| <!DOCTYPE html> |
| <!-- |
| Copyright 2019 NXP |
| |
| This software is owned or controlled by NXP and may only be used |
| strictly in accordance with the applicable license terms. By expressly |
| accepting such terms or by downloading, installing, activating and/or |
| otherwise using the software, you are agreeing that you have read, and |
| that you agree to comply with and are bound by, such license terms. If |
| you do not agree to be bound by the applicable license terms, then you |
| may not retain, install, activate or otherwise use the software. |
| --> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta charset="utf-8" /> |
| <title>10.5. A71CH Legacy Configure Tool — Plug & Trust MW v03.00.05 documentation</title> |
| <link rel="stylesheet" href="../_static/bootstrap-sphinx.css" type="text/css" /> |
| <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> |
| <link rel="stylesheet" type="text/css" href="../_static/graphviz.css" /> |
| <script id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script> |
| <script src="../_static/jquery.js"></script> |
| <script src="../_static/underscore.js"></script> |
| <script src="../_static/doctools.js"></script> |
| <script src="../_static/language_data.js"></script> |
| <link rel="index" title="Index" href="../genindex.html" /> |
| <link rel="search" title="Search" href="../search.html" /> |
| <link rel="next" title="11. Appendix" href="../appendix.html" /> |
| <link rel="prev" title="10.4. A71CH Legacy HLSE (Generic) API" href="a71ch_legacy_hlse_api.html" /> |
| <meta charset='utf-8'> |
| <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'> |
| <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'> |
| <meta name="apple-mobile-web-app-capable" content="yes"> |
| <script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js "></script> |
| <script type="text/javascript" src="../_static/js/jquery-fix.js "></script> |
| <script type="text/javascript" src="../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script> |
| <script type="text/javascript" src="../_static/bootstrap-sphinx.js "></script> |
| |
| </head><body> |
| |
| <div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <!-- .btn-navbar is used as the toggle for collapsed navbar content --> |
| <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse"> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a class="navbar-brand" href="../toc.html"><span><img src="../_static/NXP_logo_JPG.jpg"></span> |
| MW</a> |
| <span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span> |
| </div> |
| |
| <div class="collapse navbar-collapse nav-collapse"> |
| <ul class="nav navbar-nav"> |
| |
| |
| <li class="dropdown globaltoc-container"> |
| <a role="button" |
| id="dLabelGlobalToc" |
| data-toggle="dropdown" |
| data-target="#" |
| href="../toc.html">TOC <b class="caret"></b></a> |
| <ul class="dropdown-menu globaltoc" |
| role="menu" |
| aria-labelledby="dLabelGlobalToc"><ul class="current"> |
| <li class="toctree-l1"><a class="reference internal" href="../index.html">1. NXP Plug & Trust Middleware</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../organization-of-documentation.html">1.1. Organization of Documentation</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../folder-structure.html">1.2. Folder Structure</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../changes/index.html">2. Changes</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/pending.html">2.1. Pending Refactoring items</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/pending.html#known-limitations">2.2. Known limitations</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../stack/index.html">3. Plug & Trust MW Stack</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/features.html">3.1. Features</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug & Trust MW : Block Diagram</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss-apis.html">3.3. SSS APIs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/param_checks.html">3.5. Parameter Check & Conventions</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/logging.html">3.7. Logging</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects.html">3.10. Auth Objects</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../building/index.html">4. Building / Compiling</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../building/windows.html">4.1. Windows Build</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/imx6.html">4.4. i.MX Linux Build</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/rpi3.html">4.5. Raspberry Pi Build</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/cmake.html">4.6. CMake</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../scripts/cmake_options.html">4.7. CMake Options</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../demos/index.html">5. Demo and Examples</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#demo-list">5.1. Demo List</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#sss-api-examples">5.2. SSS API Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#cloud-demos">5.3. Cloud Demos</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#opc-ua-example">5.5. OPC-UA Example</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#arm-psa-example">5.6. ARM PSA Example</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#se05x-examples">5.7. SE05X Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#openssl-examples">5.8. OpenSSL Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#semslite-examples">5.12. Semslite examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#puf-examples">5.13. PUF examples</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../semslite/doc/index.html">7. SEMS Lite Agent</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_api.html">7.6. APIs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">8. Plugins / Add-ins</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../plugins/akm.html">8.4. Android Key master</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../cli-tool.html">9. CLI Tool</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/introduction.html">9.1. Introduction</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/block-diagram.html">9.2. Block Diagram</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/Provisioning/readme.html">9.5. CLI Provisioning</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/readme_usage_examples.html">9.6. Usage Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_commands_list.html">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_data_format.html">9.8. CLI Data formats</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_object_policy.html">9.9. Object Policies Through ssscli</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1 current"><a class="reference internal" href="../a71ch.html">10. A71CH</a><ul class="current"> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_sss.html">10.1. A71CH and SSS API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_miscellaneous.html">10.2. Miscellaneous</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li> |
| <li class="toctree-l2 current"><a class="current reference internal" href="#">10.5. A71CH Legacy Configure Tool</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../appendix.html">11. Appendix</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/glossary.html">11.1. Glossary</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../dev-platforms.html">11.5. Development Platforms</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/version_info.html">11.7. Version Information</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../api/api_list.html">11.12. Plug & Trust MW APIs</a></li> |
