ELE message support API#
This module contains support for EdgeLock Enclave messages system.
Module with the EdgeLock Enclave messages#
EdgeLock Enclave Message.
- class spsdk.ele.ele_message.EleMessage#
Bases:
objectBase class for any EdgeLock Enclave Message.
Message contains a header - tag, command id, size and version.
Class object initialized.
- CMD = 0#
- COMMAND_HEADER_WORDS_COUNT = 1#
- COMMAND_PAYLOAD_WORDS_COUNT = 0#
- ELE_MSG_ALIGN = 8#
- HEADER_FORMAT = '<BBBB'#
- MAX_COMMAND_DATA_SIZE = 0#
- MAX_RESPONSE_DATA_SIZE = 0#
- MSG_IDS#
alias of
MessageIDs
- RESPONSE_HEADER_WORDS_COUNT = 2#
- RESPONSE_PAYLOAD_WORDS_COUNT = 0#
- RSP_TAG = 225#
- TAG = 23#
- VERSION = 6#
- property command_address: int#
Command address in target memory space.
- property command_data: bytes#
Command data to be loaded into target memory space.
- property command_data_address: int#
Command data address in target memory space.
- property command_data_size: int#
Command data address in target memory space.
- property command_words_count: int#
Command Words count.
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- decode_response_data(response_data)#
Decode response data from target.
- Note:
The response data are specific per command.
- Parameters:
response_data (
bytes) – Data of response.- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- property free_space_address: int#
First free address after ele message in target memory space.
- property free_space_size: int#
Free space size after ele message in target memory space.
- static get_msg_crc(payload)#
Compute message CRC.
- Parameters:
payload (
bytes) – The input data to compute CRC on them. Must be 4 bytes aligned.- Return type:
bytes- Returns:
4 bytes of CRC in little endian format.
- property has_command_data: bool#
Check if command has additional data.
- property has_response_data: bool#
Check if response has additional data.
- header_export()#
Exports message header to bytes.
- Return type:
bytes- Returns:
Bytes representation of message header.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- property response_address: int#
Response address in target memory space.
- property response_data_address: int#
Response data address in target memory space.
- property response_data_size: int#
Response data address in target memory space.
- response_status()#
Print the response status information.
- Return type:
str- Returns:
String with response status.
- property response_words_count: int#
Response Words count.
- set_buffer_params(buff_addr, buff_size)#
Set the communication buffer parameters to allow command update addresses inside command payload.
- Parameters:
buff_addr (
int) – Real address of communication buffer in target memory spacebuff_size (
int) – Size of communication buffer in target memory space
- Return type:
None
- property status_string: str#
Get status in readable string format.
- validate()#
Validate message.
- Return type:
None
- validate_buffer_params()#
Validate communication buffer parameters.
raises SPSDKValueError: Invalid buffer parameters.
- Return type:
None
- class spsdk.ele.ele_message.EleMessageCommit(info_to_commit)#
Bases:
EleMessageELE Message Get FW status.
Class object initialized.
- CMD = 168#
- COMMAND_PAYLOAD_WORDS_COUNT = 1#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- property info2commit_mask: int#
Get info to commit mask used in command.
- mask_to_info2commit(mask)#
Get list of info to commit from mask.
- Return type:
list[EleInfo2Commit]
- class spsdk.ele.ele_message.EleMessageDeriveKey(key_size, context)#
Bases:
EleMessageELE Message Derive Key.
Class object initialized.
- Parameters:
key_size (
int) – Output key size [16,32] is validcontext (
Optional[bytes]) – User’s context to be used for key diversification
- CMD = 169#
- COMMAND_PAYLOAD_WORDS_COUNT = 6#
- MAX_RESPONSE_DATA_SIZE = 32#
- SUPPORTED_KEY_SIZES = [16, 32]#
- property command_data: bytes#
Command data to be loaded into target memory space.
- decode_response_data(response_data)#
Decode response data from target.
- Note:
The response data are specific per command.
- Parameters:
response_data (
bytes) – Data of response.- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- get_key()#
Get derived key.
- Return type:
bytes
- class spsdk.ele.ele_message.EleMessageDumpDebugBuffer#
Bases:
EleMessageELE Message Dump Debug buffer.
EdgeLock Secure Enclave have a logging mechanism for debugging purposes. Logs are sent over MU with maximum 20 logs per exchange. If ELE has more than 20 logs in buffer, this API must be called multiple times. EdgeLock Secure Enclave internal buffer log size is approximately 2kB.
Class object initialized.
- CMD = 33#
- ELE_DEBUG_LOG_MAX_RSP_LENGTH = 23#
- RESPONSE_PAYLOAD_WORDS_COUNT = 21#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- get_debug_logs()#
Get the debug log words.
- Return type:
list[int]- Returns:
List of debug log words.
- get_log_count()#
Get the number of logs in current response.
- Return type:
int- Returns:
Number of logs.
- has_more_logs_available()#
Check if more logs are available to fetch.
- Return type:
bool- Returns:
True if more logs are available, False otherwise.
- response_info()#
Print Dumped data of debug buffer in STEC team format.
- Return type:
str
- class spsdk.ele.ele_message.EleMessageEleFwAuthenticate(ele_fw_address)#
Bases:
EleMessageEle firmware authenticate request.
Constructor.
Be aware to have ELE FW in accessible memory for ROM, and do not use the RAM memory used to communicate with ELE.
- Parameters:
ele_fw_address (
int) – Address in target memory with ele firmware.
- CMD = 2#
- COMMAND_PAYLOAD_WORDS_COUNT = 3#
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- class spsdk.ele.ele_message.EleMessageEnableApc#
Bases:
EleMessageEnable APC (Application core) ELE Message.
Class object initialized.
- CMD = 210#
- class spsdk.ele.ele_message.EleMessageEnableRtc#
Bases:
EleMessageEnable RTC (Real time core) ELE Message.
Class object initialized.
- CMD = 211#
- class spsdk.ele.ele_message.EleMessageForwardLifeCycleUpdate(lifecycle_update)#
Bases:
EleMessageForward Life cycle update request.
Constructor.
Be aware that this is non-revertible operation.
- Parameters:
lifecycle_update (
LifeCycleToSwitch) – New life cycle value.
- CMD = 149#
- COMMAND_PAYLOAD_WORDS_COUNT = 1#
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- class spsdk.ele.ele_message.EleMessageGenerateKeyBLobOtfad(key_identifier, key, aes_counter, start_address, end_address, read_only=True, decryption_enabled=True, configuration_valid=True)#
Bases:
EleMessageGenerateKeyBlobELE Message Generate OTFAD KeyBlob.
Constructor of generate OTFAD keyblob class.
- Parameters:
key_identifier (
int) – ID of Keykey (
bytes) – OTFAD keyaes_counter (
bytes) – AES counter valuestart_address (
int) – Start address in memory to be encryptedend_address (
int) – End address in memory to be encryptedread_only (
bool) – Read only flag, defaults to Truedecryption_enabled (
bool) – Decryption enable flag, defaults to Trueconfiguration_valid (
bool) – Configuration valid flag, defaults to True
- KEYBLOB_NAME = 'OTFAD'#
-
SUPPORTED_ALGORITHMS:
dict[SpsdkEnum,list[int]] = {KeyBlobEncryptionAlgorithm(tag=4, label='AES_CTR', description='KeyBlob encryption algorithm AES CTR'): [128]}#
- property command_data: bytes#
Command data to be loaded into target memory space.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- validate()#
Validate generate OTFAD keyblob.
- Return type:
None
- class spsdk.ele.ele_message.EleMessageGenerateKeyBlob(key_identifier, algorithm, key)#
Bases:
EleMessageELE Message Generate KeyBlob.
Constructor of Generate Key Blob class.
