Skip to content

Commit 26b4d6c

Browse files
naghaabiramiYogaraj-Alamenda
authored andcommitted
Spec File with QAT OOT driver for Binary RPM.
Binary RPM Package for RHEL9.1, Ubuntu 22.04 & SUSE SLES15 SP3 based out of QAT2.0 OOT driver with QAT_SW Co-ex. Signed-off-by: Nagha Abirami <naghax.abirami@intel.com>
1 parent b49080d commit 26b4d6c

File tree

6 files changed

+229
-6
lines changed

6 files changed

+229
-6
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,3 +68,4 @@ test_bssl/.dirstamp
6868
/compile
6969
/depcomp
7070
/ltmain.sh
71+
/rpmbuild

Makefile.am

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ mostlyclean-generic:
203203
-rm -rf *.obj bin lib tags core .pure .nfs* \
204204
*.old *.bak fluff *.so *.sl *.dll test/*.obj testapp \
205205
test/.dirstamp test/*.o test_bssl/*obj test_bssl/.dirstamp \
206-
test_bssl/*.o qatengine_test
206+
test_bssl/*.o qatengine_test rpmbuild
207207

208208
if QAT_ERR_FILES_BUILD
209209
MAKE = make err-files && make
@@ -250,3 +250,10 @@ ipsec_mb:
250250
crypto_mb:
251251
cd ipp-crypto/sources/ippcp/crypto_mb && rm -rf build && cmake . -B"build" -DOPENSSL_INCLUDE_DIR=$(with_openssl_install_dir)/include -DOPENSSL_LIBRARIES=$(with_openssl_install_dir) -DOPENSSL_ROOT_DIR=$(PWD)/openssl && cd build && make clean && make -j$(nproc) && make install -j$(nproc)
252252
endif
253+
254+
if QAT_4XXX
255+
rpm:
256+
mkdir -p rpmbuild/BUILD rpmbuild/RPMS rpmbuild/SOURCES rpmbuild/SPECS rpmbuild/SRPMS
257+
cp qatengine-oot.spec rpmbuild/SPECS/
258+
rpmbuild --undefine=_disable_source_fetch --define "_topdir $(abs_srcdir)/rpmbuild" -ba rpmbuild/SPECS/qatengine-oot.spec
259+
endif

docs/features.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ Please refer [here](qat_hw_algo.md) for supported platforms list and default beh
5555
* [QAT_HW & QAT_SW Co-existence with runtime configuration](qat_coex.md#qat-hw-and-qat-sw-co-existence)
5656
* [OpenSSL 3.0 Provider Support](qat_common.md#openssl-30-provider-support)
5757
* [FIPS 140-3 Certification requirements Support using QAT Provider](qat_common.md#fips-140-3-certification-requirements-support-using-qat-provider)
58+
* [Binary RPM Package](qat_common.md#binary-rpm-package)
5859

5960
Note: RSA Padding schemes are handled by OpenSSL\* or BoringSSL\* rather than accelerated, so the
6061
engine supports the same padding schemes as OpenSSL\* or BoringSSL\* does natively.

docs/qat_common.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,3 +59,36 @@ The FIPS 140-3 certification is under process.
5959
| :---: | :---: |
6060
| QAT_HW | RSA, ECDSA, ECDH, ECDHX25519, ECDHX448, DSA, DH, TLS1.2-KDF(PRF), TLS1.3-KDF(HKDF), SHA3 & AES-GCM |
6161
| QAT_SW | RSA, ECDSA, ECDH, ECDHX25519, SHA2 & AES-GCM |
62+
63+
# Binary RPM Package
64+
65+
QAT_Engine supports Binary Package via RPM which can be found in the Release page (Assests section)
66+
The Current Binary RPM Package is created for the distros RHEL 9.1, Ubuntu 22.04 and SUSE SLES15 SP3 with
67+
with default Kernel and other dependant packages from the system default.
68+
The RPM is generated using QAT2.0 OOT driver with QAT_SW Co-existence which means
69+
it will accelerate via QAT_HW for asymmetic PKE and QAT_SW for AES-GCM and supported only on
70+
[Intel® Xeon® Scalable Processor family with Intel® QAT Gen4/Gen4m][1] with default build configuration
71+
in QAT Engine against OpenSSL 3.0 engine and can be build using `make rpm` target.
72+
Dependant library versions used for building binary package are mentioned in Software requirements section.
73+
74+
Example commands below to install and uninstall RPM Package
75+
76+
```
77+
install:
78+
RHEL & SUSE: rpm -ivh QAT_Engine-<version>.x86_64.rpm --target noarch
79+
Ubuntu: alien -i QAT_Engine-<version>.x86_64.rpm --scripts
80+
uninstall
81+
RHEL & SUSE: rpm -e QAT_Engine
82+
Ubuntu: apt-get remove QAT_Engine
83+
```
84+
85+
The binary RPM Package will take care of installing dependant libraries and kernel modules in the
86+
default path and OpenSSL being installed in `/usr/local/ssl`
87+
Since it is using different OpenSSL version(refer Software requirements for verion) than what is
88+
present in thesystem. LD_LIBRARY_PATH must be set to this path below.
89+
90+
```
91+
export LD_LIBRARY_PATH=/usr/local/ssl/lib64
92+
```
93+
94+
[1]:https://www.intel.com/content/www/us/en/products/docs/processors/xeon-accelerated/4th-gen-xeon-scalable-processors.html