| </ul> |
| </li> |
| </ul> |
| </ul> |
| </li> |
| |
| <li class="dropdown"> |
| <a role="button" |
| id="dLabelLocalToc" |
| data-toggle="dropdown" |
| data-target="#" |
| href="#">Page <b class="caret"></b></a> |
| <ul class="dropdown-menu localtoc" |
| role="menu" |
| aria-labelledby="dLabelLocalToc"><ul> |
| <li><a class="reference internal" href="#">10.5. A71CH Legacy Configure Tool</a><ul> |
| <li><a class="reference internal" href="#introduction">10.5.1. Introduction</a></li> |
| <li><a class="reference internal" href="#usage-modes">10.5.2. Usage modes</a></li> |
| <li><a class="reference internal" href="#tool-deployment">10.5.3. Tool deployment</a><ul> |
| <li><a class="reference internal" href="#hw-setup-for-imx">10.5.3.1. HW Setup for iMX</a></li> |
| <li><a class="reference internal" href="#hw-setup-for-kinetis">10.5.3.2. HW Setup for Kinetis</a></li> |
| <li><a class="reference internal" href="#sw-layers-and-communication-for-imx">10.5.3.3. SW layers and communication for iMX</a></li> |
| <li><a class="reference internal" href="#sw-layers-and-communication-for-kinetis">10.5.3.4. SW layers and communication for Kinetis</a></li> |
| </ul> |
| </li> |
| <li><a class="reference internal" href="#command-reference">10.5.4. Command reference</a><ul> |
| <li><a class="reference internal" href="#overall-introduction">10.5.4.1. Overall introduction</a></li> |
| <li><a class="reference internal" href="#apdu">10.5.4.2. apdu</a></li> |
| <li><a class="reference internal" href="#connect">10.5.4.3. connect</a></li> |
| <li><a class="reference internal" href="#debug">10.5.4.4. debug</a></li> |
| <li><a class="reference internal" href="#ecrt">10.5.4.5. ecrt</a></li> |
| <li><a class="reference internal" href="#erase">10.5.4.6. erase</a></li> |
| <li><a class="reference internal" href="#gen">10.5.4.7. gen</a></li> |
| <li><a class="reference internal" href="#get">10.5.4.8. get</a></li> |
| <li><a class="reference internal" href="#info">10.5.4.9. info</a></li> |
| <li><a class="reference internal" href="#interactive">10.5.4.10. interactive</a></li> |
| <li><a class="reference internal" href="#lock">10.5.4.11. lock</a></li> |
| <li><a class="reference internal" href="#obj-erase">10.5.4.12. obj erase</a></li> |
| <li><a class="reference internal" href="#obj-get">10.5.4.13. obj get</a></li> |
| <li><a class="reference internal" href="#obj-update">10.5.4.14. obj update</a></li> |
| <li><a class="reference internal" href="#obj-write">10.5.4.15. obj write</a></li> |
| <li><a class="reference internal" href="#rcrt">10.5.4.16. rcrt</a></li> |
| <li><a class="reference internal" href="#refpem">10.5.4.17. refpem</a></li> |
| <li><a class="reference internal" href="#script">10.5.4.18. script</a></li> |
| <li><a class="reference internal" href="#scp">10.5.4.19. scp</a></li> |
| <li><a class="reference internal" href="#set">10.5.4.20. set</a></li> |
| <li><a class="reference internal" href="#transport">10.5.4.21. transport</a></li> |
| <li><a class="reference internal" href="#ucrt">10.5.4.22. ucrt</a></li> |
| <li><a class="reference internal" href="#wcrt">10.5.4.23. wcrt</a></li> |
| </ul> |
| </li> |
| <li><a class="reference internal" href="#not-connected-mode">10.5.5. Not connected mode</a></li> |
| </ul> |
| </li> |
| </ul> |
| </ul> |
| </li> |
| |
| |
| |
| |
| |
| <li> |
| <a href="a71ch_legacy_hlse_api.html" title="Previous Chapter: 10.4. A71CH Legacy HLSE (Generic) API"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">« 10.4. A71CH L...</span> |
| </a> |
| </li> |
| <li> |
| <a href="../appendix.html" title="Next Chapter: 11. Appendix"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">11. Appendix »</span> |
| </a> |
| </li> |
| |
| |
| |
| |
| |
| </ul> |
| |
| |
| |
| </div> |
| </div> |
| </div> |
| |
| <div class="container"> |
| <div class="row"> |
| <div class="col-md-3"> |
| <div id="sidebar" class="bs-sidenav" role="complementary"> |
| |
| <div class="sidebar-header"> |
| <h3>Plug & Trust MW</h3> |
| </div> |
| |
| <div class="row"> |
| <ul class="current"> |
| <li class="toctree-l1"><a class="reference internal" href="../index.html">1. NXP Plug & Trust Middleware</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../changes/index.html">2. Changes</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../stack/index.html">3. Plug & Trust MW Stack</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../building/index.html">4. Building / Compiling</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../demos/index.html">5. Demo and Examples</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../semslite/doc/index.html">7. SEMS Lite Agent</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">8. Plugins / Add-ins</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../cli-tool.html">9. CLI Tool</a></li> |
| <li class="toctree-l1 current"><a class="reference internal" href="../a71ch.html">10. A71CH</a><ul class="current"> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_sss.html">10.1. A71CH and SSS API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_miscellaneous.html">10.2. Miscellaneous</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li> |
| <li class="toctree-l2 current"><a class="current reference internal" href="#">10.5. A71CH Legacy Configure Tool</a><ul> |
| <li class="toctree-l3"><a class="reference internal" href="#introduction">10.5.1. Introduction</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#usage-modes">10.5.2. Usage modes</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#tool-deployment">10.5.3. Tool deployment</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#command-reference">10.5.4. Command reference</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#not-connected-mode">10.5.5. Not connected mode</a></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../appendix.html">11. Appendix</a></li> |
| </ul> |
| |
| </div> |
| <div class="row"> |
| <form class="form" action="../search.html" method="get"> |
| <div class="form-group"> |
| <label for="Search">Search:</label> |
| <input type="text" name="q" class="form-control" placeholder="Search" /> |
| </div> |
| <input type="hidden" name="check_keywords" value="yes" /> |
| <input type="hidden" name="area" value="default" /> |
| </form> |
| </div> |
| </div> |
| </div> |
| <div class="body col-md-9 content" role="main"> |
| |
| <div class="section" id="a71ch-legacy-configure-tool"> |
| <span id="se05x-legacy-cfg-tool"></span><h1><span class="section-number">10.5. </span>A71CH Legacy Configure Tool<a class="headerlink" href="#a71ch-legacy-configure-tool" title="Permalink to this headline">¶</a></h1> |
| <div class="section" id="introduction"> |
| <h2><span class="section-number">10.5.1. </span>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2> |
| <p>The A71CH Configure Tool is a command line tool that supports the |
| insertion of credentials into the A71CH. |
| It can also report on the value and status of the stored credentials and on the status of the device. |
| The tool is provided in source code (<code class="docutils literal notranslate"><span class="pre">.../hostlib/a71ch/app</span></code>) and can be deployed in one of the following configurations:</p> |
| <ul class="simple"> |
| <li><p>Installed on a development PC communicating over TCP/IP with the embedded target</p></li> |
| <li><p>Standalone on an embedded target</p></li> |
| </ul> |
| <p>In <a class="reference internal" href="#se05x-legacy-cfg-tool-deploy"><span class="std std-ref">Tool deployment</span></a> we go into more detail on this.</p> |
| <p>Simply invoking the tool in standalone mode on an MCIMX6UL-EVKB board results in the following output (some output edited away):</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx6ulevk:~# ./a71chConfig_i2c_imx |
