Debug Authentication API
Debug Authentication module provides debugging for securely provisioned devices.
DAT module general information
This module contains support for Debug Authentication Tool.
Module for generating debug credentials
Module with DebugCredential class.
- class spsdk.dat.debug_credential.DebugCredential(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
object
Base class for DebugCredential.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- FORMAT = 'INVALID_FORMAT'
- FORMAT_NO_SIG = 'INVALID_FORMAT'
- HASH_LENGTH = 32
- SOCC_FORMAT = ''
- SOCC_LIST = {0: 'i.MXRT595, i.MXRT685', 1: 'LPC550x, LPC55s0x, LPC551x, LPC55s1x, LPC552x, LPC55s2x, LPC55s6', 4: 'LPC55s3', 5: 'KW45xx/K32W1xx', 1381237916: 'i.MXRT118x'}
- VERSION = '0.0'
- classmethod create_from_yaml_config(version, yaml_config, search_paths=None)
Create a debug credential object out of yaml configuration.
- Parameters
version (
str
) – Debug Authentication protocol version.yaml_config (
dict
) – Debug credential file configuration.search_paths (
Optional
[List
[str
]]) – List of paths where to search for the file, defaults to None
- Return type
- Returns
DebugCredential object
- export()
Export to binary form (serialization).
- Return type
bytes
- Returns
binary representation of the debug credential
- Raises
SPSDKError – When Debug Credential Signature is not set, call the .sign method first
- classmethod get_instance_from_challenge(data)
Returns instance of class from DAP authentication challenge data.
- Return type
- Returns
Instance of this class.
- get_rotkh()
Get Root Of Trust Keys Hash.
- Return type
bytes
- Returns
RoTKH in bytes
- Raises
NotImplementedError – Derived class has to implement this method
- static get_socc_description(version, socc)
Get SOCC family name description.
- Parameters
version (
str
) – Protocol versionsocc (
int
) – SOCC number
- Return type
str
- Returns
SOCC string representation
- info()
String representation of DebugCredential.
- Return type
str
- Returns
binary representation of the debug credential
- classmethod parse(data, offset=0)
Parse the debug credential.
- Parameters
data (
bytes
) – Raw data as bytesoffset (
int
) – Offset of input data
- Return type
- Returns
DebugCredential object
- sign()
Sign the DC data using SignatureProvider.
- Return type
None
- class spsdk.dat.debug_credential.DebugCredentialECC(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredential
Class for ECC specific of DebugCredential.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 0
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP256R1 object>
- property FORMAT: str
Formatting string.
- Return type
str
- property FORMAT_NO_SIG: str
Formatting string without signature.
- Return type
str
- HASH_LENGTH = 0
- HASH_SIZES = {32: 256, 48: 384, 66: 512}
- KEY_LENGTH = 0
- static calculate_flags(used_root_cert, rot_pub_keys)
Calculates flags in rotmeta.
- Return type
bytes
- static create_ctrk_table(rot_pub_keys)
Creates ctrk table.
- Return type
bytes
- export()
Export to binary form (serialization).
- Return type
bytes
- classmethod get_instance_from_challenge(data)
Returns instance of class from DAP authentication challenge data.
- Return type
- Returns
Instance of this class.
- get_rotkh()
Get Root Of Trust Keys Hash.
- Return type
bytes
- Returns
RoTKH in bytes
- info()
String representation of DebugCredential.
- Return type
str
- Returns
binary representation of the debug credential
- classmethod parse(data, offset=0)
Parse the debug credential.
- Parameters
data (
bytes
) – Raw data as bytesoffset (
int
) – Offset of input data
- Return type
- Returns
DebugCredential object
- Raises
SPSDKError – When flag is invalid
- sign()
Sign the DC data using SignatureProvider.
- Return type
None
- class spsdk.dat.debug_credential.DebugCredentialECC256(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialECC
DebugCredential class for LPC55s3x for version 2.0 (p256).
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 32
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP256R1 object>
- HASH_LENGTH = 32
- KEY_LENGTH = 256
- VERSION = '2.0'
- class spsdk.dat.debug_credential.DebugCredentialECC384(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialECC
DebugCredential class for LPC55s3x for version 2.1 (p384).
