Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide Table Of ContentsPrevious ChapterNext ChapterBook Index


C H A P T E R  7
Diagnostics and Troubleshooting

This chapter describes diagnostic tests and troubleshooting for the Sun Crypto Accelerator 4000 software. This chapter includes the following sections:

SunVTS Diagnostic Software

The core SunVTS wrapper provides test control and a user interface to a suite of tests. Some of those tests are delivered with packages SUNWvts and SUNWvtsx to make up a bundle that is contained on the Solaris 8/9 Software Supplement CD. Other, unbundled, tests that use the SunVTS core are packaged with the driver software of the device tested.

The Sun Crypto Accelerator 4000 board can be tested by three SunVTS tests. Two of those tests, nettest and netlbtest, are bundled with the core SunVTS software beginning with the release of SunVTS 5.1 Patch Set (PS) 2. These tests operate on the Ethernet circuitry of the board.

The third SunVTS test, vcatest, is delivered in the SUNWvcav package on the Sun Crypto Accelerator 4000 CD and operates with the core SunVTS wrapper to provide diagnostics of the cryptographic circuitry of the board.

Installing SunVTS netlbtest and nettest Support for the vca Driver

TABLE 7-1 shows the method of updating installed SunVTS software to provide SunVTS netlbtest and nettest support for the vca driver.

TABLE 7-1 SunVTS netlbtest and nettest Required Software for the vca Driver

Base Solaris Software

Base SunVTS Software

Required Replacement Package

Required Overlay Patch

Solaris 8 7/01

SunVTS4.4

 

111854-04

Solaris 8 10/01

SunVTS4.5

 

112250-04

Solaris 8 2/02

SunVTS4.6

SunVTS5.1ps2

 

Solaris 9 5/02

SunVTS5.0

SunVTS5.1ps2

 

Solaris 9 9/02

SunVTS5.1

 

113614-11

Solaris 8 HW 12/02

SunVTS5.1ps1

 

113614-11

Solaris 9 12/02

SunVTS5.1ps1

 

113614-11

Solaris 8 HW 5/03

SunVTS5.1ps2

 

 

Solaris 9 4/03

SunVTS5.1ps2

 

 


SunVTS software is delivered on the Solaris Software Supplement CD that is distributed with each Solaris release. The version of SunVTS software listed in the Base SunVTS Software column of TABLE 7-1 is distributed on the Solaris Software Supplement CD included in the Solaris release identified on the same line.

Entries in TABLE 7-1 that begin with "SunVTS" identify the version of a set of SunVTS packages. Within each SunVTS package set, the SUNWvts and SUNWvtsx packages must be installed.

The Required Replacement Packages column in TABLE 7-1 lists the SunVTS package sets that must replace the previously installed SunVTS package set. Remove the previously installed SunVTS packages before adding the SunVTS replacement packages. The previously installed SunVTS packages must be removed by the same method you used to installed them. For example, if you used the pkgadd command to install the packages, use the pkgrm command to remove the packages.

If an entry is shown in the Required Overlay Patch column in TABLE 7-1, use the patchadd command to install that patch over the SunVTS packages shown in the Base SunVTS Software column. Do not remove the previously installed SunVTS packages before adding the required patch.

Using the patchadd command to install patch 113614-11 is the equivalent of replacing the previously installed SunVTS packages with the SunVTS5.1ps2 packages.

The replacement packages are available at: http://www.sun.com/oem/products/vts/

The overlay patches are available at:
http://sunsolve.sun.com/


Note - The required SunVTS packages and any required patches must be installed before the SUNWvcav package is installed. The SUNWvcav package contains the SunVTS test vcatest.


Using SunVTS Software to Perform vcatest, nettest, and netlbtest

Refer to the SunVTS test reference manual, user's guide, and quick reference card for instructions on how to perform and monitor these diagnostics tests. These documents are available on the Solaris on Sun Hardware Documentation Set at http://docs.sun.com. These documents are also provided on the Solaris Software Supplement CD that is distributed with the Solaris release on your system.


