[v5,1/4] crypto/ipsec_mb: bump minimum IPsec Multi-buffer version

Message ID 20240305174227.1785111-1-brian.dooley@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series [v5,1/4] crypto/ipsec_mb: bump minimum IPsec Multi-buffer version |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Dooley, Brian March 5, 2024, 5:42 p.m. UTC
  From: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>

SW PMDs increment IPsec Multi-buffer version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required.

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
  v5:
     - Rebased and added to patchset
  v4:
     - 24.03 release notes updated to bump minimum IPSec Multi-buffer
       version to 1.4 for SW PMDs.
  v2:
     - Removed unused macro in ipsec_mb_ops.c
     - set_gcm_job() modified correctly to keep multi_sgl_job line
     - Updated SW PMDs documentation for minimum IPSec Multi-buffer version
     - Updated commit message, and patch title.
---
 doc/guides/cryptodevs/aesni_gcm.rst         |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst          |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst            |   3 +-
 doc/guides/cryptodevs/snow3g.rst            |   3 +-
 doc/guides/cryptodevs/zuc.rst               |   3 +-
 doc/guides/rel_notes/release_24_03.rst      |   4 +
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c      |  23 ---
 drivers/crypto/ipsec_mb/meson.build         |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 164 --------------------
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 --
 11 files changed, 17 insertions(+), 203 deletions(-)
  

Comments

Akhil Goyal March 5, 2024, 7:11 p.m. UTC | #1
> Subject: [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec
> Multi-buffer version
> 
> From: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> 
> SW PMDs increment IPsec Multi-buffer version to 1.4.
> A minimum IPsec Multi-buffer version of 1.4 or greater is now required.
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> Acked-by: Ciara Power <ciara.power@intel.com>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
please check these:
https://github.com/ovsrobot/dpdk/actions/runs/8160942783/job/22308639670#step:19:19411
Error: cannot find librte_crypto_ipsec_mb.so.24.0 in install
You need to get this fixed or else CI would fail for every patch once this series is applied.
And this is also failing http://mails.dpdk.org/archives/test-report/2024-March/601301.html
These need to be fixed in CI infra.
  
Patrick Robb March 5, 2024, 7:50 p.m. UTC | #2
On Tue, Mar 5, 2024 at 2:11 PM Akhil Goyal <gakhil@marvell.com> wrote:
>
> > Subject: [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec
> > Multi-buffer version
> >
> > From: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> >
> > SW PMDs increment IPsec Multi-buffer version to 1.4.
> > A minimum IPsec Multi-buffer version of 1.4 or greater is now required.
> >
> > Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> > Acked-by: Ciara Power <ciara.power@intel.com>
> > Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
> please check these:
> https://github.com/ovsrobot/dpdk/actions/runs/8160942783/job/22308639670#step:19:19411
> Error: cannot find librte_crypto_ipsec_mb.so.24.0 in install
Aaron has some questions about whether the upgrade is appropriate or
not in another thread. If/when those are resolved, I think he will be
able to upgrade the robot to 1.4.

> You need to get this fixed or else CI would fail for every patch once this series is applied.
> And this is also failing http://mails.dpdk.org/archives/test-report/2024-March/601301.html
> These need to be fixed in CI infra.

For context, we had upgraded a couple weeks ago to tip of main on the
arm ipsec-mb repo, and the v4 of this series was passing at that
point.

https://patchwork.dpdk.org/project/dpdk/list/?series=31200&state=%2A&archive=both

I see that there have been some subsequent commits since then and I
see in the other thread Wathsala created a SECLIB-IPSEC-2024.03.05 tag
today. We can rebuild from that tag right now and issue reruns. If the
updated arm repo resolves the issues seen here, you should see the IOL
CI results go green tonight.
  
