Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Installation Using Source Code

The KAE 1.0 source package contains four modules: kernel driver, user-space driver, OpenSSL-based KAE, and zlib library. You need to compile and install the modules using commands, and then check whether the installation is successful. To upgrade KAE, uninstall the old version and then install the new version.

Prerequisites

  • The system environment meets the requirements described in Environment Requirements.
  • The OpenSSL version is 1.1.1x (run the openssl version command to query). If not, install OpenSSL based on Installing OpenSSL/Tongsuo.
  • Set the OpenSSL environment variable OPENSSL_ENGINES to the directory where the KAE dynamic library is stored so that OpenSSL can detect KAE.
    1
    export OPENSSL_ENGINES=/usr/local/lib/engines-1.1

Procedure

  1. Use a remote login tool to log in to the Linux CLI as the root user.
  2. Download the KAE 1.0 source package provided in Obtaining Software Packages, copy the KAE source package to a custom path, and decompress the package. Alternatively, run the following command to download the package (Kunpeng 920 processor):
    git clone https://gitcode.com/boostkit/KAE.git -b kae1
  3. Install kernel drivers.

    In the KAE driver source code directory, go to the kae_driver directory and install the kernel drivers.

    1
2
3
    cd kae_driver
make
make install
    After compilation, uacce.ko, hisi_qm.ko, hisi_sec2.ko, hisi_hpre.ko, hisi_zip.ko, and hisi_rde.ko are generated. The installation path is /lib/modules/`uname -r`/extra.

    The SUSE and CentOS kernel directory is /lib/modules/`uname -r`/, and the driver installation path is /lib/modules/`uname -r`/extra. The `uname -r` command is used to obtain the current kernel information. If other OSs do not use this directory, modify the kernel directory specified by install in the Makefile file.

    install:

    Change $(shell mkdir -p /lib/modules/`uname -r`/extra) to $(shell mkdir -p kernel_directory/extra).

  4. Install the user-space driver.
    In the KAE driver source code directory, go to the warpdrive directory and install the Warpdriver driver development library.
    1
2
3
4
5
    cd warpdrive
sh autogen.sh
./configure
make
make install

    The --prefix option can be added to the ./configure compile command to specify the location where the user-space driver needs to be installed. The driver's dynamic library file is libwd.so, which is stored in /usr/local/lib under the default installation path /usr/local.

    KAE needs to use the OpenSSL dynamic library and warpdrive dynamic library. The installation path of the warpdrive source code must be the same as that of OpenSSL so that KAE can detect the two dynamic libraries via LD_LIBRARY_PATH.

  5. (Optional) If a SUSE OS is used, set allow_unsupported_modules in the /etc/modprobe.d/10-unsupported-modules.conf file to 1 before loading external drivers.
  6. Load the accelerator drivers to the kernel.
    • Method 1: Restart the system.
    • Method 2: Manually load the drivers in sequence in the CLI and check whether the loading is successful.
      1. Query UACCE driver modules that have been loaded to the kernel.
        1
        lsmod | grep uacce

        If no command output is displayed, perform 6.b to 6.e to load the corresponding modules to the kernel.

      2. Load the UACCE driver.
        1
        modprobe uacce
      3. Load the hisi_sec2 driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_sec2.conf.
        1
        modprobe hisi_sec2
      4. Load the hisi_hpre driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_hpre.conf.
        1
        modprobe hisi_hpre
      5. Load the hisi_rde driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_rde.conf.
        1
        modprobe hisi_rde
      6. Load the hisi_zip driver to the kernel based on the configuration file in /etc/modprobe.d/hisi_zip.conf.
        1
        modprobe hisi_zip
      7. Query UACCE driver modules that have been loaded to the kernel again.
        1
        lsmod | grep hisi_qm
        If the following information is displayed, the loading is successful:
        1
2
        hisi_qm               262144  3 hisi_sec2,hisi_zip,hisi_hpre
uacce                 262144  1 hisi_qm
  7. Compile and install KAE.
    1
2
3
4
5
    cd kae_engine
chmod +x configure
./configure
make clean && make
make install

    You can add the --prefix option to the ./configure compile command to specify the installation path of KAE. The dynamic library file of KAE is libkae.so.

    You are advised to install KAE in default mode. The default installation path is /usr/local. The dynamic library file is in /usr/local/lib/engines-1.1.

    If libwd and OpenSSL are not installed in default mode, run the following command to specify the installation paths of OpenSSL and libwd:

    1
    ./configure --openssl_path=/usr/local/openssl –wd_path=/usr/local/libwd

    In this command, /usr/local/openssl and /usr/local/libwd are examples of OpenSSL and libwd installation paths, respectively.

