1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2015-2019 Intel Corporation. 3 4Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver 5================================================== 6 7QAT documentation consists of three parts: 8 9* Details of the symmetric and asymmetric crypto services below. 10* Details of the :doc:`compression service <../compressdevs/qat_comp>` 11 in the compressdev drivers section. 12* Details of building the common QAT infrastructure and the PMDs to support the 13 above services. See :ref:`building_qat` below. 14 15 16Symmetric Crypto Service on QAT 17------------------------------- 18 19The QAT symmetric crypto PMD (hereafter referred to as `QAT SYM [PMD]`) provides 20poll mode crypto driver support for the following hardware accelerator devices: 21 22* ``Intel QuickAssist Technology DH895xCC`` 23* ``Intel QuickAssist Technology C62x`` 24* ``Intel QuickAssist Technology C3xxx`` 25* ``Intel QuickAssist Technology D15xx`` 26* ``Intel QuickAssist Technology C4xxx`` 27 28 29Features 30~~~~~~~~ 31 32The QAT SYM PMD has support for: 33 34Cipher algorithms: 35 36* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 37* ``RTE_CRYPTO_CIPHER_3DES_CTR`` 38* ``RTE_CRYPTO_CIPHER_AES128_CBC`` 39* ``RTE_CRYPTO_CIPHER_AES192_CBC`` 40* ``RTE_CRYPTO_CIPHER_AES256_CBC`` 41* ``RTE_CRYPTO_CIPHER_AES128_CTR`` 42* ``RTE_CRYPTO_CIPHER_AES192_CTR`` 43* ``RTE_CRYPTO_CIPHER_AES256_CTR`` 44* ``RTE_CRYPTO_CIPHER_AES_XTS`` 45* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2`` 46* ``RTE_CRYPTO_CIPHER_NULL`` 47* ``RTE_CRYPTO_CIPHER_KASUMI_F8`` 48* ``RTE_CRYPTO_CIPHER_DES_CBC`` 49* ``RTE_CRYPTO_CIPHER_AES_DOCSISBPI`` 50* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` 51* ``RTE_CRYPTO_CIPHER_ZUC_EEA3`` 52 53Hash algorithms: 54 55* ``RTE_CRYPTO_AUTH_SHA1`` 56* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 57* ``RTE_CRYPTO_AUTH_SHA224`` 58* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 59* ``RTE_CRYPTO_AUTH_SHA256`` 60* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 61* ``RTE_CRYPTO_AUTH_SHA384`` 62* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 63* ``RTE_CRYPTO_AUTH_SHA512`` 64* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 65* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` 66* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2`` 67* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 68* ``RTE_CRYPTO_AUTH_NULL`` 69* ``RTE_CRYPTO_AUTH_KASUMI_F9`` 70* ``RTE_CRYPTO_AUTH_AES_GMAC`` 71* ``RTE_CRYPTO_AUTH_ZUC_EIA3`` 72* ``RTE_CRYPTO_AUTH_AES_CMAC`` 73 74Supported AEAD algorithms: 75 76* ``RTE_CRYPTO_AEAD_AES_GCM`` 77* ``RTE_CRYPTO_AEAD_AES_CCM`` 78* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305`` 79 80Protocol offloads: 81 82* ``RTE_SECURITY_PROTOCOL_DOCSIS`` 83 84Supported Chains 85~~~~~~~~~~~~~~~~ 86 87All the usual chains are supported and also some mixed chains: 88 89.. table:: Supported hash-cipher chains for wireless digest-encrypted cases 90 91 +------------------+-----------+-------------+----------+----------+ 92 | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC | 93 +==================+===========+=============+==========+==========+ 94 | NULL CIPHER | Y | 2&3 | 2&3 | Y | 95 +------------------+-----------+-------------+----------+----------+ 96 | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 | 97 +------------------+-----------+-------------+----------+----------+ 98 | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 | 99 +------------------+-----------+-------------+----------+----------+ 100 | AES CTR | Y | 2&3 | 2&3 | Y | 101 +------------------+-----------+-------------+----------+----------+ 102 103* The combinations marked as "Y" are supported on all QAT hardware versions. 104* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only. 105 106 107Limitations 108~~~~~~~~~~~ 109 110* Only supports the session-oriented API implementation (session-less APIs are not supported). 111* SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple. 112* SNOW 3G (UIA2) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple. 113* No BSD support as BSD QAT kernel driver not available. 114* ZUC EEA3/EIA3 is not supported by dh895xcc devices 115* Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros. 116* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single 117 queue-pair all enqueues to the TX queue must be done from one thread and all dequeues 118 from the RX queue must be done from one thread, but enqueues and dequeues may be done 119 in different threads.) 120* A GCM limitation exists, but only in the case where there are multiple 121 generations of QAT devices on a single platform. 122 To optimise performance, the GCM crypto session should be initialised for the 123 device generation to which the ops will be enqueued. Specifically if a GCM 124 session is initialised on a GEN2 device, but then attached to an op enqueued 125 to a GEN3 device, it will work but cannot take advantage of hardware 126 optimisations in the GEN3 device. And if a GCM session is initialised on a 127 GEN3 device, then attached to an op sent to a GEN1/GEN2 device, it will not be 128 enqueued to the device and will be marked as failed. The simplest way to 129 mitigate this is to use the bdf whitelist to avoid mixing devices of different 130 generations in the same process if planning to use for GCM. 131* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check 132 the notes under the Available Kernel Drivers table below for specific details. 133* Out-of-place is not supported for combined Crypto-CRC DOCSIS security 134 protocol. 135* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC 136 DOCSIS security protocol. 137 138Extra notes on KASUMI F9 139~~~~~~~~~~~~~~~~~~~~~~~~ 140 141When using KASUMI F9 authentication algorithm, the input buffer must be 142constructed according to the 143`3GPP KASUMI specification <http://cryptome.org/3gpp/35201-900.pdf>`_ 144(section 4.4, page 13). The input buffer has to have COUNT (4 bytes), 145FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) concatenated. After the DIRECTION 146bit, a single '1' bit is appended, followed by between 0 and 7 '0' bits, so that 147the total length of the buffer is multiple of 8 bits. Note that the actual 148message can be any length, specified in bits. 149 150Once this buffer is passed this way, when creating the crypto operation, 151length of data to authenticate "op.sym.auth.data.length" must be the length 152of all the items described above, including the padding at the end. 153Also, offset of data to authenticate "op.sym.auth.data.offset" 154must be such that points at the start of the COUNT bytes. 155 156Asymmetric Crypto Service on QAT 157-------------------------------- 158 159The QAT asymmetric crypto PMD (hereafter referred to as `QAT ASYM [PMD]`) provides 160poll mode crypto driver support for the following hardware accelerator devices: 161 162* ``Intel QuickAssist Technology DH895xCC`` 163* ``Intel QuickAssist Technology C62x`` 164* ``Intel QuickAssist Technology C3xxx`` 165* ``Intel QuickAssist Technology D15xx`` 166* ``Intel QuickAssist Technology C4xxx`` 167 168The QAT ASYM PMD has support for: 169 170* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` 171* ``RTE_CRYPTO_ASYM_XFORM_MODINV`` 172 173Limitations 174~~~~~~~~~~~ 175 176* Big integers longer than 4096 bits are not supported. 177* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single 178 queue-pair all enqueues to the TX queue must be done from one thread and all dequeues 179 from the RX queue must be done from one thread, but enqueues and dequeues may be done 180 in different threads.) 