Download profile (live)
Drive an activation-code download through SCP11/live against a live
SM-DP+, install the BPP on the eUICC, and let the shell reconcile
notifications so SM-DP+ sees the result.
On this page
Prerequisites
- a PC/SC reader with a compatible eUICC, or a simulator backend
- an activation code of shape
LPA:1$<smdp-host>$<matching-id> - network reachability to the SM-DP+ host
SCP11/livecan resolve the trust chain the SM-DP+ serves (live-default trust assumed)
Steps
-
Open the shell and confirm the session is in a good shape.
python -m SCP11.live --cmd "STATUS; DISCOVER; EXIT"Both
STATUSandDISCOVERshould return without errors. Persist endpoints if needed. -
Run the download.
python -m SCP11.live --cmd "DOWNLOAD-PROFILE LPA:1\$example.smdp.example.com\$ABCDEF123456; STATUS; EXIT"The shell drives:
InitiateAuthenticationagainst the SM-DP+AuthenticateServer/AuthenticateClientwith the eUICCPrepareDownloadGetBoundProfilePackageLoadBoundProfilePackageagainst theISD-R- notification hygiene with SM-DP+
-
Validate the result.
python -m SCP11.local_access --cmd "DISCOVER; STATUS; EXIT"The new profile should appear in the listing as
DISABLED. -
Optional: enable the new profile. See Enable, Disable, Delete a Profile.
Validation
Look for:
- the shell's final
InstallResult: okline - no notifications left hanging on the card after the shell returns
- a new
ICCIDvisible inSTATUS
Common failures
| Symptom | Likely cause |
|---|---|
CI PKID unavailable at AuthenticateClient |
the card does not trust the SM-DP+'s CI chain. Check ES9-CERT-INFO and SET-ES9-CA. |
TLS failure at InitiateAuthentication |
network or pinned CA issue. Check SET-ES9-TLS and SET-ES9-CA. |
| BPP install fails mid-stream | insufficient free memory on the eUICC, or a corrupt BPP segment. Retry. |
| Notification left on card | HandleNotification failed. Re-run the shell; notification hygiene is automatic. |
Related pages
- SCP11 Live Relay
- RSP Architecture
guides/PROFILE_LIFECYCLE_CLI_CHEATSHEET.md