RT500 A0 XIP, SIGNED, OTFAD ENCRYPTED IMAGE PREPARATION
=======================================================

1. Generate signed image using elftosb tool (1_GEN_SIGNED_XIP_IMAGE.bat)
	elftosb.exe -V -f rt6xx -J "config_files/conf_signed_xip.json"

2. Generate key store including SBKek and OTFADKek (2_GEN_KEY_STORE.bat)
	blhost -p com9 -- key-provisioning enroll
	blhost -p com9 -- key-provisioning set_user_key 2 keys/OTFADKek_PUF.bin
	blhost -p com9 -- key-provisioning set_user_key 3 keys/SBkek_PUF.bin
	blhost -p com9 -- key-provisioning read_key_store key_store/key_store_rt5xx.bin

3. Generate SB file which configures flash, writes FCB, loads PUF key store, generates OTFAD key blobs and encrypts image (3_GEN_SB_FILE.bat)
	elftosb.exe -d -V -k keys\SBkek_PUF.txt -f rt5xx -c BD_files\commandFile.bd -o SB_files\SBfile.sb2 ^
	-s "keys_and_certs\k0_cert0_2048.pem" ^
	-R "keys_and_certs\root_k0_signed_cert0_noca.der.cert" ^
	-R "keys_and_certs\root_k1_signed_cert0_noca.der.cert" ^
	-R "keys_and_certs\root_k2_signed_cert0_noca.der.cert" ^
	-R "keys_and_certs\root_k3_signed_cert0_noca.der.cert" ^
	-S "keys_and_certs\root_k0_signed_cert0_noca.der.cert" ^
	-h "RKTH\RKTH.bin"

4. Program RKTH generated by elftosb (RKTH generated in step 1 must equal to RKTH generated in step 3) into OTP (4_PROG_RKTH_OTP.bat)
	HINT: Use regular expresion to convert RKTH to correct format.
		find: (..)(..)(..)(..)
		replace: $4$3$2$1\n

	blhost.exe -p COM9 efuse-write-once 0x78 24371f32
	blhost.exe -p COM9 efuse-write-once 0x79 b30bd1b5
	blhost.exe -p COM9 efuse-write-once 0x7A 3b70e2e6
	blhost.exe -p COM9 efuse-write-once 0x7B 1e1319d5
	blhost.exe -p COM9 efuse-write-once 0x7C 89e54def
	blhost.exe -p COM9 efuse-write-once 0x7D f0d588b2
	blhost.exe -p COM9 efuse-write-once 0x7E 99f239d3
	blhost.exe -p COM9 efuse-write-once 0x7F 2f3f75ff

5. Enable debug to be able to write into shadow registers using jlink script (5_ENTER_DEBUG.bat)
	JLink.exe -device CORTEX-M33 -if SWD -speed 4000 -jtagconf -1,-1 -autoconnect 1 -JLinkScriptFile jlink_scripts\debug_unlock.jlinkscript

6. Program OTP shadow registers to enable secure boot, PUF and OTFAD (6_PROG_SHADOW_SECUREBOOT_OTFAD.bat)
	JLink.exe -device CORTEX-M33 -if SWD -speed 4000 -jtagconf -1,-1 -autoconnect 1 -CommanderScript jlink_scripts\secureboot_otfad.jlink

7. Perform warm reset using reset button to exit from debug mode (from step 5) and enter ISP mode.

8. Write key store including at least SBKek needed for SB file processing (8_WRITE_KEY_STORE.bat)
	blhost -p com9 -- key-provisioning write_key_store key_store/key_store_rt5xx.bin

9. Load SB file generated in step 3 into the chip (9_RECEIVE_SB_FILE.bat)
	blhost.exe -p com9 receive-sb-file SB_files\SBfile.sb2

10. Perform warm reset to boot the image