- Parameters:
key_identifier (
int) – ID of keyalgorithm (
KeyBlobEncryptionAlgorithm) – Select supported algorithmkey (
bytes) – Key to be wrapped
- CMD = 175#
- COMMAND_PAYLOAD_WORDS_COUNT = 7#
- KEYBLOB_NAME = 'Unknown'#
- KEYBLOB_TAG = 129#
- KEYBLOB_VERSION = 0#
- MAX_RESPONSE_DATA_SIZE = 512#
- decode_response_data(response_data)#
Decode response data from target.
- Note:
The response data are specific per command.
- Parameters:
response_data (
bytes) – Data of response.- Raises:
SPSDKParsingError – Invalid response detected.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- classmethod get_supported_algorithms()#
Get the list of supported algorithms.
- Return type:
list[str]- Returns:
List of supported algorithm names.
- classmethod get_supported_key_sizes()#
Get table with supported key sizes per algorithm.
- Return type:
str- Returns:
Table with supported key size in text.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- validate()#
Validate generate keyblob message data.
- Raises:
SPSDKValueError – Invalid used key size or encryption algorithm
- Return type:
None
- class spsdk.ele.ele_message.EleMessageGenerateKeyBlobDek(key_identifier, algorithm, key)#
Bases:
EleMessageGenerateKeyBlobELE Message Generate DEK KeyBlob.
Constructor of Generate Key Blob class.
- Parameters:
key_identifier (
int) – ID of keyalgorithm (
KeyBlobEncryptionAlgorithm) – Select supported algorithmkey (
bytes) – Key to be wrapped
- KEYBLOB_NAME = 'DEK'#
-
SUPPORTED_ALGORITHMS:
dict[SpsdkEnum,list[int]] = {KeyBlobEncryptionAlgorithm(tag=3, label='AES_CBC', description='KeyBlob encryption algorithm AES CBC'): [128, 192, 256], KeyBlobEncryptionAlgorithm(tag=43, label='SM4_CBC', description='KeyBlob encryption algorithm SM4 CBC'): [128]}#
- property command_data: bytes#
Command data to be loaded into target memory space.
- class spsdk.ele.ele_message.EleMessageGenerateKeyBlobIee(key_identifier, algorithm, key, ctr_mode, aes_counter, page_offset, region_number, bypass=False, locked=False)#
Bases:
EleMessageGenerateKeyBlobELE Message Generate IEE KeyBlob.
Constructor of generate IEE keyblob class.
- Parameters:
key_identifier (
int) – ID of keyalgorithm (
KeyBlobEncryptionAlgorithm) – Used algorithmkey (
bytes) – IEE keyctr_mode (
KeyBlobEncryptionIeeCtrModes) – In case of AES CTR algorithm, the CTR mode must be selectedaes_counter (
bytes) – AES counter in case of AES CTR algorithmpage_offset (
int) – IEE page offsetregion_number (
int) – Region numberbypass (
bool) – Encryption bypass flag, defaults to Falselocked (
bool) – Locked flag, defaults to False
- KEYBLOB_NAME = 'IEE'#
-
SUPPORTED_ALGORITHMS:
dict[SpsdkEnum,list[int]] = {KeyBlobEncryptionAlgorithm(tag=4, label='AES_CTR', description='KeyBlob encryption algorithm AES CTR'): [128, 256], KeyBlobEncryptionAlgorithm(tag=55, label='AES_XTS', description='KeyBlob encryption algorithm AES XTS'): [256, 512]}#
- property command_data: bytes#
Command data to be loaded into target memory space.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- class spsdk.ele.ele_message.EleMessageGetEvents#
Bases:
EleMessageGet events request.
Event layout: ————————- - TAG - CMD - IND - STS - ————————-
Constructor.
- This message is used to retrieve any singular event that has occurred since the FW has
started. A singular event occurs when the second word of a response to any request is different from ELE_SUCCESS_IND. That includes commands with failure response as well as commands with successful response containing an indication (i.e. warning response).
- The events are stored by the ELE in a fixed sized buffer. When the capacity of the buffer
is exceeded, new occurring events are lost.
- The event buffer is systematically returned in full to the requester independently of
the actual numbers of events stored.
- CMD = 162#
- MAX_EVENT_CNT = 8#
- RESPONSE_PAYLOAD_WORDS_COUNT = 10#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- static get_cmd(event)#
Get Command in string from event.
- Return type:
str
- static get_ind(event)#
Get Indication in string from event.
- Return type:
str
- static get_ipc_id(event)#
Get IPC ID in string from event.
- Return type:
str
- static get_sts(event)#
Get Status in string from event.
- Return type:
str
- response_info()#
Print events info.
- Return type:
str
- class spsdk.ele.ele_message.EleMessageGetFwStatus#
Bases:
EleMessageELE Message Get FW status.
Class object initialized.
- CMD = 197#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- response_info()#
Print specific information of ELE.
- Return type:
str- Returns:
Information about the ELE.
- class spsdk.ele.ele_message.EleMessageGetFwVersion#
Bases:
EleMessageELE Message Get FW version.
Class object initialized.
- CMD = 157#
- RESPONSE_PAYLOAD_WORDS_COUNT = 2#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- response_info()#
Print specific information of ELE.
- Return type:
str- Returns:
Information about the ELE.
- class spsdk.ele.ele_message.EleMessageGetInfo#
Bases:
EleMessageELE Message Get Info.
Class object initialized.
- CMD = 218#
- COMMAND_PAYLOAD_WORDS_COUNT = 3#
- MAX_RESPONSE_DATA_SIZE = 256#
- decode_response_data(response_data)#
Decode response data from target.
- Note:
The response data are specific per command.
- Parameters:
response_data (
bytes) – Data of response.- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- response_info()#
Print specific information of ELE.
- Return type:
str- Returns:
Information about the ELE.
- class spsdk.ele.ele_message.EleMessageGetTrngState#
Bases:
EleMessageELE Message Get True Random Generator State.
Class object initialized.
- CMD = 164#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- response_info()#
Print specific information of ELE.
- Return type:
str- Returns:
Information about the TRNG.
- class spsdk.ele.ele_message.EleMessageKeyStoreClose(key_store_handle)#
Bases:
EleMessageELE Message Key Store Close.
Key store close command is used to close a key store service flow identified by its handle. Key store context and content is deleted from the EdgeLock Secure Enclave internal memory. Any update not written in the NVM will be lost.
User can call Key store close command only after having opened a valid key store service.
Class object initialized.
- Parameters:
key_store_handle (
int) – Handle identifying the key store service flow to close
- CMD = 49#
- COMMAND_PAYLOAD_WORDS_COUNT = 1#
- RESPONSE_PAYLOAD_WORDS_COUNT = 0#
- VERSION = 7#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes
- info()#
Print information including live data.
- Return type:
str
- response_info()#
Print response information.
- Return type:
str
- class spsdk.ele.ele_message.EleMessageKeyStoreOpen(session_handle, key_store_id, nonce, create_keystore=False, shared_keystore=False, monotonic_counter_increment=False, sync_operation=False)#
Bases:
EleMessageELE Message Key Store Open.
Key store open command is used to open a service flow on the specified key store. A maximum of 2 key stores can be created/opened and a maximum of 100 keys can be stored per key store.
User can call Key store open command only after having opened a valid session (see Session open (0x10)). Key store open command must be called before any other APIs that use a key store service.
Class object initialized.
- Parameters:
session_handle (
int) – Handle identifying the current sessionkey_store_id (
int) – Key store identifier set by the usernonce (
int) – Nonce used as authentication proof for accessing the key storecreate_keystore (
bool) – True to create key store, False to load existing oneshared_keystore (
bool) – True for shared keystore, False for regular (isolated) keystoremonotonic_counter_increment (
bool) – True to increment monotonic counter (SYNC operation)sync_operation (
bool) – True for SYNC operation (request completed only when written to NVM)
- CMD = 48#
- COMMAND_PAYLOAD_WORDS_COUNT = 5#
- FLAG_CREATE_KEYSTORE = 1#
- FLAG_MONOTONIC_COUNTER_INCREMENT = 32#
- FLAG_SHARED_KEYSTORE = 4#
- FLAG_SYNC_OPERATION = 128#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- VERSION = 7#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- property flags: int#
Get flags byte from boolean parameters.