fips/driver_install.sh

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,11 @@ if ( lsmod | grep qat >/dev/null ); then
88
rmmod usdm_drv
99
rmmod qat_4xxx
1010
rmmod intel_qat
11-
echo "Removed existing driver........."
11+
echo "Removed existing driver"
1212
elif (lsmod | grep intel_qat >/dev/null); then
1313
rmmod qat_4xxx
1414
rmmod intel_qat
15-
echo "Removed existing driver........"
15+
echo "Removed existing driver"
1616
fi
1717
else
1818
echo "Shutdown qat services"
@@ -31,7 +31,7 @@ sudo modprobe uio
3131
cp -rf /usr/lib64/build/qat_4xxx.bin /lib/firmware/
3232
cp -rf /usr/lib64/build/qat_4xxx_mmp.bin /lib/firmware/
3333

34-
echo "Installing the QAT driver......."
34+
echo "Installing QAT Kernel Modules"
3535

3636
sudo insmod /usr/lib64/build/intel_qat.ko
3737
sudo insmod /usr/lib64/build/usdm_drv.ko
@@ -48,6 +48,4 @@ cp /usr/lib64/build/adf_ctl /usr/bin
4848

4949
cd /usr/lib64/build
5050

51-
./qat_service start
52-
5351
sudo adf_ctl restart

qatengine-oot.spec

Lines changed: 183 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,183 @@
1+
%undefine __cmake_in_source_build
2+
%undefine _disable_source_fetch
3+
%global _lto_cflags %{nil}
4+
%global debug_package %{nil}
5+
# Dependent Library Versions
6+
%global major 1
7+
%global minor 4
8+
%global rev 0
9+
%global ipsec intel-ipsec-mb
10+
%global ipsecver %{major}.%{minor}
11+
%global ipsecfull %{ipsec}-%{ipsecver}
12+
%global fullversion %{major}.%{minor}.%{rev}
13+
14+
%global ippcp_major 11
15+
%global ippcp_minor 8
16+
%global ippcp ipp-crypto
17+
%global ippcpver ippcp_2021.8
18+
%global ippcpfull %{ippcp}-%{ippcpver}
19+
%global ippcpfullversion %{ippcp_major}.%{ippcp_minor}
20+
21+
%global openssl openssl-3.0.10
22+
%global qatdriver QAT20.L.1.0.50-00003
23+
24+
%global openssl_source %{_builddir}/%{openssl}
25+
%global openssl_install %{buildroot}/%{_prefix}/local/ssl
26+
27+
Name: QAT_Engine
28+
Version: 1.4.0
29+
Release: 1%{?dist}
30+
Summary: Intel QuickAssist Technology(QAT) OpenSSL Engine
31+
License: BSD-3-Clause AND OpenSSL
32+
33+
Source0: https://github.com/intel/QAT_Engine/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
34+
Source1: https://github.com/openssl/openssl/releases/download/%{openssl}/%{openssl}.tar.gz#/%{openssl}.tar.gz
35+
Source2: https://downloadmirror.intel.com/783270/%{qatdriver}.tar.gz#/%{qatdriver}.tar.gz
36+
%if !0%{?suse_version}
37+
Source3: https://github.com/intel/ipp-crypto/archive/refs/tags/%{ippcpver}.tar.gz#/%{ippcp}-%{ippcpver}.tar.gz
38+
Source4: https://github.com/intel/intel-ipsec-mb/archive/refs/tags/v%{ipsecver}.tar.gz#/%{ipsecfull}.tar.gz
39+
%endif
40+
41+
%description
42+
This package provides the Intel QuickAssist Technology OpenSSL Engine
43+
(an OpenSSL Plug-In Engine) which provides cryptographic acceleration
44+
for both hardware and optimized software using Intel QuickAssist Technology
