ELE message support API

This module contains support for EdgeLock Enclave messages system.

Module with the EdgeLock Enclave messages

EdgeLock Enclave Message.

class spsdk.ele.ele_message.EleMessage

Bases: object

Base class for any EdgeLock Enclave Message.

Message contains a header - tag, command id, size and version.

Class object initialized.

CMD = 0

COMMAND_HEADER_WORDS_COUNT = 1

COMMAND_PAYLOAD_WORDS_COUNT = 0

ELE_MSG_ALIGN = 8

HEADER_FORMAT = '<BBBB'

MAX_COMMAND_DATA_SIZE = 0

MAX_RESPONSE_DATA_SIZE = 0

RESPONSE_HEADER_WORDS_COUNT = 2

RESPONSE_PAYLOAD_WORDS_COUNT = 0

RSP_TAG = 225

TAG = 23

VERSION = 6

property command_address: int

Command address in target memory space.

property command_data: bytes

Command data to be loaded into target memory space.

property command_data_address: int

Command data address in target memory space.

property command_data_size: int

Command data address in target memory space.

property command_words_count: int

Command Words count.

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

decode_response_data(response_data)

Decode response data from target.

Note:

The response data are specific per command.

Parameters:

response_data (bytes) – Data of response.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

property free_space_address: int

First free address after ele message in target memory space.

property free_space_size: int

Free space size after ele message in target memory space.

static get_msg_crc(payload)

Compute message CRC.

Parameters:

payload (bytes) – The input data to compute CRC on them. Must be 4 bytes aligned.

Return type:

bytes

Returns:

4 bytes of CRC in little endian format.

property has_command_data: bool

Check if command has additional data.

property has_response_data: bool

Check if response has additional data.

header_export()

Exports message header to bytes.

Return type:

bytes

Returns:

Bytes representation of message header.

info()

Print information including live data.

Return type:

str

Returns:

Information about the message.

property response_address: int

Response address in target memory space.

property response_data_address: int

Response data address in target memory space.

property response_data_size: int

Response data address in target memory space.

response_status()

Print the response status information.

Return type:

str

Returns:

String with response status.

property response_words_count: int

Response Words count.

set_buffer_params(buff_addr, buff_size)

Set the communication buffer parameters to allow command update addresses inside command payload.

Parameters:

• buff_addr (int) – Real address of communication buffer in target memory space

• buff_size (int) – Size of communication buffer in target memory space

Return type:

None

property status_string: str

Get status in readable string format.

validate()

Validate message.

Return type:

None

validate_buffer_params()

Validate communication buffer parameters.

raises SPSDKValueError: Invalid buffer parameters.

Return type:

None

class spsdk.ele.ele_message.EleMessageCommit(info_to_commit)

Bases: EleMessage

ELE Message Get FW status.

Class object initialized.

CMD = 168

COMMAND_PAYLOAD_WORDS_COUNT = 1

RESPONSE_PAYLOAD_WORDS_COUNT = 1

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

property info2commit_mask: int

Get info to commit mask used in command.

mask_to_info2commit(mask)

Get list of info to commit from mask.

Return type:

list[EleInfo2Commit]

class spsdk.ele.ele_message.EleMessageDeriveKey(key_size, context)

Bases: EleMessage

ELE Message Derive Key.

Class object initialized.

Parameters:

• key_size (int) – Output key size [16,32] is valid

• context (Optional[bytes]) – User’s context to be used for key diversification

CMD = 169

COMMAND_PAYLOAD_WORDS_COUNT = 6

MAX_RESPONSE_DATA_SIZE = 32

SUPPORTED_KEY_SIZES = [16, 32]

property command_data: bytes

Command data to be loaded into target memory space.

decode_response_data(response_data)

Decode response data from target.

Note:

The response data are specific per command.

Parameters:

response_data (bytes) – Data of response.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

get_key()

Get derived key.

Return type:

bytes

class spsdk.ele.ele_message.EleMessageDumpDebugBuffer

Bases: EleMessage

ELE Message Dump Debug buffer.

Class object initialized.

CMD = 33

RESPONSE_PAYLOAD_WORDS_COUNT = 21

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

response_info()

Print Dumped data of debug buffer.

Return type:

str

class spsdk.ele.ele_message.EleMessageEleFwAuthenticate(ele_fw_address)

Bases: EleMessage

Ele firmware authenticate request.

Constructor.

Be aware to have ELE FW in accessible memory for ROM, and do not use the RAM memory used to communicate with ELE.

Parameters:

ele_fw_address (int) – Address in target memory with ele firmware.

CMD = 2

COMMAND_PAYLOAD_WORDS_COUNT = 3

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

class spsdk.ele.ele_message.EleMessageEnableApc

Bases: EleMessage

Enable APC (Application core) ELE Message.

Class object initialized.

CMD = 210

class spsdk.ele.ele_message.EleMessageEnableRtc

Bases: EleMessage

Enable RTC (Real time core) ELE Message.

Class object initialized.

CMD = 211

class spsdk.ele.ele_message.EleMessageForwardLifeCycleUpdate(lifecycle_update)

Bases: EleMessage

Forward Life cycle update request.

Constructor.

Be aware that this is non-revertible operation.

Parameters:

lifecycle_update (LifeCycleToSwitch) – New life cycle value.

