1.3. FPGA Firmware Cancellation IDs
The anti-rollback feature uses key cancellation IDs stored in signature chains as well as corresponding values in eFuses. By programming the eFuse that corresponds to a given key cancellation ID, you invalidate the signature chain that contains the key with that ID. This mechanism prevents the FPGA from loading the signed object, which can be firmware, an FPGA bitstream, an HPS first-stage boot loader, or a certificate that validates a command to the FPGA. Intel® Stratix® 10 FPGA firmware is distinct from the other objects as it is always signed by Intel, and there is an entire set of cancellation fuses for the Intel signature separate from the cancellation fuses that correspond to owner signatures. Therefore, you may utilize Intel® Stratix® 10 FPGA firmware anti-rollback without using any other device security features.
Did you find the information on this page useful?