lpc55 0.2.1

Host-side tooling to interact with LPC55 chips via the ROM bootloader
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

[firmware]
# raw = "../lpc55-secure-config/example-app.bin"
# signed = "./hopefully-example-bin-signed.bin"
# secure_boot = "./example-app.sb2"
image = "example-binaries/blinky-red-bee.bin"
signed-image = "example-binaries/blinky-red-signed.bin2"
secure-boot-image = "example-binaries/blinky-red.sb2"

build = 1
component = "0.0.0"
product = "0.0.0"

[pki]
signing-key = "file:example-file-certs/ca_private_key_0.pem"
# signing-key = "pkcs11:serial=DECC0401648;object=lpc55-host-dev-ca-0;type=private?module-path=/usr/lib/onepin-opensc-pkcs11.so&pin-value=123456"
# signing-key = "pkcs11:object=lpc55-host-dev-ca-0;type=private?module-path=/usr/lib/opensc-pkcs11.so&pin-value=123456"

# D826E2FD 44F5C254 BC58C62E BF96A938 95C19DC2 25810C95 C8B9E6FD 9F7CC9CB
certificates = [
    "file:example-file-certs/ca_certificate_0.der",
    "file:example-file-certs/ca_certificate_1.der",
    "file:example-file-certs/ca_certificate_2.der",
    "file:example-file-certs/ca_certificate_3.der",
]

# 6A528D30 4FD8F9B7 D06FF7C4 32DFD512 09668660 6E48193B 2EB21102 0B7FD7C0
# certificates = [
#     "lpc55-host-dev-ca-0.der",
#     "lpc55-host-dev-ca-1.der",
#     "lpc55-host-dev-ca-2.der",
#     "lpc55-host-dev-ca-3.der",
# ]

# 6A528D30 4FD8F9B7 D06FF7C4 32DFD512 09668660 6E48193B 2EB21102 0B7FD7C0
# certificates = [
# 	"pkcs11:object=lpc55-host-dev-ca-0;type=cert?module-path=/usr/lib/opensc-pkcs11.so",
# 	"pkcs11:object=lpc55-host-dev-ca-1;type=cert?module-path=/usr/lib/opensc-pkcs11.so",
# 	"pkcs11:object=lpc55-host-dev-ca-2;type=cert?module-path=/usr/lib/opensc-pkcs11.so",
# 	"pkcs11:object=lpc55-host-dev-ca-3;type=cert?module-path=/usr/lib/opensc-pkcs11.so",
# ]

[reproducibility]
# set these for reproducibility (we pick all-zeroes by default, whereas elftosb picks random keys)
dek = "5762307D11981295FC89E8E6947087C0A3E350660D57A03AAA000C8BE5823231"
mac = "4A88F1B5B9F6A07716C4A89CC6851D519D999FDAA9EF4FF05545700F24EC1D71"
nonce = [3822587620, 613396447, 833979729, 763188229]
timestamp = 664665542000000
sb-header-padding = "36BB2DC5"

[factory-settings]
# smartcardhsm-based keys
# rot_fingerprint = "6A528D30 4FD8F9B7 D06FF7C4 32DFD512 09668660 6E48193B 2EB21102 0B7FD7C0"
# file-based keys
rot-fingerprint = "D826E2FD 44F5C254 BC58C62E BF96A938 95C19DC2 25810C95 C8B9E6FD 9F7CC9CB"
usb-id = { vid = 0x1209, pid = 0xb000 }

[factory-settings.secure-boot-configuration]
# puf-enrollment-disabled = false
# secure-boot-enabled = false
dice-computation-disabled = true

[customer-settings]
rot-keys-status = ["Enabled", "Enabled", "Enabled", "Enabled"]
customer-version = 1
secure-firmware-version = 1
nonsecure-firmware-version = 1

# [keystore]
# sbkek = "AAAAAAAA AAAAAAAAA AAAAAAAA AAAAAAAA AAAAAAA AAAAAAAA AAAAAAAA AAAAAAAA"

[[commands]]
cmd = "CheckSecureFirmwareVersion"
version = 1

[[commands]]
cmd = "CheckNonsecureFirmwareVersion"
version = 1

[[commands]]
cmd = "Erase"
start = 0x0
end = 0xC00  # = 3072 = 6*512, size of blinky-red.bin is 856 bytes, signed version is 2148 bytes
# end = 512

[[commands]]
cmd = "Load"
file = "example-binaries/blinky-red-signed.bin"
src = 512
dst = 512

[[commands]]
cmd = "Load"
file = "example-binaries/blinky-red-signed.bin"
len = 512

# Example provisioning for Solo
[[provisions]]
cmd = "Keystore"
sub-cmd= "Enroll"

[[provisions]]
cmd = "Keystore"
sub-cmd= "SetKey"
key = "SecureBootKek"
data = [0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA]

[[provisions]]
cmd = "Keystore"
sub-cmd= "GenerateKey"
key = "PrinceRegion0"
len = 16

[[provisions]]
cmd = "Keystore"
sub-cmd= "GenerateKey"
key = "PrinceRegion1"
len = 16

[[provisions]]
cmd = "Keystore"
sub-cmd= "GenerateKey"
key = "PrinceRegion2"
len = 16

[[provisions]]
cmd = "Keystore"
sub-cmd= "GenerateKey"
key = "UserPsk"
len = 16

[[provisions]]
cmd = "Keystore"
sub-cmd= "WriteNonVolatile"

[[provisions]]
cmd = "WriteMemoryWords"
# temporary ram memory
address = 0x20034000
words = [
    # Config for Prince region 1
    0x50000001, 0xA0000, 0x00000,
    # Config for Prince region 2
    0x50000002, 0x80000, 0x1de00
]

[[provisions]]
cmd = "ConfigureMemory"
address = 0x20034000

[[provisions]]
cmd = "ConfigureMemory"
address = 0x2003400C

[[provisions]]
cmd = "Reset"