CMD = 149

COMMAND_PAYLOAD_WORDS_COUNT = 1

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

class spsdk.ele.ele_message.EleMessageGenerateKeyBLobOtfad(key_identifier, key, aes_counter, start_address, end_address, read_only=True, decryption_enabled=True, configuration_valid=True)

Bases: EleMessageGenerateKeyBlob

ELE Message Generate OTFAD KeyBlob.

Constructor of generate OTFAD keyblob class.

Parameters:

• key_identifier (int) – ID of Key

• key (bytes) – OTFAD key

• aes_counter (bytes) – AES counter value

• start_address (int) – Start address in memory to be encrypted

• end_address (int) – End address in memory to be encrypted

• read_only (bool) – Read only flag, defaults to True

• decryption_enabled (bool) – Decryption enable flag, defaults to True

• configuration_valid (bool) – Configuration valid flag, defaults to True

KEYBLOB_NAME = 'OTFAD'

SUPPORTED_ALGORITHMS: dict[SpsdkEnum, list[int]] = {KeyBlobEncryptionAlgorithm(tag=4, label='AES_CTR', description='KeyBlob encryption algorithm AES CTR'): [128]}

property command_data: bytes

Command data to be loaded into target memory space.

info()

Print information including live data.

Return type:

str

Returns:

Information about the message.

validate()

Validate generate OTFAD keyblob.

Return type:

None

class spsdk.ele.ele_message.EleMessageGenerateKeyBlob(key_identifier, algorithm, key)

Bases: EleMessage

ELE Message Generate KeyBlob.

Constructor of Generate Key Blob class.

Parameters:

• key_identifier (int) – ID of key

• algorithm (KeyBlobEncryptionAlgorithm) – Select supported algorithm

• key (bytes) – Key to be wrapped

CMD = 175

COMMAND_PAYLOAD_WORDS_COUNT = 7

KEYBLOB_NAME = 'Unknown'

KEYBLOB_TAG = 129

KEYBLOB_VERSION = 0

MAX_RESPONSE_DATA_SIZE = 512

SUPPORTED_ALGORITHMS: dict[SpsdkEnum, list[int]] = {}

decode_response_data(response_data)

Decode response data from target.

Note:

The response data are specific per command.

Parameters:

response_data (bytes) – Data of response.

Raises:

SPSDKParsingError – Invalid response detected.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

classmethod get_supported_algorithms()

Get the list of supported algorithms.

Return type:

list[str]

Returns:

List of supported algorithm names.

classmethod get_supported_key_sizes()

Get table with supported key sizes per algorithm.

Return type:

str

Returns:

Table with supported key size in text.

info()

Print information including live data.

Return type:

str

Returns:

Information about the message.

validate()

Validate generate keyblob message data.

Raises:

SPSDKValueError – Invalid used key size or encryption algorithm

Return type:

None

class spsdk.ele.ele_message.EleMessageGenerateKeyBlobDek(key_identifier, algorithm, key)

Bases: EleMessageGenerateKeyBlob

ELE Message Generate DEK KeyBlob.

Constructor of Generate Key Blob class.

Parameters:

• key_identifier (int) – ID of key

• algorithm (KeyBlobEncryptionAlgorithm) – Select supported algorithm

• key (bytes) – Key to be wrapped

KEYBLOB_NAME = 'DEK'

SUPPORTED_ALGORITHMS: dict[SpsdkEnum, list[int]] = {KeyBlobEncryptionAlgorithm(tag=3, label='AES_CBC', description='KeyBlob encryption algorithm AES CBC'): [128, 192, 256], KeyBlobEncryptionAlgorithm(tag=43, label='SM4_CBC', description='KeyBlob encryption algorithm SM4 CBC'): [128]}

property command_data: bytes

Command data to be loaded into target memory space.

class spsdk.ele.ele_message.EleMessageGenerateKeyBlobIee(key_identifier, algorithm, key, ctr_mode, aes_counter, page_offset, region_number, bypass=False, locked=False)

Bases: EleMessageGenerateKeyBlob

ELE Message Generate IEE KeyBlob.

Constructor of generate IEE keyblob class.

Parameters:

• key_identifier (int) – ID of key

• algorithm (KeyBlobEncryptionAlgorithm) – Used algorithm

• key (bytes) – IEE key

• ctr_mode (KeyBlobEncryptionIeeCtrModes) – In case of AES CTR algorithm, the CTR mode must be selected

• aes_counter (bytes) – AES counter in case of AES CTR algorithm

• page_offset (int) – IEE page offset

• region_number (int) – Region number

• bypass (bool) – Encryption bypass flag, defaults to False

• locked (bool) – Locked flag, defaults to False

KEYBLOB_NAME = 'IEE'

SUPPORTED_ALGORITHMS: dict[SpsdkEnum, list[int]] = {KeyBlobEncryptionAlgorithm(tag=4, label='AES_CTR', description='KeyBlob encryption algorithm AES CTR'): [128, 256], KeyBlobEncryptionAlgorithm(tag=55, label='AES_XTS', description='KeyBlob encryption algorithm AES XTS'): [256, 512]}

property command_data: bytes

Command data to be loaded into target memory space.

info()

Print information including live data.

Return type:

str

Returns:

Information about the message.

class spsdk.ele.ele_message.EleMessageGetEvents

Bases: EleMessage

Get events request.

