Hi,
I'm looking to verify my understanding of how the Secure Provisioning Tool works:
Kind regards,
Daniel
已解决! 转到解答。
Hi @MulattoKid ,
Share you some document, it will help you understand your issues, it is from the commander line method, in fact, the SPT tool also merge the commander line method to the GUI method:
My HAB document:
1. Given an ELF file without any flash config, and IVT, the Secure Provisioning Tool will generate these based on the selected configuration in the tool itself. It will then extract the binary from the ELF file, and add these generated blocks to the front of the binary. The binary can now be flashed, and if e.g. the Secure Provisioning Tool was configured to generate a Secure Boot/HAB binary, the boot ROM will initiate HAB validation when the MCU boots. Is my understanding correct?
=>Answer: You understand is correct, the SPT tool will help to generate the image from IVT+BD+HAB data +app, then download the FCB at first, then download the secured or signed imaged from IVT aea.
2. How are the fuses that lock down the they keys that can be used for signing a binary configured, does it happen automatically the first time a binary with HAB enabled is attempted booted?
=>Answer: If you check my document in the above, you will find, it will use this method do burn your fuse:
In fact, modify the fuse area directly.
Wish it helps you!
If you still have question about it, please kindly let me know.
If your question is solved, please help me to mark the correct answer, just to close this case, thanks.
Any new issues, welcome to create the new question post.
Best Regards,
Kerry
Hi @MulattoKid ,
Share you some document, it will help you understand your issues, it is from the commander line method, in fact, the SPT tool also merge the commander line method to the GUI method:
My HAB document:
1. Given an ELF file without any flash config, and IVT, the Secure Provisioning Tool will generate these based on the selected configuration in the tool itself. It will then extract the binary from the ELF file, and add these generated blocks to the front of the binary. The binary can now be flashed, and if e.g. the Secure Provisioning Tool was configured to generate a Secure Boot/HAB binary, the boot ROM will initiate HAB validation when the MCU boots. Is my understanding correct?
=>Answer: You understand is correct, the SPT tool will help to generate the image from IVT+BD+HAB data +app, then download the FCB at first, then download the secured or signed imaged from IVT aea.
2. How are the fuses that lock down the they keys that can be used for signing a binary configured, does it happen automatically the first time a binary with HAB enabled is attempted booted?
=>Answer: If you check my document in the above, you will find, it will use this method do burn your fuse:
In fact, modify the fuse area directly.
Wish it helps you!
If you still have question about it, please kindly let me know.
If your question is solved, please help me to mark the correct answer, just to close this case, thanks.
Any new issues, welcome to create the new question post.
Best Regards,
Kerry
Oh, one thing I forgot to confirm: flashing the signed binary itself can be done in the regular internal boot mode, but for the files that modify the fuse map it's required to be in serial downloader mode, correct?
Hi @MulattoKid ,
Yes, all need to in the serial download mode, and also need to use the signed flashloader if you already do the HAB signed.
Wish it helps you!
If you still have question about it, please help to create the new question post, thanks.
Best Regards,
Kerry