181* RSA-2560, RSA-3584 are not supported 182 183.. _building_qat: 184 185Building PMDs on QAT 186-------------------- 187 188A QAT device can host multiple acceleration services: 189 190* symmetric cryptography 191* data compression 192* asymmetric cryptography 193 194These services are provided to DPDK applications via PMDs which register to 195implement the corresponding cryptodev and compressdev APIs. The PMDs use 196common QAT driver code which manages the QAT PCI device. They also depend on a 197QAT kernel driver being installed on the platform, see :ref:`qat_kernel` below. 198 199 200Configuring and Building the DPDK QAT PMDs 201~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 202 203 204Further information on configuring, building and installing DPDK is described 205:doc:`here <../linux_gsg/build_dpdk>`. 206 207 208Quick instructions for QAT cryptodev PMD are as follows: 209 210.. code-block:: console 211 212 cd to the top-level DPDK directory 213 make defconfig 214 sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_SYM\)=n,\1=y,' build/.config 215 or/and 216 sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM\)=n,\1=y,' build/.config 217 make 218 219Quick instructions for QAT compressdev PMD are as follows: 220 221.. code-block:: console 222 223 cd to the top-level DPDK directory 224 make defconfig 225 make 226 227 228.. _building_qat_config: 229 230Build Configuration 231~~~~~~~~~~~~~~~~~~~ 232 233These are the build configuration options affecting QAT, and their default values: 234 235.. code-block:: console 236 237 CONFIG_RTE_LIBRTE_PMD_QAT=y 238 CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n 239 CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n 240 CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES=48 241 CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE=65536 242 243CONFIG_RTE_LIBRTE_PMD_QAT must be enabled for any QAT PMD to be built. 244 245Both QAT SYM PMD and QAT ASYM PMD have an external dependency on libcrypto, so are not 246built by default. CONFIG_RTE_LIBRTE_PMD_QAT_SYM/ASYM should be enabled to build them. 247 248The QAT compressdev PMD has no external dependencies, so needs no configuration 249options and is built by default. 250 251The number of VFs per PF varies - see table below. If multiple QAT packages are 252installed on a platform then CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES should be 253adjusted to the number of VFs which the QAT common code will need to handle. 254 255.. Note:: 256 257 There are separate config items (not QAT-specific) for max cryptodevs 258 CONFIG_RTE_CRYPTO_MAX_DEVS and max compressdevs CONFIG_RTE_COMPRESS_MAX_DEVS, 259 if necessary these should be adjusted to handle the total of QAT and other 260 devices which the process will use. In particular for crypto, where each 261 QAT VF may expose two crypto devices, sym and asym, it may happen that the 262 number of devices will be bigger than MAX_DEVS and the process will show an error 263 during PMD initialisation. To avoid this problem CONFIG_RTE_CRYPTO_MAX_DEVS may be 264 increased or -w, pci-whitelist domain:bus:devid:func option may be used. 265 266 267QAT compression PMD needs intermediate buffers to support Deflate compression 268with Dynamic Huffman encoding. CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE 269specifies the size of a single buffer, the PMD will allocate a multiple of these, 270plus some extra space for associated meta-data. For GEN2 devices, 20 buffers are 271allocated while for GEN1 devices, 12 buffers are allocated, plus 1472 bytes overhead. 272 273.. Note:: 274 275 If the compressed output of a Deflate operation using Dynamic Huffman 276 Encoding is too big to fit in an intermediate buffer, then the 277 operation will be split into smaller operations and their results will 278 be merged afterwards. 279 This is not possible if any checksum calculation was requested - in such 280 case the code falls back to fixed compression. 281 To avoid this less performant case, applications should configure 282 the intermediate buffer size to be larger than the expected input data size 283 (compressed output size is usually unknown, so the only option is to make 284 larger than the input size). 