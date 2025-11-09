The mstdpa tool allows the user to sign DPA applications, which are given to the tool as part of a Host ELF file.

It also supports the creation, signing, and removal of single applications.

In addition, mlxdpa allows the user to add or remove certificates from the DPA device — this is done by creating certificate containers and signing them.

The tool generates the signatures using a provided private key PEM file.

Tool Requirements:

Supported operating systems: Linux

Supported platforms: x86-64, arm64

mlxdpa Synopsis

Sign Host ELF using PEM file

Copy Copied! mstdpa --host_elf <ELF file> --cert_chain <certificate chain> --private_key <key .pem file> --output_file <output file path> sign_dpa_apps

Create an upload container for a single app

Copy Copied! mstdpa -s <single ELF> --life_cycle_priority <Nvidia,OEM,User> -m <appmetadata yaml file> --manifest <manifest bin file> -o <output file path> create_single_dpa_app

Sign upload container for a single app using a PEM file

Copy Copied! mstdpa -s <elf generated in step 2 > -c <certificate file> -p <key .pem file> --cert_chain_count <certificate chain> --life_cycle_priority <Nvidia,OEM,User> -o <output file path> sign_single_dpa_app

Query manifest from a single ELF

Copy Copied! mstdpa -s <dpa app> -o <output file path> query_manifest

Create DPA app removal container

Copy Copied! mstdpa --dpa_app_uuid <dpa app uuid> -o <output file path> --life_cycle_priority <Nvidia,OEM,User> create_dpa_app_removal

Sign DPA app removal container

Copy Copied! mstdpa --dpa_app_removal_container <dpa app removal container> --keypair_uuid <keypair uuid> -p <key .pem file> -o <output file path> --life_cycle_priority <Nvidia,OEM,User> sign_dpa_app_removal

Where:

-e|--host_elf Path to the Host ELF file containing DPA applications -c|--cert_chain Path to a certificate chain file to embed in the crypto data -p|--private_key Path to a private key PEM file for signature generation -o|--output_file Path to output signed Host/single ELF -h|--help Show help message -v|--version Show tool version --cert_chain_count <Hex number> Number of certificates in the provided certificate chain --dpa_app_removal_container <Path> Path to a DPA app removal container to sign --manifest <Manifest> Path to the manifest file -m|--app_metadata <App Metadata> Path to the app metadata YAML file -s|--single_app <Single App> Path to the single app file

Creating a Certificate Container

Container for adding a certificate

Copy Copied! mstdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --life_cycle_priority <Nvidia,OEM,User> create_cert_container

Container for removing a certificate

Copy Copied! mstdpa --cert_container_type remove [--cert_uuid <uuid of the certificate for removal>] [--remove_all_certs] -o <output path> --life_cycle_priority <Nvidia,OEM,User> create_cert_container

Create a certificate upload container with the keep_sig flag

Copy Copied! mstdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --life_cycle_priority <Nvidia,OEM,User> --keep_sig create_cert_container

Create a certificate upload container with the nvidia_signed_oem flag

Copy Copied! mstdpa --cert_container_type add -c <.DER formatted certificate> -o <output path> --nvidia_signed_oem create_cert_container

Signing a Certificate Container

Container for adding a certificate

Copy Copied! mstdpa --cert_container <container> -p < private key pem file> --keypair_uuid <uuid> --cert_uuid <uuid> --life_cycle_priority <Nvidia,OEM,User> -o <output path> sign_cert_container

Container for removing a certificate

Copy Copied! mstdpa --cert_container <container> -p < private key pem file> --keypair_uuid <uuid> --life_cycle_priority <Nvidia,OEM,User> -o <output path> sign_cert_container

Where: