Installing the Sun Crypto Accelerator 6000 Board

C H A P T E R 2

This chapter describes how to install the Sun Crypto Accelerator 6000 Board hardware in both Oracle Solaris OS and Linux environments, and also how to install and remove the software. Sections include:

Handling the Board

Installing the Board on Oracle Solaris Platforms

Installing the Sun Crypto Accelerator 6000 Board Software With the install Script

Directories and Files for Oracle Solaris Platforms

Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script

Installing the Software on Oracle Solaris Platforms Without the Installation Script

Removing the Software on Oracle Solaris Platforms Without the remove Script

Installing the Sun Crypto Accelerator 6000 Board on Linux Platforms

Directories and Files for Linux Platforms

Once you have installed the hardware and software of the board, you need to initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.

Handling the Board

Each board is packed in a special antistatic bag to protect it during shipping and storage. To avoid damaging the static-sensitive components on the board, reduce any static electricity on your body before touching the board by using one of the following methods:

Touch the metal frame of the computer.

Attach an antistatic wrist strap to your wrist and to a grounded metal surface.

Caution - To avoid damaging the sensitive components on the board, wear an antistatic wrist strap when handling the board, hold the board by its edges only, and always place the board on an antistatic surface (such as the plastic bag it came in).

Installing the Board on Oracle Solaris Platforms

Installing the board involves inserting the board into the system and loading the software tools. The hardware installation instructions include only general steps for installing the board. Refer to the documentation that came with your system for specific installation instructions.

Install the Hardware

1. As superuser, follow the instructions that came with your system to shut down and power off the computer, disconnect the power cord, and remove the computer cover.

2. Locate an unused PCI slot (preferably an x8 PCI-Express slot).

3. Attach an antistatic wrist strap to your wrist, and attach the other end to a grounded metal surface.

4. Using a Phillips screwdriver, remove the screw from the PCI slot cover.

Save the screw to hold the bracket in Step 5.

5. Holding the board by its edges only, take it out of the plastic bag and insert it into the PCI slot.

6. Secure the screw on the rear bracket.

7. Replace the computer cover, reconnect the power cord, and power on the system.

8. For Oracle Solaris SPARC platforms, verify that the board is properly installed by entering the prtdiag command from a terminal:

% prtdiag
========================= IO Configuration =========================
 
           IO
Location   Type Slot Path                                Name           Model
---------- ---- ---- ----------------------------------- ------------- ---------
IOBD/NET0  PCIE IOBD /pci@780/pci@0/pci@1/network@0      network-pciex8086,105e
IOBD/NET1  PCIE IOBD /pci@780/pci@0/pci@1/network@0,1    network-pciex8086,105e
IOBD/PCIE0 PCIE 0    /pci@780/pci@0/pci@8/pci@0/pci108e,5ca0@e  pci108e,5ca0
IOBD/PCIX  PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/isa@2    isa
IOBD/PCIX  PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/usb@5    usb-pciclass,0c0310
IOBD/PCIX  PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/usb@6    usb-pciclass,0c0310
IOBD/PCIX  PCIX IOBD /pci@7c0/pci@0/pci@1/pci@0/ide@8    ide-pci10b9,5229
IOBD/PCIX  PCIX PCIX /pci@7c0/pci@0/pci@1/pci@0,2/LSILogic,sas@2      LSILogic,sas-pci1000,50 LSI,1064
IOBD/NET2  PCIE IOBD /pci@7c0/pci@0/pci@2/network@0      network-pciex8086,105e
IOBD/NET3  PCIE IOBD /pci@7c0/pci@0/pci@2/network@0,1    network-pciex8086,105e

In the preceding example, the /pci@780/pci@0/pci@8/pci@0/pci108e,5ca0@e identifies the device path to the board. There is one such line for each board in the system.

9. For Oracle Solaris x86 platforms, verify that the board is properly installed by entering the scanpci command from a terminal:

# /usr/X11/bin/scanpci
...
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0
  Sun Microsystems Computer Corp.  Device unknown

Installing the Sun Crypto Accelerator 6000 Board Software With the install Script

There are two methods to install the software, manually or with the install script. This section describes how to install the software with the install script. To install the software manually, refer to Installing the Software on Oracle Solaris Platforms Without the Installation Script.

