.\" chzcrypt.8 .\" .\" Copyright 2020 IBM Corp. .\" s390-tools is free software; you can redistribute it and/or modify .\" it under the terms of the MIT license. See LICENSE for details. .\" .TH CHZCRYPT 8 "OCT 2020" "s390-tools" .SH NAME chzcrypt \- modify zcrypt configuration .SH SYNOPSIS .TP 9 .B chzcrypt .B -e .RB "|" .B -d .RB "( " -a " | " .I [...] ) .TP .B chzcrypt .B --config-on .RB "|" .B --config-off .RB "( " -a " | " .I [...] ) .TP .B chzcrypt .RB "[ " -p " | " -n " ] [ " -t .I ] .TP .B chzcrypt .RB "[ " -c .I ] .TP .B chzcrypt .RB "[ " -q .I ] .TP .B chzcrypt -h .TP .B chzcrypt -v .SH DESCRIPTION The .B chzcrypt command is used to configure cryptographic devices managed by zcrypt and modify zcrypt's AP bus attributes. Attributes may vary depending on the kernel version. .B chzcrypt requires that the sysfs filesystem is mounted. .SH OPTIONS .TP 8 .B -e, --enable Set the given cryptographic device(s) online. .TP 8 .B -d, --disable Set the given cryptographic device(s) offline. .TP 8 .B -a, --all Set all available cryptographic device(s) online or offline. .TP 8 .B --config-on Set the given cryptographic card device(s) config on ('configured'). .TP 8 .B --config-off Set the given cryptographic card device(s) config off ('deconfigured'). .TP 8 .B Specifies a cryptographic device which will be set either online or offline or configured on or off. For online and offline the device can either be a card device or a queue device. A queue device can only get switched online when the providing card is online. .br For config on/off the device needs to be a card device. A card or queue device cannot get switched online if the card is in deconfigured state. .br Please note that the card device and queue device representation are both in hexadecimal notation. .TP 8 .B -p, --poll-thread-enable Enable zcrypt's poll thread. .TP 8 .B -n, --poll-thread-disable Disable zcrypt's poll thread. .TP 8 .BI "-c, --config-time" " " Set configuration timer for re-scanning the AP bus to .I seconds. .TP 8 .BI "-t, --poll-timeout" " " Set poll timer to run poll tasklet all .I nanoseconds. .TP 8 .BI "-q, --default-domain" " " Set the new default domain of the AP bus to . The number of available domains can be retrieved with the lszcrypt command ('-d' option). .TP 8 .B -V, --verbose Print verbose messages. .TP 8 .B -h, --help Print help text and exit. .TP 8 .B -v, --version Print version information and exit. .SH EXAMPLES .TP .B chzcrypt -e 0 1 12 Will set the cryptographic card devices 0, 1 and 12 online. .TP .B chzcrypt -e 10.0038 Will set the cryptographic device '10.0038' respectively card id 16 (0x10) with domain 56 (0x38) online. .TP .B chzcrypt -d -a Will set all available cryptographic devices offline. .TP .B chzcrypt --config-on -a -V Set all available crypto cards to config on, be verbose. .TP .B chzcrypt -V --config-off card01 card03 Switch the two crypto cards 1 and 3 to deconfigured, be verbose. .TP .B chzcrypt -c 60 -n Will set configuration timer for re-scanning the AP bus to 60 seconds and disable zcrypt's poll thread. .TP .B chzcrypt -q 67 Will set the default domain to 67. .SH NOTES Support for crypto cards to get switched config on or off requires a Linux kernel supporting this. If the required sysfs attribute file does not exist, it is assumed there is an older kernel running and chzcrypt exits with an appropriate message. Even more config on/off may require support from a hypervisor like KVM or zVM and may fail if the Linux kernel is unable to perform the SCLP command. Check syslog on failure. .SH SEE ALSO \fBlszcrypt\fR(8)