Description of Release

This document contains information on the accompanying Intel^® QuickAssist Technology (Intel^® QAT) Hardware Version 2.0 Driver for VMware ESXi*.

This software enables Intel® QuickAssist Technology (Intel^® QAT) accelerator on VMware ESXi. Driver enables sharing of a Physical Function (PF) across multiple guest Virtual Machines (VM) using Single Root I/O Virtualization (SR-IOV) technology. This is accomplished by exposing Intel^® QAT accelerator as Virtual Functions (VFs)to a specific guest VM(s).

This release includes following types of driver packages, each supporting a specific mode for exposing accelerator to guest VM, as listed below:

• DirectPath I/O via SR-IOV: Later in the document referred as SR-IOV driver

For instructions on loading and running the release software, refer to the README.txt file in the corresponding released software package. For instructions on installing the driver in the Guest Operating System (OS), refer to corresponding guest driver’s collaterals listed in the Related Documentation section.

Refer to the Revision History to check the changes in this document.

Note

These release notes may include known issues with third-party or reference platform components that affect the operation of the software.

Features

• Sym/Asym Crypto

• TLS1.3 elliptical curves Montgomery encryption (curve 25519 and curve 448)

• Data Compression with CnV for Deflate and LZ4/LZ4s algorithms and CnVnR for Deflate and LZ4s

• Chaining support

• SM3/SM4

• Asynchronous E2E support for compression

• Telemetry

• Power Management

• Extended RAS (uncorrectable and fatal error support)

• Ratelimiting

• Intel^® Device Manager for VMware* vCenter Server support

Limitations

• Symmetric services are not configured by default. Refer to the Driver configuration - Services section in README.txt for additional information.

• Stateful decompression is not supported.

• Intel^® Key Protection Technology (KPT) is not currently supported.

• Auto-select best (ASB) is not supported with rolling XXHash32.

• Dynamic Power Management (DPM) is not currently supported.

• Shared Virtual Memory (SVM) and Address Translation (AT) are not currently supported.

• Enhanced DirectPath I/O driver is not available as part of this release.

• ESXi limitation: number of PCI passthrough devices per VM is limited. Check “ESXi/ESX Configuration Maximums” KB article for exact limits. ESXi will not allow to power on VM if such limit is exceeded.

• Enhanced and non-Enhanced DirectPath I/O drivers are mutually exclusive and cannot be installed simultaneously. Switching from one driver to another is covered in the Coexistence with Enhanced Direct Path I/O* driver section of the README file.

• VM configuration will be different between Enhanced and non-Enhanced DirectPath I/O drivers, as well as SW stack inside VM. Switching between driver types can cause VM to fail power on, so re-configuration will be required.

• Due to VMware limitations, package for Enhanced DirectPath I/O driver for VMware ESXi 8.0 Update 2 is compatible only with this particular version of ESXi. Refer to Supported ESXi Version in package description to choose right package.

Packages Information

DirectPath I/O packages

Package Name	qat-2.0_ext_rel_bin_2.5.5.151-7.0.3-18644231.tar.gz
Release Date	09/10/2024
Supported Hardware	4th Generation Intel® Xeon® Scalable Processor (4xxx QAT) 5th Generation Intel® Xeon® Scalable Processor (4xxx QAT)
Supported ESXi Version(s)	7.0 Update 3i and newer 8.0 and newer
Driver Version	2.5.5.151
Package Checksum	SHA256: a2ab22a1dfcade3d08a9d1ed30638b69 0d076108ee38dc5e36448d95fa8a9d25

Version Numbering Scheme

The version numbering scheme is major.minor.patch.build, where:

• major is the major version of the software,

• minor is the minor version of the software,

• patch.build is the patch release and build number.

Major version number is used as a differentiator between the two mentioned package types in the same release. Enhanced Direct Path I/O driver package will be designated with major version greater than 1000. To keep the two package types aligned, the assigned Enhanced Direct Path I/O driver major version is the same major version associated with the Direct Path I/O release + 1000. Minor and patch numbers will match.

List of Files in Release

File	Description
qat-2.0_ext_rel_bin_2.5.5.151-7.0.3-18644231.tar.gz	DirectPath I/O driver (SR-IOV)
qat-2.0_ext_rel_bin_1002.5.5.151-8.0.2-22380479-dvx.tar.gz	Enhanced DirectPath I/O driver

Also every package includes LICENSE.txt and README.txt files with licensing and basic driver installation and configuration information correspondingly.

Supported Guest Drivers

The software in this release has been validated against the following guest drivers:

• Linux*: Intel QAT driver QAT20.L.1.1.50-*

• Windows*: Intel QAT driver QAT2.0.W.2.1.0-*

The actual list of supported guest OS depends on the guest driver compatibility. Refer to the corresponding documentation for more information.

Technical Support

Intel offers only support for this software at the Application Programming Interface (API) level, defined in the Programmer’s Guide and API reference manuals listed in the Related Documentation section.

For technical support, including answers to questions not addressed in this document, visit the technical support forum, FAQs, and other support information at Intel Support.

VMware forwards all issues they suspect to be related to Intel QAT to Intel to help triage and resolve with the customer directly.

Environmental Assumptions

The following assumptions are made about the deployment environment:

• The driver object/executable file on the disk should be protected using the normal file protection mechanisms so it is writable by only trusted users, for example, a privileged user or an administrator.

• The public key firmware image on the disk should be protected using normal file protection mechanisms, so it is writable only by trusted users; for example, a privileged user or an administrator.

• The Intel QAT device should not be exposed to untrusted users through the user space direct deployment model.

• The Dynamic Random-Access Memory (DRAM) is considered to be inside the trust boundary. The traditional memory-protection schemes provided by the Intel architecture processor and memory controller, and by the OS, are to prevent unauthorized access to these memory regions.

• Persistent keys were not considered, but the storage media are also considered inside the cryptographic boundary.

• The driver-exposed device file should be protected using the normal file protection mechanisms so that only trusted users can open, read or write it.

Related Documentation

Title	Number
Intel QuickAssist Technology for Linux* - Getting Started Guide (HW 2.0)	632506
Intel QuickAssist Technology for Linux* - Release Notes (HW 2.0)	632507
Intel QuickAssist Technology for VMware* - Release Notes (HW 2.0)	766469
Intel QuickAssist Technology for Windows* - Release Notes (HW 2.0)	758459
Intel QuickAssist Technology - Programmer’s Guide (HW 2.0)	743912
Intel QuickAssist Technology API Programmer’s Guide	330684
Intel QuickAssist Technology Cryptographic API Reference Manual	330685
Intel QuickAssist Technology Data Compression API Reference Manual	330686
Intel Device Manager for VMware vCenter Server	773349