Note - SunVTS can be used only if you have installed the required SunVTS packages and any required SunVTS patches.



procedure icon  To Perform vcatest

1. As superuser, start SunVTS. 

# /opt/SUNWvts/bin/sunvts

Refer to the SunVTS user's guide for detailed instructions on starting SunVTS.

The following instructions assume that you have started SunVTS using the CDE user interface.

2. On the SunVTS Diagnostic main window, set the System Map to Logical mode.


Note - Physical mode is supported; however, this procedure assumes you are using Logical mode.


3. Disable all tests by clearing their check boxes.

4. Select the check box for Cryptography, then select the plus box for Cryptography to display all tests in the Cryptography group.

5. Clear check boxes in the Cryptography group that are not named vcatest.

Refer to the SunVTS user's guide for the exact procedure. When the probe completes and a vcatest is displayed, continue to Step 6.

6. Select one of the instances of vcatest then right-click and drag to display the Test Parameter Options dialog box.

These options, which only pertain to the vcatest, are described in Test Parameter Options for vcatest.

7. After you have made all your selections, click Apply from the Within Instance drop-down menu to change the selected instance of vcatest, or select Apply from the Across All Instances drop-down menu to change all checked instances of vcatest.

This action removes the dialog box and returns you to the SunVTS Diagnostic main window.

8. Select one of the instances of vcatest then right-click and drag to display the Test Execution Options dialog box.

An alternate method of displaying Test Execution Options dialog box is to select the Options drop-down main menu; then select Test Executions. These options are generic SunVTS controls that affect all tests. Refer to the SunVTS user's guide for detailed information.

9. When you have made all selections, select Apply to remove the dialog box and return to the SunVTS Diagnostic main window.

10. Click Start to perform the selected tests.

11. Click Stop to stop all tests.

Test Parameter Options for vcatest

TABLE 7-2 describes the vcatest subtests.

TABLE 7-2 vcatest Subtests

Test Name

Description

CDMF

Tests CDMF bulk encryption

DES

Tests DES bulk encryption

3DES

Tests 3DES bulk encryption

RSA

Tests RSA public and private keys

DSA

Tests DSA signature verification

MD5

Tests MD5 Message Digest/Digital Signature

SHA1

Tests SHA1 Digest Key Creation

RNG

Tests random number generation


vcatest Command-Line Syntax

To perform vcatest from the command line instead of the CDE interface, specify all arguments in the command-line string.

In 32-bit mode, the path to vcatest is /opt/SUNWvts/bin/. In 64-bit mode, the path is /opt/SUNWvts/bin/sparcv9/.

All SunVTS standard options are supported from the command-line interface for vcatest. Test-specific options are specified with the -o argument.

Refer to the SunVTS test reference manual for a definition of the standard command-line arguments. The vcatest is a Functional mode test; therefore, -f must be included. Include -u to display a usage message, or -v for VERBOSE messages. Items enclosed in square brackets denote optional entries.

The following is an example of invoking vcatest in 32-bit mode as a standalone program. The following command performs all subtests on vca0: 

# /opt/SUNWvts/bin/vcatest -f -o dev=vca0,tl=all

The following is an example of invoking vcatest in 64-bit mode from the SunVTS infrastructure. The following command tests RSA, DSA, and MD5 on vca2: 

# /opt/SUNWvts/bin/sparcv9/vcatest -f -o dev=vca2,tl=RSA+DSA+MD5

When performing vcatest from the command line, omission of an option produces the default behavior for that option, as stated in TABLE 7-3.

