2 - C H A P T E R -

C H A P T E R 2

Installing the Sun Crypto Accelerator 4000 Board

This chapter describes how to install the Sun Crypto Accelerator 4000 hardware and software. This chapter includes the following sections:

Handling the Board

Installing the Board

Installing the Sun Crypto Accelerator 4000 Software

Directories and Files

Removing the Software

Handling the Board

Each board is packed in a special antistatic bag to protect it during shipping and storage. To avoid damaging the static-sensitive components on the board, reduce any static electricity on your body before touching the board by using one of the following methods:

Touch the metal frame of the computer.

Attach an antistatic wrist strap to your wrist and to a grounded metal surface.

Caution - To avoid damaging the sensitive components on the board, wear an antistatic wrist strap when handling the board, hold the board by its edges only, and always place the board on an antistatic surface (such as the plastic bag it came in).

Installing the Board

Installing the Sun Crypto Accelerator 4000 board involves inserting the board into the system and loading the software tools. The hardware installation instructions include only general steps for installing the board. Refer to the documentation that came with your system for specific installation instructions.

To Install the Hardware

1. As superuser, follow the instructions that came with your system to shut down and power off the computer, disconnect the power cord, and remove the computer cover.

2. Locate an unused PCI slot (preferably a 64 bit, 66 MHz slot).

3. Attach an antistatic wrist strap to your wrist, and attach the other end to a grounded metal surface.

4. Using a Phillips-head screwdriver, remove the screw from the PCI slot cover.

Save the screw to hold the bracket in Step 5.

5. Holding the Sun Crypto Accelerator 4000 board by its edges only, take it out of the plastic bag and insert it into the PCI slot, and then secure the screw on the rear bracket.

6. Replace the computer cover, reconnect the power cord, and power on the system.

7. Verify that the board is properly installed by issuing the show-devs command at the OpenBoot trademark PROM (OBP) ok prompt:

ok show-devs

/chosen

/packages

/upa@8,480000/SUNW,ffb@0,0

/pci@8,600000/network@1

/pci@8,600000/SUNW,qlc@4

/pci@8,600000/SUNW,qlc@4/fp@0,0

In the preceding example, the /pci@8,600000/network@1 identifies the device path to the Sun Crypto Accelerator 4000 board. There will be one such line for each board in the system.

To determine whether the Sun Crypto Accelerator 4000 device properties are listed correctly: from the ok prompt, navigate to the device path and type .properties to display the list of properties.

ok cd /pci@8,600000/network@1

ok .properties

assigned-addresses       82000810 00000000 00102000 00000000 00002000

                          81000814 00000000 00000400 00000000 00000100

                          82000818 00000000 00200000 00000000 00200000

                          82000830 00000000 00400000 00000000 00100000

d-fru-len                00 00 00 00

d-fru-off                00 00 e8 00

d-fru-dev                eeprom

s-fru-len                00 00 08 00

s-fru-off                00 00 e0 00

s-fru-dev                eeprom

compatible               70 63 69 38 30 38 36 2c 62 35 35 35 2e 31 30 38

reg                      00000800 00000000 00000000 00000000 00000000

                          02000810 00000000 00000000 00000000 00002000

                          02000814 00000000 00000000 00000000 00000100

                          02000818 00000000 00000000 00000000 00200000

                          02000830 00000000 00000000 00000000 00100000

address-bits             00 00 00 30

max-frame-size           00 00 40 00

network-interface-type   ethernet

device_type              network

name                     network

local-mac-address        08 00 20 aa bb cc

version                  Sun PCI Crypto Accelerator 4000 1000Base-T FCode

12.11.13 02/10/31

phy-type                 mif

board-model              501-6039

model                    SUNW,pci-vca

fcode-rom-offset         00000000

66mhz-capable

fast-back-to-back

devsel-speed             00000001

class-code               00100000

interrupts               00000001

latency-timer            00000040

cache-line-size          00000010

max-latency              00000040

min-grant                00000040

subsystem-id             00003de8

subsystem-vendor-id      0000108e

revision-id              00000002

device-id                0000b555

vendor-id                00008086

Installing the Sun Crypto Accelerator 4000 Software

The Sun Crypto Accelerator 4000 software is included on the Sun Crypto Accelerator 4000 CD. You may need to download patches from the SunSolve web site. See Required Patches for more information.

To Install the Software

1. Insert the Sun Crypto Accelerator 4000 CD into a CD-ROM drive that is connected to your system.

If your system is running Sun Enterprise Volume Manager, it should automatically mount the CD-ROM to the /cdrom/cdrom0 directory.

If your system is not running Sun Enterprise Volume Manager, mount the CD-ROM as follows:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom

You see the following files and directories in the /cdrom/cdrom0 directory.


File or Directory	Contents
`Copyright`	U.S. copyright file
`FR_Copyright`	French copyright file
Docs	Sun Crypto Accelerator 4000 Board Installation and User's Guide Sun Crypto Accelerator 4000 Board Release Notes
`Packages`	Contains the Sun Crypto Accelerator 4000 software packages:
	`SUNWkcl2r`	Cryptography Kernel Components
	`SUNWkcl2u`	Cryptographic Administration Utility and Libraries
	`SUNWkcl2a`	SSL Support for Apache (optional)
	`SUNWkcl2m`	Cryptographic Administration Manual Pages (optional)
	`SUNWvcar`	VCA Crypto Accelerator (Root)
	`SUNWvcau`	VCA Crypto Accelerator (Usr)
	SUNWvcaa	VCA Administration
	SUNWvcafw	VCA Firmware
	`SUNWvcamn`	VCA Crypto Accelerator Manual Page (optional)
	`SUNWvcav`	SunVTS Test of VCA Crypto Accelerator (optional)
	`SUNWkcl2o`	SSL Development Tools and Libraries (optional)
	`SUNWkcl2i.u`	IPSec Acceleration with KCLv2 Crypto (optional)

The required packages must be installed in a specific order and must be installed before installing any optional packages. Once the required packages are installed, you can install and remove the optional packages in any order.

