Description of Release

This document contains information on the accompanying Intel^® QuickAssist Technology (Intel^® QAT) Hardware Version 2.0 Driver for Linux*.

For instructions on loading and running the release software, refer to the Getting Started Guide listed in the Related Documentation section.

Refer to the Revision History to check the changes of this document.

Note

These release notes may include known issues with third-party or reference platform components that affect the operation of the software.

Features

• Sym/Asym Crypto.

• TLS1.3 elliptical curves Montgomery encryption (curve 25519 and curve 448).

• Data Compression with CnV for Deflate and LZ4/LZ4s algorithms and CnVnR for Deflate and LZ4s.

• Telemetry.

• Power Management.

• SM3/SM4.

• Asynchronous E2E support for compression.

• Extended RAS (uncorrectable and fatal error support).

• LZ4 E2E CRC32 with CNV enforcement enabled.

• Thread Specific USDM support.

• Device co-existence with QAT1.7 plugin cards.

Limitations

• Symmetric Crypto Sample applications do not run out of box without configuration file update. Refer to the Getting Started Guide for additional information.

• Stateful decompression is not supported.

• Key Protection Technology (KPT) is not currently supported.

• Auto-select best (ASB) is not supported with rolling XXHash32.

• Dynamic Power Management (DPM) is not currently supported.

• Firmware or Hardware Anti-Rollback (ARB) mechanisms are not natively supported. Customers must support their own implementation of firmware or software anti-rollback mechanisms. Customers that do not implement ARB solutions accept all security risks of doing so.

• When using Shared Virtual Memory (SVM) and Address Translation (AT) performance can be affected by number of page faults that occur during processing.

Device co-existence

The driver supports a single platform containing both QAT2.0 devices along with QAT1.7 plug-in cards. Note that only plug-in cards are supported for QAT1.7.

The following table table documents the constraints of the support due to generational differences in the implementation.

Features	1.7	2.0
Compression/Decompression	Y	Y
Symmetric	Y	Y
Asymmetric	Y	Y
Dummy Response	N	Y
RAS	N	Y
Heartbeat	N	Y
Decompression SW Fallback	N	Y
Rate Limiting	N	Y
Device Utilization	N	Y
Debuggability	N	N
SVM	N/A	Y
LKCF	N	Y

Note

There is a current limitation with the Performance Sample Application (cpa_sample_code) where cryptographic operations, both symmetric and asymmetric, are not executed on QAT1.7 devices, even when these devices are configured for cryptographic operations (cy). For QAT1.7 devices, the ‘cy’ configuration should encompass both symmetric and asymmetric cryptography. In contrast, QAT2.0 devices utilize separate configurations for symmetric (sym) and asymmetric (asym) cryptographic operations.

Supported Operating Systems and Platforms

The software in this release has been validated with the following configurations.

OS	Kernel Version
CentOS Linux release 8.2.2004 (Core)	4.18.0-193.el8.x86_64
CentOS Stream release 8	5.19.0-emr.bkc.2.11.13.x86_64
CentOS 9	6.6.0
Fedora release 32	5.6.6-300.fc32.x86_64
Red Hat Enterprise Linux Server 7.6	3.10.0-957.el7.x86_64
Red Hat Enterprise Linux Server 7.8	3.10.0-1127.el7.x86_64
Red Hat Enterprise Linux 8.0	4.18.0-80.el8.x86_64
Red Hat Enterprise Linux 8.1	4.18.0-147.el8.x86_64
Red Hat Enterprise Linux 8.2	4.18.0-193.el8.x86_64
Red Hat Enterprise Linux 8.3	4.18.0-240.el8.x86_64
Red Hat Enterprise Linux 8.4	4.18.0-305.el8.x86_64
Red Hat Enterprise Linux 8.5	4.18.0-348.el8.x86_64
Red Hat Enterprise Linux 8.6	4.18.0-372.9.1.el8.x86_64
Red Hat Enterprise Linux 9.0	5.14.0-70.13.1.el9_0.x86_64
Red Hat Enterprise Linux 9.1	5.14.0-162.6.1.el9_1.x86_64
Red Hat Enterprise Linux 9.2	5.14.0-284.11.1.el9_2.x86_64
Red Hat Enterprise Linux 9.4	5.14.0-427.13.1.el9_4.x86_64
SUSE Linux Enterprise Server 12	4.12.14-94.41-default
SUSE Linux Enterprise Server 15 SP2	5.3.18-22-default
SUSE Linux Enterprise Server 15 SP3	5.3.18-57-default
SUSE Linux Enterprise Server 15 SP4	5.14.21-150400.15-default
SUSE Linux Enterprise Server 15 SP5	5.14.21-150500.53-default
SUSE Linux Enterprise Server 15 SP6	6.4.0-150600.21-default
Ubuntu 19.04	5.0.0-25-generic
Ubuntu 19.10	5.3.0-24-generic
Ubuntu 20.04 LTS	5.4.0-26-generic
Ubuntu 20.10	5.8.0-45-generic
Ubuntu 21.04	5.11.0-22-generic
Ubuntu 21.10	5.13.0-14-generic
Ubuntu 22.04 LTS	5.15.0-25-generic
Ubuntu 22.04 LTS (realtime)	5.15.0-1040-realtime
Ubuntu 22.10	5.19.0-23-generic
Ubuntu 24.04	6.8.0-35-generic

Version Numbering Scheme

The version numbering scheme is name.os.major.minor.maintenance-build, where:

• name is “QAT20”.

