22.214.171.124.3. Example: Creating a Signed .aocx File Using PKCS11 Manager
$AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/sign_aocx.sh -H pkcs11_manager \ -i <path_to_input_file/input_filename.aocx> -r <rootpublickey_name> \ -k <csk_name> -o <path_to_output_file/output_filename.aocx>
PKCS11 Manager gets the keys information from a .json file. If you follow the instructions in HSM Key Creation, your file is named softhsm.json.
Provide the .json file path and name when the script prompts you as follows:
For using pkcs11_manager please give the .json filename with the path:
$ $AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/sign_aocx.sh -H pkcs11_manager \ -i vector_add.aocx -r root_key -k csk_1 -o pkcs_vector.aocx The script assumes the PACsign and Intel Acceleration Stack environment is setup. If not run the command : <stack_installation_path>/init_env.sh hsm_manager=pkcs11_manager aocx filename/path=vector_add.aocx root_public_key=root_key csk_public_key=csk_1 output filename/path=pkcs_vector.aocx For using pkcs11_manager please give the .json filename with the path: <filepath>/softhsm.json pkcs hsm_manager_options=pkcs11_manager -C softhsm.json input path =. input filename =vector_add.aocx output path =. output filename =pkcs_vector.aocx Extracted the filename as pkcs_vector 1. Extracted the bin from the aocx 2. Extracted the gzip compressed GBS file from the .bin 3. Uncompressed .gz it to get the GBS file Initiating PACSign tool to sign the GBS. This process will take a couple of minutes... Creating signed aocx file by signing the provided keys 2020-01-07 13:09:41,460 - PACSign.log - WARNING - Bitstream is already signed - removing signature blocks 4. Signed the GBS 5. Compressed the gbs file 6. Added the signed gzip file to fpga.bin 7. Added the fpga.bin file back into aocx file The signed file pkcs_vector.aocx has been generated. Use the command aocl program <device_name> <filename>.aocx to program it on the FPGA card
Did you find the information on this page useful?