.. SPDX-License-Identifier: BSD-3-Clause
- Copyright(c) 2015-2016 Intel Corporation.
+ Copyright(c) 2015-2019 Intel Corporation.
Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver
==================================================
QAT documentation consists of three parts:
* Details of the symmetric crypto service below.
-* Details of the `compression service <http://dpdk.org/doc/guides/compressdevs/qat_comp.html>`_
+* Details of the `compression service <http://doc.dpdk.org/guides/compressdevs/qat_comp.html>`_
in the compressdev drivers section.
* Details of building the common QAT infrastructure and the PMDs to support the
above services. See :ref:`building_qat` below.
* ``Intel QuickAssist Technology C62x``
* ``Intel QuickAssist Technology C3xxx``
* ``Intel QuickAssist Technology D15xx``
+* ``Intel QuickAssist Technology C4xxx``
Features
* ``RTE_CRYPTO_CIPHER_AES128_CTR``
* ``RTE_CRYPTO_CIPHER_AES192_CTR``
* ``RTE_CRYPTO_CIPHER_AES256_CTR``
+* ``RTE_CRYPTO_CIPHER_AES_XTS``
* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
* ``RTE_CRYPTO_CIPHER_NULL``
* ``RTE_CRYPTO_CIPHER_KASUMI_F8``
* ``RTE_CRYPTO_AUTH_KASUMI_F9``
* ``RTE_CRYPTO_AUTH_AES_GMAC``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
Limitations
* SNOW 3G (UIA2) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple.
* No BSD support as BSD QAT kernel driver not available.
* ZUC EEA3/EIA3 is not supported by dh895xcc devices
-* Maximum additional authenticated data (AAD) for GCM is 240 bytes long.
+* Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros.
* Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
-
Extra notes on KASUMI F9
~~~~~~~~~~~~~~~~~~~~~~~~
Also, offset of data to authenticate "op.sym.auth.data.offset"
must be such that points at the start of the COUNT bytes.
+Asymmetric Crypto Service on QAT
+--------------------------------
+
+The QAT Asym PMD has support for:
+Limitations
+~~~~~~~~~~~
.. _building_qat:
Building PMDs on QAT
--------------------
-To enable QAT crypto in DPDK, follow the instructions for modifying the compile-time
-configuration file as described `here <http://dpdk.org/doc/guides/linux_gsg/build_dpdk.html>`_.
+A QAT device can host multiple acceleration services:
+
+* symmetric cryptography
+* data compression
+* asymmetric cryptography
+
+These services are provided to DPDK applications via PMDs which register to
+implement the corresponding cryptodev and compressdev APIs. The PMDs use
+common QAT driver code which manages the QAT PCI device. They also depend on a
+QAT kernel driver being installed on the platform, see :ref:`qat_kernel` below.
+
+Configuring and Building the DPDK QAT PMDs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Quick instructions are as follows:
+
+Further information on configuring, building and installing DPDK is described
+`here <http://doc.dpdk.org/guides/linux_gsg/build_dpdk.html>`_.
+
+
+Quick instructions for QAT cryptodev PMD are as follows:
.. code-block:: console
cd to the top-level DPDK directory
- make config T=x86_64-native-linuxapp-gcc
- sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT\)=n,\1=y,' build/.config
+ make defconfig
sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT_SYM\)=n,\1=y,' build/.config
make
+Quick instructions for QAT compressdev PMD are as follows:
-.. _qat_kernel_installation:
+.. code-block:: console
-Dependency on the QAT kernel driver
------------------------------------
+ cd to the top-level DPDK directory
+ make defconfig
+ make
-To use the QAT PMD an SRIOV-enabled QAT kernel driver is required. The VF
-devices created and initialised by this driver will be used by the QAT PMD.
-Instructions for installation are below, but first an explanation of the
-relationships between the PF/VF devices and the PMDs visible to
-DPDK applications.
+.. _building_qat_config:
+Build Configuration
+~~~~~~~~~~~~~~~~~~~
-Acceleration services - cryptography and compression - are provided to DPDK
-applications via PMDs which register to implement the corresponding
-cryptodev and compressdev APIs.
+These are the build configuration options affecting QAT, and their default values:
-Each QuickAssist VF device can expose one cryptodev PMD and/or one compressdev PMD.
-These QAT PMDs share the same underlying device and pci-mgmt code, but are
-enumerated independently on their respective APIs and appear as independent
-devices to applications.
+.. code-block:: console
-.. Note::
+ CONFIG_RTE_LIBRTE_PMD_QAT=y
+ CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
+ CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES=48
+ CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS=16
+ CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE=65536
- Each VF can only be used by one DPDK process. It is not possible to share
- the same VF across multiple processes, even if these processes are using
- different acceleration services.
+CONFIG_RTE_LIBRTE_PMD_QAT must be enabled for any QAT PMD to be built.
- Conversely one DPDK process can use one or more QAT VFs and can expose both
- cryptodev and compressdev instances on each of those VFs.
+The QAT cryptodev PMD has an external dependency on libcrypto, so is not
+built by default. CONFIG_RTE_LIBRTE_PMD_QAT_SYM should be enabled to build it.
+
+The QAT compressdev PMD has no external dependencies, so needs no configuration
+options and is built by default.
+The number of VFs per PF varies - see table below. If multiple QAT packages are
+installed on a platform then CONFIG_RTE_PMD_QAT_MAX_PCI_DEVICES should be
+adjusted to the number of VFs which the QAT common code will need to handle.
