Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Installation Using RPM Packages

KAE 2.0 RPM packages include kae-driver, kae-openssl, and kae-zip. To use encryption and decryption algorithms, install kae-driver and kae-openssl. To use KAEZip algorithms, install kae-driver and kae-zip. You are advised to install KAE 2.0 using source code. If KAE 2.0 needs to be installed on an OS other than openEuler using RPM packages, create RPM packages from source code and then install KAE 2.0. To upgrade KAE, uninstall the old version and then install the new version.

Currently, each RPM package of KAE 2.0 is built on a specified tag and dedicated to a specific OS, and does not offer the latest features of KAE 2.0.

Prerequisites

  • The RPM tool is available.
  • The OpenSSL version is 1.1.1x (run the openssl version command to query). If not, install OpenSSL based on Installing OpenSSL/Tongsuo.
  • Install the dependencies.
    yum install -y make kernel-devel libtool numactl-devel openssl-devel chrpath  lz4-devel
  • Set the OpenSSL environment variable OPENSSL_ENGINES to the directory where the KAE dynamic library is stored so that OpenSSL can detect KAE.
    1
    export OPENSSL_ENGINES=/usr/local/lib/engines-1.1
  • Set the LD_LIBRARY_PATH environment variable so that KAE can detect the UADK driver dynamic library.
    1
    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib

Procedure

  1. Use SSH to remotely log in to the Linux CLI as the root user.
  2. Copy the KAE 2.0 RPM packages obtained from Obtaining Software Packages to a custom directory.

    If the KAE code repository does not contain RPM packages for a specific OS, perform the following operations to create RPM packages:

    1. Download the KAE 2.0 source package from GitCode or run the following command to download:
      git clone https://gitcode.com/boostkit/KAE.git -b kae2
    2. Create RPM packages in the KAE source code directory.
      sh build.sh rpmpack
  3. Install the accelerator driver RPM package (kae-driver-2.0.1-1.aarch64.rpm for example).
    1
    rpm -ivh kae-driver-2.0.1-1.aarch64.rpm
    If information similar to the following is displayed, the installation is successful:
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
    Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Preprocessing before installing the driver
checking installed modules
uacce modules start to install
checking installed modules
hisi_sec2 modules start to install
checking installed modules
hisi_hpre modules start to install
checking installed modules
hisi_zip modules start to install
Updating / installing...
   1:kae-driver-2.0.1-1               ################################# [100%]
installing driver...
uacce modules installed
hisi_sec2 modules installed
hisi_hpre modules installed
hisi_zip modules installed
    If no device file is found after a driver is installed or the device is restarted, a possible cause is that the OS has a built-in accelerator driver. You can unload the installed driver and then reload it. Alternatively, add the command for reloading the driver to the startup script rc.local to ensure that the driver can be properly loaded after the device is restarted. The following commands use hisi_sec2 as an example.
    1
2
    rmmod hisi_sec2
modprobe hisi_sec2
  4. Install the engine library RPM package (kae-openssl-2.0.1-1.aarch64.rpm for example).
    1
    rpm -ivh kae-openssl-2.0.1-1.aarch64.rpm
    If information similar to the following is displayed, the installation is successful:
    1
2
3
4
5
    Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:kae-openssl-2.0.1-1              ################################# [100%]
installing openssl engine...
  5. Install the KAEZip RPM package (kae-zip-2.0.1-1.aarch64.rpm for example).
    1
    rpm -ivh kae-zip-2.0.1-1.aarch64.rpm

    If information similar to the following is displayed, the installation is successful:

