MCUXpresso Secure Provisioning v6 Now Available

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

MCUXpresso Secure Provisioning v6 Now Available

4,470 次查看
petrstruzka
NXP Employee
NXP Employee

MCUXpresso Secure Provisioning Tool (SEC) is a graphical user interface (GUI) tool covering secure boot process and Trust Provisioning capabilities, primarily aimed at microcontroller customers. It provides unified GUI front-end over existing command-line tools (elftosb, blhost, sdphost, cst, pfr, tpconfig, tphost).

Features

  • Support for i.MX RT10xx, RT11xx, RT5xx, and RT6xx families:
    • RT1010, RT1015, RT1020, RT1024, RT1040, RT1050, RT1060, and RT1064
    • RT1171, RT1172, RT1173, RT1175, RT1176, RT1165, RT1166
    • RT595S, RT555S, RT533S, RT685S
  • Support for LPC55Sxx and LPC55xx families:
    • LPC55S6x, LPC55S3x, LPC55S2x, LPC55S1x, and LPC55S0x
    • LPC553x, LPC552x, LPC551x, and LPC550x
  • Support for Kinetis W processors:
    • K32W148, KW45B41Zx
  • Conversion of ELF executables, SREC, HEX, and raw binaries into bootable images files
  • Credentials (keys, signatures, and certificates) generation and management associated with signed/encrypted images
  • Target device connection via UART, USB-HID, SPI, and I2C
  • Writing FlexSPI NOR, FlexSPI NAND, SEMC NAND or SD card boot device including configuration of the boot device parameters
  • Use of DCD configuration for SDRAM images bootup
  • Programming customizable eFuses per image and use case requirements
  • Optional batch scripts generation for later use without the GUI
  • Streamlined operation for general users
  • Manufacturing Tool with the support of parallel execution
  • Trust provisioning and device HSM provisioning for selected processors
  • Flash programming GUI tool
  • Debug authentication
  • Detailed supported features for each processor in the user guide
  •  

Downloads

Supported Operating Systems:

  • Microsoft(R) Windows(R) 10 (64-bit)
  • Mac OS 12.4 Monterey
  • Ubuntu 22.04 LTS 64 bit, with "OpenSSL 1.1.1f 31 Mar 2020"; GNOME recommended

Revision History

6.0

  • Added KW45xx and K32W1xx processors
  • Enabled support of LPC55S36 processor
  • Fixed configuration of boot device Macronix_MX25UM51345G_A.json, so it matches recommendations from reference manuals
  • LPC55Sxx: DICE can be enabled by the user, UDS key initialized in write script
  • LPC55Sxx and i.MX RTxxx: It is possible to re-generate ROT certificates with a different serial number (for key revocation)
  • LPC55Sxx: The CFPA content is verified before write and an error is reported, if the version is not
    incremented (GUI only)
  • LPC55Sxx: Added support for encrypted plain boot type
  • Added i.MX RT1040 processor
  • i.MX RT1060: a new EVK board revision supported: MIMXRT1060-EVKC
  • i.MX RT107x: a new EVK board revision supported: RT1170-EVKB
  • i.MX R685: a new EVK board supported: RT600-AUD-EVK
  • i.MX RT5xx: Added support for dual image (ping/pong) boot with PUF key source
  • i.MX RT5xx and RT6xx: Added support eMMC and SD card
  • Trust provisioning: added support for multiple smart cards, USB connection, and performance improvements
  • i.MX RT6xx: Added support for debug authentication
  • Flash programmer performance improvements for higher buffer sizes
  • Build view: displayed all generated files and their status
  • Window locations and sizes are stored in preferences
  • The tool display "dirty" flag; if settings are not saved on the disk; added new preference to save automatically
  • Setting file spt_settings.json changed to settings.sptjson
  • File extension .sptjson associated with SEC tool, so it can be opened directly with the tool
  • CLI: New argument in write scripts: erase_all - perform an erase of the entire flash memory instead erasing regions only
  • Tool localized to Chinese
  • Legacy blhost updated to v2.6.7
  • LPC55S69: dropped support of trust provisioning firmware for silicon revision 8
  • i.MX RT633S: the processor removed, no more supported
  •  

Known problems and limitations

  • See chapter Troubleshooting in documentation

id:mcux-secure-tool

15 回复数

4,325 次查看
IvoBCD
Contributor III

HI Marek, that's on macOS 13.1 (Ventura; darwin 22.2.0). 

