Added support for i.MX RT1015, i.MX RT1024, LPC55S06 and LPC55S04
Mac OS X - fixed saving the workspace setting in case App Menu "securep | Quit securep" is used
Mac OS X - fixed connection dialog freeze in case wrong UART is used
LPC - several improvements for Signed LPC images
LPC Trust Zone - CLI allows to set/override the Trust Zone Settings
Other minor improvements and bug-fixes
Added support for i.MX RT1020 and i.MX RT1064
Added support for LPC55S6x, LPC55S2x and LPC55S1x
Unsigned, Unsigned CRC and Signed boot modes
TrustZone support (bin + json)
Key Management – Secure Boot, Generation of ROT keys
BEE boot for i.MX RT10xx
Import/Export Keys between workspaces
Improved connection dialog, it supports UART test connection, improved processor detection and detection of fuses status
Added support for Mac OS X Catalina (10.15) + Ubuntu 18.04
Fixed termination of sub-processes of long-running tasks.
Known problems and limitations
On Windows platform make sure the windows FIND utility is found first on the PATH (GNU findutils could break the functionality)
On Linux platform the USB and/or Serial device files has to be readable and writable by current user. See resources/udev/99-secure-provisioning.rules installed into /etc/udev/rules.d/99-secure-provisioning.rules that solves this issue. On user's machine can be conflicting rule with higher priority. In case of conflict, update the conflicting rule or make this rule file with higher priority by renaming the file with lower number at beginning.
Application has to be installed into location where the user has write access.
Workspace cannot contain space in the path
Secure Provisioning Tool does not burn all possible security features that are available. Only those required by the selected boot type are configured.
Workspace cannot be placed on different disk drive letter then the application is installed.
LPC Signed Boot Type:
Write scripts requires the cmpa.bin and cfpa.bin files exist on the disk; on CLI it is necessary to manually modify write script or calling the generate_pfr command to create them
SBKEK keys are currently NOT supported by Import/Export command. It is recommended to backup and restore the gen_scripts/sbkek.bin and gen_scripts/sbkek.txt files manually.
LPC Trust Zone
Configuration of Trust Zone is not supported for Unsigned image
i.MX RT1015-EVK / Mac OS X
OpenSDA does not work On Mac OS X when the device has HAB enabled and UART port is used for communication. Either USB HID communication should be used, or the OpenSDA must be disconnected from RX and TX pins (jumpers J45 and J46) and device must be programmed via external USB to serial converter (3.3V)