Util Commands#
Key Generation#
Generates a keyfile to be used for encryption and decryption and outputs the keyfile to the specified filename.
Command Line Syntax
$ commander util genkey --type aes-ccm --outfile <filename>Command Line Input Example
$ commander util genkey --type aes-ccm --outfile key.txtCommand Line Output Example
Using /dev/random for random number generation
Gathering sufficient entropy... (may take up to a minute)...
DONEGenerating a Signing Key#
Creates an EDCSA-P256 key pair and outputs the result to the specified private and public key files. For more information, see UG266: Silicon Labs Gecko Bootloader User's Guide for GSDK 3.x and Lower or UG489: Silicon Labs Gecko Bootloader User's Guide for GSDK 4.0 and Higher.
Command Line Syntax
$ commander util genkey --type ecc-p256 --privkey <filename> --pubkey <filename> [--tokenfile <filename>]Command Line Input Example
$ commander util genkey --type ecc-p256 --privkey signing_key.pem --pubkey signing_pubkey.pemCommand Line Output Example
Generating ECC P256 key pair...
Writing private key file in PEM format to signing_key.pem
Writing public key file in PEM format to signing_pubkey.pem
DONEKey to Token#
Creates a token text file containing an Elliptic Curve Cryptography (ECC) public key suitable for flashing to a device. For more information, see UG266: Silicon Labs Gecko Bootloader User's Guide for GSDK 3.x and Lower or UG489: Silicon Labs Gecko Bootloader User's Guide for GSDK 4.0 and Higher.
Command Line Syntax
$ commander util keytotoken <input file> --outfile <filename>Command Line Input Example
$ commander util keytotoken my_pubkey.pem --outfile keytokens.txtCommand Line Output Example
Writing EC tokens to keytokens.txt...
DONEKey Config Generation#
Generates a key configuration file to the specified file name. This command is only available for SiWx91x devices, so the device options is required. The output file is used as input to the Provision Security Keys to the Device and Provision OTP Security Keys to the Device command, among others. The file contains the following keys:
ATTESTATION_PRIVATE_KEY
ATTESTATION_PUBLIC_KEY
M4_OTA_KEY
M4_PRIVATE_KEY
M4_PUBLIC_KEY
OTA_KEY
TA_PRIVATE_KEY
TA_PUBLIC_KEY
OTP_AES_KEY
OTP_PRIVATE_KEY
OTP_PUBLIC_KEY
Command Line Syntax
$ commander util genkeyconfig --outfile <filename> --device <device>Command Line Input Example
$ commander util genkeyconfig --outfile keys.json --device Si917This example generates a file, keys.json, containing the key configuration for a Si917 device.
Command Line Output Example
Generating symmetric key...
Generating symmetric key...
Generating ECC P256 key pair...
Generating ECC P256 key pair...
Generating ECC P256 key pair...
Key configuration written to keys.json
DONEGenerate Certificate#
The process of signing files can be done using an intermediate certificate. These certificates can be generated with the util gencert command. There are currently two available certificate types: GBL certificates and Secure Boot certificates. If rollback prevention is enabled, the device will not boot if it has seen a certificate with a higher version number. This is set by the --cert-version option. The private key corresponding to the --cert-pubkey is used to sign the image. The certificate may either be signed directly by providing a signing key with the --sign option or unsigned by providing the --extsign option.
Command Line Syntax
$ commander util gencert --cert-type <cert type> --cert-version <version> --cert-pubkey <key file> [--sign <key file>|--extsign] --outfile <filename>Command Line Input Example
$ commander util gencert --cert-type secureboot --cert-version 1 --cert-pubkey cert_pubkey.pem --sign signing_key.pem --outfile secureboot_cert.binIn this example, the signing key is provided and the certificate is signed directly.
Command Line Output Example
Successfully signed certificate
DONECommand Line Input Example
$ commander util gencert --cert-type gbl --cert-version 1 --cert-pubkey cert_pubkey.pem --extsign --outfile gbl_cert.binIn this example, an unsigned certificate is created. The signature for the certificate can be created, for example, by a Hardware Security Module (HSM). The certificate can be signed by passing the unsigned certificate and the HSM generated signature to the util signcert command.
Command Line Output Example
DONESign Certificate#
Sign a certificate with an externally created signature. You can use the optional --verify option to verify the signature by providing the public key corresponding to the private key used to create the signature.
Command Line Syntax
$ commander util signcert <cert filename> --cert-type <type> --signature <signature> [--verify <public key file>] --outfile <filename>Command Line Input Example
$ commander util signcert gbl_cert.bin.extsign --cert-type gbl --signature gbl_signature.bin --verify signing_pubkey.pem --outfile signed_cert.binCommand Line Output Example
Successfully verified signature
Successfully signed certificate
DONEVerify Signature#
When secure boot is enabled, all code running on the device must be signed. This command can be used as a check to verify that the file was correctly signed, which may help in debugging in case secure boot fails, or as a verification before flashing the image. If the file is signed using an intermediate certificate, the certificate key is used to check the signature of the file. The key given by the --verify option is used to verify the signature of the certificate.
Command Line Syntax
$ commander util verifysign <input file> --verify <public key file>Command Line Input Example
$ commander util verifysign my_application.bin --verify signing_pubkey.pemCommand Line Output Example
Parsing file my_application.bin...
Found application properties at 0x00000e78
Found certificate in image at location 0x0000b3a4
Successfully verified certificate signature with verification key.
Using certificate key to verify application signature.
Found signature at 0x0000b42c
Successfully verified application signature.
DONEApplication Information#
Get all available information about an application by parsing the ApplicationProperties_t struct in the image. If the file does not have application properties, no information can be extracted from the file.
