From bdef9677d37e1951f7db710259b3d0c8cabe632d Mon Sep 17 00:00:00 2001 From: Mateusz Michalek Date: Wed, 11 Dec 2024 12:24:59 +0100 Subject: [PATCH] scripts: west_commands: ncs-provision lock-last policy adds new policy scheme to 'west ncs-provision' command. Signed-off-by: Mateusz Michalek --- scripts/west_commands/ncs-provision.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/scripts/west_commands/ncs-provision.py b/scripts/west_commands/ncs-provision.py index 09f65d872d4b..9feab96064ad 100644 --- a/scripts/west_commands/ncs-provision.py +++ b/scripts/west_commands/ncs-provision.py @@ -36,8 +36,9 @@ def do_add_parser(self, parser_adder): "-k", "--key", type=Path, action='append', dest="keys", help="Input .pem file with ED25519 private key" ) - upload_parser.add_argument("-p", "--policy", type=str, help="Keys policy", - choices=["revokable", "lock"], default="revokable") + upload_parser.add_argument("-p", "--policy", type=str, + choices=["revokable", "lock", "lock-last"], default="revokable", + help="Policy applied to the given set of keys. revokable: keys can be revoked each by one. lock: all keys stay as they are. lock-last: last key is uploaded as locked, others as revokable") upload_parser.add_argument("-s", "--soc", type=str, help="SoC", choices=["nrf54l15"], required=True) upload_parser.add_argument("--dev-id", help="Device serial number") @@ -55,11 +56,18 @@ def do_run(self, args, unknown_args): with open(keyfile, 'rb') as f: priv_key = load_pem_private_key(f.read(), password=None) pub_key = priv_key.public_key() + if args.policy == "lock-last": + if slot == (len(args.keys) - 1): + key_policy = nrf54l15_key_policies["lock"] + else: + key_policy = nrf54l15_key_policies["revokable"] + else: + key_policy = nrf54l15_key_policies[args.policy] command = [ "nrfprovision", "provision", "-r", - nrf54l15_key_policies[args.policy], + key_policy, "-v", pub_key.public_bytes_raw().hex(), "-m",