Device Provisioner
Configuring target devices
The Device Provisioner helps to provision microcontrollers for debug, trace or production access, including locking the device afterwards. It simplifies the automation of configuring security features on target devices.
Overview
Most modern microcontrollers include security features for locking or encrypting the debug interface, protecting read out, and more. Each silicon vendor has its own method of configuring and activating these features. The Device Provisioner for J-Link, J-Trace and Flasher provides uniform access to these options.
Key features
The Device Provisioner provides a comprehensive set of features designed to streamline the setup and configuration of devices.
Universal access
Scripts for the Device Provisioner can access almost all functions of the target interface.
Full automation
Automated actions such as initialization steps to enable secured access can be integrated into automatic processes.
Support for security features
The Device Provisioner enables access to features such as encrypted programming or debug interfaces, TrustZone®/partitioning, and many more.
Use cases
The Device Provisioner is a versatile tool for securely setting up and configuring microcontrollers for various use cases, including secure debugging, programming, and configuring TrustZone® partitions.
Device provisioning for secure debugging
Secure microcontrollers offer options to debug over secured interfaces. To set up the interface properly, the Device Provisioner is used to set up the target device with secure IDs and to set the state to accept secure debug connection. This includes enabling the interfaces, activating security features for the interfaces (securing) or locking them down, once the product lifecycle reaches this state.
Device provisioning for secure programming
Secure programming usually requires preparation of the device by adding secure IDs and enabling the device to lock itself down after transmission of the firmware. The Device Provisioner provides commands to change the states of the microcontroller that enable or disable debugging or secure programming. In addition, the device provisioner can download keys or certificates (provisioning), if required for the secure processes.
Configuring TrustZone® partitions
TrustZone® is Arm’s tool for code isolation on a device. To prepare a target device, the trusted areas have to be configured. After adding code to the trusted partition, the zone can be locked such that no further read or write access is possible in the zone.
How the Device Provisioner works
The Device Provisioner is a command line tool for J-Link debug probes, J-Trace streaming probes and Flasher in-circuit programmers, ensuring devices are properly set up and configured for use. The provisioning process includes tasks such as initializing hardware, installing software, configuring settings, and sometimes associating the device with a specific user or network.
Created to seamlessly integrate into automation environments, the Device Provisioner executes commands from scripts written in the C language, which can be provided by SEGGER, the silicon vendor, or created by users. These scripts can be executed on J-Links and Flashers while connected to a host PC, as well as in stand-alone mode on Flashers. To protect intellectual property, script files can be distributed in source code or pre-compiled form.
Example project
Secure product lifecycle management for the STM32H5 series
Device provisioning plays a foundational role in establishing and maintaining the security of devices throughout their lifecycle, from initial deployment to decommissioning. It ensures that devices are configured securely, managed effectively, and integrated seamlessly into the overall security infrastructure. SEGGER has already developed security product lifecycle features for the STM32H5 series from STMicroelectronics. It includes all necessary commands ranging from checking the product state to performing a full regression.
Script customization & flexibility
Customization requires a script. The Device Provisioner utility offers the utmost in flexibility by enabling users to customize their own device provisioning process by writing their own script.
SEGGER can also, upon request, help with the script or the script may come from the Silicon Vendor. The script required for popular MCUs is available from SEGGER and more will be added over time.
Licensing
The Device Provisioner is included in both the J-Link Software and Documentation Package and the Flasher Software and Documentation Package. The software package is free for any J-Link, J-Trace or Flasher device and can be downloaded here.
System requirements
| Supported OS | |
|---|---|
| Windows | Microsoft Windows (x86/x64) |
| macOS | macOS (x86/Apple Silicon) |
| Linux | Linux (x86/x64/Arm) |
Get in touch with us
Have questions or need assistance? Our Embedded Experts are here to help!
Reach out to us for:
- Licensing quotes
- Technical inquiries
- Project support