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 48
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP384R1 object>
- HASH_LENGTH = 48
- KEY_LENGTH = 384
- VERSION = '2.1'
- class spsdk.dat.debug_credential.DebugCredentialECC521(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialECC
DebugCredential class for LPC55s3x for version 2.1 (p384).
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 66
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP521R1 object>
- HASH_LENGTH = 66
- KEY_LENGTH = 521
- VERSION = '2.2'
- class spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclave(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialECC
EdgeLock Class.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 0
- property FORMAT: str
Formatting string.
- Return type
str
- property FORMAT_NO_SIG: str
Formatting string without signature.
- Return type
str
- HASH_LENGTH = 0
- KEY_LENGTH = 0
- SOCC_FORMAT = '08X'
- static create_srk_table(rot_pub_keys)
Creates ctrk table.
- Return type
bytes
- export()
Export to binary form (serialization).
- Return type
bytes
- classmethod get_instance_from_challenge(data)
Returns instance of class from DAP authentication challenge data.
- Return type
- Returns
Instance of this class.
- get_rotkh()
Get Root Of Trust Keys Hash.
- Return type
bytes
- Returns
RoTKH in bytes
- info()
String representation of DebugCredential.
- Return type
str
- Returns
binary representation of the debug credential
- classmethod parse(data, offset=0)
Parse the debug credential.
- Parameters
data (
bytes
) – Raw data as bytesoffset (
int
) – Offset of input data
- Return type
- Returns
DebugCredential object
- Raises
SPSDKError – When flag is invalid
- class spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclaveECC256(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclave
Debug Credential class for device using EdgeLock peripheral for ECC256 keys.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 32
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP256R1 object>
- HASH_LENGTH = 32
- KEY_LENGTH = 256
- VERSION = '2.0'
- class spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclaveECC384(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclave
Debug Credential class for device using EdgeLock peripheral for ECC384 keys.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 48
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP384R1 object>
- HASH_LENGTH = 48
- KEY_LENGTH = 384
- VERSION = '2.1'
- class spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclaveECC521(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialEdgeLockEnclave
Debug Credential class for device using EdgeLock peripheral for ECC521 keys.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- CORD_LENGTH = 66
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP521R1 object>
- HASH_LENGTH = 66
- KEY_LENGTH = 521
- VERSION = '2.2'
- class spsdk.dat.debug_credential.DebugCredentialRSA(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredential
Class for RSA specific of DebugCredential.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- FORMAT = '<2HL16s128s260s3L260s256s'
- FORMAT_NO_SIG = '<2HL16s128s260s3L260s'
- get_rotkh()
Get Root Of Trust Keys Hash.
- Return type
bytes
- Returns
RoTKH in bytes
- class spsdk.dat.debug_credential.DebugCredentialRSA2048(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialRSA
DebugCredential class for RSA 2048.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- FORMAT = '<2HL16s128s260s3L260s256s'
- FORMAT_NO_SIG = '<2HL16s128s260s3L260s'
- VERSION = '1.0'
- class spsdk.dat.debug_credential.DebugCredentialRSA4096(socc, uuid, rot_meta, dck_pub, cc_socu, cc_vu, cc_beacon, rot_pub, signature=None, signature_provider=None)
Bases:
spsdk.dat.debug_credential.DebugCredentialRSA
DebugCredential class for RSA 4096.
Initialize the DebugCredential object.
- Parameters
socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The bytes of the unique device identifierrot_meta (
bytes
) – Metadata for Root of Trustdck_pub (
bytes
) – Internal binary representation of Debug Credential public keycc_socu (
int
) – The Credential Constraint value that the vendor has associated with this credential.cc_vu (
int
) – The Vendor Usage constraint value that the vendor has associated with this credential.cc_beacon (
int
) – The non-zero Credential Beacon value, which is bound to a DCrot_pub (
bytes
) – Internal binary representation of RoT public keysignature (
Optional
[bytes
]) – Debug Credential signaturesignature_provider (
Optional
[SignatureProvider
]) – external signature provider
- FORMAT = '<2HL16s128s516s3L516s512s'
- FORMAT_NO_SIG = '<2HL16s128s516s3L516s'
- VERSION = '1.1'
Module with Debug Authentication Challenge (DAC) Packet
Module with Debug Authentication Challenge (DAC) Packet.
