Intel® Acceleration Stack for Intel® Xeon® CPU with FPGAs Version 1.2.1 Release Notes

ID 683480
Date 3/06/2020
Public

Intel® Acceleration Stack v1.2.1 Enhancements

Table 3.  New Feature List
Area Enhancement
Operating System Support
  • Ubuntu version 18.04, kernel 4.15
  • RHEL version 7.6, kernel 3.10
Security Enhancements
  • Root-of-Trust Implementation
  • Support for Intel® MAX® 10 BMC firmware, Intel® MAX® 10 FPGA images and FPGA static region user image signing
  • New OPAE tools:
    • FPGA one-time secure update (fpgaotsu): Upgrades from unsecured MAX10 to a secured MAX10
    • FPGA secure update (fpgasupdate): Remotely updates bitstreams securely. fpgasupdate replaces fpgaflash.
    • Super-RSU (super-rsu): Supports v1.2.1 package updates ( Intel® MAX® 10 BMC firmware and FPGA image).
    • PACSign: Enables signing of bitstreams. To use this tool, you must have the capability to generate a public/private key pair and your hardware security module (HSM) must support a Public-Key Cryptography Standards (PKCS)#11 compatible application programming interface (API) to the PACSign tool.
Sample AFUs Supported
The following unsigned AFU examples are provided with the Intel Acceleration Stack for Intel Xeon CPU with FPGAs:
  • dma_afu_unsigned.gbs
  • streaming_dma_afu_unsigned.gbs
  • eth_e2e_e10_unsigned.gbs
  • eth_e2e_e40_unsigned.gbs
  • hello_afu_unsigned.gbs
  • hello_intr_afu_unsigned.gbs
  • hello_mem_afu_unsigned.gbs
  • nlb_mode_0_unsigned.gbs
  • nlb_mode_0_stp_unsigned.gbs
  • nlb_mode_3_unsigned.gbs
Note: Each *_unsigned.gbs above is prepended with the necessary block0 and block1 headers but there are no hashes in these headers that have been signed with the root and code signing keys.