# Features

Here are the key features of the **Secure Provisioning Tool** (SEC):

## Security Enablement

- Image signing and encryptions: supports generation of signed and encrypted images using customer-provided keys and certificates.
- Secure boot configuration: automates creation of secure boot headers (for example, HAB, TrustZone-M, BEE).
- Key management: integrates with NXP’s key provisioning workflows, including SRK, DEK, and OTP key programming.
- Optional signature provider: allows customizing integration of the HSM module for signing the image.
- Trust provisioning: device HSM and EdgeLock 2GO

## Device communication and flashing

- BootROM interface support: communicates with BootROM via UART, USB, SPI, or I2C.
- Flash programming: supports writing to internal flash and external memory (for example, QSPI, FlexSPI NOR/NAND, eMMC).
- Device detection and connection management: auto-detects connected devices and manages communication

## User experience

- Guided workflows: workspace wizard with predefined profiles to create a new configuration easily.
- Visual feedback: real-time status updates, logs, and error reporting.
- Cross-Platform support: available for Windows, Linux, and macOS.

## Useful extensions

- Debug authentication support
- SB editor allowing creation of Secure Binary files
- The Merge Tool allowing merging several images into one
- MCUboot signer allowing signing the custom application via the MCUboot third-party Tool
- Manufacturing Tool for FAB operations, allowing provisioning several devices in parallel
- Additional command-line utilities for low-level interaction with the device

## Device and platform support

- Broad processor family coverage: Compatible with a wide range of NXP processors (for example, i.MX, LPC, MCX).
- Support for latest silicon features: Regularly updated to support new security features and silicon revisions.