- get_key_store_handle()#
Get the key store handle from successful response.
- Return type:
int- Returns:
Key store handle, 0 if key store open failed.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- is_key_store_valid()#
Check if key store was successfully opened.
- Return type:
bool- Returns:
True if key store handle is valid (non-zero), False otherwise.
- response_info()#
Print specific information about key store open response.
- Return type:
str- Returns:
Information about the key store.
- class spsdk.ele.ele_message.EleMessageLoadKeyBLob(key_identifier, keyblob)#
Bases:
EleMessageELE Message Load KeyBlob.
Constructor of Load Key Blob class.
- Parameters:
key_identifier (
int) – ID of keykeyblob (
bytes) – Keyblob to be wrapped
- CMD = 167#
- COMMAND_PAYLOAD_WORDS_COUNT = 3#
- property command_data: bytes#
Command data to be loaded into target memory space.
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- class spsdk.ele.ele_message.EleMessageOemContainerAuthenticate(oem_cntn_addr)#
Bases:
EleMessageOEM container authenticate request.
Constructor.
Be aware to have OEM Container in accessible memory for ROM.
- Parameters:
oem_cntn_addr (
int) – Address in target memory with oem container.
- CMD = 135#
- COMMAND_PAYLOAD_WORDS_COUNT = 2#
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- class spsdk.ele.ele_message.EleMessagePing#
Bases:
EleMessageELE Message Ping.
Class object initialized.
- CMD = 1#
- class spsdk.ele.ele_message.EleMessagePublicKeyExport(key_store_handle, key_id, output_buffer_size=64)#
Bases:
EleMessageELE Message Public Key Export.
Public key export command exports the public key of an asymmetric key whose private key is present in the key store. By default, public key is not stored in EdgeLock Secure Enclave key storage and it’s then re-calculated.
For ECC key type, public key is exported in a non-compressed form {x, y}, in big-endian order. For RSA key type, only the modulus is exported as public exponent is only the default value (65 537). Unlike RFC 7748, ECC PUBLIC KEY MONTGOMERY is exported in big-endian format.
User can call Public key export command only after having opened a valid key store service.
Class object initialized.
- Parameters:
key_store_handle (
int) – Handle identifying the key store service flowkey_id (
int) – ID of the asymmetric key stored in the key storeoutput_buffer_size (
int) – Length in bytes of the output public key buffer
- CMD = 50#
- COMMAND_PAYLOAD_WORDS_COUNT = 6#
- MAX_RESPONSE_DATA_SIZE = 1024#
- RESPONSE_PAYLOAD_WORDS_COUNT = 2#
- VERSION = 7#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- decode_response_data(response_data)#
Decode response data from target.
- Parameters:
response_data (
bytes) – Data of response.- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- get_public_key()#
Get the exported public key.
- Return type:
bytes- Returns:
Public key bytes, empty if export failed.
- get_public_key_size()#
Get the size of exported public key.
- Return type:
int- Returns:
Size in bytes of exported public key.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- response_info()#
Print specific information about public key export response.
- Return type:
str- Returns:
Information about the exported public key.
- class spsdk.ele.ele_message.EleMessageReadCommonFuse(index)#
Bases:
EleMessageELE Message Read common fuse.
Constructor.
Read common fuse.
- Parameters:
index (
int) – Fuse ID.
- CMD = 151#
- COMMAND_PAYLOAD_WORDS_COUNT = 1#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- response_info()#
Print fuse value.
- Return type:
str- Returns:
Read fuse value.
- class spsdk.ele.ele_message.EleMessageReadShadowFuse(index)#
Bases:
EleMessageReadCommonFuseELE Message Read shadow fuse.
Constructor.
Read common fuse.
- Parameters:
index (
int) – Fuse ID.
- CMD = 243#
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- class spsdk.ele.ele_message.EleMessageReleaseContainer#
Bases:
EleMessageELE Message Release container.
Class object initialized.
- CMD = 137#
- class spsdk.ele.ele_message.EleMessageReset#
Bases:
EleMessageELE Message Reset.
Class object initialized.
- CMD = 199#
- RESPONSE_HEADER_WORDS_COUNT = 0#
- class spsdk.ele.ele_message.EleMessageResetApcContext#
Bases:
EleMessageSend request to reset APC context ELE Message.
Class object initialized.
- CMD = 216#
- class spsdk.ele.ele_message.EleMessageSabInit#
Bases:
EleMessageELE Message SAB Init.
SAB Init command is used to initialize the EdgeLock Secure Enclave Firmware HSM services. It must be called once, at boot, by any core.
SAB Init command must be called before any other ones that use a SAB session. SAB Init command can be called multiple times, even if not recommended. EdgeLock Secure Enclave Firmware will do nothing and respond a success if the initialization is already done.
Class object initialized.
- CMD = 23#
- COMMAND_PAYLOAD_WORDS_COUNT = 0#
- RESPONSE_PAYLOAD_WORDS_COUNT = 0#
- VERSION = 7#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- class spsdk.ele.ele_message.EleMessageSessionClose(session_handle)#
Bases:
EleMessageELE Message Session Close.
Session close command is used to close an opened session. Any data related to the session, including other services flow contexts, will be deleted.
User can call this function only after having opened a valid session (see Session open (0x10)). Session close command will close any associated services to the session as well.
Class object initialized.
- Parameters:
session_handle (
int) – Session handle to close. Handle value returned by Session open (0x10).
- CMD = 17#
- COMMAND_PAYLOAD_WORDS_COUNT = 1#
- RESPONSE_PAYLOAD_WORDS_COUNT = 0#
- VERSION = 7#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- class spsdk.ele.ele_message.EleMessageSessionOpen#
Bases:
EleMessageELE Message Session Open.
Session open command is used to initialize the EdgeLock Secure Enclave HSM services for the requestor. It establishes a route between the user and the EdgeLock Secure Enclave as well as a quality of service.
A maximum of 20 sessions can be opened at the same time. Session open command must be called before any other APIs that use a session.
Class object initialized.
- CMD = 16#
- COMMAND_PAYLOAD_WORDS_COUNT = 2#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- VERSION = 7#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- get_session_handle()#
Get the session handle from successful response.
- Return type:
int- Returns:
Session handle, 0 if session open failed.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- is_session_valid()#
Check if session was successfully opened.
- Return type:
bool- Returns:
True if session handle is valid (non-zero), False otherwise.
- response_info()#
Print specific information about session open response.
- Return type:
str- Returns:
Information about the session.
- class spsdk.ele.ele_message.EleMessageSigned(signed_msg, family)#
Bases:
EleMessageELE Message Signed.
Class object initialized.
- Parameters:
signed_msg (
bytes) – Signed message container.family (
FamilyRevision) – Chip family name.
- COMMAND_PAYLOAD_WORDS_COUNT = 2#
- property command_data: bytes#
Command data to be loaded into target memory space.
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- info()#
Print information including live data.
- Return type:
str- Returns:
Information about the message.
- class spsdk.ele.ele_message.EleMessageStartTrng#
Bases:
EleMessageELE Message Start True Random Generator.
Class object initialized.
- CMD = 163#
- class spsdk.ele.ele_message.EleMessageVerifyImage(image_mask=1)#
Bases:
EleMessageVerify image request.
Constructor.
The Verify Image message is sent to the ELE after a container has been loaded into memory and processed with an Authenticate Container message. This commands the ELE to check the hash on one or more images.
- Parameters:
image_mask (
int) – Used to indicate which images are to be checked. There must be at least one image. Each bit corresponds to a particular image index in the header, for example, bit 0 is for image 0, and bit 1 is for image 1, and so on.
- CMD = 136#
- COMMAND_PAYLOAD_WORDS_COUNT = 1#
- RESPONSE_PAYLOAD_WORDS_COUNT = 2#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- response_info()#
Print Dumped data of debug buffer.
