

# Xilinx App Store

AES 256 has a key length of 256 bits, supports the largest bit size, and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard and more secure.



# Contents

| Chapter 1: Xilinx App Store                   |
|-----------------------------------------------|
| What is the Xilinx App Store?                 |
| Features of Xilinx App Store                  |
| 3-step Easy Evaluation05                      |
| Support for Docker Containers                 |
| <b>Chapter 2:</b> FPGA IP Licensing Principle |

| Licensing Modes                            |  |
|--------------------------------------------|--|
| Licensing Models                           |  |
| A Protected IP                             |  |
| DRM Controller IP                          |  |
| DRM Bus                                    |  |
| DRM Activator IP                           |  |
| DRM Activator interface with IP to protect |  |
| DRM Hardware integration                   |  |
| Modify the Design:                         |  |

| Chapter 3 | <b>3:</b> AES 256 IP                                     | 12 |
|-----------|----------------------------------------------------------|----|
|           | Overview                                                 | 12 |
|           | Block Diagram: AES 256 IP                                | 15 |
|           | Symmetric Encryption vs Asymmetric Encryption            | 14 |
|           | Key Features & Benefits                                  |    |
|           | Core Implementation                                      | 14 |
|           | FPGA Device Utilization: Post-synthesis results          |    |
|           | Product Release Support: Performance and Quality metrics | 15 |
|           | Secure Algorithm: Data-Security and Privacy:             | 16 |

## Chapter 4: Xilinx Vitis Environment

- - Setting Up the Environment to Run the Vitis Software Platform.....17



AES 256 IP on Xilinx App Store



|        | Synthesize the app design                                                                                |              |
|--------|----------------------------------------------------------------------------------------------------------|--------------|
|        | Compile & Run the Application                                                                            |              |
| Chapte | <b>r 6:</b> Docker Containers and App Run                                                                | 20           |
|        | Development Environment                                                                                  | 20           |
|        | Flow of AES app                                                                                          | 20           |
|        | Run the AES 256 App on Xilinx App Store                                                                  |              |
|        | Docker Container Details                                                                                 |              |
|        | Dependency List                                                                                          |              |
|        | Environment setup                                                                                        |              |
|        | Development Steps                                                                                        |              |
|        | Application Usage                                                                                        |              |
|        |                                                                                                          |              |
| Chapte | <b>r 7:</b> Troubleshooting                                                                              |              |
|        | Successful Build                                                                                         |              |
|        | Use Vitis Analyzer tool to visualize and navigate reports                                                | 31           |
|        | [Error] Unable to find DRM controller registers                                                          |              |
|        | [Error] Path is not a valid file: cred.json                                                              |              |
|        | [Error] Metering web service error 400:<br>User account has no entitlement                               |              |
|        | [Error] Metering web service error 400                                                                   |              |
|        | [ XRT ] Error: CU was deadlocked? Hardware is not stable                                                 |              |
|        | [Error] Bus Interface property FREQ_HZ does not<br>match between <port_1> and <port_2></port_2></port_1> |              |
|        | [ XRT ] Warning: unaligned host pointer '0x7fffxxxxxx'<br>detected, this lead to extra memcpy            | 0<br>1<br>35 |
|        | [ XRT ] Error: Cannot add a component to the argument                                                    |              |
|        | Check md5sum value of the <file_name>.xclibin</file_name>                                                |              |

The first step is you can see which devices are present on your host.37Determine Linux release:37Unload/reload XRT drivers:38Flash the card with a deployment platform:38Reverting the card to factory image:40

Logic fruit Technologies

AES 256 IP on Xilinx App Store

# Chapter 1: AES 256 IP on Xilinx App Store

# What is the Xilinx App Store?

The Xilinx App Store makes it easy for one to evaluate, purchase, and deploy accelerated applications using cloud-based services or on-premises PC systems as per requirements. It offers a powerful platform to host, market, and sell one's solutions using a managed, easy-to-use, secure Digital Rights Management (DRM) infrastructure. The Xilinx app store is developed by Xilinx and its platform partners and provides pre-built, containerized software that can be easily assessed, bought, and deployed on edge

The Xilinx App Store provides a powerful platform for hosting, marketing, and distribution of your solutions leveraging a managed, convenient and stable DRM architecture to help multinational consumers accessing their Cloud and/or on-site technologies.

Xilinx app store home page: <u>Xilinx App Store</u>

# Features of Xilinx App Store

**Global access and Free trial:** Evaluate for free, sell and purchase globally. The Xilinx App Store provides customers with a one-stop shop for discovering, evaluating, and deploying FPGA-

accelerated technologies. Make the ideas with a broad customer base of companies around the world readily discoverable.

Secure and Easy Checkout: Enabled with payments through Accelize DRM and Stripe. Flexible subscription plans are available. Choose the business-model accounting – subscription, payment for use, time-based or continuous licensing – The App Store DRM infrastructure helps everything that allows you to concentrate on your clients and grow the added value of your solutions. Deliver it as a Docker container or encrypted IP Core, and work with the App Store team to incorporate the IP Digital Rights Management (DRM) into your IP architecture or FPGA app.

#### **Deployment Options:**

a. Cloud-based HPC is a partner with Nimbix and Amazon AWS.

b. On-premises with Alveo Data accelerator cards/Kria SOMs/PC system.

c. Support for Edge and Embedded computing.

 Easy & Portable: Self-service, free trials, online payment, and Containerized apps. Include application specifics and primary advantages in a profile and product catalog listing in the app store. And we're equipped to publish, explore and sell!



AES 256 IP on Xilinx App Store

# **3-step Easy Evaluation**

1. Select an app as per the requirement.

# **App Store Container Catalog**

Search Filtered Results

| Supported Workload         | $\odot$ | Results per page 30 60 120 150 | Product 🗸 |
|----------------------------|---------|--------------------------------|-----------|
| Video and Image Processing | 9       | Results 1-23 of 23             |           |
|                            | ~       |                                |           |

| Data Analytics              | 6       |                                 |
|-----------------------------|---------|---------------------------------|
| Networking and Security     | 4       | EXILINX High Performance Comp   |
| High Performance Computing  | 2       | 2D Reverse Time                 |
| Machine Learning            | 2       | Migration (RTM)                 |
|                             |         | Reverse Time Migration (RTM) is |
| <b>On-Premises Solution</b> | <b></b> | an important seismic imaging    |
|                             |         |                                 |
|                             |         |                                 |

**E** XILINX. High Performance Computing

**Data Analytics** 

Anti-money laundering application

The Anti-money laundering application is used to detect

2. Get Entitlement.

# b<>com \*Adaptive HDR **Converter\***

Try or Buy

Obtain an entitlement to evaluate

#### or purchase this product. b<>com \*Adaptive HDR Converter\* offers all the benefits of real-time frame-by-frame adaptive conversion techniques, without any need for manual adjustment. Based on an Evaluate for Free intelligent algorithm, this technology guarantees an optimal conversion regardless of the video content. Despite the Begin a free trial and run the adaptive conversion, it does not require the use of metadata, application example below.

#### 3. Download and Run.

#### Results

Once your job is complete, a "case\_ali.webp" WebP encoded sample file will be available in Nimbix



FTP. You can use your internet browser to display it.

You can now use your own input and output folders by using the following command:

docker run -v /tmp/cred.json:/opt/ThunderImage-Premium/server/cred.json -v {YourInputFolder

Click to expand

#### AES 256 IP on Xilinx App Store

# Support for Docker Containers

A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.

Separates application dependencies from infrastructure. In loosely separated environments called a container, Docker offers the ability to pack and run the program. The enclosure and safety allow one to operate several containers on a given host at the same time. Containers are lightweight and hold all the necessary applications so that we do not have to focus on what is running on the host at the moment. You can simply swap containers when you're working to make sure anyone who you share has the same workable container.



# **Chapter 2: FPGA IP Licensing Principle**

The core licensing technology is based on a license key that unlocks the proper functioning of an FPGA design at runtime. After its configuration, the license key is loaded into the FPGA, typically through PCIe. The license key is an encrypted container that provides each protected function within the FPGA with a secret Activation Code. This security is enforced in HDL by inserting blocking points into control logic and masking points into datapath logic using individual bits of the activation code. The design is initially locked when the bitstream is inserted into the FPGA board. After that, you'll need the Accelize DRM library to unlock the design with a valid license.



# **Licensing Modes**

**Static Licensing:** A file-based scheme that is deployed by statically packaging the license key into an encrypted license file, locally stored on the FPGA card hosting server.

**Dynamic Licensing:** A server-based scheme that is executed by a license server delivering license keys. Specifically, a standard stream of time-limited single-use license keys is supplied by the license server.



- **T** Node-Locked Licensing: This is a static licensing mode. A license grant that requires an application to be executed on, and only on, a particular FPGA card, and is perpetual, transferable, and non-revocable.
- **Floating Licensing:** This is a dynamic licensing mode. A Floating License is a license grant that allows execution on any FPGA card of a designated number of concurrent instances of the application.
- **Metered Licensing:** This is also a dynamic licensing mode. It facilitates unrestricted deployment of an application on any FPGA card and includes monthly post-use billing based on calculated use. Metered license grants are linked to authenticated users, and the metering information produced

#### within the FPGA is gathered dynamically and securely by the DRM service.

|                  | Nodelocked     | Floating         | Metered           |    |  |  |
|------------------|----------------|------------------|-------------------|----|--|--|
| Licensing mode   | Static         | Dynamic          | Dynamic           | ò  |  |  |
| entitlement type | fpga card      | User             | User              | 0  |  |  |
| Metric           | FIXED QUANTITY | FIXED QUANTITY   | metered usage     |    |  |  |
|                  | FPGA cards     | Concurrent nodes | Concurrent nodes  |    |  |  |
|                  |                | Time             | Time              |    |  |  |
|                  |                | Data volume      | Data volume       |    |  |  |
| Validity         | Perpetual      | Time-based       | Time-based        |    |  |  |
| Revocability     | ×              | 0                | 0                 |    |  |  |
| Portability      | ×              | 0                | 0                 | -0 |  |  |
| Portability      | $\sim$         |                  | $\mathbf{\nabla}$ |    |  |  |
| usage monitoring | ×              | 0                | 0                 |    |  |  |

# **A** Protected IP **DRM Controller IP** The DRM Controller controls the transmission of confidential information between the System Software (AXI4-Lite Status & Control interface) and the Protected IP Cores (DRM Bus interface).



AES 256 IP on Xilinx App Store

#### The DRM Controller IP's core functions are as follows:

- Read and decrypt the encrypted License Key, and send the Activation Codes and Credit timers to the Protected IP Cores in a safe manner.
- Collect metering data from protected IP cores and send an encrypted and authenticated (~) meteing data block to the system.
- The DRM Controller also collects the design data (Protected IPs VLNVs, 64 bits each) and device (~) identification (Public Chip ID (DNA) or PUF) needed to request the License Key.



drm\_to\_uip0\_tready drm\_to\_uip0\_tvalid drm\_to\_uip0\_tdata uip0\_to\_drm\_tready uip0\_to\_drm\_tvalid uip0\_to\_drm\_tdata drm\_to\_uip1\_tready **DRM Controller** drm\_to\_uip1\_tvalid drm\_to\_uip1\_tdata uip1\_to\_drm\_tready uip1\_to\_drm\_tvalid uip1\_to\_drm\_tdata drm\_to\_uipN-1\_tready drm\_to\_uipN-1\_tvali drm\_to\_uipN-1\_tdat uipN-1\_to\_drm\_tready uipN-1\_to\_drm\_tvali uipN-1\_to\_drm\_tdat

m\_axi\_awread 🛛 📥 m\_axi\_awvalid m\_axi\_awaddr

m\_axi\_wready m\_axi\_wvalid m\_axi\_wdata m\_axi\_wstrb

m\_axi\_bready m\_axi\_bvalid m\_axi\_bresp

m\_axi\_arready m\_axi\_arvalid m\_axi\_araddr

m\_axi\_rvalid m\_axi\_rdata m\_axi\_rresp

m\_axi\_rready

In order to service numerous Protected IPs, only one DRM Controller may be created in the Chip Design. Integrate the DRM controller through following the below steps:

- Give Accelize the amount of protected IP instances you want and they'll provide you the right (~) DRM HDK.
- At the design's top level, instantiate the DRM Controller. (~)
- Connect the AXI4–Lite System Bus to the DRM Controller. (~)
- Activate the DRM Activator and add the DRM interface to protect the IPs. (~)
- Connect the DRM Controller to the various protected IP instances. (~)

#### **AXI4-Lite**



#### **DRM Bus**

The AXI4–Stream protocol is used to communicate on the DRM Bus, with the IP Activator acting as a slave and the DRM Controller acting as the master. The number of Protected IP cores in the architecture determines the size of the DRM bus. There are three sections of each IP connection:

#### The Clock and Reset ports

| Name     | Name Direction |   | Description                         |
|----------|----------------|---|-------------------------------------|
| drm_aclk | in             | 1 | DRM bus clock: must be identical to |



#### The DRM Controller to Activator channel

| Name                          | Direction | Size | Description                                                            |
|-------------------------------|-----------|------|------------------------------------------------------------------------|
| drm_to_uip <idx>_tready</idx> | in        | 1    | AXI4-Stream Ready signal for DRM<br>Controller to IP Activator Channel |
| drm_to_uip <idx>_tvalid</idx> | in        | 1    | AXI4-Stream Valid signal for DRM<br>Controller to IP Activator Channel |
| drm_to_uip <idx>_tdata</idx>  | in        | 32   | AXI4-Stream Data signal for DRM<br>Controller to IP Activator Channel  |

#### The Activator to DRM Controller channel

| Name                          | Direction | Size | Description                                                            |
|-------------------------------|-----------|------|------------------------------------------------------------------------|
| uip <idx>_to_drm_tready</idx> | out       | 1    | AXI4-Stream Ready signal for IP<br>Activator to DRM Controller Channel |
| uip <idx>_to_drm_tvalid</idx> | in        | 1    | AXI4-Stream Valid signal for IP<br>Activator to DRM Controller Channel |
| uip <idx>_to_drm_tdata</idx>  | in        | 32   | AXI4-Stream Data signal for IP<br>Activator to DRM Controller Channel  |

#### **DRM Activator IP**

Communication on the DRM Bus uses an AXI4–Stream protocol where the IP Activator is a slave and the DRM Controller is the master. A single Controller is always required but any number of Activators is supported (1 to N connections).



AES 256 IP on Xilinx App Store

#### The main functionality of the DRM Activator IP is to:

- O Deliver a 128 bits Activation Code to the IP Core for behavior control.
- Maintain a credit timer for time based activation.
- Store a metering counter for activities measurement.



#### **DRM Activator interface with IP to protect**

The interface with the IP Core is a simple register interface with control signals.

| Name            | Direction | Size | Description                                                                                                       |
|-----------------|-----------|------|-------------------------------------------------------------------------------------------------------------------|
| ip_core_aclk    | in        | 1    | IP Core clock                                                                                                     |
| metering_event  | in        | 1    | Level-sensitive signal synchronous to<br>ip_core_aclk that increments the<br>Metering counter when sampled to '1' |
| activation_code | out       | 128  | Activation Code as provided by the<br>License Key currently loaded.                                               |

IP core signals that interact with the DRM Activator must be synced with the IP Core clock domain, ip\_core\_aclk signal. The IP core will implement its own CDC on an internal level. FSM transition and datapath gates are controlled by the IP Core using the 128 bits of the Activation Code output.

The DRM Activator has an inbuilt 64-bit Metering counter that stores the IP Core's activities. When the session is ended, it is synchronously reset through the DRM Bus protocol. It is increased by asserting the metering\_event input for 1 clock cycle under the direction of the IP Core. Because the metering\_event is a level-sensitive signal, ensure it is de-asserted once the event is over.



AES 256 IP on Xilinx App Store

By using conditional logic depending on the Activation Code value, you may protect certain important code (128 bits). Count data metrics associated with IP consumption (bytes, frames, or any other unit) and produce a pulse on the DRM Activator event input for each usage unit.



## **DRM Hardware integration**

You will receive a zip file from Accelize. It has three folders that include the HDK sources:

O The **common** folder contains the activator and controller's IP common structure.

- ✓ The top-level VHDL controller and the Verilog Wrapper are both found in the **controller** folder. Each IP instance in your design has two AXI4-Stream interfaces, thus the controller has the right amount of ports (already protected IPs and IPs to protect).
- ✓ The activator folder contains the VHDL core for the activator as well as numerous simulation and synthesis wrappers. For each IP core type, a single DRM Activator is sent. The same activator will be invoked many times by several instances of the same IP core.

#### **Modify the Design:**

Protect the IP cores: This can be accomplished in a variety of ways. We propose to develop a wrapper in which the DRM Activator and the IP core are instantiated. To integrate DRM protection and usage measurement algorithms, the original IP core must be significantly updated. Managing numerous instances of the same protected IP is built-in with this technique.

Create a wrapper: The wrapper interface combines the IP interface with the DRM AXI4–Stream

- interface for communication with the DRM Controller.
- The most important step is to intelligently change the original IP core such that a piece of IP internal logic is paired with the activation code bits given by the DRM activator signal to activate or deactivate part or all of the IP capabilities.

Page No #11

The activation code's 128 bits are utilized to define criteria for IP activation and deactivation. Individual bits, groups of bits, and ranges of bits can be utilized in the IP code to instrument it in various ways such as gate signals, switch FSM states, and select functional parts.



In the wrapper, instantiate the customized IP core and DRM Activator and connect them. They may  $(\checkmark)$ be instantiated once or several times in your FPGA design once your IP is secured.

You are good to move ahead. Now simulate your design. (~)

# **Chapter 3: AES 256 IP**



The Rijndael cipher was chosen as the symmetric key ciphering algorithm in the AES specification, which stands for "Advanced Encryption Standard." AES encrypts a message using a private key that can only be decrypted by the key holder. This is useful for a variety of purposes, but one example is a laptop that encrypts the contents of the hard disk when it is idle.

A state is a matrix of bytes that the AES utilizes to operate. The plain text is transformed into the final ciphertext after many rounds of transformation. One round reads the state into four 4–byte variables and transforms them, XOR's them using a 32-byte round key, and stores the results. In compliance with the NIST Advanced Encryption Standard, the AES encryption IP core implements Rijndael encoding and decoding. It works with 256-bit blocks and is programmed to work with 256-bit key length.

The AES 256 algorithm processes plain data blocks of 128 bits, generates cipher data blocks of 128 bits using cipher keys of 256 bits (32 bytes). AES uses symmetric key encryption, which involves the use of only one secret key to cipher and deciphers the information. The AES–256 application performs some encryption algorithms on the data provided by the user in the form of the file. The data is then pushed to the Alveo U200 card in the form of a buffer, the device will perform the encryption on the plaintext and send back the ciphertext in the form of a buffer. After the encryption the user will get an output file with the encrypted data in it. In the AES256 application, we don't have any C/C++ kernel, the encryption happens in the RTL kernel.

AES 256 has a key length of 256 bits, supports the largest bit size, and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard and more secure.

#### Vou Cizo

#### Doccible Combinations

#### Rounde

#### Time to Crack (ware)

|  |     | ľ  | xey                                                         | 51Z( | 9 |             | Possible Combinations |       |   |    |   | Rounas |   |              | Time to Crack (years) |               |              |   |   |   |   |    |   |   |   |   |   |   |   |   |
|--|-----|----|-------------------------------------------------------------|------|---|-------------|-----------------------|-------|---|----|---|--------|---|--------------|-----------------------|---------------|--------------|---|---|---|---|----|---|---|---|---|---|---|---|---|
|  |     |    | 12                                                          | 28   |   |             | 3.4 x 10∧38           |       |   |    |   |        | _ | 10           |                       |               | 1.02 x 10∧18 |   |   |   |   |    |   |   |   |   |   |   |   |   |
|  |     |    | 19                                                          | )2   |   |             | 6.2 x 10^57           |       |   |    |   | 12     |   |              |                       | 1.872 x 10∧37 |              |   |   |   |   |    |   |   |   |   |   |   |   |   |
|  |     |    | 25                                                          | 56   |   | 1.1 x 10∧77 |                       |       |   | 14 |   |        |   | 3.31 x 10∧56 |                       |               |              |   |   |   |   |    |   |   |   |   |   |   |   |   |
|  |     |    |                                                             |      |   |             |                       |       |   |    |   |        |   |              |                       |               |              |   |   |   |   |    |   |   |   |   |   |   |   |   |
|  |     |    |                                                             |      |   |             |                       |       |   |    |   |        |   |              |                       |               |              |   |   |   |   |    |   |   |   |   |   |   |   |   |
|  |     |    |                                                             |      |   |             |                       |       |   |    |   |        |   |              |                       |               |              |   |   |   |   |    |   |   |   |   |   |   |   |   |
|  |     |    |                                                             |      |   |             |                       |       |   |    |   |        |   |              |                       |               |              |   |   |   |   |    |   |   |   |   |   | 0 |   |   |
|  |     | 0  |                                                             |      |   | ~           | 0                     |       |   | 0  | 0 | ~      |   |              | - 0                   |               | 0            | 0 | 0 | 0 | ~ | 0  | 0 | 0 | ~ | _ | _ | 0 | _ | 0 |
|  |     | -^ | <b>Logic fruit</b><br>Technologies AES 256 IP on Xilinx App |      |   |             | op S                  | store | e |    |   |        |   |              |                       |               |              |   |   |   |   | #1 |   |   |   |   |   |   |   |   |
|  |     | J. |                                                             |      |   | 1           | 1                     | 4     | 1 |    | 1 | 1      |   | 1            | -                     | 1             | 1            |   |   |   | - |    |   | 1 |   |   | 1 | - | 1 | 1 |
|  | 1.1 |    |                                                             |      |   |             |                       |       |   |    |   |        |   |              |                       |               |              |   |   |   |   |    |   |   |   |   |   |   |   |   |