| a71chConfig (Rev 1.00) .. connect to A71CH. Chunksize at link layer = 256. |
| ... |
| Applet-Rev:SecureBox-Rev : 0x0131:0x0000 |
| **************************** |
| Usage: a71chConfig [apdu|debug|erase|gen|info|interactive|lock|rcrt|scp|set|wcrt|help] <OptArg> |
| apdu -cmd <hexval> -sw <hexval> |
| debug [permanently_disable_debug|reset] |
| ecrt -x <int> |
| erase [cnt|pair|pub|sym] -x <int> |
| gen pair -x <int> |
| get pub -c <hex_value> -x <int> -k <keyfile.pem> |
| info [all|cnt|device|objects|pair|pub|status] |
| info gp -h <hexvalue_offset> -n <segments> |
| interactive |
| lock [pair|pub] -x <int> |
| lock gp -h <hexvalue_offset> -n <segments> |
| lock inject_plain |
| obj erase -x <int> |
| obj get -x <int> [-h <hexvalue_offset>] [-s <hexvalue_size>] [-f <data.txt> -t [hex_16|hex_32]] |
| obj update -x <int> -h <hexvalue_offset> [-f <data.txt> -t [hex_16|hex_32] | -h <hexvalue_data>] |
| obj write -x <int> [-f <data.txt> -t [hex_16|hex_32] | -h <hexvalue_data> | -n <segments>] |
| rcrt -x <int> [-c <certfile.crt>] |
| refpem -c <hex_value> -x <int> [-k <keyfile.pem>] -r <ref_keyfile.pem> |
| script -f <script.txt> |
| scp [put|auth] -h <hexvalue_keyversion> -k <keyfile> |
| set gp -h <hexvalue_offset> -h <hexvalue_data> |
| set pair -x <int> [-k <keyfile.pem> | -h <hexvalue_pub> -h <hexvalue_priv>] [-w <hexvalue_wrap_key>] |
| set pub -x <int> [-k <keyfile.pem> | -h <hexvalue>] [-w <hexvalue_wrap_key>] |
| set [cfg|cnt|sym] -x <int> -h <hexvalue> [-w <hexvalue_wrap_key>] |
| transport [lock|unlock -h <hexvalue_tpkey>] |
| ucrt -x <int> [-c <certfile.crt> | -h <hexvalue_data> | -p <certfile.pem>] |
| wcrt -x <int> [-c <certfile.crt> | -h <hexvalue_data> | -p <certfile.pem>] [-n <padding-segments>] |
| **************************** |
| </pre></div> |
| </div> |
| <p>The tool provides an overview of the available command line options. |
| We’ll go into more detail on the syntax in <a class="reference internal" href="#se05x-legacy-cfg-tool-command"><span class="std std-ref">Command reference</span></a>.</p> |
| <p>The easiest way to get familiar with the A71CH configure tool is to open |
| it in interactive mode. Be sure to connect to an A71CH with the Debug |
| Mode still available so you can easily revert to the initial state of |
| the component. The following captures a session with a brand new A71CH |
| with the Debug Mode active:</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx6ulevk:~/axHostSw/linux# ./a71chConfig_i2c_imx interactive |
| a71chConfig (Rev 1.00) .. connect to A71CH. Chunksize at link layer = 256. |
| I2CInit: opening /dev/i2c-1 |
| I2C driver: PEC flag cleared |
| I2C driver supports plain i2c-level commands. |
| I2C driver supports Read Block. |
| SCI2C_ATR=0xB8.03.11.01.05.B9.02.01.01.BA.01.01.BB.0C.41.37.30.30.35.43.47.32.34.32.52.31.BC.00. |
| HostLib Version : 0x0130 |
| Applet-Rev:SecureBox-Rev : 0x0131:0x0000 |
| >>> info device |
| A71CH in Debug Mode Version (SCP03 is not set up) |
| selectResponse: 0x0131 |
| transportLockState: 0x03 (Transport Lock NOT YET set) |
| injectLockState: 0x02 (Unlocked) |
| gpStorageSize: 4096 |
| uid (LEN=18): |
| 47:90:51:68:47:91:12:10:23:41:00:53:66:96:47:51:48:12 |
| >>> info pair |
| Public Keys from ECC key pairs: |
| idx=0x00 n.a. |
| idx=0x01 n.a. |
| idx=0x02 n.a. |
| idx=0x03 n.a. |
| >>> gen pair -x 0 |
| >>> info pair |
| Public Keys from ECC key pairs: |
| idx=0x00 ECC_PUB (LEN=65): |
| 04:0A:81:86:1D:0C:E6:F6:E4:57:65:8B:51:92:E9:D1:CB:AF:96:12:C6:71:FB:79:F1:3D:C9:64:4D:56:CC:87: |
| 2E:8C:32:9B:0A:F8:BB:4B:79:56:7D:F0:9D:C2:D2:B8:96:E0:04:B7:D9:50:F5:EC:C2:50:99:25:6B:5B:4B:E1: |
| 3B |
| idx=0x01 n.a. |
| idx=0x02 n.a. |
| idx=0x03 n.a. |
| >>> quit |
| root@imx6ulevk:~/axHostSw/linux# |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="usage-modes"> |
| <h2><span class="section-number">10.5.2. </span>Usage modes<a class="headerlink" href="#usage-modes" title="Permalink to this headline">¶</a></h2> |
| <p>The A71CH Configure Tool can be used in:</p> |
| <ul class="simple"> |
| <li><p>Interactive mode. The tool opens a communication session with the A71CH, the user can issue |
| configure commands in this session. The syntax to be used is identical to the syntax used in the command line mode.</p></li> |
| <li><p>Command line mode: passing parameters as command line arguments. Each invocation of the |
| tool establishes a new communication session between Host and A71CH.</p></li> |
| <li><p>Batch file mode: this is a special variant of the command line mode |
| where multiple configure commands are bundled in a file that is passed |
| as a command line argument. All commands contained in the file are |
| handled in the same communication session between Host and A71CH.</p></li> |
| </ul> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>On POSIX platforms like LINUX or Cygwin the |
| interactive mode supports simple command line completion and command |
| history (navigateable with the up and down arrows). It also stores a |
| list of executed commands in a file called ‘a71chConfigCmdHistory.txt’.</p> |
| </div> |
| </div> |
| <div class="section" id="tool-deployment"> |
| <span id="se05x-legacy-cfg-tool-deploy"></span><h2><span class="section-number">10.5.3. </span>Tool deployment<a class="headerlink" href="#tool-deployment" title="Permalink to this headline">¶</a></h2> |
| <div class="section" id="hw-setup-for-imx"> |
| <h3><span class="section-number">10.5.3.1. </span>HW Setup for iMX<a class="headerlink" href="#hw-setup-for-imx" title="Permalink to this headline">¶</a></h3> |
| <p>The HW setup, when using the Configure tool is illustrated the following |
| figure. In case (1) the A71CH has not been integrated into an end-device |
| yet. In case (2) the A71CH is already integrated into the end-device |
| (e.g. an IoT Appliance) <img alt="HW Set-up" src="../_images/A71CH_PersoDevHw_iMX.svg" /></p> |
| </div> |
| <div class="section" id="hw-setup-for-kinetis"> |
| <h3><span class="section-number">10.5.3.2. </span>HW Setup for Kinetis<a class="headerlink" href="#hw-setup-for-kinetis" title="Permalink to this headline">¶</a></h3> |
| <p>For running the configure tool with a Kinetis system, USB-VCOM Interface |
| to PC is used. In this combination the VCOM |
| Application needs to be running on kinetis. For more information, see |
| <a class="reference internal" href="#se05x-legacy-cfg-tool-deploy-sw-kinetis"><span class="std std-ref">SW layers and communication for Kinetis</span></a>.</p> |
| </div> |
| <div class="section" id="sw-layers-and-communication-for-imx"> |
| <h3><span class="section-number">10.5.3.3. </span>SW layers and communication for iMX<a class="headerlink" href="#sw-layers-and-communication-for-imx" title="Permalink to this headline">¶</a></h3> |
| <p>In case the Configure Tool is installed on a development PC, the iMX6UL |
| must run an RJCT-server process that will deal with the unpacking of the |
| incoming commands and the communication over SCI2C with the A71CH. |
| <img alt="Configure Tool installed on PC" src="../_images/A71CH_PersoDevSW_PC_iMX.svg" /></p> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>Refer to <a class="reference internal" href="../appendix/rjct_server.html#se05x-rjct-server"><span class="std std-ref">JRCP_v1 Server</span></a> for |
| more information on the RJCT server.</p> |
| </div> |
| <p>In case the Configure Tool is installed on the embedded target, a |
| development PC will typically be used to run a console that provides |
| access via SSH to the embedded target. <img alt="Standalone Configure Tool on Embedded Target" src="../_images/A71CH_PersoDevSW_iMXOnly.svg" /></p> |
| </div> |
| <div class="section" id="sw-layers-and-communication-for-kinetis"> |