The install script identifies which platform you are installing on (Oracle Solaris SPARC or x86, Linux x86 or x64) and calls the appropriate installation scripts for your platform. The install script also automatically installs the required patches before installing the software.

In addition to the software provided on the product CD, required software is provided at the Sun Download Center (http://www.sun.com/download/).

The install script path is as follows:

/cdrom/cdrom0/Sun_Crypto_Acc_6000

Install the Software With the install Script

1. Insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system.

If your system is running Sun Enterprise Volume Manager, the system should automatically mount the CD-ROM to the /cdrom/cdrom0 directory.

If your system is not running Sun Enterprise Volume Manager, mount the CD-ROM as follows:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom

You see the following files and directories in the /cdrom/cdrom0/Sun_Crypto_Acc_6000 directory:

TABLE 2-1 Files in the `/cdrom/cdrom0` /Sun_Crypto_Acc_6000 Directory
File or Directory	Contents
README
`Copyright`	U.S. copyright file
`FR_Copyright`	French copyright file
install	Script that installs the Sun Crypto Accelerator 6000 packages for both Oracle Solaris SPARC and x86 systems, and for Linux x86 or x64 systems
Solaris/sparc	Contains the Oracle Solaris SPARC software packages: `SUNWmcact` - Activation file `SUNWmcadevfw` - Development firmware `SUNWmcaf` - FMA support `SUNWmcafw` - Firmware `SUNWmcamn` - Manual pages `SUNWmcar` - Drivers `SUNWmcau` - User components `SUNWscafsu` - Financial services (`usr`) `SUNWscafsm` - Financial services manual pages `SUNWscamga` - Administration client `SUNWscamgm` - Administration manual pages `SUNWscamgr` - Administration (`root`) `SUNWscamgu` - Administration (`usr`)
Solaris/i386/	Contains the Oracle Solaris i386 software packages: `SUNWmcact` - Activation file `SUNWmcaf` - FMA support `SUNWmcafw` - Firmware `SUNWmcamn` - Manual pages `SUNWmcar` - Drivers `SUNWmcau` - User components `SUNWscafsu` - Financial services (`usr`) `SUNWscafsm` - Financial services manual pages `SUNWscamga` - Administration client `SUNWscamgm` - Administration manual pages `SUNWscamgr` - Administration (`root`) `SUNWscamgu` - Administration (`usr`)
Solaris/install	Script that installs the software packages for both Oracle Solaris SPARC and x86 systems. This script is normally called by the main `install` script.
Solaris/remove	Script that removes the software packages for Oracle Solaris SPARC and x86 systems.
Linux/supported-kernel	Contains the Linux x86 or x64 software `rpm` packages: `sun-sca6000` - software and drivers `sun-sca6000-admin` - administration utilities `sun-sca6000-config` - configuration files for administration and keystore I/O services `sun-sca6000-man` - user documentation `sun-sca6000-var` - variable length files
Linux/install	Script that installs the Sun Crypto Accelerator 6000 packages for Linux systems. This script is normally called by the main `install` script.
Linux/remove	Script that removes the Sun Crypto Accelerator 6000 packages for Linux x86 Systems.
docs	Contains the PDF pointer document that links to the required software and the latest user’s guide (this document) and product notes (819-5537).

2. Install the required software by typing:

# cd /cdrom/cdrom0/Sun_Crypto_Acc_6000
# ./install

The install script analyzes the system to identify the system architecture and the required patches. The install script then installs those patches, and installs the main software appropriate for your system. The following is an example of running the install script on an Oracle Solaris SPARC system.

Note - The copyright and license information is omitted from the following example. Refer to Appendix C for copyright and software licenses.

# ./install
This program installs the software for the Sun Crypto Accelerator
6000
 
 
This script is about to take the following actions:
- Install Sun Crypto Accelerator 6000 support for Solaris 10
 
To cancel installation of this software, press ’q’ followed by a Return.
         **OR**
Press Return key to begin installation:
 
*** Installing Sun Crypto Accelerator 6000 software for Solaris 10...
Installing required packages:
SUNWmcaf SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsu SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
 
 
Installation of <SUNWmcaf> was successful.
 