Block Diagram: AES 256 IP



# Symmetric Encryption vs Asymmetric Encryption

| Attributes     | Asymmetric                                                            | Symmetric                                         |  |  |  |
|----------------|-----------------------------------------------------------------------|---------------------------------------------------|--|--|--|
| Keys           | One entity has a public key and<br>the other entity has a private key | One key is shared between<br>two or more entities |  |  |  |
| Key Exchange   | Distributed inbound                                                   | Out of bound                                      |  |  |  |
| Speed          | The algorithm is more complex and slower                              | The algorithm is less complex and faster          |  |  |  |
| Number of keys | Grows linearly as users<br>grow                                       | Grows exponentially as users grow                 |  |  |  |
| Use            | Key encryption and distributing keys                                  | Bulk encryption                                   |  |  |  |
| Security       | Confidentiality, authentication,<br>non-repudiation                   | Confidentiality                                   |  |  |  |

#### **Key Features & Benefits**

O Data Path runs on 100 MHz X 256 width.

Programming of Key and Initialization Vector Supported.

O Buffer-free implementation of RTL code is fast and easy to integrate into SoCs.

Operation of the second sec

Support for CTR mode. On-demand availability for CBC mode.

Solution Type: IP Core.

End-Market: Automotive, Broadcast, Consumer, Industrial, Medical, Military, Computer & Storage, Wireless.

#### **Core Implementation**

The input signals are synchronized and sampled on the clock's rising side. Flip-flops drive output signals, which are not coupled directly to input signals by combinational circuits.

# Signal Signal Mode



|   | Name        | width |    |                                                                                                              |   |            |
|---|-------------|-------|----|--------------------------------------------------------------------------------------------------------------|---|------------|
|   | clk         | 1     | in | Clock signal. Sets up the operational clock frequency.                                                       |   | )   0<br>] |
|   | rst         | 1     | in | Reset signal.                                                                                                |   | 0          |
|   | init_vector | 256   | in | The initialization vector is an arbitrary number that is used along with the secret key for data encryption. |   | 1          |
|   |             |       |    |                                                                                                              |   | 0          |
| 0 |             |       |    |                                                                                                              |   | 1          |
|   |             |       |    | nx App Store                                                                                                 |   |            |
|   |             |       |    |                                                                                                              | 1 |            |

| plaintext  | 256 | in  | A message before encryption or after decryption.<br>(Input data)                            |
|------------|-----|-----|---------------------------------------------------------------------------------------------|
| cipherkey  | 256 | in  | AES Cipher key is used for enciphering and deciphering data.                                |
| valid_in   | 1   | in  | This indicates the plain text is valid to process at the input terminal.                    |
| valid_out  | 1   | out | This indicates the cipher-text is encrypted correctly and available at the output terminal. |
| ciphertext | 256 | out | Encrypted data are available to send or use accordingly.                                    |

# **FPGA Device Utilization: Post-synthesis results**

| Tool/IDE                        | Xilinx Vivado |
|---------------------------------|---------------|
| Number of Slice<br>Registers/FF | 18511         |
| Number of Slice LUTs            | 48528         |
| Number of LUTRAM                | 1792          |
| Number of Block RAM             | 4             |

# **Product Release Support: Performance and Quality metrics**

| Maximum Frequency         | 125 MHz                                      |
|---------------------------|----------------------------------------------|
| Throughput                | It is a pipelined design. (up to 256/8 Gbps) |
| Input-to-Output Delay     | 16 clock–cycles                              |
|                           |                                              |
| <b>IP Quality Metrics</b> | Generic                                      |
| Simulators supported      | Modelsim, Xilinx Vivado, Lattice Radiant     |
|                           |                                              |



| <b>IP Quality Metrics</b>                                  | Deliverables                                             |
|------------------------------------------------------------|----------------------------------------------------------|
| Design file (encrypted source code/post-synthesis netlist) | Target specific netlist/fully synthesizable source code  |
| Testbench or design example                                | Simulation model and testbench with<br>FIPS test vectors |
| Documentation with revision<br>control                     | Included                                                 |
| Readme file                                                | Yes                                                      |
| Additional customer deliverables                           | On-demand availabilities                                 |

# **Secure Algorithm: Data-Security and Privacy:**

- Cache Attack: The IP doesn't have any memory elements. It doesn't hold the plain text, keys, and  $(\checkmark)$ initialization vector in the system.
- Timing Attack: The time to complete the encryption or decryption doesn't depend on the complexity  $(\checkmark)$ of the key/initialization vector. So the execution time depends on the size of plain text.
- Power Monitoring Attack: The power variation of the hardware is very low. (~)
- Solution EM Fault Analysis Attacks: Hardware design(board EM shielding) makes sure the secret data is secure.
- Masking and temporal noise insertion with desynchronization make the IP SPA & DPA secure. (TRNG  $(\checkmark)$ code block can be introduced to generate a random number to mask the actual transactions - TBD)

# **Chapter 4: Xilinx Vitis Environment**

Note: The steps and procedure given in this section is applicable to PC running on Ubuntu.

# **Install OpenCL Installable Client Driver Loader**

On Ubuntu, the ICD library is packaged with the distribution. Install the following packages: ocl-icd-libopencl1 ⊘ opencl-headers ⊘ ocl−icd−opencl−dev

#### **Vitis Software Platform Installation**

- **1.** Go to the Xilinx Downloads Website.
- **2.** Download the installer for your operating system.
- **3.** Run the installer, which opens the Xilinx Unified 2020.2 Installer. Click Next.



AES 256 IP on Xilinx App Store

**4.** Enter your Xilinx user account credentials, and then select Download and Install Now. Click Next.

**5.** Accept the terms and conditions by clicking each I Agree checkbox. Click Next.

6. Select Vitis, and then click Next.

7. Optionally, customize your installation by selecting design tools and devices, and then click Next.

**8.** Select the installation directory, optional shortcut, and file association options, and then click Next.

**9.** Review the installation summary, which shows the options and locations you have selected.

**10.** To proceed with the installation of the Vitis software platform, click Install.

# **Installing Xilinx Runtime and Data Center Platforms**

**1.** To download the DEB file, go to the Alveo Packages webpage.

**2.** Select your platform and operating system and proceed and follow the steps 1 to 3 on the webpage or continue as below:

#### i. Download the Xilinx Runtime

The Xilinx runtime (XRT) is a low-level communication layer (APIs and drivers) between the host and the card. Download the package and enter the command to install the package.

Install using: sudo apt install <deb-dir>/<xrt\_filename\_OS>.deb

#### ii. Installing Data Center Platforms

**Download the Deployment Target Platform:** The deployment target platform is the communication layer physically implemented and flashed into the card. Download the package.

Install using: sudo apt install <deb-dir>/<deployment\_shell\_filename\_OS>.deb

**Download the Development Target Platform:** The development target platform is required if you are building your own applications. Download the package.

Install using: sudo apt install <deb-dir>/<development\_shell\_filename\_OS>.deb

## Setting Up the Environment to Run the Vitis Software Platform

To configure the environment to run the Vitis software platform, run the following scripts, which set up the environment to run in a specific command shell.

**#setup: XILINX\_VITIS and XILINX\_VIVADO variables** source <Vitis\_install\_path>/Vitis/2020.2/settings64.sh

**#setup: XILINX\_XRT**source /opt/xilinx/xrt/setup.sh

After setting up the environment enter the command to open the Vitis IDE: vitis (Required if manually working with the IDE. Often used with command-line tools and scripts.)

To specify the location of any platforms you have installed as directed in Installing Data Center Platforms, set the following environment variable:

export PLATFORM\_REPO\_PATHS=<path to platforms>



AES 256 IP on Xilinx App Store

# **Chapter 5: Build and Run App**

# Synthesize the app design

- **1. Edit Makefile:** The one located in the parent folder of the app project. The required variables are set as per the specified directory structure at the original app build time. Please update the required variables as per the directory structure in your project and PC.
  - Change "VTS\_PLATFORM" variable 1.
  - ii. Change "OUTPUT\_DIR" variable
  - iii. Change "KERNEL\_FREQ\_MHZ" variable [Optional, if required]

#### 2. Setup Vitis and XRT Environment

*#setup: XILINX\_VITIS and XILINX\_VIVADO variables* source <Vitis\_install\_path>/Vitis/2020.2/settings64.sh *#setup: XILINX\_XRT* source /opt/xilinx/xrt/setup.sh

3. Launch synthesis

- Enter command: make clean\_all (clears previous object and output files) 1.
- ii. Enter command: make (launches the app build process)

#### **Compile & Run the Application**

**Prerequisites:** If designing and developing any new application with Accelize DRM.

**1.** Create an account on [Accelize Portal] (https://portal.accelize.com)

- 2. Create your Access Key on [Accelize Portal Access Key] (https://portal.accelize.com/front/cus tomer/apicredential)
- **3.** Follow and Install [Accelize DRM Library] (http://accelize.s3-website-eu-west-1.ama) zonaws.com/documentation/stable/drm\_library\_installation.html#installation-frompackages) version 2.3 or higher

Replace "app/{your-exec-env}/cred.json" with your Access Key

Edit "app/{your-exec-env}/conf.json" to change "boardType" and "frequency" parameters [Optional]

#### **On-Premise Execution**

cd app source /opt/xilinx/xrt/setup.sh make clean all ./app {path-to-xclbin}

AES 256 IP on Xilinx App Store

# Minimum System Requirements

The minimum system requirements for running the Alveo™ U200 Data Center accelerator cards are listed below:

| Component           | Requirement                                                                                                                                                                                                              |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Motherboard         | PCI Express® 3.0-compatible with one dual-width x16 slot                                                                                                                                                                 |
| System Power Supply | 225W via PCI Express Slot connection and<br>8-pin PCI Express Auxiliary Power cable.                                                                                                                                     |
| Operating System    | <b>Linux, 64-bit:</b><br>• Ubuntu 16.04, 18.04 • CentOS 7.4, 7.5, 7.6<br>• RHEL 7.4, 7.5, 7.6                                                                                                                            |
| System Memory       | For deployment installations, a minimum of 16 GB<br>plus application memory requirements is required.<br>For development installations, a minimum of<br>64 GB of device memory is required,<br>but 80 GB is recommended. |
| Internet Connection | Required for downloading drivers and utilities.                                                                                                                                                                          |
| Hard disk space     | Satisfy the minimum system requirements for your operating system.                                                                                                                                                       |
|                     |                                                                                                                                                                                                                          |

