Hmm, don't think so. An SSD with plain or mandated DAP is meant not to be deleted by the ISD. Otherwise it beats the purpose of a Service Provider or Controlling Authority representative on the SE if the ISD can tamper with it. Only an SSD instance without any privileges (besides SSD) shall be deletable.
safarmer wrote:The JCOP emulator I have does not seem to support GP 2.2. I will ask around to see if anyone here has spoken to NXP about a newer version.
lexdabear wrote:Thanks for the tip. I will check it out.
You can use JCOP simulator to test it. In the specification it's mentioned in the banking configuration of GP 2.2.
I have the same problem. I created a SSD with mandated DAP, now I can not delete it. I have a JCOP card and the following so far:
Card Manager AID : A0000001510000
Card Manager state : OP_READY
Sec. Domain:PERSONALIZED (SVE----M) A000000004000001
Sec. Domain:PERSONALIZED (SV-----M) A000000004000002
Load File : LOADED (--------) A0000000035350 (Security Domain)
Module : A0000001510000
Module : A000000003535041
Module : A0000000030000
As you can see both A000000004000001 and A000000004000002 have mandated DAP privilege. Now I can not delete them.
cm> delete A000000004000001
=> 80 E4 00 00 0A 4F 08 A0 00 00 00 04 00 00 01 00 .....O..........
<= 69 85 i.
Status: Conditions of use not satisfied
jcshell: Error code: 6985 (Conditions of use not satisfied)
Sadly I can not Load to them either. First I created the SSD with A000000004000001. Then I tried to LOAD a CAP with the appropriate load token and DAP(A000000004000001). It failed with 6985.
After that I instantiated a second SSD (because I realized that I can not delete the first one). I Tried to LOAD a CAP with the necessary DAP(A000000004000002) but it failed with 6985 as well. Now I'm stuck.
Please tell me if there is any way to get rid of these SSDs. And besides what am I missing with the LOAD? Mandated DAP only means that if I try to load a CAP into a Security Domain with mDAP the CAP file has to have an appropriate DAP block, right? DAP meant if it exsits it will be checked but if there is no DAP provided it will pass.