1 .. SPDX-License-Identifier: BSD-3-Clause
2 Copyright(c) 2021 Marvell.
4 Marvell cnxk Crypto Poll Mode Driver
5 ====================================
7 The cnxk crypto poll mode driver provides support for offloading
8 cryptographic operations to cryptographic accelerator units on the
9 **Marvell OCTEON cnxk** SoC family.
11 The cnxk crypto PMD code is organized into different sets of files.
12 The file names starting with cn9k and cn10k provides support for CN9XX
13 and CN10XX respectively. The common code between the SoCs is present
14 in file names starting with cnxk.
16 More information about OCTEON cnxk SoCs may be obtained from `<https://www.marvell.com>`_
18 Supported OCTEON cnxk SoCs
19 --------------------------
27 The OCTEON cnxk crypto PMD has support for:
29 Symmetric Crypto Algorithms
30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
34 * ``RTE_CRYPTO_CIPHER_NULL``
35 * ``RTE_CRYPTO_CIPHER_3DES_CBC``
36 * ``RTE_CRYPTO_CIPHER_3DES_ECB``
37 * ``RTE_CRYPTO_CIPHER_AES_CBC``
38 * ``RTE_CRYPTO_CIPHER_AES_CTR``
39 * ``RTE_CRYPTO_CIPHER_AES_XTS``
40 * ``RTE_CRYPTO_CIPHER_DES_CBC``
41 * ``RTE_CRYPTO_CIPHER_KASUMI_F8``
42 * ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
43 * ``RTE_CRYPTO_CIPHER_ZUC_EEA3``
47 * ``RTE_CRYPTO_AUTH_NULL``
48 * ``RTE_CRYPTO_AUTH_AES_GMAC``
49 * ``RTE_CRYPTO_AUTH_KASUMI_F9``
50 * ``RTE_CRYPTO_AUTH_MD5``
51 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
52 * ``RTE_CRYPTO_AUTH_SHA1``
53 * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
54 * ``RTE_CRYPTO_AUTH_SHA224``
55 * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
56 * ``RTE_CRYPTO_AUTH_SHA256``
57 * ``RTE_CRYPTO_AUTH_SHA256_HMAC``
58 * ``RTE_CRYPTO_AUTH_SHA384``
59 * ``RTE_CRYPTO_AUTH_SHA384_HMAC``
60 * ``RTE_CRYPTO_AUTH_SHA512``
61 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
62 * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
63 * ``RTE_CRYPTO_AUTH_ZUC_EIA3``
64 * ``RTE_CRYPTO_AUTH_AES_CMAC``
68 * ``RTE_CRYPTO_AEAD_AES_GCM``
69 * ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
71 Asymmetric Crypto Algorithms
72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
74 * ``RTE_CRYPTO_ASYM_XFORM_RSA``
75 * ``RTE_CRYPTO_ASYM_XFORM_MODEX``
80 The OCTEON cnxk crypto PMD may be compiled natively on an OCTEON cnxk platform
81 or cross-compiled on an x86 platform.
83 Refer to :doc:`../platform/cnxk` for instructions to build your DPDK
88 The OCTEON cnxk crypto PMD uses services from the kernel mode OCTEON cnxk
89 crypto PF driver in linux. This driver is included in the OCTEON TX SDK.
94 ``CN9K Initialization``
96 List the CPT PF devices available on cn9k platform:
98 .. code-block:: console
102 ``a0fd`` is the CPT PF device id. You should see output similar to:
104 .. code-block:: console
106 0002:10:00.0 Class 1080: Device 177d:a0fd
108 Set ``sriov_numvfs`` on the CPT PF device, to create a VF:
110 .. code-block:: console
112 echo 1 > /sys/bus/pci/devices/0002:10:00.0/sriov_numvfs
114 Bind the CPT VF device to the vfio_pci driver:
116 .. code-block:: console
119 ./usertools/dpdk-devbind.py -u 0002:10:00.1
120 ./usertools/dpdk-devbind.py -b vfio-pci 0002:10.00.1
124 * For CN98xx SoC, it is recommended to use even and odd DBDF VFs to achieve
125 higher performance as even VF uses one crypto engine and odd one uses
126 another crypto engine.
128 * Ensure that sufficient huge pages are available for your application::
130 dpdk-hugepages.py --setup 4G --pagesize 512M
132 Refer to :ref:`linux_gsg_hugepages` for more details.
134 ``CN10K Initialization``
136 List the CPT PF devices available on cn10k platform:
138 .. code-block:: console
142 ``a0f2`` is the CPT PF device id. You should see output similar to:
144 .. code-block:: console
146 0002:20:00.0 Class 1080: Device 177d:a0f2
148 Set ``sriov_numvfs`` on the CPT PF device, to create a VF:
150 .. code-block:: console
152 echo 1 > /sys/bus/pci/devices/0002:20:00.0/sriov_numvfs
154 Bind the CPT VF device to the vfio_pci driver:
156 .. code-block:: console
159 ./usertools/dpdk-devbind.py -u 0002:20:00.1
160 ./usertools/dpdk-devbind.py -b vfio-pci 0002:20:00.1
162 Runtime Config Options
163 ----------------------
165 - ``Maximum queue pairs limit`` (default ``63``)
167 The number of maximum queue pairs supported by the device, can be limited
168 during runtime by using ``max_qps_limit`` ``devargs`` parameter.
172 -a 0002:20:00.1,max_qps_limit=4
174 With the above configuration, the number of maximum queue pairs supported
175 by the device is limited to 4.
180 .. _table_octeon_cnxk_crypto_debug_options:
182 .. table:: OCTEON cnxk crypto PMD debug options
184 +---+------------+-------------------------------------------------------+
185 | # | Component | EAL log command |
186 +===+============+=======================================================+
187 | 1 | CPT | --log-level='pmd\.crypto\.cnxk,8' |
188 +---+------------+-------------------------------------------------------+
193 The symmetric crypto operations on OCTEON cnxk crypto PMD may be verified by
194 running the test application:
198 .. code-block:: console
201 RTE>>cryptodev_cn9k_autotest
205 .. code-block:: console
208 RTE>>cryptodev_cn10k_autotest
210 The asymmetric crypto operations on OCTEON cnxk crypto PMD may be verified by
211 running the test application:
215 .. code-block:: console
218 RTE>>cryptodev_cn9k_asym_autotest
222 .. code-block:: console
225 RTE>>cryptodev_cn10k_asym_autotest
227 Lookaside IPsec Support
228 -----------------------
230 The OCTEON cnxk SoCs can accelerate IPsec traffic in lookaside protocol mode,
231 with its **cryptographic accelerator (CPT)**. ``OCTEON cnxk crypto PMD`` implements
232 this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
234 Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads.
236 This feature can be tested with ipsec-secgw sample application.
238 Supported OCTEON cnxk SoCs
239 ~~~~~~~~~~~~~~~~~~~~~~~~~~
244 CN9XX Features supported
245 ~~~~~~~~~~~~~~~~~~~~~~~~
253 * Transport mode(IPv4)
260 * AES-128/192/256-GCM
266 * AES-128/192/256-CBC
267 * AES-128/192/256-CTR
279 CN10XX Features supported
280 ~~~~~~~~~~~~~~~~~~~~~~~~~
294 * AES-128/192/256-GCM
300 * AES-128/192/256-CBC
301 * AES-128/192/256-CTR
git.droids-corp.org / dpdk.git / blob