#### **Development Environment**

|     |     |                                            |                                                                                                  | 0   |     |     |    |   |
|-----|-----|--------------------------------------------|--------------------------------------------------------------------------------------------------|-----|-----|-----|----|---|
|     |     | Component                                  | Output ( host machine )                                                                          |     |     |     |    |   |
|     |     | o<br>OS Version                            | Operating System: Ubuntu 18.04.5 LTS                                                             |     |     |     |    |   |
|     |     | Kernel Version                             | Kernel: Linux 5.4.0-73-generic                                                                   |     |     |     |    |   |
|     |     | Vitis Version                              | Vitis v2020.2 (64-bit)                                                                           |     |     |     |    |   |
|     |     | Driver Used                                | Xclmgmt , xocl                                                                                   |     |     |     |    |   |
|     |     |                                            | Card type: u200<br>Flash type: SPI                                                               |     |     |     |    |   |
|     |     | o<br>O<br>Specification                    | Flashable partition running on FPGA:<br>xilinx_u200_xdma_201830_2,<br>[ID=0x5d1211e8],[SC=4.2.0] |     |     |     |    |   |
|     |     | o about the card                           | Flashable partitions installed in system:                                                        |     |     |     |    |   |
|     |     |                                            | xilinx_u200_xdma_201830_2,<br>[ID=0x5d1211e8],[SC=4.2.0]                                         |     |     |     |    |   |
|     |     | BSP Version                                | [0000:01:00.0]                                                                                   |     |     |     |    |   |
|     |     | 0 BSP Version                              | 20.10.6                                                                                          |     |     |     |    |   |
|     |     |                                            |                                                                                                  |     |     |     |    |   |
| 001 |     |                                            |                                                                                                  |     |     |     |    |   |
|     |     | <b>Logic fruit</b><br>Technologies AES 256 | P on Xilinx App Store                                                                            | Pag | e N | o # | 19 |   |
| 0 0 | 0 0 |                                            |                                                                                                  | 0 ( |     | 0   | 0  | 0 |

# **Chapter 6: Docker Containers and App Run**

# Development Environment

| Component           | Requirement                                                                          |
|---------------------|--------------------------------------------------------------------------------------|
| Motherboard         | PCI Express® 3.0-compatible with<br>one dual-width x16 slot                          |
| System Power Supply | 225W via PCI Express Slot connection and 8-pin<br>PCI Express Auxiliary Power cable. |

| Operating System    | <b>Linux, 64-bit:</b><br>• Ubuntu 16.04, 18.04 • CentOS 7.4, 7.5, 7.6<br>• RHEL 7.4, 7.5, 7.6                                                                                                                            |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| System Memory       | For deployment installations, a minimum of 16 GB<br>plus application memory requirements is required.<br>For development installations, a minimum<br>of 64 GB of device memory is required,<br>but 80 GB is recommended. |
| Internet Connection | Required for downloading drivers and utilities.                                                                                                                                                                          |
| Hard disk space     | Satisfy the minimum system requirements for your operating system.                                                                                                                                                       |
| Platform            | Alveo U200                                                                                                                                                                                                               |
|                     | 1.                                                                                                                                                                                                                       |

# Flow of AES app

**1.** Open Xilinx Device and Load the XCLBIN.

**2.** Set up the Buffers that are used to transfer the data between the host and the device.

**3.** Use the Buffer APIs for the data transfer between host and device (before and after the kernel execution).

**4.** Use Kernel and Run handle/objects to offload and manage the compute-intensive tasks running on FPGA.

# Run the AES 256 App on Xilinx App Store

1. Obtain an Account Access Key: An access key is required to authenticate a user and grant them access to

the application based on their entitlements. To obtain your account access key, follow these steps:

- Login to <u>Xilinx App Store</u>
- **ii.** Click the button labeled "Manage Account" to view entitlements.
- **iii.** Click the "**Access Key**" link on the left side menu
- iv. Click the "Create an Access Key" button.
- **v.** Download the resulting file "**cred.json**" to the home location or recommended to in /tmp folder





- **2.** [**Optional**] If you generate the cred. json file you can directly run the application by running the demo script just for dry run.
- **3. Host Setup:** The Xilinx Runtime (XRT) host application is supported on Ubuntu 16.04 /18.04 and CentOS 7.x. With sudo access, use the following command to download and run the setup script:
  - Clone GitHub Repository for Xilinx Base Runtime 1. *git clone <u>https://github.com/Xilinx/Xilinx\_Base\_Runtime.git</u>*
  - ii. Go to the Xilinx Base Runtime cd Xilinx\_base\_Runtime

  - **iii.** Run the Host Setup Script ./host\_setup.sh -v 2020.2

**Note:** Please wait for the installation to complete. During this time you may need press [Y] to continue the host setup.

If you choose to flash the FPGA, you will need to cold reboot the local machine after the installation is completed to load the new image on the FPGA. The script for host setup can be used to set up other versions XRT and shell. Please check <u>https://github.com/Xilinx/Xilinx\_Base\_Runtime</u> for more details.

**4. Install Docker (If not installed already):** With sudo access, use the following command to run the utility script to install docker.

- Go to Xilinx\_Base\_Runtime utilities directory a. cd Xilinx\_Base\_Runtime/utilities
- b. Run the Docker installation script ./docker\_install.sh

This command will let us install docker on the host machine. To verify that the Docker has been properly installed you can run docker run hello-world

By default the Docker daemon will check if the host machine has the image of the hello-world if not found it will automatically pull the images from the Docker Hub.

If docker is already installed, enable it:

systemctl restart docker

systemctl enable docker



# **Application Execution**

Enter the following commands in a terminal window to run the application:

**1.** Setup Environment Variables by script from Xilinx\_Base\_Runtime

source Xilinx\_Base\_Runtime/utilities/xilinx\_docker\_setup.sh

**2.** Pull the Docker Image from Docker Hub

docker pull xilinx/hubxilinx/logicfruit\_aes256\_u2oo:latest

**3.** Run this single command to run the Docker Image and the AES\_APP

docker run –rm –v \$(pwd)/cred.json:/cred.json –v bin\_test.bin:/AES/bin\_test.bin \$XILINX\_DOCKER\_ DEVICES –-shm-size=64Ghubxilinx/logicfruit\_aes256\_u2oo:latest

# **Description of the Command Arguments**

- $\bigcirc$  --rm : Automatically remove the container when it exits.
- -v /(Absolute path from the host machine)/cred.json:/cred.json Map local cred.json dir : container ("/") directory.
- -v /(PATH of the file on which AES have to done)/FILENAME:/AES/(FILENAME) Map the local dir : container dir for the input data file.

for eg my file is bin.test.bin -v /home/logic-fruit/bin.test:/bin.test,bin

✓ \$XILINX\_DOCKER\_DEVICES – Environment variable set by the host setup script

In the \$XILINX\_DOCKER\_DEVICES environment variable, list down the device's information that is present on the host machine out to the docker container so that our docker container knows on which device we need to run.

echo \$XILINX\_DOCKER\_DEVICES

--device=/dev/xclmgmt256:/dev/xclmgmt256
--device=/dev/dri/renderD128:/dev/dri/renderD128
--device=/dev/dri/renderD129:/dev/dri/renderD129

#### ii. Host Application Details

This is a list of packages that are required to install.



Vim
 g++
 xcl2.hpp (very important header fill for the Opencl)
 ocl-icd-libopencl1
 lsb-release

#### Dkms (~)

#### udev $(\checkmark)$

- udev:i386  $\checkmark$
- python3  $\bigtriangledown$
- ✓ ocl−icd−opencl−dev
- uuid-dev (~)
- libboost-filesystem1.65.1  $(\checkmark)$
- libboost-program-options1.65.1

- libboost-system1.65.1  $(\checkmark)$
- libc6  $(\checkmark)$
- libgcc1  $\checkmark$
- libncurses5 (~)
- libprotobuf10  $(\checkmark)$
- libssl1.1 (~)
- libstdc++6 (~)
- libtinfo5 (~) libudev1  $\checkmark$

libuuid1 (~) libyaml-0-2  $(\checkmark)$ ✓ ocl−icd−libopencl1 ocl-icd-libopencl1  $\langle \cdot \rangle$ vidia-libopencl1-340

# **Environment setup**

source /opt/xilinx/xrt/setup.sh

This will set up the environment variables required for building the host code

hitesh@hitesh-Lenovo-V330-14IKB:-\$ source /opt/xilinx/xrt/setup.sh XILINX XRT : /opt/xilinx/xrt : /opt/xilinx/xrt/bin:/home/hitesh/.local/bin:/usr/local/sbin: PATH //usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/bin:/usr/games:/usr/local/games:/snap/b in : /opt/xilinx/xrt/lib: LD LIBRARY PATH : /opt/xilinx/xrt/python: PYTHONPATH hitesh@hitesh-Lenovo-V330-14IKB:-\$

#### AES 256 IP on Xilinx App Store



## Source Code Structure

We have a single folder that contains our source code (main.cpp), Makefile for the compilation, and giving out the executable and the required xcl2.hpp header file. We don't have a modular code in this application.

# Logic Implementation

The whole host code is written in C++.

1. The host and kernel code is compiled separately to create separate executable files: the host pro gram executable ( APP ) and the FPGA binary (.xclbin). When the host application runs, it must load

#### the .xclbin file

- 2. We provide the Kernel binary (xclbin) file through the command line argument so it is captured into **char\* argv[1]** and used by the host applications.
- 3. Then we initialize 2 vectors to store the data and to get the data back from the FPGA after encryption.
- 4. Then our host application needs to identify a platform composed of one or more Xilinx devices.
- 5. After the Xilinx platform is found the application needs to identify the corresponding Xilinx devices.
- 6. Then we create a context that contains a Xilinx Device that can communicate with the host ma chine.
- 7. Then we create a command queue for each device. This command queue is a Single out-of-order command queue which means multiple kernel executions can be requested through the same command queue. XRT dispatches kernels as soon as possible, in any order, allowing concurrent kernel execution on the FPGA.
- 8. Host application reads the data from the kernel binary file (xclbin) provided in the **char\* argv[1]**. And save the data into a character pointer.
- We take the device handle which is obtained by opening a device. We can pass this device handle to refer to the opened devices in all future interaction with XRT. Function used ( <u>"xclDeviceHandle</u> xclOpen<u>(unsigned deviceIndex, const char \*logFileName, xclVerbosityLevel level)</u>").
   10DRM Sessions starts.
- 10. DRM Sessions starts.
- 11. After setting up the runtime environment, such as identifying devices, creating the context, com mand queue, and program, the host application should identify the kernels that will execute on the device, and set up the kernel arguments.
- Then we should access the kernels contained within the .xclbin file (the "program"), identify a kernel in the program loaded into the FPGA that can be run by the host application.
   Then three kernels are made: kernel\_input, kernel\_adder, kernel\_output respectively.
- 14. We set up the kernel arguments as memory buffer arguments that are used for large data transfer. The value is a pointer to a memory object created with the context associated with the program and kernel objects and can be used as inputs to, or outputs from the kernel.