285 286 287Running QAT PMD with minimum threshold for burst size 288~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 289 290If only a small number or packets can be enqueued. Each enqueue causes an expensive MMIO write. 291These MMIO write occurrences can be optimised by setting any of the following parameters: 292 293- qat_sym_enq_threshold 294- qat_asym_enq_threshold 295- qat_comp_enq_threshold 296 297When any of these parameters is set rte_cryptodev_enqueue_burst function will 298return 0 (thereby avoiding an MMIO) if the device is congested and number of packets 299possible to enqueue is smaller. 300To use this feature the user must set the parameter on process start as a device additional parameter:: 301 302 -w 03:01.1,qat_sym_enq_threshold=32,qat_comp_enq_threshold=16 303 304All parameters can be used with the same device regardless of order. Parameters are separated 305by comma. When the same parameter is used more than once first occurrence of the parameter 306is used. 307Maximum threshold that can be set is 32. 308 309 310Device and driver naming 311~~~~~~~~~~~~~~~~~~~~~~~~ 312 313* The qat cryptodev symmetric crypto driver name is "crypto_qat". 314* The qat cryptodev asymmetric crypto driver name is "crypto_qat_asym". 315 316The "rte_cryptodev_devices_get()" returns the devices exposed by either of these drivers. 317 318* Each qat sym crypto device has a unique name, in format 319 "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_sym". 320* Each qat asym crypto device has a unique name, in format 321 "<pci bdf>_<service>", e.g. "0000:41:01.0_qat_asym". 322 This name can be passed to "rte_cryptodev_get_dev_id()" to get the device_id. 323 324.. Note:: 325 326 The cryptodev driver name is passed to the dpdk-test-crypto-perf tool in the "-devtype" parameter. 327 328 The qat crypto device name is in the format of the slave parameter passed to the crypto scheduler. 329 330* The qat compressdev driver name is "compress_qat". 331 The rte_compressdev_devices_get() returns the devices exposed by this driver. 332 333* Each qat compression device has a unique name, in format 334 <pci bdf>_<service>, e.g. "0000:41:01.0_qat_comp". 335 This name can be passed to rte_compressdev_get_dev_id() to get the device_id. 336 337.. _qat_kernel: 338 339Dependency on the QAT kernel driver 340~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 341 342To use QAT an SRIOV-enabled QAT kernel driver is required. The VF 343devices created and initialised by this driver will be used by the QAT PMDs. 344 345Instructions for installation are below, but first an explanation of the 346relationships between the PF/VF devices and the PMDs visible to 347DPDK applications. 348 349Each QuickAssist PF device exposes a number of VF devices. Each VF device can 350enable one symmetric cryptodev PMD and/or one asymmetric cryptodev PMD and/or 351one compressdev PMD. 352These QAT PMDs share the same underlying device and pci-mgmt code, but are 353enumerated independently on their respective APIs and appear as independent 354devices to applications. 355 356.. Note:: 357 358 Each VF can only be used by one DPDK process. It is not possible to share 359 the same VF across multiple processes, even if these processes are using 360 different acceleration services. 361 362 Conversely one DPDK process can use one or more QAT VFs and can expose both 363 cryptodev and compressdev instances on each of those VFs. 364 365 366Available kernel drivers 367~~~~~~~~~~~~~~~~~~~~~~~~ 368 369Kernel drivers for each device for each service are listed in the following table. (Scroll right 370to see the full table) 371 372 373.. _table_qat_pmds_drivers: 374 375.. table:: QAT device generations, devices and drivers 376 377 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 378 | S | A | C | Gen | Device | Driver/ver | Kernel Module | Pci Driver | PF Did | #PFs | VF Did | VFs/PF | 379 +=====+=====+=====+=====+==========+===============+===============+============+========+======+========+========+ 