Features

Here are the key features of the Secure Provisioning Tool (SEC):

Security Enablement

• Image signing and encryptions: supports generation of signed and encrypted images using customer-provided keys and certificates.

• Secure boot configuration: automates creation of secure boot headers (for example, HAB, TrustZone-M, BEE).

• Key management: integrates with NXP’s key provisioning workflows, including SRK, DEK, and OTP key programming.

• Optional signature provider: allows customizing integration of the HSM module for signing the image.

• Trust provisioning: device HSM and EdgeLock 2GO

Device communication and flashing

• BootROM interface support: communicates with BootROM via UART, USB, SPI, or I2C.

• Flash programming: supports writing to internal flash and external memory (for example, QSPI, FlexSPI NOR/NAND, eMMC).

• Device detection and connection management: auto-detects connected devices and manages communication

User experience

• Guided workflows: workspace wizard with predefined profiles to create a new configuration easily.

• Visual feedback: real-time status updates, logs, and error reporting.

• Cross-Platform support: available for Windows, Linux, and macOS.

Useful extensions

• Debug authentication support

• SB editor allowing creation of Secure Binary files

• The Merge Tool allowing merging several images into one

• MCUboot signer allowing signing the custom application via the MCUboot third-party Tool

• Manufacturing Tool for FAB operations, allowing provisioning several devices in parallel

• Additional command-line utilities for low-level interaction with the device

Device and platform support

• Broad processor family coverage: Compatible with a wide range of NXP processors (for example, i.MX, LPC, MCX).

• Support for latest silicon features: Regularly updated to support new security features and silicon revisions.