Visible to Intel only — GUID: jxh1570769559350
Ixiasoft
3.1. Installing PACSign
3.2. PACSign Tool
3.3. Creating Unsigned Images
3.4. Using an HSM Manager
3.5. Creating Keys
3.6. Root Entry Hash Bitstream Creation
3.7. Signing Images
3.8. Creating a CSK ID Cancellation Bitstream
3.9. PACSign PKCS11 Manager *.json Reference
3.10. Creating a Custom HSM Manager
3.11. PACSign Man Page
3.12. Accessing Intel® FPGA PAC N3000 Version and Authentication Information
Visible to Intel only — GUID: jxh1570769559350
Ixiasoft
3.6. Root Entry Hash Bitstream Creation
In order to program the root entry hash bitstream to an Intel® FPGA PAC, you must use PACSign to create a root entry hash bitstream.
- In your PACSign command, specify the type RK_256 and select the appropriate HSM manager and configuration.
- To create a root entry hash bitstream using OpenSSL and the key generated in the OpenSSL Key Creation topic, type:
[PACSign_Demo]$ PACSign SR -t RK_256 -H openssl_manager -r key_fim_root_public_key.pem -o root_public_program_ssl.bin
- To create a root entry hash bitstream using a SoftHSM and the root key generated in the HSM Key Creation topic, type:
[PACSign_Demo]$ PACSign SR -t RK_256 -H pkcs11_manager -C softhsm.json -r root_key -o root_public_program_hsm.bin
Note: PACSign requires an HSM configuration *.json file to request the correct key from the HSM. For more information about the structure and contents of the *.json file, refer to the PACSign PKCS11 Manager .json Reference topic.
- To create a root entry hash bitstream using OpenSSL and the key generated in the OpenSSL Key Creation topic, type:
- After creating the root entry hash bitstream, program the bitstream to an Intel® FPGA PAC using the fpgasupdate command.
[PACSign_Demo]$ sudo fpgasupdate <root entry hash bitstream> b2:00.0
This operation is permanent and irreversible. After a FPGA SR user image root entry hash bitstream is programmed, the Intel® FPGA PAC validates a FPGA SR user image signature prior to loading. For more details on key management, see the Key Management topic. For more information on how to use fpgasupdate, refer to the Using fpgasupdate section.
- After you program the root entry hash bitstream, power cycle your Intel® FPGA PAC.
[PACSign_Demo]$ sudo rsu bmcimg b2:00.0