User Guide - blhost#
This user’s guide describes how to interface with the MCU bootloader using blhost application.
The blhost application is a command-line utility used on the host computer to initiate communication and issue commands to the MCU bootloader. The application only sends one command per invocation.
Communication#
The blhost application can communicate directly with the MCU bootloader over the host computer’s UART (Serial Port) or USB connections.
MCU bootloader typically supports other peripherals such as I2C, SPI, and CAN. However, the blhost application cannot interface with the MCU bootloader over these transports without external hardware.
blhost - USB#
blhost could be connected to MCU Bootloader over USB HID.
blhost - UART#
blhost could be connected to MCU bootloader over UART.
blhost - BUSPAL#
The BusPal acts as a bus translator running on selected platforms. BusPal assists blhost in carrying out commands and responses from the target device through an established connection with blhost over UART, and the target device over I2C, SPI, or CAN.
blhost - LPCUSBSIO#
LPCUSBSIO - LPC USB Serial I/O(LPCUSBSIO), a firmware built in LPC Link2. The LPCUSBSIO acts as a bus translator, and establishes connection with blhost over USB-HID, and the MCU bootloader device over I2C and SPI.
blhost - CAN#
blhost could be connected to MCU bootloader over CAN. Support is based on python-can library. Refer to the documentation of python-can for more information. https://python-can.readthedocs.io/en/stable/ In order to use CAN, extras must be installed with “pip install spsdk[can]”.
MCU bootloader#
The MCU bootloader is intended to be the standard bootloader for all MCU devices. It provides a standard interface to the device using any of the peripherals supported by the bootloader on a given NXP MCU device.
The MCU bootloader is available as source code for customer and flash-based implementations. There are example applications in the package which demonstrates how to interface with the MCU bootloader.
MCU Bootloader for NXP Microcontrollers
MCU bootloader properties#
Current version#
The value of this property is a 4-byte structure containing the current version of the bootloader. This property is encoded in a one-word value.
Bit |
[31:24] |
[23:16] |
[15:8] |
[7:0] |
Field |
Name |
Major Version |
Minor Version |
Bugfix version |
Available peripherals#
The value of this property is a one-word bitfield that lists the peripherals supported by the bootloader and the hardware on which it is running.
Bit |
5 |
4 |
3 |
2 |
1 |
0 |
Peripheral |
Reserved |
USB HID |
CAN |
SPI Slave |
I2C Slave |
UART |
Available commands#
This property value is a bitfield with bits set corresponding to commands enabled in the bootloader.
The bit number that identifies whether a command is present is the command’s tag value minus 1. To get the bit mask for a given command, use this expression
mask = 1 << (tag - 1)
1 |
flash-erase-all (0x01) |
2 |
flash-erase-region (0x02) |
3 |
read-memory (0x03) |
4 |
write-memory (0x04) |
5 |
fill-memory (0x05) |
6 |
flash-security-disable (0x06) |
7 |
get-property (0x07) |
8 |
receive-sb-file (0x08) |
9 |
execute (0x09) |
10 |
call (0x0a) |
11 |
reset (0x0b) |
12 |
set-property (0x0c) |
13 |
flash-erase-all-unsecure (0x0d) |
14 |
flash-program-once (0x0e) |
15 |
flash-read-once (0x0f) |
16 |
flash-read-resource (0x10) |
17 |
configure-memory (0x11) |
18 |
reliable-update (0x12) |
19 |
generate-key-blob (0x13) |
20 |
program-fuse (0x14) |
21 |
key-provisioning (0x15) |
22 |
trust-provisioning (0x16) |
23 |
fuse-read (0x17) |
24 |
update-life-cycle(0x18) |
[31:25] |
reserved |
MCU Bootloader operation#
The correct use of blhost program requires a connection to a MCU device running the MCU bootloader command interface. The diagram shows a simplified view of the MCU bootloader state machine that shows the states relevant to blhost application.
After reset, the bootloader monitors all enabled peripheral devices, UART, I2C, SPI, CAN, USB-HID, and USB-MSC for active communication. After communication is established, all peripherals except the active peripheral are shut down, and the bootloader enters the command processing state.
If the bootloader is in the “Detect Active Peripheral” state, the first use of blhost application establishes the active peripheral and the bootloader transitions to the “Process Commands” state. The active peripheral is established according to the transport used by the initial blhost invocation.
For example, if the -u option was successfully used to send the initial command, the USB-HID is the active peripheral and all future commands must use the -u
option unless the bootloader is reset.
If the -p COMx
option is used, the UART is the active peripheral and all future commands must use the –p COMx
option unless the bootloader is reset. For the UART peripheral, the baud rate is automatically determined by the bootloader when processing the initial ping. Therefore, subsequent blhost invocations must specify the same baud rate as was used for the initial invocation unless the bootloader is reset. If the baud rate is not specified using the -p COMx,<baudrate>
option, the UART baud rate is set to 57600.
Note
After the MCU bootloader is in the “Process Commands” state, the device has to be reset to communicate over a different peripheral or at a different baud rate over the same UART peripheral.
Command line interface#
blhost consist of a set of sub-commands followed by options and arguments. The options and the sub-command are separated with a ‘–’.
blhost [options] -- [sub-command]
The “help” guide of blhost lists all of the options and sub-commands supported by the blhost utility.
blhost --help
All sub-commands are not supported on all MCU bootloader platforms. If a sub-command is not supported by the MCU bootloader, it returns k_StatusUnknownCommand
.
When flash security is enabled, only the get-property
, set-property
, reset
, flash-security-disable
, and flash-erase-all-unsecure
sub-commands are supported. The MCU bootloader returns kStatus_SecurityViolation
if a sub-command is received that is not supported due to flash security settings.
blhost#
Utility for communication with the bootloader on target.
blhost [OPTIONS] COMMAND [ARGS]...
Options
- -p, --port <COM[,speed>#
Serial port configuration. Default baud rate is 57600. Use ‘nxpdevscan’ utility to list devices on serial port.
- -u, --usb <VID:PID|USB_PATH|DEV_NAME>#
USB device identifier. | Following formats are supported: <vid>, <vid:pid> or <vid,pid>, device/instance path, device name. | <vid>: hex or dec string; e.g. 0x0AB12, 43794. | <vid/pid>: hex or dec string; e.g. 0x0AB12:0x123, 1:3451. | Use ‘nxpdevscan’ utility to list connected device names.
- -sd, --sdio <SDIO_PATH|DEV_NAME>#
SDIO device identifier.
Following formats are supported: device/instance path, device name.device/instance path: device string; e.g. /dev/mcu-sdio.Use ‘nxpdevscan’ utility to list connected device names.
- -l, --lpcusbsio <usb,VID:PID|USB_PATH|SER_NUM,]spi|i2c>#
USB-SIO bridge interface.
Optional USB device filtering formats: [usb,vid:pid|usb_path|serial_number]
Following serial interfaces are supported:
spi[index][,port,pin,speed_kHz,polarity,phase]- index … optional index of SPI peripheral. Example: “spi1” (default=0)- port … bridge GPIO port used as SPI SSEL(default=0)- pin … bridge GPIO pin used as SPI SSELdefault SSEL is set to 0.15 which worksfor the LPCLink2 bridge. The MCULink OBbridge ignores the SSEL value anyway.(default=15)- speed_kHz … SPI clock in kHz (default 1000)- polarity … SPI CPOL option (default=1)- phase … SPI CPHA option (default=1)- nirq_port … nIRQ port number (default None)- nirq_pin … nIRQ pin number (default None)i2c[index][,address,speed_kHz]- index … optional index of I2C peripheral. Example: “i2c1” (default=0)- address … I2C device address (default 0x10)- speed_kHz … I2C clock in kHz (default 100)- nirq_port … nIRQ port number (default None)- nirq_pin … nIRQ pin number (default None)Following types of interface configuration formats are supported:- string with coma separated arguments i.e. spi1,0,15,1000,1- string with coma separated keyword arguments (the order may not be maintained) i.e.spi1,port=0,speed_kHz=1000,nirq_port=1,nirq_pin=7- string with combination of coma separated arguments and keyword arguments i.e.spi1,0,15,nirq_port=1,nirq_pin=7
- -cb, --can <interface[,channel,bitrate,rxid,txid>#
CAN Bus settings
interface[,channel,bitrate,rxid,txid]- interface … CAN interface name (refer to python-can library)- channel … CAN channel number- bitrate … CAN bitrate (default=1000000)- rxid … default arbitration ID for RX (default=0x123)- txid … default arbitration ID for TX (default=0x321)
- -b, --buspal <spi[,speed,polarity,phase,lsb|msb] | i2c[,address,speed>#
Buspal settings
- -x, --plugin <identifier=PLUGIN_IDENTIFIER[,param1=value1,param2=value2>#
Plugin interface settings.
Following format of plugin setting is supported:
identifier=<PLUGIN_IDENTIFIER>[,<key1>=<value1>,<key2>=<value2>,…]- <PLUGIN_IDENTIFIER>: Corresponds to the ‘identifier’ attribute of the plugin class- <key1>=<value1>: Represent a single interface parameterOptional interface settings:- Any number of optional <key>=<value> scan settings separated by comma can be defined- The <key>=<value> pairs are used as keyword parameters for ‘scan’ method of a plugin class
- -t, --timeout <ms>#
Sets timeout when waiting on data over a serial line. The default is 5000 milliseconds.
- -j, --json#
Use JSON output
- -v, --verbose#
Print more detailed information
- -vv, --debug#
Display more debugging information.
- --version#
Show the version and exit.
- --help#
Show this message and exit.
- -s, --silent#
Silent mode suppresses progress bar and status response
blhost reset#
Resets the device.
A response packet is sent before resetting the device.
blhost reset [OPTIONS]
After the reset the device boots from flash and user image is programmed successfully using ROM bootloader.
Note
After issuing the reset sub-command, allow 5 seconds for the user application to start running from flash.
blhost get-property#
Queries various bootloader properties and settings.
Each supported property has a unique <PROPERTY_TAG>.
blhost get-property [OPTIONS] PROPERTY_TAG [INDEX]
Options
- -f, --family <family>#
Select the chip family.