I know the documentation states only Mac OS 12.4 Monterey is supported, but downgrading to Monterey doesn't seem likely to fix this, given the nature of the error.

0 项奖励
回复

4,334 次查看
IvoBCD
Contributor III

Thanks, but it seems the "MAC" version does not launch.

Looking at the error messages, it seems it does not work on recent (arm64-based) Macs:

 

MCUXpresso Secure Provisioning v6.app % ./Contents/MacOS/securep
INFO: [root] workspace /Users/ivo/secure_provisioning
WARNING: [root] Loading settings from workspace: No settings file found
Traceback (most recent call last):
File "PyInstaller/loader/pyimod03_ctypes.py", line 53, in __init__
File "ctypes/__init__.py", line 374, in __init__
OSError: dlopen(/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib, 0x0006): tried: '/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'x86_64')), '/System/Volumes/Preboot/Cryptexes/OS/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib' (no such file), '/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'x86_64')), '/private/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'x86_64')), '/System/Volumes/Preboot/Cryptexes/OS/private/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib' (no such file), '/private/var/folders/mm/9yxjtsmj5r743v3ps_zmz6n80000gn/T/tmp4j8_kunq.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'x86_64'))

 

0 项奖励
回复

4,320 次查看
liborukropec
NXP Employee
NXP Employee

Hello Ivo,

SEC is built for Intel architecture. The first Mac for M1 had an emulator (Rosetta) installed by default. Unfortunately the next versions comes without Rosetta and users have to install it manually. I do not have Mac M1 available, could you please try this: https://support.apple.com/en-us/HT211861

or search other resources for installing Rosetta?

 

Best regards,

Libor

0 项奖励
回复

4,318 次查看
IvoBCD
Contributor III

I'm afraid that despite Rosetta 2 being installed, it still fails with arm64/x86_64 errors even if invoked with "arch -x86_64 /Applications/MCUX_Provi_v6/MCUXpresso\ Secure\ Provisioning\ v6.app/Contents/MacOS/securep" 

No big deal, I'll just use a Linux box.

0 项奖励
回复

4,132 次查看
liborukropec
NXP Employee
NXP Employee

Hello Ivo,

 

we have identified that the issue is integration between Secure Provisioning Python JLink package and installed SEGGER J-Link SW. Most probably you have installed only M1 version of SEGGER J-Link. If "Universal installer" is used (that contains both Intel and Arm architecture), then Secure Provisioning Tool (SEC) works even on Mac M1 (please mind that at this moment it is not a supported platform, and it will be addressed in the future versions of SEC).

https://www.segger.com/downloads/jlink/

liborukropec_0-1685402954948.png

Regards,

Libor

0 项奖励
回复

2,797 次查看
application_ninja
Contributor III

This work around doesn't work. When will Mac M1 be supported? v7 still does not support Mac M1...

0 项奖励
回复

2,767 次查看
liborukropec
NXP Employee
NXP Employee

Hello Scott,

M1 will have native support in the following v8 (mid Q1 2024). Could you please execute the `securep` executable from the terminal and paste here the error, so I can see whether it is above mentioned problem or something different?

 

Thank you,

Libor

0 项奖励
回复

2,762 次查看
application_ninja
Contributor III

It's unfortunate it will take so long for a fix since the Mac arm64 has been out for quite some time now. Is it open source, could I compile the app myself?

