Security User Guide: Intel® FPGA Programmable Acceleration Card D5005

ID 683877
Date 8/25/2020
Public

2. Intel® FPGA PAC Security Features

The Intel® MAX® 10 board management controller (BMC) acts as a Root of Trust (RoT) and enables the secure update features of the Intel® FPGA PAC. The RoT includes features that may help prevent the following:

  • Loading or executing of unauthorized code or designs.
  • Disruptive operations attempted by unprivileged software, privileged software, or the host BMC.
  • Unintended execution of older code or designs with known bugs or vulnerabilities by enabling the BMC to revoke authorization.
The Intel® FPGA PAC BMC also enforces several other security policies relating to access through various interfaces, as well as protecting the on-board flash through write rate limitation.
Note: The terms BMC or BMC RoT refer to the Intel® FPGA PAC's Intel® MAX® 10 BMC (as opposed to another BMC, such as the host or motherboard BMC) unless otherwise noted.

In cases where you have a pre-security production Intel® FPGA PAC, you must perform a one-time secure update. For more information, refer to the Updating the FIM and BMC using the fpgaotsu section in the Intel Acceleration Stack User Guide: Intel® FPGA Programmable Acceleration Card D5005 .