Installation of <SUNWmcact> was successful.
 
Installation of <SUNWmcafw> was successful.
 
Installation of <SUNWmcamn> was successful.
 
Installation of <SUNWmcar> was successful.
 
Installation of <SUNWmcau> was successful.
 
Installation of <SUNWscafsu> was successful.
 
Installation of <SUNWscafsm> was successful.
 
Installation of <SUNWscamga> was successful.
 
Installation of <SUNWscamgm> was successful.
 
Installation of <SUNWscamgr> was successful.
 
Importing Keystore I/O Service to SMF
Starting Keystore I/O Service
Importing Administration Service to SMF
Starting Administration Service
 
Installation of <SUNWscamgu> was successful.
 
*** Installation complete.
 
To remove this software, use the ’remove’ script on this CDROM, or
the following script:
 
        /var/tmp/crypto_acc.remove
 
A log of this installation can be found at:
        /var/tmp/crypto_acc.install.2006.02.28.0833

Directories and Files for Oracle Solaris Platforms

TABLE 2-2 shows the directories created by the default installation of the Sun Crypto Accelerator 6000 software.

TABLE 2-2 Sun Crypto Accelerator 6000 Board Directories and Files for Solaris Platforms
Directory	Contents
/kernel/drv	Driver configuration files
/kernel/drv/sparcv9	64-bit SPARC drivers
/kernel/drv/amd64	64-bit AMD drivers
/opt/SUNWsca/include	Financial services header files
/opt/SUNWsca/lib	Financial services libraries
/opt/SUNWsca/lib/sparcv9	Financial services libraries
/opt/SUNWsca/lib/amd64	Financial services libraries
/opt/SUNWsca/man	Financial services man pages
/usr/lib/crypto	Services
/usr/lib/crypto/firmware/sca	Firmware files
/usr/man	Man pages
/usr/sbin	Administration utilities
/var/sca/keydata	Keystore files (encrypted)
/var/sca/log	Service log files
/var/svc/manifest/device	Service manifests

Note - Once you install the Sun Crypto Accelerator 6000 hardware and software, you need to initialize the board with configuration and keystore information. See Initializing the Board With scamgr for information on how to initialize the board.

Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script

There are two methods to remove the software, the remove script on the CD-ROM, or the pkgrm command. Use the remove script described in this section if you used the install script to install the software. If you installed the software without the install script, see Removing the Software on Oracle Solaris Platforms Without the remove Script.

Remove the Software With the `remove` Script on the CD-ROM

Type the following with the Sun Crypto Accelerator 6000 CD-ROM inserted:

# cd /cdrom/cdrom0/Sun_Crypto_Acc_6000/
# ./Solaris/remove

Installing the Software on Oracle Solaris Platforms Without the Installation Script

This section describes how to install the software manually without using the installation script provided on the product CD.

Refer to the latest version of the Sun Crypto Accelerator 6000 Board Product Notes for Version 1.0 (819-5537) for a list of the required patches. You must install all of the required patches before installing the main software. The latest product notes are available at: http://docs.sun.com

Note - The /cdrom/cdrom0/Sun_Crypto_Acc_6000/install script automatically identifies your system architecture, installs the required patches, and installs the main software appropriate for your system.

In addition to the software provided on the product CD, required software is provided at the Sun Download Center (http://www.sun.com/download/).

Install the Software Without the `install` Script

1. Insert the Sun Crypto Accelerator 6000 CD into a CD-ROM drive that is connected to your system.

If your system is running Sun Enterprise Volume Manager, the system should automatically mount the CD-ROM to the /cdrom/cdrom0 directory.

If your system is not running Sun Enterprise Volume Manager, mount the CD-ROM as follows:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom

The required packages must be installed in a specific order and must be installed before installing any optional packages. Once the required packages are installed, you can install and remove the optional packages in any order.