- 15. Then we make the two buffers buffer\_input and buffer\_output as the interactions between the host program and hardware kernels rely on these buffers, transferring data to and from the memory in the device.
- 16. We need to set up kernel arguments as early as possible as the XRT will error out if we try to mi grate the buffer before XRT knows where to put it on the device. Therefore, set the kernel arguments before performing any enqueue operation on any buffer.
- 17. Then we write data from the host memory to the buffer\_input using the enqueueWriteBuffer, this helps to enable the software pipelining from the host machine to the device buffer.Function used ( "cl\_int clEnqueueWriteBuffer (cl\_command\_queue command\_queue,cl\_mem buffer,cl\_ bool blocking\_write,size\_t offset,size\_t cb,const void \*ptr,cl\_uint num\_events\_in\_wait\_list, const cl\_event \*event\_wait\_list,cl\_event \*event)" ).
- 18. RTL Kernel is executed only one time and works on the entire range of the data, the parallelism is achieved on the FPGA inside the kernel hardware. If properly coded, the kernel is capable of achieving parallelism by various techniques such as instruction-level parallelism (loop pipeline) and function-level parallelism (dataflow). This happens symmetrically.
- 19. XRT schedules the workload, or the data passed through OpenCL buffers from the kernel argu ments, and schedules the kernel tasks to run on the accelerator on the Xilinx FPGA.
- 20. FPGA then performs the encryption on the data and copies it to the buffer\_output.
- 21. Then we read the data from the buffer\_output and copy it to the localhost machine using the en queueReadBuffer, this helps to enable the software pipelining from the host machine to the device buffer. Function used ( *"cl\_int clEnqueueReadBuffer (cl\_command\_queue com mand\_queue,cl\_mem buffer,cl\_bool blocking\_read,size\_t offset,size\_t cb, void \*ptr,cl\_uint num\_events\_in\_wait\_list,const cl\_event \*event\_wait\_list,cl\_event \*event)"*).
- 22. We use the Clfinish() function which is explicitly used to block the host execution until the kernel

execution is finished. This is necessary otherwise the host can attempt to read back from the FPGA buffer too early and may read garbage data.

23. DRM session ends.

24. The final data (Encrypted data) is copied to a file where the user can view it.

# **Key Steps**

Setting Up the Runtime Environment.

1. Getting Platforms.

2. Getting Devices.

3. DRM starts.

- 4. Setting Up Kernels.
- 5. Buffer Creation and Data Transfer.
- 6. Setting Kernel Arguments.
- 7. Kernel Execution.
- 8. Event Synchronization.
- 9. DRM stops. 0 0



# **Flow chart**



#### **Data Flow**

- 1. Vectors are initialized.
- 2. Data from the input file are read and written in those vectors.
- 3. Two buffers named input \_\_buffer and output \_\_buffer for input and output are made respectively.
- 4. The data is copied from the host memory to the buffer using the function
- 5. Write Function = ( "cl\_\_int cl::CommandQueue::enqueueWriteBuffer(const Buffer& buffer, cl\_\_bool blocking\_write, ::size\_t offset, ::size\_t size, const void \* ptr, const VECTOR\_CLASS<Event> \* events = NULL, Event \* event = NULL)").
- 6. Using this buffer\_input FPGA( alveo u200 ) read the data from the buffer and performs AES en cryption on it. Then FPGA writes the encrypted data to the buffer \_\_output.

7. FPGA reads the data from the buffer\_output and copies the data to host memory.

8. Read Function = ( "cl\_\_int cl::CommandQueue::enqueueReadBuffer(const Buffer& buffer, cl\_\_bool blocking\_read, ::size\_t offset, ::size\_t size, const void \* ptr, const VECTOR\_CLASS<Event> \* events = NULL, Event \* event = NULL)").

9. Host memory data is then copied to a file for the user to see the encrypted output.

## **Integration with DRM**

1. The DRM in our source code (main.cpp) checks for files ("conf.json") and ("cred.json").

- 2. If both these files are successfully acquired by the DRM, then DRM will the activate function ( "void activate( const bool& resume\_session\_request = false );") to start the session, this function activate/unlocks the hardware by unlocking the protected IPs in the FPGA and opening a DRM session. If a session is still pending the behavior depends on the "resume\_session\_request" argument. If true the session is reused. Otherwise, the session is closed and a new session is created. This function will start a thread that keeps the hardware unlocked by automatically up dating the license when necessary. When this function returns and the license is valid, the protected IPs are guaranteed to be unlocked.
- 3. After successfully running the AES256 application, DRM will call the deactivate function ("void deactivate( const bool& pause\_session\_request = false );") to close the session. This function de activates/locks the hardware back and closes the session. In this case, the session is kept open for later use. This function will join the thread keeping the hardware unlocked. When the function re turns, the hardware is guaranteed to be locked.





# **Compilation/build Steps**

We compile our host code (main.cpp) with a Makefile by running the make command. Makefile provides the important flag to compile the host application and build the executable file (APP).

# **Docker Container Details**

#### **Dependency List**

There are some packages we need to be installed.

docker

libc6

libglib2.0-0 (~)

Libx11-6 (~)

#### **Environment setup**

1. git clone <u>https://github.com/Xilinx/Xilinx\_Base\_Runtime.git</u>

2. sudo ~/Xilinx\_Base\_Runtime/utilities/./docker install.sh

3. source ~/Xilinx\_Base\_Runtime/utilities/xilinx\_docker\_setup.sh

#### **Development Steps**

- 1. We have made a Dockerfile which is simply a text-based script of instructions that is used to create a container image.
- 2. We have started FROM the image Xilinx/xilinx\_runtime\_base:alveo-2020.2-Ubuntu-18.04 image. But, since we didn't have that on our machine, that image needed to be downloaded.
- 3. Then we copy files that we require to build the application like copy host code (main.cpp), Make file, and xcl2.hpp to docker containers.
- 4. We install the important packages required to run our application like g++, curl, etc to fulfill all the dependencies for making the (APP).
- 5. Then we build the application as we copy the host code (main.cpp) and Makefile to the container and compile it by running the make all command which gives us the executable file (APP).
- 6. Then we build the container images in which we will install the important packages required to run our application.
- 7. We copy the xclbin file (FPGA binary file) which is required to run, the APP is copied from the
  - host machine to the docker container.
- 8. Then in the Dockerfile we set up some Environment Variables to run the app smoothly.
- 9. Finally, our Docker container will be able to run the following command to start the application. When the host application runs, it must load the xclbin file.

For Example :-

<./app/xclbin/ABC.xclbin >





#### **Integration with host application:**

- 1. In order to build the container we require Dockerfile which is simply a text based script of instructions that is used to create a container image.
- 2. Our DockerFile is a multi-stage build.
- 3. In Stage 1 of Dockerfile we build the application as we copy the host code (main.cpp) and Makefile to the container and compile it by running the make all command which gives us an executable file (APP).
- 4. In Stage 2 of Dockerfile, we build the container image as we copy the xclbin, conf. json, and the APP from the previous stage.

5. By running the "docker run" command the docker container will automatically start and execute

the command to run the applications.

6. < ./app /xclbin/abc.xclbin >

#### **Container building steps**

We have made a multi-stage Dockerfile in which artifacts can be reused from one stage to another stage, leaving behind everything we don't want in our final images. This helps us in increasing the efficiency of the Dockerfile and gives us the benefits of easy to read, easy to maintain and it slims down by reducing some layers in the Dockerfile and reducing the complexity.

#### **Publishing/Hosting**

To publish a docker image we need to follow the following steps:

1.Go to the <u>docker hub</u>.

2.Setup your Username and password.

3. Create a repository by giving the name and the description and setting its visibility mode. 4.We need to build the docker image from the docker file and a "context". Context is a set of the files located in the specified PATH so that if any changes are made it is updated to the new image. For eg :- docker build -t hubxilinx/logicfruit\_aes256\_u2oo:latest.

| Create Repository    | Pro tip                                                                         |
|----------------------|---------------------------------------------------------------------------------|
|                      | You can push a new image to this repository using the CLI                       |
| hitesharora97 🗸 Name | docker tag local-image:tagname new-repo:tagname<br>docker push new-repo:tagname |
| Description          | Make sure to change <i>tagname</i> with your desired image reposit tag.         |

Visibility

Using 0 of 1 private repositories. Get more

Public 🕥 Appears in Docker Hub search results

0

Private 🛍 Only visible to you

#### Build Settings (optional)

Autobuild triggers a new build with every git push to your source code repository. Learn More.

Connected Disconnected

> **Create & Build** Create Cancel



5. The final step is to share the image on to the docker hub as it is ready for deployment. For eg :- *docker push hubxilinx/logicfruit\_aes256\_u2oo:latest* 

# **Application Usage**

The application is containerized and can be easily run in a few minutes on the Alveo card U200.

#### **Runtime Environment**

| Component | Requirement |
|-----------|-------------|
|           |             |

| Motherboard         | PCI Express® 3.0-compatible with<br>one dual-width x16 slot                                                                                                                                                              |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| System Power Supply | 225W via PCI Express Slot connection and 8-pin<br>PCI Express Auxiliary Power cable.                                                                                                                                     |
| Operating System    | <b>Linux, 64-bit:</b><br>• Ubuntu 16.04, 18.04 • CentOS 7.4, 7.5, 7.6<br>• RHEL 7.4, 7.5, 7.6                                                                                                                            |
| System Memory       | For deployment installations, a minimum of 16 GB<br>plus application memory requirements is required.<br>For development installations, a minimum<br>of 64 GB of device memory is required,<br>but 80 GB is recommended. |
| Internet Connection | Required for downloading drivers and utilities.                                                                                                                                                                          |
| TTand dials an ago  | Satisfy the minimum system requirements for                                                                                                                                                                              |

#### Hard disk space

your operating system.

