Mlx5_crypto: Not enough capabilities to support crypto operations, maybe old FW/OFED version?

Hi ,
I am testing mlx5 crypto driver/performance but the crypto device seems still disabled.
platform =>doca 1.5

test on dpdk-22.11 (test with only doca 1.5 also have the same problem)
root@localhost:/home/ubuntu/bf-build/dpdk/dpdk-22.11# env LD_LIBRARY_PATH=./build/drivers/ ./build/app/test/dpdk-test -c 1 -n 1 -a 03:00.0,class=crypto
EAL: Detected CPU lcores: 8
EAL: Detected NUMA nodes: 1
EAL: Detected static linkage of DPDK
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode ‘PA’
EAL: VFIO support initialized
EAL: Probe PCI driver: mlx5_pci (15b3:a2d6) device: 0000:03:00.0 (socket -1)
mlx5_crypto: Not enough capabilities to support crypto operations, maybe old FW/OFED version?
mlx5_common: Failed to load driver crypto_mlx5
EAL: Requested device 0000:03:00.0 cannot be used
EAL: Bus (pci) probe failed.
APP: HPET is not enabled, using TSC as default timer

flint -d /dev/mst/mt41686_pciconf0 q full
Image type: FS4
FW Version: 24.35.1012
FW Release Date: 28.10.2022
Part Number: MBF2M345A-HECO_Ax
Description: BlueField-2 E-Series DPU; 200GbE/HDR single-port QSFP56; PCIe Gen4 x16; Secure Boot Enabled; Crypto Enabled; 16GB on-board DDR; 1GbE OOB management; HHHL
Product Version: 24.35.1012
Rom Info: type=UEFI Virtio net version=21.4.10 cpu=AMD64,AARCH64
type=UEFI Virtio blk version=22.4.10 cpu=AMD64,AARCH64
type=UEFI version=14.28.15 cpu=AMD64,AARCH64
type=PXE version=3.6.804 cpu=AMD64
Description: UID GuidsNumber
Base GUID: 1070fd03002a949c 8
Base MAC: 1070fd2a949c 8
Image VSD: N/A
Device VSD: N/A
PSID: MT_0000000716
Security Attributes: secure-fw
Default Update Method: fw_ctrl
Life cycle: GA SECURED
Secure Boot Capable: Enabled
EFUSE Security Ver: 0
Image Security Ver: 0
Security Ver Program: Manually ; Disabled

Any response will be appreciated. .

Hi Jacky,

Thank you for posting your query on our community. I would like to confirm if you got an opportunity to review the following link which mentions the settings to be applied for crypto to take effect. Specifically "section 15.2 Configuration " —>

From the above mentioned section, it explains the following along with steps to be executed:

“When crypto engines are defined to work in wrapped import method, they come out of the factory in Commissioning mode, and thus, cannot be used for crypto operations yet. A dedicated tool is used for changing the mode from Commissioning to Operational”

Please ensure the settings are correctly set. If the issue still persists, I would like to request submitting a support ticket for further troubleshooting. The support ticket can be opened by emailing " "

Please note that an active support contract would be required for the same. For contracts information, please feel free to reach out to our contracts team at " "


It seems set nothing on plaintext mode.
How could I check the card in Wrapped/Plaintext mode?

On the other hand, in case of plaintext mode, there is no need for all the above, DEK is passed in plaintext >>without keytag.

root@localhost:~# mlxreg -d /dev/mst/mt41686_pciconf0 --reg_name CRYPTO_OPERATIONAL --get
Sending access register…

Field Name | Data

kek_size | 0x00000000
wrapped_crypto_going_to_commissioning | 0x00000000
wrapped_crypto_operational | 0x00000000
credential[0] | 0x00000000
credential[1] | 0x00000000
credential[2] | 0x00000000
credential[3] | 0x00000000
credential[4] | 0x00000000
credential[5] | 0x00000000
credential[6] | 0x00000000
credential[7] | 0x00000000
credential[8] | 0x00000000
credential[9] | 0x00000000
kek[0] | 0x00000000
kek[1] | 0x00000000
kek[2] | 0x00000000
kek[3] | 0x00000000
kek[4] | 0x00000000
kek[5] | 0x00000000
kek[6] | 0x00000000
kek[7] | 0x00000000

Hi Jackylu33,

The crypto device like it is shown with KEK and DEK means it is using wrapped keys. If you don’t use the crypto device, then it is plaintext.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.