-block:: console 213 214 cd to the top-level DPDK directory 215 make defconfig 216 sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_SYM\)=n,\1=y,' build/.config 217 or/and 218 sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM\)=n,\1=y,' build/.config 219 make 220 221Quick instructions for QAT compressdev PMD are as follows: 222 223.. code-block:: console 224 225 cd to the top-level DPDK directory 226 make defconfig 227 make 228 229 230.. _building_qat_config: 231 232Build Configuration 233~~~~~~~~~~~~~~~~~~~ 234 235These are the build configuration options affecting QAT, and their default values: 236 237.. code-block:: console 238 239 CONFIG_RTE_LIBRTE_PMD_QAT=y 240 CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n 241 CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n 242 CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES=48 243 CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE=65536 244 245CONFIG_RTE_LIBRTE_PMD_QAT must be enabled for any QAT PMD to be built. 246 247Both QAT SYM PMD and QAT ASYM PMD have an external dependency on libcrypto, so are not 248built by default. CONFIG_RTE_LIBRTE_PMD_QAT_SYM/ASYM should be enabled to build them. 249 250The QAT compressdev PMD has no external dependencies, so needs no configuration 251options and is built by default. 252 253The number of VFs per PF varies - see table below. If multiple QAT packages are 254installed on a platform then CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES should be 255adjusted to the number of VFs which the QAT common code will need to handle. 256 257.. Note:: 258 259 There are separate config items (not QAT-specific) for max cryptodevs 260 CONFIG_RTE_CRYPTO_MAX_DEVS and max compressdevs CONFIG_RTE_COMPRESS_MAX_DEVS, 261 if necessary these should be adjusted to handle the total of QAT and other 262 devices which the process will use. In particular for crypto, where each 263 QAT VF may expose two crypto devices, sym and asym, it may happen that the 264 number of devices will be bigger than MAX_DEVS and the process will show an error 265 during PMD initialisation. To avoid this problem CONFIG_RTE_CRYPTO_MAX_DEVS may be 266 increased or -w, pci-whitelist domain:bus:devid:func option may be used. 267 268 269QAT compression PMD needs intermediate buffers to support Deflate compression 270with Dynamic Huffman encoding. CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE 271specifies the size of a single buffer, the PMD will allocate a multiple of these, 272plus some extra space for associated meta-data. For GEN2 devices, 20 buffers are 273allocated while for GEN1 devices, 12 buffers are allocated, plus 1472 bytes overhead. 274 275.. Note:: 276 277 If the compressed output of a Deflate operation using Dynamic Huffman 278 Encoding is too big to fit in an intermediate buffer, then the 279 operation will be split into smaller operations and their results will 280 be merged afterwards. 281 This is not possible if any checksum calculation was requested - in such 282 case the code falls back to fixed compression. 283 To avoid this less performant case, applications should configure 284 the intermediate buffer size to be larger than the expected input data size 285 (compressed output size is usually unknown, so the only option is to make 286 larger than the input size). 287 288 289Running QAT PMD with minimum threshold for burst size 290~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 291 292If only a small number or packets can be enqueued. Each enqueue causes an expensive MMIO write. 293These MMIO write occurrences can be optimised by setting any of the following parameters: 294 295- qat_sym_enq_threshold 296- qat_asym_enq_threshold 297- qat_comp_enq_threshold 298 299When any of these parameters is set rte_cryptodev_enqueue_burst function will 300return 0 (thereby avoiding an MMIO) if the device is congested and number of packets 301possible to enqueue is smaller. 302To use this feature the user must set the parameter on process start as a device additional parameter:: 303 304 -w 03:01.1,qat_sym_enq_threshold=32,qat_comp_enq_threshold=16 305 306All parameters can be used with the same device regardless of order. Parameters are separated 307by comma. When the same parameter is used more than once first occurrence of the parameter 308is used. 309Maximum threshold that can be set is 32. 310 311 312Device and driver naming 313~~~~~~~~~~~~~~~~~~~~~~~~ 314 315* The qat cryptodev symmetric crypto driver name is "crypto_qat". 316* The qat cryptodev asymmetric crypto driver name is "crypto_qat_asym". 317 318The "rte_cryptodev_devices_get()" returns the devices exposed by either of these drivers. 319 320* Each qat sym crypto device has a unique name, in format 321 "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_sym". 