Skip to content

Commit

Permalink
Release 1.3.1
Browse files Browse the repository at this point in the history
  • Loading branch information
Maria Wisniewska committed Mar 29, 2021
1 parent 8f49617 commit 5e999cf
Show file tree
Hide file tree
Showing 150 changed files with 4,891 additions and 2,869 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,9 @@ ENV/
env.bak/
venv.bak/
env*
*env/
venv*
*venv/

# Spyder project settings
.spyderproject
Expand Down
13 changes: 4 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
<!-- Identifiers, in alphabetical order -->

[doc-location]: https://spsdk.readthedocs.io
[pypi-location]: https://pypi.org/project/spsdk


# NXP Secure Provisioning SDK

**Secure Provisioning SDK (SPSDK)** enables connection and communication with target devices for purposes of secure provisioning and programming. Delivered as python library with command-line applications for direct utilization.
Expand All @@ -12,9 +6,9 @@

## Links

* [PyPI][pypi-location]
* [PyPi](https://pypi.org/project/spsdk/)
* [Release Notes](release_notes.txt)
* [Documentation][doc-location]
* [Documentation](https://spsdk.readthedocs.io)

## Supported Devices

Expand Down Expand Up @@ -59,7 +53,8 @@ Following NXP devices are supported:
```
> In **Windows OS** you need to install [Microsoft Visual C++ Build Tools](https://www.scivision.dev/python-windows-visual-c-14-required/)
Note: If you use pip version 20.3, please downgrade it to 20.2.4, because of the new resolver functionality.
Note: In case of problems during instalation, please make sure that you have the latest pip version.
You can upgrade pip using this command: 'pip install --upgrade pip'.

## Usage

Expand Down
2 changes: 1 addition & 1 deletion codecheck.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,5 @@ radon cc --min D spsdk > %CD%\reports\radonD.txt
radon cc --min C spsdk > %CD%\reports\radonC.txt
@rem -------------------------------------------------------
@rem gitcov (coverage of changed files)
python tools\gitcov.py --verbose --coverage-report reports\coverage.xml
python tools\gitcov.py --coverage-report reports\coverage.xml
@if %errorlevel% gtr 0 echo "<<<### GIT-COV ERROR DETECTED #################################################>>>"
8 changes: 0 additions & 8 deletions docs/api/dat.rst
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,3 @@ Module with common utils for DAT module
:members:
:undoc-members:
:show-inheritance:


Module with the shadow registers control DAT support file
----------------------------------------------------------
.. automodule:: spsdk.dat.shadow_regs
:members:
:undoc-members:
:show-inheritance:
2 changes: 1 addition & 1 deletion docs/api/mboot_interfaces.rst
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,4 @@ MBoot Interface Class
.. automodule:: spsdk.mboot.interfaces.base
:members:
:undoc-members:
:show-inheritance:
:show-inheritance:
2 changes: 1 addition & 1 deletion docs/api/sdp_interfaces.rst
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ SDP Interface Class
.. automodule:: spsdk.sdp.interfaces.base
:members:
:undoc-members:
:show-inheritance:
:show-inheritance:
11 changes: 11 additions & 0 deletions docs/api/shadowregs.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Shadow Registers API
=====================

This module contains support for Shadow Registers.

Module with the shadow registers control DAT support file
----------------------------------------------------------
.. automodule:: spsdk.shadowregs.shadowregs
:members:
:undoc-members:
:show-inheritance:
1 change: 1 addition & 0 deletions docs/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
api/image
api/mboot
api/pfr
api/shadowregs
api/sbfile
api/sdp
api/utils
Expand Down
2 changes: 1 addition & 1 deletion examples/dat/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,4 @@ Content of the `hsm` represents the remote side of things
3) generate the Debug Credential file