Patrick Robb March 5, 2024, 11:30 p.m. UTC | #3
Recheck-request: iol-unit-arm64-testing
  
Patrick Robb March 6, 2024, 3:57 a.m. UTC | #4
On Tue, Mar 5, 2024 at 6:30 PM Patrick Robb <probb@iol.unh.edu> wrote:
>
> Recheck-request: iol-unit-arm64-testing

https://mails.dpdk.org/archives/test-report/2024-March/601582.html

Hello. I wanted to flag this as still failing on arm after running the
testing using the new tag Wathsala published today. We did it via a
debian 12 container image which we rebuilt today with all the ipsec
dependencies and arm ipsec install. We simply:

git clone --depth 1 --branch SECLIB-IPSEC-2024.03.05
https://git.gitlab.arm.com/arm-reference-solutions/ipsec-mb.git
make -j $(nproc)
make install

then build DPDK.

Wathsala, what do you think? Might I be missing something here?
  
Power, Ciara March 6, 2024, 11:12 a.m. UTC | #5
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, March 5, 2024 7:12 PM
> To: Dooley, Brian <brian.dooley@intel.com>; Ji, Kai <kai.ji@intel.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Patrick Robb
> <probb@iol.unh.edu>; Aaron Conole <aconole@redhat.com>
> Cc: dev@dpdk.org; Sivaramakrishnan, VenkatX
> <venkatx.sivaramakrishnan@intel.com>; Power, Ciara <ciara.power@intel.com>;
> Wathsala Vithanage <wathsala.vithanage@arm.com>; thomas@monjalon.net;
> Marchand, David <david.marchand@redhat.com>
> Subject: RE: [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec
> Multi-buffer version
> 
> > Subject: [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec
> > Multi-buffer version
> >
> > From: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> >
> > SW PMDs increment IPsec Multi-buffer version to 1.4.
> > A minimum IPsec Multi-buffer version of 1.4 or greater is now required.
> >
> > Signed-off-by: Sivaramakrishnan Venkat
> > <venkatx.sivaramakrishnan@intel.com>
> > Acked-by: Ciara Power <ciara.power@intel.com>
> > Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > Acked-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
> please check these:
> https://github.com/ovsrobot/dpdk/actions/runs/8160942783/job/223086396
> 70#step:19:19411
> Error: cannot find librte_crypto_ipsec_mb.so.24.0 in install You need to get this
> fixed or else CI would fail for every patch once this series is applied.

I am having trouble reproducing this one.
I have run these commands that I saw in the CI log, before the patches, and then after the patches are applied - with ipsec-mb v1.2 on system as in CI.

meson configure  build -Denable_docs=true -Dexamples=all -Dplatform=generic -Ddefault_library=shared -Dbuildtype=debug -Dcheck_includes=true  -Dlibdir=lib -Dwerror=true
meson install -C build
ninja -C build

It compiles ok both times, first time it compiles ipsec-mb PMDs, after the patches applied, it skips compiling the PMDs as expected.

I am wondering, could this error be to do with the ABI reference/install comparison?
Maybe reference has the ipsec_mb.so file from a build that supported it, and it can't find the equivalent in the new install, because it's not compiled anymore:
+ devtools/check-abi.sh reference install
Error: cannot find librte_crypto_ipsec_mb.so.24.0 in install

Aaron, could that be the case?
Or, maybe my steps to reproduce the build setup are incorrect?


> And this is also failing http://mails.dpdk.org/archives/test-report/2024-
> March/601301.html
> These need to be fixed in CI infra.

