Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Public
Document Table of Contents

3.7.1. Creating OpenCL* Bitstreams

Creating signed or unsigned OpenCL* bitstreams requires some additional steps, because the AFU is embedded in the FPGA hardware configuration (.aocx) file, which is derived from an OpenCL* compile.
The sign_aocx.sh script (distributed in $AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/) creates the OpenCL* bitstream for you. It performs the following steps automatically:
  1. Extracts the AFU from the .aocx file
  2. Signs the AFU (if desired) and applies security metadata.
  3. Packs the AFU back into the .aocx file.

You can create unsigned bitstreams (with security metadata only) or signed .aocx file using the script. sign_aocx.sh calls PACSign to create the signature bitstreams.

To create the OpenCL* bitstream, follow this workflow:
  1. Decide which HSM manager to use: OpenSSL manager or PKCS11manager
  2. Decide whether to create a signed or unsigned image
  3. Source the init_env.sh script: Sourcing the init_env.sh Script
  4. Generate the desired image: Creating the OpenCL Bitstream
  5. Program the image to the board: Programming the Image File

Did you find the information on this page useful?

Characters remaining:

Feedback Message