TABLE 7-3 vcatest Command-Line Syntax

Option

Description

dev=vcaN

Specifies the instance of the device to test such as vca0 or vca2. Defaults to vca0 if not included. Note that N specifies the placement of the instance number of the device being tested.

tl=testlist

Specifies the list of subtests to be performed. The subtests for tl are separated by the + (plus) character. The supported subtests are CDMF, DES, 3DES, DSA, RSA, MD5, SHA1, and RNG, so
tl=CDMF+DES+3DES+DSA+RSA+MD5+SHA1+RNG enables all subtests. You can also insert tl=all which performs all tests. Defaults to all if no subtests are specified.



procedure icon  To Perform netlbtest

1. As superuser, start SunVTS. 

# /opt/SUNWvts/bin/sunvts

Refer to the SunVTS user's guide for detailed startup instructions.

The following instructions assume that SunVTS was started using the CDE user interface.

2. On the SunVTS Diagnostic main window, set the System Map to Logical mode.


Note - Physical mode is also supported; however, this procedure assumes you are using Logical mode.


3. Disable all tests by clearing their check boxes.

4. Select the check box for Network, then select the plus box for Network to display all tests in the Network group.

5. Clear check boxes in the Network group that are not named vcaN(netlbtest).

Note that N specifies the placement of the instance number of the device under test.

Refer to the SunVTS user's guide for the exact procedure. When the probe completes and a vcaN(netlbtest) is displayed, continue to Step 6.

6. Select the Intervention Mode button. Select one of the instances of vcaN(netlbtest), then right-click and drag to display the Test Parameter Options dialog box.

These options, which only pertain to netlbtest, are described in the SunVTS test reference manual.

7. After you have made all selections, select Apply from the Within Instance drop-down menu to change the selected instance of vcaN(netlbtest), or select Apply from the Across All Instances drop-down menu to change all checked instances of vcaN(netlbtest).

This action removes the dialog box and returns you to the SunVTS Diagnostic main window.

8. Select one of the instances of vcaN(netlbtest) then right-click and drag to display the Test Execution Options dialog box.

An alternate method of displaying the Test Execution Options dialog box is to select the Options drop-down main menu; then select Test Executions. These options are generic SunVTS controls that affect all tests. Refer to the SunVTS user's guide for detailed information.

9. When you have made all selections, select Apply to remove the dialog box the return to the SunVTS Diagnostic main window.

10. Click Start to perform the selected tests.

11. Click Stop to stop all tests.


procedure icon  To Perform nettest

1. As superuser, start SunVTS. 

 # /opt/SUNWvts/bin/sunvts

Refer to the SunVTS user's guide for detailed startup instructions.


Note - The following instructions assume that SunVTS was started using the CDE user interface.


2. On the SunVTS Diagnostic main window, set the System Map to Logical mode.


Note - Physical mode is also supported; however, this procedure assumes you are using Logical mode.


3. Disable all tests by clearing their check boxes.

4. Select the check box for Network, then select the plus box for Network to display all tests in the Network group.

5. Clear check boxes in the Network group that are not named vcaN(nettest).

Note that N specifies the placement of the instance number of the device under test.

If the preceding ifconfig entry is not listed, the nettest probe does not consider the device testable. Follow the ifconfig online manual page instructions for bringing an interface online.

Once the ifconfig -a produces the preceding entry, return to the SunVTS Diagnostic main window and probe the system to find vca by selecting Reprobe system in the Commands drop-down menu.

Refer to the SunVTS user's guide for the exact procedure. When the probe completes and a vca0(nettest) is displayed, continue to Step 6.

6. Select one of the instances of vcaN(nettest), then right-click and drag to display the Test Parameter Options dialog box.

These options, which only pertain to nettest, are described in the SunVTS test reference manual.

7. After you have made all selections, select Apply from Within Instance drop-down menu to change the selected instance of vcaN(nettest), or select Apply from the Across All Instances drop-down menu to change all checked instances of vcaN(nettest).

This action removes the dialog box and returns you to the SunVTS Diagnostic main window.

8. Select one of the instances of vcaN(nettest), then right-click and drag to display the Test Execution Options dialog box.

An alternate method of displaying the Test Execution Options dialog box is to select the Options drop-down main menu; then select Test Executions. These options are generic SunVTS controls that affect all tests. Refer to the SunVTS user's guide for detailed information.