Here is the error:

"

Traceback (most recent call last):

  File "PyInstaller/loader/pyimod03_ctypes.py", line 53, in __init__

  File "ctypes/__init__.py", line 374, in __init__

OSError: dlopen(/var/folders/gl/4qfmnn7s10l2s624c_mmlldr0000gn/T/tmpi7dou0_w.dylib, 0x0006): tried: '/var/folders/gl/4qfmnn7s10l2s624c_mmlldr0000gn/T/tmpi7dou0_w.dylib' (mach-o file, but is an incompatible architecture (have (arm64), need (x86_64))), '/private/var/folders/gl/4qfmnn7s10l2s624c_mmlldr0000gn/T/tmpi7dou0_w.dylib' (mach-o file, but is an incompatible architecture (have (arm64), need (x86_64)))"

0 项奖励
回复

2,736 次查看
marek-trmac
NXP Employee
NXP Employee

Hi Scott,

if you run SEC tool as Intel application under Rosetta, all used libraries must be installed for Intel architecture. The SEC tool fails if it invokes any library for M1 architecture.

From your log, it is not clear, which library is failing. If you can find this, you can replace/re-install it.

Regards,
Marek
0 项奖励
回复

2,722 次查看
application_ninja
Contributor III

It won't run under Rosetta, already tried everything. Need a new compiled app under arm64 is the only solution.

2,698 次查看
liborukropec
NXP Employee
NXP Employee

Hi Scott,

on clean Intel Mac OS with the Rosetta the SEC can be executed (even it is not officially supported). There must be something interfering (brew? other python?) on your machine, that is not obvious from the console output.

I'm afraid you have to wait for v8, or do a workaround with a virtualization like UTM, VirtualBox, etc.

 

Regards,

Libor

0 项奖励
回复

2,693 次查看
application_ninja
Contributor III

I am trying to use this on a ARM Mac, not an Intel Mac... My machine is clean, technically only a month old, fresh install of Mac Sonoma 14.1 on a Mac Studio M2 Ultra...

0 项奖励
回复

2,758 次查看
liborukropec
NXP Employee
NXP Employee

Hi Scott,

It's unfortunate it will take so long for a fix since the Mac arm64 has been out for quite some time now. Is it open source, could I compile the app myself?

No, it is not an open source.

OSError: dlopen(/var/folders/gl/4qfmnn7s10l2s624c_mmlldr0000gn/T/tmpi7dou0_w.dylib, 0x0006): tried: '/var/folders/gl/4qfmnn7s10l2s624c_mmlldr0000gn/T/tmpi7dou0_w.dylib' (mach-o file, but is an incompatible architecture (have (arm64), need (x86_64))), '/private/var/folders/gl/4qfmnn7s10l2s624c_mmlldr0000gn/T/tmpi7dou0_w.dylib' (mach-o file, but is an incompatible architecture (have (arm64), need (x86_64)))"

The folder and file names are cryptic so I'm unable to tell what library is in conflict with the Secure Provisioning Tool, but symptoms are similar. Secure Provisioning Tool running under Rosetta as x86_64, finds a library arm64 only.

Could you please check if you have set DYLD_LIBRARY_PATH or DYLD_FALLBACK_LIBRARY_PATH?

set | grep DYLD

 and if yes, unset them by

unset DYLD_LIBRARY_PATH
unset DYLD_FALLBACK_LIBRARY_PATH

and from the same terminal execute the ./securep ? There might be a library that interferes with the Secure Provisioning. I must say it is a shot in the dark, still worth to try it.

Regards,

Libor

0 项奖励
回复

2,754 次查看
application_ninja
Contributor III

Sorry, nothing comes up with: "set | grep DYLD"...

0 项奖励
回复

4,327 次查看
marek-trmac
NXP Employee
NXP Employee

Hi Ivo,

what Mac OS version is it?

Regards,
Marek
0 项奖励
回复