- `nxpkeygen gendc --config dck_rsa_2048.yml --plugin hsm/sasp.py my.dc`
- you may need to add the `--force` flag if you are running the example multiple times
4) for comparison, you may try to use signing a local file, to do so, comment out line 11 in yaml file and uncomment line 14 or 15 (the have the same effect)
4) for comparison, you may try to use signing a local file, to do so, comment out line 11 in yaml file and uncomment line 14 or 15 (the have the same effect)
77 changes: 47 additions & 30 deletions release_notes.txt
Original file line number Diff line number Diff line change
@@ -1,16 +1,51 @@
Release Notes for Secure Provisioning SDK
==========================================
Version: 1.3
Date: 05-March-2021
Secure Provisioning SDK (SPSDK) is a unified, reliable, and easy-to-use SW library. It targets a wide
portfolio of NXP MCUs, providing a solid foundation from quick customer prototyping up to
production deployment. The library allows the user to connect and communicate with a device,
configure the device, prepare, download and upload data, including security operations. It is
delivered in the form of a python library and command-line applications.

Secure Provisioning SDK (SPSDK) is a unified, reliable, and easy to use SW library working across the NXP MCU portfolio
providing a strong foundation from quick customer prototyping up to production deployment. The library allows the user
to connect and communicate with a device, configure the device, prepare, download and upload data including security
operations. It is delivered in a form of a python library and command-line applications.
Version: 1.3.1.
Date: 29-March-2021

Features:
- [PFR] configuration template supports YAML with description, backward compatibility with JSON ensured
- [PFR] API change: "keys" parameter has been moved from __init__ to export
- [PRF] sub-commands renamed: (user-config -> get-cfg-template; parse -> parse-binary; generate -> generate-binary)
- [blhost] allow key names for key-provisioning commands
- [blhost] support for RT1170, RT1160
- Shadow Registers tool is now top-level module

Bugfixes:
- [blhost] fix baud rate parameter
- [PFR] fix in data for Niob4, Niobe4 Mini, Niobe4 Nano
- bug fixes for sb 2.1 commands and options


Supported devices:
==================
- LPC55S6x, LPC55S2x (Niobe4)
- LPC55S0x (Niobe 4 Nano)
- LPC55S1x (Niobe4 Mini)
- i.MX RT105x, RT106x
- i.MX RT595S, RT685S
- i.MX RT1160(blhost), RT1170(blhost)


System Requirements:
===================
Operating System:
- Windows
- Mac OS
- Linux


Revision History:
================
1.3
- support creation of SB version 3.1 (for N4Analog)
- elftosb application based on legacy elf2sb supporting SB 3.1 support
- elftosb application based on legacy elf2sb supporting SB 3.1 support
- nxpdevscan - application for connected USB, UART devices discovery
- shadowregs - application for shadow registers management using DebugProbe
- support USB path argument in blhost/sdphost (all supported OS)
Expand All @@ -29,26 +64,7 @@ Features:
- add key selector option to generate-key-blob command
- add nolock/lock selector to efuse-program-once command
- add hexdata option to write-memory command

Supported devices:
==================
- LPC55S6x, LPC55S2x (Niobe4)
- LPC55S0x (Niobe 4 Nano)
- LPC55S1x (Niobe4 Mini)
- i.MX RT105x, RT106x
- i.MX RT595S, RT685S


System Requirements:
===================
Operating System:
- Windows
- Mac OS
- Linux


Revision History:
================
1.2
- support for Niobe4 Analog devices
- extend support for Niobe4 Mini, Nano
Expand All @@ -75,12 +91,13 @@ Revision History:
- support for i.MX RT105x and RT106x devices
- support for i.MX RT595S and RT685S devices
- connectivity to the target via UART, USB-HID.
- support for generating, saving, loading RSA keys with different sizes
- generation and management of certificate
- support for generating, saving, loading of RSA keys with different sizes
- genaration and management of certificate