- Options:
k32w148 | kw45b41z5 | kw45b41z8 | kw47b42z83 | kw47b42z96 | kw47b42z97 | kw47b42zb2 | kw47b42zb3 | kw47b42zb6 | kw47b42zb7 | kw47z42082 | kw47z42092 | kw47z420b2 | kw47z420b3 | mcxa132 | mcxa133 | mcxa142 | mcxa143 | mcxa144 | mcxa145 | mcxa146 | mcxa152 | mcxa153 | mcxa154 | mcxa155 | mcxa156 | mcxa165 | mcxa166 | mcxa175 | mcxa176 | mcxa275 | mcxa276 | mcxw716a | mcxw716c | mcxw727a | mcxw727c | mcxw727d
Arguments
- PROPERTY_TAG#
Required argument
- INDEX#
Optional argument
Note
Not all properties are supported by all target. To check the supported properties, see the target’s user manual or the reference manual.
Internal Memory |
Device internal memory space |
---|---|
0 |
Internal Memory (Default selected memory) |
16 (0x10) |
Execute-only region on internal flash (Only used for flash-erase-all) |
Mapped |
The memories that are remapped to internal space, and must be accessed |
1 |
QuadSPI Memory |
8 |
SEMC NOR Memory |
9 |
FlexSPI NOR Memory |
10 (0xa) |
SPIFI NOR Memory |
Unmapped |
Memories which cannot be remapped to internal space, and only can be |
256 (0x100) |
SEMC NAND Memory |
257 (0x101) |
SPI NAND Memory |
272 (0x110) |
SPI NOR/EEPROM Memory |
273 (0x111) |
I2C NOR/EEPROM Memory |
288 (0x120) |
uSDHC SD Memory |
289 (0x121) |
uSDHC MMC Memory |
blhost set-property#
Changes properties and options in the bootloader.
Accepts the same <PROPERTY_TAG> used with the get-property sub-command; however, only some properties are writable.
blhost set-property [OPTIONS] PROPERTY_TAG VALUE
Options
- -f, --family <family>#
Select the chip family.
- Options:
k32w148 | kw45b41z5 | kw45b41z8 | kw47b42z83 | kw47b42z96 | kw47b42z97 | kw47b42zb2 | kw47b42zb3 | kw47b42zb6 | kw47b42zb7 | kw47z42082 | kw47z42092 | kw47z420b2 | kw47z420b3 | mcxa132 | mcxa133 | mcxa142 | mcxa143 | mcxa144 | mcxa145 | mcxa146 | mcxa152 | mcxa153 | mcxa154 | mcxa155 | mcxa156 | mcxa165 | mcxa166 | mcxa175 | mcxa176 | mcxa275 | mcxa276 | mcxw716a | mcxw716c | mcxw727a | mcxw727c | mcxw727d
Arguments
- PROPERTY_TAG#
Required argument
- VALUE#
Required argument
Note
If an attempt to write a read-only property is made, an error is returned indicating the property is read-only and cannot be changed.
Properties that can be changed all have 32-bit values.
blhost flash-erase-region#
Erases one or more sectors of the flash memory.
The start <ADDRESS> and <BYTE_COUNT> must be a multiple of the word size. The entire sector(s) containing the start and end address is erased.
blhost flash-erase-region [OPTIONS] ADDRESS BYTE_COUNT [MEMORY_ID]
Arguments
- ADDRESS#
Required argument
- BYTE_COUNT#
Required argument
- MEMORY_ID#
Optional argument
Note
If the VerifyWrites property is enabled, the sub-command performs a flash verify erase operation.
blhost flash-erase-all#
Performs an erase of the entire flash memory.
blhost flash-erase-all [OPTIONS] [MEMORY_ID]
Arguments
- MEMORY_ID#
Optional argument
Note
If any flash regions are protected, the sub-command fails with an error.
If any flash regions are reserved by the bootloader, they are ignored (not erased).
If the VerifyWrites property is enabled, the flash-erase-all sub-command performs a flash verify erase all operation, or multiple flash verify erase options if decomposed due to reserved regions.
blhost flash_security_disable#
Disable flash security by using of backdoor key.
blhost flash_security_disable [OPTIONS] KEY
Arguments
- KEY#
Required argument
Note
Performs the flash security disable operation by comparing the provided 8-byte backdoor key against the backdoor key stored in the Flash Configuration Field at address 0x400 in flash.
If the backdoor key comparison fails, further attempts to disable security with this command fails until the system is reset.
Backdoor key access must be enabled by setting the KEYEN bitfield of the FSEC byte in the Flash Configuration Field to 0b10. It is disabled by default. The backdoor key in the Flash Configuration Field must also be set to a value other than all zeros or all ones.
blhost read-memory#
Reads the memory and writes it to the file or stdout.
Returns the contents of memory at the given <ADDRESS>, for a specified <BYTE_COUNT>.
blhost read-memory [OPTIONS] ADDRESS BYTE_COUNT FILE [MEMORY_ID]
Options
- -h, --use-hexdump#
Use hexdump format
- -f, --fast-mode#
Fast mode for USB-HID data transfer, not reliable !!!
Arguments
- ADDRESS#
Required argument
- BYTE_COUNT#
Required argument
- FILE#
Optional argument
- MEMORY_ID#
Optional argument
Note
This sub-command can read any region of memory accessible by the CPU and not protected by security. This includes flash, RAM, and peripheral registers.
Note that the minimum profile does not support reading the peripheral register space.
blhost write-memory#
Writes memory from a file or a hex-data.
Writes memory specified by <MEMORY_ID> at <ADDRESS> from <FILE> or <HEX-DATA> Writes a provided buffer to a specified <BYTE_COUNT> in memory.
blhost write-memory [OPTIONS] ADDRESS FILE[,BYTE_COUNT] | {{HEX-DATA}}
[MEMORY_ID]
Arguments
- ADDRESS#
Required argument
- FILE[,BYTE_COUNT] | {{HEX-DATA}}#
Required argument
- MEMORY_ID#
Optional argument
Note
Can write to all accessible memory, including flash, RAM, and peripheral registers. However, if flash protection is enabled, writes to protected sectors fails. Data specified by file is treated as binary data.
Any flash sector written to must be previously erased with either a flash-erase-all, flash-erase-region, or flash-erase-allunsecure sub-command.
Writing to flash requires the start address to be word aligned. The byte count is rounded up to a multiple of the word size, and trailing bytes are filled with the flash erase pattern (0xff).
Word and half-word-aligned and sized writes to RAM and peripheral registers use appropriately sized writes. This enables writing to registers larger than a byte in a single bus transaction.
Note that the minimum profile does not support writing to the peripheral register space.
If the VerifyWrites property is enabled, writes to flash performs a flash verify program operation.
blhost list-memory#
Lists all memories, supported by the current device.
blhost list-memory [OPTIONS]
blhost receive-sb-file#
Receives a file in a Secure Binary (SB) format.
An SB file is an encapsulated, binary stream of bootloader commands that can be optionally encrypted.
blhost receive-sb-file [OPTIONS] FILE
Options
- -c, --check-errors#
This flag should be used when the receive-sb-file operation fails using USB interface. Without this flag USB transfer is significantly faster (roughly 20x) However, the status code might be misleading in case of an error. In case of an error using USB interface, rerun receive-sb-file with this setting for clearer error message. This setting has no effect interfaces other than USB.
Arguments
- FILE#
Required argument
Note
The SB file format is described in the documentation for nxpimage and can be created using the nxpimage tool.
Note that if the SB file contains a JUMP command, the receive-sb-file sub-command is aborted at the point of the jump, and a status of kStatus_AbortDataPhase is returned.
blhost execute#
Jumps to code at the provided address.
The system is returned to a reset state before the jump. The function <ARGUMENT> parameter is passed in R0 to the called code.
The main stack pointer and process stack pointer registers are set to the <STACKPOINTER> parameter. If set to zero, the code being called should set the stack pointer before using the stack.
blhost execute [OPTIONS] ADDRESS ARGUMENT STACKPOINTER
Arguments
- ADDRESS#
Required argument
- ARGUMENT#
Required argument
- STACKPOINTER#
Required argument
Warning
For LPC55S0x/1x/2x/6x
ADDRESS – should be set to initial PC value of the image to be executed. You can read the value from the binary of the application image (second 32-bit word in the application binary)
ARGUMENT – image start address (location in memory where the image is loaded)
STACKPOINTER – should be set to initial SP value of the image to be executed. You can read the value from the binary of the application image (first 32-bit word in the application binary)
Note
The effective prototype of the called function is:
void function(uint32_t arg);
blhost call#
Invokes code at an address, passing an argument to it.
blhost call [OPTIONS] ADDRESS ARGUMENT
Arguments
- ADDRESS#
Required argument
- ARGUMENT#
Required argument
Note
The function that is called has the same prototype as for the one called by the execute command.
Because the intention is to return to the bootloader after the function executes, the function must not perform any action that would interfere with the bootloader operation. In particular, the following restrictions apply:
Do not use interrupts because the interrupt vectors are still owned by the bootloader.
Do not modify any memory locations used by the bootloader (use “get-property 12” to determine reserved regions).
Do not modify any pin mux or clock settings used by bootloader peripherals.
blhost flash-program-once#
Writes provided data to a specific program once field.
blhost flash-program-once [OPTIONS] INDEX {4|8} DATA [LSB|MSB]
Arguments
- INDEX#
Required argument
- BYTE_COUNT#
Required argument
- DATA#
Required argument
- [LSB|MSB]#
Optional argument
Note
Special care must be taken when writing to program once field. The program once field only supports programming once.
Any attempts to reprogram a program once field gets an error response. The number of bytes to be written must be 4-byte aligned for non-FAC fields, and be 8-byte aligned for FAC fields.
blhost flash-read-once#
Returns the contents of a specific program once field.
blhost flash-read-once [OPTIONS] INDEX {4|8}
Arguments
- INDEX#
Required argument
- BYTE_COUNT#
Required argument
blhost efuse-program-once#
Writes data to a specific efuse word.
Each efuse bit can only be programmed once.
blhost efuse-program-once [OPTIONS] ADDRESS DATA [nolock/lock]
Options
- -v, --verify, --no-verify#
Verify write operation (don’t verify by default)
Arguments
- ADDRESS#
Required argument
- DATA#
Required argument
- [nolock/lock]#
Optional argument
blhost efuse-read-once#
Returns the contents of a specific efuse word.
blhost efuse-read-once [OPTIONS] ADDRESS
Arguments
- ADDRESS#
Required argument
blhost flash-read-resource#
Read resource of flash module.