322* Each qat asym crypto device has a unique name, in format 323 "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_asym". 324 This name can be passed to "rte_cryptodev_get_dev_id()" to get the device_id. 325 326.. Note:: 327 328 The cryptodev driver name is passed to the dpdk-test-crypto-perf tool in the "-devtype" parameter. 329 330 The qat crypto device name is in the format of the slave parameter passed to the crypto scheduler. 331 332* The qat compressdev driver name is "compress_qat". 333 The rte_compressdev_devices_get() returns the devices exposed by this driver. 334 335* Each qat compression device has a unique name, in format 336 <pci bdf>_<service>, e.g. "0000:41:01.0_qat_comp". 337 This name can be passed to rte_compressdev_get_dev_id() to get the device_id. 338 339.. _qat_kernel: 340 341Dependency on the QAT kernel driver 342~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 343 344To use QAT an SRIOV-enabled QAT kernel driver is required. The VF 345devices created and initialised by this driver will be used by the QAT PMDs. 346 347Instructions for installation are below, but first an explanation of the 348relationships between the PF/VF devices and the PMDs visible to 349DPDK applications. 350 351Each QuickAssist PF device exposes a number of VF devices. Each VF device can 352enable one symmetric cryptodev PMD and/or one asymmetric cryptodev PMD and/or 353one compressdev PMD. 354These QAT PMDs share the same underlying device and pci-mgmt code, but are 355enumerated independently on their respective APIs and appear as independent 356devices to applications. 357 358.. Note:: 359 360 Each VF can only be used by one DPDK process. It is not possible to share 361 the same VF across multiple processes, even if these processes are using 362 different acceleration services. 363 364 Conversely one DPDK process can use one or more QAT VFs and can expose both 365 cryptodev and compressdev instances on each of those VFs. 366 367 368Available kernel drivers 369~~~~~~~~~~~~~~~~~~~~~~~~ 370 371Kernel drivers for each device for each service are listed in the following table. (Scroll right 372to see the full table) 373 374 375.. _table_qat_pmds_drivers: 376 377.. table:: QAT device generations, devices and drivers 378 379 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 380 | S | A | C | Gen | Device | Driver/ver | Kernel Module | Pci Driver | PF Did | #PFs | VF Did | VFs/PF | 381 +=====+=====+=====+=====+==========+===============+===============+============+========+======+========+========+ 382 | Yes | No | No | 1 | DH895xCC | linux/4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 | 383 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 384 | Yes | Yes | No | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | 385 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 386 | Yes | Yes | Yes | " | " | 01.org/4.3.0+ | " | " | " | " | " | " | 387 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 388 | Yes | No | No | 2 | C62x | linux/4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 | 389 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 390 | Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | 391 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 392 | Yes | No | No | 2 | C3xxx | linux/4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 | 393 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 394 | Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | 395 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 396 | Yes | No | No | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | 397 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 398 | Yes | No | No | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 | 399 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 400 401* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+ 402 403The first 3 columns indicate the service: 404 405* S = Symmetric crypto service (via cryptodev API) 406* A = Asymmetric crypto service (via cryptodev API) 407* C = Compression service (via compressdev API) 408 409The ``Driver`` column indicates either the Linux kernel version in which 410support for this device was introduced or a driver available on Intel's 01.org 411website. There are both linux in-tree and 01.org kernel drivers available for some 412devices. p = release pending. 413 414If you are running on a kernel which includes a driver for your device, see 415`Installation using kernel.org driver`_ below. Otherwise see 416`Installation using 01.org QAT driver`_. 417 418 419Installation using kernel.org driver 420~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 421 422The examples below are based on the C62x device, if you have a different device 423use the corresponding values in the above table. 