380 | Yes | No | No | 1 | DH895xCC | linux/4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 | 381 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 382 | Yes | Yes | No | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | 383 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 384 | Yes | Yes | Yes | " | " | 01.org/4.3.0+ | " | " | " | " | " | " | 385 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 386 | Yes | No | No | 2 | C62x | linux/4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 | 387 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 388 | Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | 389 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 390 | Yes | No | No | 2 | C3xxx | linux/4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 | 391 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 392 | Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | 393 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 394 | Yes | No | No | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | 395 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 396 | Yes | No | No | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 | 397 +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ 398 399* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+ 400 401The first 3 columns indicate the service: 402 403* S = Symmetric crypto service (via cryptodev API) 404* A = Asymmetric crypto service (via cryptodev API) 405* C = Compression service (via compressdev API) 406 407The ``Driver`` column indicates either the Linux kernel version in which 408support for this device was introduced or a driver available on Intel's 01.org 409website. There are both linux in-tree and 01.org kernel drivers available for some 410devices. p = release pending. 411 412If you are running on a kernel which includes a driver for your device, see 413`Installation using kernel.org driver`_ below. Otherwise see 414`Installation using 01.org QAT driver`_. 415 416 417Installation using kernel.org driver 418~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 419 420The examples below are based on the C62x device, if you have a different device 421use the corresponding values in the above table. 422 423In BIOS ensure that SRIOV is enabled and either: 424 425* Disable VT-d or 426* Enable VT-d and set ``"intel_iommu=on iommu=pt"`` in the grub file. 427 428Check that the QAT driver is loaded on your system, by executing:: 429 430 lsmod | grep qa 431 432You should see the kernel module for your device listed, e.g.:: 433 434 qat_c62x 5626 0 435 intel_qat 82336 1 qat_c62x 436 437Next, you need to expose the Virtual Functions (VFs) using the sysfs file system. 438 439First find the BDFs (Bus-Device-Function) of the physical functions (PFs) of 440your device, e.g.:: 441 442 lspci -d:37c8 443 444You should see output similar to:: 445 446 1a:00.0 Co-processor: Intel Corporation Device 37c8 447 3d:00.0 Co-processor: Intel Corporation Device 37c8 448 3f:00.0 Co-processor: Intel Corporation Device 37c8 449 450Enable the VFs for each PF by echoing the number of VFs per PF to the pci driver:: 451 452 echo 16 > /sys/bus/pci/drivers/c6xx/0000:1a:00.0/sriov_numvfs 453 echo 16 > /sys/bus/pci/drivers/c6xx/0000:3d:00.0/sriov_numvfs 454 echo 16 > /sys/bus/pci/drivers/c6xx/0000:3f:00.0/sriov_numvfs 455 456Check that the VFs are available for use. For example ``lspci -d:37c9`` should 457list 48 VF devices available for a ``C62x`` device. 458 459To complete the installation follow the instructions in 460`Binding the available VFs to the DPDK UIO driver`_. 461 462.. Note:: 463 464 If the QAT kernel modules are not loaded and you see an error like ``Failed 465 to load MMP firmware qat_895xcc_mmp.bin`` in kernel logs, this may be as a 466 result of not using a distribution, but just updating the kernel directly. 467 468 Download firmware from the `kernel firmware repo 469 <http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/>`_. 