WPC Provisioning API#
WPC provisioning consists of two major parts:
Service adapter
Target adapter
Service adapter’s responsibility is to provide WPC Certificate chain. Target adapter is then responsible to injecting said chain into the target.
Out-of-the-box SPSDK provides one Service adapter using EL2GO and one Target adapter using MBoot/BLhost.
WPC Service adapter using EL2GO#
- class spsdk.wpc.service_el2go.WPCCertificateServiceEL2GO(url, qi_id, api_key, family, timeout=60)#
Bases:
WPCCertificateService
EdgeLock2GO adapter providing WPC Certificate Chain.
Initialize the EL2GO adapter.
- Parameters:
url (
str
) – URL to EL2GO WPC serviceqi_id (
Union
[str
,int
]) – Customer’s Qi IDapi_key (
str
) – Customer’s EL2GO REST API access tokencorrelation_id – Customer’s EL2GO Correlation ID, defaults to None
timeout (
int
) – REST API request timeout in seconds
- classmethod from_config(config_data, search_paths=None)#
Create instance of this class based on configuration data.
__init__ method of this class will be called with data from config_data. To limit the scope of data, set cls.CONFIG_PARAMS (key in config data).
- Parameters:
config_data (
dict
) – Configuration datasearch_paths (
Optional
[list
[str
]]) – Paths where to look for files referenced in config data, defaults to None
- Return type:
Self
- Returns:
Instance of this class
- classmethod get_validation_schema()#
Get JSON schema for validating configuration data.
- Return type:
dict
- get_wpc_cert(wpc_id_data)#
Obtain the WPC Certificate Chain.
- Return type:
-
identifier:
str
= 'el2go'#
WPC Target adapter using MBoot#
- class spsdk.wpc.target_mboot.WPCTargetMBoot(family, **kwargs)#
Bases:
WPCTarget
WPC Target adapter using MBoot interface.
Initialize WPC Target adapter.
- Parameters:
family (
str
) – Target family namekwargs (
str
) – Dictionary containing interface definition. Examples: “port”: “com4”, “usb”:”0x1fc9:0x014f”, “plugin”: “identifier=my_plugin,param1=value1”
- get_low_level_wpc_id()#
Get the lower-level WPC ID from the target.
- Return type:
bytes
- classmethod get_validation_schema()#
Get JSON schema for validating configuration data.
- Return type:
dict
-
identifier:
str
= 'mboot'#
- sign(data)#
Sign data by the target.
- Return type:
bytes
- wpc_insert_cert(cert_chain, reset=True)#
Insert the WPC Certificate Chain into the target.
- Parameters:
cert_chain (
WPCCertChain
) – Certificate chain to insert into the targetreset (
bool
) – Perform reset if the target requires it. With this option you may disable required reset (for testing purposes)
- Raises:
SPSDKWPCError – Error during certificate chain insertion
- Return type:
bool
- Returns:
True if operation finishes successfully
Creating your own WPC Service/Target adapters#
To create your own Service adapter, create new class derived from WPCCertificateService
.
To create your own Target adapter, create new class derived from WPCTarget
.
Service is responsible to provide WPC Certificate Chain as WPCCertChain
via get_wpc_cert()
.
Target adapters then injects said certificate chain into the target using wpc_insert_cert()
.
Both WPCCertificateService
and WPCTarget
base-classes are using common approach regarding regarding instantiation via configuration data defined in BaseWPCClass
.
Each derived class should implement get_validation_schema()
. This method should return a JSON validation schema which is used for both configuration template creation and validating configuration data specific for each class.
Derived class can be then instantiated via from_config()
Method validates configuration data and passes the data into the __init__ method
To see a practical example on how to create your own Service, please see Creating a custom WPC Service adapter
- class spsdk.wpc.utils.WPCCertificateService(family)#
Bases:
BaseWPCClass
Base class for service adapters providing the WPC Certificate Chain.
Initialize WPC target.
- Parameters:
family (
str
) – Target family name- Raises:
SPSDKWPCError – Family is not supported as WPC target
-
CONFIG_PARAMS:
str
= 'service_parameters'#
- abstract get_wpc_cert(wpc_id_data)#
Obtain the WPC Certificate Chain.
- Parameters:
wpc_id_data (
bytes
) – WPC ID provided by the target- Return type:
- Returns:
WPC Certificate Chain
- class spsdk.wpc.utils.WPCTarget(family)#
Bases:
BaseWPCClass
Base class for adapters providing connection to a target.
Initialize WPC target.
- Parameters:
family (
str
) – Target family name- Raises:
SPSDKWPCError – Family is not supported as WPC target
-
CONFIG_PARAMS:
str
= 'target_parameters'#
- abstract get_low_level_wpc_id()#
Get the lower-level WPC ID from the target.
