Dear Intel sir
I can't find any ROT (root of trust) example using Max10 FPGA to do NIST specification, most of them are explaining the process of verifying BMC or PCH FLASH at T-1, but this is not what I want to know
What I want to know is "the process of using dual configuration to make Max10 FPGA's own ROT", not the process of verifying the flash of BMC or PCH
I would like to ask where can I confirm the detailed information or process of using dual configuration IP to make Max10 FPGA's own ROT? It includes the detailed process of how to use the encryption key to combine with the rbf file of Max10 FPGA, and use dual configuration IP to make Max10 FPGA ROT function.
我找不到任何使用Max10 FPGA來做NIST規範的 ROT(root of trust)範例,大多都在說明在T-1時驗證BMC或PCH FLASH的流程,但這不是我想知道的
我想知道的地方是"使用Dual configuration 做Max10 FPGA 自己的ROT的流程" ,而不是驗證BMC 或PCH的flash的流程
想請問使用Dual configuration IP 做Max10 FPGA自己的ROT的流程的這塊詳細的資料或流程 哪邊可以確認?包括該如何使用加密鑰匙與Max10 FPGA的 rbf file結合的詳細流程, 並且使用dual configuration IP 做Max10 FPGA的ROT功能.
Based on my understanding, you are looking for dual configuration user guide and also encryption. We do not have specific documentation to use dual configuration with ROT.
You may refer to https://www.intel.com/programmable/technical-pdfs/683865.pdf . Chapter 3.8. AES Encryption and Chapter 4.2. Dual Configuration Intel FPGA IP Core
Dear Intel Sir.
I've read it but I'm still a little confused.
I want to check that for Intel server system ,use dual configuration IP is called ROT? and Encryption is only AES? or will be updated in the future?
Such use dual configuration to do ROT , Can it met the NIST800-193 specification?
I have study some server platforms file and circuit of Intel use Max10 to do system PFR( this process is Max10 do ROT(self check FW ), then chain of trust to check PCH/BMC flash(PFR)), So I think Intel can give some suggest for these questions.
Max 10 Dual configuration is not ROT as it is meant for storing 2 image into the flash. Where 1 can use for golden image and the other for application image.
You may refer to https://github.com/intel/pfr-wilson-city example design on how Intel uses Max 10 to implement ROT in Intel Xeon Processor platform
Dear intel Sir
If the dual configration IP is not a part of the ROT, How can we ensure that the FW or verilog code of the Max10FPGA itself is correct?
How to make sure Max10FPGA self FW is correct ? and If the verilog code(FW) is tampered, how to automatically restore the original verilog code(FW)?
As far as I understand, most of the program behaviors on pfr-wilson-city belong to the system PFR stage, and I don't know which code is doing what I described above.
The PFR will performed data validation to make sure that the capsule provided to the PFR is correct before the bitstream is updated. You may refer to https://github.com/intel/pfr-wilson-city/blob/master/fw/code/inc/capsule_validation.h for more information.
Once you have peformed configuration the first time, it will setup the Max 10 device and make sure that you are not able to remotely update it without the correct capsule. During every bootup the system will automatically authenticate itself to make sure that there is no tampering happening. It is done fully on the FW and some of the security is in the flash where user is not able to access.