Secure Desktop Provisioner

Secure provisioning at your desk

Secure Desktop Provisioner enables developers, who have defined their key infrastructure during development, to dynamically generate keys and “provision” these securely into the device together with programming a cryptographically secured image of the application.

Provisioning is the act of injecting unique characteristics to every device being produced, whether at the chip, board or system level. This unique cryptographic identity, similar to a birth certificate, enables every programmed device to be identified and acted upon, whether this is to provide authentication, or to enable updates to be targeted to a single device, or a group. The provisioning is often implemented alongside secure programming, ensuring that as much information as possible is protected.

Secure provisioning enabling Security from Inception

Security orientated development is traditionally challenging as there is a need to manage high-value code and secrets, including keys, along the complete supply chain from development through to production.

The Security from Inception Suite enables developers to make the first critical step by building security into their designs ready for production. Secure Desktop Provisioner has now been added as a critical component of the Security from Inception Suite. For the first time, it is now possible to take the second step of securely transferring those designs to a production environment to produce prototypes and first articles that fully implement the designed security features. In C-Trust, development keys are replaced by secure production keys, during the creation of a final, secure production package. The Secure Desktop Provisioner imports these production packages.

Supported devices

In order to leverage different security and development needs, our security tools offer support for a range of devices, and more will be added.

Devices enabling foundation security all have a minimum memory of 256K or more (512K to 1M), JTAG disable is available, and so is are memory protection unit (MPU) features of different levels and functionality. The following devices are currently supported:

STMicroelectronics NXP
Kinetis K24
Kinetis K6x
Kinetis K70

Best-in-class secure devices includes an inbuilt hardware crypto unit and memory protection features and/or hardware-based security and Arm® TrustZone®. The following are currently supported:

STMicroelectronics Renesas Microchip NXP