- Return type:
str
- class spsdk.ele.ele_message.EleMessageWriteFuse(bit_position, bit_length, lock, payload)#
Bases:
EleMessageWrite Fuse request.
Constructor.
This command allows to write to the fuses. OEM Fuses are accessible depending on the chip lifecycle.
- Parameters:
bit_position (
int) – Fuse identifier expressed as its position in bit in the fuse map.bit_length (
int) – Number of bits to be written.lock (
bool) – Write lock requirement. When set to 1, fuse words are locked. When unset, no write lock is done.payload (
int) – Data to be written
- CMD = 214#
- COMMAND_PAYLOAD_WORDS_COUNT = 2#
- RESPONSE_PAYLOAD_WORDS_COUNT = 1#
- decode_response(response)#
Decode response from target.
- Parameters:
response (
bytes) – Data of response.- Raises:
SPSDKParsingError – Response parse detect some error.
- Return type:
None
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
- class spsdk.ele.ele_message.EleMessageWriteShadowFuse(index, value)#
Bases:
EleMessageWrite shadow fuse request.
Constructor.
This command allows to write to the shadow fuses.
- Parameters:
index (
int) – Fuse identifier expressed as its position in bit in the fuse map.value (
int) – Data to be written.
- CMD = 242#
- COMMAND_PAYLOAD_WORDS_COUNT = 2#
- export()#
Exports message to final bytes array.
- Return type:
bytes- Returns:
Bytes representation of message object.
Module with the EdgeLock Enclave message handler with mBoot#
EdgeLock Enclave (ELE) Message Handler.
This module provides functionality for handling communication with the EdgeLock Enclave (ELE), a hardware security module present in certain NXP microcontrollers. It includes classes and methods for constructing, sending, and receiving ELE messages, as well as managing the communication interface with different types of devices.
The module supports various communication protocols, including MCUBoot, U-Boot serial console, and U-Boot fastboot, allowing for flexible integration with different development and production environments.
Key components: - EleDevice: An enumeration of supported ELE-capable devices and communication interfaces. - EleMessageHandler: A base class for handling ELE message construction and communication.
This module is part of the SPSDK (Secure Provisioning SDK) and is designed to facilitate secure operations and provisioning tasks on NXP microcontrollers featuring the EdgeLock Enclave.
- class spsdk.ele.ele_comm.EleDevice(tag, label, description=None)#
Bases:
SpsdkEnumEnum containing supported ELE devices.
- MBOOT = (0, 'mboot', 'ELE over mboot')#
- UBOOT_FASTBOOT = (2, 'uboot_fastboot', 'ELE over fastboot')#
- UBOOT_SERIAL = (1, 'uboot_serial', 'ELE over U-Boot serial console')#
- class spsdk.ele.ele_comm.EleMessageHandler(device, family, buffer_address=None, buffer_size=None)#
Bases:
objectBase class for ELE message handling.
Class object initialized.
- Parameters:
device (
Union[McuBoot,UbootSerial,UbootFastboot]) – Communication interface.family (
FamilyRevision) – Target family name.buffer_address (
Optional[int]) – Override default buffer address for ELE.buffer_size (
Optional[int]) – Override default buffer size for ELE.
- static get_ele_device(family)#
Get default ELE device from DB.
- Parameters:
family (
FamilyRevision) – Device name.- Return type:
- Returns:
EleDevice instance.
- classmethod get_message_handler(family, device=None, fb_addr=None, fb_size=None, buffer_addr=None, buffer_size=None, port=None, usb=None, buspal=None, lpcusbsio=None, timeout=5000)#
Get Ele message handler.
- Return type:
- static get_supported_ele_devices()#
Get list of supported target families.
- Return type:
list[str]- Returns:
List of supported families.
- static get_supported_families()#
Get list of supported target families.
- Return type:
list[FamilyRevision]- Returns:
List of supported families.
- abstract send_message(msg)#
Send message and receive response.
- Parameters:
msg (
EleMessage) – EdgeLock Enclave message.- Return type:
None
- class spsdk.ele.ele_comm.EleMessageHandlerMBoot(device, family, comm_buffer_address_override=None, comm_buffer_size_override=None)#
Bases:
EleMessageHandlerEdgeLock Enclave Message Handler over MCUBoot.
This class can send the ELE message into target over mBoot and decode the response.
Class object initialized.
- Parameters:
device (
McuBoot) – mBoot device.family (
FamilyRevision) – Target family name.comm_buffer_address_override (
Optional[int]) – Override default buffer address for ELE.comm_buffer_size_override (
Optional[int]) – Override default buffer size for ELE.
- send_message(msg)#
Send message and receive response.
This method sends an EdgeLock Enclave message to the target device, executes it, and processes the response. It handles the entire communication process, including writing the command to target memory, executing the ELE message, reading back the response, and decoding it. If required, it also handles command data and response data.
- Parameters:
msg (
EleMessage) – EdgeLock Enclave message to be sent- Raises:
SPSDKError – If the device is not an instance of McuBoot, or if ELE communication fails, or if the ELE message fails
SPSDKLengthError – If invalid read back length is detected for response or response data
- Return type:
None
- class spsdk.ele.ele_comm.EleMessageHandlerUBoot(device, family, comm_buffer_address_override=None, comm_buffer_size_override=None)#
Bases:
EleMessageHandlerEdgeLock Enclave Message Handler over uBoot.
This class implements functionality to send ELE messages to the target device over UBoot and decode the responses. It provides an interface for communication with the EdgeLock Enclave using the UBoot protocol.
This method initializes the EleMessageHandlerUBoot class.
- Parameters:
device (
Union[UbootSerial,UbootFastboot]) – UBoot device.family (
FamilyRevision) – Target family name.comm_buffer_address_override (
Optional[int]) – Override default buffer address for ELE.comm_buffer_size_override (
Optional[int]) – Override default buffer size for ELE.
- Raises:
SPSDKError – If the device is not an instance of UbootSerial or UbootFastboot.
- extract_error_values(error_message)#
Extract error values from error_message.
This method parses the error message to extract abort_code, status, and indication values. It uses regular expressions to find and extract the relevant information.
- Parameters:
error_message (
str) – Error message containing ret and response- Return type:
tuple[int,int,int]- Returns:
A tuple containing (abort_code, status, indication)
- Raises:
No exceptions are raised, but errors are logged if parsing fails
- send_message(msg)#
Send message to EdgeLock Enclave and receive response.
This method performs the following steps: 1. Prepares command data in target memory if required. 2. Executes the ELE message on the target. 3. Reads back the response. 4. Decodes the response. 5. Checks the response status. 6. Reads back the response data from target memory if required.
- Parameters:
msg (
EleMessage) – EdgeLock Enclave message to be sent- Raises:
SPSDKError – If an invalid response status is detected or if communication fails
SPSDKLengthError – If an invalid read back length is detected
- Return type:
None
Module with the EdgeLock Enclave message constants#
EdgeLock Enclave Message constants.
- class spsdk.ele.ele_constants.EleCsalState(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE CSAL state.
- ELE_CSAL_ERROR = (3, 'ELE_CSAL_ERROR', 'EdgeLock secure enclave random context initialization failed')#
- ELE_CSAL_NOT_READY = (0, 'ELE_CSAL_NOT_READY', 'EdgeLock secure enclave random context initialization is not done yet')#
- ELE_CSAL_ON_GOING = (1, 'ELE_CSAL_ON_GOING', 'EdgeLock secure enclave random context initialization is on-going')#
- ELE_CSAL_PAUSE = (4, 'ELE_CSAL_PAUSE', "EdgeLock secure enclave random context initialization is in 'pause' mode")#
- ELE_CSAL_READY = (2, 'ELE_CSAL_READY', 'EdgeLock secure enclave random context initialization succeed')#
- class spsdk.ele.ele_constants.EleFwStatus(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE Firmware status.