- class spsdk.dat.dac_packet.DebugAuthenticationChallenge(version, socc, uuid, rotid_rkh_revocation, rotid_rkth_hash, cc_soc_pinned, cc_soc_default, cc_vu, challenge)
Bases:
object
Base class for DebugAuthenticationChallenge.
Initialize the DebugAuthenticationChallenge object.
- Parameters
version (
str
) – The string representing version: for RSA: 1.0, for ECC: 2.0, 2.1, 2.2socc (
int
) – The SoC Class that this credential applies touuid (
bytes
) – The string representing the unique device identifierrotid_rkh_revocation (
int
) – State of certificate revocation fieldrotid_rkth_hash (
bytes
) – The hash of roth-meta datacc_soc_pinned (
int
) – State of lock bits in the debugger configuration fieldcc_soc_default (
int
) – State of the debugger configuration fieldcc_vu (
int
) – The Vendor usage that the vendor has associated with this credentialchallenge (
bytes
) – Randomly generated bytes from the target
- export()
Exports the DebugAuthenticationChallenge into bytes.
- Return type
bytes
- info()
String representation of DebugCredential.
- Return type
str
- classmethod parse(data, offset=0)
Parse the data into a DebugAuthenticationChallenge.
- Parameters
data (
bytes
) – Raw data as bytesoffset (
int
) – Offset within the input data
- Return type
- Returns
DebugAuthenticationChallenge object
- validate_against_dc(dc)
Validate against Debug Credential file.
- Parameters
dc (
DebugCredential
) – Debug Credential class to be validate by DAC- Raises
SPSDKValueError – In case of invalid configuration detected.
- Return type
None
Module with Debug Authentication Response (DAR) Packet
Module with Debug Authentication Response (DAR) Packet.
- class spsdk.dat.dar_packet.DebugAuthenticateResponse(debug_credential, auth_beacon, dac, path_dck_private)
Bases:
object
Class for DAR packet.
Initialize the DebugAuthenticateResponse object.
- Parameters
debug_credential (
DebugCredential
) – the path, where the dc is storeauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – the path, where the dac is storepath_dck_private (
str
) – the path, where the dck private key is store
- classmethod create(version, dc, auth_beacon, dac, dck)
Create a dar object out of input parameters.
- Parameters
version (
str
) – protocol versiondc (
DebugCredential
) – debug credential objectauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – DebugAuthenticationChallenge objectdck (
str
) – string containing path to dck key
- Return type
- Returns
DAR object
- export()
Export to binary form (serialization).
- Return type
bytes
- Returns
the exported bytes from object
- info()
String representation of DebugAuthenticateResponse.
- Return type
str
- classmethod parse(data, offset=0)
Parse the DAR.
- Parameters
data (
bytes
) – Raw data as bytesoffset (
int
) – Offset of input data
- Return type
- Returns
DebugAuthenticateResponse object
- Raises
NotImplementedError – Derived class has to implement this method
- class spsdk.dat.dar_packet.DebugAuthenticateResponseECC(debug_credential, auth_beacon, dac, path_dck_private)
Bases:
spsdk.dat.dar_packet.DebugAuthenticateResponse
Class for ECC specific of DAR.
Initialize the DebugAuthenticateResponse object.
- Parameters
debug_credential (
DebugCredential
) – the path, where the dc is storeauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – the path, where the dac is storepath_dck_private (
str
) – the path, where the dck private key is store
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP256R1 object>
- KEY_LENGTH = 0
- class spsdk.dat.dar_packet.DebugAuthenticateResponseECC_256(debug_credential, auth_beacon, dac, path_dck_private)
Bases:
spsdk.dat.dar_packet.DebugAuthenticateResponseECC
Class for LPC55S3x specific of DAR, 256 bits sized keys.