Command Line Syntax
$ commander util appinfo <filename>Command Line Input Example
$ commander util appinfo my_application.binCommand Line Output Example
Parsing file my_application.bin...
Found application properties in image.
Application protperties info:
Signature location : 0x0000b42c
Signature type : ECDSA-P256
Long token section address : Not set (0x00000000)
Application data info:
If rollback prevention is enabled, the device will not boot if the device has seen an application with a higher version number.
App type : The application is an MCU application
App version : 0x00000000
Product ID : 0x53455f555047524144455f4150500000
Application certificate info:
If rollback prevention is enabled, the device will not boot if the device has seen a certificate with a higher version number.
Certificate located at : 0x0000b3a4
Certificate version : 0x00000001
Certificate key : 0x249919c28b28156f19d2e03379b968c8a931aa9b195258e2741da28b686983dd71d0140e9a7b0d7e39de43f592163b8aa38d4e0871f5d2d88b57556dbe87f89b
Certificate signature : 0x013f2adc310f10f1426db74b503f3612a46ab85c7ce86c967eb965b10f7d24267101192513d9481c49c0eb0b61c1f73392cc6f6d1cd1209a9d58e761884aac4e
DONEPrint Section Header Information from an ELF File#
Parse and print the section header information from an Executable and Linkable Format (ELF) file.
Command Line Syntax
$ commander util elfinfo <filename>Command Line Input Example
$ commander util elfinfo my_bootloader.outDisplays section header information of ELF file my_bootloader.out.
Command Line Output Example
Index Name Size Address Type
1 .shstrtab 0x00000111 0x00000000 STRTAB
2 .strtab 0x0001e169 0x00000000 STRTAB
3 .symtab 0x000243a0 0x00000000 SYMTAB
4 HEADERS 0x000000ac 0x00000000 PROGBITS
5 APP ro 0x0002ddf4 0x00000200 PROGBITS
6 SIMEE&LOCKBITS 0x00009000 0x000f7000 NOBITS
7 ResetHeap 0x00001490 0x20000000 NOBITS
8 Guard 0x00000030 0x20001490 NOBITS
9 APP rw 0x00002148 0x2003dce0 NOBITS
10 .debug_abbrev 0x00006325 0x00000000 PROGBITS
11 .debug_aranges 0x000037ac 0x00000000 PROGBITS
12 .debug_frame 0x0003a2f5 0x00000000 PROGBITS
13 .debug_info 0x00063435 0x00000000 PROGBITS
14 .debug_line 0x00064f5c 0x00000000 PROGBITS
15 .debug_loc 0x00010fe3 0x00000000 PROGBITS
16 .debug_macinfo 0x00009941 0x00000000 PROGBITS
17 .debug_pubnames 0x00007132 0x00000000 PROGBITS
18 .debug_ranges 0x00003778 0x00000000 PROGBITS
19 .iar.debug_frame 0x00015349 0x00000000 PROGBITS
20 .iar.debug_line 0x00020199 0x00000000 PROGBITS
21 .comment 0x001d394a 0x00000000 PROGBITS
22 .iar.rtmodel 0x00000032 0x00000000 PROGBITS
23 .ARM.attributes 0x0000002e 0x00000000
DONEGet RAM and Flash Usage of an ELF Application#
Calculate the static RAM usage and the flash storage usage of an application from an Executable and Linkable Format (ELF) file, and print usage details of the RAM sections.
If the --map option is provided with the path to the .map file created when building the application (only GCC map files are supported), the available RAM and flash storage will also be displayed.
If no map file is available, the --device option can be provided to let Commander infer the RAM and flash sizes of the device from its part number.
Note: Any changes you might have introduced to the memory regions on your specific device will not be reflected if you are using the
--deviceoption.
Command Line Syntax
$ commander util usage <filename> [--map <filename>|--device <device part no.>] [--include-section <ELF section> --exclude-section <ELF section>]Command Line Input Example
$ commander util usage my_elf.out --map my_mapfile.mapCommand Line Output Example
Ram usage : 262144 / 262144 B (100.00 %)
.bss : 3344 B ( 1.28 %)
.data : 152 B ( 0.06 %)
.heap : 254552 B ( 97.10 %)
.stack : 4096 B ( 1.56 %)
Flash usage : 23884 / 1564672 B ( 1.53 %)
DONEPrint Header Information of an RPS File#
Parse and print the information contained in the header of an RPS file. The printed information includes (but is not limited to) security settings, signature data, bootloader instructions, flash address, image type, and image size. If the provided RPS file is a combined RPS image, the data for all constituent images is printed sequentially. If the image is encrypted, the bootloader instructions will be unavailable.
RPS files for on-device key upgrades are also supported by this command.
Command Line Syntax
$ commander util rpsinfo <filename>Command Line Input Example
$ commander util rpsinfo image.rpsThis command line prints the information contained in the header of 'image.rps'.
Command Line Output Example
RPS application image
Application info:
Combined image bit set : No
Image type : TA application
Image size : 0x001986A0 (1672864 B)
Flash address : 0x00011000
Firmware version : 0x020101BF
Firmware version ext. : 0x1610ABFF
Counter : 0x00000000 (0)
PSRAM : No
Security settings:
Integrity check : CRC
CRC : 0x844D33FA (2219652090)
Encrypted : No
Signed : No
Boot descriptor info:
Boot desc. offset : 0x0080
IVT offset : 0x00000000
3 boot descriptor entries found:
Length : 0x000140 (320)
Destination : 0x00000000
Length : 0x000CFC (3324)
Destination : 0x00000B04
Length : 0x01A984 (108932)
Destination : 0x0000E948
DONE