Reads the contents of Flash IFR or Flash Firmware ID as specified by option and writes result to file or stdout if file is not specified.
blhost flash-read-resource [OPTIONS] ADDRESS LENGTH {0|1} FILE
Options
- -h, --use-hexdump#
Use hexdump format
Arguments
- ADDRESS#
Required argument
- LENGTH#
Required argument
- OPTION#
Required argument
- FILE#
Optional argument
blhost configure-memory#
Sets a config at internal memory to memory with ID.
The specified configuration block must have been previously written to memory using the write-memory command.
blhost configure-memory [OPTIONS] MEMORY_ID ADDRESS
Arguments
- MEMORY_ID#
Required argument
- ADDRESS#
Required argument
Note
The format of the configuration block is described in the MCU Bootloader Reference Manual document.
blhost flash-image#
Write the formatted image in <FILE> to the memory specified by memoryID.
blhost flash-image [OPTIONS] FILE [ERASE] [MEMORY_ID]
Arguments
- FILE#
Required argument
- ERASE#
Optional argument
- MEMORY_ID#
Optional argument
Note
Write the formatted image in <file> to the memory specified by memoryID. Supported file types are S-Record (.srec and .s19), and Hex (.hex). Flash is erased before writing if [erase] is ‘erase’ or 1. This blhost command does not directly correspond to a bootloader command, but may send multiple bootloader commands to perform the operation.
blhost generate-key-blob#
Generates the Key Blob, and writes it to the file.
<KEY_SEL> selects the blob key encryption key(BKEK) used to generate the key blob.
blhost generate-key-blob [OPTIONS] DEK_FILE BLOB_FILE [KEY_SEL]
Arguments
- DEK_FILE#
Required argument
- BLOB_FILE#
Required argument
- [KEY_SEL]#
Optional argument
blhost key-provisioning#
Group of sub-commands related to key provisioning.
blhost key-provisioning [OPTIONS] COMMAND [ARGS]...
enroll#
Enrolls key provisioning feature. No argument for this operation.
blhost key-provisioning enroll [OPTIONS]
read_key_nonvolatile#
Loads the key from nonvolatile memory to bootloader.
blhost key-provisioning read_key_nonvolatile [OPTIONS] memoryID
Arguments
- memoryID#
Optional argument
read_key_store#
Reads the key store from the bootloader to host(PC).
<FILE> is the binary file to store the key store.
blhost key-provisioning read_key_store [OPTIONS] FILE
Arguments
- FILE#
Required argument
set_key#
Generates a size bytes of the key specified by the type.
blhost key-provisioning set_key [OPTIONS] TYPE SIZE
Arguments
- TYPE#
Required argument
- SIZE#
Required argument
set_user_key#
Sends the user key specified by type to the bootloader.
<FILE> is the binary file containing user key plain text. If <SIZE> is not specified, the entire <FILE> will be sent. Otherwise, blhost only sends the first <SIZE> bytes.
blhost key-provisioning set_user_key [OPTIONS] TYPE FILE[,SIZE]
Options
- -s, --key-size <key_size>#
Key size in bits. If this field is defined, the command could load as text as binary form of key.
Arguments
- TYPE#
Required argument
- FILE[,SIZE]#
Required argument
write_key_nonvolatile#
Writes the key to nonvolatile memory.
blhost key-provisioning write_key_nonvolatile [OPTIONS] memoryID
Arguments
- memoryID#
Optional argument
write_key_store#
Sends the key store to the bootloader.
<FILE> is the binary file containing key store. If <SIZE> is not specified, the entire <FILE> will be sent. Otherwise, only send the first <SIZE> bytes.
blhost key-provisioning write_key_store [OPTIONS] FILE[,SIZE]
Arguments
- FILE[,SIZE]#
Required argument
blhost program-aeskey#
Sends raw binary, which contains an aes key, to the devices and program it to the OTP field.
blhost program-aeskey [OPTIONS] FILE
Arguments
- FILE#
Required argument
blhost flash-erase-all-unsecure#
Erase complete flash memory and recover flash security section.
blhost flash-erase-all-unsecure [OPTIONS]
Note
This command is only supported in new versions of the flash controller. Most MCU devices do not support this command, and the bootloader sends a kStatus_UnknownCommand error in response.
Performs a mass erase of the flash memory, including protected sectors and any reserved regions in flash. Flash security is immediately disabled if it was enabled and the FSEC byte in the Flash Configuration Field at address 0x40C is programmed to 0xFE.
The Mass Erase Enable option in the FSEC field is honored by this command. If mass erase is disabled, then this command fails.
This command is only useful and only present in ROM configurations of the bootloader because it erases reserved regions in flash.
blhost reliable-update#
Reliable Update.
blhost reliable-update [OPTIONS] ADDRESS
Arguments
- ADDRESS#
Required argument
Note
For software implementation: Checks the validity of backup application at <addr>, then copies the contents of backup application from <addr> to main application region.
For hardware implementation: Verifies if the provided <addr> is a valid swap indicator address for flash swap system, then checks the validity of backup application resided in upper flash block. After that, it swaps the flash system.
blhost fuse-program#
Program fuse.
blhost fuse-program [OPTIONS] ADDRESS FILE[,BYTE_COUNT] | {{HEX-DATA}}
[MEMORY_ID]
Arguments
- ADDRESS#
Required argument
- FILE[,BYTE_COUNT] | {{HEX-DATA}}#
Required argument
- MEMORY_ID#
Optional argument
blhost fuse-read#
Reads the fuse and writes it to the file or stdout.
Returns the contents of memory at the given <ADDRESS>, for a specified <BYTE_COUNT>.
blhost fuse-read [OPTIONS] ADDRESS BYTE_COUNT FILE [MEMORY_ID]
Options
- -h, --use-hexdump#
Use hexdump format
Arguments
- ADDRESS#
Required argument
- BYTE_COUNT#
Required argument
- FILE#
Optional argument
- MEMORY_ID#
Optional argument
blhost trust-provisioning#
Group of sub-commands related to trust provisioning.
blhost trust-provisioning [OPTIONS] COMMAND [ARGS]...
dsc_hsm_create_session#
Command used by OEM to provide it share to create the initial trust provisioning keys.
blhost trust-provisioning dsc_hsm_create_session [OPTIONS] OEM_SEED_INPUT_ADDR
OEM_SEED_INPUT_SIZE
OEM_SHARE_OUTPUT_ADDR
OEM_SHARE_OUTPUT_SIZE
Arguments
- OEM_SEED_INPUT_ADDR#
Required argument
- OEM_SEED_INPUT_SIZE#
Required argument
- OEM_SHARE_OUTPUT_ADDR#
Required argument
- OEM_SHARE_OUTPUT_SIZE#
Required argument
dsc_hsm_enc_blk#
Command used to encrypt the given block sliced by the nxpimage.
This command is only supported after issuance of dsc_hsm_create_session.
blhost trust-provisioning dsc_hsm_enc_blk [OPTIONS] SBX_HEADER_INPUT_ADDR
SBX_HEADER_INPUT_SIZE BLOCK_NUM
BLOCK_DATA_ADDR BLOCK_DATA_SIZE
Arguments
- SBX_HEADER_INPUT_ADDR#
Required argument
- SBX_HEADER_INPUT_SIZE#
Required argument
- BLOCK_NUM#
Required argument
- BLOCK_DATA_ADDR#
Required argument
- BLOCK_DATA_SIZE#
Required argument
dsc_hsm_enc_sign#
Command used for signing the data buffer provided.
This command is only supported after issuance of dsc_hsm_create_session.
blhost trust-provisioning dsc_hsm_enc_sign [OPTIONS] BLOCK_DATA_INPUT_ADDR
BLOCK_DATA_INPUT_SIZE
SIGNATURE_OUTPUT_ADDR
BLOCK_DATA_ADDR
Arguments
- BLOCK_DATA_INPUT_ADDR#
Required argument
- BLOCK_DATA_INPUT_SIZE#
Required argument
- SIGNATURE_OUTPUT_ADDR#
Required argument
- BLOCK_DATA_ADDR#
Required argument
el2go_close_device#
Close the device using EdgeLock2Go TP Firmware.
blhost trust-provisioning el2go_close_device [OPTIONS] ADDRESS
Options
- -d, --dry-run#
Dry run mode
Arguments
- ADDRESS#
Required argument
hsm_enc_blk#
Encrypts the given SB3 data block.
blhost trust-provisioning hsm_enc_blk [OPTIONS]
MFG_CUST_MK_SK_0_BLOB_INPUT_ADDR
MFG_CUST_MK_SK_0_BLOB_INPUT_SIZE KEK_ID
SB3_HEADER_INPUT_ADDR
SB3_HEADER_INPUT_SIZE BLOCK_NUM
BLOCK_DATA_ADDR BLOCK_DATA_SIZE
Arguments
- MFG_CUST_MK_SK_0_BLOB_INPUT_ADDR#
Required argument
- MFG_CUST_MK_SK_0_BLOB_INPUT_SIZE#
Required argument
- KEK_ID#
Required argument
- SB3_HEADER_INPUT_ADDR#
Required argument
- SB3_HEADER_INPUT_SIZE#
Required argument
- BLOCK_NUM#
Required argument
- BLOCK_DATA_ADDR#
Required argument
- BLOCK_DATA_SIZE#
Required argument
hsm_enc_sign#
Signs the given data.
It uses the private key in the given key blob, which is generated by HSM_GEN_KEY.
blhost trust-provisioning hsm_enc_sign [OPTIONS] KEY_BLOB_INPUT_ADDR
KEY_BLOB_INPUT_SIZE
BLOCK_DATA_INPUT_ADDR
BLOCK_DATA_INPUT_SIZE
SIGNATURE_OUTPUT_ADDR
SIGNATURE_OUTPUT_SIZE
Arguments
- KEY_BLOB_INPUT_ADDR#
Required argument
- KEY_BLOB_INPUT_SIZE#
Required argument
- BLOCK_DATA_INPUT_ADDR#
Required argument
- BLOCK_DATA_INPUT_SIZE#
Required argument
- SIGNATURE_OUTPUT_ADDR#
Required argument
- SIGNATURE_OUTPUT_SIZE#
Required argument
hsm_gen_key#
Creates OEM common keys, including encryption keys and signing keys.