 Event layout: ————————- - TAG - CMD - IND - STS - ————————- 

Constructor.

This message is used to retrieve any singular event that has occurred since the FW has

started. A singular event occurs when the second word of a response to any request is different from ELE_SUCCESS_IND. That includes commands with failure response as well as commands with successful response containing an indication (i.e. warning response).

The events are stored by the ELE in a fixed sized buffer. When the capacity of the buffer

is exceeded, new occurring events are lost.

The event buffer is systematically returned in full to the requester independently of

the actual numbers of events stored.

CMD = 162

MAX_EVENT_CNT = 8

RESPONSE_PAYLOAD_WORDS_COUNT = 10

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

static get_cmd(event)

Get Command in string from event.

Return type:

str

static get_ind(event)

Get Indication in string from event.

Return type:

str

static get_ipc_id(event)

Get IPC ID in string from event.

Return type:

str

static get_sts(event)

Get Status in string from event.

Return type:

str

response_info()

Print events info.

Return type:

str

class spsdk.ele.ele_message.EleMessageGetFwStatus

Bases: EleMessage

ELE Message Get FW status.

Class object initialized.

CMD = 197

RESPONSE_PAYLOAD_WORDS_COUNT = 1

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

response_info()

Print specific information of ELE.

Return type:

str

Returns:

Information about the ELE.

class spsdk.ele.ele_message.EleMessageGetFwVersion

Bases: EleMessage

ELE Message Get FW version.

Class object initialized.

CMD = 157

RESPONSE_PAYLOAD_WORDS_COUNT = 2

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

response_info()

Print specific information of ELE.

Return type:

str

Returns:

Information about the ELE.

class spsdk.ele.ele_message.EleMessageGetInfo

Bases: EleMessage

ELE Message Get Info.

Class object initialized.

CMD = 218

COMMAND_PAYLOAD_WORDS_COUNT = 3

MAX_RESPONSE_DATA_SIZE = 256

decode_response_data(response_data)

Decode response data from target.

Note:

The response data are specific per command.

Parameters:

response_data (bytes) – Data of response.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

response_info()

Print specific information of ELE.

Return type:

str

Returns:

Information about the ELE.

class spsdk.ele.ele_message.EleMessageGetTrngState

Bases: EleMessage

ELE Message Get True Random Generator State.

Class object initialized.

CMD = 164

RESPONSE_PAYLOAD_WORDS_COUNT = 1

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

response_info()

Print specific information of ELE.

Return type:

str

Returns:

Information about the TRNG.

class spsdk.ele.ele_message.EleMessageLoadKeyBLob(key_identifier, keyblob)

Bases: EleMessage

ELE Message Load KeyBlob.

Constructor of Load Key Blob class.

Parameters:

• key_identifier (int) – ID of key

• keyblob (bytes) – Keyblob to be wrapped

CMD = 167

COMMAND_PAYLOAD_WORDS_COUNT = 3

property command_data: bytes

Command data to be loaded into target memory space.

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

info()

Print information including live data.

Return type:

str

Returns:

Information about the message.

class spsdk.ele.ele_message.EleMessageOemContainerAuthenticate(oem_cntn_addr)

Bases: EleMessage

OEM container authenticate request.

Constructor.

Be aware to have OEM Container in accessible memory for ROM.

Parameters:

oem_cntn_addr (int) – Address in target memory with oem container.

CMD = 135

COMMAND_PAYLOAD_WORDS_COUNT = 2

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

class spsdk.ele.ele_message.EleMessagePing

Bases: EleMessage

ELE Message Ping.

Class object initialized.

CMD = 1

class spsdk.ele.ele_message.EleMessageReadCommonFuse(index)

Bases: EleMessage

ELE Message Read common fuse.

Constructor.

Read common fuse.

Parameters:

index (int) – Fuse ID.

CMD = 151

COMMAND_PAYLOAD_WORDS_COUNT = 1

RESPONSE_PAYLOAD_WORDS_COUNT = 1

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

response_info()

Print fuse value.

Return type:

str

Returns:

Read fuse value.

class spsdk.ele.ele_message.EleMessageReadShadowFuse(index)

Bases: EleMessageReadCommonFuse

ELE Message Read shadow fuse.

Constructor.

Read common fuse.

Parameters:

index (int) – Fuse ID.

CMD = 243

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

class spsdk.ele.ele_message.EleMessageReleaseContainer

Bases: EleMessage

ELE Message Release container.

Class object initialized.

CMD = 137

class spsdk.ele.ele_message.EleMessageReset

Bases: EleMessage

ELE Message Reset.

Class object initialized.

CMD = 199

RESPONSE_HEADER_WORDS_COUNT = 0

class spsdk.ele.ele_message.EleMessageResetApcContext

Bases: EleMessage

Send request to reset APC context ELE Message.

Class object initialized.

CMD = 216

class spsdk.ele.ele_message.EleMessageSigned(signed_msg, family, revision='latest')

Bases: EleMessage

ELE Message Signed.

Class object initialized.

Parameters:

• signed_msg (bytes) – Signed message container.

• family (str) – Chip family name.

• revision (str) – Chip family revision name.

COMMAND_PAYLOAD_WORDS_COUNT = 2

property command_data: bytes

Command data to be loaded into target memory space.

