7. Intel® FPGA PAC D5005 Security for OpenCL* Applications
The Intel® FPGA PAC D5005 allows you to enable security features such as Root of Trust (RoT) and AFU signing for the designs to be loaded onto it. The Intel® FPGA PAC D5005 containing a hardware image (FIM) version 2.0.1 or greater requires an AFU to have the prepended signature blocks, even if an AFU root entry hash has not been programmed. To determine the FIM version installed on your board, follow the instructions from the section Identify the FPGA Interface Manager (FIM) and BMC Firmware Version. Intel® 's PAC sign allows you to prepend the required blocks with an empty signature chain. Please refer to the Intel FPGA PAC Security Guide to see how to create the keys and follow the instructions from the section Signing OpenCL Images to sign an OpenCL* *.aocx file to program the FPGA. To automate the signing process for OpenCL* *.aocx file, you can refer to this KDB. If you have any version of FIM prior to 2.0.1, you need to perform a one-time secure update to enable the security features.