Closed flihp closed 6 months ago
This is already being used but the implementation needs to be verified.
I've now compared example generated from the KDL with a CSR taken from a development system. They're 3 bytes different an as far as I can tell the difference is only in the encoding.
Generate CSR identical to CSR produced by RoT in platform identity programming loop / protocol. Most of the hard work was done in #48. This work should be limited to using the code from #48 to generate a cert that's identical to what we produce from the templates in hubris: https://github.com/oxidecomputer/hubris/blob/a89e0a954a7ab0a7e571707e480789432dfa149a/lib/dice/src/persistid_csr_tmpl.rs