Security User Guide: Intel® FPGA Programmable Acceleration Card N3000 Variants

Download PDF
ID 683519
Date 9/08/2020
Public
Document Table of Contents
Document Table of Contents x
1. Overview 2. Intel® FPGA PAC Security Features 3. Intel FPGA PAC Security Flow 4. Using fpgasupdate 5. Document Revision History for Security User Guide A. bitstreaminfo Tool Examples
1. Overview x
1.1. About This Document 1.2. Prerequisites 1.3. Related Documentation 1.4. Glossary
2. Intel® FPGA PAC Security Features x
2.1. Secure Image Updates 2.2. Anti-Rollback Capability 2.3. Key Management 2.4. Authentication 2.5. Encryption
3. Intel FPGA PAC Security Flow x
3.1. Installing PACSign 3.2. PACSign Tool 3.3. Creating Unsigned Images 3.4. Using an HSM Manager 3.5. Creating Keys 3.6. Root Entry Hash Bitstream Creation 3.7. Signing Images 3.8. Creating a CSK ID Cancellation Bitstream 3.9. PACSign PKCS11 Manager *.json Reference 3.10. Creating a Custom HSM Manager 3.11. PACSign Man Page 3.12. Accessing Intel® FPGA PAC N3000 Version and Authentication Information
3.5. Creating Keys x
3.5.1. OpenSSL Key Creation 3.5.2. HSM Key Creation
3.10. Creating a Custom HSM Manager x
3.10.1. HSM_MANAGER.get_public_key(public_key) 3.10.2. HSM_MANAGER.sign(data, key) 3.10.3. Signing Operation Flow
3.10.1. HSM_MANAGER.get_public_key(public_key) x
3.10.1.1. PUBLIC_KEY.get_X_Y() 3.10.1.2. PUBLIC_KEY.get_permission() 3.10.1.3. PUBLIC_KEY.get_ID() 3.10.1.4. PUBLIC_KEY.get_content_type()
3.12. Accessing Intel® FPGA PAC N3000 Version and Authentication Information x
3.12.1. Using fpgainfo security Command 3.12.2. Reading sysfs Files for Identifying Information 3.12.3. Using bitstreaminfo Tool
4. Using fpgasupdate x
4.1. Troubleshooting
1. Overview
2. Intel® FPGA PAC Security Features
3. Intel FPGA PAC Security Flow
4. Using fpgasupdate
5. Document Revision History for Security User Guide
A. bitstreaminfo Tool Examples

3.12. Accessing Intel® FPGA PAC N3000 Version and Authentication Information

Throughout product development and deployment, you may want to:
  • Verify the version of Intel® FPGA PAC with which you are developing or deploying
  • Identify or verify the root entry hash of your FPGA SR user image
  • Collect data about the number of times the Staging flash has been programmed to assess any potential threats like flash wear-out
  • Determine all cancellation CSK IDs you used for your FPGA SR user image
OPAE software provides three ways to obtain version or authentication information:
  • fpgainfo security command
  • sysfs files
  • bitstreaminfo tool

For all three methods explained in the following sections, use the BMC root entry hash to identify the version of the Intel® FPGA PAC N3000. Each Intel® FPGA PAC N3000 has a unique BMC root entry hash.

Compare your BMC root entry hash output to the following table to identify your Intel® FPGA PAC N3000 version.

Table 6.  BMC Root Entry Hash Identifier for Intel® FPGA PAC N3000
Platform

MMID

(found on side cover of the Intel® FPGA PAC)

BMC Root Entry Hash
Intel® FPGA PAC N3000-1 999H1K (8 x 10G) 0x757f524c2f45db58ac2a6c93e72b9167149979b795195d09d5e2efad82f2b031
Intel® FPGA PAC N3000-2 999HGN (2 x 2 x 25G)
Intel® FPGA PAC N3000-N 999PJD (2x2x25G, NEBS-friendly) 0xec0f42d3af138e3eca7141107f7fed5f7c13846fadbba884e51ad26bf36a3d21

Section Content
Using fpgainfo security Command
Reading sysfs Files for Identifying Information
Using bitstreaminfo Tool

Level Two Title