- ELE_FW_STATUS_IN_PLACE = (1, 'ELE_FW_STATUS_IN_PLACE', 'Authenticated and operational')#
- ELE_FW_STATUS_NOT_IN_PLACE = (0, 'ELE_FW_STATUS_NOT_IN_PLACE', 'Not in place')#
- class spsdk.ele.ele_constants.EleImemState(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE IMEM state.
- ELE_IMEM_LOADED = (202, 'ELE_IMEM_LOADED', 'The IMEM is fully loaded and all ELE functionality can be used')#
- ELE_IMEM_LOST = (254, 'ELE_IMEM_LOST', 'Some IMEM regions have been lost during power down and fw must be re-installed to use all ELE features')#
- class spsdk.ele.ele_constants.EleInfo2Commit(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE Information type to be committed.
- NXP_FW_FUSE = (2, 'NXP_FW_FUSE', 'FW fuse version of the NXP container')#
- NXP_SRK_REVOCATION = (1, 'NXP_SRK_REVOCATION', 'SRK revocation of the NXP container')#
- OEM_FW_FUSE = (32, 'OEM_FW_FUSE', 'FW fuse version of the OEM container')#
- OEM_SRK_REVOCATION = (16, 'OEM_SRK_REVOCATION', 'SRK revocation of the OEM container')#
- class spsdk.ele.ele_constants.EleTrngState(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE TRNG state.
- ELE_TRNG_ERROR = (4, 'ELE_TRNG_ERROR', 'TRNG encounter an error while generating entropy')#
- ELE_TRNG_GENERATING_ENTROPY = (2, 'ELE_TRNG_GENERATING_ENTROPY', 'TRNG is still generating entropy')#
- ELE_TRNG_NOT_READY = (0, 'ELE_TRNG_NOT_READY', "True random generator not started yet. Use 'start-trng' command")#
- ELE_TRNG_PROGRAM = (1, 'ELE_TRNG_PROGRAM', 'TRNG is in program mode')#
- ELE_TRNG_READY = (3, 'ELE_TRNG_READY', 'TRNG entropy is valid and ready to be read')#
- class spsdk.ele.ele_constants.HseMessageIDs(tag, label, description=None)#
Bases:
SpsdkSoftEnumHSE Service Message IDs.
- ACTIVATE_PASSIVE_BLOCK = (81, 'HSE_SRV_ID_ACTIVATE_PASSIVE_BLOCK', 'Activate passive block')#
- AEAD = (10813956, 'HSE_SRV_ID_AEAD', 'AEAD service')#
- BOOT_DATA_IMAGE_SIGN = (8, 'HSE_SRV_ID_BOOT_DATA_IMAGE_SIGN', 'Boot data image sign service')#
- BOOT_DATA_IMAGE_VERIFY = (9, 'HSE_SRV_ID_BOOT_DATA_IMAGE_VERIFY', 'Boot data image verify service')#
- CANCEL = (10813444, 'HSE_SRV_ID_CANCEL', 'Cancel service')#
- CONFIG_COUNTER = (82, 'HSE_SRV_ID_CONFIG_COUNTER', 'Configure counter')#
- CORE_RESET_ENTRY_ERASE = (1286, 'HSE_SRV_ID_CORE_RESET_ENTRY_ERASE', 'Core reset entry erase')#
- CORE_RESET_ENTRY_INSTALL = (1283, 'HSE_SRV_ID_CORE_RESET_ENTRY_INSTALL', 'Core reset entry install')#
- ERASE_FW = (87, 'HSE_SRV_ID_ERASE_FW', 'Erase firmware')#
- ERASE_HSE_NVM_DATA = (80, 'HSE_SRV_ID_ERASE_HSE_NVM_DATA', 'Erase HSE NVM data')#
- ERASE_KEY = (258, 'HSE_SRV_ID_ERASE_KEY', 'Erase key')#
- EXPORT_KEY = (261, 'HSE_SRV_ID_EXPORT_KEY', 'Export key')#
- FAST_CMAC = (10813954, 'HSE_SRV_ID_FAST_CMAC', 'Fast CMAC service')#
- FIRMWARE_UPDATE = (5, 'HSE_SRV_ID_FIRMWARE_UPDATE', 'Firmware update service')#
- FORMAT_KEY_CATALOGS = (257, 'HSE_SRV_ID_FORMAT_KEY_CATALOGS', 'Format key catalogs')#
- FW_INTEGRITY_CHECK = (84, 'HSE_SRV_ID_FW_INTEGRITY_CHECK', 'Firmware integrity check')#
- GET_ATTR = (10813442, 'HSE_SRV_ID_GET_ATTR', 'Get attribute service')#
- GET_KEY_INFO = (10813699, 'HSE_SRV_ID_GET_KEY_INFO', 'Get key information')#
- GET_RANDOM_NUM = (768, 'HSE_SRV_ID_GET_RANDOM_NUM', 'Get random number')#
- HASH = (10813952, 'HSE_SRV_ID_HASH', 'Hash service')#
- IMPORT_EXPORT_STREAM_CTX = (10813450, 'HSE_SRV_ID_IMPORT_EXPORT_STREAM_CTX', 'Import/export stream context')#
- IMPORT_KEY = (260, 'HSE_SRV_ID_IMPORT_KEY', 'Import key')#
- INCREMENT_COUNTER = (10814464, 'HSE_SRV_ID_INCREMENT_COUNTER', 'Increment counter')#
- KEY_DERIVE = (264, 'HSE_SRV_ID_KEY_DERIVE', 'Derive key')#
- KEY_DERIVE_COPY = (265, 'HSE_SRV_ID_KEY_DERIVE_COPY', 'Derive key copy')#
- KEY_GENERATE = (262, 'HSE_SRV_ID_KEY_GENERATE', 'Generate key')#
- KEY_VERIFY = (267, 'HSE_SRV_ID_KEY_VERIFY', 'Verify key')#
- LOAD_ECC_CURVE = (256, 'HSE_SRV_ID_LOAD_ECC_CURVE', 'Load ECC curve')#
- MAC = (10813953, 'HSE_SRV_ID_MAC', 'MAC service')#
- ON_DEMAND_CORE_RESET = (1284, 'HSE_SRV_ID_ON_DEMAND_CORE_RESET', 'On-demand core reset')#
- PUBLISH_NVM_KEYSTORE_RAM_TO_FLASH = (85, 'HSE_SRV_ID_PUBLISH_NVM_KEYSTORE_RAM_TO_FLASH', 'Publish NVM keystore RAM to flash')#
- READ_COUNTER = (10814465, 'HSE_SRV_ID_READ_COUNTER', 'Read counter')#
- RSA_CIPHER = (519, 'HSE_SRV_ID_RSA_CIPHER', 'RSA cipher service')#
- SBAF_UPDATE = (83, 'HSE_SRV_ID_SBAF_UPDATE', 'SBAF update service')#
- SET_ATTR = (1, 'HSE_SRV_ID_SET_ATTR', 'Set attribute service')#
- SHE_BOOT_FAILURE = (41222, 'HSE_SRV_ID_SHE_BOOT_FAILURE', 'SHE boot failure')#
- SHE_BOOT_OK = (41221, 'HSE_SRV_ID_SHE_BOOT_OK', 'SHE boot OK')#
- SHE_EXPORT_RAM_KEY = (41219, 'HSE_SRV_ID_SHE_EXPORT_RAM_KEY', 'SHE export RAM key')#
- SHE_GET_ID = (41220, 'HSE_SRV_ID_SHE_GET_ID', 'SHE get ID')#
- SHE_LOAD_KEY = (41217, 'HSE_SRV_ID_SHE_LOAD_KEY', 'SHE load key')#
- SHE_LOAD_PLAIN_KEY = (41218, 'HSE_SRV_ID_SHE_LOAD_PLAIN_KEY', 'SHE load plain key')#
- SMR_ENTRY_ERASE = (1285, 'HSE_SRV_ID_SMR_ENTRY_ERASE', 'SMR entry erase')#
- SMR_ENTRY_INSTALL = (1281, 'HSE_SRV_ID_SMR_ENTRY_INSTALL', 'SMR entry install')#
- SMR_VERIFY = (1282, 'HSE_SRV_ID_SMR_VERIFY', 'SMR verify')#
- SYM_CIPHER = (10813955, 'HSE_SRV_ID_SYM_CIPHER', 'Symmetric cipher service')#
- SYS_AUTH_REQ = (6, 'HSE_SRV_ID_SYS_AUTH_REQ', 'System authorization request')#
- SYS_AUTH_RESP = (7, 'HSE_SRV_ID_SYS_AUTH_RESP', 'System authorization response')#
- class spsdk.ele.ele_constants.HseResponseStatus(tag, label, description=None)#
Bases:
SpsdkEnumHSE service response codes.