#### Platform

#### Alveo U200

#### Prerequisite

This application supports the Xilinx FPGA Alveo U200 card at this moment. To run this application on users machines, please make sure:

For Alveo U200, Xilinx FPGA Alveo U200 (shell xilinx\_u200\_xdma\_201830\_2) card is installed correctly. (default device id is 0)

Ocker (with sudo access): When deployed in Nimbix, PushToCompute flow will deploy the application in an instance with ubuntu18.04, U200, and XRT 2020.2.

#### **Useful Xilinx commands:**

# Command To Check cat etc/os-release uname -r AES 256 IP on Xilinx App Store Page No #29

#### vitis -version

sudo lspci -vd 10ee:

sudo /opt/xilinx/xrt/bin/unwrapped/xbmgmt flash –-scan –-verbose

sudo /opt/xilinx/xrt/bin/unwrapped/xbmgmt flash –-scan

docker version

#### iii. Check whether the FPGA is connected and in a working state:

#### source /opt/xilinx/xrt/setup.sh

| Commands        | Usage                                                                                                                                             |
|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
| xbutil scan     | List the card available on the devices , the XRT information & the system configurations                                                          |
| xbutil validate | This command will check the proper functioning<br>of the FPGA on your host machine and even<br>will flash the FPGA card on the host machine       |
| xbutil query    | This command will show all the important information<br>about the FPGA card such as card temperature,<br>card memory, power supplied to the card. |
| xbutil reset    | To reset the PL on FPGA.                                                                                                                          |

# **Chapter 7: Troubleshooting**

## Successful Build

The successful build of an application is similar to the below message screen.

dheeraj@dheeraj-Latitude-E5470: ~/xilinx\_app/AES\_256/aes\_256\_u200

File Edit View Search Terminal Help

020.1\_u200\_xdma\_201830\_2.xclbin

Leaving xclbinutil.

INFO: [v++ 60-1441] [15:46:31] Run run\_link: Step xclbinutil: Completed

Time (s): cpu = 00:00:00.13 ; elapsed = 00:00:00.21 . Memory (MB): peak = 1346.414 ; gain = 0.000 ; free physical = 12830 ; free virtual = 147

INFO: [v++ 60-1443] [15:46:31] Run run\_link: Step xclbinutilinfo: Started

INFO: [v++ 60-1453] Command Line: xclbinutil --quiet --force --info /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4 .1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xclbin.info --input /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_ 2020.1\_u200\_xdma\_201830\_2.xclbin

INFO: [v++ 60-1454] Run Directory: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/link/run\_link

INFO: [v++ 60-1441] [15:46:32] Run run\_link: Step xclbinutilinfo: Completed

Time (s): cpu = 00:00:00.95 ; elapsed = 00:00:01 . Memory (MB): peak = 1346.414 ; gain = 0.000 ; free physical = 12830 ; free virtual = 14796 INFO: [v++ 60-1443] [15:46:32] Run run\_link: Step generate\_sc\_driver: Started

INFO: [v++ 60-1453] Command Line:

INFO: [v++ 60-1454] Run Directory: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/link/run\_link

INFO: [v++ 60-1441] [15:46:32] Run run\_link: Step generate\_sc\_driver: Completed

Time (s): cpu = 00:00:00 ; elapsed = 00:00:00.01 . Memory (MB): peak = 1346.414 ; gain = 0.000 ; free physical = 12830 ; free virtual = 14796 INFO: [v++ 60-244] Generating system estimate report...

INFO: [v++ 60-1092] Generated system estimate report: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/reports/link/system\_estimate\_rtl\_adder\_ pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xtxt

INFO: [v++ 60-586] Created /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.ltx INFO: [v++ 60-586] Created /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xclb

INFO: [v++ 60-1307] Run completed. Additional information can be found in:

Guidance: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/reports/link/v++\_link\_rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_2018 30\_2\_guidance.html

Timing Report: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/reports/link/imp/xilinx\_u200\_xdma\_201830\_2\_bb\_locked\_timing\_summary\_ro uted.rpt

Utilizations Report: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/reports/link/imp/kernel\_util\_routed.rpt

Vivado Log: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/logs/link/vivado.log

Steps Log File: /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/\_x/logs/link/link.steps.log

INFO: [v++ 60-2343] Use the vitis\_analyzer tool to visualize and navigate the relevant reports. Run the following command. vitis\_analyzer /home/dheeraj/xilinx\_app/AES\_256/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xclbin.link\_ summary

INFO: [v++ 60-791] Total elapsed time: 2h 32m 31s

INFO: [v++ 60-1653] Closing dispatch client.

dheeraj@dheeraj-Latitude-E5470:~/xilinx\_app/AES\_256/aes\_256\_u200\$



#### AES 256 IP on Xilinx App Store



88

# Use Vitis Analyzer tool to visualize and navigate reports

Use command: vitis\_analyzer <path\_to>/xclbin/<file\_name>.xclbin.link\_summary

#### Some of the analyzer reports are attached here for reference.



#### [Error] Unable to find DRM controller registers

Could not access DRM controller registers.

INFO: Reading /home/user/xilinx\_app/GettingStarted\_Examples/Hardware/Xilinx\_Vitis/rtl\_adder\_pipes\_Alveo/ xclbin/rtl\_adder\_pipes\_hdk\_4.2.1\_vitis\_2020.1.xclbin done! [**error ]** 2685 , Unable to find DRM Controller registers. Could not access DRM Controller registers. Please verify:

-The read/write callbacks implementation in the SW application: verify it uses the correct offse t address of DRM Controller IP in the design address space.

-The DRM Controller IP instantiation in the FPGA design: verify the correctness of 16-bit addres s received by the AXI-Lite port of the DRM Controller.

[critical] 2685 , [errCode=20001] Unable to find DRM Controller registers.

Could not access DRM Controller registers.

Please verify:

-The read/write callbacks implementation in the SW application: verify it uses the correct offse t address of DRM Controller IP in the design address space.

-The DRM Controller IP instantiation in the FPGA design: verify the correctness of 16-bit addres s received by the AXI-Lite port of the DRM Controller. terminate called after throwing an instance of 'Accelize::DRM::Exception' what(): [errCode=20001] Unable to find DRM Controller registers. Could not access DRM Controller registers. Please verify:

-The read/write callbacks implementation in the SW application: verify it uses the correct offse t address of DRM Controller IP in the design address space.

-The DRM Controller IP instantiation in the FPGA design: verify the correctness of 16-bit addres s received by the AXI-Lite port of the DRM Controller.

Aborted (core dumped)



The error is due to the mismatch between the initial offset memory page of the DRM controller registers and the one defined in the host application <main.cpp>. The Vitis platform generates this address unique to the initial build for the application or if the HDK package is updated/changed. It remains the same if set once, But it is advised to check if the error persists.

Open the file <file\_name\_hdk\_version\_vitis\_version\_xdma\_platformu>.xclbin.info i.e, rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xclbin.info located in the output directory xclbin.

The file contains information about the xclbin generated and the Hardware Platform (Shell). Traverse to the kernel instance section, locate the kernel instance for the DRM controller IP, use the base address from

it, and replace it in the host app <main.cpp> for DRM\_BASE\_ADDRESS.

#### [Error] Unable to find DRM controller registers

| instance: k4     |                                            |                                             |                        |
|------------------|--------------------------------------------|---------------------------------------------|------------------------|
| Base Address: 0x | 1c30000                                    |                                             |                        |
| Argument:        | drm_to_uip0                                |                                             |                        |
| Register Offset: |                                            | 12 #define OCL_CHECK(error,call)            | . 1                    |
| Port:            | drm_to_uip0                                |                                             |                        |
| Memory:          | <pre>dc_3 (MEM_STREAMING_CONNECTION)</pre> | 13 Call,                                    | 1 C                    |
|                  |                                            | <pre>14 if (error != CL_SUCCESS) {</pre>    |                        |
| Argument:        | uip0_to_drm                                | 15 printf("%s:%d Error calling " #call ", e | rror code is: %d\n", \ |
| Register Offset: | θxθ                                        | 16 FILE , LINE , error);                    | 1                      |
| Port:            | uip0 to drm                                | 17 exit(EXIT_FAILURE);                      |                        |
| Memory:          | dc 2 (MEM_STREAMING_CONNECTION)            | 19                                          |                        |
|                  |                                            | 19                                          |                        |
|                  |                                            | 20 #define DATA_SIZE_4092                   |                        |
|                  |                                            | 21 #define INCR_VALUE 10                    |                        |
|                  |                                            | 22 #define REG DATA 8                       |                        |
|                  |                                            | 23 #define DRM_BASE_ADDRESS 0x1c300         | 00                     |

#### **Reference links**

https://tech.accelize.com/documentation/stable/drm\_troubleshooting.html

# [Error] Path is not a valid file: cred.json

The error is due to the invalid license file path defined in the conf.json file. Both files are located in the directory /app. Update the correct file path of the cred.json in the file conf.json.

user@user-To-be-filled-by-O-E-M:~/xilinx\_app\_store/aes\_256\_u200/app\$ ./app ~/xilinx\_app\_store/aes\_256\_u2
00/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xclbin
INFO: Reading /home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u20
0\_xdma\_201830\_2.xclbin
Loading: '/home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xd

ma\_201830\_2.xclbin'

INFO: Reading /home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u20 0\_xdma\_201830\_2.xclbin done!

error ] 15273 , Path is not a valid file: cred.json

error ] 15273 , Error with credential file 'cred.json': [errCode=1] Path is not a valid file: cred.js

[critical] 15273 , [errCode=1] Error with credential file 'cred.json': [errCode=1] Path is not a valid f ile: cred.json

terminate called after throwing an instance of 'Accelize::DRM::Exception'

what(): [errCode=1] Error with credential file 'cred.json': [errCode=1] Path is not a valid file: cred.json

Aborted (core dumped)



```
"design": {
    "boardType": "Alveo_U200"
},
"licensing": {
    "url": "https://master.metering.accelize.com"
},
"drm": {
    "frequency_mhz": 100,
    "mode": "metering",
    "license_dir": "~/xilinx_app_store/aes_256_u200/app"
},
"settings": {
    "log_verbosity": 2
}
```

# [Error] Metering web service error 400: User account has no entitlement

The error is due to the unavailability of license entitlement to the user. Also, it might be that the user is entitled to use the app but hasn't subscribed to the plan or the subscription has expired. Please check and update your subscription plans for the app in your Accelize account.

