{ "info": { "author": "Cypress Semiconductor", "author_email": "", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", "Programming Language :: Python :: 3.7", "Topic :: Software Development :: Embedded Systems" ], "description": "This package contains security tools for creating keys, signing user application and device provisioning.\n\n# Prerequisites\n\n* Python 3.7\n\n* Installed pyocd\n\n From command line: `pip install --upgrade --force-reinstall git+http://git-ore.aus.cypress.com/repo/pyocd.git`\n\n* Installed libusb driver\n\n **Windows**\n - Download and unzip libusb-1.0.21.7z from https://github.com/libusb/libusb/releases/tag/v1.0.21\n - Copy *libusb-1.0.dll* file into Python 3.7 folder (use 64-bit version of the DLL for 64-bit Python and 32-bit version of the DLL for 32-bit Python)\n - Make sure Python path located at the begginning of Path environment variable\n\n **Linux/Mac OS**\n - Use [homebrew] to install the driver from terminal: `homebrew install libusb`\n\n# Installing Package\n\nFrom command line invoke `pip install`:\n\n```\npip install --upgrade --force-reinstall git+http://git-ore.aus.cypress.com/repo/cysecuretools.git\n```\n# Installing libusb\n\n# Preparing Secure Application\n\nThe package has an APIs that should be sequentially called to make a device and a user application protected.\n\n## Basic Guide\n\nThe basic guide provides several steps that allow to create key, provision device with a default policy and sign user application with the key.\n\n### 1. Create keys\nThe key is a certificate file used to authorize access to a device data. There must be common key pair between secure device and user application. A device must be provisioned with a public key and user application must be signed with corresponding private key from same pair.\n\n**create_keys()** - creates keys specified in policy file for image signing and encryption.\n#### Arguments\n* _overwrite_ (optional) - Indicates whether overwrite keys in the output directory if they already exist. Available values: True, False, None. If the value is None, a prompt will ask whether to overwrite existing keys.\n* _out_ (optional) - Output directory for generated keys. By default, keys location will be as specified in the policy file.\n#### Usage example\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json')\ntools.create_keys()\n```\n\n### 2. Create provisioning packet\nThe provisioning packet is a JWT file to program into device during provisioning procedure. In general, this is policy and keys in JWT format. Returns True if packet created successfully, otherwise False.\n\n**create_provisioning_packet()** - creates JWT packet for provisioning device.\n#### Usage example\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json')\ntools.create_provisioning_packet()\n```\n\n### 3. Provision device\nProvisioning is the act of configuring a device with an authorized set of keys (certificates), credentials and firmware images.\n\n**provision_device()** - executes device provisioning that is the process of attaching a certificate to the device identity. Returns true if provisioning was success, otherwise False.\n#### Arguments\n* _probe_id_ (optional) - Probe serial number. Can be used to specify probe if more than one device is connected to a computer.\n#### Usage example\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json')\ntools.provision_device()\n```\n\n### 4. Sign user application\nTo run user application on a secure device, the application must be signed with the same keys that the device has been provisioned with.\n\n**sign_image()** - signs user application with the certificates.\n#### Arguments\n* hex_file - Hex file with user application.\n* _image_id_ (optional) - The ID of the firmware image in the device. Default value is 4.