| <span id="se05x-legacy-cfg-tool-deploy-sw-kinetis"></span><h3><span class="section-number">10.5.3.4. </span>SW layers and communication for Kinetis<a class="headerlink" href="#sw-layers-and-communication-for-kinetis" title="Permalink to this headline">¶</a></h3> |
| <p>For Kinetis based embedded systems, the configuration tool can only be |
| run from the PC. Also, the configuration tool is only compiled with |
| OpenSSL (not with mbedTLS). VCOM needs to be |
| running on the Kinetis platform and the communication between HostPC and |
| Kinetis happens over USB VCOM.</p> |
| <p>The Kinetis platform will that care of SCI2C protocol communication with |
| the A71CH. <img alt="Configure Tool installed on PC for Kinetis" src="../_images/A71CH_Kinetis_OpenSSLConfig.jpg" /></p> |
| </div> |
| </div> |
| <div class="section" id="command-reference"> |
| <span id="se05x-legacy-cfg-tool-command"></span><h2><span class="section-number">10.5.4. </span>Command reference<a class="headerlink" href="#command-reference" title="Permalink to this headline">¶</a></h2> |
| <div class="section" id="overall-introduction"> |
| <h3><span class="section-number">10.5.4.1. </span>Overall introduction<a class="headerlink" href="#overall-introduction" title="Permalink to this headline">¶</a></h3> |
| <p>A command has the following general structure: a mandatory command name |
| <code class="docutils literal notranslate"><span class="pre"><cmd-n></span></code> is followed by an optional command qualifier <code class="docutils literal notranslate"><span class="pre"><cmd-q></span></code>, followed by ‘0 to n’ (option, value) pairs.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span><cmd-n> [<cmd-q>] [-option <option-value>]* |
| </pre></div> |
| </div> |
| <p>The command names <code class="docutils literal notranslate"><span class="pre"><cmd-n></span></code> are further listed and explained in |
| detail in the remainder of this section.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span><cmd-n> = {apdu, debug, erase, gen, info, ...} |
| </pre></div> |
| </div> |
| <p>Legal values for command qualifiers <code class="docutils literal notranslate"><span class="pre"><cmd-q></span></code> depend on the |
| actual command name <code class="docutils literal notranslate"><span class="pre"><cmd-n></span></code>.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span><cmd-q> = {cnt, gp, pair, pub, sym, ...} |
| cfg = configure key |
| cnt = monotonic counter |
| gp = general purpose data |
| pair = ECC key pair |
| pub = ECC public key |
| sym = Symmetric secret |
| |
| <cmd-q> = {permanently_disable_debug, reset, all, ...} |
| </pre></div> |
| </div> |
| <p>Legal (option, value) pairs again depend on the preceding <code class="docutils literal notranslate"><span class="pre"><cmd-n></span></code> or <code class="docutils literal notranslate"><span class="pre"><cmd-n></span> <span class="pre"><cmd-q></span></code>. |
| The order of the (option, value) pairs after the <code class="docutils literal notranslate"><span class="pre"><cmd-n></span></code> or <code class="docutils literal notranslate"><span class="pre"><cmd-n></span> <span class="pre"><cmd-q></span></code> needs |
| to be strictly respected. The type of the value, can be any of the following</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span><hexvalue> = [0-9A-F][0-9A-F]([0-9A-F][0-9A-F])* |
| examples of legal hexvalue's are |
| 0A0B0C0D |
| 00112233445566778899AABBCCDDEEFF |
| the following hexvalue's are not allowed |
| 0x0A0B0C0D # leading '0x' decorator is not supported |
| 0A1 # odd number of ascii characters is not supported |
| |
| <int> = integer (currently only positive integers are supported) |
| |
| <filename> = further explained with the individual commands |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="apdu"> |
| <h3><span class="section-number">10.5.4.2. </span>apdu<a class="headerlink" href="#apdu" title="Permalink to this headline">¶</a></h3> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>apdu -cmd <hexvalue> -sw <hexvalue> |
| </pre></div> |
| </div> |
| <p>The <code class="docutils literal notranslate"><span class="pre">apdu</span></code> command allows to exchange an APDU (in ‘raw’ |
| format) between the Host and the A71CH. It’s mandatory to specify the |
| expected status word that will be returned by the A71CH, if the actual |
| returned status word is different this will be flagged as an execution |
| error.</p> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>This low level command can be used to extend the |
| functionality of the Config Tool. In order to use this command one needs |
| to consult the A71CH APDU specification. This command is not required |
| for normal provisioning use cases.</p> |
| </div> |
| <p>In the following example the host requests the A71CH the SHA256 value of |
| “F0F1F2F3”. The APDU command and response are printed on the console. |
| The last two byte contained in the response</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> apdu -cmd 8096000004F0F1F2F300 -sw 9000 |
| cmd (LEN=10): |
| 8096000004F0F1F2F300 |
| rsp (LEN=34): |
| FEA4CE6719F1FDB6D2E30CFB86C2E797DBD4A3247FF2B0EFC15A814C5B25C75E9000 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="connect"> |
| <h3><span class="section-number">10.5.4.3. </span>connect<a class="headerlink" href="#connect" title="Permalink to this headline">¶</a></h3> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>connect [close|open] |
| </pre></div> |
| </div> |
| <p>The <code class="docutils literal notranslate"><span class="pre">connect</span></code> command allows to close or re-open the |
| connection with an attached secure element. This command can be used in |
| an interactive workflow where several instance of an A71CH are being |
| configured. Before detaching a configured A71CH one calls |
| <code class="docutils literal notranslate"><span class="pre">connect</span> <span class="pre">close</span></code>; after attaching another |
| A71CH one calls <code class="docutils literal notranslate"><span class="pre">connect</span> <span class="pre">open</span></code>.</p> |
| <p>In the following example a connection is opened.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> connect open |
| I2CInit: opening /dev/i2c-1 |
| I2C driver: PEC flag cleared |
| I2C driver supports plain i2c-level commands. |
| I2C driver supports Read Block. |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="debug"> |
| <h3><span class="section-number">10.5.4.4. </span>debug<a class="headerlink" href="#debug" title="Permalink to this headline">¶</a></h3> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>debug [permanently_disable_debug|reset] |
| </pre></div> |
| </div> |
| <p>The <code class="docutils literal notranslate"><span class="pre">debug</span></code> command can be used to permanently switch of |
| the Debug Mode of the A71CH (the Debug Mode of the A71CH is a convience |
| mode that can be used during product development). It can also be used - |
| assuming the Debug Mode is still on - to bring the A71CH back to its |
| initial state.</p> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>Issuing a debug reset also erases all stored |
| credentials.</p> |
| </div> |
| <p>In the following example a debug reset is issued.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> debug reset |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="ecrt"> |
| <h3><span class="section-number">10.5.4.5. </span>ecrt<a class="headerlink" href="#ecrt" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">ecrt</span></code> command erases a certificate |
