IBM 4765 PCIe Cryptographic Coprocessor

Custom programming

IBM has created the IBM 4765 PCIe Cryptographic Coprocessor Toolkit that can be used to create or extend the application program that performs within the coprocessor. The Toolkit enables users to create entirely new applications for the coprocessor. It also enables users to extend the functionality of IBM's CCA application program in the form of a user-defined extension (UDX).

Such application programs operate within Segment 3 of coprocessor memory and can take full advantage of the Linux embedded operating system to perform security-sensitive tasks and/or to perform cryptographic operations.

The UDX development workstation supports the Red Hat® Enterprise Linux® (RHEL) operating system and SUSE® Linux Enterprise Server (SLES) operating system. Support is available for either 64-bit or 32-bit instruction set architectures on the following releases:

Note: The debugger currently requires a 32-bit environment.

When a UDX has been developed, it must be deployed to a supported server platform with an IBM 4765 PCIe cryptographic coprocessor installed. The IBM System x and the IBM Power Systems platforms are supported as shown:

IBM System x

Note: Smart card support currently requires 32-bit libraries.

IBM Power Systems

Note: AIX allows for flexible deployment in 64-bit or 32-bit mode. Smart card support is not available on AIX.

The Toolkit is not offered as an IBM product. Rather, it is available as part of a services offering on a custom contract.

A Toolkit custom contract normally provides:

  • Education on preparing programs to operate within the coprocessor
  • A copy of the Toolkit
  • Follow-up support
  • Assignment of a unique identifier for user code and certification of code-signing keys

Frequently a custom contract provides consultation to hasten application development, and sometimes provides for initial development by IBM. Whenever needed, IBM is also able to bid on developing your custom solution or extension.

Availability of the Toolkit is subject to the export regulations of the United States Government, and in some cases the import regulations of other countries. At the present time, IBM is generally able to export the Toolkit to customers within the European Union, and to customers in these additional countries: Australia, Canada, Japan, and New Zealand. Other potential customers should submit an inquiry to one of the Toolkit contacts.

Applications created or extended with the Toolkit may also be subject to the export regulations of the United States Government, and in some cases to the import regulations of other nations.

Toolkit coprocessor application code is compiled and linked using the GNU Compiler Collection (gcc) which targets the PowerPC architecture of the 4765. The Toolkit also provides a source-level debugger called ICAT for examining application code as it performs within the coprocessor.

To gain a further understanding of the Toolkit and how applications are developed, review these IBM 4765 PCIe Cryptographic Coprocessor publications that are available for download from the library page:

  • Custom Software Developer's Toolkit Guide
  • Custom Software Interface Reference
  • CCA User-Defined Extensions Guide and Reference
  • ICAT Debugger Getting Started
  • CCA Basic Services Reference and Guide

Official MD5 sum for the 4.4.16 xSeries 4765 Toolkit

The official MD5 hexadecimal sum for the 4.4.16 xSeries 4765 Toolkit (y4tk.v44162.x86.20131206.tgz) is: cb7a573888802dbbe29b91bfe2f6bedb

Official MD5 sum for the 4.3.5 xSeries 4765 Toolkit

The official MD5 hexadecimal sum for the 4.3.5 xSeries 4765 Toolkit (y4tk.v43544.x86.20130430.tgz) is: 0da3c3983497205cf5bcbc83052e3e3a

Official MD5 sum for the 4.2.5 xSeries 4765 Toolkit

The official MD5 hexadecimal sum for the 4.2.5 xSeries 4765 Toolkit (y4tk.v42543.20111028.tgz) is: 13e0416d10860619c82c32fc80db333d

Toolkit contacts

If you wish to inquire further about the Toolkit, please contact the Crypto team.

If you wish to inquire further about a UDX, please contact one of the following IBM representatives: