Skip to content

Commit

Permalink
Spelling and add TODO's for testing new keytool features.
Browse files Browse the repository at this point in the history
  • Loading branch information
dgarske committed Sep 28, 2023
1 parent eba3f65 commit 56be972
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/test-keytools.yml
Original file line number Diff line number Diff line change
Expand Up @@ -144,3 +144,9 @@ jobs:
- name: Generate final signed binary
run: |
./tools/keytools/sign --rsa2048 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig
# TODO: Test WOLFBOOT_UNIVERSAL_KEYSTORE
# TODO: Test sign "--no-ts"
# TODO: Test keygen with --id "keygen --ecc256 -g generic.key --id 1,2,3 -g restricted.key"
# TODO: Test keygen with -i "keygen --ecc256 -g a.key --ecc384 -g b.key --rsa2048 -i rsa-pub.der"
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ tools/tpm/pcr_read
tools/tpm/pcr_reset
tools/tpm/pcr_extend
tools/tpm/policy_create
tools/tpm/policy_sign
config/*.ld

# Generated confiuguration file
Expand Down
6 changes: 2 additions & 4 deletions docs/keystore.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ partition with `--id 3` would require turning on bit '3' in the mask, i.e. addin

To restrict the permissions for single keys, it would be sufficient to change the value
of each key `part_id_mask`. This is done via the `--id` command line option for keygen.
Each generated or imported key can be associatd with a number of partition by passing the
Each generated or imported key can be associated with a number of partition by passing the
partition IDs in a comma-separated list, e.g.:

```
Expand Down Expand Up @@ -176,7 +176,7 @@ The API consists of a few functions described below.

Returns the number of slots in the keystore. At least one slot
should be populated if you want to authenticate your firmware today.
The interface assumes that the slots are numbered sequentially, from zero to
The interface assumes that the slots are numbered sequentially, from zero to
`keystore_num_pubkeys() - 1`. Accessing those slots through this API should always
return a valid public key.

Expand All @@ -198,5 +198,3 @@ public key associated to the slot `id`.
`uint32_t keystore_get_mask(int id)`

Returns the permissions mask, as a 32-bit word, for the public key stored in the slot `id`.


0 comments on commit 56be972

Please sign in to comment.