Generating the Signing Key Pair with OpenSSL
You may generate the signing key pair using OpenSSL, an open-source toolkit that supports the Secure Socket Layer (SSL). OpenSSL is available in the Intel® Arria® 10 SoC FPGA Authentication Signing Utility, and is provided by common Linux distributions.
You invoke OpenSSL from the boot loader generator. OpenSSL applies the security settings that you select in the boot loader generator, and creates an EC key pair. The boot loader generator invokes OpenSSL as follows to generate the key pair:
$ openssl ecparam -genkey -name prime256v1 -out root_key.pem
In the example above, the generated key pair is stored in the root_key.pem file. You can use this file with the Intel® secure boot image tool to sign the image.
Did you find the information on this page useful?