Security User Guide: Intel® FPGA Programmable Acceleration Card D5005

Download PDF
ID 683877
Date 8/25/2020
Public
Document Table of Contents
Document Table of Contents x
1. Overview 2. Intel® FPGA PAC Security Features 3. Intel FPGA PAC Security Flow 4. Using fpgasupdate 5. Document Revision History for Security User Guide
1. Overview x
1.1. About This Document 1.2. Prerequisites 1.3. Related Documentation 1.4. Glossary
2. Intel® FPGA PAC Security Features x
2.1. Secure Image Updates 2.2. Anti-Rollback Capability 2.3. Key Management 2.4. Authentication 2.5. Encryption
3. Intel FPGA PAC Security Flow x
3.1. Installing PACSign 3.2. PACSign Tool 3.3. Creating Unsigned Images 3.4. Using an HSM Manager 3.5. Creating Keys 3.6. Root Entry Hash Bitstream Creation 3.7. Signing Images 3.8. Creating a CSK ID Cancellation Bitstream 3.9. PACSign PKCS11 Manager *.json Reference 3.10. Creating a Custom HSM Manager 3.11. PACSign Man Page
3.5. Creating Keys x
3.5.1. OpenSSL Key Creation 3.5.2. HSM Key Creation
3.7. Signing Images x
3.7.1. Signing OpenCL* Images
3.10. Creating a Custom HSM Manager x
3.10.1. HSM_MANAGER.get_public_key(public_key) 3.10.2. HSM_MANAGER.sign(data, key) 3.10.3. Signing Operation Flow
3.10.1. HSM_MANAGER.get_public_key(public_key) x
3.10.1.1. PUBLIC_KEY.get_X_Y() 3.10.1.2. PUBLIC_KEY.get_permission() 3.10.1.3. PUBLIC_KEY.get_ID() 3.10.1.4. PUBLIC_KEY.get_content_type()
4. Using fpgasupdate x
4.1. Troubleshooting
1. Overview
2. Intel® FPGA PAC Security Features
3. Intel FPGA PAC Security Flow
4. Using fpgasupdate
5. Document Revision History for Security User Guide

3.10.1. HSM_MANAGER.get_public_key(public_key)

This method returns an instance of a public key that is described by ‘public_key’, which was provided via a command-line option (--root_key or --code_signing_key). The HSM manager must know how to properly identify the key on the HSM given this string.

The public key instance is required to supply the public methods described in the sections that follow. The PKCS #11 implementation of this function, get_public_key, is below: 

def get_public_key(self, public_key):
	try:
		key_, local_key = self.get_key(public_key, ObjectClass.PUBLIC_KEY)
		key_ = key_[Attribute.EC_POINT]

	except pkcs11.NoSuchKey:
		pass # No key found
	except pkcs11.MultipleObjectsReturned:
		pass # Multiple keys found
	return _PUBLIC_KEY(key_[3:], local_key)

Section Content
PUBLIC_KEY.get_X_Y()
PUBLIC_KEY.get_permission()
PUBLIC_KEY.get_ID()
PUBLIC_KEY.get_content_type()

Level Two Title