Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Installation Using Source Code (KAE 2.0)

The KAE 2.0 source package contains the KAE kernel driver, UADK framework, KAEOpensslEngine, KAEZstd, KAELz4, and KAEZlib. The KAE kernel driver and UADK are necessary, and the other modules are optional. To use the KAE encryption and decryption function, you only need to install KAEOpensslEngine. You can directly use scripts for the installation and need to check whether the installation is successful.

Prerequisites

  • You have downloaded the KAE 2.0 source package from https://gitee.com/kunpengcompute/KAE/tree/kae2/ or by running git clone https://gitee.com/kunpengcompute/KAE.git -b kae2.
  • The system environment meets the requirements described in Preparing for the Installation.
  • The OpenSSL version is 1.1.1x or 3.0.x, or the Tongsuo version is 8.4.0 (run the openssl version command to query). If not, install OpenSSL or Tongsuo based on Installing OpenSSL/Tongsuo.
  • Run the yum install -y make kernel-devel libtool numactl-devel openssl-devel chrpath command to install dependencies.
  • Set the OpenSSL environment variable OPENSSL_ENGINES to the directory where the KAE dynamic library is stored so that OpenSSL can find KAE.
    • OpenSSL 1.1.1x:
      1
      export OPENSSL_ENGINES=/usr/local/lib/engines-1.1
    • OpenSSL 3.0.x:
      1
      export OPENSSL_ENGINES=/usr/local/lib/engines-3.0
    • Tongsuo:
      1
      export OPENSSL_ENGINES=/usr/local/tongsuo/lib/engines-3.0

Procedure

  1. Use a remote login tool to log in to the Linux CLI as the root user.
  2. Copy the KAE source package to a custom directory and decompress the package.
  3. (Optional) Install all modules using a script.

    If OpenSSL 1.1.1x is used, go to the directory of the KAE source package and run the sh build.sh all command to install all the preceding components. If the compression module is not required, perform 4 to 6 to install them by module.

  4. Install the kernel driver.
    1. Go to the directory where the KAE source package is stored and run the installation script.
      1
2
      cd KAE
sh build.sh driver

      After compilation, uacce.ko, hisi_qm.ko, hisi_sec2.ko, hisi_hpre.ko, hisi_zip.ko, and hisi_rde.ko are generated. The installation path is /lib/modules/`uname -r`/extra.

    2. Check whether the drivers are installed.
      • Check whether the accelerator engine file system exists in /sys/class/uacce.
        1
        ll /sys/class/uacce/
        If the following information is displayed, the drivers have been installed:
        1
2
3
4
5
6
        lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_sec2-0 -> ../../devices/pci0000:74/0000:74:01.0/0000:76:00.0/uacce/hisi_sec2-0
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_sec2-1 -> ../../devices/pci0000:b4/0000:b4:01.0/0000:b6:00.0/uacce/hisi_sec2-1
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_zip-4 -> ../../devices/pci0000:74/0000:74:00.0/0000:75:00.0/uacce/hisi_zip-4
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_zip-5 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-5
      • Use lsmod to check whether the drivers are successfully installed.
        1
        lsmod | grep uacce
        If the following information is displayed, the drivers have been installed:
        1
        uacce                  32768  3 hisi_sec2,hisi_qm,hisi_zip
      • If no device file is queried after the device is restarted and a driver is installed, a possible cause is that the OS has a built-in accelerator driver. You can uninstall the driver and then reload it. Alternatively, add the command for reloading the driver to the startup script re.local. The following uses hisi_sec2 as an example.
        1
2
        rmmod hisi_sec2
modprobe hisi_sec2
      • If no device file is queried after you run sh build.sh cleanup and then reinstall the driver, check that the license is successfully installed. For details, see "Obtaining a License" in Preparing for the Installation.
      • In KAE 2.0, both the encryption and decryption driver and the decompression driver are installed by default. You can manually uninstall unnecessary driver files.
  5. Install the UADK framework.
    1. Run the following command to install the UADK framework:
      1
      sh build.sh uadk

      The UADK framework contains the user-mode driver. The dynamic library files of the user-mode driver are libwd.so and libwd_crypto.so. The default installation path of UADK is /usr/include/uadk. The dynamic library file is in /usr/local/lib.

      If the UADK installation fails and a message is displayed indicating that header files are missing, install the related dependency packages and run the installation command again.