It outputs the key blob, which is wrapped by NXP_CUST_KEK_IN_SK and the public portion of the signing key.
blhost trust-provisioning hsm_gen_key [OPTIONS] KEY_TYPE RESERVED
KEY_BLOB_OUTPUT_ADDR
KEY_BLOB_OUTPUT_SIZE
ECDSA_PUK_OUTPUT_ADDR
ECDSA_PUK_OUTPUT_SIZE
Arguments
- KEY_TYPE#
Required argument
- RESERVED#
Required argument
- KEY_BLOB_OUTPUT_ADDR#
Required argument
- KEY_BLOB_OUTPUT_SIZE#
Required argument
- ECDSA_PUK_OUTPUT_ADDR#
Required argument
- ECDSA_PUK_OUTPUT_SIZE#
Required argument
hsm_store_key#
Stores known keys, and generate the corresponding key blob.
It wraps the known key, which is given by the customer, using NXP_CUST_KEK_EXT_SK, and output the RFC3396 key blob.
blhost trust-provisioning hsm_store_key [OPTIONS] KEY_TYPE KEY_PROPERTY
KEY_INPUT_ADDR KEY_INPUT_SIZE
KEY_BLOB_OUTPUT_ADDR
KEY_BLOB_OUTPUT_SIZE
Arguments
- KEY_TYPE#
Required argument
- KEY_PROPERTY#
Required argument
- KEY_INPUT_ADDR#
Required argument
- KEY_INPUT_SIZE#
Required argument
- KEY_BLOB_OUTPUT_ADDR#
Required argument
- KEY_BLOB_OUTPUT_SIZE#
Required argument
isp_set_wrap_data#
Start the process of setting wrapped OEM data.
blhost trust-provisioning isp_set_wrap_data [OPTIONS] ADDRESS [CONTROL]
[STAGE]
Arguments
- ADDRESS#
Required argument
- CONTROL#
Optional argument
- STAGE#
Optional argument
nxp_get_id#
Command used for harvesting device ID blob during wafer test as part of RTS flow.
This command is allowed only when LC_STATE < 0x3.
blhost trust-provisioning nxp_get_id [OPTIONS] ID_BLOB_ADDR ID_BLOB_SIZE
Arguments
- ID_BLOB_ADDR#
Required argument
- ID_BLOB_SIZE#
Required argument
oem_get_cust_cert_dice_puk#
Creates the initial trust provisioning keys.
blhost trust-provisioning oem_get_cust_cert_dice_puk [OPTIONS]
OEM_RKTH_INPUT_ADDR
OEM_RKTH_INPUT_SIZE OEM_C
UST_CERT_DICE_PUK_OUTPUT_
ADDR OEM_CUST_CERT_DICE_P
UK_OUTPUT_SIZE
Arguments
- OEM_RKTH_INPUT_ADDR#
Required argument
- OEM_RKTH_INPUT_SIZE#
Required argument
- OEM_CUST_CERT_DICE_PUK_OUTPUT_ADDR#
Required argument
- OEM_CUST_CERT_DICE_PUK_OUTPUT_SIZE#
Required argument
oem_get_cust_dice_response#
Creates DICE response for given challenge.
blhost trust-provisioning oem_get_cust_dice_response [OPTIONS] CHALLENGE_ADDR
CHALLENGE_SIZE
RESPONSE_ADDR
RESPONSE_SIZE
Arguments
- CHALLENGE_ADDR#
Required argument
- CHALLENGE_SIZE#
Required argument
- RESPONSE_ADDR#
Required argument
- RESPONSE_SIZE#
Required argument
prove_genuinity#
Start the process of proving genuinity.
blhost trust-provisioning prove_genuinity [OPTIONS] ADDRESS BUFFER_SIZE
Arguments
- ADDRESS#
Required argument
- BUFFER_SIZE#
Required argument
wpc_get_id#
Command used for harvesting device ID blob.
blhost trust-provisioning wpc_get_id [OPTIONS] WPC_ID_BLOB_ADDR
WPC_ID_BLOB_SIZE
Arguments
- WPC_ID_BLOB_ADDR#
Required argument
- WPC_ID_BLOB_SIZE#
Required argument
wpc_insert_cert#
Command used for certificate validation before it is written into flash.
- This command does following things:
Extracts ECID and WPC PUK from certificate Validates ECID and WPC PUK. If both are OK it returns success. Otherwise returns fail
blhost trust-provisioning wpc_insert_cert [OPTIONS] WPC_CERT_ADDR WPC_CERT_LEN
EC_ID_OFFSET WPC_PUK_OFFSET
Arguments
- WPC_CERT_ADDR#
Required argument
- WPC_CERT_LEN#
Required argument
- EC_ID_OFFSET#
Required argument
- WPC_PUK_OFFSET#
Required argument
wpc_sign_csr#
Command used for signing CSR data (TBS portion).
blhost trust-provisioning wpc_sign_csr [OPTIONS] CSR_TBS_ADDR CSR_TBS_LEN
SIGNATURE_ADDR SIGNATURE_LEN
Arguments
- CSR_TBS_ADDR#
Required argument
- CSR_TBS_LEN#
Required argument
- SIGNATURE_ADDR#
Required argument
- SIGNATURE_LEN#
Required argument
blhost batch#
Invoke blhost commands defined in command file.
Command file contains one blhost command per line. example: “read-memory 0 4096 memory.bin” example: “get-property 24 # read target version”
Comments are supported. Everything after ‘#’ is a comment (just like in Python/Shell)
Note: This is an early experimental format, it may change at any time.
blhost batch [OPTIONS] COMMAND_FILE
Arguments
- COMMAND_FILE#
Required argument
blhost update-life-cycle#
Update life cycle of device.
blhost update-life-cycle [OPTIONS] LIFE CYCLE
Arguments
- LIFE CYCLE#
Required argument
blhost ele-message#
Send message to EdgeLock Enclave.
This command is designed to be, as general, as is possible to work with EdgeLock Enclave. EdgeLock Enclave message is prepared in PC and stored in target RAM (for example by ‘blhost write-memory’). The response of ELE command is stored also in target memory on place that is defined by ‘resp-msg-addr and could be read back (for example by ‘blhost read-memory’).
Size of command message and response is in count of 32-bit words.
blhost ele-message [OPTIONS] COMMAND MESSAGE ADDRESS COMMAND MESSAGE COUNT
RESPONSE MESSAGE ADDRESS RESPONSE MESSAGE COUNT
Arguments
- COMMAND MESSAGE ADDRESS#
Required argument
- COMMAND MESSAGE COUNT#
Required argument
- RESPONSE MESSAGE ADDRESS#
Required argument
- RESPONSE MESSAGE COUNT#
Required argument
Error Codes#
Error code |
Name |
Description |
---|---|---|
0 |
SUCCESS |
Success |
1 |
FAIL |
Fail |
2 |
READ_ONLY |
Read Only Error |
3 |
OUT_OF_RANGE |
Out Of Range Error |
4 |
INVALID_ARGUMENT |
Invalid Argument Error |
5 |
TIMEOUT |
Timeout Error |
6 |
NO_TRANSFER_IN_PROGRESS |
No Transfer In Progress Error |
100 |
FLASH_SIZE_ERROR |
FLASH Driver: Size Error |
101 |
FLASH_ALIGNMENT_ERROR |
FLASH Driver: Alignment Error |
102 |
FLASH_ADDRESS_ERROR |
FLASH Driver: Address Error |
103 |
FLASH_ACCESS_ERROR |
FLASH Driver: Access Error |
104 |
FLASH_PROTECTION_VIOLATION |
FLASH Driver: Protection Violation |
105 |
FLASH_COMMAND_FAILURE |
FLASH Driver: Command Failure |
106 |
FLASH_UNKNOWN_PROPERTY |
FLASH Driver: Unknown Property |
107 |
FLASH_ERASE_KEY_ERROR |
FLASH Driver: Provided Key Does Not Match Programmed Flash Memory Key |
108 |
FLASH_REGION_EXECUTE_ONLY |
FLASH Driver: Region Execute Only |
109 |
FLASH_EXEC_IN_RAM_NOT_READY |
FLASH Driver: Execute In RAM Function Not Ready |
111 |
FLASH_COMMAND_NOT_SUPPORTED |
FLASH Driver: Command Not Supported |
112 |
FLASH_READ_ONLY_PROPERTY |
FLASH Driver: Flash Memory Property Is Read-Only |
113 |
FLASH_INVALID_PROPERTY_VALUE |
FLASH Driver: Flash Memory Property Value Out Of Range |
114 |
FLASH_INVALID_SPECULATION_OPTION |
FLASH Driver: Flash Memory Prefetch Speculation Option Is Invalid |
116 |
FLASH_ECC_ERROR |
FLASH Driver: ECC Error |
117 |
FLASH_COMPARE_ERROR |
FLASH Driver: Destination And Source Memory Contents Do Not Match |
118 |
FLASH_REGULATION_LOSS |
FLASH Driver: Loss Of Regulation During Read |
119 |
FLASH_INVALID_WAIT_STATE_CYCLES |
FLASH Driver: Wait State Cycle Set To Read/Write Mode Is Invalid |
