IBM 4765 PCIe Cryptographic Coprocessor

IBM Cryptographic Coprocessor Toolkit users can customize the application within an HSM

IBM Cryptographic Coprocessor Toolkit custom programming

IBM offers the Cryptographic Coprocessor Toolkit for the IBM 4765 PCIe Cryptographic Coprocessor. The Toolkit is available as a services offering on a custom contract basis. It can:

  • be used to create or extend the application program that performs within the hardware security module (HSM)
  • enable users to create entirely new applications for the HSM
  • enable users to extend the functionality of IBM's CCA application program in the form of a user-defined extension (UDX)
  • authenticate programs
  • be used to interactively debug applications at the source level running in the HSM using its Interactive Code Analysis Tool (ICAT)
  1. A UDX must be deployed on a 4765 HSM installed on a supported server platform.
  2. The UDX development workstation is supported on certain SUSE® (a Micro Focus Company) Linux Enterprise Server (SLES) and Red Hat® Enterprise Linux® (RHEL) operating systems. See the PCIeCC overview page for a list of supported operating systems. Note: the debugger currently requires a 32-bit environment.
  3. Toolkit coprocessor application code is compiled and linked using the GNU Compiler Collection (gcc).
  4. To learn more about the Toolkit, documentation is available for download in PDF format from the Library page under the heading IBM 4765 custom programming.

Custom application programs are loaded in Segment 3 of the HSM, which is the highest level of the HSM's four memory segments (with Segment 0 being the lowest level). Firmware loaded in Segment 3 can take full advantage of the embedded Linux operating system to perform security-sensitive tasks, cryptographic operations, or both.

A Toolkit custom contract normally provides education on preparing programs to operate within the HSM, a copy of the Toolkit, follow-up support, and assignment of a unique program segment owner identifier for user code and certification of code-sign keys. Frequently a contract provides consultation to hasten application development, and sometimes provides for initial development by IBM. As needed, IBM is typically able to bid on development of your custom solution or extension.

Availability of the Toolkit, as well as applications created or extended with it, is subject to the export regulations of the United States Government, and in some cases to the import regulations of other countries.

Toolkit contacts

Please direct Toolkit inquiries to the Crypto team. Please direct UDX inquiries to one of the following IBM representatives:

Toolkit MD5 sums

Official MD5 sums for the 4.4.55 workstation 4765 Toolkits
4.4.55 (xSeries Linux)
y4tk.v44558.x64.20151113.tgz (64-bit Toolkit): c768caeb912d56ffc1c6d9eaf8333f34
y4tk.v44558.x86.20151113.tgz (32-bit Toolkit): 73b304c226174b79683d86b0a97dbd00
4.4.55 (pSeries)
y4tk.v44558.x64.20151204.tar: 1a32f752510d1e9312964ef1f2b58695
4.4.55 (Windows Extensions)
Official MD5 sums for the 4.4.20 workstation 4765 Toolkits
4.4.20 (xSeries Linux)
y4tk.v44208.x64.20140627.tgz (64-bit Toolkit): cc5145ccdbe854983e745422349b9e4f
y4tk.v44208.x86.20140627.tgz (32-bit Toolkit): 3cdeba3de3cadfbb6a774b8ac3470d04
4.4.20 (pSeries)
y4tk.v44208.x64.20140904.tar: d5b1c5a07a3c15152335f5ed26337a10
4.4.20 (Windows Extensions)
Official MD5 sum for the 4.4.16 workstation (Linux) 4765 Toolkit
y4tk.v44162.x86.20131206.tgz: cb7a573888802dbbe29b91bfe2f6bedb
Official MD5 sum for the 4.3.5 workstation (Linux) 4765 Toolkit
y4tk.v43544.x86.20130430.tgz: 0da3c3983497205cf5bcbc83052e3e3a
Official MD5 sum for the 4.2.5 workstation (Linux) 4765 Toolkit
y4tk.v42543.20111028.tgz: 13e0416d10860619c82c32fc80db333d