User Guide - nxpdice#
This user’s guide describes how to use nxpdice application.
nxpdice serves only as a demo application. It shows how DICE works and can be useful when creating a real-life DICE infrastructure. For purposes of nxpdice application, the target is running a special firmware which allows communication with PC via MBoot protocol. The app also supports running a model of a device. Please refer to the LPC55s3x DICE Notebook
Command line interface#
nxpdice#
Application designed to cover DICE-related operations.
nxpdice [OPTIONS] COMMAND [ARGS]...
Options
- -v, --verbose#
Print more detailed information
- -vv, --debug#
Display more debugging information.
- --version#
Show the version and exit.
- --help#
Show this message and exit.
add-device#
Add virtual device to the models_dir.
nxpdice add-device [OPTIONS]
Options
- -md, --models-dir <models_dir>#
Path to folder with MCU model files. When using models the –port option is used as sub-folder name in models-dir
- -n, --name <name>#
Required Name for the device
create-models#
Create models directory for debugging purposes.
nxpdice create-models [OPTIONS]
Options
- -md, --models-dir <models_dir>#
Path to directory where to create models directory for debugging purposes
- -n, --number <number>#
Required Number of virtual devices to crate for debugging purposes.
- -p, --prefix <prefix>#
Prefix for device model names. Number of device will be appended to the prefix.
get-ca-puk#
Get NXP_CUST_DICE_CA_PUK from the device.
nxpdice get-ca-puk [OPTIONS]
Options
- -p, --port <COM[,speed>#
Serial port configuration. Default baud rate is 57600. Use ‘nxpdevscan’ utility to list devices on serial port.
- -t, --timeout <ms>#
Sets timeout when waiting on data over a serial line. The default is 5000 milliseconds.
- -f, --family <family>#
Select the chip family.
- Options:
lpc55s36 | mcxn546 | mcxn547 | mcxn946 | mcxn947
- -md, --models-dir <models_dir>#
Path to folder with MCU model files. When using models the –port option is used as sub-folder name in models-dir
- -o, --output <output>#
Required Path where to store the NXP_CUST_DICE_CA_PUK
- -r, --rkth <rkth>#
Required HEX value of RKTH
get-families#
Shows the full family info for commands in this group.
nxpdice get-families [OPTIONS]
Options
- -c, --cmd-name <cmd_name>#
Choose the command name to get full information about NXP families support.
- Options:
register-ca-puk | get-ca-puk | register-version | verify | get-response
get-response#
Get DICE response from the device.
nxpdice get-response [OPTIONS]
Options
- -p, --port <COM[,speed>#
Serial port configuration. Default baud rate is 57600. Use ‘nxpdevscan’ utility to list devices on serial port.
- -t, --timeout <ms>#
Sets timeout when waiting on data over a serial line. The default is 5000 milliseconds.
- -f, --family <family>#
Select the chip family.
- Options:
lpc55s36 | mcxn546 | mcxn547 | mcxn946 | mcxn947
- -md, --models-dir <models_dir>#
Path to folder with MCU model files. When using models the –port option is used as sub-folder name in models-dir
- -r, --response <response>#
Required Path where to store the DICE response
- -c, --challenge <challenge>#
Optional challenge. If not specified a random challenge will be used.
register-ca-puk#
Get NXP_CUST_DICE_CA_PUK from the device and register it in the verification service.
nxpdice register-ca-puk [OPTIONS]
Options
- -su, --service-url <service_url>#
DICE verification service URL. Example: http://localhost:8080
- -db, --database <database>#
Path to local database instead of service-url.
- -p, --port <COM[,speed>#
Serial port configuration. Default baud rate is 57600. Use ‘nxpdevscan’ utility to list devices on serial port.
- -t, --timeout <ms>#
Sets timeout when waiting on data over a serial line. The default is 5000 milliseconds.
- -f, --family <family>#
Select the chip family.
- Options:
lpc55s36 | mcxn546 | mcxn547 | mcxn946 | mcxn947
- -md, --models-dir <models_dir>#
Path to folder with MCU model files. When using models the –port option is used as sub-folder name in models-dir
- -r, --rkth <rkth>#
Required HEX value of RKTH
- -s, --store-artifact <store_artifact>#
Path where to store artifact (data) generated by the command.
register-version#
Register new FW version, RTF, and HAD based on DICE response.
nxpdice register-version [OPTIONS]
Options
- -su, --service-url <service_url>#
DICE verification service URL. Example: http://localhost:8080
- -db, --database <database>#
Path to local database instead of service-url.
- -p, --port <COM[,speed>#
Serial port configuration. Default baud rate is 57600. Use ‘nxpdevscan’ utility to list devices on serial port.
- -t, --timeout <ms>#
Sets timeout when waiting on data over a serial line. The default is 5000 milliseconds.
- -f, --family <family>#
Select the chip family.
- Options:
lpc55s36 | mcxn546 | mcxn547 | mcxn946 | mcxn947
- -md, --models-dir <models_dir>#
Path to folder with MCU model files. When using models the –port option is used as sub-folder name in models-dir
- -s, --store-artifact <store_artifact>#
Path where to store artifact (data) generated by the command.
upload-ca-puk#
Upload existing NXP_CUST_DICE_CA_PUK into the verification service.
nxpdice upload-ca-puk [OPTIONS]
Options
- -su, --service-url <service_url>#
DICE verification service URL. Example: http://localhost:8080
- -db, --database <database>#
Path to local database instead of service-url.
- -c, --ca-puk <ca_puk>#
Required Path to binary file containing NXP_CUST_DICE_CA_PUK key.
upload-response#
Upload existing DICE response for verification.
nxpdice upload-response [OPTIONS]
Options
- -su, --service-url <service_url>#
DICE verification service URL. Example: http://localhost:8080
- -db, --database <database>#
Path to local database instead of service-url.
- -r, --response <response_file>#
Required Path to binary file containing the DICE response.
upload-version#
Upload existing DICE response to register new FW version, RTF, and HAD.
nxpdice upload-version [OPTIONS]
Options
- -su, --service-url <service_url>#
DICE verification service URL. Example: http://localhost:8080
- -db, --database <database>#
Path to local database instead of service-url.
- -r, --response <response_file>#
Path to DICE response binary. Info in response will be used to register new version.
verify#
Perform the DICE attestation verification.
nxpdice verify [OPTIONS]
Options
- -su, --service-url <service_url>#
DICE verification service URL. Example: http://localhost:8080
- -db, --database <database>#
Path to local database instead of service-url.
- -p, --port <COM[,speed>#
Serial port configuration. Default baud rate is 57600. Use ‘nxpdevscan’ utility to list devices on serial port.
- -t, --timeout <ms>#
Sets timeout when waiting on data over a serial line. The default is 5000 milliseconds.
- -f, --family <family>#
Select the chip family.
- Options:
lpc55s36 | mcxn546 | mcxn547 | mcxn946 | mcxn947
- -md, --models-dir <models_dir>#
Path to folder with MCU model files. When using models the –port option is used as sub-folder name in models-dir
- -s, --store-artifact <store_artifact>#
Path where to store artifact (data) generated by the command.