121 |
FLASH_COMMAND_ABORT_OPTION |
FLASH Driver: Operation is aborted |
132 |
FLASH_OUT_OF_DATE_CFPA_PAGE |
FLASH Driver: Out Of Date CFPA Page |
133 |
FLASH_BLANK_IFR_PAGE_DATA |
FLASH Driver: Blank IFR Page Data |
134 |
FLASH_ENCRYPTED_REGIONS_ERASE_NOT_DONE_AT_ONCE |
FLASH Driver: Encrypted Regions Erase Not Done At Once |
135 |
FLASH_PROGRAM_VERIFICATION_NOT_ALLOWED |
FLASH Driver: Program Verification Not Allowed |
136 |
FLASH_HASH_CHECK_ERROR |
FLASH Driver: Hash Check Error |
137 |
FLASH_SEALED_PFR_REGION |
FLASH Driver: Sealed PFR Region |
138 |
FLASH_PFR_REGION_WRITE_BROKEN |
FLASH Driver: PFR Region Write Broken |
139 |
FLASH_NMPA_UPDATE_NOT_ALLOWED |
FLASH Driver: NMPA Update Not Allowed |
140 |
FLASH_CMPA_CFG_DIRECT_ERASE_NOT_ALLOWED |
FLASH Driver: CMPA Cfg Direct Erase Not Allowed |
141 |
FLASH_PFR_BANK_IS_LOCKED |
FLASH Driver: PFR Bank Is Locked |
148 |
FLASH_CFPA_SCRATCH_PAGE_INVALID |
FLASH Driver: CFPA Scratch Page Invalid |
149 |
FLASH_CFPA_VERSION_ROLLBACK_DISALLOWED |
FLASH Driver: CFPA Version Rollback Disallowed |
150 |
FLASH_READ_HIDING_AREA_DISALLOWED |
FLASH Driver: Flash Memory Hiding Read Not Allowed |
151 |
FLASH_MODIFY_PROTECTED_AREA_DISALLOWED |
FLASH Driver: Flash Firewall Page Locked Erase And Program Are Not Allowed |
152 |
FLASH_COMMAND_OPERATION_IN_PROGRESS |
FLASH Driver: Flash Memory State Busy Flash Memory Command Is In Progress |
153 |
FLASH_IFR1_ACCESS_NOT_ALLOWED |
FLASH Driver: IFR1 Access Not Allowed |
154 |
FLASH_ERASE_VERIFY_FAILED |
FLASH Driver: Flash Memory Erase Verify Failed |
200 |
I2C_SLAVE_TX_UNDERRUN |
I2C Driver: Slave Tx Underrun |
201 |
I2C_SLAVE_RX_OVERRUN |
I2C Driver: Slave Rx Overrun |
202 |
I2C_ARBITRATION_LOST |
I2C Driver: Arbitration Lost |
300 |
SPI_SLAVE_TX_UNDERRUN |
SPI Driver: Slave Tx Underrun |
301 |
SPI_SLAVE_RX_OVERRUN |
SPI Driver: Slave Rx Overrun |
400 |
QSPI_FLASH_SIZE_ERROR |
QSPI Driver: Flash Size Error |
401 |
QSPI_FLASH_ALIGNMENT_ERROR |
QSPI Driver: Flash Alignment Error |
402 |
QSPI_FLASH_ADDRESS_ERROR |
QSPI Driver: Flash Address Error |
403 |
QSPI_FLASH_COMMAND_FAILURE |
QSPI Driver: Flash Command Failure |
404 |
QSPI_FLASH_UNKNOWN_PROPERTY |
QSPI Driver: Flash Unknown Property |
405 |
QSPI_NOT_CONFIGURED |
QSPI Driver: Not Configured |
406 |
QSPI_COMMAND_NOT_SUPPORTED |
QSPI Driver: Command Not Supported |
407 |
QSPI_COMMAND_TIMEOUT |
QSPI Driver: Command Timeout |
408 |
QSPI_WRITE_FAILURE |
QSPI Driver: Write Failure |
500 |
OTFAD_SECURITY_VIOLATION |
OTFAD Driver: Security Violation |
501 |
OTFAD_LOGICALLY_DISABLED |
OTFAD Driver: Logically Disabled |
502 |
OTFAD_INVALID_KEY |
OTFAD Driver: Invalid Key |
503 |
OTFAD_INVALID_KEY_BLOB |
OTFAD Driver: Invalid Key Blob |
1812 |
SENDING_OPERATION_CONDITION_ERROR |
Send Operation Condition failed |
6000 |
FLEXSPI_SEQUENCE_EXECUTION_TIMEOUT_1 |
FLEXSPI: Sequence Execution Timeout |
6001 |
FLEXSPI_INVALID_SEQUENCE_1 |
FLEXSPI: Invalid Sequence |
6002 |
FLEXSPI_DEVICE_TIMEOUT_1 |
FLEXSPI: Device Timeout |
7000 |
FLEXSPI_SEQUENCE_EXECUTION_TIMEOUT_2 |
FLEXSPI: Sequence Execution Timeout |
7001 |
FLEXSPI_INVALID_SEQUENCE_2 |
FLEXSPI: Invalid Sequence |
7002 |
FLEXSPI_DEVICE_TIMEOUT_2 |
FLEXSPI: Device Timeout |
10000 |
UNKNOWN_COMMAND |
Unknown Command |
10001 |
SECURITY_VIOLATION |
Security Violation |
10002 |
ABORT_DATA_PHASE |
Abort Data Phase |
10003 |
PING_ERROR |
Ping Error |
10004 |
NO_RESPONSE |
No response packet from target device |
10005 |
NO_RESPONSE_EXPECTED |
No Response Expected |
10006 |
UNSUPPORTED_COMMAND |
Unsupported Command |
10100 |
ROMLDR_SECTION_OVERRUN |
ROM Loader: Section Overrun |
10101 |
ROMLDR_SIGNATURE |
ROM Loader: Signature Error |
10102 |
ROMLDR_SECTION_LENGTH |
ROM Loader: Section Length Error |
10103 |
ROMLDR_UNENCRYPTED_ONLY |
ROM Loader: Unencrypted Only |
10104 |
ROMLDR_EOF_REACHED |
ROM Loader: EOF Reached |
10105 |
ROMLDR_CHECKSUM |
ROM Loader: Checksum Error |
10106 |
ROMLDR_CRC32_ERROR |
ROM Loader: CRC32 Error |
10107 |
ROMLDR_UNKNOWN_COMMAND |
ROM Loader: Unknown Command |
10108 |
ROMLDR_ID_NOT_FOUND |
ROM Loader: ID Not Found |
10109 |
ROMLDR_DATA_UNDERRUN |
ROM Loader: Data Underrun |
10110 |
ROMLDR_JUMP_RETURNED |
ROM Loader: Jump Returned |
10111 |
ROMLDR_CALL_FAILED |
ROM Loader: Call Failed |
10112 |
ROMLDR_KEY_NOT_FOUND |
ROM Loader: Key Not Found |
10113 |
ROMLDR_SECURE_ONLY |
ROM Loader: Secure Only |
10114 |
ROMLDR_RESET_RETURNED |
ROM Loader: Reset Returned |
10115 |
ROMLDR_ROLLBACK_BLOCKED |
ROM Loader: Rollback Blocked |
10116 |
ROMLDR_INVALID_SECTION_MAC_COUNT |
ROM Loader: Invalid Section Mac Count |
10117 |
ROMLDR_UNEXPECTED_COMMAND |
ROM Loader: Unexpected Command |
10118 |
ROMLDR_BAD_SBKEK |
ROM Loader: Bad SBKEK Detected |
10119 |
ROMLDR_PENDING_JUMP_COMMAND |
ROM Loader: Pending Jump Command |
10200 |
MEMORY_RANGE_INVALID |
Memory Range Invalid |
10201 |
MEMORY_READ_FAILED |
Memory Read Failed |
10202 |
MEMORY_WRITE_FAILED |
Memory Write Failed |
10203 |
MEMORY_CUMULATIVE_WRITE |
Memory Cumulative Write |
10204 |
MEMORY_APP_OVERLAP_WITH_EXECUTE_ONLY_REGION |
Memory App Overlap with exec region |
10205 |
MEMORY_NOT_CONFIGURED |
Memory Not Configured |
10206 |
MEMORY_ALIGNMENT_ERROR |
Memory Alignment Error |
10207 |
MEMORY_VERIFY_FAILED |
Memory Verify Failed |
10208 |
MEMORY_WRITE_PROTECTED |
Memory Write Protected |
10209 |
MEMORY_ADDRESS_ERROR |
Memory Address Error |
10210 |
MEMORY_BLANK_CHECK_FAILED |
Memory Black Check Failed |
10211 |
MEMORY_BLANK_PAGE_READ_DISALLOWED |
Memory Blank Page Read Disallowed |
10212 |
MEMORY_PROTECTED_PAGE_READ_DISALLOWED |
Memory Protected Page Read Disallowed |
10213 |
MEMORY_PFR_SPEC_REGION_WRITE_BROKEN |
Memory PFR Spec Region Write Broken |
10214 |
MEMORY_UNSUPPORTED_COMMAND |
Memory Unsupported Command |
10300 |
UNKNOWN_PROPERTY |
Unknown Property |
10301 |
READ_ONLY_PROPERTY |
Read Only Property |
10302 |
INVALID_PROPERTY_VALUE |
Invalid Property Value |
10400 |
APP_CRC_CHECK_PASSED |
Application CRC Check: Passed |
10401 |
APP_CRC_CHECK_FAILED |
Application: CRC Check: Failed |
10402 |
APP_CRC_CHECK_INACTIVE |
Application CRC Check: Inactive |
10403 |
APP_CRC_CHECK_INVALID |
Application CRC Check: Invalid |
10404 |
APP_CRC_CHECK_OUT_OF_RANGE |
Application CRC Check: Out Of Range |
10500 |
PACKETIZER_NO_PING_RESPONSE |
Packetizer Error: No Ping Response |
10501 |
PACKETIZER_INVALID_PACKET_TYPE |
Packetizer Error: No response received for ping command |
10502 |
PACKETIZER_INVALID_CRC |
Packetizer Error: Invalid packet type |
10503 |
PACKETIZER_NO_COMMAND_RESPONSE |
Packetizer Error: No response received for command |
10600 |
RELIABLE_UPDATE_SUCCESS |
Reliable Update: Success |
10601 |
RELIABLE_UPDATE_FAIL |
Reliable Update: Fail |
10602 |
RELIABLE_UPDATE_INACTIVE |