| from the GP storage area by index.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>ecrt -x <int> |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The valid index range for certificates is is limited |
| only by memory size.</p> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">ecrt</span></code> example the |
| certificate at index 3 is erased from the A71CH.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> ecrt -x 3 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="erase"> |
| <h3><span class="section-number">10.5.4.6. </span>erase<a class="headerlink" href="#erase" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">erase</span></code> command erases (deletes the value) of the |
| specified stored credential. A locked credential can not be erased. |
| Erasing a monotonic counter value is only possible when the Debug Mode |
| of the A71CH is available.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>erase [cnt|pair|pub|sym] -x <int> |
| </pre></div> |
| </div> |
| <p>In the following example the ECC key pair stored on index 0 is erased.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>erase pair -x 0 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="gen"> |
| <h3><span class="section-number">10.5.4.7. </span>gen<a class="headerlink" href="#gen" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">gen</span></code> command makes the A71CH create a valid ECC key |
| pair on the indicated index.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>gen pair -x <int> |
| </pre></div> |
| </div> |
| <p>In the following example a new ECC keypair is created and stored on |
| index 1</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>gen pair -x 1 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="get"> |
| <h3><span class="section-number">10.5.4.8. </span>get<a class="headerlink" href="#get" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">get</span></code> command retrieves the public key value from |
| either a public key or key pair at the index passed as argument and |
| stores it - in pem format - in a file provided as argument.</p> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The parameter passed after the c option represents |
| the key type and can be either 0x10 for public pair or 0x20 for public |
| key.</p> |
| </div> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>get pub -c <hex_value> -x <int> -k <keyfile.pem> |
| </pre></div> |
| </div> |
| <p>In the following example the ECC public key stored at index 0 is stored |
| to PEM file keyfile.pem</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>get pub -c 20 -x 0 -k keyfile.pem |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="info"> |
| <h3><span class="section-number">10.5.4.9. </span>info<a class="headerlink" href="#info" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">info</span></code> command can be used to echo the value and/or |
| status of the A71CH or its stored credentials to the console. Issuing an |
| ‘info all’ will echo the same information as issuing ‘info device’, |
| ‘info cnt’, ‘info pair’, ‘info pub’, ‘info gp -h 0000 -n <all>’ in |
| sequence. The value of secret credentials like the private part of a |
| keypair, a symmetric key or a configuration key can not be retrieved |
| from the A71CH. The ‘info status’ command will report on the |
| Initialized/Empty and Locked/Open status of all credentials. It’s |
| possible to echo the value of consecutive 32 byte data segments from |
| general purpose data storage by specifying the hexadecimal offset |
| (specified with 4 hexadecimal digits) into the data store and the amount |
| of segments to display.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>info [all|device|cnt|pair|pub|sym|status] |
| info gp -h <hexvalue_offset> -n <segments> |
| </pre></div> |
| </div> |
| <p>In the following example the credential status is requested. The output |
| corresponds to the status of a new device.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info status |
| SCP03 is Not enabled |
| Key Pair status: |
| Index=0: Empty Open |
| Index=1: Empty Open |
| Index=2: Empty Open |
| Index=3: Empty Open |
| Public Key status: |
| Index=0: Empty Open |
| Index=1: Empty Open |
| Index=2: Empty Open |
| Config Key status: |
| Index=0: Empty Open |
| Index=1: Empty Open |
| Index=2: Empty Open |
| Sym Secret status: |
| Index=0: Empty Open |
| Index=1: Empty Open |
| Index=2: Empty Open |
| Index=3: Empty Open |
| Counter status: |
| Index=0: Initialized Open |
| Index=1: Initialized Open |
| Certificate Objects: |
| 0 Absolute offset = 0x00 Actual Size = 0x313 |
| 1 Absolute offset = 0x320 Actual Size = 0x313 |
| Data Objects: |
| 0 Absolute offset = 0x640 Actual Size = 0x09 |
| 1 Absolute offset = 0x660 Actual Size = 0x09 |
| General Purpose Storage status: |
| Offset=0x0000: Open Offset=0x0020: Open Offset=0x0040: Open Offset=0x0060: Open |
| Offset=0x0080: Open Offset=0x00A0: Open Offset=0x00C0: Open Offset=0x00E0: Open |
| Offset=0x0100: Open Offset=0x0120: Open Offset=0x0140: Open Offset=0x0160: Open |
| Offset=0x0180: Open Offset=0x01A0: Open Offset=0x01C0: Open Offset=0x01E0: Open |
| Offset=0x0200: Open Offset=0x0220: Open Offset=0x0240: Open Offset=0x0260: Open |
| Offset=0x0280: Open Offset=0x02A0: Open Offset=0x02C0: Open Offset=0x02E0: Open |
| Offset=0x0300: Open Offset=0x0320: Open Offset=0x0340: Open Offset=0x0360: Open |
| Offset=0x0380: Open Offset=0x03A0: Open Offset=0x03C0: Open Offset=0x03E0: Open |
| </pre></div> |
| </div> |
| <p>In the following example the contents from two 32 byte data segments is |
| requested starting from general purpose storage offset 0x0010:</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info gp -h 0010 -n 2 |
| GP Storage Data (2 segments from offset 0x0010): |
| 0x0010 (LEN=32): 0000000000000000000000000000000000000000000000000000000000000000 |
| 0x0030 (LEN=32): 0000000000000000000000000000000000000000000000000000000000000000 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="interactive"> |
| <h3><span class="section-number">10.5.4.10. </span>interactive<a class="headerlink" href="#interactive" title="Permalink to this headline">¶</a></h3> |
| <p>Used to start the interactive mode from the command line</p> |
| </div> |
| <div class="section" id="lock"> |
| <h3><span class="section-number">10.5.4.11. </span>lock<a class="headerlink" href="#lock" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">lock</span></code> commands allows to lock individual credentials |
| (ECC public keys and ECC key pairs). It allows to lock data segments of |
| 32 byte in general purpose storage (on offsets that are multiples of |
| 0x0020). It’s also possible to forbid the injection of unwrapped ECC |
| public keys, ECC key pairs and symmetric secrets at the device level.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>lock [pair|pub] -x <int> |
| lock gp -h <hexvalue_offset> -n <segments> |
| lock inject_plain |
| </pre></div> |
| </div> |
| <p>The following example locks the ECC key pair at index 0</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> lock pair -x 0 |
| </pre></div> |
| </div> |
| <p>The following example locks 2 data segments of 32 byte in general |
| purpose data storage starting from offset 0x0060</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> lock gp -h 0060 -n 2 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="obj-erase"> |
| <h3><span class="section-number">10.5.4.12. </span>obj erase<a class="headerlink" href="#obj-erase" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">erase</span></code> command erases the object |
| at the provided index.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>obj erase -x <int> |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>Upon erasing an object it cannot be reconstructed.</p> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">erase</span></code> example the |
