Security User Guide: Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA

ID 683453
Date 3/06/2020
Document Table of Contents Example: Creating a Signed .aocx File Using PKCS11 Manager

Command syntax:

$AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/ -H pkcs11_manager \
-i <path_to_input_file/input_filename.aocx> -r <rootpublickey_name> \
-k <csk_name> -o <path_to_output_file/output_filename.aocx>

PKCS11 Manager gets the keys information from a .json file. If you follow the instructions in HSM Key Creation, your file is named softhsm.json.

Provide the .json file path and name when the script prompts you as follows:

For using pkcs11_manager please give the .json filename with the path:

Example output:

$ $AOCL_BOARD_PACKAGE_ROOT/linux64/libexec/ -H pkcs11_manager \
-i vector_add.aocx -r root_key -k csk_1 -o pkcs_vector.aocx

The script assumes the PACsign and Intel Acceleration Stack environment is setup. If not run the command : <stack_installation_path>/
aocx filename/path=vector_add.aocx
output filename/path=pkcs_vector.aocx

For using pkcs11_manager please give the .json filename with the path:


pkcs hsm_manager_options=pkcs11_manager -C softhsm.json
input path =.
input filename =vector_add.aocx
output path =.
output filename =pkcs_vector.aocx
Extracted the filename as pkcs_vector
1. Extracted the bin from the aocx
2. Extracted the gzip compressed GBS file from the .bin
3. Uncompressed .gz it to get the GBS file
Initiating PACSign tool to sign the GBS. This process will take a couple of minutes...
Creating signed aocx file by signing the provided keys
2020-01-07 13:09:41,460 - PACSign.log - WARNING - Bitstream is already signed - removing signature blocks
4. Signed the GBS
5. Compressed the gbs file
6. Added the signed gzip file to fpga.bin
7. Added the fpga.bin file back into aocx file
The signed file pkcs_vector.aocx has been generated. Use the command aocl program <device_name> <filename>.aocx to program it on the FPGA card

Did you find the information on this page useful?

Characters remaining:

Feedback Message