Reliable Update: Inactive |
10603 |
RELIABLE_UPDATE_BACKUPAPPLICATIONINVALID |
Reliable Update: Backup Application Invalid |
10604 |
RELIABLE_UPDATE_STILLINMAINAPPLICATION |
Reliable Update: Still In Main Application |
10605 |
RELIABLE_UPDATE_SWAPSYSTEMNOTREADY |
Reliable Update: Swap System Not Ready |
10606 |
RELIABLE_UPDATE_BACKUPBOOTLOADERNOTREADY |
Reliable Update: Backup Bootloader Not Ready |
10607 |
RELIABLE_UPDATE_SWAPINDICATORADDRESSINVALID |
Reliable Update: Swap Indicator Address Invalid |
10608 |
RELIABLE_UPDATE_SWAPSYSTEMNOTAVAILABLE |
Reliable Update: Swap System Not Available |
10609 |
RELIABLE_UPDATE_SWAPTEST |
Reliable Update: Swap Test |
10700 |
SERIAL_NOR_EEPROM_ADDRESS_INVALID |
SerialNorEeprom: Address Invalid |
10701 |
SERIAL_NOR_EEPROM_TRANSFER_ERROR |
SerialNorEeprom: Transfer Error |
10702 |
SERIAL_NOR_EEPROM_TYPE_INVALID |
SerialNorEeprom: Type Invalid |
10703 |
SERIAL_NOR_EEPROM_SIZE_INVALID |
SerialNorEeprom: Size Invalid |
10704 |
SERIAL_NOR_EEPROM_COMMAND_INVALID |
SerialNorEeprom: Command Invalid |
10801 |
ROM_API_NEED_MORE_DATA |
RomApi: Need More Data |
10802 |
ROM_API_BUFFER_SIZE_NOT_ENOUGH |
RomApi: Buffer Size Not Enough |
10803 |
ROM_API_INVALID_BUFFER |
RomApi: Invalid Buffer |
20000 |
FLEXSPINAND_READ_PAGE_FAIL |
FlexSPINAND: Read Page Fail |
20001 |
FLEXSPINAND_READ_CACHE_FAIL |
FlexSPINAND: Read Cache Fail |
20002 |
FLEXSPINAND_ECC_CHECK_FAIL |
FlexSPINAND: Ecc Check Fail |
20003 |
FLEXSPINAND_PAGE_LOAD_FAIL |
FlexSPINAND: Page Load Fail |
20004 |
FLEXSPINAND_PAGE_EXECUTE_FAIL |
FlexSPINAND: Page Execute Fail |
20005 |
FLEXSPINAND_ERASE_BLOCK_FAIL |
FlexSPINAND: Erase Block Fail |
20006 |
FLEXSPINAND_WAIT_TIMEOUT |
FlexSPINAND: Wait Timeout |
20007 |
FlexSPINAND_NOT_SUPPORTED |
SPI NAND: PageSize over the max supported size |
20008 |
FlexSPINAND_FCB_UPDATE_FAIL |
SPI NAND: Failed to update Flash config block to SPI NAND |
20009 |
FlexSPINAND_DBBT_UPDATE_FAIL |
SPI NAND: Failed to update discovered bad block table to SPI NAND |
20010 |
FLEXSPINAND_WRITEALIGNMENTERROR |
FlexSPINAND: Write Alignment Error |
20011 |
FLEXSPINAND_NOT_FOUND |
FlexSPINAND: Not Found |
20100 |
FLEXSPINOR_PROGRAM_FAIL |
FLEXSPINOR: Program Fail |
20101 |
FLEXSPINOR_ERASE_SECTOR_FAIL |
FLEXSPINOR: Erase Sector Fail |
20102 |
FLEXSPINOR_ERASE_ALL_FAIL |
FLEXSPINOR: Erase All Fail |
20103 |
FLEXSPINOR_WAIT_TIMEOUT |
FLEXSPINOR:Wait Timeout |
20104 |
FLEXSPINOR_NOT_SUPPORTED |
FlexSPINOR: PageSize over the max supported size |
20105 |
FLEXSPINOR_WRITE_ALIGNMENT_ERROR |
FlexSPINOR:Write Alignment Error |
20106 |
FLEXSPINOR_COMMANDFAILURE |
FlexSPINOR: Command Failure |
20107 |
FLEXSPINOR_SFDP_NOTFOUND |
FlexSPINOR: SFDP Not Found |
20108 |
FLEXSPINOR_UNSUPPORTED_SFDP_VERSION |
FLEXSPINOR: Unsupported SFDP Version |
20109 |
FLEXSPINOR_FLASH_NOTFOUND |
FLEXSPINOR Flash Not Found |
20110 |
FLEXSPINOR_DTR_READ_DUMMYPROBEFAILED |
FLEXSPINOR: DTR Read Dummy Probe Failed |
20200 |
OCOTP_READ_FAILURE |
OCOTP: Read Failure |
20201 |
OCOTP_PROGRAM_FAILURE |
OCOTP: Program Failure |
20202 |
OCOTP_RELOAD_FAILURE |
OCOTP: Reload Failure |
20203 |
OCOTP_WAIT_TIMEOUT |
OCOTP: Wait Timeout |
20905 |
XSPINOR_WRITE_ALIGNMENT_ERROR |
xSPINOR: Write Alignment Error |
21100 |
SEMCNOR_DEVICE_TIMEOUT |
SemcNOR: Device Timeout |
21101 |
SEMCNOR_INVALID_MEMORY_ADDRESS |
SemcNOR: Invalid Memory Address |
21102 |
SEMCNOR_UNMATCHED_COMMAND_SET |
SemcNOR: unmatched Command Set |
21103 |
SEMCNOR_ADDRESS_ALIGNMENT_ERROR |
SemcNOR: Address Alignment Error |
21104 |
SEMCNOR_INVALID_CFI_SIGNATURE |
SemcNOR: Invalid Cfi Signature |
21105 |
SEMCNOR_COMMAND_ERROR_NO_OP_TO_SUSPEND |
SemcNOR: Command Error No Op To Suspend |
21106 |
SEMCNOR_COMMAND_ERROR_NO_INFO_AVAILABLE |
SemcNOR: Command Error No Info Available |
21107 |
SEMCNOR_BLOCK_ERASE_COMMAND_FAILURE |
SemcNOR: Block Erase Command Failure |
21108 |
SEMCNOR_BUFFER_PROGRAM_COMMAND_FAILURE |
SemcNOR: Buffer Program Command Failure |
21109 |
SEMCNOR_PROGRAM_VERIFY_FAILURE |
SemcNOR: Program Verify Failure |
21110 |
SEMCNOR_ERASE_VERIFY_FAILURE |
SemcNOR: Erase Verify Failure |
21116 |
SEMCNOR_INVALID_CFG_TAG |
SemcNOR: Invalid Cfg Tag |
21200 |
SEMCNAND_DEVICE_TIMEOUT |
SemcNAND: Device Timeout |
21201 |
SEMCNAND_INVALID_MEMORY_ADDRESS |
SemcNAND: Invalid Memory Address |
21202 |
SEMCNAND_NOT_EQUAL_TO_ONE_PAGE_SIZE |
SemcNAND: Not Equal To One Page Size |
21203 |
SEMCNAND_MORE_THAN_ONE_PAGE_SIZE |
SemcNAND: More Than One Page Size |
21204 |
SEMCNAND_ECC_CHECK_FAIL |
SemcNAND: Ecc Check Fail |
21205 |
SEMCNAND_INVALID_ONFI_PARAMETER |
SemcNAND: Invalid Onfi Parameter |
21206 |
SEMCNAND_CANNOT_ENABLE_DEVICE_ECC |
SemcNAND: Cannot Enable Device Ecc |
21207 |
SEMCNAND_SWITCH_TIMING_MODE_FAILURE |
SemcNAND: Switch Timing Mode Failure |
21208 |
SEMCNAND_PROGRAM_VERIFY_FAILURE |
SemcNAND: Program Verify Failure |
21209 |
SEMCNAND_ERASE_VERIFY_FAILURE |
SemcNAND: Erase Verify Failure |
21210 |
SEMCNAND_INVALID_READBACK_BUFFER |
SemcNAND: Invalid Readback Buffer |
21216 |
SEMCNAND_INVALID_CFG_TAG |
SemcNAND: Invalid Cfg Tag |
21217 |
SEMCNAND_FAIL_TO_UPDATE_FCB |
SemcNAND: Fail To Update Fcb |
21218 |
SEMCNAND_FAIL_TO_UPDATE_DBBT |
SemcNAND: Fail To Update Dbbt |
21219 |
SEMCNAND_DISALLOW_OVERWRITE_BCB |
SemcNAND: Disallow Overwrite Bcb |
21220 |
SEMCNAND_ONLY_SUPPORT_ONFI_DEVICE |
SemcNAND: Only Support Onfi Device |
21221 |
SEMCNAND_MORE_THAN_MAX_IMAGE_COPY |
SemcNAND: More Than Max Image Copy |
21222 |
SEMCNAND_DISORDERED_IMAGE_COPIES |
SemcNAND: Disordered Image Copies |
22000 |
SPIFINOR_PROGRAM_FAIL |
SPIFINOR: Program Fail |
22001 |
SPIFINOR_ERASE_SECTORFAIL |
SPIFINOR: Erase Sector Fail |
22002 |
SPIFINOR_ERASE_ALL_FAIL |
SPIFINOR: Erase All Fail |
22003 |
SPIFINOR_WAIT_TIMEOUT |
SPIFINOR: Wait Timeout |
22004 |
SPIFINOR_NOT_SUPPORTED |
SPIFINOR: Not Supported |
22005 |
SPIFINOR_WRITE_ALIGNMENTERROR |
SPIFINOR: Write Alignment Error |
22006 |
SPIFINOR_COMMAND_FAILURE |
SPIFINOR: Command Failure |
22007 |
SPIFINOR_SFDP_NOT_FOUND |
SPIFINOR: SFDP Not Found |
30000 |
EDGELOCK_INVALID_RESPONSE |
EDGELOCK: Invalid Response |
30001 |
EDGELOCK_RESPONSE_ERROR |
EDGELOCK: Response Error |
30002 |
EDGELOCK_ABORT |
EDGELOCK: Abort |
30003 |
EDGELOCK_OPERATION_FAILED |
EDGELOCK: Operation Failed |
30004 |
EDGELOCK_OTP_PROGRAM_FAILURE |
EDGELOCK: OTP Program Failure |
30005 |
EDGELOCK_OTP_LOCKED |
EDGELOCK: OTP Locked |
30006 |
EDGELOCK_OTP_INVALID_IDX |
EDGELOCK: OTP Invalid IDX |
30007 |
EDGELOCK_INVALID_LIFECYCLE |
EDGELOCK: Invalid Lifecycle |
52801 |
OTP_INVALID_ADDRESS |
OTP: Invalid OTP address |
52802 |
OTP_PROGRAM_FAIL |
OTP: Programming failed |
52803 |
OTP_CRC_FAIL |
OTP: CRC check failed |
52804 |
OTP_ERROR |
OTP: Error happened during OTP operation |
52805 |