• os is the Operating System: “L” for Linux*.

• major is the major version of the software.

• minor is the minor version of the software.

• maintenance-build is the maintenance release and build number.

Package Version

The following table shows the OS-specific package versions for each platform supported in this release.

Chipset or SoC	Package Version
Top-Level Package	QAT20.L.1.2.30-00078

Licensing for Linux* Acceleration Software

The acceleration software is provided under the licenses listed in the following table. When using or redistributing dual-licensed components, you may do so under either license.

Component	License	Directories
User Space only components	Berkeley Software Distribution (BSD)	./quickassist/lookaside/access_layer/src/qat_direct ./quickassist/lookaside/access_layer/src/common/crypto/asym ./quickassist/utilities/osal/src/linux/user_space
Common User Space and Kernel Space Library	Berkeley Software Distribution (BSD)	./quickassist/build_system ./quickassist/include ./quickassist/lookaside ./quickassist/utilities/osal (except items in openssl)
adf_ctl	Dual BSD/GNU General Public License (GPL) v2	./quickassist/utilities/adf_ctl
Kernel space driver	GPL v2	./quickassist/qat/drivers
Compatibility layer for older kernel versions	GPL	./quickassist/qat/compat
User Space DMAble Memory Driver	Dual BSD/GPL v2	./quickassist/utilities/libusdm_drv
Libcrypto*	OpenSSL	./quickassist/utilities/osal/src/linux/user_space/openssl
QAT Firmware	Redistribution	./quickassist/qat/fw
Calgary corpus and Canterbury corpus test files	Public Domain	./quickassist/lookaside/access_layer/src/sample_code/performance/compression

SHA256 Checksum Information

The following table provides SHA256 checksum information.

Package	SHA256 Checksum
QAT20.L.1.2.30-00078	ad9d736a94eaeb8214c2d2a7601e9bef6ec8b6fdcb1ea6343ebe31b66220a3b3

List of Files in Release

The Bill of Materials (BOM), sometimes referred to as the BOM, is included as a text file in the released software package. This text file is labeled a filelist and is located at the top directory level for each release.

Intel QAT API Updates

The Intel QAT Application Program Interface (API) version number is different from the software package version number.

For details on any changes to the Intel QAT APIs, refer to the Revision History pages in the following API reference manuals:

• Intel QuickAssist Technology Cryptographic API Reference Manual

• Intel QuickAssist Technology Data Compression API Reference Manual

Technical Support

Intel offers support for this software at the API level only, defined in the Programmer’s Guide and API reference manuals listed in the Related Documentation section.

For technical support, including answers to questions not addressed in this document, visit the technical support forum, FAQs, and other support information at Intel Support.

Environmental Assumptions

The following assumptions are made about the deployment environment:

• The driver object/executable file on disk should be protected using the normal file protection mechanisms, so it is writable by only trusted users, for example, a privileged user or an administrator.

• The public key firmware image on the disk should be protected using normal file protection mechanisms, so it is writable only by trusted users, for example, a privileged user or an administrator.

• The Intel QAT device should not be exposed (through the user space direct deployment model) to untrusted users.

• The Dynamic Random-Access Memory (DRAM) is considered to be inside the trust boundary. The traditional memory-protection schemes provided by the Intel architecture processor and memory controller, and by the OS, is to prevent unauthorized access to these memory regions.

• Persistent keys were not considered, but the storage media are also considered inside the cryptographic boundary.

• The driver exposed device file should be protected using the normal file protection mechanisms so that it could be opened and read/written only by trusted users.

Related Documentation

Title	Number
Intel QuickAssist Technology for Linux* - Getting Started Guide (HW 2.0)	632506
Intel QuickAssist Technology for Linux* - Release Notes (HW 2.0)	632507
Intel QuickAssist Technology for VMware* - Release Notes (HW 2.0)	766469
Intel QuickAssist Technology - Programmer’s Guide (HW 2.0)	743912
Intel QuickAssist Technology API Programmer’s Guide	330684
Intel QuickAssist Technology Cryptographic API Reference Manual	330685
Intel QuickAssist Technology Data Compression API Reference Manual	330686