C H A P T E R 8 |
Diagnostics and Troubleshooting |
This chapter describes diagnostic tests and troubleshooting for the Sun Crypto Accelerator 6000 Board software. Additional instructions for Linux are in the last section. Sections include:
The Sun Crypto Accelerator 6000 software provides three interactive utilities for running diagnostics on the board. The first of these utilities, SunVTS, focuses on the system-level network and cryptographic functionality of the Sun Crypto Accelerator 6000 subsystem (driver, firmware, and hardware). The other two utilities, scamgr and scadiag, perform low-level diagnostics on individual hardware components of the Sun Crypto Accelerator 6000 board.
SunVTS is Sun Validation Test Suite software. The core SunVTS wrapper provides test control and a user interface to a suite of system level tests. These tests are delivered with packages SUNWvts and SUNWvtsts to make up a bundle that is contained on the Oracle Solaris 10 Software DVDs, and also available for download at: http://www.sun.com/oem/vts
The Sun Crypto Accelerator 6000 board can be tested with SunVTS 6.2 software that is released with the Oracle Solaris 10 6/06 OS. The SunVTS test, cryptotest, provides diagnostics of the cryptographic circuitry of the board.
Refer to the SunVTS 6.2 test reference manuals (x86 or SPARC), user’s guide, and quick reference card for instructions on how to perform and monitor this diagnostic test. These documents are available at: http://docs.sun.com.
The scamgr utility is used by a security officer to test an initialized card and is the recommended interactive diagnostic application. Both scamgr and scadiag invoke the same diagnostics routines on the card, but the scamgr utility provides more information regarding any failures encountered. Details on how to run the scamgr utility are provided in Chapter 3 of this document, and an example of how to run diagnostics using scamgr is provided in Use the scamgr diagnostics Command.
The scadiag interface allows the security administrator to perform diagnostics on both an initialized and uninitialized board. The scadiag interface provides less information regarding diagnostic failures then the scamgr interface and is primarily intended to provide a general pass/fail status to someone other than a board security officer. To run scadiag diagnostics, the user invokes the scadiag command with the -D parameter. Details on how to run the scadiag utility are provided in Chapter 3, and an example of how to run diagnostics using scadiag is provided in Using the scadiag Utility.
Sun Metaslot chooses the first hardware slot available in the system for crypto operations. For a system with a crypto chip built into the main CPU, such as the Sun Fire T1000/T2000, the crypto chip often becomes the first hardware slot. In this case, most crypto jobs except for the sensitive token key operation are sent to that crypto chip until the main CPU becomes 100 percent utilized. To avoid this congestion, such hardware providers can be disabled with the cryptoadm(1M) utility. This utility can also direct Sun Metaslot to use the Sun Crypto Accelerator 6000 board for all crypto operations.
Disable Other Hardware Providers |
Use the kstat(1M) command to verify that the crypto jobs are being processed by the Sun Crypto Accelerator 6000 board.
Reenable Other Hardware Providers |
Refer to cryptoadm(1M) man page for details.
The kstat(1m) utility examines and reports available kernel statistics. The following is an example of using the kstat utility with the board:
The Sun Crypto Accelerator 6000 board does not contain lights or other indicators to reflect cryptographic activity on the board. To determine whether cryptographic work requests are being performed on the board, use the kstat(1M) command to display the device usage. The following excerpt shows the various kstat options that can be used to determine cryptographic activity.
Note - The following output has noncryptographic activity omitted. |
Note - In the previous example, 0 is the instance number of the mca device. This number should reflect the instance number of the board for which you are performing the kstat command. |
Displaying the kstat information indicates whether cryptographic requests or “jobs” are being sent to the Sun Crypto Accelerator 6000 Board. A change in the jobs values over time indicates that the board is accelerating cryptographic work requests sent to the Sun Crypto Accelerator 6000 Board. If cryptographic work requests are not being sent to the board, verify your web server configuration per the web server specific configuration.
The Sun Crypto Accelerator 6000 board does not contain lights or other indicators to reflect cryptographic activity on the board. To determine whether cryptographic work requests are being performed on the board, you must use the /proc file system
Determine Cryptographic Activity On Linux Platforms |
Use the following command to display the device usage:
The following excerpt shows the various statistics that can be used to determine cryptographic activity:
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.