OTP_ECC_CRC_FAIL |
OTP: ECC check failed during OTP operation |
52806 |
OTP_LOCKED |
OTP: Field is locked when programming |
52807 |
OTP_TIMEOUT |
OTP: Operation timed out |
52808 |
OTP_CRC_CHECK_PASS |
OTP: CRC check passed |
52009 |
OTP_VERIFY_FAIL |
OTP: Failed to verify OTP write |
1515890085 |
SECURITY_SUBSYSTEM_ERROR |
Security SubSystem Error |
0 |
TP_SUCCESS |
TP: SUCCESS |
80000 |
TP_GENERAL_ERROR |
TP: General error |
80001 |
TP_CRYPTO_ERROR |
TP: Error during cryptographic operation |
80002 |
TP_NULLPTR_ERROR |
TP: NULL pointer dereference or when buffer could not be allocated |
80003 |
TP_ALREADYINITIALIZED |
TP: Already initialized |
80004 |
TP_BUFFERSMALL |
TP: Buffer is too small |
80005 |
TP_ADDRESS_ERROR |
TP: Address out of allowed range or buffer could not be allocated |
80006 |
TP_CONTAINERINVALID |
TP: Container header or size is invalid |
80007 |
TP_CONTAINERENTRYINVALID |
TP: Container entry invalid |
80008 |
TP_CONTAINERENTRYNOTFOUND |
TP: Container entry not found in container |
80009 |
TP_INVALIDSTATEOPERATION |
TP: Attempt to process command in disallowed state |
80010 |
TP_COMMAND_ERROR |
TP: ISP command arguments are invalid |
80011 |
TP_PUF_ERROR |
TP: PUF operation error |
80012 |
TP_FLASH_ERROR |
TP: Flash erase/program/verify_erase failed |
80013 |
TP_SECRETBOX_ERROR |
TP: SBKEK or USER KEK cannot be stored in secret box |
80014 |
TP_PFR_ERROR |
TP: Protected Flash Region operation failed |
80015 |
TP_VERIFICATION_ERROR |
TP: Container signature verification failed |
80016 |
TP_CFPA_ERROR |
TP: CFPA page cannot be stored |
80017 |
TP_CMPA_ERROR |
TP: CMPA page cannot be stored or ROTKH or SECU registers are invalid |
80018 |
TP_ADDR_OUT_OF_RANGE |
TP: Address is out of range |
80019 |
TP_CONTAINER_ADDR_ERROR |
TP: Container address in write context is invalid or there is no memory for entry storage |
80020 |
TP_CONTAINER_ADDR_UNALIGNED |
TP: Container address in read context is unaligned |
80021 |
TP_CONTAINER_BUFF_SMALL |
TP: There is not enough memory to store the container |
80022 |
TP_CONTAINER_NO_ENTRY |
TP: Attempt to sign an empty container |
80023 |
TP_CERT_ADDR_ERROR |
TP: Destination address of OEM certificate is invalid |
80024 |
TP_CERT_ADDR_UNALIGNED |
TP: Destination address of certificate is unaligned |
80025 |
TP_CERT_OVERLAPPING |
TP: OEM certificates are overlapping due to wrong destination addresses |
80026 |
TP_PACKET_ERROR |
TP: Error during packet sending/receiving |
80027 |
TP_PACKET_DATA_ERROR |
TP: Data in packet handle are invalid |
80028 |
TP_UNKNOWN_COMMAND |
TP: Unknown command was received |
80029 |
TP_SB3_FILE_ERROR |
TP: Error during processing SB3 file |
80101 |
TP_GENERAL_CRITICAL_ERROR |
TP: Critical error |
80102 |
TP_CRYPTO_CRITICAL_ERROR |
TP: Error of crypto module which prevents proper functionality |
80103 |
TP_PUF_CRITICAL_ERROR |
TP: Initialization or start of the PUF periphery failed |
80104 |
TP_PFR_CRITICAL_ERROR |
TP: Initialization of PFR or reading of activation code failed |
80105 |
TP_PERIPHERAL_CRITICAL_ERROR |
TP: Peripheral failure |
80106 |
TP_PRINCE_CRITICAL_ERROR |
TP: Error during PRINCE encryption/decryption |
80107 |
TP_SHA_CHECK_CRITICAL_ERROR |
TP: SHA check verification failed |
100002 |
IAP_OUT_OF_MEMORY |
IAP: Heap Size Not Large Enough During API Execution |
100003 |
IAP_READ_DISALLOWED |
IAP: Read Memory Operation Disallowed During API Execution |
100004 |
IAP_CUMULATIVE_WRITE |
IAP: Flash Memory Region To Be Programmed Is Not Empty |
100005 |
IAP_ERASE_FAILURE |
IAP: Erase Operation Failed |
100006 |
IAP_COMMAND_NOT_SUPPORTED |
IAP: Specific Command Not Supported |
100007 |
IAP_MEMORY_ACCESS_DISABLED |
IAP: Memory Access Disabled |
1515870810 |
EL2GO_PROV_SUCCESS |
Device has been successfully provisioned. |
2768290048 |
STATUS_GET_0TP_SHARES_FAIL |
STATUS_GET_0TP_SHARES_FAIL: Failure in reading out OTP shares |
2768290304 |
STATUS_DER_NXP_DIE_EXT_MK_SK_FAIL |
STATUS_DER_NXP_DIE_EXT_MK_SK_FAIL: Failure in key derivation |
2768290560 |
STATUS_DER_NXP_DIE_EL2GOSYM_MK_SK_FAIL |
STATUS_DER_NXP_DIE_EL2GOSYM_MK_SK_FAIL: Failure in key derivation |
2768290816 |
STATUS_DER_NXP_DIE_EL2GOOEM_MK_SK_FAIL |
STATUS_DER_NXP_DIE_EL2GOOEM_MK_SK_FAIL: Failure in key derivation |
2768291072 |
STATUS_DER_NXP_DIE_EL2GOIMPORT_KEK_SK_FAIL |
STATUS_DER_NXP_DIE_EL2GOIMPORT_KEK_SK_FAIL: Failure in key derivation |
2768291328 |
STATUS_VER_NXP_DIE_EL2GOIMPORT_KEK_SK_FAIL |
STATUS_VER_NXP_DIE_EL2GOIMPORT_KEK_SK_FAIL |
2768291584 |
STATUS_DER_NXP_DIE_EL2GOIMPORT_AUTH_SK_FAIL |
STATUS_DER_NXP_DIE_EL2GOIMPORT_AUTH_SK_FAIL: Failure in key derivation |
2768291840 |
STATUS_VER_NXP_DIE_EL2GOIMPORT_AUTH_SK_FAIL |
STATUS_VER_NXP_DIE_EL2GOIMPORT_AUTH_SK_FAIL |
1962985728 |
STATUS_DELETE_KEY_FAIL |
STATUS_DELETE_KEY_FAIL: Failure in key deletion |
2768292352 |
STATUS_READ_0TP_SHARES_FAIL |
STATUS_READ_0TP_SHARES_FAIL |
2768292608 |
STATUS_DER_NXP_DIE_EL2GOIMPORTTFM_KEK_SK_FAIL |
STATUS_DER_NXP_DIE_EL2GOIMPORTTFM_KEK_SK_FAIL: Failure in key derivation |
2768293889 |
STATUS_PARSE_BLOB_FAIL |
STATUS_PARSE_BLOB_FAIL: Failure in parsing an EdgeLock 2GO’s Secure Object fields |
2768293890 |
STATUS_CMAC_VERIFY_FAILED |
STATUS_CMAC_VERIFY_FAILED: Failure in verifying an EdgeLock 2GO’s Secure Object signature |
2768293891 |
STATUS_KEYIN_VERIFY_FAILED |
STATUS_KEYIN_VERIFY_FAILED: Failure in importing an EdgeLock 2GO’s Secure Object key |
1962987536 |
STATUS_VALID_LCS_FAIL |
STATUS_VALID_LCS_FAIL: Not valid device lifecycle |
1962987537 |
STATUS_BLANK_PUF_FUSES |
STATUS_BLANK_PUF_FUSES: Blank PUF OTP fuses |
1962987538 |
STATUS_BLANK_OTP_SHARES_FUSES |
STATUS_BLANK_OTP_SHARES_FUSES: Blank OTP shares fuses |
1962987539 |
STATUS_NXP_DIE_INT_MK_SK_FAIL |
STATUS_NXP_DIE_INT_MK_SK_FAIL: Failure in key derivation |
1962987540 |
STATUS_DER_NXP_DIE_KEK_SK_FAIL |
STATUS_DER_NXP_DIE_KEK_SK_FAIL: Failure in key derivation |
1962991872 |
STATUS_KEYIN_FAIL |
STATUS_KEYIN_FAIL: Failure in importing an EdgeLock 2GO’s Secure Object key |
1962992128 |
STATUS_KEYOUT_FAIL |
STATUS_KEYOUT_FAIL: Failure in exporting an EdgeLock 2GO’s Secure Object key |
1962992384 |
STATUS_NON_BLANK_CUST_MK_SK_FAIL |
STATUS_NON_BLANK_CUST_MK_SK_FAIL: Non blank OEM FW Decryption key’s OTP fuses |
1962992640 |
STATUS_NON_BLANK_RKTH_FAIL |
STATUS_NON_BLANK_RKTH_FAIL: Non blank OEM FW Authentication Key Hash OTP fuses |
1962992896 |
STATUS_WRITE_CUST_MK_SK_FAIL |
STATUS_WRITE_CUST_MK_SK_FAIL: Failure in programming OEM FW Decryption key’s OTP fuses |
1962993152 |
STATUS_WRITE_RKTH_FAIL |
STATUS_WRITE_RKTH_FAIL: Failure in programming OEM FW Authentication Key Hash OTP fuses |
1962993408 |
STATUS_CMP_FUSES_BUFFER_FAIL |
STATUS_CMP_FUSES_BUFFER_FAIL: Failure in programming the expected value in OTP fuses |
