Scroll to navigation

LSZCRYPT(8) System Manager's Manual LSZCRYPT(8)

NAME

lszcrypt - display zcrypt device and configuration information

SYNOPSIS

lszcrypt
[ -V ] [ <device-id> [...]]
lszcrypt
-c <card-id>
lszcrypt -b
lszcrypt -d
lszcrypt -h
lszcrypt -v

DESCRIPTION

The lszcrypt command is used to display information about cryptographic devices managed by zcrypt and the AP bus attributes of zcrypt. Displayed information depends on the kernel version. lszcrypt requires that sysfs is mounted.

The following information can be displayed for each cryptographic device: card ID, domain ID, card type (symbolic), mode, online status, hardware card type (numeric), installed function facilities, card capability, hardware queue depth, request count, number of requests in hardware queue, and the number of outstanding requests. The following AP bus attributes can be displayed: AP domain, Max AP domain, configuration timer, poll thread status, poll timeout, and AP interrupt status.

OPTIONS

-V, --verbose
The verbose level for cryptographic device information. With this verbose level additional information like hardware card type, hardware queue depth, pending request queue count, outstanding request queue count, and installed function facilities are displayed.
<device-id>
Specifies a cryptographic device to display. A cryptographic device can be either a card device or a queue device. If no devices are specified information about all available devices is displayed. Please note that the card device representation and the queue device are both in hexadecimal notation.
-b, --bus
Displays the AP bus attributes and exits.
-c, --capability <card-id>
Shows the capabilities of a cryptographic card device of hardware type 6 or higher. The card device id value may be given as decimal or hex value (with a leading 0x). The capabilities of a cryptographic card device depend on the card type and the installed function facilities. A cryptographic card device can provide one or more of the following capabilities:
o
RSA 2K Clear Key
o
RSA 4K Clear Key
o
CCA Secure Key
o
EP11 Secure Key
o
Long RNG

The CCA Secure Key capability may be limited by a hypervisor layer. The remarks 'full function set' or 'restricted function set' may reflect this. For details about these limitations please check the hypervisor documentation.
-d, --domains
Shows the usage and control domains of the cryptographic devices. The displayed domains of the cryptographic device depends on the initial cryptographic configuration.
o
C - indicate a control domain
o
U - indicate a usage domain
o
B - indicate both (control and usage domain)
-h, --help
Displays help text and exits.
-v, --version
Displays version information and exits.

EXAMPLES

lszcrypt
Displays the card/domain ID, card type (short name), mode (long name), online status and request count of all available cryptographic devices.
lszcrypt 1 3 5
Displays the card/domain ID, card type, mode, online status and request count for cryptographic devices 1, 3, and 5.
lszcrypt -V 3 7 11
Displays the card/domain ID, card type, mode, online status, request count, number of requests in the hardware queue, number of outstanding requests and installed function facilities for cryptographic devices 3, 7 and 17 (0x11).
lszcrypt 10.0038
Displays information of the cryptographic device '10.0038' respectively card id 16 (0x10) with domain 56 (0x38).
lszcrypt .0038
Displays information of all available queue devices (potentially multiple adapters) with domain 56 (0x38).
lszcrypt -b
Displays AP bus information.
lszcrypt -c 7

Coprocessor card07 provides capability for:
CCA Secure Key
RSA 4K Clear Key
Long RNG

SEE ALSO

chzcrypt(8)
OCT 2017 s390-tools