\n#### Usage example\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json')\ntools.sign_image('mbed-os-example-blinky.hex')\n```\n\n# Additional APIs\n\n### 1. Entrance exam\nBefore provisioning a device user can ensure that the device has valid state by passing an entrance exam.\n\n**entrance_exam()** - checks device life-cycle, Flashboot firmware and Flash memory state. Returns True if the device is ready for provisioning, otherwise False.\n#### Usage example\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json')\ntools.entrance_exam()\n```\n\n### 2. Flash map\nThe API provides an image address and size from the policy file.\n\n**flash_map()** - extracts information about slots from given policy. Returns tuple with address and size for the specified image. If arguments not specified, the default will be used.\n#### Arguments\n* _image_id_ (optional) - The ID of the firmware image in the device. Default value is 4.\n#### Usage example\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json')\ntools.flash_map()\n```\n\n# Running Tools From Command Line\nTo execute the tools APIs from command line use `python -c` command.\n\nExample:\n```\npython -c \"from cysecuretools import CySecureTools;tools = CySecureTools('cy8cproto-064s1-sb', 'targets/cy8cproto_064s1_sb/policy/policy_single_stage_CM4.json');tools.create_keys();tools.create_provisioning_packet();tools.provision_device();tools.sign_image('mbed-os-example-blinky.hex')\"\n```\n\n# Package Installation Directory\nUse `pip` command to get the package location:\n```\npip show cysecuretools\n```\n\n# Advanced Guide\n## Provisioning Policies\nChange the policy by specifying _policy_ argument. All available policy files are located in _policy_ directory inside the folder with target name in the package installation directory.\n\n## Policy Location\nBy default, keys and policy files location is the package installation directory.\nTo use policy file from different location, provide policy file location while creation CySecureTools object.\n\nExample:\n```\nfrom cysecuretools import CySecureTools\ntools = CySecureTools('cy8cproto-064s1-sb', '/Users/example/policy_single_stage_CM4.json')\n```\n\n## Keys Location\nBy default, keys location is _keys_ directory inside the package installation directory. Keys location can be changed in the policy file. Either absolute or relative path can be used. If use relative path it is related to the policy file location.\n\nExample:\n\n```\n{\n \"boot_auth\": [\n 8\n ],\n \"boot_keys\": [\n { \"kid\": 8, \"key\": \"../keys/USERAPP_CM4_KEY.json\" }\n ],\n \"id\": 4,\n \"monotonic\": 0,\n \"smif_id\": 0,\n \"upgrade\": true,\n \"version\": \"0.1\",\n \"encrypt\": true,\n \"encrypt_key\": \"../keys/aes128.key\",\n \"encrypt_key_id\": 1,\n \"encrypt_peer\": \"../keys/dev_pub_key.pem\",\n \"upgrade_auth\": [\n 8\n ],\n \"upgrade_keys\": [\n { \"kid\": 8, \"key\": \"../keys/USERAPP_CM4_KEY.json\" }\n ],\n \"resources\": [\n {\n \"type\": \"BOOT\",\n \"address\": 268435456,\n \"size\": 327680\n },\n {\n \"type\": \"UPGRADE\",\n \"address\": 268763136,\n \"size\": 327680\n }\n ]\n}\n```\n\n_boot_keys_ - keys for signing BOOT image.\n\n_upgrade_keys_ - keys for signing UPGRADE image.\n\n_encrypt_key_ - key used for image encryption.\n\n_encrypt_peer_ - public key read from device during provisioning procedure. The key is used for image encryption.\n\n# CyBootloader\nBy default, the tools use debug mode of CyBootloader. It allows to see CyBootloader logs using serial port with baud rate 115200. The release mode of CyBootloader does not have this feature, but it has smaller size. To change CyBootloader mode, change cy_bootloader field in the policy file:\n```\n\"cy_bootloader\":\n{\n \"mode\": \"debug\"\n}\n```\n\n# License and Contributions\nThe software is provided under Apache-2.0 license. Contributions to this project are accepted under the same license.\nThis project contains code from other projects. The original license text is included in those source files.