2. Install the required software packages by typing:

# cd /cdrom/cdrom0/Sun_Crypto_Acc_6000/Packages 
# pkgadd -d . SUNWmcaf SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsu SUNWscafsm SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu

3. (Optional) To verify that the software is installed properly, run the pkginfo command.

# pkginfo SUNWmcaf SUNWmcact SUNWmcafw SUNWmcamn SUNWmcar SUNWmcau SUNWscafsu SUNWscafsm SUNWscamga SUNWscamgm SUNWscamgr SUNWscamgu
system      SUNWmcact  Sun Crypto Accelerator 6000 Activation File
system      SUNWmcaf   Sun Crypto Accelerator 6000 FMA Support
system      SUNWmcafw  Sun Crypto Accelerator 6000 Firmware
system      SUNWmcamn  Sun Crypto Accelerator 6000 Manual Pages
system      SUNWmcar   Sun Crypto Accelerator 6000 Drivers
system      SUNWmcau   Sun Crypto Accelerator 6000 User Components
system      SUNWscafsu Sun Crypto Accelerator Financial Services
system      SUNWscafsm Sun Crypto Accelerator Financial Services Man Pages
system      SUNWscamga Sun Crypto Accelerator Administration Client
system      SUNWscamgm Sun Crypto Accelerator Administration Man Pages
system      SUNWscamgr Sun Crypto Accelerator Administration (root)
system      SUNWscamgu Sun Crypto Accelerator Administration (usr)

4. (Optional for Oracle Solaris SPARC platforms) To ensure that the driver is attached, use the prtdiag command.

# prtdiag -v

Refer to the prtdiag(1m) online manual pages.

5. (Optional for Oracle Solaris x86 platforms) To ensure that the driver is attached, use the scanpci command.

# /usr/X11/bin/scanpci
...
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0
  Sun Microsystems Computer Corp.  Device unknown

6. (Optional) Use the modinfo command to see that modules are loaded.

# modinfo | grep Crypto
62   1317f62  20b1f 198   1  mca (MCA Crypto 1.0)
197  136d5d6   19b0 199   1  mcactl (MCA Crypto Control 1.0)

See Directories and Files for Oracle Solaris Platforms for a description of the directories and files in the default installation.

Removing the Software on Oracle Solaris Platforms Without the remove Script

Note - Remove the Sun Crypto Accelerator 6000 Board software manually only if you did not use the install script to install the software. If you installed the software with the installation script, to remove the software, see Removing the Sun Crypto Accelerator 6000 Software on Oracle Solaris Platforms With the remove Script.

If you have created keystores (see Managing Keystores With scamgr), you must delete the keystore information that the Sun Crypto Accelerator 6000 Board is configured with before removing the software. The zeroize command removes all key material, but does not delete the keystore files that are stored in the filesystem of the physical host in which the board is installed. See the Perform a Software Zeroize on the Board for details on the zeroize command. If you have not yet created any keystores, you can skip this procedure.

Delete Existing Keystores

1. Become superuser.

2. Remove the keystore files with the rm command.

Caution - Do not delete a keystore that is currently in use or that is shared by other users and keystores. To free references to keystores, you might have to shut down the web server, administration server, or both

Remove the Software Without the remove Script

Caution - Before removing the Sun Crypto Accelerator 6000 Board software disable any web servers you have enabled for use with the board. Failure to do so leaves those web servers nonfunctional.

As superuser, use the pkgrm command to remove only the software packages you installed.

Caution - Installed packages must be removed in the order shown. Failure to remove them in this order could result in dependency warnings and leave kernel modules loaded.

If you installed all the packages, you would remove them as follows:

# pkgrm SUNWscamgu SUNWscamgr SUNWscamgm SUNWscamga SUNWscafsm SUNWscafsu SUNWmcau SUNWmcar SUNWmcamn SUNWmcafw SUNWmcact SUNWmcaf

Installing the Sun Crypto Accelerator 6000 Board on Linux Platforms

openCryptoki software is required for the board on Linux platforms. It must be installed before installing the software. Refer to Appendix B to install the openCryptoki software.

