User Guide - elftosb

Warning

elftosb has been deprecated in SPSDK version 1.7.0. There’s a tool nxpimage as a replacement, all new features will be implemented only in the nxpimage.

This user guide describes how to use elftosb application. elftosb is a tool for generating TrustZone, Master Boot Image and Secure Binary images.

For more information about the supported binary images and how to configure them visit page Supported binary images

Legacy elftosb documentation

It is possible to use NXP elftosb tool user guide located here.

Note

Please note that some functionality described in the UG may not be supported in SPSDK elftosb application.

Command line interface

elftosb

Tool for generating TrustZone, MasterBootImage and SecureBinary images.

!!! The ELFTOSB tool is deprecated, use new NXPIMAGE tool from SPSDK for new projects !!!

elftosb [OPTIONS] [EXTERNAL]...

Options

-c, --command <command>: BD configuration file to produce secure binary v2.x

-J, --image-conf <image_conf>: YAML/JSON image configuration file to produce master boot image

-j, --container-conf <container_conf>: YAML/JSON container configuration file to produce secure binary v3.x

-T, --tzm-conf <tzm_conf>: YAML/JSON trust zone configuration file to produce trust zone binary

-Y, --config-template <config_template>: Path to store all configuration templates for selected family

-f, --chip-family <chip_family>

Select the chip family (default is lpc55s3x), this field is used with -Y/–config_template option only.

Options: lpc55xx | lpc55s0x | lpc550x | lpc55s1x | lpc551x | lpc55s2x | lpc552x | lpc55s6x | rt5xx | rt6xx | lpc55s3x | lpc553x

-o, --output <output>: Output file path.

-k, --key <key>: Add a key file and enable encryption.

-s, --pkey <pkey>: Path to private key for signing.

-S, --cert <cert>: Path to certificate files for signing. The first certificate will be the self signed root key certificate.

-R, --root-key-cert <root_key_cert>: Path to root key certificate file(s) for verifying other certificates. Only 4 root key certificates are allowed, others are ignored. One of the certificates must match the first certificate passed with -S/–cert arg.

-h, --hash-of-hashes <hash_of_hashes>: Path to output hash of hashes of root keys. If argument is not provided, then by default the tool creates hash.bin in the working directory.

--version: Show the version and exit.

--help: Show this message and exit.

Arguments

EXTERNAL: Optional argument(s)