This function that throws the error is available in the recently tagged 1.4 equivalent Arm repo, so I am unsure why it can't find it.
Could there be some old installed ipsec-mb version in the environment that is being picked up by DPDK?
Sometimes the meson configure step will pick up the correct ipsec-mb version, but then ninja step links to an older version that still exists and hadn't been uninstalled previously.
Not sure if that could be the case for the CI container though - Patrick maybe you can verify there are no 1.3 or less versions on system that could be being picked up:
I usually use something like:  find /usr -name libIPSec_MB.so\*


Thanks for the help,
Ciara
  
Patrick Robb March 6, 2024, 2:59 p.m. UTC | #6
On Wed, Mar 6, 2024 at 6:12 AM Power, Ciara <ciara.power@intel.com> wrote:
>
>
> > And this is also failing http://mails.dpdk.org/archives/test-report/2024-
> > March/601301.html
> > These need to be fixed in CI infra.
>
> This function that throws the error is available in the recently tagged 1.4 equivalent Arm repo, so I am unsure why it can't find it.
> Could there be some old installed ipsec-mb version in the environment that is being picked up by DPDK?
> Sometimes the meson configure step will pick up the correct ipsec-mb version, but then ninja step links to an older version that still exists and hadn't been uninstalled previously.
> Not sure if that could be the case for the CI container though - Patrick maybe you can verify there are no 1.3 or less versions on system that could be being picked up:
> I usually use something like:  find /usr -name libIPSec_MB.so\*
We are building the arm ipsec environment from a base debian 12 image.
1. Install NASM
2. Install ipsec 1.4 from the new ARM tag.
3. run DPDK build

Thank you for providing the find command to check ipsec version.

root@f968452d8612:/# find /usr -name libIPSec_MB.so\*
/usr/lib/libIPSec_MB.so
/usr/lib/libIPSec_MB.so.1.4.0
/usr/lib/libIPSec_MB.so.1

I assume my reading of the above is correct that only 1.4 is
installed. Let me know if it's otherwise though. Thanks!

>
>
> Thanks for the help,
> Ciara
>
  
Power, Ciara March 6, 2024, 3:29 p.m. UTC | #7
> -----Original Message-----
> From: Patrick Robb <probb@iol.unh.edu>
> Sent: Wednesday, March 6, 2024 2:59 PM
> To: Power, Ciara <ciara.power@intel.com>
> Cc: Akhil Goyal <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Aaron Conole <aconole@redhat.com>;
> dev@dpdk.org; Sivaramakrishnan, VenkatX
> <venkatx.sivaramakrishnan@intel.com>; Wathsala Vithanage
> <wathsala.vithanage@arm.com>; thomas@monjalon.net; Marchand, David
> <david.marchand@redhat.com>
> Subject: Re: [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec
> Multi-buffer version
> 
> On Wed, Mar 6, 2024 at 6:12 AM Power, Ciara <ciara.power@intel.com> wrote:
> >
> >
> > > And this is also failing
> > > http://mails.dpdk.org/archives/test-report/2024-
> > > March/601301.html
> > > These need to be fixed in CI infra.
> >
> > This function that throws the error is available in the recently tagged 1.4
> equivalent Arm repo, so I am unsure why it can't find it.
> > Could there be some old installed ipsec-mb version in the environment that is
> being picked up by DPDK?
> > Sometimes the meson configure step will pick up the correct ipsec-mb version,
> but then ninja step links to an older version that still exists and hadn't been
> uninstalled previously.
> > Not sure if that could be the case for the CI container though - Patrick maybe
> you can verify there are no 1.3 or less versions on system that could be being
> picked up:
> > I usually use something like:  find /usr -name libIPSec_MB.so\*
> We are building the arm ipsec environment from a base debian 12 image.
> 1. Install NASM
> 2. Install ipsec 1.4 from the new ARM tag.
> 3. run DPDK build
> 
> Thank you for providing the find command to check ipsec version.
> 
> root@f968452d8612:/# find /usr -name libIPSec_MB.so\*
> /usr/lib/libIPSec_MB.so
> /usr/lib/libIPSec_MB.so.1.4.0
> /usr/lib/libIPSec_MB.so.1
> 
> I assume my reading of the above is correct that only 1.4 is installed. Let me
> know if it's otherwise though. Thanks!

Thanks for checking that Patrick - looks fine to me, only 1.4 is there.