  8. Compile and install the zlib compression library.
    1. Download zlib-1.2.11.tar.gz from the zlib website and copy it to the kae_zip_engine/open_source directory.
    2. Compile and install the zlib library.
      1
2
      cd kae_zip_engine
sh setup.sh install

      The zlib library is installed in /usr/local/kaezip.

  9. Run the cd command to go to the /usr/local/lib directory or a user-defined directory.
  10. Check the soft link status.
    1. Check the soft link status of libwd.
      1
      ls -al /usr/local/lib/ | grep libwd
      If the command output shows the soft links and SO files, libwd has been installed.
      1
2
3
      lrwxrwxrwx. 1 root root      14 Jun 25 11:16 libwd.so -> libwd.so.1.0.1
lrwxrwxrwx. 1 root root      14 Jun 25 11:16 libwd.so.0 -> libwd.so.1.0.1
-rwxr-xr-x. 1 root root  137280 Jun 24 11:37 libwd.so.1.0.1
    2. Check the soft link status of KAE.
      1
      ls -al /usr/local/lib/engines-1.1/
      If the command output shows the soft links and SO files, KAE has been installed.
      1
2
3
      lrwxrwxrwx. 1 root root     48 Jun 25 11:21 kae.so -> /usr/local/openssl/lib/engines-1.1/kae.so.1.0.1
lrwxrwxrwx. 1 root root     48 Jun 25 11:21 kae.so.0 -> /usr/local/openssl/lib/engines-1.1/kae.so.1.0.1
-rwxr-xr-x. 1 root root 212192 Jun 24 11:37 kae.so.1.0.1
    3. Check the soft link status of the zlib library.
      1
      ll /usr/local/kaezip/lib
      If the command output shows the soft links and SO files, zlib has been installed.
      1
2
3
4
      -rw-r-r-. 1 root root 161162 Jul 10 12:54 libz.a
lrwxrwxrwx. 1 root root     14 Jul 10 12:54 libz.so -> libz.so.1.2.11
lrwxrwxrwx. 1 root root     14 Jul 10 12:54 libz.so.1 -> libz.so.1.2.11
-rwxr-xr-x. 1 root root 146656 Jul 10 12:54 libz.so.1.2.11
  11. Check the accelerator devices in the virtual file system.
    1
    ls -al /sys/class/uacce/
    Command output:
    1
2
3
4
5
6
7
8
9
    total 0
lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2
lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3
lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_rde-4 -> ../../devices/pci0000:78/0000:78:01.0/uacce/hisi_rde-4
lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_rde-5 -> ../../devices/pci0000:b8/0000:b8:01.0/uacce/hisi_rde-5
lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-0 -> ../../devices/pci0000:74/0000:74:01.0/0000:76:00.0/uacce/hisi_sec-0
lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-1 -> ../../devices/pci0000:b4/0000:b4:01.0/0000:b6:00.0/uacce/hisi_sec-1
lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-6 -> ../../devices/pci0000:74/0000:74:00.0/0000:75:00.0/uacce/hisi_zip-6
lrwxrwxrwx. 1 root root 0 Nov 17 22:09 hisi_zip-7 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-7

Verification

  1. Check whether KAEOpensslEngine takes effect.

    The RSA performance is used as an example. For details about the verification procedure, see Testing the RSA Algorithm Performance in Synchronous Mode. The command output shows that the RSA performance is significantly improved after KAE is specified.

    In addition, during the execution of the RSA performance verification command, you can view the hardware queue resource usage of the hisi_hpre device on a new terminal. Similarly, you can view the hardware queue resource usage of the hisi_sec2 device when verifying the SM3/SM4 algorithm performance.

    1
    cat /sys/class/uacce/hisi_hpre-*/attrs/available_instances
    You can also run the following command to refresh the hardware queue consumption of hisi_hpre every 0.1 second:
    1
    watch -n 0.1 cat /sys/class/uacce/hisi_hpre-*/attrs/available_instances

    If the value changes from 256 to 255, the RSA algorithm consumes a hardware queue of the HPRE accelerator, indicating that KAEOpensslEngine has taken effect.

  2. Check whether the accelerator engines of the zlib library take effect.
    Run the ldd command to check whether the zlib library is linked to libwd and libkaezip.
    1
    ldd /usr/local/kaezip/lib/libz.so.1.2.11
    If the following information is displayed, the zlib library has been installed. You can also run the ldd command to check whether libwd and libkaezip are used.
    1
2
3
4
5
            linux-vdso.so.1 =>  (0x0000ffff80280000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffff80080000)
        libwd.so.1 => /lib64/libwd.so.1 (0x0000ffff80040000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffff80290000)
        libkaezip.so => /usr/local/kaezip/lib/libkaezip.so (0x0000ffff80830000)