Open jon-flatley opened 1 year ago
Is there something tracking adding the spx pub key export operation, i.e. exporting the public keys to header files that can be included in the ROM / any future bootstage? (as is possible with the similar RSA opentitantool command)
To get the real keys generated / added to the ROM I had to hack shell script together to gen the header files.
CC @cfrantz
there is yet another issue which requires clean up: not sure if this affects other modes, but in PreHashedSha256 mode digest generated by opentitantool image digest ...
needs to be converted from big endian into little endian before signing in order foropentitantool image manifest verify --spx ....
and ROM_EXT validations to succeed.
But opentitantool spx verify --domain PreHashedSha256 <key> <digest> <signature>
invocation expects the digest as is, without endianness change.
ROM_EXT and opentitnantool image manifest verify ...
cases should be updated to match opentitantool image digest ...
output.
@timothytrippel @cfrantz
Description
Per comments in #18041 there is some cleanup that is needed in the
openttiantool spx
commands.SpxPublicKeyInfo