If the correct version is being installed and picked up, maybe there is something missing for that function definition in arm-ipsec-mb repo.
Wathsala, can you check that please?
For x86, we define the function in the header: lib/intel-ipsec-mb.h
And the implementation is in the C file: lib/x86_64/hmac_ipad_opad.c

Thanks,
Ciara


> 
> >
> >
> > Thanks for the help,
> > Ciara
> >
  
Wathsala Wathawana Vithanage March 7, 2024, 4:21 p.m. UTC | #8
> 
> If the correct version is being installed and picked up, maybe there is
> something missing for that function definition in arm-ipsec-mb repo.
> Wathsala, can you check that please?

We are working on reproducing this issue. Will update asap.
  
Power, Ciara March 8, 2024, 4:05 p.m. UTC | #9
> -----Original Message-----
> From: Wathsala Wathawana Vithanage <wathsala.vithanage@arm.com>
> Sent: Thursday, March 7, 2024 4:21 PM
> To: Power, Ciara <ciara.power@intel.com>; Patrick Robb <probb@iol.unh.edu>
> Cc: Akhil Goyal <gakhil@marvell.com>; Dooley, Brian <brian.dooley@intel.com>;
> Ji, Kai <kai.ji@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Aaron Conole <aconole@redhat.com>;
> dev@dpdk.org; Sivaramakrishnan, VenkatX
> <venkatx.sivaramakrishnan@intel.com>; thomas@monjalon.net; Marchand,
> David <david.marchand@redhat.com>; nd <nd@arm.com>
> Subject: RE: [EXTERNAL] [PATCH v5 1/4] crypto/ipsec_mb: bump minimum IPsec
> Multi-buffer version
> 
> >
> > If the correct version is being installed and picked up, maybe there
> > is something missing for that function definition in arm-ipsec-mb repo.
> > Wathsala, can you check that please?
> 
> We are working on reproducing this issue. Will update asap.

Thanks Wathsala.

I think, for basic compile to work for both repos, any functions in the ipsec_mb.h file need to be defined in a C file to avoid issues.
But, I understand only SNOW3G + ZUC are the focus for the Arm ipsec-mb repo, so a HMAC related function like the one throwing the error isn't used.

Perhaps having empty stubs for all other functions such as the imb_hmac_ipad_opad would be sufficient to allow compiling, because PMD expects it to exist somewhere in the library.

Thanks,
Ciara
  
Wathsala Wathawana Vithanage March 12, 2024, 4:26 p.m. UTC | #10
> >
> > If the correct version is being installed and picked up, maybe there
> > is something missing for that function definition in arm-ipsec-mb repo.
> > Wathsala, can you check that please?
> 
> We are working on reproducing this issue. Will update asap.

A stub has been added in the Arm ipsec-mb library to fix this issue. Fix is in the latest tag SECLIB-IPSEC-2024.03.12.
  
Patrick Robb March 15, 2024, 6:24 p.m. UTC | #11
Recheck-request: iol-unit-arm64-testing

Even though ipsec update is postponed to a later release, I'm putting
in rechecks for all series that have fails for the arm crypto tests
now that we are building from SECLIB-IPSEC-2024.03.12.
  

Patch

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst
index f5773426ee..dc665e536c 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -85,7 +85,8 @@  and the external crypto libraries supported by them:
    18.05 - 19.02  Multi-buffer library 0.49 - 0.52
    19.05 - 20.08  Multi-buffer library 0.52 - 0.55
    20.11 - 21.08  Multi-buffer library 0.53 - 1.3*
-   21.11+         Multi-buffer library 1.0  - 1.5*
+   21.11 - 23.11  Multi-buffer library 1.0  - 1.5*
+   24.03+         Multi-buffer library 1.4  - 1.5*
    =============  ================================
 
 \* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index b2e74ba417..5d670ee237 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -146,7 +146,8 @@  and the Multi-Buffer library version supported by them:
    19.05 - 19.08   0.52
    19.11 - 20.08   0.52 - 0.55
    20.11 - 21.08   0.53 - 1.3*
-   21.11+          1.0  - 1.5*
+   21.11 - 23.11   1.0  - 1.5*
+   24.03+          1.4  - 1.5*
    ==============  ============================
 