1962993664 |
STATUS_READ_CUST_MK_SK_FAIL |
STATUS_READ_CUST_MK_SK_FAIL: Failure in reading out OEM FW Decryption key’s OTP fuses |
1962993920 |
STATUS_READ_RKTH_FAIL |
STATUS_READ_RKTH_FAIL: Failure in reading out OEM FW Authentication Key Hash OTP fuses |
2768304811 |
STATUS_ATTR_OEM_KEY_MAGIC_FAIL |
STATUS_ATTR_OEM_KEY_MAGIC_FAIL: Invalid OEM FW Decryption key Secure Object’s magic value |
2768304826 |
STATUS_ATTR_OEM_KEY_USAGE_FAIL |
STATUS_ATTR_OEM_KEY_USAGE_FAIL: Invalid OEM FW Decryption key Secure Object’s key usage value |
2768305082 |
STATUS_ATTR_OEM_DEVICE_LCS_FAIL |
STATUS_ATTR_OEM_DEVICE_LCS_FAIL: Invalid OEM FW Decryption key Secure Object’s device lifecycle value |
2768941312 |
STATUS_ATTR_OEM_DEVICE_WRAPP_ALG_FAIL |
STATUS_ATTR_OEM_DEVICE_WRAPP_ALG_FAIL: Invalid OEM FW Decryption key Secure Object’s wrapping algorithm value |
2768941568 |
STATUS_ATTR_OEM_DEVICE_SIGN_ALG_FAIL |
STATUS_ATTR_OEM_DEVICE_SIGN_ALG_FAIL: Invalid OEM FW Decryption key Secure Object’s signing algorithm value |
2768941824 |
STATUS_ATTR_OEM_KEY_LCS_FAIL |
STATUS_ATTR_OEM_KEY_LCS_FAIL: Invalid OEM FW Decryption key Secure Object’s key lifecycle value |
2768942080 |
STATUS_ATTR_OEM_KEY_ALG_FAIL |
STATUS_ATTR_OEM_KEY_ALG_FAIL: Invalid OEM FW Decryption key Secure Object’s key algorithm value |
2768942336 |
STATUS_ATTR_RKTH_MAGIC_FAIL |
STATUS_ATTR_RKTH_MAGIC_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s magic value |
2768942592 |
STATUS_ATTR_RKTH_KEY_ALG_FAIL |
STATUS_ATTR_RKTH_KEY_ALG_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s key algorithm value |
2768942848 |
STATUS_ATTR_RKTH_KEY_USAGE_FAIL |
STATUS_ATTR_RKTH_KEY_USAGE_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s key usage value |
2768943104 |
STATUS_ATTR_RKTH_KEY_LCS_FAIL |
STATUS_ATTR_RKTH_KEY_LCS_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s key lifecycle value |
2768943360 |
STATUS_ATTR_RKTH_DEVICE_LCS_FAIL |
STATUS_ATTR_RKTH_DEVICE_LCS_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s device lifecycle value |
2768943616 |
STATUS_ATTR_RKTH_DEVICE_WRAPP_KEY_ID_FAIL |
STATUS_ATTR_RKTH_DEVICE_WRAPP_KEY_ID_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s wrapping key ID value |
2768943872 |
STATUS_ATTR_RKTH_KEY_SIGN_ALG_FAIL |
STATUS_ATTR_RKTH_KEY_SIGN_ALG_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s signing algorithm value |
2768944128 |
STATUS_ATTR_RKTH_DEVICE_WRAPP_ALG_FAIL |
STATUS_ATTR_RKTH_DEVICE_WRAPP_ALG_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s wrapping algorithm value |
2768944384 |
STATUS_ATTR_RKTH_DEVICE_SING_KEY_ID_FAIL |
STATUS_ATTR_RKTH_DEVICE_SING_KEY_ID_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s signing key ID value |
2768944896 |
STATUS_ATTR_BLOB_KEY_ID_FAIL |
STATUS_ATTR_BLOB_KEY_ID_FAIL: Invalid Secure Object’s key ID value |
2768942337 |
STATUS_ATTR_OEM_DEVICE_WRAPP_KEY_ID_FAIL |
STATUS_ATTR_OEM_DEVICE_WRAPP_KEY_ID_FAIL: Invalid OEM FW Decryption key Secure Object’s wrapping key ID value |
2768942338 |
STATUS_ATTR_OEM_DEVICE_SING_KEY_ID_FAIL |
STATUS_ATTR_OEM_DEVICE_SING_KEY_ID_FAIL: Invalid OEM FW Decryption key Secure Object’s signing key ID value |
2768942339 |
STATUS_ATTR_OEM_DEVICE_KEY_TYPE_FAIL |
STATUS_ATTR_OEM_DEVICE_KEY_TYPE_FAIL: Invalid OEM FW Decryption key Secure Object’s key type value |
2768942340 |
STATUS_ATTR_OEM_DEVICE_KEY_BITS_FAIL |
STATUS_ATTR_OEM_DEVICE_KEY_BITS_FAIL: Invalid OEM FW Decryption key Secure Object’s key bits value |
2768942341 |
STATUS_ATTR_RKTH_KEY_TYPE_FAIL |
STATUS_ATTR_RKTH_KEY_TYPE_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s key type value |
2768942342 |
STATUS_ATTR_RKTH_KEY_BITS_FAIL |
STATUS_ATTR_RKTH_KEY_BITS_FAIL: Invalid OEM FW Authentication Key Hash Secure Object’s key bits value |
2768942343 |
STATUS_ATTR_OTP_DATA_MAGIC_FAIL |
STATUS_ATTR_OTP_DATA_MAGIC_FAIL: Invalid OTP Configuration Data Secure Object’s magic value |
2768942344 |
STATUS_ATTR_OTP_DATA_KEY_ALG_FAIL |
STATUS_ATTR_OTP_DATA_KEY_ALG_FAIL: Invalid OTP Configuration Data Secure Object’s key algorithm value |
2768942345 |
STATUS_ATTR_OTP_DATA_KEY_USAGE_FAIL |
STATUS_ATTR_OTP_DATA_KEY_USAGE_FAIL: Invalid OTP Configuration Data Secure Object’s key usage value |
2768942346 |
STATUS_ATTR_OTP_DATA_KEY_TYPE_FAIL |
STATUS_ATTR_OTP_DATA_KEY_TYPE_FAIL: Invalid OTP Configuration Data Secure Object’s key type value |
2768942347 |
STATUS_ATTR_OTP_DATA_KEY_LCS_FAIL |
STATUS_ATTR_OTP_DATA_KEY_LCS_FAIL: Invalid OTP Configuration Data Secure Object’s key lifecycle value |
2768942348 |
STATUS_ATTR_OTP_DATA_DEVICE_LCS_FAIL |
STATUS_ATTR_OTP_DATA_DEVICE_LCS_FAIL: Invalid OTP Configuration Data Secure Object’s device lifecycle value |
2768942349 |
STATUS_ATTR_OTP_DATA_DEVICE_WRAPP_KEY_ID_FAIL |
STATUS_ATTR_OTP_DATA_DEVICE_WRAPP_KEY_ID_FAIL: Invalid OTP Configuration Data Secure Object’s wrapping key ID value |
2768942350 |
STATUS_ATTR_OTP_DATA_DEVICE_WRAPP_ALG_FAIL |
STATUS_ATTR_OTP_DATA_DEVICE_WRAPP_ALG_FAIL: Invalid OTP Configuration Data Secure Object’s wrapping algorithm value. |
2768942351 |
STATUS_ATTR_OTP_DATA_DEVICE_SING_KEY_ID_FAIL |
STATUS_ATTR_OTP_DATA_DEVICE_SING_KEY_ID_FAIL: Invalid OTP Configuration Data Secure Object’s signing key ID value |
2768942352 |
STATUS_ATTR_OTP_DATA_KEY_SIGN_ALG_FAIL |
STATUS_ATTR_OTP_DATA_KEY_SIGN_ALG_FAIL: Invalid OTP Configuration Data Secure Object’s signing algorithm value |
2768942353 |
STATUS_LESS_BLOBS_STORED |
STATUS_LESS_BLOBS_STORED: Three main Secure Object are not present in Flash memory |
2768942354 |
STATUS_VALID_MEMORY_USE_OVERFLOW |
STATUS_VALID_MEMORY_USE_OVERFLOW: Memory overflow |
2768942355 |
STATUS_DECRYPT_OTP_DATA_FAIL |
STATUS_DECRYPT_OTP_DATA_FAIL: Failure in decrypting OTP Configuration Data’s key payload |
1963635988 |
STATUS_LOCK_CUST_MK_SK_FAIL |
STATUS_LOCK_CUST_MK_SK_FAIL: Failure in locking OEM FW Decryption key OTP fuses |
2768942357 |
STATUS_VALID_LCS_KEY_DERIV_FAIL |
STATUS_VALID_LCS_KEY_DERIV_FAIL Invalid device lifecycle |
1963635990 |
STATUS_NULL_POINTER_FAIL |
STATUS_NULL_POINTER_FAIL: Null pointer error |
2768942359 |
STATUS_INVALID_RKTH_SIZE_FAIL |
STATUS_INVALID_RKTH_SIZE_FAIL: Invalid OEM FW Authentication Key Hash size |
2768942360 |
STATUS_NO_BLOB_IN_ADDRESS |
STATUS_NO_BLOB_IN_ADDRESS: No Secure Object present in given Flash memory address |
1963635991 |
STATUS_SECURE_BOOT_NOT_EN |
STATUS_SECURE_BOOT_NOT_EN: Device Secure Boot not enabled |
1963635992 |
STATUS_ATTACK_DRY_RUN_EN |
STATUS_ATTACK_DRY_RUN_EN |
1963635993 |
STATUS_BUFFER_OVERFLOW_OTP_CONF |
STATUS_BUFFER_OVERFLOW_OTP_CONF: Buffer overflow error |
1963635994 |
STATUS_DEVICE_NOT_IN_FLEXSPI_BOOT_MODE |
STATUS_DEVICE_NOT_IN_FLEXSPI_BOOT_MODE: Device is booted not in FlexSPI Boot mode |