    1
2
3
4
5
6
    Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
installing pre zip...
Updating / installing...
   1:kae-zip-2.0.1-1                  ################################# [100%]
installing post zip...
  6. Check whether related software has been installed in the system.
    1. Check whether the drivers are installed.
      • Check whether the accelerator engine file system exists in /sys/class/uacce.
        1
        ll /sys/class/uacce/
        If information similar to the following is displayed, the drivers have been installed:
        1
2
3
4
5
6
        lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_sec2-0 -> ../../devices/pci0000:74/0000:74:01.0/0000:76:00.0/uacce/hisi_sec2-0
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_sec2-1 -> ../../devices/pci0000:b4/0000:b4:01.0/0000:b6:00.0/uacce/hisi_sec2-1
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_zip-4 -> ../../devices/pci0000:74/0000:74:00.0/0000:75:00.0/uacce/hisi_zip-4
lrwxrwxrwx. 1 root root 0 Aug 22 17:14 hisi_zip-5 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-5
      • Use lsmod to check whether the drivers are successfully installed.
        1
        lsmod | grep uacce
        If information similar to the following is displayed, the drivers have been installed:
        1
        uacce                  32768  3 hisi_sec2,hisi_qm,hisi_zip
    2. Check whether the UADK framework is installed.
      1
      ll /usr/local/lib/libwd*
      The installation is successful if information similar to the following is displayed:
       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
      -rwxr-xr-x. 1 root root     961 Aug 22 17:23 /usr/local/lib/libwd_comp.la
lrwxrwxrwx. 1 root root      19 Aug 22 17:23 /usr/local/lib/libwd_comp.so -> libwd_comp.so.2.5.0
lrwxrwxrwx. 1 root root      19 Aug 22 17:23 /usr/local/lib/libwd_comp.so.2 -> libwd_comp.so.2.5.0
-rwxr-xr-x. 1 root root  377872 Aug 22 17:23 /usr/local/lib/libwd_comp.so.2.5.0
-rwxr-xr-x. 1 root root     973 Aug 22 17:23 /usr/local/lib/libwd_crypto.la
lrwxrwxrwx. 1 root root      21 Aug 22 17:23 /usr/local/lib/libwd_crypto.so -> libwd_crypto.so.2.5.0
lrwxrwxrwx. 1 root root      21 Aug 22 17:23 /usr/local/lib/libwd_crypto.so.2 -> libwd_crypto.so.2.5.0
-rwxr-xr-x. 1 root root  715616 Aug 22 17:23 /usr/local/lib/libwd_crypto.so.2.5.0
-rwxr-xr-x. 1 root root     907 Aug 22 17:23 /usr/local/lib/libwd.la
lrwxrwxrwx. 1 root root      14 Aug 22 17:23 /usr/local/lib/libwd.so -> libwd.so.2.5.0
lrwxrwxrwx. 1 root root      14 Aug 22 17:23 /usr/local/lib/libwd.so.2 -> libwd.so.2.5.0
-rwxr-xr-x. 1 root root 1342080 Aug 22 17:23 /usr/local/lib/libwd.so.2.5.0
    3. Check whether KAE is successfully installed.
      1
       ll /usr/local/lib/engines-1.1

      The installation is successful if information similar to the following is displayed:

      1
2
3
4
5
6
      total 5644
-rw-r--r--. 1 root root 3846524 Aug 22 17:28 kae.a
-rwxr-xr-x. 1 root root     995 Aug 22 17:28 kae.la
lrwxrwxrwx. 1 root root      12 Aug 22 17:28 kae.so -> kae.so.2.0.0
lrwxrwxrwx. 1 root root      12 Aug 22 17:28 kae.so.2 -> kae.so.2.0.0
-rwxr-xr-x. 1 root root 1967736 Aug 22 17:28 kae.so.2.0.0
    4. Check whether the KAEZip decompression module is successfully installed.
      1
      ll /usr/local/kaezip/lib

      The installation is successful if information similar to the following is displayed:

      1
2
3
4
5
6
7
8
9
      total 440
lrwxrwxrwx. 1 root root     40 Jan 12  2024 libkaezip.so -> /usr/local/kaezip/lib/libkaezip.so.2.0.1
lrwxrwxrwx. 1 root root     40 Jan 12  2024 libkaezip.so.0 -> /usr/local/kaezip/lib/libkaezip.so.2.0.1
-rwxr-xr-x. 1 root root 148096 Jan 12  2024 libkaezip.so.2.0.1
-rwxr-xr-x. 1 root root 146306 Jan 12  2024 libz.a
lrwxrwxrwx. 1 root root     14 Jan 12  2024 libz.so -> libz.so.1.2.11
lrwxrwxrwx. 1 root root     14 Jan 12  2024 libz.so.1 -> libz.so.1.2.11
-rwxr-xr-x. 1 root root 143656 Jan 12  2024 libz.so.1.2.11
drwxr-xr-x. 2 root root   4096 Dec  5 18:48 pkgconfig