 \* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 9d4bf86cf1..c32866b301 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -72,7 +72,8 @@  and the external crypto libraries supported by them:
    =============  ================================
    DPDK version   Crypto library version
    =============  ================================
-   21.11+         Multi-buffer library 1.0-1.5*
+   21.11 - 23.11  Multi-buffer library 1.0-1.5*
+   24.03+         Multi-buffer library 1.4-1.5*
    =============  ================================
 
 \* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 0989054875..a8f4e6b204 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -87,7 +87,8 @@  and the external crypto libraries supported by them:
    =============  ================================
    16.11 - 19.11  LibSSO KASUMI
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3*
-   21.11+         Multi-buffer library 1.0  - 1.5*
+   21.11 - 23.11  Multi-buffer library 1.0  - 1.5*
+   24.03+         Multi-buffer library 1.4  - 1.5*
    =============  ================================
 
 \* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 3392932653..46863462e5 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -96,7 +96,8 @@  and the external crypto libraries supported by them:
    =============  ================================
    16.04 - 19.11  LibSSO SNOW3G
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3*
-   21.11+         Multi-buffer library 1.0  - 1.5*
+   21.11 - 23.11  Multi-buffer library 1.0  - 1.5*
+   24.03+         Multi-buffer library 1.4  - 1.5*
    =============  ================================
 
 \* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index a414b5ad2c..51867e1a16 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -95,7 +95,8 @@  and the external crypto libraries supported by them:
    =============  ================================
    16.11 - 19.11  LibSSO ZUC
    20.02 - 21.08  Multi-buffer library 0.53 - 1.3*
-   21.11+         Multi-buffer library 1.0  - 1.5*
+   21.11 - 23.11  Multi-buffer library 1.0  - 1.5*
+   24.03+         Multi-buffer library 1.4  - 1.5*
    =============  ================================
 
 \* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
diff --git a/doc/guides/rel_notes/release_24_03.rst b/doc/guides/rel_notes/release_24_03.rst
index 78590c047b..8fa8cf1dd6 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -144,6 +144,10 @@  New Features
   * Added support for GEN LCE (1454) device, for AES-GCM only.
   * Enabled support for virtual QAT - vQAT (0da5) devices in QAT crypto driver.
 
+* **Updated ipsec_mb crypto driver.**
+
+  * Bump minimum IPSec Multi-buffer version to 1.4 for SW PMDs.
+
 * **Updated Marvell cnxk crypto driver.**
 
   * Added support for Rx inject in crypto_cn10k.
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
index f21f9cc5a0..d25c671d7d 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_ops.c
@@ -11,7 +11,6 @@ 
 
 #include "ipsec_mb_private.h"
 
-#define IMB_MP_REQ_VER_STR "1.1.0"
 
 /** Configure device */
 int
@@ -147,15 +146,10 @@  ipsec_mb_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
 	if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
 		rte_ring_free(rte_ring_lookup(qp->name));
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		if (qp->mb_mgr)
-			free_mb_mgr(qp->mb_mgr);
-#else
 		if (qp->mb_mgr_mz) {
 			rte_memzone_free(qp->mb_mgr_mz);
 			qp->mb_mgr = NULL;
 		}
-#endif
 		rte_free(qp);
 		dev->data->queue_pairs[qp_id] = NULL;
 	} else { /* secondary process */
@@ -211,7 +205,6 @@  static struct rte_ring
 			       RING_F_SP_ENQ | RING_F_SC_DEQ);
 }
 
-#if IMB_VERSION(1, 1, 0) <= IMB_VERSION_NUM
 static IMB_MGR *
 ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 		const char *mb_mgr_mz_name)
@@ -244,7 +237,6 @@  ipsec_mb_alloc_mgr_from_memzone(const struct rte_memzone **mb_mgr_mz,
 	}
 	return mb_mgr;
 }
-#endif
 