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

info()

Print information including live data.

Return type:

str

Returns:

Information about the message.

class spsdk.ele.ele_message.EleMessageStartTrng

Bases: EleMessage

ELE Message Start True Random Generator.

Class object initialized.

CMD = 163

class spsdk.ele.ele_message.EleMessageVerifyImage(image_mask=1)

Bases: EleMessage

Verify image request.

Constructor.

The Verify Image message is sent to the ELE after a container has been loaded into memory and processed with an Authenticate Container message. This commands the ELE to check the hash on one or more images.

Parameters:

image_mask (int) – Used to indicate which images are to be checked. There must be at least one image. Each bit corresponds to a particular image index in the header, for example, bit 0 is for image 0, and bit 1 is for image 1, and so on.

CMD = 136

COMMAND_PAYLOAD_WORDS_COUNT = 1

RESPONSE_PAYLOAD_WORDS_COUNT = 2

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

response_info()

Print Dumped data of debug buffer.

Return type:

str

class spsdk.ele.ele_message.EleMessageWriteFuse(bit_position, bit_length, lock, payload)

Bases: EleMessage

Write Fuse request.

Constructor.

This command allows to write to the fuses. OEM Fuses are accessible depending on the chip lifecycle.

Parameters:

• bit_position (int) – Fuse identifier expressed as its position in bit in the fuse map.

• bit_length (int) – Number of bits to be written.

• lock (bool) – Write lock requirement. When set to 1, fuse words are locked. When unset, no write lock is done.

• payload (int) – Data to be written

CMD = 214

COMMAND_PAYLOAD_WORDS_COUNT = 2

RESPONSE_PAYLOAD_WORDS_COUNT = 1

decode_response(response)

Decode response from target.

Parameters:

response (bytes) – Data of response.

Raises:

SPSDKParsingError – Response parse detect some error.

Return type:

None

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

class spsdk.ele.ele_message.EleMessageWriteShadowFuse(index, value)

Bases: EleMessage

Write shadow fuse request.

Constructor.

This command allows to write to the shadow fuses.

Parameters:

• index (int) – Fuse identifier expressed as its position in bit in the fuse map.

• value (int) – Data to be written.

CMD = 242

COMMAND_PAYLOAD_WORDS_COUNT = 2

export()

Exports message to final bytes array.

Return type:

bytes

Returns:

Bytes representation of message object.

Module with the EdgeLock Enclave message handler with mBoot

EdgeLock Enclave (ELE) Message Handler.

This module provides functionality for handling communication with the EdgeLock Enclave (ELE), a hardware security module present in certain NXP microcontrollers. It includes classes and methods for constructing, sending, and receiving ELE messages, as well as managing the communication interface with different types of devices.

The module supports various communication protocols, including MCUBoot, U-Boot serial console, and U-Boot fastboot, allowing for flexible integration with different development and production environments.

Key components: - EleDevice: An enumeration of supported ELE-capable devices and communication interfaces. - EleMessageHandler: A base class for handling ELE message construction and communication.

This module is part of the SPSDK (Secure Provisioning SDK) and is designed to facilitate secure operations and provisioning tasks on NXP microcontrollers featuring the EdgeLock Enclave.

class spsdk.ele.ele_comm.EleDevice(tag, label, description=None)

Bases: SpsdkEnum

Enum containing supported ELE devices.

MBOOT = (0, 'mboot', 'ELE over mboot')

UBOOT_FASTBOOT = (2, 'uboot_fastboot', 'ELE over fastboot')

UBOOT_SERIAL = (1, 'uboot_serial', 'ELE over U-Boot serial console')

class spsdk.ele.ele_comm.EleMessageHandler(device, family, revision='latest', buffer_address=None, buffer_size=None)

Bases: object

Base class for ELE message handling.

Class object initialized.

Parameters:

• device (Union[McuBoot, UbootSerial, UbootFastboot]) – Communication interface.

• family (str) – Target family name.

• revision (str) – Target revision, default is use ‘latest’ revision.

• buffer_address (Optional[int]) – Override default buffer address for ELE.

• buffer_size (Optional[int]) – Override default buffer size for ELE.

static get_ele_device(device, revision='latest')

Get default ELE device from DB.

Parameters:

• device (str) – Device name.

• revision (str) – Device revision, defaults to ‘latest’.

Return type:

EleDevice

Returns:

EleDevice instance.

classmethod get_message_handler(family, revision='latest', device=None, fb_addr=None, fb_size=None, buffer_addr=None, buffer_size=None, port=None, usb=None, buspal=None, lpcusbsio=None, timeout=5000)

Get Ele message handler.

Return type:

EleMessageHandler

static get_supported_ele_devices()

Get list of supported target families.

Return type:

list[str]

Returns:

List of supported families.

static get_supported_families()

Get list of supported target families.

Return type:

list[str]

Returns:

List of supported families.

abstract send_message(msg)

Send message and receive response.

Parameters:

msg (EleMessage) – EdgeLock Enclave message.

Return type:

None

class spsdk.ele.ele_comm.EleMessageHandlerMBoot(device, family, revision='latest', comm_buffer_address_override=None, comm_buffer_size_override=None)

Bases: EleMessageHandler

EdgeLock Enclave Message Handler over MCUBoot.

