The number of product units the OEM is authorizing production of. This limit is set in the Product Package, when the package is created.

IAR Embedded Trust is an embedded security solution that adds security to creating embedded software. It can be used with IAR Embedded Workbench, or with a different IDE and stand-alone applications from IAR. Its security functions include unique device identities, secure application development, and making secure manufacturing possible. This IAR Embedded Trust OEM tool can be used for creating the product package that the IAR Secure Deploy – Prototyping system takes as input.

IAR Embedded Secure IP (eSecIP) is an embedded security and provisioning system that adds security to firmware applications. The application can be in late-stage development or completed, and the security is added before mass production. Designed for MCU-centric systems, with eSecIP you can add security, deploy, and provision products with a minimal amount of software development.

The number of product units that can be produced, across all devices. This limit is set by the Factory Production token.

The number of days until the product can no longer be produced. If this limit exists, it is set by the Factory Production token.

A file that sets the limit on how many product units that can be produced, across all devices, or a last day when they can be produced. To get more tokens, contact IAR Customer Care or IAR Sales.

OrBIT is a command line application that provides a simple way to generate product packages. These product packages can then be used to provision a device using the IAR Secure Deploy – Prototyping software.

OrBIT is part of the IAR Embedded Secure IP system.

A product package (.ppkg) is a secure, encrypted file that contains the application or applications to provision the board with, including all information needed (optionally a Secure Boot Manager, instructions to generate unique device information, etc.). Only the intended production system can decode this encrypted information.

A JWT format file (*.prd) containing device-specific information (for example device ID, device certificates, passwords) generated by Secure Deploy. The file can be decrypted and viewed using the IAR Demo PR Decoder Tool included with the eSecIP installer. The public sections of the file can be viewed using any JWT viewer.

For more information about the IAR Demo PR Decoder Tool, see the Demo PR Decoder Tool Application Note.

A process that programs the application to the board and gives it access to the secure assets of the board. Sometimes provisioning is referred to simply as “programming”.

Boot loader software that decrypts and verifies the signature of an application on a secure device. This can be included in the product package file that you are provisioning, depending on which tool that you use for creating the product package.

A set of technologies within the wider IAR Embedded Trust workflow that allows firmware to be protected down to the lower levels of communication between an MCU programmed with that firmware and the tools that perform the production programming. In some cases, Secure Install will leverage functionality provided by the MCU itself, for example, STMicro’s Secure Firmware Install (SFI).

The Security Appliance is a hardware appliance that processes and decrypts the cryptographic keys and certificates that are used when provisioning the software product to the physical product devices.

A file that synchronizes the time between the SPE process and the Security Appliance, if they have become mismatched. A significant time mismatch can cause problems—for example, if the devices go live with a cloud service immediately after provisioning and the provisioning time is wrong, they might be rejected. To request a time adjust token, contact the IAR Customer Care team.