 /** Setup a queue pair */
 int
@@ -260,12 +252,6 @@  ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	int ret;
 
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY) {
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-		IPSEC_MB_LOG(ERR, "The intel-ipsec-mb version (%s) does not support multiprocess,"
-				"the minimum version required for this feature is %s.",
-				IMB_VERSION_STR, IMB_MP_REQ_VER_STR);
-		return -EINVAL;
-#endif
 		qp = dev->data->queue_pairs[qp_id];
 		if (qp == NULL) {
 			IPSEC_MB_LOG(DEBUG, "Secondary process setting up device qp.");
@@ -285,15 +271,11 @@  ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 			return -ENOMEM;
 	}
 
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	qp->mb_mgr = alloc_init_mb_mgr();
-#else
 	char mz_name[IPSEC_MB_MAX_MZ_NAME];
 	snprintf(mz_name, sizeof(mz_name), "IMB_MGR_DEV_%d_QP_%d",
 			dev->data->dev_id, qp_id);
 	qp->mb_mgr = ipsec_mb_alloc_mgr_from_memzone(&(qp->mb_mgr_mz),
 			mz_name);
-#endif
 	if (qp->mb_mgr == NULL) {
 		ret = -ENOMEM;
 		goto qp_setup_cleanup;
@@ -330,15 +312,10 @@  ipsec_mb_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	return 0;
 
 qp_setup_cleanup:
-#if IMB_VERSION(1, 1, 0) > IMB_VERSION_NUM
-	if (qp->mb_mgr)
-		free_mb_mgr(qp->mb_mgr);
-#else
 	if (rte_eal_process_type() == RTE_PROC_SECONDARY)
 		return ret;
 	if (qp->mb_mgr_mz)
 		rte_memzone_free(qp->mb_mgr_mz);
-#endif
 	rte_free(qp);
 	return ret;
 }
diff --git a/drivers/crypto/ipsec_mb/meson.build b/drivers/crypto/ipsec_mb/meson.build
index 87bf965554..0c988d7411 100644
--- a/drivers/crypto/ipsec_mb/meson.build
+++ b/drivers/crypto/ipsec_mb/meson.build
@@ -7,7 +7,7 @@  if is_windows
     subdir_done()
 endif
 
-IMB_required_ver = '1.0.0'
+IMB_required_ver = '1.4.0'
 IMB_header = '#include<intel-ipsec-mb.h>'
 if arch_subdir == 'arm'
     IMB_header = '#include<ipsec-mb.h>'
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 4de4866cf3..2acd229268 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -210,13 +210,9 @@  aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 			}
 		} else if (xform->auth.key.length == 32) {
 			sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 			if (sess->auth.req_digest_len != 4 &&
 					sess->auth.req_digest_len != 8 &&
 					sess->auth.req_digest_len != 16) {
-#else
-			if (sess->auth.req_digest_len != 4) {
-#endif
 				IPSEC_MB_LOG(ERR, "Invalid digest size\n");
 				return -EINVAL;
 			}
@@ -845,11 +841,9 @@  aesni_mb_session_configure(IMB_MGR *mb_mgr,
 		}
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	sess->session_id = imb_set_session(mb_mgr, &sess->template_job);
 	sess->pid = getpid();
 	RTE_PER_LCORE(pid) = sess->pid;
-#endif
 
 	return 0;
 }
@@ -982,9 +976,7 @@  aesni_mb_set_docsis_sec_session_parameters(
 		goto error_exit;
 	}
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	ipsec_sess->session_id = imb_set_session(mb_mgr, &ipsec_sess->template_job);
-#endif
 
 error_exit:
 	free_mb_mgr(mb_mgr);
@@ -1239,7 +1231,6 @@  imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
 	return 0;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static inline int
 single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 		int oop, uint32_t offset, struct rte_mbuf *m_src,
@@ -1324,7 +1315,6 @@  single_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
 	job->sgl_io_segs = sgl_segs;
 	return 0;
 }
-#endif
 