This class can send the ELE message into target over mBoot and decode the response.

Class object initialized.

Parameters:

• device (McuBoot) – mBoot device.

• family (str) – Target family name.

• revision (str) – Target revision, default is use ‘latest’ revision.

• comm_buffer_address_override (Optional[int]) – Override default buffer address for ELE.

• comm_buffer_size_override (Optional[int]) – Override default buffer size for ELE.

send_message(msg)

Send message and receive response.

This method sends an EdgeLock Enclave message to the target device, executes it, and processes the response. It handles the entire communication process, including writing the command to target memory, executing the ELE message, reading back the response, and decoding it. If required, it also handles command data and response data.

Parameters:

msg (EleMessage) – EdgeLock Enclave message to be sent

Raises:

• SPSDKError – If the device is not an instance of McuBoot, or if ELE communication fails, or if the ELE message fails

• SPSDKLengthError – If invalid read back length is detected for response or response data

Return type:

None

class spsdk.ele.ele_comm.EleMessageHandlerUBoot(device, family, revision='latest', comm_buffer_address_override=None, comm_buffer_size_override=None)

Bases: EleMessageHandler

EdgeLock Enclave Message Handler over uBoot.

This class implements functionality to send ELE messages to the target device over UBoot and decode the responses. It provides an interface for communication with the EdgeLock Enclave using the UBoot protocol.

This method initializes the EleMessageHandlerUBoot class.

Parameters:

• device (Union[UbootSerial, UbootFastboot]) – UBoot device.

• family (str) – Target family name.

• revision (str) – Target revision, default is use ‘latest’ revision.

• comm_buffer_address_override (Optional[int]) – Override default buffer address for ELE.

• comm_buffer_size_override (Optional[int]) – Override default buffer size for ELE.

Raises:

SPSDKError – If the device is not an instance of UbootSerial or UbootFastboot.

extract_error_values(error_message)

Extract error values from error_message.

This method parses the error message to extract abort_code, status, and indication values. It uses regular expressions to find and extract the relevant information.

Parameters:

error_message (str) – Error message containing ret and response

Return type:

tuple[int, int, int]

Returns:

A tuple containing (abort_code, status, indication)

Raises:

No exceptions are raised, but errors are logged if parsing fails

send_message(msg)

Send message to EdgeLock Enclave and receive response.

This method performs the following steps: 1. Prepares command data in target memory if required. 2. Executes the ELE message on the target. 3. Reads back the response. 4. Decodes the response. 5. Checks the response status. 6. Reads back the response data from target memory if required.

Parameters:

msg (EleMessage) – EdgeLock Enclave message to be sent

Raises:

• SPSDKError – If an invalid response status is detected or if communication fails

• SPSDKLengthError – If an invalid read back length is detected

Return type:

None

Module with the EdgeLock Enclave message constants

EdgeLock Enclave Message constants.

class spsdk.ele.ele_constants.EleCsalState(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE CSAL state.

ELE_CSAL_ERROR = (3, 'ELE_CSAL_ERROR', 'EdgeLock secure enclave random context initialization failed')

ELE_CSAL_NOT_READY = (0, 'ELE_CSAL_NOT_READY', 'EdgeLock secure enclave random context initialization is not done yet')

ELE_CSAL_ON_GOING = (1, 'ELE_CSAL_ON_GOING', 'EdgeLock secure enclave random context initialization is on-going')

ELE_CSAL_PAUSE = (4, 'ELE_CSAL_PAUSE', "EdgeLock secure enclave random context initialization is in 'pause' mode")

ELE_CSAL_READY = (2, 'ELE_CSAL_READY', 'EdgeLock secure enclave random context initialization succeed')

class spsdk.ele.ele_constants.EleFwStatus(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE Firmware status.

ELE_FW_STATUS_IN_PLACE = (1, 'ELE_FW_STATUS_IN_PLACE', 'Authenticated and operational')

ELE_FW_STATUS_NOT_IN_PLACE = (0, 'ELE_FW_STATUS_NOT_IN_PLACE', 'Not in place')

class spsdk.ele.ele_constants.EleImemState(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE IMEM state.

ELE_IMEM_LOADED = (202, 'ELE_IMEM_LOADED', 'The IMEM is fully loaded and all ELE functionality can be used')

ELE_IMEM_LOST = (254, 'ELE_IMEM_LOST', 'Some IMEM regions have been lost during power down and fw must be re-installed to use all ELE features')

class spsdk.ele.ele_constants.EleInfo2Commit(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE Information type to be committed.

NXP_FW_FUSE = (2, 'NXP_FW_FUSE', 'FW fuse version of the NXP container')

NXP_SRK_REVOCATION = (1, 'NXP_SRK_REVOCATION', 'SRK revocation of the NXP container')

OEM_FW_FUSE = (32, 'OEM_FW_FUSE', 'FW fuse version of the OEM container')

OEM_SRK_REVOCATION = (16, 'OEM_SRK_REVOCATION', 'SRK revocation of the OEM container')

class spsdk.ele.ele_constants.EleTrngState(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE TRNG state.

