IBM 4758 PCI Cryptographic Coprocessor Device Driver for the Linux_tm Operating System 

Enabling Secure Solutions for the Linux Platform

Overview

IBM is contributing to the open source community the Linux operating system device driver for the IBM 4758 PCI Cryptographic Coprocessor (4758). With this release, we hope to foster further discussion and interest in Linux-based applications which require the highest levels of assurance and security.

The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed.

Background of the 4758

The 4758 secure coprocessor was the first device ever to earn the highest possible certification for commercial security granted by the U.S. Department of Commerce's National Institute of Standards (NIST) and the Communications Security Establishment (CSE) of the Government of Canada. The 4758 was validated at Federal Information Processing Standard (FIPS) 140-1 Level 4 overall (certificates #35 and #116). See more information regarding FIPS 140-1, including with the Level 4 overall validation of the IBM CMOS Cryptographic Coprocessor (certificates #40 and #118), at http://csrc.nist.gov/cryptval.

The 4758 coprocessor, along with its internal real-time operating system, secure configuration and bootstrap software, and custom software development tools, was developed at the IBM Thomas J Watson Research Center in the Secure Embedded Systems group. In addition to our research group, this project has been supported by groups within IBM's Internet Division, Software Group, and Enterprise Systems Group, along with various professional services provided by IBM Global Services. While the 4758 has now evolved into a mature product offered by IBM's Enterprise Systems Group, and is now at the heart of many IBM and third party security solutions, it was based on over fifteen years of research in the secure systems area of the IBM Thomas J Watson Research Center. The various groups and personnel involved in this effort are continuously researching the uses and applications of these devices and how they can be used to achieve privacy, confidentiality, and secure e-commerce solutions.

Get the Source

The Linux host device driver, including source code, documentation, and host library, is available for download as part of the Linux version of the software development toolkit found on IBM's alphaWorks portal.

Input

We intend to actively encourage feedback on our contributions as well as input regarding future activity in the secure systems area. Please feel free to contact Ron Perez (ronpz@us.ibm.com) and/or Leendert van Doorn (leendert@us.ibm.com), at IBM Research, for technical and research issues. For product sales information, please contact John Lewis (jlewis4@us.ibm.com)

Do You Want to Know More?

For information on secure coprocessors and IBM Research's security focused projects, please visit the world wide IBM Research security site.

For more information on the 4758 and related [product] software offerings from IBM, please see the product Web site.