    2. Check whether the UADK framework is installed.
      1
      ll /usr/local/lib/libwd*
      The installation is successful if the following information is displayed:
       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
      -rwxr-xr-x. 1 root root     961 Aug 22 17:23 /usr/local/lib/libwd_comp.la
lrwxrwxrwx. 1 root root      19 Aug 22 17:23 /usr/local/lib/libwd_comp.so -> libwd_comp.so.2.5.0
lrwxrwxrwx. 1 root root      19 Aug 22 17:23 /usr/local/lib/libwd_comp.so.2 -> libwd_comp.so.2.5.0
-rwxr-xr-x. 1 root root  377872 Aug 22 17:23 /usr/local/lib/libwd_comp.so.2.5.0
-rwxr-xr-x. 1 root root     973 Aug 22 17:23 /usr/local/lib/libwd_crypto.la
lrwxrwxrwx. 1 root root      21 Aug 22 17:23 /usr/local/lib/libwd_crypto.so -> libwd_crypto.so.2.5.0
lrwxrwxrwx. 1 root root      21 Aug 22 17:23 /usr/local/lib/libwd_crypto.so.2 -> libwd_crypto.so.2.5.0
-rwxr-xr-x. 1 root root  715616 Aug 22 17:23 /usr/local/lib/libwd_crypto.so.2.5.0
-rwxr-xr-x. 1 root root     907 Aug 22 17:23 /usr/local/lib/libwd.la
lrwxrwxrwx. 1 root root      14 Aug 22 17:23 /usr/local/lib/libwd.so -> libwd.so.2.5.0
lrwxrwxrwx. 1 root root      14 Aug 22 17:23 /usr/local/lib/libwd.so.2 -> libwd.so.2.5.0
-rwxr-xr-x. 1 root root 1342080 Aug 22 17:23 /usr/local/lib/libwd.so.2.5.0
  6. Compile and install KAEOpensslEngine.
    • OpenSSL 1.1.1x:
      • Use OpenSSL in the default path.
        1
        sh build.sh engine
      • Use OpenSSL in a custom path.
        1
        sh build.sh engine /usr/local/ssl1_1_1w
    • OpenSSL 3.0.x:
      • Use OpenSSL in the default path.
        1
        sh build.sh engine3
      • Use OpenSSL in a custom path.
        1
        sh build.sh engine3 /usr/local/ssl3_0_14
    • Tongsuo:
      • Use Tongsuo in the default path.
        1
        sh build.sh engine3_tongsuo
      • Use Tongsuo in a custom path.
        1
        sh build.sh engine3_tongsuo /opt/tongsuo

    The dynamic library file of KAE is libkae.so. It is stored in /usr/local/lib/engines-x.x or /usr/local/tongsuo/lib/engines-3.0.

  7. Check whether KAE is successfully installed.
    • OpenSSL 1.1.1x:
      1
      ll /usr/local/lib/engines-1.1
    • OpenSSL 3.0.x:
      1
      ll /usr/local/lib/engines-3.0
    • Tongsuo 8.4.0:
      1
      ll /usr/local/tongsuo/lib/engines-3.0

    The installation is successful if the following information is displayed:

    1
2
3
4
5
6
    total 5644
-rw-r--r--. 1 root root 3846524 Aug 22 17:28 kae.a
-rwxr-xr-x. 1 root root     995 Aug 22 17:28 kae.la
lrwxrwxrwx. 1 root root      12 Aug 22 17:28 kae.so -> kae.so.2.0.0
lrwxrwxrwx. 1 root root      12 Aug 22 17:28 kae.so.2 -> kae.so.2.0.0
-rwxr-xr-x. 1 root root 1967736 Aug 22 17:28 kae.so.2.0.0
  8. Check whether KAEOpensslEngine takes effect.

    The RSA performance is used as an example. For details about the verification procedure, see Testing the RSA Algorithm Performance in Synchronous Mode. The command output shows that the RSA performance is significantly improved after KAE is specified.

    In addition, during the execution of the RSA performance verification command, you can view the hardware queue resource usage of the hisi_hpre device on a new terminal. Similarly, you can view the hardware queue resource usage of the hisi_sec2 device when verifying the SM3/SM4 algorithm performance.

    1
    cat /sys/class/uacce/hisi_hpre-*/available_instances
    You can also run the following command to refresh the hardware queue consumption of hisi_sec2 every 0.1 second:
    1
    watch -n 0.1 cat /sys/class/uacce/hisi_hpre-*/available_instances

    If the value changes from 256 to 255, the RSA algorithm consumes a hardware queue of the HPRE accelerator, indicating that KAEOpensslEngine has taken effect.