README.md
1# ese-ls-provision tool
2
3Runs on Android host and uploads scripts to the secure element loader service.
4
5## Introduction
6
7PN80T and later secure elements include a "loader service" which runs signed, encrypted scripts to
8perform high-privilege operations like installing and deleting applets in a secure way. The result
9of compiling, encrypting and signing these scripts with the `ls-cgt.jar` tool is a file containing
10hexadecimal blocks separated by newlines; the first line usually starting with `7f21` indicating
11the certificate for the signing key. This tool takes those signed, encrypted scripts and sends
12them to the secure element.
13
14## Usage
15
16 ese-ls-provision <identifier> <script> <responsefile>
17
18- `<identifier>` names a file of one to twenty bytes. This is a required parameter to the code
19which drives communication with the loader service, and the identifier is sent to the SE as part
20of the initial setup, but I'm not sure what effect it has apart from that; the source code says
21"It is used to provide the ALA with an Unique Identifier of the Application that has triggered the
22ALA script".
23- `<script>` is the compiled, encrypted, signed scrypt as generated by `ls-cgt.jar`.
24- `<responsefile>` is a file to which to write the response from the loader service. This is also
25written as newline-separated hexadecimal. On a successful upload, each line ends with `9000`.
26
27