Initialize the DebugAuthenticateResponse object.
- Parameters
debug_credential (
DebugCredential
) – the path, where the dc is storeauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – the path, where the dac is storepath_dck_private (
str
) – the path, where the dck private key is store
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP256R1 object>
- KEY_LENGTH = 32
- class spsdk.dat.dar_packet.DebugAuthenticateResponseECC_384(debug_credential, auth_beacon, dac, path_dck_private)
Bases:
spsdk.dat.dar_packet.DebugAuthenticateResponseECC
Class for LPC55S3x specific of DAR, 384 bits sized keys.
Initialize the DebugAuthenticateResponse object.
- Parameters
debug_credential (
DebugCredential
) – the path, where the dc is storeauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – the path, where the dac is storepath_dck_private (
str
) – the path, where the dck private key is store
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP384R1 object>
- KEY_LENGTH = 48
- class spsdk.dat.dar_packet.DebugAuthenticateResponseECC_521(debug_credential, auth_beacon, dac, path_dck_private)
Bases:
spsdk.dat.dar_packet.DebugAuthenticateResponseECC
Class for LPC55S3x specific of DAR, 521 bits sized keys.
Initialize the DebugAuthenticateResponse object.
- Parameters
debug_credential (
DebugCredential
) – the path, where the dc is storeauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – the path, where the dac is storepath_dck_private (
str
) – the path, where the dck private key is store
- CURVE: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve = <cryptography.hazmat.primitives.asymmetric.ec.SECP521R1 object>
- KEY_LENGTH = 66
- class spsdk.dat.dar_packet.DebugAuthenticateResponseRSA(debug_credential, auth_beacon, dac, path_dck_private)
Bases:
spsdk.dat.dar_packet.DebugAuthenticateResponse
Class for RSA specifics of DAR packet.
Initialize the DebugAuthenticateResponse object.
- Parameters
debug_credential (
DebugCredential
) – the path, where the dc is storeauth_beacon (
int
) – authentication beacon valuedac (
DebugAuthenticationChallenge
) – the path, where the dac is storepath_dck_private (
str
) – the path, where the dck private key is store
Module for NXP SPDK DebugMailbox support
Module for NXP SPSDK DebugMailbox support.
- class spsdk.dat.debug_mailbox.DebugMailbox(debug_probe, reset=True, moredelay=0.0, op_timeout=1000)
Bases:
object
Class for DebugMailbox.
Initialize DebugMailbox object.
- Parameters
debug_probe (
DebugProbe
) – Debug probe instance.reset (
bool
) – Do reset of debug mailbox during initialization, defaults to True.moredelay (
float
) – Time of extra delay after reset sequence, defaults to 0.0.op_timeout (
int
) – Atomic operation timeout, defaults to 1000.
- Raises
SPSDKIOError – Various kind of vulnerabilities during connection to debug mailbox.
- close()
Close session.
- Return type
None
- dbgmlbx_reg_read(addr=0)
Read debug mailbox access port register.
This is read debug mailbox register function for SPSDK library to support various DEBUG PROBES.
- Parameters
addr (
int
) – the register address- Return type
int
- Returns
The read value of addressed register (4 bytes)
- Raises
NotImplementedError – Derived class has to implement this method
- dbgmlbx_reg_write(addr=0, data=0)
Write debug mailbox access port register.
This is write debug mailbox register function for SPSDK library to support various DEBUG PROBES.
- Parameters
addr (
int
) – the register addressdata (
int
) – the data to be written into register
- Raises
NotImplementedError – Derived class has to implement this method
- Return type
None
- get_dbgmlbx_ap()
Decorator function that secure the getting right DEBUG MAILBOX AP ix for first use.
- Parameters
func – Decorated function.
- read_idr()
Read IDR of debug mailbox.
- Return type
int
- Returns
IDR value of debug mailbox AP.
- spin_read(reg)
Do atomic read operation to debug mailbox.
- Parameters
reg (
int
) – Register address.- Return type
int
- Returns
Read value.
- Raises
SPSDKTimeoutError – When read operation exceed defined operation timeout.