ELE_TRNG_ERROR = (4, 'ELE_TRNG_ERROR', 'TRNG encounter an error while generating entropy')

ELE_TRNG_GENERATING_ENTROPY = (2, 'ELE_TRNG_GENERATING_ENTROPY', 'TRNG is still generating entropy')

ELE_TRNG_NOT_READY = (0, 'ELE_TRNG_NOT_READY', "True random generator not started yet. Use 'start-trng' command")

ELE_TRNG_PROGRAM = (1, 'ELE_TRNG_PROGRAM', 'TRNG is in program mode')

ELE_TRNG_READY = (3, 'ELE_TRNG_READY', 'TRNG entropy is valid and ready to be read')

class spsdk.ele.ele_constants.KeyBlobEncryptionAlgorithm(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE KeyBlob encryption algorithms.

AES_CBC = (3, 'AES_CBC', 'KeyBlob encryption algorithm AES CBC')

AES_CTR = (4, 'AES_CTR', 'KeyBlob encryption algorithm AES CTR')

AES_XTS = (55, 'AES_XTS', 'KeyBlob encryption algorithm AES XTS')

SM4_CBC = (43, 'SM4_CBC', 'KeyBlob encryption algorithm SM4 CBC')

class spsdk.ele.ele_constants.KeyBlobEncryptionIeeCtrModes(tag, label, description=None)

Bases: SpsdkSoftEnum

IEE Keyblob mode attributes.

AesCTRWAddress = (2, 'CTR_WITH_ADDRESS', ' AES CTR w address binding mode')

AesCTRWOAddress = (3, 'CTR_WITHOUT_ADDRESS', ' AES CTR w/o address binding mode')

AesCTRkeystream = (4, 'CTR_KEY_STREAM', 'AES CTR keystream only')

class spsdk.ele.ele_constants.LifeCycle(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE life cycles.

LC_BLANK = (2, 'BLANK', 'Blank device')

LC_BRICKED = (1024, 'BRICKED', 'BRICKED')

LC_FAB = (4, 'FAB', 'Fab mode')

LC_NXP_FR = (256, 'NXP_FR', 'Field Return NXP')

LC_NXP_PROV = (8, 'NXP_PROV', 'NXP Provisioned')

LC_OEM_CLSD = (64, 'OEM_CLSD', 'OEM Closed')

LC_OEM_FR = (128, 'OEM_FR', 'Field Return OEM')

LC_OEM_LCKD = (512, 'OEM_LCKD', 'OEM Locked')

LC_OEM_OPEN = (16, 'OEM_OPEN', 'OEM Open')

LC_OEM_SWC = (32, 'OEM_SWC', 'OEM Secure World Closed')

class spsdk.ele.ele_constants.LifeCycleToSwitch(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE life cycles to switch request.

OEM_CLOSED = (8, 'OEM_CLOSED', 'OEM Closed')

OEM_LOCKED = (128, 'OEM_LOCKED', 'OEM Locked')

class spsdk.ele.ele_constants.MessageIDs(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE Messages ID.

ELE_COMMIT_REQ = (168, 'ELE_COMMIT_REQ', 'EdgeLock Enclave commit request.')

ELE_DERIVE_KEY_REQ = (169, 'ELE_DERIVE_KEY_REQ', 'Derive key')

ELE_DUMP_DEBUG_BUFFER_REQ = (33, 'ELE_DUMP_DEBUG_BUFFER_REQ', 'Dump the ELE logs')

ELE_ENABLE_APC_REQ = (210, 'ELE_ENABLE_APC_REQ', 'Enable APC (Application processor)')

ELE_ENABLE_RTC_REQ = (211, 'ELE_ENABLE_RTC_REQ', 'Enable RTC (Runtime processor)')

ELE_FWD_LIFECYCLE_UP_REQ = (149, 'ELE_FWD_LIFECYCLE_UP_REQ', 'Forward Lifecycle update')

ELE_FW_AUTH_REQ = (2, 'ELE_FW_AUTH_REQ', 'ELE firmware authenticate request.')

ELE_GET_EVENTS_REQ = (162, 'ELE_GET_EVENTS_REQ', 'Get Events')

ELE_OEM_CNTN_AUTH_REQ = (135, 'ELE_OEM_CNTN_AUTH_REQ', 'OEM Container authenticate')

ELE_RELEASE_CONTAINER_REQ = (137, 'ELE_RELEASE_CONTAINER_REQ', 'Release Container.')

ELE_RESET_APC_CTX_REQ = (216, 'ELE_RESET_APC_CTX_REQ', 'Reset APC Context')

ELE_VERIFY_IMAGE_REQ = (136, 'ELE_VERIFY_IMAGE_REQ', 'Verify Image')

GENERATE_KEY_BLOB_REQ = (175, 'GENERATE_KEY_BLOB_REQ', 'Generate KeyBlob request.')

GET_FW_STATUS_REQ = (197, 'GET_FW_STATUS_REQ', 'Get ELE FW status request.')

GET_FW_VERSION_REQ = (157, 'GET_FW_VERSION_REQ', 'Get firmware version request.')

GET_INFO_REQ = (218, 'GET_INFO_REQ', 'Get ELE Information request.')

GET_TRNG_STATE_REQ = (164, 'GET_TRNG_STATE_REQ', 'Get True Random Generator state request.')

LOAD_KEY_BLOB_REQ = (167, 'LOAD_KEY_BLOB_REQ', 'Load KeyBlob request.')

PING_REQ = (1, 'PING_REQ', 'Ping request.')