 static inline int
 multi_sgl_job(IMB_JOB *job, struct rte_crypto_op *op,
@@ -1394,9 +1384,7 @@  set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->msg_len_to_hash_in_bytes = 0;
 		job->msg_len_to_cipher_in_bytes = 0;
 		job->cipher_start_src_offset_in_bytes = 0;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 		imb_set_session(mb_mgr, job);
-#endif
 	} else {
 		job->hash_start_src_offset_in_bytes =
 				op->sym->aead.data.offset;
@@ -1424,13 +1412,11 @@  set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,
 		job->src = NULL;
 		job->dst = NULL;
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	} else {
@@ -1520,10 +1506,6 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	uint8_t sgl = 0;
 	uint8_t lb_sgl = 0;
 
-#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
-	(void) pid;
-#endif
-
 	session = ipsec_mb_get_session_private(qp, op);
 	if (session == NULL) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1533,12 +1515,10 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	const IMB_CIPHER_MODE cipher_mode =
 			session->template_job.cipher_mode;
 
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 	if (session->pid != pid) {
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 		imb_set_session(mb_mgr, job);
 	} else if (job->session_id != session->session_id)
-#endif
 		memcpy(job, &session->template_job, sizeof(IMB_JOB));
 
 	if (!op->sym->m_dst) {
@@ -1579,9 +1559,7 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_GCM_SGL;
 			job->hash_alg = IMB_AUTH_GCM_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	case IMB_AUTH_AES_GMAC_128:
@@ -1606,9 +1584,7 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
-#if IMB_VERSION(1, 3, 0) < IMB_VERSION_NUM
 			imb_set_session(mb_mgr, job);
-#endif
 		}
 		break;
 	default:
@@ -1804,13 +1780,11 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		if (lb_sgl)
 			return handle_sgl_linear(job, op, m_offset, session);
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 		if (m_src->nb_segs <= MAX_NUM_SEGS)
 			return single_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst,
 					qp_data->sgl_segs);
 		else
-#endif
 			return multi_sgl_job(job, op, oop,
 					m_offset, m_src, m_dst, mb_mgr);
 	}
@@ -2130,7 +2104,6 @@  set_job_null_op(IMB_JOB *job, struct rte_crypto_op *op)
 	return job;
 }
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 static uint16_t
 aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 		uint16_t nb_ops)
@@ -2263,144 +2236,7 @@  aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
 
 	return processed_jobs;
 }
-#else
-
-/**
- * Process a completed IMB_JOB job and keep processing jobs until
- * get_completed_job return NULL
- *
- * @param qp		Queue Pair to process
- * @param mb_mgr	IMB_MGR to use
- * @param job		IMB_JOB job
- * @param ops		crypto ops to fill
- * @param nb_ops	number of crypto ops
- *
- * @return
- * - Number of processed jobs
- */
-static unsigned
-handle_completed_jobs(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		IMB_JOB *job, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct rte_crypto_op *op = NULL;
-	uint16_t processed_jobs = 0;
-
-	while (job != NULL) {
-		op = post_process_mb_job(qp, job);
-
-		if (op) {
-			ops[processed_jobs++] = op;
-			qp->stats.dequeued_count++;
-		} else {
-			qp->stats.dequeue_err_count++;
-			break;
-		}
-		if (processed_jobs == nb_ops)
-			break;
-
-		job = IMB_GET_COMPLETED_JOB(mb_mgr);
-	}
-
-	return processed_jobs;
-}
-
-static inline uint16_t
-flush_mb_mgr(struct ipsec_mb_qp *qp, IMB_MGR *mb_mgr,
-		struct rte_crypto_op **ops, uint16_t nb_ops)
-{
-	int processed_ops = 0;
-
-	/* Flush the remaining jobs */
-	IMB_JOB *job = IMB_FLUSH_JOB(mb_mgr);
-
-	if (job)
-		processed_ops += handle_completed_jobs(qp, mb_mgr, job,
-				&ops[processed_ops], nb_ops - processed_ops);
-
-	return processed_ops;
-}
 