**Reference Links:** 

https://tech.accelize.com/documentation/stable/drm\_troubleshooting.html#if-you-get-this-error-message-drm-ws-request-failed

user@user-To-be-filled-by-O-E-M: ~/xilinx\_app\_store/new\_folder/rtl\_adder\_pipes\_Alveo/app\$ ./app ~/xilinx\_ app\_store/new\_folder/rtl\_adder\_pipes\_Alveo/xclbin/rtl\_adder\_pipes\_hdk\_4.2.1\_vitis\_2020.1.xclbin INFO: Reading /home/user/xilinx\_app\_store/new\_folder/rtl\_adder\_pipes\_Alveo/xclbin/rtl\_adder\_pipes\_hdk\_4 2.1 vitis 2020.1.xclbin Loading: '/home/user/xilinx\_app\_store/new\_folder/rtl\_adder\_pipes\_Alveo/xclbin/rtl\_adder\_pipes\_hdk\_4.2.1 vitis 2020.1.xclbin' INFO: Reading /home/user/xilinx\_app\_store/new\_folder/rtl\_adder\_pipes\_Alveo/xclbin/rtl\_adder\_pipes\_hdk 4. 2.1\_vitis\_2020.1.xclbin\_done! [DRMLIB] Start Session ... error ] 15625 , Metering Web Service error 400: {"error":true,"detail":"DRM WS request failed. \"No E ntitlement\" with [GettingStarted] 01 rtl kernel for dheeraj.punia@logic-fruit.com : User account has no entitlement. Purchase additional licenses via your portal."} [critical] 15625 , [errCode=10002] Metering Web Service error 400: {"error":true,"detail":"DRM WS reques t failed. \"No Entitlement\" with [GettingStarted] 01\_rtl\_kernel for dheeraj.punia@logic-fruit.com : Use r account has no entitlement. Purchase additional licenses via your portal."} DRM error: [errCode=10002] Metering Web Service error 400: {"error":true,"detail":"DRM WS request failed . \"No Entitlement\" with [GettingStarted] 01 rtl kernel for dheeraj.punia@logic-fruit.com : User account t has no entitlement. Purchase additional licenses via your portal."} XRT build version: 2.8.743

## [Error] Metering web service error 400

The collection of Activators from the license request does not match the expected configuration. The error is due to the mismatch between the DRM Activators integrated with the app and the Accelize web portal. Please check and update the DRM HDK package version integrated with the application and the webserver.





#### INFO: Reading /home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u20 0\_xdma\_201830\_2.xclbin done!

[DRMLIB] Start Session ..

[ error ] 21047 , Metering Web Service error 400: {"error":true,"detail":"DRM WS request failed. \"Inva lid Product Configuration\" with [GettingStarted] 01\_rtl\_kernel for N/A: the configuration for [GettingS tarted] 01\_rtl\_kernel is invalid. The collection of Activators from the license request does not match t he expected configuration. Please contact the application vendor."}

[critical] 21047 , [errCode=10002] Metering Web Service error 400: {"error":true,"detail":"DRM WS reques t failed. \"Invalid Product Configuration\" with [GettingStarted] 01\_rtl\_kernel for N/A: the configurati on for [GettingStarted] 01\_rtl\_kernel is invalid. The collection of Activators from the license request does not match the expected configuration. Please contact the application vendor."}

DRM error: [errCode=10002] Metering Web Service error 400: {"error":true,"detail":"DRM WS request failed . \"Invalid Product Configuration\" with [GettingStarted] 01\_rtl\_kernel for N/A: the configuration for [ GettingStarted] 01\_rtl\_kernel is invalid. The collection of Activators from the license request does not match the expected configuration. Please contact the application vendor."}

XRT build version: 2.8.743

Build hash: 77d5484b5c4daa691a7f78235053fb036829b1e9

# [ XRT ] Error: CU was deadlocked? Hardware is not stable

The error is due to the CU unit or Programmable Logic (PL) on the Alveo board/hardware being unstable or hang. Use the XRT command to reset the PL surface on the board. Use the below command

xbutil reset

If the error still persists, try a cold reboot of the host PC. Also, check the XRT version installed. Update it if it is corrupt or outdated.

**Reference Links:** 

https://forums.xilinx.com/t5/Alveo-Accelerator-Cards/-

<u>First-Alveo-U280-kernel-run-XRT-ERROR-No-devices-found/td-p/1047055</u>

There are various other xbutil commands to help in runtime and debug.

https://www.xilinx.com/html\_docs/xilinx2019\_1/sdaccel\_doc/xi-

<u>linx-board-swiss-army-knife-utility-ufa1504034339078.html</u>

INF0: Reading /home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u20
0 xdma 201830 2.xclbin done!
XRT build version: 2.8.743
Build hash: 77d5484b5c4daa691a7f78235053fb036829b1e9
Build date: 2020-11-16 00:19:11
Git branch: 2020.2
PID: 21165
UID: 1000
[Thu Mar 11 06:47:38 2021 GMT]
HOST: user-To-be-filled-by-0-E-M
EXE: /home/user/xilinx\_app\_store/aes\_256\_u200/app/app
[XRT] ERBOR: CU was deadlocked? Hardware is not stable

|       |   | er-T | o-be | -fil | led. | -by- | 0-E- | M:~/ | xili | nx_a | ipp_s | stor | e/ae | s_25 | 6_U | 200/ | app |   |   |   |   |   |   |   |   |  | - |  |
|-------|---|------|------|------|------|------|------|------|------|------|-------|------|------|------|-----|------|-----|---|---|---|---|---|---|---|---|--|---|--|
| ified |   |      |      |      |      |      |      |      |      |      |       |      |      |      |     |      |     |   |   |   |   |   |   |   |   |  | 0 |  |
|       |   |      |      |      |      |      |      |      |      |      |       |      |      |      |     |      |     |   |   |   |   |   |   |   |   |  |   |  |
|       |   |      |      |      |      |      |      |      |      |      |       |      |      |      |     |      |     |   |   |   |   |   |   |   |   |  |   |  |
|       |   |      |      |      |      |      |      |      |      |      |       |      |      |      |     |      |     |   |   |   |   |   |   |   |   |  |   |  |
|       |   |      |      |      |      |      |      | 0    |      |      |       |      |      |      |     |      |     |   |   |   |   |   |   |   |   |  |   |  |
|       | 0 |      |      |      | 0    | ~    |      |      | 0    | 1    | 0     | ~    |      |      | 0   |      |     | 0 | 0 | 0 | ~ | 0 | 0 | ~ | ~ |  | 0 |  |

# [Error] Bus Interface property FREQ\_HZ does not match between <port\_1> and <port\_2>

The error is due to a clock frequency mismatch between the two ports defined. Check the operating frequency in the makefile and the kernel operating frequency defined. Also, do check the tickle scripts defined in the src folder for the clock and reset signals declaration integration between the DRM controller IP and the kernels using the port signals accordingly.

#### **Reference Links:**

https://forums.xilinx.com/t5/Processor-System-Design-and-AX-

I/BD-41-237-Bus-Interface-property-FREQ-HZ-does-not-match/td-p/775283

https://www.xilinx.com/support/answers/56610.html

https://forums.aws.amazon.com/thread.jspa?threadID=271665

===>The following messages were generated while creating FPGA bitstream. Log file: /home/user/xilinx\_ap p\_store/aes\_256\_u200/\_x/link/vivado/vpl/runme.log :

ERROR: [VPL 41-237] Bus Interface property FREQ\_HZ does not match between /k4/uip0\_to\_drm(500000000) and /k2/uip\_to\_drm(3000000000)

ERROR: [VPL 41-237] Bus Interface property CLK\_DOMAIN does not match between /k4/uip0\_to\_drm(pfm\_dynamic \_clkwiz\_kernel2\_clk\_out1) and /k2/uip\_to\_drm(pfm\_dynamic\_clkwiz\_kernel\_clk\_out1)

ERROR: [VPL 41-237] Bus Interface property FREQ\_HZ does not match between /k2/drm\_to\_uip(300000000) and /k4/drm\_to\_uip0(5000000000)

ERROR: [VPL 41-237] Bus Interface property CLK\_DOMAIN does not match between /k2/drm\_to\_uip(pfm\_dynamic\_ clkwiz\_kernel\_clk\_out1) and /k4/drm\_to\_uip0(pfm\_dynamic\_clkwiz\_kernel2\_clk\_out1)

ERROR: [VPL 41-1031] Hdl Generation failed for the IP Integrator design /home/user/xilinx\_app\_store/aes\_ 256\_u200/\_x/link/vivado/vpl/prj/prj.srcs/my\_rm/bd/bd/pfm\_dynamic.bd

# [ XRT ] Warning: unaligned host pointer '0x7fffxxxxx' detected, this lead to extra memcpy

To remove the alignment warning, you need to use the "aligned\_allocator" that Xilinx provides in their lib XCL2. These are some of the header files and their functions we require to use in order to remove these warnings. These warnings will not have any effect on the functionality of the application yet it is better to remove if any.

#### **Reference Links:**

https://developer.xilinx.com/en/articles/example-2-aligned-memory-allocation.html

https://forums.xilinx.com/t5/Vitis-Acceleration-SDAccel-SD-

<u>SoC/memory-alignment-when-allocating-emmory-in-SDAccel/td-p/887593</u>



AES 256 IP on Xilinx App Store

user@user-To-be-filled-by-O-E-M:~/xilinx\_app\_store/aes\_256\_u200/app\$ ./app ~/xilinx\_app\_store/aes\_256\_u2 00/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xclbin INFO: Reading /home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u20 0\_xdma\_201830\_2.xclbin Loading: '/home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xd ma\_201830\_2.xclbin' INFO: Reading /home/user/xilinx\_app\_store/aes\_256\_u200/xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u20 0\_xdma\_201830\_2.xclbin done! [DRMLIB] Start Session ... info ] 16158 , DRM session COFA1E94481CED8C created. XRT build version: 2.8.743 Build hash: 77d5484b5c4daa691a7f78235053fb036829b1e9 Build date: 2020-11-16 00:19:11 Git branch: 2020.2 PID: 16158 UID: 1000 [Tue Mar 23 11:10:13 2021 GMT] HOST: user-To-be-filled-by-O-E-M EXE: /home/user/xilinx\_app\_store/aes\_256\_u200/app/app [XRT] WARNING: unaligned host pointer '0x7fff40e45550' detected, this leads to extra memcpy

[XRT] WARNING: unaligned host pointer '0x7fff40e49550' detected, this leads to extra memcpy Bus error (core dumped)

# [XRT] Error: Cannot add a component to the argument

The error is due to the unsatisfied properties of the vitis kernel requirement. Refer to the web page and follow as described. There might be a mismatch between register offset address, ports, or signal usage.

The kernel ports, signals, and arguments are defined in the RTL and the XML files for each kernel. All the definitions and usage should match for a successful build.

