Loading Debug Certificates to a Device
When trying to debug a secure device, the initial condition is naturally that the debug port are locked; therefore some other mechanism is required in order to get the debug certificates into the device.
In normal operation, it is possible that the debug certificates could be loaded to the device via a serial port, via an over-the-air connection, or some other way specific to a users application. All these methods, however, require that the application firmware on the device is working well enough to support the transfer and storage of the certificates.
As a default mechanism, RSL15 allows the use of the Data Exchange Unit (DEU) to transfer data into and out of the device in a strictly controlled form.
This feature has been provided with the express purpose of being able to create debug developer certificates and have the packages loaded into the device in a securely managed manner.
The DEU may be used in either EH_STATE or ROT_STATE to perform the following operations:
- Retrieve the SOC ID from the device.
- Load Debug Certificates to the correct location in the device depending on the EH_STATE/ROT_STATE.
- Erase any debug certificate information, hence re-locking the device.