TECHNOLOGIES FOR SECURE BOOT PROVISIONING AND MANAGEMENT OF FIELD-PROGRAMMABLE GATE ARRAY IMAGES
First Claim
1. A computing device for configuring a field-programmable gate array (FPGA), the computing device comprising:
- a field programmable gate array (FPGA);
a secure boot loader to start a secure boot process to establish a chain of trust, wherein the chain of trust includes a trusted execution environment of the computing device;
an FPGA updater to load, by the trusted execution environment, an FPGA hash from an FPGA manifest stored in a secure storage of the computing device in response to a start of the secure boot process; and
an FPGA hash checker to determine, by a platform trusted execution environment of the computing device, whether the FPGA hash is allowed for launch in response to a load of the FPGA hash;
wherein the FPGA updater is further to (i) configure, by the trusted execution environment, the FPGA with an FPGA image that corresponds to the FPGA hash in response to a determination that the FPGA hash is allowed for launch, and (ii) verify, by the trusted execution environment, the FPGA image of the FPGA with the FPGA hash in response to configuration of the FPGA.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for configuring a FPGA include a computing device having a processor and an FPGA. The computing device starts a secure boot process to establish a chain of trust that includes a trusted execution environment. The trusted execution environment loads an FPGA hash from an FPGA manifest stored in secure storage, and a platform trusted execution environment determines whether the FPGA hash is allowed for launch. To determine if the FPGA hash is allowed for launch, the platform trusted execution environment may evaluate one or more launch policies from the FPGA manifest. If allowed, the trusted execution environment configures the FPGA with an FPGA image corresponding to the FPGA hash and verifies the FPGA image with the FPGA hash. The platform trusted execution environment may receive the FPGA hash from a user via a trusted I/O session or from a remote management server. Other embodiments are described and claimed.
-
Citations
25 Claims
-
1. A computing device for configuring a field-programmable gate array (FPGA), the computing device comprising:
-
a field programmable gate array (FPGA); a secure boot loader to start a secure boot process to establish a chain of trust, wherein the chain of trust includes a trusted execution environment of the computing device; an FPGA updater to load, by the trusted execution environment, an FPGA hash from an FPGA manifest stored in a secure storage of the computing device in response to a start of the secure boot process; and an FPGA hash checker to determine, by a platform trusted execution environment of the computing device, whether the FPGA hash is allowed for launch in response to a load of the FPGA hash; wherein the FPGA updater is further to (i) configure, by the trusted execution environment, the FPGA with an FPGA image that corresponds to the FPGA hash in response to a determination that the FPGA hash is allowed for launch, and (ii) verify, by the trusted execution environment, the FPGA image of the FPGA with the FPGA hash in response to configuration of the FPGA. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for configuring a field-programmable gate array (FPGA), the method comprising:
-
starting, by the computing device, a secure boot process to establish a chain of trust, wherein the chain of trust includes a trusted execution environment of the computing device; loading, by the trusted execution environment, an FPGA hash from an FPGA manifest stored in a secure storage of the computing device in response to starting the secure boot process; determining, by a platform trusted execution environment of the computing device, whether the FPGA hash is allowed for launch in response to loading the FPGA hash; configuring, by the trusted execution environment, an FPGA of the computing device with an FPGA image that corresponds to the FPGA hash in response to determining that the FPGA hash is allowed for launch; and verifying, by the trusted execution environment, the FPGA image of the FPGA using the FPGA hash in response to configuring the FPGA. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
start a secure boot process to establish a chain of trust, wherein the chain of trust includes a trusted execution environment of the computing device; load, by the trusted execution environment, an FPGA hash from an FPGA manifest stored in a secure storage of the computing device in response to starting the secure boot process; determine, by a platform trusted execution environment of the computing device, whether the FPGA hash is allowed for launch in response to loading the FPGA hash; configure, by the trusted execution environment, an FPGA of the computing device with an FPGA image that corresponds to the FPGA hash in response to determining that the FPGA hash is allowed for launch; and verify, by the trusted execution environment, the FPGA image of the FPGA using the FPGA hash in response to configuring the FPGA. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification