Key Management – Secure Boot, Generation of ROT keys
BEE boot for i.MX RT10xx
Import/Export Keys between workspaces
Improved connection dialog, it supports UART test connection, improved processor detection and detection of fuses status
Added support for Mac OS X Catalina (10.15) + Ubuntu 18.04
Fixed termination of sub-processes of long-running tasks.
Known problems and limitations
On Windows platform make sure the windows FIND utility is found first on the PATH (GNU findutils could break the functionality)
On Linux platform the USB and/or Serial device files has to be readable and writable by current user. See resources/udev/99-secure-provisioning.rules installed into /etc/udev/rules.d/99-secure-provisioning.rules that solves this issue. On user's machine can be conflicting rule with higher priority. In case of conflict, update the conflicting rule or make this rule file with higher priority by renaming the file with lower number at beginning.
Application has to be installed into location where the user has write access.
Workspace cannot contain space in the path
Secure Provisioning Tool does not burn all possible security features that are available. Only those required by the selected boot type are configured.
Mac OS X
Closing application using App Menu "securep | Quit securep" doesn't save the workspace setting. Either save settings using menu "File | Save Settings" or use "File | Exit" or use Close button on title bar, which saves the workpsace settings automatically.
Selection of wrong UART in connection dialog may cause the test connection operation takes too long and hang up. Killing sdphost and blhost processes will shorten the dialog freeze.
Workspace cannot be placed on different disk drive letter then the application is installed.
BT_FUSE_SEL is not burned so the boot device is based on corresponding GPIO pins.
Parameter "enable_encrypted_XIP" in write script is not properly supported and might not work; this feature is not used in GUI.
LPC Signed Boot Type:
Write requires keys selected on Build tab
Confirmation dialog for enabling security is displayed even security is already enabled
Write scripts requires the cmpa.bin and cfpa.bin files exist on the disk; on CLI it is necessary to manually modify write script to create them
LPC Trust Zone
CLI does not allow to set/override the Trust Zone Settings. If Trust Zone has to be configured and applied in CLI,
workspace has to be configured with Trust Zone settings in GUI in advance.
Configuration of Trust Zone is not supported for Unsigned image