- CANCELED = (869716886, 'HSE_SRV_RSP_CANCELED', 'The service has been canceled.')#
- CANCEL_FAILURE = (869716577, 'HSE_SRV_RSP_CANCEL_FAILURE', 'The service can not be canceled.')#
- COUNTER_OVERFLOW = (869717299, 'HSE_SRV_RSP_COUNTER_OVERFLOW', 'The monotonic counter overflows.')#
- FUSE_VDD_GND = (3141818355, 'HSE_SRV_RSP_FUSE_VDD_GND', 'EFUSE_VDD connected to ground during fuse write operation.')#
- FUSE_WRITE_FAILURE = (3141818087, 'HSE_SRV_RSP_FUSE_WRITE_FAILURE', 'Fuse write operation failed.')#
- GENERAL_ERROR = (869717233, 'HSE_SRV_RSP_GENERAL_ERROR', 'Error not covered by the other error codes is detected inside HSE.')#
- INVALID_ADDR = (1436918378, 'HSE_SRV_RSP_INVALID_ADDR', 'The address parameters are invalid.')#
- INVALID_PARAM = (1436918681, 'HSE_SRV_RSP_INVALID_PARAM', 'The HSE request parameters are invalid.')#
- IPSEC_CE_DROP = (3711148378, 'HSE_SRV_RSP_IPSEC_CE_DROP', 'Decap CE DROP (ECN issue) error.')#
- IPSEC_HEADER_LEN_OVERFLOW = (3711149273, 'HSE_SRV_RSP_IPSEC_HEADER_LEN_OVERFLOW', 'Operation successful, but IPsec additions cause overflow of IP header length field.')#
- IPSEC_INVALID_DATA = (3711119667, 'HSE_SRV_RSP_IPSEC_INVALID_DATA', 'Invalid (malformed) IP packet.')#
- IPSEC_PADDING_CHECK_FAIL = (3711149370, 'HSE_SRV_RSP_IPSEC_PADDING_CHECK_FAIL', 'IPsec padding check error found.')#
- IPSEC_REPLAY_DETECTED = (3711120093, 'HSE_SRV_RSP_IPSEC_REPLAY_DETECTED', 'Valid packet but replay detected.')#
- IPSEC_REPLAY_LATE = (3711120293, 'HSE_SRV_RSP_IPSEC_REPLAY_LATE', 'Valid packet but frame late in sequence.')#
- IPSEC_SEQ_NUM_OVERFLOW = (3711120445, 'HSE_SRV_RSP_IPSEC_SEQNUM_OVERFLOW', 'Sequence number overflow.')#
- IPSEC_TTL_EXCEEDED = (3711148755, 'HSE_SRV_RSP_IPSEC_TTL_EXCEEDED', 'Packet decrypted but TTL exceeded.')#
- IPSEC_VALID_DUMMY_PAYLOAD = (3711149013, 'HSE_SRV_RSP_IPSEC_VALID_DUMMY_PAYLOAD', 'Valid Dummy Payload (type 59).')#
- KEY_EMPTY = (2779403031, 'HSE_SRV_RSP_KEY_EMPTY', 'Specified key slot is empty.')#
- KEY_INVALID = (2779402932, 'HSE_SRV_RSP_KEY_INVALID', "The key usage flags don't allow to perform the requested crypto operation.")#
- KEY_NOT_AVAILABLE = (2779402674, 'HSE_SRV_RSP_KEY_NOT_AVAILABLE', 'Key is locked due to failed boot measurement or an active debugger.')#
- KEY_UPDATE_ERROR = (2779403619, 'HSE_SRV_RSP_KEY_UPDATE_ERROR', 'Specified key slot cannot be updated due to errors in verification of the parameters.')#
- KEY_WRITE_PROTECTED = (2779403318, 'HSE_SRV_RSP_KEY_WRITE_PROTECTED', 'Key slot to be loaded is protected with WRITE PROTECTION restriction flag.')#
- MEMORY_FAILURE = (869716278, 'HSE_SRV_RSP_MEMORY_FAILURE', 'Detect physical errors, flipped bits etc., during memory read or write operations.')#
- NOT_ALLOWED = (2857738780, 'HSE_SRV_RSP_NOT_ALLOWED', 'The operation is not allowed because of some restrictions.')#
- NOT_ENOUGH_SPACE = (2857739121, 'HSE_SRV_RSP_NOT_ENOUGH_SPACE', 'There is no enough space to perform service.')#
- NOT_SUPPORTED = (2857738526, 'HSE_SRV_RSP_NOT_SUPPORTED', 'The operation or feature not supported.')#
- OK = (1436920371, 'HSE_SRV_RSP_OK', 'HSE service successfully executed with no error.')#
- READ_FAILURE = (2857739303, 'HSE_SRV_RSP_READ_FAILURE', 'The service request failed because read access was denied.')#
- RNG_INIT_IN_PROGRESS = (869783850, 'HSE_SRV_RSP_RNG_INIT_IN_PROGRESS', 'RNG Initialization is in Progress.')#
- SBAF_UPDATE_REQUIRED = (3429301933, 'HSE_SRV_RSP_SBAF_UPDATE_REQUIRED', 'Operation is dependent on Secure BAF version, which on the device happens to be old.')#
- SHE_BOOT_SEQUENCE_ERROR = (869783610, 'HSE_SRV_RSP_SHE_BOOT_SEQUENCE_ERROR', 'Received SHE_BOOT_OK or SHE_BOOT_FAILURE more then one time.')#
- SHE_NO_SECURE_BOOT = (869717539, 'HSE_SRV_RSP_SHE_NO_SECURE_BOOT', 'HSE did not perform SHE based secure Boot.')#
- STREAMING_MODE_FAILURE = (2857739953, 'HSE_SRV_RSP_STREAMING_MODE_FAILURE', 'The service request that uses streaming mode failed.')#
- VERIFY_FAILED = (1436918116, 'HSE_SRV_RSP_VERIFY_FAILED', 'HSE signals that a verification request fails (e.g. MAC and Signature verification).')#
- WRITE_FAILURE = (2857739543, 'HSE_SRV_RSP_WRITE_FAILURE', 'The service request failed because write access was denied.')#
- class spsdk.ele.ele_constants.KeyBlobEncryptionAlgorithm(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE KeyBlob encryption algorithms.
- AES_CBC = (3, 'AES_CBC', 'KeyBlob encryption algorithm AES CBC')#
- AES_CTR = (4, 'AES_CTR', 'KeyBlob encryption algorithm AES CTR')#
- AES_XTS = (55, 'AES_XTS', 'KeyBlob encryption algorithm AES XTS')#
- SM4_CBC = (43, 'SM4_CBC', 'KeyBlob encryption algorithm SM4 CBC')#
- class spsdk.ele.ele_constants.KeyBlobEncryptionIeeCtrModes(tag, label, description=None)#
Bases:
SpsdkSoftEnumIEE Keyblob mode attributes.