470 471 Copy qat binaries to ``/lib/firmware``:: 472 473 cp qat_895xcc.bin /lib/firmware 474 cp qat_895xcc_mmp.bin /lib/firmware 475 476 Change to your linux source root directory and start the qat kernel modules:: 477 478 insmod ./drivers/crypto/qat/qat_common/intel_qat.ko 479 insmod ./drivers/crypto/qat/qat_dh895xcc/qat_dh895xcc.ko 480 481 482.. Note:: 483 484 If you see the following warning in ``/var/log/messages`` it can be ignored: 485 ``IOMMU should be enabled for SR-IOV to work correctly``. 486 487 488Installation using 01.org QAT driver 489~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 490 491Download the latest QuickAssist Technology Driver from `01.org 492<https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches>`_. 493Consult the *Getting Started Guide* at the same URL for further information. 494 495The steps below assume you are: 496 497* Building on a platform with one ``C62x`` device. 498* Using package ``qat1.7.l.4.2.0-000xx.tar.gz``. 499* On Fedora26 kernel ``4.11.11-300.fc26.x86_64``. 500 501In the BIOS ensure that SRIOV is enabled and VT-d is disabled. 502 503Uninstall any existing QAT driver, for example by running: 504 505* ``./installer.sh uninstall`` in the directory where originally installed. 506 507 508Build and install the SRIOV-enabled QAT driver:: 509 510 mkdir /QAT 511 cd /QAT 512 513 # Copy the package to this location and unpack 514 tar zxof qat1.7.l.4.2.0-000xx.tar.gz 515 516 ./configure --enable-icp-sriov=host 517 make install 518 519You can use ``cat /sys/kernel/debug/qat<your device type and bdf>/version/fw`` to confirm the driver is correctly installed and is using firmware version 4.2.0. 520You can use ``lspci -d:37c9`` to confirm the presence of the 16 VF devices available per ``C62x`` PF. 521 522Confirm the driver is correctly installed and is using firmware version 4.2.0:: 523 524 cat /sys/kernel/debug/qat<your device type and bdf>/version/fw 525 526 527Confirm the presence of 48 VF devices - 16 per PF:: 528 529 lspci -d:37c9 530 531 532To complete the installation - follow instructions in `Binding the available VFs to the DPDK UIO driver`_. 533 534.. Note:: 535 536 If using a later kernel and the build fails with an error relating to 537 ``strict_stroul`` not being available apply the following patch: 538 539 .. code-block:: diff 540 541 /QAT/QAT1.6/quickassist/utilities/downloader/Target_CoreLibs/uclo/include/linux/uclo_platform.h 542 + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,18,5) 543 + #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; if (kstrtoul((str), (base), (num))) printk("Error strtoull convert %s\n", str); } 544 + #else 545 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38) 546 #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; if (strict_strtoull((str), (base), (num))) printk("Error strtoull convert %s\n", str); } 547 #else 548 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) 549 #define STR_TO_64(str, base, num, endPtr) {endPtr=NULL; strict_strtoll((str), (base), (num));} 550 #else 551 #define STR_TO_64(str, base, num, endPtr) \ 552 do { \ 553 if (str[0] == '-') \ 554 { \ 555 *(num) = -(simple_strtoull((str+1), &(endPtr), (base))); \ 556 }else { \ 557 *(num) = simple_strtoull((str), &(endPtr), (base)); \ 558 } \ 559 } while(0) 560 + #endif 561 #endif 562 #endif 563 564 565.. Note:: 566 567 If the build fails due to missing header files you may need to do following:: 568 569 sudo yum install zlib-devel 570 sudo yum install openssl-devel 571 sudo yum install libudev-devel 572 573.. Note:: 574 575 If the build or install fails due to mismatching kernel sources you may need to do the following:: 576 577 sudo yum install kernel-headers-`uname -r` 578 sudo yum install kernel-src-`uname -r` 579 sudo yum install kernel-devel-`uname -r` 580 581 582Binding the available VFs to the DPDK UIO driver 583~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 584 585Unbind the VFs from the stock driver so they can be bound to the uio driver. 