NAME¶

chzcrypt - modify zcrypt configuration

SYNOPSIS¶

chzcrypt: -e | -d ( -a | <device id> [...] )
chzcrypt: --config-on | --config-off ( -a | <device id> [...] )
chzcrypt: [ -p | -n ] [ -t <timeout> ]
chzcrypt: [ -c <timeout> ]
chzcrypt: [ -q <domain> ]
chzcrypt -h
chzcrypt -v

DESCRIPTION¶

The chzcrypt command is used to configure cryptographic devices managed by zcrypt and modify zcrypt's AP bus attributes.

Attributes may vary depending on the kernel version. chzcrypt requires that the sysfs filesystem is mounted.

OPTIONS¶

-e, --enable: Set the given cryptographic device(s) online.
-d, --disable: Set the given cryptographic device(s) offline.
-a, --all: Set all available cryptographic device(s) online or offline.
--config-on: Set the given cryptographic card device(s) config on ('configured').
--config-off: Set the given cryptographic card device(s) config off ('deconfigured').
<device id>: Specifies a cryptographic device which will be set either online or offline or configured on or off. For online and offline the device can either be a card device or a queue device. A queue device can only get switched online when the providing card is online.
For config on/off the device needs to be a card device. A card or queue device cannot get switched online if the card is in deconfigured state.
Please note that the card device and queue device representation are both in hexadecimal notation.
-p, --poll-thread-enable: Enable zcrypt's poll thread.
-n, --poll-thread-disable: Disable zcrypt's poll thread.
-c, --config-time <timeout>: Set configuration timer for re-scanning the AP bus to <timeout> seconds.
-t, --poll-timeout <poll_timeout>: Set poll timer to run poll tasklet all <poll_timeout> nanoseconds.
-q, --default-domain <domain>: Set the new default domain of the AP bus to <domain>. The number of available domains can be retrieved with the lszcrypt command ('-d' option).
-V, --verbose: Print verbose messages.
-h, --help: Print help text and exit.
-v, --version: Print version information and exit.

EXAMPLES¶

chzcrypt -e 0 1 12: Will set the cryptographic card devices 0, 1 and 12 online.
chzcrypt -e 10.0038: Will set the cryptographic device '10.0038' respectively card id 16 (0x10) with domain 56 (0x38) online.
chzcrypt -d -a: Will set all available cryptographic devices offline.
chzcrypt --config-on -a -V: Set all available crypto cards to config on, be verbose.
chzcrypt -V --config-off card01 card03: Switch the two crypto cards 1 and 3 to deconfigured, be verbose.
chzcrypt -c 60 -n: Will set configuration timer for re-scanning the AP bus to 60 seconds and disable zcrypt's poll thread.
chzcrypt -q 67: Will set the default domain to 67.

NOTES¶

Support for crypto cards to get switched config on or off requires a Linux kernel supporting this. If the required sysfs attribute file does not exist, it is assumed there is an older kernel running and chzcrypt exits with an appropriate message. Even more config on/off may require support from a hypervisor like KVM or zVM and may fail if the Linux kernel is unable to perform the SCLP command. Check syslog on failure.

Source file:	chzcrypt.8.en.gz (from s390-tools 2.16.0-2)
Source last updated:	2021-08-18T07:26:50Z
Converted to HTML:	2023-06-11T00:10:26Z