2. Intel® FPGA PAC Security Features
The Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA contains logic in the static region (SR) called the Trusted Control Module (TCM). The TCM acts as a Root of Trust (RoT) and enables the secure update features of the Intel® FPGA PAC. The TCM RoT includes features that may help prevent the following:
- Loading or executing of unauthorized code or designs.
- Disruptive operations attempted by unprivileged software, privileged software, or the host BMC.
- Unintended execution of older code or designs with known bugs or vulnerabilities by enabling the TCM to revoke authorization.
The TCM RoT also enforces several other security policies relating to access through various interfaces, as well as protecting the on-board flash through write rate limitation.
The TCM RoT verifies:
- Board Management Controller (BMC) firmware updates
- FIM images.
- AFU (partial reconfiguration region) images.
In cases where you have a pre-security production Intel® FPGA PAC, you must perform a one-time secure update. Please refer to the One-Time Secure Update section in the Intel Acceleration Stack Quick Start Guide for Intel® Programmable Acceleration Card with Intel® Arria® 10 GX FPGA for more information.