586 587For an Intel(R) QuickAssist Technology DH895xCC device 588^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 589 590The unbind command below assumes ``BDFs`` of ``03:01.00-03:04.07``, if your 591VFs are different adjust the unbind command below:: 592 593 for device in $(seq 1 4); do \ 594 for fn in $(seq 0 7); do \ 595 echo -n 0000:03:0${device}.${fn} > \ 596 /sys/bus/pci/devices/0000\:03\:0${device}.${fn}/driver/unbind; \ 597 done; \ 598 done 599 600For an Intel(R) QuickAssist Technology C62x device 601^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 602 603The unbind command below assumes ``BDFs`` of ``1a:01.00-1a:02.07``, 604``3d:01.00-3d:02.07`` and ``3f:01.00-3f:02.07``, if your VFs are different 605adjust the unbind command below:: 606 607 for device in $(seq 1 2); do \ 608 for fn in $(seq 0 7); do \ 609 echo -n 0000:1a:0${device}.${fn} > \ 610 /sys/bus/pci/devices/0000\:1a\:0${device}.${fn}/driver/unbind; \ 611 612 echo -n 0000:3d:0${device}.${fn} > \ 613 /sys/bus/pci/devices/0000\:3d\:0${device}.${fn}/driver/unbind; \ 614 615 echo -n 0000:3f:0${device}.${fn} > \ 616 /sys/bus/pci/devices/0000\:3f\:0${device}.${fn}/driver/unbind; \ 617 done; \ 618 done 619 620For Intel(R) QuickAssist Technology C3xxx or D15xx device 621^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 622 623The unbind command below assumes ``BDFs`` of ``01:01.00-01:02.07``, if your 624VFs are different adjust the unbind command below:: 625 626 for device in $(seq 1 2); do \ 627 for fn in $(seq 0 7); do \ 628 echo -n 0000:01:0${device}.${fn} > \ 629 /sys/bus/pci/devices/0000\:01\:0${device}.${fn}/driver/unbind; \ 630 done; \ 631 done 632 633Bind to the DPDK uio driver 634^^^^^^^^^^^^^^^^^^^^^^^^^^^ 635 636Install the DPDK igb_uio driver, bind the VF PCI Device id to it and use lspci 637to confirm the VF devices are now in use by igb_uio kernel driver, 638e.g. for the C62x device:: 639 640 cd to the top-level DPDK directory 641 modprobe uio 642 insmod ./build/kmod/igb_uio.ko 643 echo "8086 37c9" > /sys/bus/pci/drivers/igb_uio/new_id 644 lspci -vvd:37c9 645 646 647Another way to bind the VFs to the DPDK UIO driver is by using the 648``dpdk-devbind.py`` script:: 649 650 cd to the top-level DPDK directory 651 ./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1 652 653Testing 654~~~~~~~ 655 656QAT SYM crypto PMD can be tested by running the test application:: 657 658 make defconfig 659 make -j 660 cd ./build/app 661 ./test -l1 -n1 -w <your qat bdf> 662 RTE>>cryptodev_qat_autotest 663 664QAT ASYM crypto PMD can be tested by running the test application:: 665 666 make defconfig 667 make -j 668 cd ./build/app 669 ./test -l1 -n1 -w <your qat bdf> 670 RTE>>cryptodev_qat_asym_autotest 671 672QAT compression PMD can be tested by running the test application:: 673 674 make defconfig 675 sed -i 's,\(CONFIG_RTE_COMPRESSDEV_TEST\)=n,\1=y,' build/.config 676 make -j 677 cd ./build/app 678 ./test -l1 -n1 -w <your qat bdf> 679 RTE>>compressdev_autotest 680 681 682Debugging 683~~~~~~~~~ 684 685There are 2 sets of trace available via the dynamic logging feature: 686 687* pmd.qat_dp exposes trace on the data-path. 688* pmd.qat_general exposes all other trace. 689 690pmd.qat exposes both sets of traces. 691They can be enabled using the log-level option (where 8=maximum log level) on 692the process cmdline, e.g. using any of the following:: 693 694 --log-level="pmd.qat_general,8" 695 --log-level="pmd.qat_dp,8" 696 --log-level="pmd.qat,8" 697 698.. Note:: 699 700 The global RTE_LOG_DP_LEVEL overrides data-path trace so must be set to 701 RTE_LOG_DEBUG to see all the trace. This variable is in config/rte_config.h 702 for meson build and config/common_base for gnu make. 703 Also the dynamic global log level overrides both sets of trace, so e.g. no 704 QAT trace would display in this case:: 705 706 --log-level="7" --log-level="pmd.qat_general,8" 707