Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Document Table of Contents

2.2. Anti-Rollback Capability

The TCM RoT provides anti-rollback capability through the code signing key ID cancellation feature. A CSK is assigned an ID, a number between 0-127, during the signing process. CSK ID cancellation information is stored in 128-bit fields in write-once locations in flash. When a code signing key ID is canceled, the TCM RoT rejects all signatures created with a CSK that is assigned that ID. If a CSK ID that is used in an old update is canceled after applying a new update with a different CSK ID, the TCM RoT rejects the signature of the old update, preventing a rollback to the old update.

Note: If you cancel an AFU CSK ID and do not update your AFU image, the image continues to be operational until you update it. The new image must be signed with a CSK that is assigned an uncanceled ID.