- CLI utility blhost for communication with boot loader on a target
- CLI utility sdphost for communication with ROM on a target
- CLI utility PFR for generating and parsing Protected Flash Regions - CMPA and CFPA regions
- CLI utility PFR for generating and parsing Protocted Flash Regions - CMPA and CFPA regions


License:
Licence:
=========
BSD-3 License
3 changes: 1 addition & 2 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
commentjson>=0.9,<1
jmespath<=0.10.0
astunparse>=1.6,<2
bitstring>=3.1,<3.2
click>=7.0,<8
click-option-group>=0.3.0,<0.6
construct~=2.10
crccheck>=0.6,<2
crcmod==1.7
hexdump~=3.3
asn1crypto>=1.2,<2
cryptography>=3.3,<3.4.4
Expand Down
13 changes: 5 additions & 8 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@
import sys
from typing import List

import pip # type: ignore

from setuptools import setup, find_packages # type: ignore


Expand All @@ -24,12 +22,6 @@ def sanitize_version(version_str: str) -> str:
return sanitizer[len(version_str)]


if sys.version_info >= (3, 8, 0) and sanitize_version(pip.__version__) < '19.2.3':
print(f"With python {sys.version}, you're using an old version of pip: {pip.__version__}")
print("Please update pip using: 'python -m pip install --upgrade pip'.")
sys.exit(1)


with open('requirements.txt') as req_file:
requirements = req_file.read().splitlines()
# avoid build errors on readthedocs (excluding hidapi, which depends on C module)
Expand All @@ -51,6 +43,11 @@ def sanitize_version(version_str: str) -> str:
version=version_info["__version__"],
description='Open Source Secure Provisioning SDK for NXP MCU/MPU',
url="https://github.com/NXPmicro/spsdk",
project_urls={
"Code": 'https://github.com/NXPmicro/spsdk',
"Issue tracker": 'https://github.com/NXPmicro/spsdk/issues',
"Documentation": 'https://spsdk.readthedocs.io',
},
author="NXP",
author_email="[email protected]",
license='BSD-3-Clause',
Expand Down
8 changes: 5 additions & 3 deletions spsdk/__init__.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
#
# Copyright 2019-2020 NXP
# Copyright 2019-2021 NXP
#
# SPDX-License-Identifier: BSD-3-Clause

Expand All @@ -22,10 +22,12 @@
from .__version__ import __version__ as version
from .exceptions import SPSDKError

SPSDK_DATA_FOLDER = os.path.join(os.path.dirname(os.path.abspath(__file__)), "data")

__author__ = "NXP"
__contact__ = "[email protected]"
__license__ = "BSD-3-Clause"
__version__ = version
__release__ = "alpha"

# The SPSDK behavior settings
SPSDK_DATA_FOLDER = os.path.join(os.path.dirname(os.path.abspath(__file__)), "data")
SPSDK_YML_INDENT = 2
2 changes: 1 addition & 1 deletion spsdk/__version__.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@
Having the version in a separate file makes it easier to share it with setup.py
"""

__version__ = "1.3.0"
__version__ = "1.3.1"
2 changes: 1 addition & 1 deletion spsdk/apps/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ After installing SPSDK, several applications are present directly on PATH as exe
- [elftosb](elftosb.py) - utility for generating TrustZone, MasterBootImage and SecureBinary images.
- [nxpcertgen](nxpcertgen.py) - utility for generating the self-signed x.509 certificate.
- [nxpdebugmbox](nxpdebugmbox.py) - utility for performing the Debug Authentication.
- [nxpdevscan](nxpdscan.py) - utility for listing all connected NXP USB and UART devices.
- [nxpdevscan](nxpdevscan.py) - utility for listing all connected NXP USB and UART devices.
- [nxpkeygen](nxpkeygen.py) - utility for generating RSA/ECC key pairs and debug credential files based on YAML configuration file.
- [pfr](pfr.py) - simple utility for creation and analysis of protected regions - CMPA and CFPA.
- [pfrc](pfrc.py) - simple utility for search of brick-conditions in PFR settings.
Expand Down
47 changes: 33 additions & 14 deletions spsdk/apps/blhost.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
from click_option_group import MutuallyExclusiveOptionGroup, optgroup

from spsdk import __version__ as spsdk_version, SPSDKError
