You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 lines
1.4 KiB
27 lines
1.4 KiB
4 months ago
|
# ese-ls-provision tool
|
||
|
|
|
||
|
|
Runs on Android host and uploads scripts to the secure element loader service.
|
||
|
|
|
||
|
|
## Introduction
|
||
|
|
|
||
|
|
PN80T and later secure elements include a "loader service" which runs signed, encrypted scripts to
|
||
|
|
perform high-privilege operations like installing and deleting applets in a secure way. The result
|
||
|
|
of compiling, encrypting and signing these scripts with the `ls-cgt.jar` tool is a file containing
|
||
|
|
hexadecimal blocks separated by newlines; the first line usually starting with `7f21` indicating
|
||
|
|
the certificate for the signing key. This tool takes those signed, encrypted scripts and sends
|
||
|
|
them to the secure element.
|
||
|
|
|
||
|
|
## Usage
|
||
|
|
|
||
|
|
ese-ls-provision <identifier> <script> <responsefile>
|
||
|
|
|
||
|
|
- `<identifier>` names a file of one to twenty bytes. This is a required parameter to the code
|
||
|
|
which drives communication with the loader service, and the identifier is sent to the SE as part
|
||
|
|
of the initial setup, but I'm not sure what effect it has apart from that; the source code says
|
||
|
|
"It is used to provide the ALA with an Unique Identifier of the Application that has triggered the
|
||
|
|
ALA script".
|
||
|
|
- `<script>` is the compiled, encrypted, signed scrypt as generated by `ls-cgt.jar`.
|
||
|
|
- `<responsefile>` is a file to which to write the response from the loader service. This is also
|
||
|
|
written as newline-separated hexadecimal. On a successful upload, each line ends with `9000`.
|
||
|
|
|