424 425In BIOS ensure that SRIOV is enabled and either: 426 427* Disable VT-d or 428* Enable VT-d and set ``"intel_iommu=on iommu=pt"`` in the grub file. 429 430Check that the QAT driver is loaded on your system, by executing:: 431 432 lsmod | grep qa 433 434You should see the kernel module for your device listed, e.g.:: 435 436 qat_c62x 5626 0 437 intel_qat 82336 1 qat_c62x 438 439Next, you need to expose the Virtual Functions (VFs) using the sysfs file system. 440 441First find the BDFs (Bus-Device-Function) of the physical functions (PFs) of 442your device, e.g.:: 443 444 lspci -d:37c8 445 446You should see output similar to:: 447 448 1a:00.0 Co-processor: Intel Corporation Device 37c8 449 3d:00.0 Co-processor: Intel Corporation Device 37c8 450 3f:00.0 Co-processor: Intel Corporation Device 37c8 451 452Enable the VFs for each PF by echoing the number of VFs per PF to the pci driver:: 453 454 echo 16 > /sys/bus/pci/drivers/c6xx/0000:1a:00.0/sriov_numvfs 455 echo 16 > /sys/bus/pci/drivers/c6xx/0000:3d:00.0/sriov_numvfs 456 echo 16 > /sys/bus/pci/drivers/c6xx/0000:3f:00.0/sriov_numvfs 457 458Check that the VFs are available for use. For example ``lspci -d:37c9`` should 459list 48 VF devices available for a ``C62x`` device. 460 461To complete the installation follow the instructions in 462`Binding the available VFs to the DPDK UIO driver`_. 463 464.. Note:: 465 466 If the QAT kernel modules are not loaded and you see an error like ``Failed 467 to load MMP firmware qat_895xcc_mmp.bin`` in kernel logs, this may be as a 468 result of not using a distribution, but just updating the kernel directly. 469 470 Download firmware from the `kernel firmware repo 471 <http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/>`_. 472 473 Copy qat binaries to ``/lib/firmware``:: 474 475 cp qat_895xcc.bin /lib/firmware 476 cp qat_895xcc_mmp.bin /lib/firmware 477 478 Change to your linux source root directory and start the qat kernel modules:: 479 480 insmod ./drivers/crypto/qat/qat_common/intel_qat.ko 481 insmod ./drivers/crypto/qat/qat_dh895xcc/qat_dh895xcc.ko 482 483 484.. Note:: 485 486 If you see the following warning in ``/var/log/messages`` it can be ignored: 487 ``IOMMU should be enabled for SR-IOV to work correctly``. 488 489 490Installation using 01.org QAT driver 491~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 492 493Download the latest QuickAssist Technology Driver from `01.org 494<https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches>`_. 495Consult the *Getting Started Guide* at the same URL for further information. 496 497The steps below assume you are: 498 499* Building on a platform with one ``C62x`` device. 500* Using package ``qat1.7.l.4.2.0-000xx.tar.gz``. 501* On Fedora26 kernel ``4.11.11-300.fc26.x86_64``. 502 503In the BIOS ensure that SRIOV is enabled and VT-d is disabled. 504 505Uninstall any existing QAT driver, for example by running: 506 507* ``./installer.sh uninstall`` in the directory where originally installed. 508 509 510Build and install the SRIOV-enabled QAT driver:: 511 512 mkdir /QAT 513 cd /QAT 514 515 # Copy the package to this location and unpack 516 tar zxof qat1.7.l.4.2.0-000xx.tar.gz 517 518 ./configure --enable-icp-sriov=host 519 make install 520 521You can use ``cat /sys/kernel/debug/qat<your device type and bdf>/version/fw`` to confirm the driver is correctly installed and is using firmware version 4.2.0. 522You can use ``lspci -d:37c9`` to confirm the presence of the 16 VF devices available per ``C62x`` PF. 523 524Confirm the driver is correctly installed and is using firmware version 4.2.0:: 525 526 cat /sys/kernel/debug/qat<your device type and bdf>/version/fw 527 528 529Confirm the presence of 48 VF devices - 16 per PF:: 530 531 lspci -d:37c9 532 533 534To complete the installation - follow instructions in `Binding the available VFs to the DPDK UIO driver`_. 535 536.. Note:: 537 538 If using a later kernel and the build fails with an error relating to 539 ``strict_stroul`` not being available apply the following patch: 540 541 .. code-block:: diff 542 543 /QAT/QAT1.6/quickassist/utilities/downloader/Target_CoreLibs/uclo/include/linux/uclo_platform.h 544 + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,18,5) 545 + #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; if (kstrtoul((str), (base), (num))) printk("Error strtoull convert %s\n", str); } 546 + #else 547 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38) 548 #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; if (strict_strtoull((str), (base), (num))) printk("Error strtoull convert %s\n", str); } 549 #else 550 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) 551 #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; strict_strtoll((str), (base), (num));} 552 #else 553 #define STR_TO_64(str, base, num, endPtr) \ 