9. When you have made all selections, select Apply to remove the dialog box, then return to the SunVTS Diagnostic main window.

10. Click Start to perform the selected tests.

11. Click Stop to stop all tests.


Note - Do not select nettest and netlbtest to be performed simultaneously.


Using kstat to Determine Cryptographic Activity

The Sun Crypto Accelerator 4000 board does not contain lights or other indicators to reflect cryptographic activity on the board. To determine whether cryptographic work requests are being performed on the board, use the kstat(1M) command to display the device usage: 

# kstat vca:0

module: vca                     instance: 0     

name:   vca0                    class:    misc

        3desbytes               3040

        3desjobs                5

        crtime                  65.342725895

        dsasign                 0

        dsaverify               0

        rngbytes                10592

        rngjobs                 187

        rngsha1bytes            16328

        rngsha1jobs             327

        rsaprivate              9

        rsapublic               0

        snaptime                106956.467004482


Note - In the previous example, 0 is the instance number of the vca device. This number should reflect the instance number of the board for which you are performing the kstat command.


Displaying the kstat information indicates whether cryptographic requests or "jobs" are being sent to the Sun Crypto Accelerator 4000 board. A change in the jobs values over time indicates that the board is accelerating cryptographic work requests sent to the Sun Crypto Accelerator 4000 board. If cryptographic work requests are not being sent to the board, verify your web server configuration per the web server specific configuration.

Do not attempt to interpret the kernel/driver statistic values returned by kstat(1M). These values are maintained within the driver to facilitate field support. The meanings and actual names may change over time.


Note - If the nostats property is defined in the /kernel/drv/vca.conf file, the capture and display of statistics will be disabled. This property can be used to help prevent traffic analysis.


Using the OpenBoot PROM FCode Self-Test

The following tests are available to help identify problems with the adapter if the system does not boot.

You can invoke the FCode self-test diagnostics by using the test or test-all commands from the OpenBoot PROM ok prompt. If you encounter an error while performing diagnostics, appropriate messages will be displayed. Refer to the OpenBoot Command Reference Manual for more information on the test and test-all commands.

The FCode self-test exercises most functionality subsection by subsection and ensures the following:


procedure icon  Performing the Ethernet FCode Self-Test Diagnostic

To perform the Ethernet diagnostics, you must first bring the system to a stop at the OpenBoot PROM ok prompt after issuing a reset. If you do not reset the system, the diagnostic tests might cause the system to hang.

For more information about the OpenBoot commands in this section, refer to the OpenBoot Command Reference Manual.

1. Shut down the system.

Use the standard shutdown procedures described in the Solaris Handbook for Sun Peripherals.

2. At the OpenBoot PROM ok prompt, set the auto-boot? configuration variable to false. 

ok setenv auto-boot? false

3. Reset the system. 

ok reset-all

4. Type show-nets to display the list of devices and enter a selection:

You see a list of devices, similar to the example below, specific to the adapter: 

ok show-netsa) /pci@8,600000/network@1

b) /pci@8,700000/network@5,1

q) NO SELECTION

Enter Selection, q to quit: a

/pci@8,600000/network@1 has been selected.

Type ^Y ( Control-Y ) to insert it in the command line.

e.g. ok nvalias mydev ^Y for creating devalias mydev for

/pci@8,600000/network@1


Note - To perform the following self-test with the test command, the Ethernet port must be connected to a network.


5. Perform the self-test using the test command:

The following tests are performed when the test command is executed:


Note - The Sun Crypto Accelerator 4000 UTP adapter self-test for a 1000 Mbps connection is not supported for use with an external loopback cable because the link-clock cannot be reconciled. For this test, the local and remote ports must reconcile as clock master and clock slave. If an external loopback cable is used, both the local and remote ports are identical. So, the single port cannot be both a clock master and a clock slave, because this causes the PHY link-up to fail. For a Sun Crypto Accelerator 4000 UTP adapter self-test for a 1000 Mbps connection to work, a remote 1000BASE-T port must be connected.