45+
enabled Intel platforms.
46+
47+
%prep
48+
%setup -b 0
49+
%setup -b 1
50+
%if !0%{?suse_version}
51+
%setup -b 3
52+
%setup -b 4
53+
%endif
54+
# Setup Source2 driver package manually
55+
mkdir -p %{_builddir}/%{qatdriver}
56+
tar -zxvf %{_sourcedir}/%{qatdriver}.tar.gz -C %{_builddir}/%{qatdriver}
57+
cp -rf %{_builddir}/%{name}-%{version}/fips/driver_install.sh %{_builddir}
58+
59+
%build
60+
cd %{_builddir}/%{openssl}
61+
./config --prefix=%{_builddir}/openssl_install
62+
%make_build
63+
make install
64+
mkdir -p %{buildroot}/%{_prefix}/local/ssl/lib64
65+
mkdir -p %{buildroot}/%{_prefix}/local/ssl/bin
66+
mkdir -p %{buildroot}/%{_prefix}/local/ssl/include
67+
mkdir -p %{buildroot}/%{_prefix}/local/lib
68+
mkdir -p %{buildroot}/%{_prefix}/lib
69+
cp -rf %{_builddir}/openssl_install/lib64/libcrypto.so.3 %{buildroot}/%{_prefix}/local/ssl/lib64
70+
cp -rf %{_builddir}/openssl_install/lib64/libssl.so.3 %{buildroot}/%{_prefix}/local/ssl/lib64
71+
cp -rf %{_builddir}/openssl_install/bin %{buildroot}/%{_prefix}/local/ssl/
72+
cp -rf %{_builddir}/openssl_install/include %{buildroot}/%{_prefix}/local/ssl/
73+
cd %{buildroot}/%{_prefix}/local/ssl/lib64
74+
ln -sf libcrypto.so.3 libcrypto.so
75+
ln -sf libssl.so.3 libssl.so
76+
77+
cd %{_builddir}/%{qatdriver}
78+
unset ICP_ROOT
79+
unset ICP_BUILD_OUTPUT
80+
./configure
81+
%make_build
82+
83+
%if !0%{?suse_version}
84+
cd %{_builddir}/%{ippcpfull}/sources/ippcp/crypto_mb
85+
cmake . -B"build" -DOPENSSL_INCLUDE_DIR=%{openssl_install}/include -DOPENSSL_LIBRARIES=%{openssl_install} -DOPENSSL_ROOT_DIR=%{openssl_source}
86+
cd build
87+
%make_build
88+
89+
install -d %{buildroot}/%{_includedir}/crypto_mb
90+
cp -rf %{_builddir}/%{ippcpfull}/sources/ippcp/crypto_mb/include/crypto_mb/*.h /%{buildroot}/%{_includedir}/crypto_mb/
91+
install -d %{buildroot}/%{_libdir}
92+
cp %{_builddir}/%{ippcpfull}/sources/ippcp/crypto_mb/build/bin/libcrypto_mb.so.%{ippcpfullversion} %{buildroot}/%{_libdir}
93+
cd %{buildroot}/%{_libdir}
94+
95+
ln -sf libcrypto_mb.so.%{ippcpfullversion} libcrypto_mb.so.%{ippcp_major}
96+
ln -sf libcrypto_mb.so.%{ippcpfullversion} libcrypto_mb.so
97+
98+
cp -rf %{buildroot}/%{_libdir}/libcrypto_mb.so.%{ippcpfullversion} %{buildroot}/%{_prefix}/local/lib
99+
cp -rf %{buildroot}/%{_libdir}/libcrypto_mb.so.%{ippcp_major} %{buildroot}/%{_prefix}/local/lib
100+
cp -rf %{buildroot}/%{_libdir} libcrypto_mb.so %{buildroot}/%{_prefix}/local/lib
101+
102+
cd %{_builddir}/%{ipsecfull}
103+
cd lib
104+
%make_build
105+
106+
install -d %{buildroot}/%{_includedir}
107+
install -m 0644 %{_builddir}/%{ipsecfull}/lib/intel-ipsec-mb.h %{buildroot}/%{_includedir}
108+
cp %{buildroot}/%{_includedir}/intel-ipsec-mb.h /usr/include/
109+
install -s -m 0755 %{_builddir}/%{ipsecfull}/lib/libIPSec_MB.so.%{fullversion} %{buildroot}/%{_libdir}
110+
