This package contains security tools for creating keys, creating certificates, signing user applications, and provisioning Cypress MCUs.
- Prerequisites
- Documentation
- Installing package
- Supported devices
- Interface and Usage
- Logging
- Installing libusb driver
- Known issues
- License and Contributions
Target/Kit | Silicon Revision1 | Silicon ID, Silicon Rev., Family ID | CySecureTools Version | Secure FlashBoot Version | CyBootloader Version |
512K | |||||
cyb06xx5 cy8cproto‑064b0s3 |
A1 | 0xE70D, 0x12, 0x105 | 4.2.0 | 4.0.2.1842 | 2.0.1.6441 |
2M | |||||
cyb06xxa cy8ckit‑064b0s2‑4343w |
A1 | 0xE470, 0x12, 0x102 | 4.2.0 | 4.0.3.2319 | 2.0.2.8102 |
cys06xxa cy8ckit‑064s0s2‑4343w |
A1 | 0xE4A0, 0x12, 0x02 | 4.2.0 | 4.0.3.2319 | 2.0.2.8102 |
1M | |||||
cyb06xx7 cy8cproto‑064s1‑sb cy8cproto‑064b0s1‑ble cy8cproto‑064b0s1‑ssa |
B3 | 0xE262, 0x24, 0x100 0xE261, 0x24, 0x100 | 4.2.0 | 4.0.2.1842 | 2.0.0.4041 |
Target/Kit | Silicon Revision1 | Silicon ID, Silicon Rev., Family ID | CySecureTools Version | BootROM Version | RAM Applications Version |
cyw20829 | A0 | 0xEB40, 0x11, 0x110 | 4.2.0 | 1.0.0.7120 | 1.0.0.2857 |
cyw20829 | B0 | 0xEB43, 0x21, 0x110 | 4.2.0 | 1.2.0.8274 | 1.2.0.3073 |
1 Specify --rev
option for older revision of the silicon (e.g. $ cysecuretools -t cyw20829 --rev a0 <COMMAND>
). Using the latest revision does not require specifying the option.
- General
- Python 3.6 or later
- For PSoC 64 devices
- Installed Cypress OpenOCD
- Ensure the KitProg3 programming mode is CMSIS-DAP Bulk
- Ensure the power selection jumper is set to provide 2.5 V to the power supply pin related to eFuse power. This voltage level is required to blow eFuses
- For CYW20829 devices
- Installed Cypress OpenOCD
- Ensure the KitProg3 programming mode is CMSIS-DAP Bulk
- Ensure the power selection jumper is set to provide 2.5 V to the power supply pin related to eFuse power. This voltage level is required to blow eFuses
Invoke pip install
from the command line:
$ pip install cysecuretools
To update the already installed package:
$ pip install --upgrade --force-reinstall cysecuretools
Use device-list
command for output of the supported devices list.
$ cysecuretools device-list
See README_PSOC64.md
Every time the tool is invoked, a new log file is created in the logs directory of the project. By default, the console output has INFO logging severity. The log file contains the DEBUG logging severity.
- Using the policy from version 4.0.0 in projects created by version 4.1.0 causes the CY_FB_INVALID_IMG_JWT_SIGNATURE error during re-provisioning on PSoC64-2M devices:
...
ERROR : SFB status: CY_FB_INVALID_IMG_JWT_SIGNATURE: Invalid image certificate signature. Check the log for details
Workaround:
- Open the policy file.
- Navigate to section 1 of the
boot_upgrade/firmware
. - Set
boot_auth
andbootloader_keys
as follows:
"boot_auth": [
3
],
"bootloader_keys": [
{
"kid": 3,
"key": "../keys/cy_pub_key.json"
}
]
- During the installation of the package via pip on Mac OS Big Sur, the following exception is raised:
...
distutils.errors.DistutilsError: Setup script exited with error: SandboxViolation:
mkdir('/private/var/root/Library/Caches/com.apple.python/private/tmp/easy_install-y8c1npmz', 511) {}
The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.
This package cannot be safely installed by EasyInstall, and may not
support alternate installation locations even if you run its setup
script by hand. Please inform the package's author and the EasyInstall
maintainers to find out if a fix or workaround is available.
Solution: Upgrade the pip
package running the following command from the terminal: python3 -m pip install --upgrade pip
.
The software is provided under the Apache-2.0 license. Contributions to this project are accepted under the same license. This project contains code from other projects. The original license text is included in those source files.