| object at index 0 is erased.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> obj erase -x 0 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="obj-get"> |
| <h3><span class="section-number">10.5.4.13. </span>obj get<a class="headerlink" href="#obj-get" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">get</span></code> command gets the value of a |
| data object, it retrieves the data from a specific offset within the |
| data object (fetching the specified amount of byte). Optionally, the |
| data is written to file. The type file could be 16 or 32 bytes at a |
| line. If no type is specified the default would be 32 bytes.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>obj get -x <int> [-h <hexvalue_offset>] [-s <hexvalue_size>] [-f <data.txt> -t [hex_16|hex_32]] |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The offset is relative to the start location of the |
| object and must be specified as a 4 digit hexadecimal value.</p> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">get</span></code> example the |
| value of the object at index 0 is read out.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> obj get -x 0 -h 0000 -s 0009 |
| >>> 112233445566778899 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="obj-update"> |
| <h3><span class="section-number">10.5.4.14. </span>obj update<a class="headerlink" href="#obj-update" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">update</span></code> command updates the value |
| of a data object. It updates the data relative to an internal offset |
| passed as a parameter. The data can be passed on the command line or be |
| contained in a file.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>obj update -x <int> -h <hexvalue_offset> [-f <data.txt> -t [hex_16|hex_32] | -h <hexvalue_data>] |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The data in the file must be binary and not textual. |
| An object must already exist at the specified index. If data is read |
| from file it can be set with lines in length of 16 or 32 bytes (i.e. |
| hex_16 or hex_32). The default value is lines of 32 bytes.</p> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">update</span></code> example the |
| value of the object at index 0 is updated.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> obj update -x 0 -h 0000 -h 998877665544332211 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="obj-write"> |
| <h3><span class="section-number">10.5.4.15. </span>obj write<a class="headerlink" href="#obj-write" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">write</span></code> command creates an object. |
| The value of the object to be created can be passed on the command line |
| or contained in a file. When using the <code class="docutils literal notranslate"><span class="pre">-n</span></code> option the |
| requested segments will be reserved for the data object and filled with |
| zeros. If data is read from file it can be set with lines in length of |
| 16 or 32 bytes (i.e. hex_16 or hex_32). The default value is lines of |
| 32 bytes.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>obj write -x <int> [-f <data.txt> -t [hex_16|hex_32] | -h <hexvalue_data> | -n <segments>] |
| </pre></div> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">write</span></code> example an |
| zero filled object is created at index 0 with a size of 5 segments.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> obj write -x 0 -n 5 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="rcrt"> |
| <h3><span class="section-number">10.5.4.16. </span>rcrt<a class="headerlink" href="#rcrt" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">rcrt</span></code> command reads a certificate |
| from the GP storage area by index. Optionally, the command can save the |
| certificate read to a CRT file.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>rcrt -x <int> [-c <certfile.crt>] |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The certificate data will be presented whether it was |
| written to a file or not. The valid index range for certificates is is |
| limited only by memory size.</p> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">rcrt</span></code> example the |
| certificate at index 3 is read from the A71CH, upon success it is also |
| written to a CRT file.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> rcrt -x 3 -c certificate.crt |
| CER_DATA (LEN=520): |
| 30820204308201A9020900CFD5820FFEC40937300A06082A8648CE3D04030230 |
| 8189310B30090603550406130242453116301406035504080C0D566C61616D73 |
| 42726162616E74310F300D06035504070C064C657576656E3111300F06035504 |
| 0A0C084E58502D44656D6F31163014060355040B0C0D4E58502D44656D6F2D55 |
| 6E6974310D300B06035504030C0464656D6F3117301506092A864886F70D0109 |
| 01160864656D6F406E7870301E170D3135313230373130353132395A170D3136 |
| 313230363130353132395A308188310B30090603550406130242453116301406 |
| 035504080C0D566C61616D7342726162616E74310F300D06035504070C064C65 |
| 7576656E310E300C060355040A0C05697063616D31123010060355040B0C0969 |
| 7063616D556E69743112301006035504030C09697063616D44656D6F31183016 |
| 06092A864886F70D0109011609697063616D406E78703059301306072A8648CE |
| 3D020106082A8648CE3D03010703420004DB4CDB6C5A96C1615895095222AA0E |
| A3BC6F9E714D6438F0B120D691F18D7E7410EE04BE71D33A2D8B2D3B66F7174A |
| 9654536965AFD2ABADB55269C6A6C0085E300A06082A8648CE3D040302034900 |
| 304602210083AA91AE33396825D560390952AEE91C64814C7CA681BA50589558 |
| D681F974270221009BA1CF31A823B96C391E3C4F839666AECE9949639D796B24 |
| A5B987A92E6F1CFA |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="refpem"> |
| <h3><span class="section-number">10.5.4.17. </span>refpem<a class="headerlink" href="#refpem" title="Permalink to this headline">¶</a></h3> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The reference keys created by the <code class="docutils literal notranslate"><span class="pre">refpem</span></code> command are <strong>only</strong> compatible with the |
| A71CH OpenSSL Engine based upon the A71CH Legacy API. The A71CH OpenSSL Engine based |
| upon the SSS API use a different reference key format, these keys must be created with |
| the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool.</p> |
| </div> |
| <p>The <code class="docutils literal notranslate"><span class="pre">refpem</span></code> command allows to create A71CH OpenSSL Engine |
| specific reference pem files. It can be used in a mode that fetches the |
| public key value from the attached A71CH:</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>refpem -c <hex_value> -x <int> -r <ref_keyfile.pem> |
| </pre></div> |
| </div> |
| <p>Or it can be used in a ‘not-connected’ mode that fetches the public key |
| value from a pem file (containing an EC key pair) supplied as an |
| argument.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>refpem -c <hex_value> -x <int> -k <keyfile.pem> -r <ref_keyfile.pem> |
| </pre></div> |
| </div> |
| <p>The value following the <code class="docutils literal notranslate"><span class="pre">-c</span></code> switch must be either 10 |
| (create a reference to a key pair) or 20 (create a reference to a public |
| key). The value following the <code class="docutils literal notranslate"><span class="pre">-x</span></code> switch is the storage |
| index of either key pair or public key.</p> |
| <p>The following command creates a reference pem file |
| ‘my_ref_keyfile.pem’ referring to a keypair stored at index 1.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>refpem -c 10 -x 1 -r my_ref_keyfile.pem |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="script"> |
