MCXN947 Indirect chip-specific flow (using multiple commands/stages)#
In the single command example all necessary steps are done using a single command el2go-host provision-device
This notebook showcases using commands for each individual operation:
obtain UUID from the target
assign the target to a Device Group in EL2GO (using REST API)
download Secure Objects from EL2GO into the target
runs the Provisioning FW to provision the Secure Objects on the target
This flow is suitable in scenarios where the site performing the provisioning doesn’t have direct connection to the EL2GO server. In such case the flow can be broken down to 3 stages:
SiteA is used for UUID harvesting. All UUIDs can be placed into a single database (sqlite3 file)
database file will be shipped to SiteB
SiteB (with EL2GO connection) will download Secure Objects for all the UUIDs and store them in database
database file will be shipped back to SiteA
SiteA will provision devices using Secure Objects stored into database rather that downloading them from EL2GO
1. Prerequisites#
EdgeLock2GO account and API token
MCXN947 board
EL2GO Provisioning Firmware
2. Setup#
2.1 Configuration Setup#
First we’ll create a configuration file containing all necessary information.
To generate a configuration template use el2go-host get-template
command
2.2 HW Setup#
This example uses UART for communication with the target.
You may use nxpdevscan
utility to list COM ports with devices attached to them.
%! nxpdevscan --port
nxpdevscan --port
-------- Connected NXP UART Devices --------
Port: COM5
Type: mboot device
3. Running individual operations#
# Setup common variables/parameters for the commands
CONFIG = "--config config_example.yaml"
DATABASE = "--database db.sqlite3"
PORT = "--port com5"
3.1 Gathering UUID from the target#
%! el2go-host get-uuid $PORT $DATABASE
el2go-host get-uuid --port com5 --database db.sqlite3
UUID 100779615704702885679946391493172028108 stored in the database
NOTE: If there are multiple database files, they can be merged together using el2go-host combine-uuid-db
3.2 Download Secure Objects#
%! el2go-host -v get-secure-objects $CONFIG $DATABASE
el2go-host -v get-secure-objects --config config_example.yaml --database db.sqlite3
INFO:spsdk.el2go.database:Getting number of records without associated Secure Objects
INFO:spsdk.el2go.database:Getting UUIDs without associated Secure Objects
Found 1 UUIDs out of 1 without Secure Objects
Downloading Secure Objects for UUID: 100779615704702885679946391493172028108
INFO:spsdk.el2go.client:EL2G-Correlation-ID: 1adef601-9aa3-4ee2-b85e-6a6a9810d6f5
INFO:spsdk.utils.http_client:Requesting: https://api.qa.sb.edgelock2go.com/api/v1/products/340000274521/device-groups/633/devices
INFO:spsdk.utils.http_client:Response: <Response [202]>
INFO:spsdk.el2go.client:EL2G-Correlation-ID: eefc06a1-49ae-4d30-a987-18080dbf8b9e
INFO:spsdk.utils.http_client:Requesting: https://api.qa.sb.edgelock2go.com/api/v1/rtp/devices/100779615704702885679946391493172028108/secure-object-provisionings
INFO:spsdk.utils.http_client:Response: <Response [200]>
INFO:spsdk.el2go.client:EL2G-Correlation-ID: fc9e2659-a1ba-4784-98b9-4125374e79dc
INFO:spsdk.utils.http_client:Requesting: https://api.qa.sb.edgelock2go.com/api/v1/rtp/device-groups/633/devices/download-provisionings
INFO:spsdk.utils.http_client:Response: <Response [200]>
INFO:spsdk.el2go.database:Adding Secure Objects for UUID: 100779615704702885679946391493172028108
Database update completed successfully
NOTE: For cases when there are bigger amounts of UUIDs, there’s command el2go-host bulk-so-download
which is more performant in bulk operations comparing to downloading Secure Objects for few UUIDs.
3.3 Provision Secure Objects into the target#
%! el2go-host -v provision-objects $CONFIG $DATABASE $PORT
el2go-host -v provision-objects --config config_example.yaml --database db.sqlite3 --port com5
INFO:spsdk.mboot.mcuboot:Connect: identifier='uart', device=com5
INFO:spsdk.mboot.mcuboot:CMD: GetProperty(UniqueDeviceIdent, index=0)
INFO:spsdk.mboot.mcuboot:CMD: Status: 0 (0x0) Success.
INFO:spsdk.mboot.mcuboot:Closing: identifier='uart', device=com5
INFO:spsdk.el2go.database:Getting Secure Objects for UUID: 100779615704702885679946391493172028108
INFO:spsdk.mboot.mcuboot:Connect: identifier='uart', device=com5
Writing User config data to: 0x20000000
INFO:spsdk.mboot.mcuboot:CMD: WriteMemory(address=0x20000000, length=32, mem_id=0)
INFO:spsdk.mboot.mcuboot:CMD: GetProperty(MaxPacketSize, index=0)
INFO:spsdk.mboot.mcuboot:CMD: Status: 0 (0x0) Success.
INFO:spsdk.mboot.mcuboot:CMD: Max Packet Size = 256
INFO:spsdk.mboot.mcuboot:CMD: Status: 0 (0x0) Success.
INFO:spsdk.mboot.mcuboot:CMD: Successfully Send 32 out of 32 Bytes
Writing Secure Objects to: 0x20000100
INFO:spsdk.mboot.mcuboot:CMD: WriteMemory(address=0x20000100, length=437, mem_id=0)
INFO:spsdk.mboot.mcuboot:CMD: Status: 0 (0x0) Success.
INFO:spsdk.mboot.mcuboot:CMD: Successfully Send 437 out of 437 Bytes
INFO:spsdk.mboot.mcuboot:Closing: identifier='uart', device=com5
Secure Objects uploaded successfully
INFO:spsdk.mboot.mcuboot:Connect: identifier='uart', device=com5
Uploading ProvFW (Starting provisioning process)
INFO:spsdk.mboot.mcuboot:CMD: ReceiveSBfile(data_length=10456)
INFO:spsdk.mboot.mcuboot:CMD: GetProperty(MaxPacketSize, index=0)
INFO:spsdk.mboot.mcuboot:CMD: Status: 0 (0x0) Success.
INFO:spsdk.mboot.mcuboot:CMD: Max Packet Size = 256
INFO:spsdk.mboot.mcuboot:CMD: Status: 0 (0x0) Success.
INFO:spsdk.mboot.mcuboot:CMD: Successfully Send 10456 out of 10456 Bytes
INFO:spsdk.mboot.mcuboot:Closing: identifier='uart', device=com5
Secure Objects provisioned successfully
4. Quick verification#
A full provisioning verification is not possible without a dedicated user application that would test all the Secure Objects. Test of RKTH and image encryption keys is done indirectly by loading the user SB3.1 file.
For demonstration purposes, we can read out Secure Object’s metadata stored in flash.
The address is defined in the config file as secure_objects_address
(in our case it’s 0x1000).
Each Secure Objects starts with: b”\x40\x0Bedgelock2go”
%! blhost --port com5 read-memory 0x1000 0x10 --use-hexdump
blhost --port com5 read-memory 0x1000 0x10 --use-hexdump
Reading memory
00000000: 40 0B 65 64 67 65 6C 6F 63 6B 32 67 6F 41 04 00 @.edgelock2goA..
Response status = 0 (0x0) Success.
Response word 1 = 16 (0x10)
Read 16 of 16 bytes.