On 08/22/2018 01:03 PM, Pierre Morel wrote: >> That's interesting. >> >>> IMHO this quote is quite a half-full half-empty cup one: >>> * it mandates the set of usage domains is a subset of the set >>> of the control domains, but >>> * it speaks of independent controls, namely about the 'usage domain index' >>> and the 'control domain index list' and makes the enforcement of the rule >>> a job of the administrator (instead of codifying it in the controls). >> I'm wondering if a configuration with a usage domain that is not also a >> control domain is rejected outright? Anybody tried that? :) > > Yes, and no it is not. > We can use a queue (usage domain) to a AP card for SHA-512 or RSA without > having to define the queue as a control domain. Huh? My HMC allows to add a domain as - control only domain - control and usage domain. But I am not able to configure a usage-only domain for my LPAR. That seems to match the current code, no?