Verification

  1. Check KAE RPM software packages.
    1
    rpm -qa kae-driver kae-openssl kae-zip
    If the following information is displayed, the installation is successful:
    1
2
3
    kae-openssl-2.0.1-1.aarch64
kae-driver-2.0.1-1.aarch64
kae-zip-2.0.1-1.aarch64
  2. Check the accelerator devices in the virtual file system.
    1
    ls -al /sys/class/uacce/
    Command output:
    1
2
3
4
5
6
7
    total 0
lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-2 -> ../../devices/pci0000:78/0000:78:00.0/0000:79:00.0/uacce/hisi_hpre-2
lrwxrwxrwx. 1 root root 0 Nov 14 03:45 hisi_hpre-3 -> ../../devices/pci0000:b8/0000:b8:00.0/0000:b9:00.0/uacce/hisi_hpre-3
lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-0 -> ../../devices/pci0000:74/0000:74:01.0/0000:76:00.0/uacce/hisi_sec-0
lrwxrwxrwx. 1 root root 0 Nov 14 08:39 hisi_sec-1 -> ../../devices/pci0000:b4/0000:b4:01.0/0000:b6:00.0/uacce/hisi_sec-1
lrwxrwxrwx.  1 root root 0 Dec  5 18:59 hisi_zip-4 -> ../../devices/pci0000:74/0000:74:00.0/0000:75:00.0/uacce/hisi_zip-4
lrwxrwxrwx.  1 root root 0 Dec  5 18:59 hisi_zip-5 -> ../../devices/pci0000:b4/0000:b4:00.0/0000:b5:00.0/uacce/hisi_zip-5
  3. Check whether KAEOpensslEngine takes effect.

    The RSA performance is used as an example. For details about the verification procedure, see Testing the RSA Algorithm Performance in Synchronous Mode. The command output shows that the RSA performance is significantly improved after KAE is specified.

    In addition, during the execution of the RSA performance verification command, you can view the hardware queue resource usage of the hisi_hpre device on a new terminal. Similarly, you can view the hardware queue resource usage of the hisi_sec2 device when verifying the SM3/SM4 algorithm performance.

    1
    cat /sys/class/uacce/hisi_hpre-*/available_instances
    You can also run the following command to refresh the hardware queue consumption of hisi_hpre every 0.1 second:
    1
    watch -n 0.1 cat /sys/class/uacce/hisi_hpre-*/available_instances

    If the value changes from 256 to 255, the RSA algorithm consumes a hardware queue of the HPRE accelerator, indicating that KAEOpensslEngine has taken effect.

  4. Check whether the accelerator engine of the KAEZip library takes effect by running the ldd command to confirm that KAEZip links the libwd library.
    1
    ldd /usr/local/kaezip/lib/libz.so.1.2.11
    If information similar to the following is displayed, the KAEZlib library has been installed. You can also run the ldd command to check whether the libwd library is used.
    1
2
3
4
5
6
7
            linux-vdso.so.1 (0x0000ffffa631d000)
	libc.so.6 => /usr/lib64/libc.so.6 (0x0000ffffa6110000)
	libkaezip.so => /usr/local/kaezip/lib/libkaezip.so (0x0000ffffa60df000)
	libwd.so.2 => /usr/local/lib/libwd.so.2 (0x0000ffffa607e000)
	libwd_comp.so.2 => /usr/local/lib/libwd_comp.so.2 (0x0000ffffa605d000)
	/lib/ld-linux-aarch64.so.1 (0x0000ffffa62e0000)
	libnuma.so.1 => /usr/lib64/libnuma.so.1 (0x0000ffffa6038000)
  5. Check whether the accelerator engine of the KAEZstd library takes effect by running the ldd command to confirm that KAEZstd links the libwd library.
    1
    ldd /usr/local/kaezstd/lib/libkaezstd.so
    If information similar to the following is displayed, the KAEZstd library has been installed:
    1
2
3
4
5
6
            linux-vdso.so.1 (0x0000ffff89774000)
        libwd.so.2 => /usr/local/lib/libwd.so.2 (0x0000ffff896b5000)
        libwd_comp.so.2 => /usr/local/lib/libwd_comp.so.2 (0x0000ffff89684000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x0000ffff894d5000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffff89737000)
        libnuma.so.1 => /usr/lib64/libnuma.so.1 (0x0000ffff894b0000)
  6. Check whether the accelerator engine of the KAELz4 library takes effect by running the ldd command to confirm that KAELz4 links the libwd library.
    1
    ldd /usr/local/kaelz4/lib/libkaelz4.so
    If information similar to the following is displayed, the KAELz4 library has been installed:
    1
2
3
4
5
6
    	linux-vdso.so.1 (0x0000ffff84add000)
	libwd.so.2 => /usr/local/lib/libwd.so.2 (0x0000ffff84a0e000)
	libwd_comp.so.2 => /usr/local/lib/libwd_comp.so.2 (0x0000ffff849dd000)
	libc.so.6 => /usr/lib64/libc.so.6 (0x0000ffff8482e000)
	/lib/ld-linux-aarch64.so.1 (0x0000ffff84aa0000)
	libnuma.so.1 => /usr/lib64/libnuma.so.1 (0x0000ffff84809000)