Uploaded image for project: 'Multiple Architecture Enablement'
  1. Multiple Architecture Enablement
  2. MULTIARCH-685

Exploit CryptoExpress (CEX) Adapters in Container Workload in RHOCP on Z/LinuxONE

    XMLWordPrintable

Details

    • Support CryptoExpress (CEX) Adapters in RHOCP and make them available to containers.
    • False
    • False
    • Done
    • s390x
    • Planned
    • 100
    • 100% 100%
    • Undefined

    Description

      Enable container workload to use IBM CryptoExpress (CEX) cards to perform cryptographic operations on an HSM level. In particular, enable containers to use secure and protected key cryptography. This enablement is about to provide a Kubernetes device plugin to make CEX resources (APQNs) available to containers in PODs as extended resources.

      The development of the Kubernetes device plugin is handled by IBM Linux and will be provided in a github community.

      Note that this is not about supporting CEX to be consumed by RHCOS itself (e.g. LUKS disk encryption).

      References

      Epic onĀ  IBM internal github: https://github.ibm.com/OpenShift-on-Z/Planning/issues/58

      Attachments

        Activity

          People

            hbrueckner Hendrik Brueckner
            hbrueckner Hendrik Brueckner
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: