Debug Token usage CLI

Intel® System Debugger User Guide

ID	Date	Version	Classification
648476	10/17/2024		Confidential

Using Hotham and Intel® Debug Token Library

Intel® Debug Token Library - Python* library to generate and sign Intel® CSME tokens.
Hotham - Communication channel using the Debug Support Command Protocol (DSCP) on top of ipccli.

Start Python* environment

All the following instructions should be executed in Python, for convenience this documentation uses IPython*.

Open a new command interpreter (cmd) or shell
Source the <installation-directory>/isd_env.bat environment script
Call ipython

Fetch Part ID from target

While the target is connected and available, Hotham can connect to the Intel® CSME firmware and read the part ID from the target.

from intel.hotham import hotham
import intel.dtl as dtl

# Load Part ID using Hotham
code, data = hotham.loader.dscp.get_part_id()
if code != 0:
    raise RuntimeError("Failed to read Part ID from target.")
pid_pseudonym = int(''.join(data['PART_ID']), 16)
pid_nonce = data['NONCE']
pid_timestamp = data['TIMESTAMP']

# Create DTL part ID object
part_id = dtl.PartID(pid_pseudonym, pid_nonce, pid_timestamp)

Configure Token using Token Configs

Intel® Debug Token Library provides predefined token configurations for a convenient usage.

import intel.dtl as dtl

# Create a new debug token based on a Token Configuration
token = dtl.Token.from_config(dtl.TOKEN_CONFIGS.ADL_OEM_UNLOCK_TOKEN)

# Configure knobs
token.knob(dtl.TOKEN_KNOBS.OEM_UNLOCK).value = 1
token.knob(dtl.TOKEN_KNOBS.CSE_TRACING).value = 1

# Add part ID to the token (see snippet above)
token.part_ids.append(part_id)

Sign Token

The Intel® CSME firmware requires a token to be signed.

Intel® Debug Token Library supports different ways of signing:

Externally sign the the token
```
token.sign_method = None
```

Use a private key file

token.sign_method = dtl.LocalKey("<local path>")

Intel internal signing options

Inject token

While the target is connected and available Hotham can connect to the Intel® CSME firmware and inject the token.

from intel.hotham import hotham

hotham.inject_token("C:\\token.bin", False, False)

print("Manually reset target to apply changes.")

Example Scripts:

Enable debug and trace using OEM Token on Alder Lake

from intel.hotham import hotham
import intel.dtl as dtl

# Load Part ID using Hotham
code, data = hotham.loader.dscp.get_part_id()
if code != 0:
    raise RuntimeError("Failed to read Part ID from target.")
pid_pseudonym = int(''.join(data['PART_ID']), 16)
pid_nonce = data['NONCE']
pid_timestamp = data['TIMESTAMP']
part_id = dtl.PartID(pid_pseudonym, pid_nonce, pid_timestamp)

# Create a new debug token based on a Token Configuration
token = dtl.Token.from_config(dtl.TOKEN_CONFIGS.ADL_OEM_UNLOCK_TOKEN)

# Configure knobs
token.knob(dtl.TOKEN_KNOBS.OEM_UNLOCK).value = 1
token.knob(dtl.TOKEN_KNOBS.CSE_TRACING).value = 1

# Add part ID to the token (see snippet above)
token.part_ids.append(part_id)

# Use a private key file to sign token
token.sign_method = dtl.signing.LocalKey("C:\\key_private.pem")

# Write token to file
token.to_file("C:\\token.bin")

# Inject token via hotham
hotham.inject_token("C:\\token.bin", False, False)

print("Manually reset target to apply changes.")