Skip to main content

Device Provisioner
Configuring target devices

The Device Provisioner helps to provision microcontrollers for debug, trace or production access, including locking the device afterwards. It simplifies the automation of configuring security features on target devices.

 

Contact us
Downloads
Documentation

Overview

Most modern microcontrollers include security features for locking or encrypting the debug interface, protecting read out, and more. Each silicon vendor has its own method of configuring and activating these features. The Device Provisioner for J-Link, J-Trace and Flasher provides uniform access to these options.

Key features

The Device Provisioner provides a comprehensive set of features designed to streamline the setup and configuration of devices.

 

Universal access

Scripts for the Device Provisioner can access almost all functions of the target interface.

 

Full automation

Automated actions such as initialization steps to enable secured access can be integrated into automatic processes.

Support for security features

The Device Provisioner enables access to features such as encrypted programming or debug interfaces, TrustZone®/partitioning, and many more.

Use cases

The Device Provisioner is a versatile tool for securely setting up and configuring microcontrollers for various use cases, including secure debugging, programming, and configuring TrustZone® partitions.

 

Device provisioning for secure debugging

Secure microcontrollers offer options to debug over secured interfaces. To set up the interface properly, the Device Provisioner is used to set up the target device with secure IDs and to set the state to accept secure debug connection. This includes enabling the interfaces, activating security features for the interfaces (securing) or locking them down, once the product lifecycle reaches this state.

Device provisioning for secure programming

Secure programming usually requires preparation of the device by adding secure IDs and enabling the device to lock itself down after transmission of the firmware. The Device Provisioner provides commands to change the states of the microcontroller that enable or disable debugging or secure programming. In addition, the device provisioner can download keys or certificates (provisioning), if required for the secure processes.

Configuring TrustZone® partitions

TrustZone® is Arm’s tool for code isolation on a device. To prepare a target device, the trusted areas have to be configured. After adding code to the trusted partition, the zone can be locked such that no further read or write access is possible in the zone.

How the Device Provisioner works

The Device Provisioner is a command line tool for J-Link debug probes, J-Trace streaming probes and Flasher in-circuit programmers, ensuring devices are properly set up and configured for use. The provisioning process includes tasks such as initializing hardware, installing software, configuring settings, and sometimes associating the device with a specific user or network.

Created to seamlessly integrate into automation environments, the Device Provisioner executes commands from scripts written in the C language, which can be provided by SEGGER, the silicon vendor, or created by users. These scripts can be executed on J-Links and Flashers while connected to a host PC, as well as in stand-alone mode on Flashers. To protect intellectual property, script files can be distributed in source code or pre-compiled form.

 

Overview Device Provisioner

Example project

Secure product lifecycle management for the STM32H5 series

Device provisioning plays a foundational role in establishing and maintaining the security of devices throughout their lifecycle, from initial deployment to decommissioning. It ensures that devices are configured securely, managed effectively, and integrated seamlessly into the overall security infrastructure. SEGGER has already developed security product lifecycle features for the STM32H5 series from STMicroelectronics. It includes all necessary commands ranging from checking the product state to performing a full regression.

Discovery

Product state change

Provisioning

Unlocking

 Learn more

Script customization & flexibility

Customization requires a script. The Device Provisioner utility offers the utmost in flexibility by enabling users to customize their own device provisioning process by writing their own script.

SEGGER can also, upon request, help with the script or the script may come from the Silicon Vendor. The script required for popular MCUs is available from SEGGER and more will be added over time.

Interface access

The Device Provisioner has full access to interfaces of the J-Link debug probes, J-Trace streaming probes and Flasher in-circuit programmers interface, including but not limited to protocols such as JTAG, SWD, SPD, I2C, SPI, and UART.

Licensing

The Device Provisioner is included in both the J-Link Software and Documentation Package and the Flasher Software and Documentation Package. The software package is free for any J-LinkJ-Trace or Flasher device and can be downloaded here.

System requirements

Supported OS
WindowsMicrosoft Windows (x86/x64)
macOSmacOS (x86/Apple Silicon)
LinuxLinux (x86/x64/Arm)