Getting Started

Overview

Many operations are possible when using the security features of an RSL device, including state transitions, life cycle transitions, debug support, application signing, and more. The RSL Security Tooling (RSLSec) application is designed to make RSL15 security features and their usage as straightforward as possible.

RSLSec consists of two parts:

  • A PC-based component which handles the following general operations:
    • Creation of keys
    • Signing of applications
    • Generation of RoT hashes
    • Generation of key and content certificates
    • Generation of debug certificates
    • Management of the process enabling debug of secure devices
    • Management of the transition to RMA state
  • An embedded application, used to perform specific life cycle transitions and associated asset provisioning:
    • EH → CM (Effectively, revocation of LCS_EH)
    • CM → DM 
    • DM → SE 
    • DM → RMA
    • SE → RMA

These two tools combine to meet the needs of RSL devices in all life cycle states.

Software Installation

RSLSec is distributed as a single Windows® executable that combines the PC-based component and the embedded application in one place. To install the software, copy the executable to a suitable location and run it from there with the appropriate parameters (arguments). The tool is designed to be a command-line utility, so it can easily be used in batch scripts or as part of an automated process.

Hardware Set Up

The RSLSec tool is designed to communicate with RSL15 devices using the JTAG/SWD pins. The tool uses the J-Link JTAG programmer when communicating with the device. No other JTAG programmers are supported at this time.

NOTE: The security tools use SWD or the JTAG interface, so these pins must accessible during device provisioning.

In normal operation, RSLSec communicates with the device using either the debug port, or—in cases where the debug port is locked—the Data Exchange Unit (DEU).

RSLSec PC-Based Tool

The RSLSec PC-based tool is provided as a command-line utility with various operating modes, each of which has limited help available.

IMPORTANT: Prior to performing any provisioning operations, we recommend that the flash is in an erased state; this prevents any user code adversely affecting the process.

Some code examples follow:

Top Level Help Messages

C:\Development\RSLSec>rslsec --help

usage:

RSLSec [-h] {eh,icv,oem,secure,rma,trust,util} ...

RSL Security Tooling

positional arguments:

  {eh,icv,oem,secure,rma,trust,util}

                        /* Available Security Functions */

    eh                  /* EH Mode Operations */

    icv                 /* Chip Manufacture Operations */

    oem                 /* Device Manufacture Operations */

    secure              /* Secure Operations */

    rma                 /* Return to Manufacture Operations */

    trust               /* Root of Trust Operations */

    util                /* Utility helper operations */

optional arguments:

  -h, --help  /*          show this help message and exit */

Top Level EH Help Messages

C:\Development\RSLSec>rslsec eh -h

usage:

RSLSec eh [-h] {update,revoke,unlock,relock} ...

EH Mode Operations

positional arguments:

  {update,revoke,unlock,relock}

                        /* Available LCS_EH Operations */

    update              /* Update the LCS_EH configuration */

    revoke              /* Revoke LCS_EH, transition to LCS_CM */

    unlock              /* Unlock a locked device with the key */

    relock              /* Relock a previously unlocked device */

optional arguments:

  -h, --help            /* show this help message and exit */

EH Update help messages

C:\Development\RSLSec>rslsec eh update -h

usage:

RSLSec eh update [-h] [--out OUT] [--target TARGET] [--write]

                      [--socid SOCID] [--key KEY KEY KEY KEY]

                      [--ndcu NDCU NDCU NDCU NDCU]

Update the LCS_EH configuration

optional arguments:

  -h, --help            /* show this help message and exit */

  --out OUT             /* File to which the loadable package needs to be written */

  --target TARGET       /* Target connection [RSL15, RSL15-284] */

  --write               /* Update the attached target with the given options */

  --socid SOCID         /* 32 bit SOCID */

  --key KEY KEY KEY KEY

                        /* 128 bit Unlock Key */

  --ndcu NDCU NDCU NDCU NDCU

                        /* 128 bit nDCU Enables */

RSLSec Common Options

Some RSLSec command options are common to more than one mode of the device. These are indicated in the help sections at the level where they are mentioned, but for clarity, are also documented below.

--target

The --target option defines the device with which the utility is communicating. For RSL15, this can be omitted because the default is a standard 512 K device, which is appropriate for RSL15.

--out

This specifies the file to which any loadable packages are written prior to being downloaded to a device. In general this is used to dump iHex formatted files; however, it can also contain other output data depending on the context of the command.

--write

Where the RSLSec command is used to update a device, this option causes the write to happen. If this flag is omitted, any expected generated package files are created but the attached device is not updated. By default this flag is omitted to prevent accidental device updates.