Security User Guide: Intel® FPGA Programmable Acceleration Card D5005
ID
683877
Date
8/25/2020
Public
3.1. Installing PACSign
3.2. PACSign Tool
3.3. Creating Unsigned Images
3.4. Using an HSM Manager
3.5. Creating Keys
3.6. Root Entry Hash Bitstream Creation
3.7. Signing Images
3.8. Creating a CSK ID Cancellation Bitstream
3.9. PACSign PKCS11 Manager *.json Reference
3.10. Creating a Custom HSM Manager
3.11. PACSign Man Page
2.2. Anti-Rollback Capability
The Intel® MAX® 10 BMC RoT provides anti-rollback capability through the code signing key ID cancellation feature. A CSK is assigned an ID, a number between 0-31, during the signing process. CSK ID cancellation information is stored in 32-bit fields in write-once locations in flash. When a code signing key ID is canceled, the Intel® MAX® 10 BMC RoT rejects all signatures created with a CSK that is assigned that ID. If a CSK ID that is used in an old update is canceled after applying a new update with a different CSK ID, the Intel® MAX® 10 BMC RoT rejects the signature of the old update, preventing a rollback to the old update.
Note: If you cancel a key and do not update your image with a different CSK ID, the old image continues to be operational unless the user updates it with the new image signed with a different CSK ID.