Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Public
Document Table of Contents

3. Intel FPGA PAC Security Flow

The following steps describe the flow to enable Intel® FPGA PAC security. See the corresponding sections in this chapter for detailed instructions on each step.
  1. Install PACSign.
  2. If you are in development, you may optionally create an unsigned AFU image to test and validate the functionality of your AFU image prior to fully signing the image for deployment into a production environment. Please refer to the Creating Unsigned Images section for more information.
  3. Create your root key and CSK(s). You can use OpenSSL or an HSM for this action.
    Figure 2. Key Creation Using OpenSSL
    Figure 3. Key Creation Using HSM pkcs11_tool
  4. Create your root entry hash bitstream.
    Figure 4. Creating Root Entry Hash Bitstream with OpenSSL
    Figure 5. Creating Root Entry Hash Bitstream with HSM pkcs11_manager
  5. Program your root entry hash bitstream onto the Intel® FPGA PAC. You must power cycle the Intel® FPGA PAC after you have programmed the root entry hash bitstream.
  6. Sign your AFU.
    Figure 6. Signing your image with OpenSSL
    Figure 7. Signing your image with pkcs11_manager
  7. Program your AFU into the Intel® FPGA PAC. For directions on how to program your AFU, refer to the Using fpgasupdate chapter.