Security User Guide: Intel® FPGA Programmable Acceleration Card D5005
ID
683877
Date
8/25/2020
Public
3.1. Installing PACSign
3.2. PACSign Tool
3.3. Creating Unsigned Images
3.4. Using an HSM Manager
3.5. Creating Keys
3.6. Root Entry Hash Bitstream Creation
3.7. Signing Images
3.8. Creating a CSK ID Cancellation Bitstream
3.9. PACSign PKCS11 Manager *.json Reference
3.10. Creating a Custom HSM Manager
3.11. PACSign Man Page
2. Intel® FPGA PAC Security Features
The Intel® MAX® 10 board management controller (BMC) acts as a Root of Trust (RoT) and enables the secure update features of the Intel® FPGA PAC. The RoT includes features that may help prevent the following:
- Loading or executing of unauthorized code or designs.
- Disruptive operations attempted by unprivileged software, privileged software, or the host BMC.
- Unintended execution of older code or designs with known bugs or vulnerabilities by enabling the BMC to revoke authorization.
The Intel® FPGA PAC BMC also enforces several other security policies relating to access through various interfaces, as well as protecting the on-board flash through write rate limitation.
Note: The terms BMC or BMC RoT refer to the Intel® FPGA PAC's Intel® MAX® 10 BMC (as opposed to another BMC, such as the host or motherboard BMC) unless otherwise noted.
In cases where you have a pre-security production Intel® FPGA PAC, you must perform a one-time secure update. For more information, refer to the Updating the FIM and BMC using the fpgaotsu section in the Intel Acceleration Stack User Guide: Intel® FPGA Programmable Acceleration Card D5005 .