Installing the hardware on Linux platforms is the same as with Oracle Solaris platforms. After the system is up, type the following command to verify the board is installed properly:

% lspci

The output of the previous command should contain the following line:

Network and computing encryption device: Sun Microsystems Computer Corp.: Unknown device 5ca0

Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms With the `install` Script

Type the following command:

% ./install
Do you agree to the above license terms? [ACCEPT or DECLINE]
ACCEPT
Installing required packages:
     sun-sca6000-admin-1.0-1.x86_64.rpm
     sun-sca6000-var-1.0-1.x86_64.rpm
     sun-sca6000-config-1.0-1.x86_64.rpm
     sun-sca6000-1.0-1.x86_64.rpm
     sun-sca6000-man-1.0-1.x86_64.rpm
     sun-sca6000-firmware-1.0-1.x86_64.rpm

Installing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the `install` Script

The packages for SuSE Linux Enterprise Server 9 Service Pack 3 are in the
2.6.5-7.244-smp-x86_64 directory. The packages for Red Hat Enterprise Linux 4.0 Update 2 are in the 2.6.9-22.ELsmp-x86_64 directory. The packages are as follows:

sun-sca6000-1.0-1.x86_64.rpm
sun-sca6000-man-1.0-1.x86_64.rpm
sun-sca6000-admin-1.0-1.x86_64.rpm
sun-sca6000-var-1.0-1.x86_64.rpm
sun-sca6000-config-1.0-1.x86_64.rpm
sun-sca6000-firmware-1.0-1.x86_64.rpm

Install the Software Without the install Script

1. Change to the appropriate directory for your platform and enter the following command:

% rpm -i sun-sca6000-man-1.0-1.x86_64.rpm sun-sca6000-admin-1.0-1.x86_64.rpm sun-sca6000-var-1.0-1.x86_64.rpm sun-sca6000-config-1.0-1.x86_64.rpm sun-sca6000-1.0-1.x86_64.rpm sun-sca6000-firmware-1.0-1.x86_64.rpm

2. (Optional) To ensure that the driver is attached, use the scanpci command.

# /usr/X11R6/bin/scanpci
... 
pci bus 0x0082 cardnum 0x0e function 0x00: vendor 0x108e device 0x5ca0 
  Sun Microsystems Computer Corp.  Device unknown

Directories and Files for Linux Platforms

TABLE 2-3 shows the directories created by the default installation of the Sun Crypto Accelerator 6000 software.

TABLE 2-3 Sun Crypto Accelerator 6000 Board Directories and Files
Directory	Contents
/etc/init.d	Start/stop scripts (links)
/etc/rc5.d	Service config files
/etc/opt/sun/sca6000	Daemon configuration files
/opt/sun/sca6000/bin	Application executables, drivers, and the `scamgr` utility
/opt/sun/sca6000/bin/drv	Driver files
/opt/sun/sca6000/firmware	Firmware files
/opt/sun/sca6000/lib	OpenCryptoki plug-ins and application libraries
/opt/sun/sca6000/man	Man pages
/opt/sun/sca6000/sbin	Administration utilities and services and daemon executables
/usr/local/lib/opencryptoki/stdll/	openCryptoki plugin files
/var/opt/sca6000/keydata	Keystore files (encrypted)
/var/opt/sca6000/lock	Service lock files
/var/opt/sca6000/log	Service log files

Removing the Sun Crypto Accelerator 6000 Software on Linux Platforms Without the `remove` Script

Any applications, such as SunJava System and Apache webservers, that are using the board must be stopped before uninstalling the Sun Crypto Accelerator 6000 software.

Remove the Software

Change to the appropriate directory for your platform and enter the following command:

% ./remove

Alternatively, you can enter the following command on one line:

% rpm -e sun-sca6000-1.0-1.x86_64.rpm sun-sca6000-man-1.0-1.x86_64.rpm sun-sca6000-admin-1.0-1.x86_64.rpm sun-sca6000-var-1.0-1.x86_64.rpm sun-sca6000-config-1.0-1.x86_64.rpm sun-sca6000-firmware-1.0-1.x86_64.rpm