AN 759: Using Secure Boot in Intel® Arria® 10 SoC Devices

ID 683060
Date 3/29/2021
Document Table of Contents

Generating the Signing Key Pair with OpenSSL

You may generate the signing key pair using OpenSSL, an open-source toolkit that supports the Secure Socket Layer (SSL). OpenSSL is available in the Intel® Arria® 10 SoC FPGA Authentication Signing Utility, and is provided by common Linux distributions.

You invoke OpenSSL from the boot loader generator. OpenSSL applies the security settings that you select in the boot loader generator, and creates an EC key pair. The boot loader generator invokes OpenSSL as follows to generate the key pair:

$ openssl ecparam -genkey -name prime256v1 -out root_key.pem

In the example above, the generated key pair is stored in the root_key.pem file. You can use this file with the Intel® secure boot image tool to sign the image.