+* ZUC EEA3/EIA3 is not supported by dh895xcc devices
+* Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros.
+* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single
+ queue-pair all enqueues to the TX queue must be done from one thread and all dequeues
+ from the RX queue must be done from one thread, but enqueues and dequeues may be done
+ in different threads.)
+* A GCM limitation exists, but only in the case where there are multiple
+ generations of QAT devices on a single platform.
+ To optimise performance, the GCM crypto session should be initialised for the
+ device generation to which the ops will be enqueued. Specifically if a GCM
+ session is initialised on a GEN2 device, but then attached to an op enqueued
+ to a GEN3 device, it will work but cannot take advantage of hardware
+ optimisations in the GEN3 device. And if a GCM session is initialised on a
+ GEN3 device, then attached to an op sent to a GEN1/GEN2 device, it will not be
+ enqueued to the device and will be marked as failed. The simplest way to
+ mitigate this is to use the bdf whitelist to avoid mixing devices of different
+ generations in the same process if planning to use for GCM.
+* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check
+ the notes under the Available Kernel Drivers table below for specific details.
+
+Extra notes on KASUMI F9
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+When using KASUMI F9 authentication algorithm, the input buffer must be
+constructed according to the
+`3GPP KASUMI specification <http://cryptome.org/3gpp/35201-900.pdf>`_
+(section 4.4, page 13). The input buffer has to have COUNT (4 bytes),
+FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) concatenated. After the DIRECTION
+bit, a single '1' bit is appended, followed by between 0 and 7 '0' bits, so that
+the total length of the buffer is multiple of 8 bits. Note that the actual
+message can be any length, specified in bits.
+
+Once this buffer is passed this way, when creating the crypto operation,
+length of data to authenticate "op.sym.auth.data.length" must be the length
+of all the items described above, including the padding at the end.
+Also, offset of data to authenticate "op.sym.auth.data.offset"
+must be such that points at the start of the COUNT bytes.
+
+Asymmetric Crypto Service on QAT
+--------------------------------
+
+The QAT asymmetric crypto PMD (hereafter referred to as `QAT ASYM [PMD]`) provides
+poll mode crypto driver support for the following hardware accelerator devices:
+
+* ``Intel QuickAssist Technology DH895xCC``
+* ``Intel QuickAssist Technology C62x``
+* ``Intel QuickAssist Technology C3xxx``
+* ``Intel QuickAssist Technology D15xx``
+* ``Intel QuickAssist Technology P5xxx``
+
+The QAT ASYM PMD has support for:
+
+* ``RTE_CRYPTO_ASYM_XFORM_MODEX``
+* ``RTE_CRYPTO_ASYM_XFORM_MODINV``