cp -rf %{_builddir}/%{ipsecfull}/lib/libIPSec_MB.so.%{fullversion} %{buildroot}/%{_prefix}/lib
111+
cp -rf %{_builddir}/%{ipsecfull}/lib/libIPSec_MB.so %{buildroot}/%{_prefix}/lib
112+
cp -rf %{_builddir}/%{ipsecfull}/lib/libIPSec_MB.so.%{major} %{buildroot}/%{_prefix}/lib
113+
114+
cd %{buildroot}/%{_libdir}
115+
ln -sf libIPSec_MB.so.%{fullversion} libIPSec_MB.so.%{major}
116+
ln -sf libIPSec_MB.so.%{fullversion} libIPSec_MB.so
117+
%endif
118+
119+
cd %{_builddir}/%{name}-%{version}
120+
autoreconf -ivf
121+
122+
%if !0%{?suse_version}
123+
# Enable QAT_HW & QAT_SW Co-existence acceleration
124+
./configure --with-openssl_install_dir=%{openssl_install} --with-qat_hw_dir=%{_builddir}/%{qatdriver} --enable-qat_sw
125+
%else
126+
# Enable QAT_HW acceleration for SUSE
127+
./configure --with-openssl_install_dir=%{openssl_install} --with-qat_hw_dir=%{_builddir}/%{qatdriver}
128+
%endif
129+
%make_build
130+
131+
install -d %{buildroot}/%{_prefix}/local/ssl/lib64/engines-3
132+
cp -rf %{_builddir}/%{name}-%{version}/.libs/qatengine.so %{buildroot}/%{_prefix}/local/ssl/lib64/engines-3
133+
134+
install -d %{buildroot}/%{_libdir}/build
135+
cp -rf %{_builddir}/%{name}-%{version}/qat_hw_config/4xxx/multi_process/4xxx_dev0.conf %{buildroot}/%{_libdir}/build
136+
cp -rf %{_builddir}/%{qatdriver}/build/libusdm_drv_s.so %{buildroot}/%{_libdir}
137+
cp -rf %{_builddir}/%{qatdriver}/build/libqat_s.so %{buildroot}/%{_libdir}
138+
cp -rf %{_builddir}/%{qatdriver}/build %{buildroot}/%{_libdir}
139+
cp %{_builddir}/%{name}-%{version}/fips/driver_install.sh %{buildroot}/%{_libdir}
140+
141+
%post
142+
echo "RPM is getting installed"
143+
if (lspci | grep Co- >/dev/null )
144+
then
145+
./%{_libdir}/driver_install.sh
146+
fi
147+
148+
%clean
149+
rm -rf %{buildroot}
150+
151+
%files
152+
%exclude %{_prefix}/local/lib/lib64
153+
%{_prefix}/local/ssl/lib64/engines-3/qatengine.so
154+
%{_prefix}/local/ssl/lib64
155+
%{_prefix}/local/ssl/bin
156+
%{_prefix}/local/ssl/include
157+
%{_libdir}/libqat_s.so
158+
%{_libdir}/libusdm_drv_s.so
159+
%{_libdir}/build
160+
%{_libdir}/driver_install.sh
161+
%license LICENSE*
162+
%doc README.md docs*
163+
164+
%if !0%{?suse_version}
165+
%{_libdir}/libcrypto_mb.so.%{ippcpfullversion}
166+
%{_libdir}/libcrypto_mb.so.%{ippcp_major}
167+
%{_libdir}/libcrypto_mb.so
168+
169+
%{_libdir}/libIPSec_MB.so.%{fullversion}
170+
%{_libdir}/libIPSec_MB.so.%{major}
171+
%{_libdir}/libIPSec_MB.so
172+
173+
%{_prefix}/lib/libIPSec_MB.so.%{fullversion}
174+
%{_prefix}/lib/libIPSec_MB.so.%{major}
175+
%{_prefix}/lib/libIPSec_MB.so
176+
177+
%{_prefix}/local/lib/libcrypto_mb.so.%{ippcpfullversion}
178+
%{_prefix}/local/lib/libcrypto_mb.so.%{ippcp_major}
179+
%{_prefix}/local/lib/libcrypto_mb.so
180+
181+
%{_includedir}/crypto_mb
182+
%{_includedir}/intel-ipsec-mb.h
183+
%endif

0 commit comments

Comments
 (0)