-static uint16_t
-aesni_mb_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
-		uint16_t nb_ops)
-{
-	struct ipsec_mb_qp *qp = queue_pair;
-	IMB_MGR *mb_mgr = qp->mb_mgr;
-	struct rte_crypto_op *op;
-	IMB_JOB *job;
-	int retval, processed_jobs = 0;
-	pid_t pid = 0;
-
-	if (unlikely(nb_ops == 0 || mb_mgr == NULL))
-		return 0;
-
-	uint8_t digest_idx = qp->digest_idx;
-
-	do {
-		/* Get next free mb job struct from mb manager */
-		job = IMB_GET_NEXT_JOB(mb_mgr);
-		if (unlikely(job == NULL)) {
-			/* if no free mb job structs we need to flush mb_mgr */
-			processed_jobs += flush_mb_mgr(qp, mb_mgr,
-					&ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-			if (nb_ops == processed_jobs)
-				break;
-
-			job = IMB_GET_NEXT_JOB(mb_mgr);
-		}
-
-		/*
-		 * Get next operation to process from ingress queue.
-		 * There is no need to return the job to the IMB_MGR
-		 * if there are no more operations to process, since the IMB_MGR
-		 * can use that pointer again in next get_next calls.
-		 */
-		retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op);
-		if (retval < 0)
-			break;
-
-		if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-			retval = set_sec_mb_job_params(job, qp, op,
-						&digest_idx);
-		else
-			retval = set_mb_job_params(job, qp, op,
-				&digest_idx, mb_mgr, pid);
-
-		if (unlikely(retval != 0)) {
-			qp->stats.dequeue_err_count++;
-			set_job_null_op(job, op);
-		}
-
-		/* Submit job to multi-buffer for processing */
-#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG
-		job = IMB_SUBMIT_JOB(mb_mgr);
-#else
-		job = IMB_SUBMIT_JOB_NOCHECK(mb_mgr);
-#endif
-		/*
-		 * If submit returns a processed job then handle it,
-		 * before submitting subsequent jobs
-		 */
-		if (job)
-			processed_jobs += handle_completed_jobs(qp, mb_mgr,
-					job, &ops[processed_jobs],
-					nb_ops - processed_jobs);
-
-	} while (processed_jobs < nb_ops);
-
-	qp->digest_idx = digest_idx;
-
-	if (processed_jobs < 1)
-		processed_jobs += flush_mb_mgr(qp, mb_mgr,
-				&ops[processed_jobs],
-				nb_ops - processed_jobs);
-
-	return processed_jobs;
-}
-#endif
 static inline int
 check_crypto_sgl(union rte_crypto_sym_ofs so, const struct rte_crypto_sgl *sgl)
 {
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 85994fe5a1..51cfd7e2aa 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -17,9 +17,7 @@ 
 #define HMAC_IPAD_VALUE			(0x36)
 #define HMAC_OPAD_VALUE			(0x5C)
 
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 #define MAX_NUM_SEGS 16
-#endif
 
 static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 	{	/* MD5 HMAC */
@@ -567,13 +565,8 @@  static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 				},
 				.digest_size = {
 					.min = 4,
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 					.max = 16,
 					.increment = 4
-#else
-					.max = 4,
-					.increment = 0
-#endif
 				},
 				.iv_size = {
 					.min = 16,
@@ -730,9 +723,7 @@  struct aesni_mb_qp_data {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
-#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
 	struct IMB_SGL_IOV sgl_segs[MAX_NUM_SEGS];
-#endif
 	union {
 		struct gcm_context_data gcm_sgl_ctx;
 		struct chacha20_poly1305_context_data chacha_sgl_ctx;