© Copyright IBM Corp. 2021
11
Introduction
This section details the contents of the IBM 4769-001 PCIe Cryptographic Coprocessor
package, special considerations for handling and storage, and coprocessor requirements and
specifications.
The coprocessor uses dedicated hardware to process cryptographic keys, certificates, and bulk
data. These cryptographic functions are performed within a tamper-resistant module that is
validated to the Federal Information Processing Standard (FIPS) PUB 140-2 Level 4, as
established by the National Institute of Standards and Technology. This is a standard of
detecting and responding to unauthorized attempts at physical access and security compromise
due to environmental conditions such as voltage and temperature.
Before installing a coprocessor, check the IBM product website for the list of x86 servers. Refer
to
“Where to find more information” on page 7. You can install the coprocessor, a half-height,
half-length PCIe adapter card, only in a compatible x64 server. Refer to
Contents of the coprocessor package
Your IBM 4769-001 PCIe Cryptographic Coprocessor package includes the following items:
•
The IBM 4769-001 PCIe Cryptographic Coprocessor
•
IBM License Agreement for Machine Code (Contains Form Z125-5468-06), SC28-
6872-03 (multi-language)
•
IBM License Agreement for Machine Code Addendum for Cryptography (Contains
Form Z125-8449-01), GC27-2635-00 (multi-language)
•
IBM Systems Safety Notices, G299-9054-08
•
IBM 4769 PCIe Cryptographic Coprocessor Statement of Limited Warranty -
Warranty Information flyer, SC23-6884-01
•
Notice to Users of the IBM 4769-001 PCIe Cryptographic Coprocessor, PN01EL550.
If any item is missing or damaged, contact your local IBM representative.
Special consideration for handling and storage
Each coprocessor is shipped from the factory with a certified device key. This electronic key,
which is stored in the card's battery-backed protected memory, digitally signs test messages to
confirm that the coprocessor is genuine and that no tampering has occurred.
Note:
If any of the secure module’s tamper sensors is triggered by tampering or accident, the
coprocessor erases (zeroizes) all data in the protected memory, destroying the device key. This
renders the coprocessor permanently inoperable, and there is no recovery from this situation.
The coprocessor cannot operate without the device key. To protect the key, follow these
temperature and battery guidelines:
Storage
It is recommended that an uninstalled coprocessor be kept in its original protective packaging
material. Save this packaging material for future use, especially if the coprocessor must be
transported to another location.