Accelerator Functional Unit Developer Guide: Intel FPGA Programmable Acceleration Card N3000 Variants

ID 683190
Date 7/15/2022
Document Table of Contents

4.5. Loading Your AFU into the Intel FPGA PAC N3000

Once your design has been compiled using the make process, a new directory is created with all build report files and FPGA programming files. To see these files, do the following after successfully running make:
Note: Must be in the same directory where make was invoked.
$ cd prj/pac_baseline/build/
$ $ ls -1

The file pac-n3000-secure-update-raw.bin is a binary file formatted to be loaded into the N3000 FPGA flash. Before this file can be loaded into the flash, the prepended authentication blocks generated by PACSign must be added to the binary file prior to loading using the OPAE tool fpgasupdate. The following instructions guide you in creating an image file with the proper authentication blocks for an N3000 that has not had the root entry hash programmed. Typically, when developing an AFU in a lab environment, do not program the root entry hash until the AFU is production ready.

For more information, refer to the Security User Guide for Intel FPGA Programmable Acceleration Card N3000 Variants.

Before running PACSign, ensure you have the following environment setting:
export PYTHONPATH=/usr/local/lib/python3.6/site-packages/
  1. Create the image and load using fpgasupdate.
    $ PACSign SR -t UPDATE -H openssl_manager  \
    -i pac-n3000-secure-update-raw.bin  -o unsigned_PAC_N3000_RSU.bin 
    No root key specified.  Generate unsigned bitstream? Y = yes, N = no: y
    No CSK specified.  Generate unsigned bitstream? Y = yes, N = no: y
    By responding with 'y', you are creating an unsigned binary file that can be loaded into a N3000 board that has not had the root key hash loaded into flash.
  2. Perform the fpgasupdate write process.
    $ sudo fpgasupdate unsigned_PAC_N3000_RSU.bin <PCIe B:D.F>
    Note: The fpgasupdate write process take approximately 40 minutes to complete.
  3. Once fpgasupdate completes, perform a remote system update to load the new FPGA image, then verify the expected FPGA is loaded with OPAE tools fpgainfo fme and fpgainfo port.
    $ sudo rsu fpga <PCIe B:D.F>
    $ sudo fpgainfo fme 
    $ sudo fpgainfo port