554 do { \ 555 if (str[0] == '-') \ 556 { \ 557 *(num) = -(simple_strtoull((str+1), &(endPtr), (base))); \ 558 }else { \ 559 *(num) = simple_strtoull((str), &(endPtr), (base)); \ 560 } \ 561 } while(0) 562 + #endif 563 #endif 564 #endif 565 566 567.. Note:: 568 569 If the build fails due to missing header files you may need to do following:: 570 571 sudo yum install zlib-devel 572 sudo yum install openssl-devel 573 sudo yum install libudev-devel 574 575.. Note:: 576 577 If the build or install fails due to mismatching kernel sources you may need to do the following:: 578 579 sudo yum install kernel-headers-`uname -r` 580 sudo yum install kernel-src-`uname -r` 581 sudo yum install kernel-devel-`uname -r` 582 583 584Binding the available VFs to the DPDK UIO driver 585~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 586 587Unbind the VFs from the stock driver so they can be bound to the uio driver. 588 589For an Intel(R) QuickAssist Technology DH895xCC device 590^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 591 592The unbind command below assumes ``BDFs`` of ``03:01.00-03:04.07``, if your 593VFs are different adjust the unbind command below:: 594 595 for device in $(seq 1 4); do \ 596 for fn in $(seq 0 7); do \ 597 echo -n 0000:03:0${device}.${fn} > \ 598 /sys/bus/pci/devices/0000\:03\:0${device}.${fn}/driver/unbind; \ 599 done; \ 600 done 601 602For an Intel(R) QuickAssist Technology C62x device 603^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 604 605The unbind command below assumes ``BDFs`` of ``1a:01.00-1a:02.07``, 606``3d:01.00-3d:02.07`` and ``3f:01.00-3f:02.07``, if your VFs are different 607adjust the unbind command below:: 608 609 for device in $(seq 1 2); do \ 610 for fn in $(seq 0 7); do \ 611 echo -n 0000:1a:0${device}.${fn} > \ 612 /sys/bus/pci/devices/0000\:1a\:0${device}.${fn}/driver/unbind; \ 613 614 echo -n 0000:3d:0${device}.${fn} > \ 615 /sys/bus/pci/devices/0000\:3d\:0${device}.${fn}/driver/unbind; \ 616 617 echo -n 0000:3f:0${device}.${fn} > \ 618 /sys/bus/pci/devices/0000\:3f\:0${device}.${fn}/driver/unbind; \ 619 done; \ 620 done 621 622For Intel(R) QuickAssist Technology C3xxx or D15xx device 623^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 624 625The unbind command below assumes ``BDFs`` of ``01:01.00-01:02.07``, if your 626VFs are different adjust the unbind command below:: 627 628 for device in $(seq 1 2); do \ 629 for fn in $(seq 0 7); do \ 630 echo -n 0000:01:0${device}.${fn} > \ 631 /sys/bus/pci/devices/0000\:01\:0${device}.${fn}/driver/unbind; \ 632 done; \ 633 done 634 635Bind to the DPDK uio driver 636^^^^^^^^^^^^^^^^^^^^^^^^^^^ 637 638Install the DPDK igb_uio driver, bind the VF PCI Device id to it and use lspci 639to confirm the VF devices are now in use by igb_uio kernel driver, 640e.g. for the C62x device:: 641 642 cd to the top-level DPDK directory 643 modprobe uio 644 insmod ./build/kmod/igb_uio.ko 645 echo "8086 37c9" > /sys/bus/pci/drivers/igb_uio/new_id 646 lspci -vvd:37c9 647 648 649Another way to bind the VFs to the DPDK UIO driver is by using the 650``dpdk-devbind.py`` script:: 651 652 cd to the top-level DPDK directory 653 ./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1 654 655Testing 656~~~~~~~ 657 658QAT SYM crypto PMD can be tested by running the test application:: 659 660 make defconfig 661 make -j 662 cd ./build/app 663 ./test -l1 -n1 -w <your qat bdf> 664 RTE>>cryptodev_qat_autotest 665 666QAT ASYM crypto PMD can be tested by running the test application:: 667 668 make defconfig 669 make -j 670 cd ./build/app 671 ./test -l1 -n1 -w <your qat bdf> 672 RTE>>cryptodev_qat_asym_autotest 673 674QAT compression PMD can be tested by running the test application:: 675 676 make defconfig 677 sed -i 's,\(CONFIG_RTE_COMPRESSDEV_TEST\)=n,\1=y,' build/.config 678 make -j 679 cd ./build/app 680 ./test -l1 -n1 -w <your qat bdf> 681 RTE>>compressdev_autotest 682 683 684Debugging 685~~~~~~~~~ 686 687There are 2 sets of trace available via the dynamic logging feature: 688 689* pmd.qat_dp exposes trace on the data-path. 690* pmd.qat_general exposes all other trace. 691 692pmd.qat exposes both sets of traces. 693They can be enabled using the log-level option (where 8=maximum log level) on 694the process cmdline, e.g. using any of the following:: 695 696 --log-level="pmd.qat_general,8" 697 --log-level="pmd.qat_dp,8" 698 --log-level="pmd.qat,8" 699 700.. Note:: 701 702 The global RTE_LOG_DP_LEVEL overrides data-path trace so must be set to 703 RTE_LOG_DEBUG to see all the trace. This variable is in config/rte_config.h 704 for meson build and config/common_base for gnu make. 705 Also the dynamic global log level overrides both sets of trace, so e.g. no 706 QAT trace would display in this case:: 707 708 --log-level="7" --log-level="pmd.qat_general,8" 709