IBM PCIe Cryptographic Coprocessor Version 1

Custom programming

IBM has created the IBM 4765 PCIe Cryptographic Coprocessor Toolkit that can be used to create or extend the application program that performs within the coprocessor. The Toolkit enables users to create entirely new applications for the PCIe Cryptographic Coprocessor Version 1 (PCIeCC). It also enables users to extend the functionality of IBM's CCA application program in the form of a user-defined extension (UDX).

Such application programs operate within Segment 3 of coprocessor memory and can take full advantage of the Linux embedded operating system to either perform security-sensitive tasks or to perform cryptographic operations, or both.

The UDX development workstation supports the Red Hat® Enterprise Linux® (RHEL) operating system and SUSE® Linux Enterprise Server (SLES) operating system. Support is available for either 64-bit or 32-bit instruction set architectures on the following releases:

Note: The debugger currently requires a 32-bit environment.

When a UDX has been developed, it must be deployed to a supported server platform with a PCIeCC installed. The IBM-approved x86 servers and the IBM Power Systems platforms are supported as shown:

IBM-approved x86 servers

Note: Smart card support currently requires 32-bit libraries.

IBM Power Systems

Note: AIX allows for flexible deployment in 64-bit or 32-bit mode. Smart card support is not available on AIX.

The Toolkit is not offered as an IBM product. Rather, it is available as part of a services offering on a custom contract.

A Toolkit custom contract normally provides:

Frequently a custom contract provides consultation to hasten application development, and sometimes provides for initial development by IBM. Whenever needed, IBM is also able to bid on developing your custom solution or extension.

Availability of the Toolkit is subject to the export regulations of the United States Government, and in some cases the import regulations of other countries. At the present time, IBM is generally able to export the Toolkit to customers within the European Union, and to customers in these additional countries: Australia, Canada, Japan, and New Zealand. Other potential customers should submit an inquiry to one of the Toolkit contacts.

Applications created or extended with the Toolkit may also be subject to the export regulations of the United States Government, and in some cases to the import regulations of other nations.

Toolkit coprocessor application code is compiled and linked using the GNU Compiler Collection (gcc) which targets the PowerPC architecture of the PCIeCC. The Toolkit also provides a source-level debugger called ICAT for examining application code as it performs within the coprocessor.

To gain a further understanding of the Toolkit and how applications are developed, review these PCIeCC publications that are available for download from the library page:

Official MD5 sums for the 4.4.55 workstation 4765 Toolkits

4.4.55 (xSeries Linux)
The official MD5 hexadecimal sums for the 4.4.55 xSeries 4765 Toolkits are:
y4tk.v44558.x64.20151113.tgz (64-bit Toolkit): c768caeb912d56ffc1c6d9eaf8333f34
y4tk.v44558.x86.20151113.tgz (32-bit Toolkit): 73b304c226174b79683d86b0a97dbd00

4.4.55 (pSeries)
y4tk.v44558.x64.20151204.tar: 1a32f752510d1e9312964ef1f2b58695

4.4.55 (Windows Extensions) 9eb118da6be0a382a2280b3b1b67cdd8

Official MD5 sums for the 4.4.20 workstation 4765 Toolkits

4.4.20 (xSeries Linux)
y4tk.v44208.x64.20140627.tgz (64-bit Toolkit): cc5145ccdbe854983e745422349b9e4f
y4tk.v44208.x86.20140627.tgz (32-bit Toolkit): 3cdeba3de3cadfbb6a774b8ac3470d04

4.4.20 (pSeries)
y4tk.v44208.x64.20140904.tar: d5b1c5a07a3c15152335f5ed26337a10

4.4.20 (Windows Extensions) 7c10a03cca3362d2171c243f4d69ae3e

Official MD5 sum for the 4.4.16 workstation (Linux) 4765 Toolkit

The official MD5 hexadecimal sum for the 4.4.16 xSeries 4765 Toolkit (y4tk.v44162.x86.20131206.tgz) is: cb7a573888802dbbe29b91bfe2f6bedb

Official MD5 sum for the 4.3.5 workstation (Linux) 4765 Toolkit

The official MD5 hexadecimal sum for the 4.3.5 xSeries 4765 Toolkit (y4tk.v43544.x86.20130430.tgz) is: 0da3c3983497205cf5bcbc83052e3e3a

Official MD5 sum for the 4.2.5 workstation (Linux) 4765 Toolkit

The official MD5 hexadecimal sum for the 4.2.5 xSeries 4765 Toolkit (y4tk.v42543.20111028.tgz) is: 13e0416d10860619c82c32fc80db333d

Toolkit contacts

If you wish to inquire further about the Toolkit, please contact the Crypto team.

If you wish to inquire further about a UDX, please contact one of the following IBM representatives:

News for current customers


New product release for IBM 4765 now available on IBM IBM-approved x86 servers and IBM AIX operating system, effective October 2015.

New product release CCA 5.0 for Linux on IBM z Systems™ now available effective July 2015. See Overview page for additional information.

As of February 19, 2013, the 4765 hardware security module (HSM) is validated to meet the MEPS (Méthode d'Évaluation des Produits Securitaire "bancaires") approval scheme used by Cartes Bancaires (CB) banking ecosystem. This standards certification allows the 4765 HSM to be used by CB member banks on their dedicated payment networks.

Add-on features are being offered for the IBM 4765 on IBM-approved x86 systems to support additional operating systems. See the IBM 4765 software updates page.

On System z, the coprocessor is available as Crypto Express3, Crypto Express4, and Crypto Express5. It is also available for Linux.