Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Document Table of Contents

3.7.1. Creating OpenCL* Bitstreams

Creating signed or unsigned OpenCL* bitstreams requires some additional steps, because the AFU is embedded in the FPGA hardware configuration (.aocx) file, which is derived from an OpenCL* compile.
The script (distributed in $AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/) creates the OpenCL* bitstream for you. It performs the following steps automatically:
  1. Extracts the AFU from the .aocx file
  2. Signs the AFU (if desired) and applies security metadata.
  3. Packs the AFU back into the .aocx file.

You can create unsigned bitstreams (with security metadata only) or signed .aocx file using the script. calls PACSign to create the signature bitstreams.

To create the OpenCL* bitstream, follow this workflow:
  1. Decide which HSM manager to use: OpenSSL manager or PKCS11manager
  2. Decide whether to create a signed or unsigned image
  3. Source the script: Sourcing the Script
  4. Generate the desired image: Creating the OpenCL Bitstream
  5. Program the image to the board: Programming the Image File