| <h3><span class="section-number">10.5.4.18. </span>script<a class="headerlink" href="#script" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">script</span></code> command can be used to issue the Configure |
| tool commands contained in a file.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>script -f <script.txt> |
| </pre></div> |
| </div> |
| <p>An example of script file (script_example.txt)</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx6ulevk:~# cat script_example.txt |
| # Simple example script |
| info pair |
| gen pair -x 0 |
| info pair # This will illustrate a key pair was created |
| </pre></div> |
| </div> |
| <p>The following example issues the commands contained in the script file |
| above (script_example.txt)</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> script -f script_example.txt |
| >> # Simple example script |
| |
| >> info pair |
| |
| Public Keys from ECC key pairs: |
| idx=0x00 n.a. |
| idx=0x01 n.a. |
| >> gen pair -x 0 |
| |
| >> info pair # This will illustrate a key pair was created |
| |
| Public Keys from ECC key pairs: |
| idx=0x00 ECC_PUB (LEN=65): |
| 04:A4:B3:3B:A3:D4:23:BD:19:C3:CB:20:DB:6F:D3:80:46:73:06:56:2F:83:B2:B1:AE:86:9A:EF:E9:7A:62:A3: |
| 04:E7:C1:42:31:97:D5:19:5A:80:27:74:DC:20:EC:B7:93:9B:E5:C1:22:22:6B:E3:49:A4:FB:3A:5C:26:08:85: |
| B5 |
| idx=0x01 n.a. |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="scp"> |
| <h3><span class="section-number">10.5.4.19. </span>scp<a class="headerlink" href="#scp" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">scp</span></code> command can be used to write a set of SCP03 keys |
| to the A71CH (‘scp put …’) or to establish an active SCP03 channel |
| between Host and A71CH (‘scp auth …’). The ‘scp clear_host’ command |
| will force the Host to issue commands in the clear again.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>scp [put|auth] -h <hexvalue_keyversion> -k <keyfile> |
| scp clear_host |
| </pre></div> |
| </div> |
| <p>An example of a keyfile containing a set of SCP03 keys:</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx6ulevk:~# cat scp_keyfile_example.txt |
| # This is a comment, empty lines and comment lines allowed. |
| ENC AA112233445566778899AABBCCDDEEFF # Trailing comment |
| MAC BB112233445566778899AABBCCDDEEFF # Optional trailing comment |
| DEK CC112233445566778899AABBCCDDEEFF # Optional trailing comment |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="set"> |
| <h3><span class="section-number">10.5.4.20. </span>set<a class="headerlink" href="#set" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">set</span></code> command can be used to set a credential stored |
| on the A71CH to a specific value.</p> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>The <code class="docutils literal notranslate"><span class="pre">set</span> <span class="pre">gp</span></code> command |
| can only be used to set a maximum of 32 byte of data at a time.</p> |
| <p>The value of a key pair or public key can either be |
| passed as command line parameters or be contained in a pem-file |
| (containing an EC key pair).</p> |
| <p>The command line value |
| of the private key (set by the <code class="docutils literal notranslate"><span class="pre">set</span> <span class="pre">pair</span></code> |
| command) can be either in the clear or wrapped with the Configuration |
| key stored at index 1. Wrapping is according to |
| <a class="reference external" href="https://tools.ietf.org/html/rfc3394">RFC3394</a>.</p> |
| <p>The command line value of the public key (set by the |
| <code class="docutils literal notranslate"><span class="pre">set</span> <span class="pre">pub</span></code> command) can be either in the |
| clear or wrapped with the Configuration key stored at index 2. In case |
| <a class="reference external" href="https://tools.ietf.org/html/rfc3394">RFC3394</a> wrapping is applied |
| the first byte of the public key (the one indicating the public key |
| format) is removed before applying wrapping.</p> |
| <p>The |
| value of the configure key, the monotonic counter or the symmetric |
| secret can only be passed explicitly as a command line parameter. The |
| configure and symmetric keys can also be set wrapped (with the stored |
| value of the key) according to |
| <a class="reference external" href="https://tools.ietf.org/html/rfc3394">RFC3394</a>.</p> |
| <p>Whether an argument is wrapped is implicit in the |
| lenght of the provided argument.</p> |
| </div> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>set gp -h <hexvalue_offset> -h <hexvalue_data> |
| set pair -x <int> [-k <keyfile.pem> | -h <hexvalue_pub> -h <hexvalue_priv>] |
| set pub -x <int> [-k <keyfile.pem> | -h <hexvalue>] |
| set [cfg|cnt|sym] -x <int> -h <hexvalue> |
| </pre></div> |
| </div> |
| <p>The following example writes 5 byte of data at offset 0004 into the |
| General Purpose data store. The data written (4137314348) is the |
| equivalent of the ASCII encoding of the string ‘A71CH’. The command |
| itself is preceded and followed by an info statement covering the |
| general purpose storage segment of interest.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info gp -h 0000 -n 1 |
| GP Storage Data (1 segments from offset 0x0000): |
| 0x0000 (LEN=32): 0000000000000000000000000000000000000000000000000000000000000000 |
| >>> set gp -h 0004 -h 4137314348 |
| >>> info gp -h 0000 -n 1 |
| GP Storage Data (1 segments from offset 0x0000): |
| 0x0000 (LEN=32): 0000000041373143480000000000000000000000000000000000000000000000 |
| </pre></div> |
| </div> |
| <p>The following example set the key pair at index 1 from the value |
| contained in file keyfile_ecc_nist_256_1.pem. The command itself is |
| preceded and followed by an info statement on the stored key pairs.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info pair |
| Public Keys from ECC key pairs: |
| idx=0x00 n.a. |
| idx=0x01 n.a. |
| >>> set pair -x 1 -k keyfile_ecc_nist_256_1.pem |
| ECCPrivateKey (LEN=32): |
| 21:AF:C1:1E:F5:64:61:3D:2E:96:4D:8B:93:19:CC:AB:38:E0:7A:6E:35:3A:21:A3:D1:69:8B:19:13:DF:1D:FF |
| |
| ECCPublicKey (LEN=65): |
| 04:74:E2:1E:54:6C:C1:9E:31:58:55:B6:D5:45:D3:0D:3F:48:79:D4:64:5D:3F:67:73:75:FB:0B:2C:80:43:1E: |
| 8D:34:95:71:0E:71:E1:E3:F8:93:62:75:B4:AC:F1:52:E3:DE:55:CC:1D:86:5E:B0:D1:22:A8:CF:35:EC:47:31: |
| F8 |
| >>> info pair |
| Public Keys from ECC key pairs: |
| idx=0x00 n.a. |
| idx=0x01 ECC_PUB (LEN=65): |
| 04:74:E2:1E:54:6C:C1:9E:31:58:55:B6:D5:45:D3:0D:3F:48:79:D4:64:5D:3F:67:73:75:FB:0B:2C:80:43:1E: |
| 8D:34:95:71:0E:71:E1:E3:F8:93:62:75:B4:AC:F1:52:E3:DE:55:CC:1D:86:5E:B0:D1:22:A8:CF:35:EC:47:31: |
| F8 |
| |
| The value contained in file keyfile\_ecc\_nist\_256\_1.pem is |
| </pre></div> |
| </div> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>$ cat keyfile_ecc_nist_256_1.pem |
| -----BEGIN EC PRIVATE KEY----- |
| MHcCAQEEICGvwR71ZGE9LpZNi5MZzKs44HpuNToho9FpixkT3x3/oAoGCCqGSM49 |
| AwEHoUQDQgAEdOIeVGzBnjFYVbbVRdMNP0h51GRdP2dzdfsLLIBDHo00lXEOceHj |
| +JNidbSs8VLj3lXMHYZesNEiqM817Ecx+A== |
| -----END EC PRIVATE KEY----- |
| </pre></div> |
| </div> |
| <p>The following example sets the public key at index 0 to the provided |
| public key value (in the clear, ANSI X9.62 uncompressed format). The |
| command itself is preceded and followed by an info statement on the |
| stored public key.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info pub |
| Public Keys: |
| idx=0x00 n.a. |
| idx=0x01 n.a. |
| >>> set pub -x 0 -h 043802B1164C30860AC913F5F997B84158C40CFFCC1D3A4359BC22574A4FC95E628933A9E95820AD6B96A1DA106BDD5D6A8E556A78AE959C59336FE53E3A1D9ED4 |
| >>> info pub |
| Public Keys: |
| idx=0x00 ECC_PUB (LEN=65): |
| 04:38:02:B1:16:4C:30:86:0A:C9:13:F5:F9:97:B8:41:58:C4:0C:FF:CC:1D:3A:43:59:BC:22:57:4A:4F:C9:5E: |
| 62:89:33:A9:E9:58:20:AD:6B:96:A1:DA:10:6B:DD:5D:6A:8E:55:6A:78:AE:95:9C:59:33:6F:E5:3E:3A:1D:9E: |
| D4 |
| idx=0x01 n.a. |
| </pre></div> |
| </div> |
| <p>The following example sets the monotonic counter at index 0 to 00E0. The |
| command itself is preceded and followed by an info statement on the |
| stored monotonic counters.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info cnt |
| Monotonic counter values: |
| idx=0x00 0x00000000 |
| idx=0x01 0x00000000 |
| >>> set cnt -x 0 -h 000000E0 |
| >>> info cnt |
| Monotonic counter values: |
| idx=0x00 0x000000E0 |
| idx=0x01 0x00000000 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="transport"> |
| <h3><span class="section-number">10.5.4.21. </span>transport<a class="headerlink" href="#transport" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">transport</span> <span class="pre">lock</span></code> command can be used |
| to enable the transport lock on the A71CH. To disable the transport lock |
| one needs to pass the transport key as an option value to the |
| <code class="docutils literal notranslate"><span class="pre">transport</span> <span class="pre">unlock</span></code> command.</p> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>A precondition to enable the transport lock is that |
| the Transport Configuration key has been set: use ‘set cfg -x 0 -h |
| <hexvalue_tpkey>’ to achieve this. Furthermore the transport lock / |
| unlock cycle can only be initiated once.</p> |
| </div> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>transport [lock|unlock -h <hexvalue_tpkey>] |
| </pre></div> |
| </div> |
| <p>The following example sets the Transport Configuration key, locks the |
| device and finally unlocks the device. The <code class="docutils literal notranslate"><span class="pre">info</span> <span class="pre">device</span></code> command is used to illustrate the value of the |
| transportLockState of the device.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> info device |
| ... |
| transportLockState: 0x03 (Transport Lock NOT YET set) |
| ... |
| >>> set cfg -x 0 -h AA112233445566778899AABBCCDDEEFF |
| >>> transport lock |
| >>> info device |
| ... |
| transportLockState: 0x01 (Transport Lock is set) |
| ... |
| >>> transport unlock -h AA112233445566778899AABBCCDDEEFF |
| >>> info device |
| A71CH in Debug Mode Version (SCP03 is not set up) |
| selectResponse: 0x0111 |
| transportLockState: 0x02 (Open device, Transport Lock can no longer be set) |
| injectLockState: 0x02 (Unlocked) |
| gpStorageSize: 1024 |
| uid (LEN=18): |
| 47:90:70:02:47:91:12:10:20:89:00:50:36:91:64:23:00:00 |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="ucrt"> |
| <h3><span class="section-number">10.5.4.22. </span>ucrt<a class="headerlink" href="#ucrt" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">ucrt</span></code> command updates a certificate |
| to the GP storage area by index. The certificate can be provided as raw |
| data (-h option), as a file in PEM format (-p option) or as a file in |
| DER format (-c option).</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>ucrt -x <int> [-c <certfile.crt> | -h <hexvalue_data> | -p <certfile.pem>] |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>In case the certificate to be written is in PEM |
| format it will be stored into the A71CH in DER format. The valid index |
| range for certificates is is limited only by memory size.</p> |
| </div> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">ucrt</span></code> example a certificate contained in |
| a PEM file (c:\certificate.pem) is stored into the A71CH at index 3.</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> ucrt -x 3 -p c:\certificate.pem |
| Filename: c:\certificate.pem |
| Certificate Size (DER format) = 493 byte |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="wcrt"> |
| <h3><span class="section-number">10.5.4.23. </span>wcrt<a class="headerlink" href="#wcrt" title="Permalink to this headline">¶</a></h3> |
| <p>The <code class="docutils literal notranslate"><span class="pre">wcrt</span></code> command writes a certificate to |
| the GP storage area by index. The certificate can be provided as raw |
| data (-h option), as a file in PEM format (-p option) or as a file in |
| DER format (-c option).</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>wcrt -x <int> [-c <certfile.crt> | -h <hexvalue_data> | -p <certfile.pem>] [-n <padding-segments>] |
| </pre></div> |
| </div> |
| <div class="admonition note"> |
| <p class="admonition-title">Note</p> |
| <p>Writing to an existing index will fail. Use the |
| <code class="docutils literal notranslate"><span class="pre">ucrt</span></code> command to update the certificate |
| (taking into account certificate size constraints) or use the |
| <code class="docutils literal notranslate"><span class="pre">ecrt</span></code> command to erase and then write the |
| new certificate. The valid index range for certificates is is limited |
| only by memory size. Using padding segments parameter creates an extra |
| place holder for future updates with larger certificates at the same |
| index without the need for erasing it first.</p> |
| <p>In case the certificate to be written is in PEM |
| format it will be stored into the A71CH in DER format.</p> |
| <p>The <code class="docutils literal notranslate"><span class="pre">rcrt</span></code> command |
| allows to read out a certificate by index.</p> |
| <p>In the following <code class="docutils literal notranslate"><span class="pre">wcrt</span></code> example a certificate contained in |
| a PEM file (c:\certificate.pem) is stored into the A71CH at index 3.</p> |
| </div> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>>>> wcrt -x 3 -p c:\certificate.pem |
| Filename: c:\certificate.pem |
| Certificate Size (DER format) = 493 byte |
| </pre></div> |
| </div> |
| </div> |
| </div> |
| <div class="section" id="not-connected-mode"> |
| <h2><span class="section-number">10.5.5. </span>Not connected mode<a class="headerlink" href="#not-connected-mode" title="Permalink to this headline">¶</a></h2> |
| <p>When starting up the A71CH Configure Tool it is possible to indicate no |
| attached A71CH device is required. This is achieved by preceding the |
| command (on the command line only) by the keyword <code class="docutils literal notranslate"><span class="pre">nc</span></code> |
| (not connected).</p> |
| <p>Currently the only application of this feature is the creation of |
| Reference Pem files where the public key value is contained in a Pem |
| file (containing an EC key pair) passed as argument.</p> |
| <p>The following command creates a reference pem file |
| ‘my_ref_keyfile.pem’ referring to a public key (stored or to be |
| stored) at index 0 whose value is contained in ‘kp_keyfile.pem’</p> |
| <div class="highlight-text notranslate"><div class="highlight"><pre><span></span>root@imx6ulevk:~# ./a71chConfig_i2c_imx nc refpem -c 20 -x 0 -k kp_keyfile.pem -r my_ref_keyfile.pem |
| a71chConfig (Rev 0.94) .. NOT connecting to A71CH. |
| ECCPublicKey (LEN=65): |
| 04:7C:59:16:D4:F5:46:B3:D3:17:20:78:F8:AD:41:84:9A:79:46:6B:5B:0B:FC:39:3D:4C:E1:A8:53:F5:4F:8D: |
| C2:98:65:F8:84:E9:9E:28:38:09:FF:29:34:B6:97:27:DB:6C:0A:F3:79:B0:D7:2C:16:25:B5:CB:B8:A2:CB:70: |
| 89 |
| </pre></div> |
| </div> |
| </div> |
| </div> |
| |
| |
| </div> |
| |
| </div> |
| </div> |
| <footer class="footer"> |
| <div class="container"> |
| <p class="pull-right"> |
| <a href="#">Back to top</a> |
| |
| </p> |
| <p> |
| © Copyright 2018-2020, NXP.<br/> |
| Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/> |
| </p> |
| </div> |
| </footer> |
| </body> |
| </html> |