Publication
IBM J. Res. Dev
Paper

The IBM 4769 Cryptographic Coprocessor

View publication

Abstract

System security is currently a main focus area for all IT infrastructure providers. New system features like pervasive encryption, the transition to cloud-based offerings, and the demand for quantum-safe platforms demand increased cryptographic performance as well as more cryptographic agility. The new IBM 4769 Cryptographic Coprocessor addresses these trends. It brings performance improvements that match the requirements of the new IBM z15. A combination of newly available features allows IBM z15 to scale to greater than 5,000 Virtual Hardware secure modules per system and makes it suitable to support virtualized client environments such as cloud-scale datacenters. To meet the dense packaging and energy requirements of those data centers, the form factor and power consumption of the card were reduced significantly. The card also offers an expanded set of algorithms to support state-of-the-art as well as future workloads. For the first time, the user interface provides access to a selected set of quantum-safe algorithms. Infrastructure extensions add hardware-embedded, attestation-friendly trusted boot services, which improve system resiliency by providing hardware enabled measurements of the secure and trusted boot process. These extensions simultaneously simplify the security certifications built on them. This article provides an overview of the IBM 4769 cryptographic coprocessor, highlighting security characteristics, internal hardware, form factor, and enhanced firmware.