from spsdk.apps.blhost_helper import parse_property_tag
from spsdk.apps.blhost_helper import parse_key_prov_key_type, parse_property_tag
from spsdk.apps.utils import (
INT, get_interface, format_raw_data, catch_spsdk_error,
parse_file_and_size, parse_hex_data
Expand Down Expand Up @@ -323,7 +323,6 @@ def read_memory(ctx: click.Context, address: int, byte_count: int,
)



@main.command()
@click.argument('sb_file', metavar='FILE', type=click.File('rb'), required=True)
@click.pass_context
Expand Down Expand Up @@ -407,7 +406,6 @@ def generate_key_blob(ctx: click.Context, dek_file: click.File, blob_file: click
blob_file.write(write_response) # type: ignore



@main.group()
@click.pass_context
def key_provisioning(ctx: click.Context) -> None:
Expand All @@ -424,43 +422,64 @@ def enroll(ctx: click.Context) -> None:


@key_provisioning.command(name='set_user_key')
@click.argument('key_type', metavar='TYPE', type=INT(), required=True)
@click.argument('key_type', metavar='TYPE', type=str, required=True)
@click.argument('file_and_size', metavar='FILE[,SIZE]', type=str, required=True)
@click.pass_context
def set_user_key(ctx: click.Context, key_type: int, file_and_size: str) -> None:
def set_user_key(ctx: click.Context, key_type: str, file_and_size: str) -> None:
"""Send the user key specified by <type> to bootloader.
\b
TYPE - Type of user key
FILE - Binary file containing user key plaintext
SIZE - If not specified, the entire <file> will be sent. Otherwise, only send
the first <size> bytes. The valid options of <type> and
corresponding <size> are documented in the target's Reference
Manual or User Manual.
the first <size> bytes.
Available KEY TYPES:
2 or 'OTFADKEK' OTFAD key
3 or 'SBKEK' SB file encryption key
7 or 'PRINCE0' Prince region 0 encryption key
8 or 'PRINCE1' Prince region 1 encryption key
9 or 'PRINCE2' Prince region 2 encryption key
11 or 'USERKEK' User/Boot-image encryption key
12 or 'UDS' Universal Device Secret for DICE
Note: The valid options of <type> and corresponding <size> are documented
in the target's Reference Manual or User Manual.
Note: Names are case insensitive
"""
file_path, size = parse_file_and_size(file_and_size)

key_type_int = parse_key_prov_key_type(key_type)
with open(file_path, 'rb') as key_file:
key_data = key_file.read(size)

with McuBoot(ctx.obj['interface']) as mboot:
response = mboot.kp_set_user_key(key_type=key_type, key_data=key_data) # type: ignore
response = mboot.kp_set_user_key(key_type=key_type_int, key_data=key_data) # type: ignore
display_output([], mboot.status_code, ctx.obj['use_json'])


@key_provisioning.command(name='set_key')
@click.argument('key_type', metavar='TYPE', type=int, required=True)
@click.argument('key_type', metavar='TYPE', type=str, required=True)
@click.argument('key_size', metavar='SIZE', type=int, required=True)
@click.pass_context
def set_key(ctx: click.Context, key_type: int, key_size: int) -> None:
def set_key(ctx: click.Context, key_type: str, key_size: int) -> None:
"""Generate <size> bytes of the key specified by <type>.
\b
TYPE - type of key to generate
TYPE - type of key to generate,
SIZE - size of key to generate
Available KEY TYPES:
2 or 'OTFADKEK' OTFAD key
3 or 'SBKEK' SB file encryption key
7 or 'PRINCE0' Prince region 0 encryption key
8 or 'PRINCE1' Prince region 1 encryption key
9 or 'PRINCE2' Prince region 2 encryption key
11 or 'USERKEK' User/Boot-image encryption key
12 or 'UDS' Universal Device Secret for DICE
Note: The valid options of <type> and corresponding <size> are documented
in the target's Reference Manual or User Manual.
Note: Names are case insensitive
"""
key_type_int = parse_key_prov_key_type(key_type)
with McuBoot(ctx.obj['interface']) as mboot:
response = mboot.kp_set_intrinsic_key(key_type, key_size)
response = mboot.kp_set_intrinsic_key(key_type_int, key_size)
display_output([], mboot.status_code, ctx.obj['use_json'])


Expand Down
Loading

0 comments on commit 5e999cf

Please sign in to comment.