3.1. Installing PACSign 3.2. PACSign Tool 3.3. Creating Unsigned Images 3.4. Using an HSM Manager 3.5. Creating Keys 3.6. Root Entry Hash Bitstream Creation 3.7. Signing Images 3.8. Creating a CSK ID Cancellation Bitstream 3.9. PACSign PKCS11 Manager *.json Reference 3.10. Creating a Custom HSM Manager 3.11. PACSign Man Page
4. Using fpgasupdate
Use the fpgasupdate command to securely update the following files in flash:
- BMC firmware
- FIM images
- AFU (partial reconfiguration) images
When you call fpgasupdate the TCM orchestrates the update.
- The TCM rejects an update request if another update is currently in progress. The TCM monitors flash write and update counts and delays an update 30 seconds if more than 1,000 updates have occurred, and 60 seconds if more than 2,000 updates have occurred.
- The TCM stops the currently running AFU and loads the BIP from on-board flash.
- The TCM grants access only to a staging area in the on-board DDR memory, and only for enough time for the host to write an update into the staging area.
Note: Overwriting memory contents is harmless at this point, because the previous AFU is no longer present and the BIP has full control. The next AFU to be loaded does not make assumptions about the contents of memory.
- The TCM then restricts all write access to ensure the update image cannot be changed during or after the authentication process.
- If authentication is successful, the TCM copies the image from the staging area into the appropriate interface: the BMC flash for BMC updates, the on-board flash for FIM or AFU updates, or directly to the PR interface for an immediate execution of the new AFU.
To use the command type:
where the following options are as follows:
$ sudo fpgasupdate [--log-level=<level>] file [bdf]
|level||state, ioctl, debug, info, warning, error, critical. Default value is state.|
|file||The secure update file that you program in the Intel® FPGA PAC|
|[bdf]||[ssss:]bb:dd:f, corresponding to PCIe segment, bus, device, function. The segment is optional; if omitted, a segment of 0000 is assumed.||If there is only one Intel® FPGA PAC in the system, then bdf may be omitted. In this case, fpgasupdate determines the address automatically.|
Did you find the information on this page useful?