- AesCTRWAddress = (2, 'CTR_WITH_ADDRESS', ' AES CTR w address binding mode')#
- AesCTRWOAddress = (3, 'CTR_WITHOUT_ADDRESS', ' AES CTR w/o address binding mode')#
- AesCTRkeystream = (4, 'CTR_KEY_STREAM', 'AES CTR keystream only')#
- class spsdk.ele.ele_constants.LifeCycle(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE life cycles.
- LC_BLANK = (2, 'BLANK', 'Blank device')#
- LC_BRICKED = (1024, 'BRICKED', 'BRICKED')#
- LC_FAB = (4, 'FAB', 'Fab mode')#
- LC_NXP_FR = (256, 'NXP_FR', 'Field Return NXP')#
- LC_NXP_PROV = (8, 'NXP_PROV', 'NXP Provisioned')#
- LC_OEM_CLSD = (64, 'OEM_CLSD', 'OEM Closed')#
- LC_OEM_FR = (128, 'OEM_FR', 'Field Return OEM')#
- LC_OEM_LCKD = (512, 'OEM_LCKD', 'OEM Locked')#
- LC_OEM_OPEN = (16, 'OEM_OPEN', 'OEM Open')#
- LC_OEM_SWC = (32, 'OEM_SWC', 'OEM Secure World Closed')#
- class spsdk.ele.ele_constants.LifeCycleToSwitch(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE life cycles to switch request.
- OEM_CLOSED = (8, 'OEM_CLOSED', 'OEM Closed')#
- OEM_LOCKED = (128, 'OEM_LOCKED', 'OEM Locked')#
- class spsdk.ele.ele_constants.MessageIDs(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE Messages ID.
- ELE_COMMIT_REQ = (168, 'ELE_COMMIT_REQ', 'EdgeLock Enclave commit request.')#
- ELE_DERIVE_KEY_REQ = (169, 'ELE_DERIVE_KEY_REQ', 'Derive key')#
- ELE_DUMP_DEBUG_BUFFER_REQ = (33, 'ELE_DUMP_DEBUG_BUFFER_REQ', 'Dump the ELE logs')#
- ELE_ENABLE_APC_REQ = (210, 'ELE_ENABLE_APC_REQ', 'Enable APC (Application processor)')#
- ELE_ENABLE_RTC_REQ = (211, 'ELE_ENABLE_RTC_REQ', 'Enable RTC (Runtime processor)')#
- ELE_FWD_LIFECYCLE_UP_REQ = (149, 'ELE_FWD_LIFECYCLE_UP_REQ', 'Forward Lifecycle update')#
- ELE_FW_AUTH_REQ = (2, 'ELE_FW_AUTH_REQ', 'ELE firmware authenticate request.')#
- ELE_GET_EVENTS_REQ = (162, 'ELE_GET_EVENTS_REQ', 'Get Events')#
- ELE_OEM_CNTN_AUTH_REQ = (135, 'ELE_OEM_CNTN_AUTH_REQ', 'OEM Container authenticate')#
- ELE_RELEASE_CONTAINER_REQ = (137, 'ELE_RELEASE_CONTAINER_REQ', 'Release Container.')#
- ELE_RESET_APC_CTX_REQ = (216, 'ELE_RESET_APC_CTX_REQ', 'Reset APC Context')#
- ELE_VERIFY_IMAGE_REQ = (136, 'ELE_VERIFY_IMAGE_REQ', 'Verify Image')#
- GENERATE_KEY_BLOB_REQ = (175, 'GENERATE_KEY_BLOB_REQ', 'Generate KeyBlob request.')#
- GET_FW_STATUS_REQ = (197, 'GET_FW_STATUS_REQ', 'Get ELE FW status request.')#
- GET_FW_VERSION_REQ = (157, 'GET_FW_VERSION_REQ', 'Get firmware version request.')#
- GET_INFO_REQ = (218, 'GET_INFO_REQ', 'Get ELE Information request.')#
- GET_TRNG_STATE_REQ = (164, 'GET_TRNG_STATE_REQ', 'Get True Random Generator state request.')#
- KEY_STORE_CLOSE_REQ = (49, 'KEY_STORE_CLOSE_REQ', 'Key Store Close Request')#
- KEY_STORE_OPEN_REQ = (48, 'KEY_STORE_OPEN_REQ', 'Key Store Open Request')#
- LOAD_KEY_BLOB_REQ = (167, 'LOAD_KEY_BLOB_REQ', 'Load KeyBlob request.')#
- PING_REQ = (1, 'PING_REQ', 'Ping request.')#
- PUBLIC_KEY_EXPORT_REQ = (50, 'PUBLIC_KEY_EXPORT_REQ', 'Public Key Export Request')#
- READ_COMMON_FUSE = (151, 'READ_COMMON_FUSE', 'Read common fuse request.')#
- READ_SHADOW_FUSE = (243, 'READ_SHADOW_FUSE', 'Read shadow fuse request.')#
- RESET_REQ = (199, 'RESET_REQ', 'System reset request.')#
- RETURN_LIFECYCLE_UPDATE_REQ = (160, 'RETURN_LIFECYCLE_UPDATE_REQ', 'Return lifecycle update request.')#
- SAB_INIT_REQ = (23, 'SAB_INIT_REQ', 'SAB Init Request')#
- SESSION_CLOSE_REQ = (17, 'SESSION_CLOSE_REQ', 'Session Close Request')#
- SESSION_OPEN_REQ = (16, 'SESSION_OPEN_REQ', 'Session Open Request')#
- START_RNG_REQ = (163, 'START_RNG_REQ', 'Start True Random Generator request.')#
- WRITE_FUSE = (214, 'WRITE_FUSE', 'Write fuse')#
- WRITE_SEC_FUSE_REQ = (145, 'WRITE_SEC_FUSE_REQ', 'Write secure fuse request.')#
- WRITE_SHADOW_FUSE = (242, 'WRITE_SHADOW_FUSE', 'Write shadow fuse')#
- class spsdk.ele.ele_constants.MessageUnitId(tag, label, description=None)#
Bases:
SpsdkSoftEnumMessage Unit ID.
- APD_MU = (2, 'APD_MU', 'Application Processor message unit')#
- RTD_MU = (1, 'RTD_MU', 'Real Time Device message unit')#
- class spsdk.ele.ele_constants.ResponseIndication(tag, label, description=None)#
Bases:
SpsdkSoftEnumELE Message Response indication.