- Return type:
bytes
- get_wpc_id()#
Get the WPC ID from the target.
- Return type:
bytes
- sign(data)#
Sign data by the target.
- Return type:
bytes
- abstract wpc_insert_cert(cert_chain)#
Insert the WPC Certificate Chain into the target.
- Parameters:
cert_chain (
WPCCertChain
) – Certificate chain to insert into the target- Raises:
SPSDKWPCError – Error during certificate chain insertion
- Return type:
bool
- Returns:
True if operation finishes successfully
- class spsdk.wpc.utils.BaseWPCClass(family)#
Bases:
ABC
Base abstract class for both WPC Service and Target.
Initialize WPC target.
- Parameters:
family (
str
) – Target family name- Raises:
SPSDKWPCError – Family is not supported as WPC target
-
CONFIG_PARAMS:
str
#
- classmethod from_config(config_data, search_paths=None)#
Create instance of this class based on configuration data.
__init__ method of this class will be called with data from config_data. To limit the scope of data, set cls.CONFIG_PARAMS (key in config data).
- Parameters:
config_data (
dict
) – Configuration datasearch_paths (
Optional
[list
[str
]]) – Paths where to look for files referenced in config data, defaults to None
- Return type:
Self
- Returns:
Instance of this class
- classmethod get_providers()#
Get available WPC Service/Target Providers.
- Return type:
dict
[str
,Type
[Self
]]
- classmethod get_supported_families()#
Get family names supported by WPCTarget.
- Return type:
list
[str
]
- classmethod get_validation_schema()#
Get JSON schema for validating configuration data.
- Return type:
dict
-
identifier:
str
#
- legacy_identifier_name = 'NAME'#
- classmethod validate_config(config_data, search_paths=None)#
Validate configuration data using JSON schema specific to this class.
- Parameters:
config_data (
dict
) – Configuration datasearch_paths (
Optional
[list
[str
]]) – Paths where to look for files referenced in config data, defaults to None
- Return type:
None
- class spsdk.wpc.utils.WPCCertChain(root_ca_hash, manufacturer_cert, product_unit_cert)#
Bases:
object
WPC Certificate Chain.
-
root_ca_hash:
bytes
#
-
manufacturer_cert:
Certificate
#
-
product_unit_cert:
Certificate
#
- get_puk_offset(pu_cert_only=False)#
Get offset to the Product Unit Certificate public key.
- Parameters:
pu_cert_only (
bool
) – Get the offset relative to start of the Product Unit Certificate, defaults to False- Return type:
int
- Returns:
Offset to the Product Unit Certificate public key.
- get_rsid_offset(pu_cert_only=False)#
Get offset to the Revocation Sequential Identifier.
- Parameters:
pu_cert_only (
bool
) – Get the offset relative to Product Unit Certificate, defaults to False- Return type:
int
- Returns:
Offset to the Revocation ID.
- get_rsid()#
Get the Revocation Sequential Identifier.
- Return type:
bytes
- export()#
Export WPC Certificate Chain into bytes.
- Return type:
bytes
- classmethod parse(data)#
Parse data into WPC Certificate Chain object.
- Return type:
Self
- classmethod load(path)#
Load WPC Certificate Chain from a file.
- Parameters:
path (
str
) – Path to a file- Return type:
Self
- Returns:
WPC Certificate Chain object
- save(chain_path=None, root_hash_path=None, manufacturer_path=None, product_unit_path=None)#
Save WPC Certificate Chain into file(s).
- Parameters:
chain_path (
Optional
[str
]) – Path where to store the whole chain, defaults to Noneroot_hash_path (
Optional
[str
]) – Path where to store only the WPC Root Cert hash, defaults to Nonemanufacturer_path (
Optional
[str
]) – Path where to store only the Manufacturer Certificate, defaults to Noneproduct_unit_path (
Optional
[str
]) – Path where to store only the Product Unit Certificate, defaults to None
- Return type:
None
-
root_ca_hash:
Utilities for generating/validating configuration files#
- spsdk.wpc.utils.generate_template_config(family, service, target)#
Generate configuration YAML template.
- Parameters:
family (
str
) – Name of the target familyservice (
Type
[WPCCertificateService
]) – WPC Service adapter classtarget (
Type
[WPCTarget
]) – WPC Target adapter class
- Return type:
str
- Returns:
Configuration template in YAML format
- spsdk.wpc.utils.check_main_config(config_data, search_paths=None, scope=ConfigCheckScope.FULL)#
Check top layer of config data.
- Parameters:
config_data (
dict
) – Configuration data from config filesearch_paths (
Optional
[list
[str
]]) – List of paths where to look for files and directories in config data, defaults to Nonescope (
ConfigCheckScope
) – Scope of the config file check
- Raises:
SPSDKError – Configuration contains invalid data or some data is missing
- Return type:
None