READ_COMMON_FUSE = (151, 'READ_COMMON_FUSE', 'Read common fuse request.')

READ_SHADOW_FUSE = (243, 'READ_SHADOW_FUSE', 'Read shadow fuse request.')

RESET_REQ = (199, 'RESET_REQ', 'System reset request.')

RETURN_LIFECYCLE_UPDATE_REQ = (160, 'RETURN_LIFECYCLE_UPDATE_REQ', 'Return lifecycle update request.')

START_RNG_REQ = (163, 'START_RNG_REQ', 'Start True Random Generator request.')

WRITE_FUSE = (214, 'WRITE_FUSE', 'Write fuse')

WRITE_SEC_FUSE_REQ = (145, 'WRITE_SEC_FUSE_REQ', 'Write secure fuse request.')

WRITE_SHADOW_FUSE = (242, 'WRITE_SHADOW_FUSE', 'Write shadow fuse')

class spsdk.ele.ele_constants.MessageUnitId(tag, label, description=None)

Bases: SpsdkSoftEnum

Message Unit ID.

APD_MU = (2, 'APD_MU', 'Application Processor message unit')

RTD_MU = (1, 'RTD_MU', 'Real Time Device message unit')

class spsdk.ele.ele_constants.ResponseIndication(tag, label, description=None)

Bases: SpsdkSoftEnum

ELE Message Response indication.

ELE_ABORT_IND = (255, 'ELE_ABORT_IND', 'Abort')

ELE_APC_ALREADY_ENABLED_FAILURE_IND = (203, 'ELE_APC_ALREADY_ENABLED_FAILURE_IND', 'APC already enabled failure')

ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND = (187, 'ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND', 'Authentication skipped or failed failure')

ELE_BAD_CERTIFICATE_FAILURE_IND = (252, 'ELE_BAD_CERTIFICATE_FAILURE_IND', 'Bad certificate failure')

ELE_BAD_CONTAINER_FAILURE_IND = (247, 'ELE_BAD_CONTAINER_FAILURE_IND', 'Bad container failure')

ELE_BAD_FUSE_ID_FAILURE_IND = (246, 'ELE_BAD_FUSE_ID_FAILURE_IND', 'Bad fuse ID failure')

ELE_BAD_HASH_FAILURE_IND = (241, 'ELE_BAD_HASH_FAILURE_IND', 'Bad hash failure')

ELE_BAD_ID_FAILURE_IND = (191, 'ELE_BAD_ID_FAILURE_IND', 'Bad ID failure')

ELE_BAD_IMAGE_ADDR_FAILURE_IND = (196, 'ELE_BAD_IMAGE_ADDR_FAILURE_IND', 'Bad image address failure')

ELE_BAD_IMAGE_NUM_FAILURE_IND = (195, 'ELE_BAD_IMAGE_NUM_FAILURE_IND', 'Bad image number failure')

ELE_BAD_IMAGE_PARAM_FAILURE_IND = (197, 'ELE_BAD_IMAGE_PARAM_FAILURE_IND', 'Bad image parameters failure')

ELE_BAD_IMAGE_TYPE_FAILURE_IND = (198, 'ELE_BAD_IMAGE_TYPE_FAILURE_IND', 'Bad image type failure')

ELE_BAD_KEY_HASH_FAILURE_IND = (250, 'ELE_BAD_KEY_HASH_FAILURE_IND', 'The key hash verification does not match OTP')

ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND = (254, 'ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND', 'Bad monotonic counter failure')

ELE_BAD_PAYLOAD_FAILURE_IND = (177, 'ELE_BAD_PAYLOAD_FAILURE_IND', 'Bad payload failure')

ELE_BAD_SIGNATURE_FAILURE_IND = (240, 'ELE_BAD_SIGNATURE_FAILURE_IND', 'Bad signature failure')

ELE_BAD_SRK_SET_FAILURE_IND = (239, 'ELE_BAD_SRK_SET_FAILURE_IND', 'Bad SRK set failure')

ELE_BAD_UID_FAILURE_IND = (253, 'ELE_BAD_UID_FAILURE_IND', 'Bad UID failure')

ELE_BAD_VALUE_FAILURE_IND = (245, 'ELE_BAD_VALUE_FAILURE_IND', 'Bad value failure')

ELE_BAD_VERSION_FAILURE_IND = (248, 'ELE_BAD_VERSION_FAILURE_IND', 'Bad version failure')

ELE_CORRUPTED_SRK_FAILURE_IND = (208, 'ELE_CORRUPTED_SRK_FAILURE_IND', 'Corrupted SRK failure')

ELE_CRC_ERROR_IND = (185, 'ELE_CRC_ERROR_IND', 'CRC error')

ELE_CSTM_FAILURE_IND = (207, 'ELE_CSTM_FAILURE_IND', 'CSTM failure')

ELE_DECRYPTION_FAILURE_IND = (169, 'ELE_DECRYPTION_FAILURE_IND', 'Decryption failure')

ELE_DISABLED_FEATURE_FAILURE_IND = (182, 'ELE_DISABLED_FEATURE_FAILURE_IND', 'Disabled feature failure')

ELE_DMA_FAILURE_IND = (181, 'ELE_DMA_FAILURE_IND', 'DMA failure')

