QAT documentation consists of three parts:
* Details of the symmetric and asymmetric crypto services below.
-* Details of the `compression service <http://doc.dpdk.org/guides/compressdevs/qat_comp.html>`_
+* Details of the :doc:`compression service <../compressdevs/qat_comp>`
in the compressdev drivers section.
* Details of building the common QAT infrastructure and the PMDs to support the
above services. See :ref:`building_qat` below.
* ``Intel QuickAssist Technology DH895xCC``
* ``Intel QuickAssist Technology C62x``
* ``Intel QuickAssist Technology C3xxx``
+* ``Intel QuickAssist Technology 200xx``
* ``Intel QuickAssist Technology D15xx``
* ``Intel QuickAssist Technology C4xxx``
Hash algorithms:
+* ``RTE_CRYPTO_AUTH_SHA1``
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA224``
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA256``
* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA384``
* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA512``
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
* ``RTE_CRYPTO_AEAD_AES_GCM``
* ``RTE_CRYPTO_AEAD_AES_CCM``
+* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
+
+Protocol offloads:
+
+* ``RTE_SECURITY_PROTOCOL_DOCSIS``
+
+Supported Chains
+~~~~~~~~~~~~~~~~
+
+All the usual chains are supported and also some mixed chains:
+
+.. table:: Supported hash-cipher chains for wireless digest-encrypted cases
+
+ +------------------+-----------+-------------+----------+----------+
+ | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
+ +==================+===========+=============+==========+==========+
+ | NULL CIPHER | Y | 2&3 | 2&3 | Y |
+ +------------------+-----------+-------------+----------+----------+
+ | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 |
+ +------------------+-----------+-------------+----------+----------+
+ | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 |
+ +------------------+-----------+-------------+----------+----------+
+ | AES CTR | Y | 2&3 | 2&3 | Y |
+ +------------------+-----------+-------------+----------+----------+
+
+* The combinations marked as "Y" are supported on all QAT hardware versions.
+* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only.
Limitations
* No BSD support as BSD QAT kernel driver not available.
* ZUC EEA3/EIA3 is not supported by dh895xcc devices
* Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros.
-* Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
+* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single
+ queue-pair all enqueues to the TX queue must be done from one thread and all dequeues
+ from the RX queue must be done from one thread, but enqueues and dequeues may be done
+ in different threads.)
* A GCM limitation exists, but only in the case where there are multiple
generations of QAT devices on a single platform.
To optimise performance, the GCM crypto session should be initialised for the
enqueued to the device and will be marked as failed. The simplest way to
mitigate this is to use the bdf whitelist to avoid mixing devices of different
generations in the same process if planning to use for GCM.
+* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check
+ the notes under the Available Kernel Drivers table below for specific details.
+* Out-of-place is not supported for combined Crypto-CRC DOCSIS security
+ protocol.
+* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` is not supported for combined Crypto-CRC
+ DOCSIS security protocol.
+* Multi-segment buffers are not supported for combined Crypto-CRC DOCSIS
+ security protocol.
Extra notes on KASUMI F9
~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
* Big integers longer than 4096 bits are not supported.
-* Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
+* Queue-pairs are thread-safe on Intel CPUs but Queues are not (that is, within a single
+ queue-pair all enqueues to the TX queue must be done from one thread and all dequeues
+ from the RX queue must be done from one thread, but enqueues and dequeues may be done
+ in different threads.)
+* RSA-2560, RSA-3584 are not supported
.. _building_qat:
Further information on configuring, building and installing DPDK is described
-`here <http://doc.dpdk.org/guides/linux_gsg/build_dpdk.html>`_.
+:doc:`here <../linux_gsg/build_dpdk>`.
Quick instructions for QAT cryptodev PMD are as follows:
.. Note::
If the compressed output of a Deflate operation using Dynamic Huffman
- Encoding is too big to fit in an intermediate buffer, then the
- operation will fall back to fixed compression rather than failing the operation.
+ Encoding is too big to fit in an intermediate buffer, then the
+ operation will be split into smaller operations and their results will
+ be merged afterwards.
+ This is not possible if any checksum calculation was requested - in such
+ case the code falls back to fixed compression.
To avoid this less performant case, applications should configure
the intermediate buffer size to be larger than the expected input data size
(compressed output size is usually unknown, so the only option is to make
larger than the input size).
+Running QAT PMD with minimum threshold for burst size
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If only a small number or packets can be enqueued. Each enqueue causes an expensive MMIO write.
+These MMIO write occurrences can be optimised by setting any of the following parameters:
+
+- qat_sym_enq_threshold
+- qat_asym_enq_threshold
+- qat_comp_enq_threshold
+
+When any of these parameters is set rte_cryptodev_enqueue_burst function will
+return 0 (thereby avoiding an MMIO) if the device is congested and number of packets
+possible to enqueue is smaller.
+To use this feature the user must set the parameter on process start as a device additional parameter::
+
+ -w 03:01.1,qat_sym_enq_threshold=32,qat_comp_enq_threshold=16
+
+All parameters can be used with the same device regardless of order. Parameters are separated
+by comma. When the same parameter is used more than once first occurrence of the parameter
+is used.
+Maximum threshold that can be set is 32.
+
+
Device and driver naming
~~~~~~~~~~~~~~~~~~~~~~~~
The cryptodev driver name is passed to the dpdk-test-crypto-perf tool in the "-devtype" parameter.
- The qat crypto device name is in the format of the slave parameter passed to the crypto scheduler.
+ The qat crypto device name is in the format of the worker parameter passed to the crypto scheduler.
* The qat compressdev driver name is "compress_qat".
The rte_compressdev_devices_get() returns the devices exposed by this driver.
+-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
| Yes | Yes | Yes | " | " | 01.org/4.2.0+ | " | " | " | " | " | " |
+-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
- | Yes | No | No | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 |
+ | Yes | No | No | 2 | 200xx | p | qat_200xx | 200xx | 18ee | 1 | 18ef | 16 |
+ +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+ | Yes | No | No | 2 | D15xx | 01.org/4.2.0+ | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 |
+-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
| Yes | No | No | 3 | C4xxx | p | qat_c4xxx | c4xxx | 18a0 | 1 | 18a1 | 128 |
+-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+
+
The first 3 columns indicate the service:
* S = Symmetric crypto service (via cryptodev API)
done; \
done
-For Intel(R) QuickAssist Technology C3xxx or D15xx device
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+For Intel(R) QuickAssist Technology C3xxx or 200xx or D15xx device
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The unbind command below assumes ``BDFs`` of ``01:01.00-01:02.07``, if your
VFs are different adjust the unbind command below::
to confirm the VF devices are now in use by igb_uio kernel driver,
e.g. for the C62x device::
- cd to the top-level DPDK directory
modprobe uio
- insmod ./build/kmod/igb_uio.ko
+ insmod igb_uio.ko
echo "8086 37c9" > /sys/bus/pci/drivers/igb_uio/new_id
lspci -vvd:37c9
git.droids-corp.org / dpdk.git / blobdiff