+Note, there are separate config items for max cryptodevs CONFIG_RTE_CRYPTO_MAX_DEVS
+and max compressdevs CONFIG_RTE_COMPRESS_MAX_DEVS, if necessary these should be
+adjusted to handle the total of QAT and other devices which the process will use.
+
+QAT allocates internal structures to handle SGLs. For the compression service
+CONFIG_RTE_PMD_QAT_COMP_SGL_MAX_SEGMENTS can be changed if more segments are needed.
+An extra (max_inflight_ops x 16) bytes per queue_pair will be used for every increment.
+
+QAT compression PMD needs intermediate buffers to support Deflate compression
+with Dynamic Huffman encoding. CONFIG_RTE_PMD_QAT_COMP_IM_BUFFER_SIZE
+specifies the size of a single buffer, the PMD will allocate a multiple of these,
+plus some extra space for associated meta-data. For GEN2 devices, 20 buffers are
+allocated while for GEN1 devices, 12 buffers are allocated, plus 1472 bytes overhead.
+
+.. Note::
+
+ If the compressed output of a Deflate operation using Dynamic Huffman
+ Encoding is too big to fit in an intermediate buffer, then the
+ operation will fall back to fixed compression rather than failing the operation.
+ To avoid this less performant case, applications should configure
+ the intermediate buffer size to be larger than the expected input data size
+ (compressed output size is usually unknown, so the only option is to make
+ larger than the input size).
Device and driver naming
The qat crypto device name is in the format of the slave parameter passed to the crypto scheduler.
-* The qat compressdev driver name is "qat".
+* The qat compressdev driver name is "compress_qat".
The rte_compressdev_devices_get() returns the devices exposed by this driver.
* Each qat compression device has a unique name, in format
<pci bdf>_<service>, e.g. "0000:41:01.0_qat_comp".
This name can be passed to rte_compressdev_get_dev_id() to get the device_id.
+.. _qat_kernel:
+
+Dependency on the QAT kernel driver
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To use QAT an SRIOV-enabled QAT kernel driver is required. The VF
+devices created and initialised by this driver will be used by the QAT PMDs.
+
+Instructions for installation are below, but first an explanation of the
+relationships between the PF/VF devices and the PMDs visible to
+DPDK applications.
+
+Each QuickAssist PF device exposes a number of VF devices. Each VF device can
+enable one cryptodev PMD and/or one compressdev PMD.
+These QAT PMDs share the same underlying device and pci-mgmt code, but are
+enumerated independently on their respective APIs and appear as independent
+devices to applications.
+
+.. Note::
+
+ Each VF can only be used by one DPDK process. It is not possible to share
+ the same VF across multiple processes, even if these processes are using
+ different acceleration services.
+
+ Conversely one DPDK process can use one or more QAT VFs and can expose both
+ cryptodev and compressdev instances on each of those VFs.
+
Available kernel drivers
~~~~~~~~~~~~~~~~~~~~~~~~
-Kernel drivers for each device are listed in the following table. Scroll right
-to check that the driver and device supports the service you require.
+Kernel drivers for each device for each service are listed in the following table. (Scroll right
+to see the full table)
.. _table_qat_pmds_drivers:
.. table:: QAT device generations, devices and drivers
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | Gen | Device | Driver/ver | Kernel Module | Pci Driver | PF Did | #PFs | VF Did | VFs/PF | cryptodev | compressdev |
- +=====+==========+===============+===============+============+========+======+========+========+===========+=============+
- | 1 | DH895xCC | linux/4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 | Yes | No |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | Yes | No |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | 2 | C62x | linux/4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 | Yes | No |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | Yes | Yes |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | 2 | C3xxx | linux/4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 | Yes | No |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | " | " | 01.org/4.2.0+ | " | " | " | " | " | " | Yes | Yes |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
- | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | Yes | No |
- +-----+----------+---------------+---------------+------------+--------+------+--------+--------+-----------+-------------+
-
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | S | A | C | Gen | Device | Driver/ver | Kernel Module | Pci Driver | PF Did | #PFs | VF Did | VFs/PF |
+ +=====+=====+=====+=====+==========+===============+===============+============+========+======+========+========+
+ | Yes | No | No | 1 | DH895xCC | linux/4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | No | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | Yes | " | " | 01.org/4.3.0+ | " | " | " | " | " | " |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | No | 2 | C62x | linux/4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | No | 2 | C3xxx | linux/4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | No | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | No | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+
+The first 3 columns indicate the service:
+
+* S = Symmetric crypto service (via cryptodev API)
+* A = Asymmetric crypto service (via cryptodev API)
+* C = Compression service (via compressdev API)
The ``Driver`` column indicates either the Linux kernel version in which
support for this device was introduced or a driver available on Intel's 01.org
-website. There are both linux and 01.org kernel drivers available for some
+website. There are both linux in-tree and 01.org kernel drivers available for some
devices. p = release pending.
If you are running on a kernel which includes a driver for your device, see
QAT crypto PMD can be tested by running the test application::
make defconfig
- make test-build -j
+ make -j
cd ./build/app
./test -l1 -n1 -w <your qat bdf>
RTE>>cryptodev_qat_autotest
make defconfig
sed -i 's,\(CONFIG_RTE_COMPRESSDEV_TEST\)=n,\1=y,' build/.config
- make test-build -j
+ make -j
cd ./build/app
./test -l1 -n1 -w <your qat bdf>
RTE>>compressdev_autotest
git.droids-corp.org / dpdk.git / blobdiff