ELE_ENCRYPTION_FAILURE_IND = (168, 'ELE_ENCRYPTION_FAILURE_IND', 'Encryption failure')

ELE_FW_PING_FAILURE_IND = (26, 'ELE_FW_PING_FAILURE_IND', 'Firmware ping failure')

ELE_INCONSISTENT_PAR_FAILURE_IND = (188, 'ELE_INCONSISTENT_PAR_FAILURE_IND', 'Inconsistent parameter failure')

ELE_INVALID_KEY_FAILURE_IND = (249, 'ELE_INVALID_KEY_FAILURE_IND', 'The key in the container is invalid')

ELE_INVALID_LIFECYCLE_IND = (242, 'ELE_INVALID_LIFECYCLE_IND', 'Invalid lifecycle')

ELE_INVALID_MESSAGE_FAILURE_IND = (244, 'ELE_INVALID_MESSAGE_FAILURE_IND', 'Invalid message failure')

ELE_INVALID_OPERATION_FAILURE_IND = (192, 'ELE_INVALID_OPERATION_FAILURE_IND', 'Invalid operation failure')

ELE_LOCKED_REG_FAILURE_IND = (190, 'ELE_LOCKED_REG_FAILURE_IND', 'Locked register failure')

ELE_MSG_TRUNCATED_IND = (194, 'ELE_MSG_TRUNCATED_IND', 'Message truncated failure')

ELE_MUST_ATTEST_FAILURE_IND = (183, 'ELE_MUST_ATTEST_FAILURE_IND', 'Must attest failure')

ELE_MUST_SIGNED_FAILURE_IND = (224, 'ELE_MUST_SIGNED_FAILURE_IND', 'Must be signed failure')

ELE_NON_SECURE_STATE_FAILURE_IND = (193, 'ELE_NON_SECURE_STATE_FAILURE_IND', 'Non secure state failure')

ELE_NO_AUTHENTICATION_FAILURE_IND = (238, 'ELE_NO_AUTHENTICATION_FAILURE_IND', 'No authentication failure')

ELE_NO_VALID_CONTAINER_FAILURE_IND = (251, 'ELE_NO_VALID_CONTAINER_FAILURE_IND', 'No valid container failure')

ELE_OLD_VERSION_FAILURE_IND = (206, 'ELE_OLD_VERSION_FAILURE_IND', 'Old version failure')

ELE_OTP_INVALID_IDX_FAILURE_IND = (173, 'ELE_OTP_INVALID_IDX_FAILURE_IND', 'OTP Invalid IDX failure')

ELE_OTP_LOCKED_FAILURE_IND = (171, 'ELE_OTP_LOCKED_FAILURE_IND', 'OTP locked failure')

ELE_OTP_PROGFAIL_FAILURE_IND = (170, 'ELE_OTP_PROGFAIL_FAILURE_IND', 'OTP program fail failure')

ELE_OUT_OF_MEMORY_IND = (209, 'ELE_OUT_OF_MEMORY_IND', 'Out of memory failure')

ELE_PERMISSION_DENIED_FAILURE_IND = (243, 'ELE_PERMISSION_DENIED_FAILURE_IND', 'Permission denied failure')

ELE_RNG_INST_FAILURE_IND = (189, 'ELE_RNG_INST_FAILURE_IND', 'Random number generator instantiation failure')

ELE_RNG_NOT_STARTED_FAILURE_IND = (184, 'ELE_RNG_NOT_STARTED_FAILURE_IND', 'Random number generator not started failure')

ELE_ROM_PING_FAILURE_IND = (10, 'ELE_ROM_PING_FAILURE_IND', 'ROM ping failure')

ELE_RTC_ALREADY_ENABLED_FAILURE_IND = (204, 'ELE_RTC_ALREADY_ENABLED_FAILURE_IND', 'RTC already enabled failure')

ELE_TIME_OUT_FAILURE_IND = (176, 'ELE_TIME_OUT_FAILURE_IND', 'Timeout  failure')

ELE_UNALIGNED_PAYLOAD_FAILURE_IND = (166, 'ELE_UNALIGNED_PAYLOAD_FAILURE_IND', 'Un-aligned payload failure')

ELE_WRONG_ADDRESS_FAILURE_IND = (180, 'ELE_WRONG_ADDRESS_FAILURE_IND', 'Wrong address failure')

ELE_WRONG_BOOT_MODE_FAILURE_IND = (205, 'ELE_WRONG_BOOT_MODE_FAILURE_IND', 'Wrong boot mode failure')

ELE_WRONG_SIZE_FAILURE_IND = (167, 'ELE_WRONG_SIZE_FAILURE_IND', 'Wrong size failure')

class spsdk.ele.ele_constants.ResponseStatus(tag, label, description=None)

Bases: SpsdkEnum

ELE Message Response status.

ELE_FAILURE_IND = (41, 'Failure', 'The request failed')

ELE_SUCCESS_IND = (214, 'Success', 'The request was successful')

class spsdk.ele.ele_constants.SocId(tag, label, description=None)

Bases: SpsdkSoftEnum

SOC Identification.

MX8ULP = (2125, 'MX8ULP', 'i.MX8ULP')

MX93 = (37632, 'MX93', 'i.MXRT93')

MX95 = (38144, 'MX95', 'i.MXRT95')

RT1180 = (4480, 'RT1180', 'i.MXRT1180')