\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/cypresssemiconductorco/cysecuretools", "keywords": "", "license": "Apache 2.0", "maintainer": "", "maintainer_email": "", "name": "cysecuretools", "package_url": "https://pypi.org/project/cysecuretools/", "platform": "", "project_url": "https://pypi.org/project/cysecuretools/", "project_urls": { "Homepage": "https://github.com/cypresssemiconductorco/cysecuretools" }, "release_url": "https://pypi.org/project/cysecuretools/1.1.0/", "requires_dist": [ "cryptography (>=2.4.2)", "click (>=7.0)", "intelhex (>=2.2.1)", "jwcrypto (>=0.6.0)", "jsonschema (>=3.0.0)", "pyocd (>=0.22.0)" ], "requires_python": ">=3.7", "summary": "Cypress secure tools for Python", "version": "1.1.0" }, "last_serial": 5906223, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "0cde5ead086bcf9a79e65a4ae4f67568", "sha256": "33f39222be0e5d92eafa59f5c2b74b1e4bb0decc8211c971b977527b8800e6c8" }, "downloads": -1, "filename": "cysecuretools-1.0.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "0cde5ead086bcf9a79e65a4ae4f67568", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.7", "size": 187287, "upload_time": "2019-09-13T12:40:27", "url": "https://files.pythonhosted.org/packages/d0/53/6904025f574d1db19e1888a88d8b8a0b2d10f5b063e8ac144dc2ac3cf2fe/cysecuretools-1.0.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e22a7d4f3366bb6ebcd45f047caf2ce9", "sha256": "7edf3e886e837c2cf3e290935fbf85ff9e016366d2171d6da566f6b01e7d5cfb" }, "downloads": -1, "filename": "cysecuretools-1.0.0.tar.gz", "has_sig": false, "md5_digest": "e22a7d4f3366bb6ebcd45f047caf2ce9", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 157692, "upload_time": "2019-09-13T12:40:31", "url": "https://files.pythonhosted.org/packages/fb/9f/0036e23992be6b9d6aeb5e3c125e19d07df70eb77a02fcdd4a7684fd7abb/cysecuretools-1.0.0.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "1beeef0eee8fb43ef109cc5fc4587954", "sha256": "def15859d49d303d39fbb096e733277d052722ff39431daaf9c1b7bc333e4c19" }, "downloads": -1, "filename": "cysecuretools-1.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "1beeef0eee8fb43ef109cc5fc4587954", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.7", "size": 307805, "upload_time": "2019-09-30T09:29:00", "url": "https://files.pythonhosted.org/packages/91/92/8494cccccd8b511ded125c92eb8fc7d6ab26ef38e3a46863725c1f279768/cysecuretools-1.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ef6363db9e8016b3ffa2bcbd9988dbc8", "sha256": "4d69b4ef0ea7fdf1e95134833f355712f491d0899f029e8d1aac2a48913447f4" }, "downloads": -1, "filename": "cysecuretools-1.1.0.tar.gz", "has_sig": false, "md5_digest": "ef6363db9e8016b3ffa2bcbd9988dbc8", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 272351, "upload_time": "2019-09-30T09:29:02", "url": "https://files.pythonhosted.org/packages/56/c3/d615b86c854e4fe14aa91209d63162acc8ad38bb47b5ba3a9bfc4670679c/cysecuretools-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1beeef0eee8fb43ef109cc5fc4587954", "sha256": "def15859d49d303d39fbb096e733277d052722ff39431daaf9c1b7bc333e4c19" }, "downloads": -1, "filename": "cysecuretools-1.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "1beeef0eee8fb43ef109cc5fc4587954", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": ">=3.7", "size": 307805, "upload_time": "2019-09-30T09:29:00", "url": "https://files.pythonhosted.org/packages/91/92/8494cccccd8b511ded125c92eb8fc7d6ab26ef38e3a46863725c1f279768/cysecuretools-1.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ef6363db9e8016b3ffa2bcbd9988dbc8", "sha256": "4d69b4ef0ea7fdf1e95134833f355712f491d0899f029e8d1aac2a48913447f4" }, "downloads": -1, "filename": "cysecuretools-1.1.0.tar.gz", "has_sig": false, "md5_digest": "ef6363db9e8016b3ffa2bcbd9988dbc8", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 272351, "upload_time": "2019-09-30T09:29:02", "url": "https://files.pythonhosted.org/packages/56/c3/d615b86c854e4fe14aa91209d63162acc8ad38bb47b5ba3a9bfc4670679c/cysecuretools-1.1.0.tar.gz" } ] }