IBM 4765 custom programming

Custom software support

The 4765 HSM contains firmware to manage its specialized hardware and to control loading of additional software based on coprocessor-validated digital signatures. Software support includes the embedded Linux operating system and special device drivers, which provide the platform for application support. Custom applications can be written to run within the HSM, using the internal APIs to perform cryptographic functions. Developing additional functions through User Defined Extensions (UDXs) using CCA as a starting point can be more economical and less time-consuming than creating an entirely new application.

Special key management functions and PIN processing routines are typical extensions.

When an application is substantially different from CCA, or is proprietary, a complete custom application can be built on the embedded Linux environment. Very different approaches to cryptographic processing or even non-cryptographic applications that require a secure processing environment can be developed for the HSM.

Programming custom applications

Alternatively, IBM offers a toolkit that you can use to create and debug custom applications yourself. Toolkit documentation can be obtained from the Library page. Because this is a specialized programming environment and there are special considerations related to the export and import of cryptographic implementations, the toolkit is available only under special contracts. Generally, in addition to the actual toolkit, customers will need to purchase consulting time for education and ongoing support. Any export or import considerations will be part of the toolkit custom contract. Please contact the Crypto team for additional information.

IBM Cryptographic Coprocessor Toolkit

4765 adapter

IBM offers the Cryptographic Coprocessor Toolkit for the IBM 4765 PCIe Cryptographic Coprocessor. The Toolkit is available as a services offering on a custom contract basis. It can:

  • be used to create or extend the application program that performs within the hardware security module (HSM)
  • enable users to create entirely new applications for the HSM
  • enable users to extend the functionality of IBM's CCA application program in the form of a user-defined extension (UDX)
  • authenticate programs
  • be used to interactively debug applications at the source level running in the HSM using its Interactive Code Analysis Tool (ICAT)
  1. A UDX must be deployed on a 4765 HSM installed on a supported server platform.
  2. Toolkit coprocessor application code is compiled and linked using the GNU Compiler Collection (gcc).

Custom application programs are loaded in Segment 3 of the HSM, which is the highest level of the HSM's four memory segments (with Segment 0 being the lowest level). Firmware loaded in Segment 3 can take full advantage of the embedded Linux operating system to perform security-sensitive tasks, cryptographic operations, or both.

A Toolkit custom contract normally provides education on preparing programs to operate within the HSM, a copy of the Toolkit, follow-up support, and assignment of a unique program segment owner identifier for user code and certification of code-sign keys. Frequently a contract provides consultation to hasten application development, and sometimes provides for initial development by IBM. As needed, IBM is typically able to bid on development of your custom solution or extension.

Availability of the Toolkit, as well as applications created or extended with it, is subject to the export regulations of the United States Government, and in some cases to the import regulations of other countries.

Toolkit contacts

Toolkit MD5 sums

Official MD5 sums for the 4.4.55 workstation 4765 Toolkits
4.4.55 (xSeries Linux)
y4tk.v44558.x64.20151113.tgz (64-bit Toolkit): c768caeb912d56ffc1c6d9eaf8333f34
y4tk.v44558.x86.20151113.tgz (32-bit Toolkit): 73b304c226174b79683d86b0a97dbd00
4.4.55 (pSeries)
y4tk.v44558.x64.20151204.tar: 1a32f752510d1e9312964ef1f2b58695
4.4.55 (Windows Extensions)
Official MD5 sums for the 4.4.20 workstation 4765 Toolkits
4.4.20 (xSeries Linux)
y4tk.v44208.x64.20140627.tgz (64-bit Toolkit): cc5145ccdbe854983e745422349b9e4f
y4tk.v44208.x86.20140627.tgz (32-bit Toolkit): 3cdeba3de3cadfbb6a774b8ac3470d04
4.4.20 (pSeries)
y4tk.v44208.x64.20140904.tar: d5b1c5a07a3c15152335f5ed26337a10
4.4.20 (Windows Extensions)
Official MD5 sum for the 4.4.16 workstation (Linux) 4765 Toolkit
y4tk.v44162.x86.20131206.tgz: cb7a573888802dbbe29b91bfe2f6bedb
Official MD5 sum for the 4.3.5 workstation (Linux) 4765 Toolkit
y4tk.v43544.x86.20130430.tgz: 0da3c3983497205cf5bcbc83052e3e3a
Official MD5 sum for the 4.2.5 workstation (Linux) 4765 Toolkit
y4tk.v42543.20111028.tgz: 13e0416d10860619c82c32fc80db333d