Type the following: 

ok test device-path

If the test passes, you see the following messages: 

ok test /pci@8,600000/network@1

Testing /pci@8,600000/network@1

Register tests: passed

Internal loopback test: passed

/pci@8,600000/network@1: 100 Mbps half duplex link up

If the board is not connected to a network, you see the following messages: 

ok test /pci@8,600000/network@1

Testing /pci@8,600000/network@1

Register tests: passed

Internal loopback test: passed

/pci@8,600000/network@1: link down

6. After testing the adapter, type the following to return the OpenBoot PROM ok prompt interface to standard operating mode: 

ok setenv diag-switch? false

7. Set the auto-boot? configuration parameter to true. 

ok setenv auto-boot? true

8. Reset and reboot the system.

Troubleshooting the Sun Crypto Accelerator 4000 Board

This section describes the commands available at the OpenBoot PROM level for troubleshooting the board. Refer to the OpenBoot Command Reference Manual for more information on the commands described in the following subsections.

show-devs

To determine whether the Sun Crypto Accelerator 4000 device is listed in the system: from the OpenBoot PROM ok prompt, type show-devs to display the list of devices. You see lines in the list of devices, similar to the examples below, specific to the board: 

ok show-devs

.

.

/chosen

/packages

/upa@8,480000/SUNW,ffb@0,0

/pci@8,600000/network@1

/pci@8,600000/SUNW,qlc@4

/pci@8,600000/SUNW,qlc@4/fp@0,0

.

.

In the preceding example, the /pci@8,600000/network@1 entry identifies the device path to the board. There will be one such line for each board in the system.

.properties

To determine whether the Sun Crypto Accelerator 4000 device properties are listed correctly: from the ok prompt, type .properties to display the list of properties. 

ok .properties

assigned-addresses       82000810 00000000 00102000 00000000 00002000

                          81000814 00000000 00000400 00000000 00000100

                          82000818 00000000 00200000 00000000 00200000

                          82000830 00000000 00400000 00000000 00100000

d-fru-len                00 00 00 00

d-fru-off                00 00 e8 00

d-fru-dev                eeprom

s-fru-len                00 00 08 00

s-fru-off                00 00 e0 00

s-fru-dev                eeprom

compatible               70 63 69 38 30 38 36 2c 62 35 35 35 2e 31 30 38

reg                      00000800 00000000 00000000 00000000 00000000

                          02000810 00000000 00000000 00000000 00002000

                          02000814 00000000 00000000 00000000 00000100

                          02000818 00000000 00000000 00000000 00200000

                          02000830 00000000 00000000 00000000 00100000

address-bits             00 00 00 30

max-frame-size           00 00 40 00

network-interface-type   ethernet

device-type              network

name                     network

local-mac-address        00 03 ba 0e 99 ca

version                  Sun PCI Crypto Accelerator 4000 1000Base-T 

FCode 2.11.13 03/03/04

phy-type                 mif

board-model              501-6039

model                    SUNW,pci-vca

fcode-rom-offset         00000000

66mhz-capable

fast-back-to-back

devsel-speed             00000001

class-code               00100000

interrupts               00000001

max-latency              00000040

min-grant                00000040

subsystem-vendor-id      0000108e

subsystem-id             00003de8

revision-id              00000002

device-id                0000b555

vendor-id                00008086

watch-net

To monitor a network connection: from the ok prompt, type the apply watch-net command with the device path: 

ok apply watch-net /pci@8,600000/network@1

/pci@8,600000/network@1: 1000 Mbps full duplex link up

Watch ethernet packets

'.' is a good packet and 'X' is a bad packet

Press any key to stop

.....X...X......X.....

The system monitors network traffic, displaying "." each time it receives an error-free packet and "X" each time it receives a packet with an error that can be detected by the network hardware interface.



  Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide 817-3693-10 Table Of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2004, Sun Microsystems, Inc. All rights reserved.