**Reference Links:** 

https://www.xilinx.com/html\_docs/xilinx2020\_2/vitis\_doc/devrtlkernel.html

https://www.xilinx.com/html\_docs/xilinx2020\_2/vitis\_-

doc/myl1532064542647.html#:~:text=An%20XML%20kernel%20description%20file,runtime%20and%
20Vitis%20tool%20flows.

https://www.xilinx.com/html\_docs/xilinx2020\_2/vitis\_doc/rtl\_kernel\_wizard.html

[DRMLIB] Start Session .. [ Info ] 30551 , DRM session B36153FBB2E701DE created. XRT build version: 2.8.743 Build hash: 77d5484b5c4daa691a7f78235053fb036829b1e9 Build date: 2020-11-16 00:19:11 Git branch: 2020.2 PID: 30551 UID: 1000 [Thu Apr 15 05:03:40 2021 GMT] HOST: user-To-be-filled-by-O-E-M EXE: /home/user/xilinx\_app\_store/old\_builds\_v1/new\_hdk\_build/bus\_interface\_freq\_HZ/aes\_256\_u200/app/app [XRT] ERROR: Cannot add component to argument main.cpp:201 Error calling cl::Kernel krnl\_adder\_stage(program,"krnl\_adder\_stage\_rtl", &err), error code

#### is: -4

#### Check md5sum value of the <file\_name>.xclibin

Because nearly every modification to a file will cause its MD5 hash to change, md5sum is used to verify the integrity of files. Md5sum is most typically used to ensure that a file has not been altered due to a failed file transfer, a disk malfunction, or non-malicious tinkering. Check md5sum using the below command:

logic fruit

AES 256 IP on Xilinx App Store

#### md5sum filename

(base) user@user-To-be-filled-by-O-E-M:~/xilinx\_app\_store/old\_builds\_v1/new\_hdk\_build/bus\_interface\_freq HZ/aes\_256\_u200\_32bit/app\$ md5sum ../xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.x clbin fca66c1f1074f1b9f40815aa656e4c51 ../xclbin/rtl\_adder\_pipes\_hdk\_4.1.0\_vitis\_2020.1\_u200\_xdma\_201830\_2.xc lbin

# The first step is you can see which devices are present on your host

test@test-To-be-filled-by-O-E-M:-\$ sudo lspci -vd 10ee: [sudo] password for test: 01:00.0 Processing accelerators: Xilinx Corporation Device 5000 Subsystem: Xilinx Corporation Device 000e Flags: bus master, fast devsel, latency 0 Memory at f20000000 (64-bit, prefetchable) [size=32M] Memory at f40000000 (64-bit, prefetchable) [size=128K] Capabilities: [40] Power Management version 3 Capabilities: [60] MSI-X: Enable+ Count=33 Masked-Capabilities: [70] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [1c0] #19 Capabilities: [400] Access Control Services Capabilities: [410] #15 Kernel driver in use: xclmgmt

Kernel modules: xclmgmt

01:00.1 Processing accelerators: Xilinx Corporation Device 5001 Subsystem: Xilinx Corporation Device 000e Flags: bus master, fast devsel, latency 0, IRO 16 Memory at f00000000 (64-bit, prefetchable) [size=32M] Memory at f4020000 (64-bit, prefetchable) [size=64K] Memory at e00000000 (64-bit, prefetchable) [size=256M] Capabilities: [40] Power Management version 3 Capabilities: [60] MSI-X: Enable+ Count=33 Masked-Capabilities: [70] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [400] Access Control Services Capabilities: [410] #15 Kernel driver in use: xocl Kernel modules: xocl

This should be the required output if not please do reinstall check the Troubleshooting page. Determine Linux release: Use the cat /etc/\*release command to determine the Linux release AES 256 IP on Xilinx App Store Page No #37

meesinguinee

File Edit View Search Terminal Help

hitesh@hitesh-Lenovo-V330-14IKB:-\$ cat /etc/\*release DISTRIB\_ID=Ubuntu DISTRIB RELEASE=18.04 DISTRIB\_CODENAME=bionic DISTRIB DESCRIPTION="Ubuntu 18.04.5 LTS" NAME="Ubuntu" VERSION="18.04.5 LTS (Bionic Beaver)" ID=ubuntu ID\_LIKE=debian PRETTY\_NAME="Ubuntu 18.04.5 LTS" VERSION ID="18.04" HOME\_URL="https://www.ubuntu.com/" SUPPORT\_URL="https://help.ubuntu.com/" BUG\_REPORT\_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY\_POLICY\_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION CODENAME=bionic UBUNTU\_CODENAME=bionic



We can review the shell capabilities with by command sudo /opt/Xilinx/xrt/bin/xbmgmt flash -scan as shown below

| [[Atest@test-To-be-<br>ard [0000:01:00.0] | <pre>-filled-by-0-E-M:~\$ sudo /opt/xilinx/xrt/bin/xbmgmt flashscan</pre> |
|-------------------------------------------|---------------------------------------------------------------------------|
| Card type:                                | U200                                                                      |
| Flash type:                               | SPI                                                                       |
|                                           | tion running on FPGA:                                                     |
| xilinx u200                               | xdma_201830_2,[ID=0x5d1211e8],[SC=4.2.0]                                  |
| Flashable parti                           | tions installed in system:                                                |
| xilinx u200                               | xdma 201830 2,[ID=0x5d1211e8],[SC=4.2.0]                                  |

#### **Unload/reload XRT drivers:**

Use modprobe -r to remove the drivers as shown below sudo modprobe –r xocl sudo modprobe –r xclmgmt

Use modprobe to reload the drivers as shown below sudo modprobe xclmgmtsudo modprobe xocl Order matters for both of these commands. xocl depends on xclmgmt.

# Flash the card with a deployment platform:

test@test-To-be-filled-by-O-E-M:/opt/xilinx/xrt/bin/unwrapped\$ sudo ./xbmgmt flash --scan Card [0000:01:00.0] Card type: u200 Flash type: SPI Flashable partition running on FPGA: xilinx\_u200\_GOLDEN\_5,[SC=INACTIVE] Flashable partitions installed in system:

xilinx\_u200\_xdma\_201830\_2,[ID=0x5d1211e8],[SC=4.2.0]

AES 256 IP on Xilinx App Store

Once the card is up and running in the system, a deployment platform will need to be flashed onto the card before xbutil validate passes and applications can be run. To flash the card with a deployment platform follow the below steps:

- Run sudo xbmgmt flash scan
- If Flashable partitions installed in the system: (None) is the output please install the latest packages from the Alveo landing page for your installed card(s)
- Sollow the process for Card install to install the platforms on the machine.
- Run sudo xbmgmt flash --update --shell <xilinx\_uxx> to flash the platform onto the card. This command should be provided during platform installation, shown below:

Partition package installed successfully.

Please flash card manually by running below command:

sudo /opt/xilinx/xrt/bin/xbmgmt flash – -update – -shell xilinx\_u200\_xdma\_201830\_2

~]\$ sudo xbmgmt flash –-update –-shell xilinx\_u200\_xdma\_201830\_2

Status: shell needs updating

Current shell: xilinx\_u200\_GOLDEN\_9

Shell to be flashed: xilinx\_u200\_xdma\_201830\_2

Are you sure you wish to proceed? [y/n]: y

Updating shell on card[0000:05:00.0]

INFO: **\*\*\***Found 353 ELA Records

Enabled bitstream guard. Bitstream will not be loaded until flashing is finished.

Preparing flash chip 0

Erasing flash.....

Programming flash.....

Cleared the bitstream guard. Bitstream now active.



Successfully flashed Card[0000:05:00.0]

1 Card(s) flashed successfully.

Cold reboot machine to load the new image on card(s).



#### Cold boot the server

- Run sudo xbmgmt flash –-scan  $(\checkmark)$
- Now platform installed in host and card are the same  $(\checkmark)$
- If this is a DFX–2RP platform, go to Programming DFX–2RP shell partitions  $(\checkmark)$
- If there is a different number in the SC= line between the FPGA and the system for the platform  $(\checkmark)$ on the card, update the SC firmware, example below:

:~> sudo xbmgmt flash --update

Status: SC needs updating

Current SC: 5.0.20

SC to be flashed: 5.0.27

Updating SC firmware on card[0000:05:00.0]

Stopping user function...

INFO: found 4 sections

INFO: Loading new firmware on SC

Successfully flashed Card[0000:05:00.0]

1 Card(s) flashed successfully.

# **Reverting the card to factory image:**

The Alveo card can be reverted to the factory image, also known as golden. This requires that XRT release 2019.2 or later is installed on the same system as the Alveo accelerator card. The steps to revert the card using this method are listed below.

1.1. Open a terminal window.

1.2. Run the following command, where card\_bdf is the BDF of the card to revert to golden. \$ sudo xbmgmt flash – -factory\_reset – -card <card\_bdf> 1.3.Enter y to continue. The following message is displayed on completion. Shell is reset successfully AES 256 IP on Xilinx App Store Page No #40

Cold reboot machine to load new shell on card

1.4.Cold boot the system so the card FPGA uses the new image.

1.5. Confirm the card has been reverted to factory image by running the following command.

\$ sudo xbmgmt flash –-scan

1.6.An output similar to the following is displayed.

Card [0000:65:00.0]

Card type: uxx

Flash type: SPI

Flashable partition running on FPGA:

xilinx\_uxx\_GOLDEN\_x,[SC=x.x]

Flashable partitions installed in system: (None)

In this output, under the Flashable partition running on an FPGA, note GOLDEN in the name. This indicates that the card has successfully been reverted to the factory image.

IMPORTANT! If the GOLDEN\_2 image is running on the FPGA, carefully review the design advisory for Alveo data center Accelerator card golden corruption, found in AR 71915. Complete the repair instructions associated with the Xilinx Answer prior to proceeding.

For more information you can log on to this url :

https://xilinx.github.io/Alveo-Cards/master/debugging/READhME.html

# AES 256 IP on Xilinx App Store Page No #41



#### Does anyone have any questions?

## Contact Us







## Gurugram (Headquarter)

806, 8th Floor BPTP Park Centra Sector-30, NH-8 Gurgaon – 122001 Haryana (India)

#### Bengaluru (R&D House)

Sy. No 118, 3rd Floor, Gayathri Lakefront, Outer Ring Road, Hebbal, Bangalore – 560 024

info@logic-fruit.com

sales@logic-fruit.com

+91-0124 4643950

+9180-69019700/01

# United States (Sales Office)

Logic Fruit Technologies INC 691 S Milpitas Blvd Ste 217 (Room 9) Milpitas CA 95035

info@logic-fruit.com

+1-408 338 9743

\*This document is the intellectual property of Logic Fruit Technologies . Any plagiarism or misuse is punishable according to Indian Laws