- spin_write(reg, value)
Do atomic write operation to debug mailbox.
- Parameters
reg (
int
) – Register address.value (
int
) – Value to write.
- Raises
SPSDKTimeoutError – When write operation exceed defined operation timeout.
- Return type
None
- exception spsdk.dat.debug_mailbox.DebugMailboxError
Bases:
RuntimeError
Class for DebugMailboxError.
Module with commands for Debug Mailbox
Commands for Debug Mailbox.
- class spsdk.dat.dm_commands.DebugAuthenticationResponse(dm, paramlen)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for DebugAuthenticationResponse.
Initialize.
- class spsdk.dat.dm_commands.DebugAuthenticationStart(dm, resplen=26)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for DebugAuthenticationStart.
Initialize.
- class spsdk.dat.dm_commands.DebugMailboxCommand(dm, id, name='', paramlen=0, resplen=0, delay=0.03)
Bases:
object
Class for DebugMailboxCommand.
Initialize.
- DELAY_DEFAULT = 0.03
- STATUS_IS_DATA_MASK = 0
- run(params=None)
Run DebugMailboxCommand.
- Return type
List
[Any
]
- run_safe(raise_if_failure=True, **args)
Run a command and abort on first failure instead of looping forever.
- Return type
Optional
[List
[Any
]]
- class spsdk.dat.dm_commands.EnterBlankDebugAuthentication(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for EnterBlankDebugAuthentication.
Initialize.
- class spsdk.dat.dm_commands.EnterISPMode(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for EnterISPMode.
Initialize.
- class spsdk.dat.dm_commands.EraseFlash(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for Erase Flash.
Initialize.
- class spsdk.dat.dm_commands.ExitDebugMailbox(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for ExitDebugMailbox.
Initialize.
- class spsdk.dat.dm_commands.GetCRPLevel(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for Get CRP Level.
Initialize.
- STATUS_IS_DATA_MASK = 255
- class spsdk.dat.dm_commands.SetFaultAnalysisMode(dm, paramlen=0)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for SetFaultAnalysisMode.
Initialize.
- class spsdk.dat.dm_commands.StartDebugMailbox(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for StartDebugMailbox.
Initialize.
- class spsdk.dat.dm_commands.StartDebugSession(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for StartDebugSession.
Initialize.
- class spsdk.dat.dm_commands.StartDebugSessions(dm)
Bases:
spsdk.dat.dm_commands.DebugMailboxCommand
Class for StartDebugSessions.
Initialize.
Module with common utils for DAT module
Common utils for DAT module.
- spsdk.dat.utils.ecc_key_to_bytes(key, length=None)
Converts key into bytes.
- Parameters
key (
EllipticCurvePublicKey
) – instance of ECC Public Keylength (
Optional
[int
]) – length of bytes object to use
- Return type
bytes
- Returns
bytes representation
- spsdk.dat.utils.ecc_public_numbers_to_bytes(public_numbers, length=None)
Converts public numbers from ECC key into bytes.
- Parameters
public_numbers (
EllipticCurvePublicNumbers
) – instance of ecc public numberslength (
Optional
[int
]) – length of bytes object to use
- Return type
bytes
- Returns
bytes representation
- spsdk.dat.utils.reconstruct_signature(signature_bytes, size=None)
Reconstructs signature.
- Parameters
signature_bytes (
bytes
) – signature’s bytessize (
Optional
[int
]) – size of r and s bytes (from signature)
- Return type
bytes
- Returns
reconstructed signature
- spsdk.dat.utils.rsa_key_to_bytes(key, exp_length=None, modulus_length=None)
Converts RSA key into bytes.
- Parameters
key (
Union
[RSAPublicKey
,RSAPrivateKey
]) – Union of types: RSAPublicKey, RSAPrivateKeyWithSerializationexp_length (
Optional
[int
]) – Length of exponent’s bytes to use if none it will be calculatedmodulus_length (
Optional
[int
]) – Length of modulus’s bytes to use if none it will be calculated
- Return type
bytes
- Returns
Combined modulus and exponent bytes