Why do I experience a PCIe surprise link down when running the rsu command to my Intel® FPGA PAC N3000 when my server is configured for secure boot?

When the N3000 server is set up for secure boot, the following limitations are introduced:

• Using kexec to start an unsigned kernel image
• Hibernation and resume from hibernation
• User-space access to physical memory and I/O ports
• Module parameters that allow setting memory and I/O port addresses
• Writing to MSRs through /dev/cpu/*/msr
• Use of custom ACPI methods and tables
• ACPI APEI error injection

The rsu command performs the following actions:

1. User space access to PCIe AER registers to momentarily disable surprise link down alarm.
2. Re-program FPGA or power cycle the card.
3. Wait for card re-start.
4. Re-enable PCIe AER.

Because your server has secure boot enabled, user space access to PCIe AER registers is not allowed.  When the FPGA is reloaded or the card is power cycled, the PCIe surprise link down alarm is triggered.

To workaround this issue, instead of running the rsu command after performing the fpgasupdate command, power cycle the server for the new installed image to be loaded.