Skip to content

Commit

Permalink
scripts: west_commands: ncs-provision lock-last policy
Browse files Browse the repository at this point in the history 
adds new policy scheme to 'west ncs-provision' command.

Signed-off-by: Mateusz Michalek <[email protected]>
  • Loading branch information
@michalek-no @nordicjm
michalek-no authored and nordicjm committed Dec 11, 2024
1 parent 4c6ab4d commit fb67949
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions scripts/west_commands/ncs-provision.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,13 @@ def do_add_parser(self, parser_adder):
"-k", "--key", type=Path, action='append', dest="keys",
help="Input .pem file with ED25519 private key"
)
upload_parser.add_argument("-p", "--policy", type=str, help="Keys policy",
choices=["revokable", "lock"], default="revokable")
upload_parser.add_argument("-p", "--policy", type=str,
choices=["revokable", "lock", "lock-last"], default="lock-last",
help="Policy applied to the given set of keys."
" revokable: keys can be revoked each by one."
" lock: all keys stay as they are."
" lock-last: last key is uploaded as locked,"
" others as revokable")
upload_parser.add_argument("-s", "--soc", type=str, help="SoC",
choices=["nrf54l15"], required=True)
upload_parser.add_argument("--dev-id", help="Device serial number")
Expand All @@ -55,11 +60,18 @@ def do_run(self, args, unknown_args):
with open(keyfile, 'rb') as f:
priv_key = load_pem_private_key(f.read(), password=None)
pub_key = priv_key.public_key()
if args.policy == "lock-last":
if slot == (len(args.keys) - 1):
key_policy = nrf54l15_key_policies["lock"]
else:
key_policy = nrf54l15_key_policies["revokable"]
else:
key_policy = nrf54l15_key_policies[args.policy]
command = [
"nrfprovision",
"provision",
"-r",
nrf54l15_key_policies[args.policy],
key_policy,
"-v",
pub_key.public_bytes_raw().hex(),
"-m",
Expand Down

0 comments on commit fb67949

Please sign in to comment.