- ELE_ABORT_IND = (255, 'ELE_ABORT_IND', 'Abort')#
- ELE_APC_ALREADY_ENABLED_FAILURE_IND = (203, 'ELE_APC_ALREADY_ENABLED_FAILURE_IND', 'APC already enabled failure')#
- ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND = (187, 'ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND', 'Authentication skipped or failed failure')#
- ELE_BAD_CERTIFICATE_FAILURE_IND = (252, 'ELE_BAD_CERTIFICATE_FAILURE_IND', 'Bad certificate failure')#
- ELE_BAD_CONTAINER_FAILURE_IND = (247, 'ELE_BAD_CONTAINER_FAILURE_IND', 'Bad container failure')#
- ELE_BAD_FUSE_ID_FAILURE_IND = (246, 'ELE_BAD_FUSE_ID_FAILURE_IND', 'Bad fuse ID failure')#
- ELE_BAD_HASH_FAILURE_IND = (241, 'ELE_BAD_HASH_FAILURE_IND', 'Bad hash failure')#
- ELE_BAD_ID_FAILURE_IND = (191, 'ELE_BAD_ID_FAILURE_IND', 'Bad ID failure')#
- ELE_BAD_IMAGE_ADDR_FAILURE_IND = (196, 'ELE_BAD_IMAGE_ADDR_FAILURE_IND', 'Bad image address failure')#
- ELE_BAD_IMAGE_NUM_FAILURE_IND = (195, 'ELE_BAD_IMAGE_NUM_FAILURE_IND', 'Bad image number failure')#
- ELE_BAD_IMAGE_PARAM_FAILURE_IND = (197, 'ELE_BAD_IMAGE_PARAM_FAILURE_IND', 'Bad image parameters failure')#
- ELE_BAD_IMAGE_TYPE_FAILURE_IND = (198, 'ELE_BAD_IMAGE_TYPE_FAILURE_IND', 'Bad image type failure')#
- ELE_BAD_KEY_HASH_FAILURE_IND = (250, 'ELE_BAD_KEY_HASH_FAILURE_IND', 'The key hash verification does not match OTP')#
- ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND = (254, 'ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND', 'Bad monotonic counter failure')#
- ELE_BAD_PAYLOAD_FAILURE_IND = (177, 'ELE_BAD_PAYLOAD_FAILURE_IND', 'Bad payload failure')#
- ELE_BAD_SIGNATURE_FAILURE_IND = (240, 'ELE_BAD_SIGNATURE_FAILURE_IND', 'Bad signature failure')#
- ELE_BAD_SRK_SET_FAILURE_IND = (239, 'ELE_BAD_SRK_SET_FAILURE_IND', 'Bad SRK set failure')#
- ELE_BAD_UID_FAILURE_IND = (253, 'ELE_BAD_UID_FAILURE_IND', 'Bad UID failure')#
- ELE_BAD_VALUE_FAILURE_IND = (245, 'ELE_BAD_VALUE_FAILURE_IND', 'Bad value failure')#
- ELE_BAD_VERSION_FAILURE_IND = (248, 'ELE_BAD_VERSION_FAILURE_IND', 'Bad version failure')#
- ELE_CORRUPTED_SRK_FAILURE_IND = (208, 'ELE_CORRUPTED_SRK_FAILURE_IND', 'Corrupted SRK failure')#
- ELE_CRC_ERROR_IND = (185, 'ELE_CRC_ERROR_IND', 'CRC error')#
- ELE_CSTM_FAILURE_IND = (207, 'ELE_CSTM_FAILURE_IND', 'CSTM failure')#
- ELE_DECRYPTION_FAILURE_IND = (169, 'ELE_DECRYPTION_FAILURE_IND', 'Decryption failure')#
- ELE_DISABLED_FEATURE_FAILURE_IND = (182, 'ELE_DISABLED_FEATURE_FAILURE_IND', 'Disabled feature failure')#
- ELE_DMA_FAILURE_IND = (181, 'ELE_DMA_FAILURE_IND', 'DMA failure')#
- ELE_ENCRYPTION_FAILURE_IND = (168, 'ELE_ENCRYPTION_FAILURE_IND', 'Encryption failure')#
- ELE_FW_PING_FAILURE_IND = (26, 'ELE_FW_PING_FAILURE_IND', 'Firmware ping failure')#
- ELE_INCONSISTENT_PAR_FAILURE_IND = (188, 'ELE_INCONSISTENT_PAR_FAILURE_IND', 'Inconsistent parameter failure')#
- ELE_INVALID_KEY_FAILURE_IND = (249, 'ELE_INVALID_KEY_FAILURE_IND', 'The key in the container is invalid')#
- ELE_INVALID_LIFECYCLE_IND = (242, 'ELE_INVALID_LIFECYCLE_IND', 'Invalid lifecycle')#
- ELE_INVALID_MESSAGE_FAILURE_IND = (244, 'ELE_INVALID_MESSAGE_FAILURE_IND', 'Invalid message failure')#
- ELE_INVALID_OPERATION_FAILURE_IND = (192, 'ELE_INVALID_OPERATION_FAILURE_IND', 'Invalid operation failure')#
- ELE_LOCKED_REG_FAILURE_IND = (190, 'ELE_LOCKED_REG_FAILURE_IND', 'Locked register failure')#
- ELE_MSG_TRUNCATED_IND = (194, 'ELE_MSG_TRUNCATED_IND', 'Message truncated failure')#
- ELE_MUST_ATTEST_FAILURE_IND = (183, 'ELE_MUST_ATTEST_FAILURE_IND', 'Must attest failure')#
- ELE_MUST_SIGNED_FAILURE_IND = (224, 'ELE_MUST_SIGNED_FAILURE_IND', 'Must be signed failure')#
- ELE_NON_SECURE_STATE_FAILURE_IND = (193, 'ELE_NON_SECURE_STATE_FAILURE_IND', 'Non secure state failure')#
- ELE_NO_AUTHENTICATION_FAILURE_IND = (238, 'ELE_NO_AUTHENTICATION_FAILURE_IND', 'No authentication failure')#
- ELE_NO_VALID_CONTAINER_FAILURE_IND = (251, 'ELE_NO_VALID_CONTAINER_FAILURE_IND', 'No valid container failure')#
- ELE_OLD_VERSION_FAILURE_IND = (206, 'ELE_OLD_VERSION_FAILURE_IND', 'Old version failure')#
- ELE_OTP_INVALID_IDX_FAILURE_IND = (173, 'ELE_OTP_INVALID_IDX_FAILURE_IND', 'OTP Invalid IDX failure')#
- ELE_OTP_LOCKED_FAILURE_IND = (171, 'ELE_OTP_LOCKED_FAILURE_IND', 'OTP locked failure')#
- ELE_OTP_PROGFAIL_FAILURE_IND = (170, 'ELE_OTP_PROGFAIL_FAILURE_IND', 'OTP program fail failure')#
- ELE_OUT_OF_MEMORY_IND = (209, 'ELE_OUT_OF_MEMORY_IND', 'Out of memory failure')#
- ELE_PERMISSION_DENIED_FAILURE_IND = (243, 'ELE_PERMISSION_DENIED_FAILURE_IND', 'Permission denied failure')#
- ELE_RNG_INST_FAILURE_IND = (189, 'ELE_RNG_INST_FAILURE_IND', 'Random number generator instantiation failure')#
- ELE_RNG_NOT_STARTED_FAILURE_IND = (184, 'ELE_RNG_NOT_STARTED_FAILURE_IND', 'Random number generator not started failure')#
- ELE_ROM_PING_FAILURE_IND = (10, 'ELE_ROM_PING_FAILURE_IND', 'ROM ping failure')#
- ELE_RTC_ALREADY_ENABLED_FAILURE_IND = (204, 'ELE_RTC_ALREADY_ENABLED_FAILURE_IND', 'RTC already enabled failure')#
- ELE_TIME_OUT_FAILURE_IND = (176, 'ELE_TIME_OUT_FAILURE_IND', 'Timeout failure')#
- ELE_UNALIGNED_PAYLOAD_FAILURE_IND = (166, 'ELE_UNALIGNED_PAYLOAD_FAILURE_IND', 'Un-aligned payload failure')#
- ELE_WRONG_ADDRESS_FAILURE_IND = (180, 'ELE_WRONG_ADDRESS_FAILURE_IND', 'Wrong address failure')#
- ELE_WRONG_BOOT_MODE_FAILURE_IND = (205, 'ELE_WRONG_BOOT_MODE_FAILURE_IND', 'Wrong boot mode failure')#
- ELE_WRONG_SIZE_FAILURE_IND = (167, 'ELE_WRONG_SIZE_FAILURE_IND', 'Wrong size failure')#
- class spsdk.ele.ele_constants.ResponseStatus(tag, label, description=None)#
Bases:
SpsdkEnumELE Message Response status.
- ELE_FAILURE_IND = (41, 'Failure', 'The request failed')#
- ELE_SUCCESS_IND = (214, 'Success', 'The request was successful')#
- class spsdk.ele.ele_constants.SocId(tag, label, description=None)#
Bases:
SpsdkSoftEnumSOC Identification.
- MX8ULP = (2125, 'MX8ULP', 'i.MX8ULP')#
- MX91 = (37120, 'MX91', 'i.MX91')#
- MX93 = (37632, 'MX93', 'i.MX93')#
- MX943 = (37936, 'MX943', 'i.MX943')#
- MX95 = (38144, 'MX95', 'i.MX95')#
- RT1180 = (4480, 'RT1180', 'i.MXRT1180')#