Install the optional SUNWkcl2a package only if you plan to use Apache as your web server.

Install the optional SUNWkcl2o package only if you plan to relink to another (unsupported) version of Apache Web Server.

Install the optional SUNWvcav package only if you plan to perform the SunVTS tests. You must have SunVTS 4.4 or later up to 5.x installed to install the SUNWvcav package.

Note - The optional SUNWkcl2i.u package has the .u extension only on the Sun Crypto Accelerator 4000 CD. Once this package is installed, the name is changed to SUNWkcl2i. The .u extension of this package on the CD, defines the package as sun4u architecture-specific.

2. Install the required software packages by typing:

# cd /cdrom/cdrom0/Packages

# pkgadd -d . SUNWkcl2r SUNWkcl2u SUNWvcar SUNWvcau SUNWvcaa SUNWvcafw

3. (Optional) To verify that the software is installed properly, run the pkginfo command.

# pkginfo SUNWkcl2r SUNWkcl2u SUNWvcar SUNWvcau SUNWvcaa SUNWvcafw

system  SUNWkcl2r   Cryptography Kernel Components

system  SUNWkcl2u   Cryptographic Administration Utility and Libraries

system  SUNWvcar    VCA Crypto Accelerator (Root)

system  SUNWvcau    Crypto Accelerator/Gigabit Ethernet (Usr)

system  SUNWvcaa    VCA Administration

system  SUNWvcafw   VCA Firmware

4. (Optional) To ensure that the driver is attached, you can run the prtdiag command. Refer to the prtdiag(1m) online manual pages.

# prtdiag -v

5. (Optional) Run the modinfo command to see that modules are loaded.

# modinfo | grep Crypto

62   1317f62  20b1f 198   1  vca (VCA Crypto/Ethernet v1.102)

63   13360e9  12510 200   1  kcl2 (Kernel Crypto Library v1.148)

197  136d5d6   19b0 199   1  vcactl (VCA Crypto Control v1.19)

Installing the Optional Packages

To install only the optional packages that provide the SSL support for Apache Web Server and the cryptographic administration utility and libraries, type the following:

# cd /cdrom/cdrom0/Packages

# pkgadd -d . SUNWkcl2a SUNWkcl2m

To install all of the optional software packages, type the following:

# cd /cdrom/cdrom0/Packages

# pkgadd -d . SUNWkcl2a SUNWkcl2m SUNWvcamn SUNWvcav SUNWkcl2o SUNWkcl2i.u

Refer to TABLE 2-1 for a description of the package contents of the optional packages in the previous examples.

Directories and Files

TABLE 2-2 shows the directories created by the default installation of the Sun Crypto Accelerator 4000 software.


Directory	Contents
/`etc/opt/SUNWconn/vca/keydata`	Keystore data (encrypted)
`/opt/SUNWconn/crypto`v2`/bin`	Utilities
`/opt/SUNWconn/crypto`v2`/lib`	Support libraries
`/opt/SUNWconn/crypto`v2`/sbin`	Administrative commands

FIGURE 2-1 shows the hierarchy of these directories and files.

FIGURE 2-1 Sun Crypto Accelerator 4000 Directories and Files

Note - Once you have installed the hardware and software of the board, you need to initialize the board with configuration and keystore information. Refer to Initializing the Sun Crypto Accelerator 4000 Board With vcaadm for information on how to initialize the board.

Removing the Software

If you have created keystores (refer to Managing Keystores With vcaadm), you must delete the keystore information that the Sun Crypto Accelerator 4000 board is configured with before removing the software. The zeroize command removes all key material, but does not delete the keystore files which are stored in the filesystem of the physical host in which the Sun Crypto Accelerator 4000 board is installed. Refer to the Zeroizing a Sun Crypto Accelerator 4000 Board for details on the zeroize command. To delete the keystore files stored in the system, become superuser and remove the keystore files. If you have not yet created any keystores, you can skip this procedure.

Caution - You must not delete a keystore that is currently in use or that is shared by other users and keystores. To free references to keystores, you might have to shut down the web server and/or administration server.

Caution - Before removing the Sun Crypto Accelerator 4000 software you must disable any web servers you have enabled for use with the Sun Crypto Accelerator 4000 board. Failure to do so will leave those web servers nonfunctional.

To Remove the Software

As superuser, use the pkgrm command to remove only the software packages you installed.

Caution - Installed packages must be removed in the order shown. Failure to remove them in this order could result in dependency warnings and leave kernel modules loaded.

If you installed all the packages, you would remove them as follows:

# pkgrm SUNWkcl2o SUNWvcav SUNWvcar SUNWkcl2a SUNWkcl2u SUNWkcl2r SUNWvcamn SUNWkcl2m SUNWkcl2i SUNWvcaa SUNWvcafw SUNWvcau

Note - After installing or removing the SunVTS test (SUNWvcav) for the Sun Crypto Accelerator 4000 board, if SunVTS is already running it might be necessary to reprobe the system to update the available tests. See your SunVTS documentation for more information.