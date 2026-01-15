mlxdpa – DPA Applications Sign Tool
The mlxdpa tool allows the user to sign DPA applications, which are given to the tool as part of a Host ELF file. In addition, mlxdpa allows the user to add or remove certificates from the DPA device. This is done by creating certificate containers and signing them.
The tool generates the signatures using a provided private key PEM file.
Tool Requirements:
Supported operating systems: Linux
Supported platforms: x86-64, arm64
mlxdpa Synopsis
# mlxdpa --host_elf <ELF file> --cert_chain <certificate chain> --private_key <key .pem file> --output_file <output file path> sign_dpa_apps
Where:
-e|--host_elf
Path to the Host ELF file containing DPA applications
-c|--cert_chain
Path to a certificate chain file to embed in the crypto data
-p|--private_key
Path to a private key PEM file for signature generation
-o|--output_file
Path to output signed Host ELF
-h|--help
Show help message
-v|--version
Show tool version
--cert_chain_count <Hex number>
Number of certificates in the provided certificate chain
Creating a Certificate Container
Container for adding a certificate:
mlxdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --life_cycle_priority <Nvidia,OEM,User> create_cert_container
Container for removing a certificate:
mlxdpa --cert_container_type remove [--cert_uuid <uuid of the certificate
for removal>] [--remove_all_certs] -o <output path> --life_cycle_priority <Nvidia,OEM,User> create_cert_container
Signing a Certificate Container
Container for adding a certificate:
mlxdpa --cert_container <container> -p <
private key pem file> --keypair_uuid <uuid> --cert_uuid <uuid> --life_cycle_priority <Nvidia,OEM,User> -o <output path> sign_cert_container
Container for removing a certificate:
mlxdpa --cert_container <container> -p <
private key pem file> --keypair_uuid <uuid> --life_cycle_priority <Nvidia,OEM,User> -o <output path> sign_cert_container
Where:
--cert_container
Path to a certificate container to sign
--cert_container_type <Add/Remove>
Type of a certificate container to create
-c|--certificate
Path to a .DER formatted certificate
--keypair_uuid
Key-pair UUID of the private key used for signing
--cert_uuid
Time base UUID generated right before signing
--remove_all_certs
Remove all CA Certificates, provide with the sign_cert_remove command
--life_cycle_priority <Nvidia, OEM, User>
Life-cycle priority of a requested certificate container
-o|--output_file
Path to an output file
-p|--private_key
Path to a private key PEM file for signature generation