2.3. Key Management
- BMC firmware update images
- FIM images
- AFU (partial reconfiguration) images
- You must manage assigning CSK IDs to CSKs and consistently using the same ID for a given CSK. Neither an Intel® FPGA PAC nor the PACSign tool associate a particular key's value with its ID. It is possible to assign a given CSK multiple IDs, or multiple CSKs to a given ID. This may result in unintended consequences when attempting to cancel a CSK. Intel recommends exclusive ID assignments for each CSK.
- You are responsible for creating the appropriate key cancellation bitstreams. You must use the same ID number for key cancellation as the one you assigned to the CSK at key creation. Key cancellation bitstreams must be signed with the applicable root key. This helps avoid denial of service through an unintended cancellation of all key values.
You are responsible for generating and managing your AFU image root key and CSKs. You generate the AFU image root entry hash bitstream using your root key.
- You are also responsible for programming this root entry hash bitstream on the Intel® FPGA PAC. If your Intel® FPGA PAC does not have a programmed AFU root entry hash bitstream stored, it executes any signed or unsigned AFU.
Note: Intel strongly recommends programming an AFU root entry hash bitstream. You must protect the confidentiality of the root private key throughout the life of the Intel FPGA PAC.
- BMC firmware images
- FIM images
- AFU (partial reconfiguration region) images
The TCM is architected so that all root entry hashes cannot be revoked, changed, or erased once programmed.
If you have a board that has not been updated with the TCM RoT, you must use the one-time secure update to program the Intel root entry hash bitstreams for the BMC firmware and Intel FIM images on your existing Intel® FPGA PAC. New Intel® FPGA PACs come with these root entry hashes programmed at manufacturing time.
- Determining whether your board has been updated with the required hashes
- Using one-time secure update
In the future, updates to the BMC firmware or FIM images may necessitate a respective key cancellation in order to help prevent an unintended rollback to a prior version. In this case, Intel provides the update with a signed CSK that has a different ID than all prior updates. Intel provides a separate key cancellation bitstream to cancel the appropriate Intel keys. You may test an update by applying it before programming the key cancellation bitstream. The prior BMC firmware or FIM update images continue to be accepted as valid updates until the new key cancellation bitstream is applied.
Did you find the information on this page useful?