diff --git a/.github/workflows/test-keytools.yml b/.github/workflows/test-keytools.yml index e323aa701..315bdad1c 100644 --- a/.github/workflows/test-keytools.yml +++ b/.github/workflows/test-keytools.yml @@ -144,3 +144,9 @@ jobs: - name: Generate final signed binary run: | ./tools/keytools/sign --rsa2048 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig + + + # TODO: Test WOLFBOOT_UNIVERSAL_KEYSTORE + # TODO: Test sign "--no-ts" + # TODO: Test keygen with --id "keygen --ecc256 -g generic.key --id 1,2,3 -g restricted.key" + # TODO: Test keygen with -i "keygen --ecc256 -g a.key --ecc384 -g b.key --rsa2048 -i rsa-pub.der" diff --git a/.gitignore b/.gitignore index f70bef97e..04c7d732e 100644 --- a/.gitignore +++ b/.gitignore @@ -105,6 +105,7 @@ tools/tpm/pcr_read tools/tpm/pcr_reset tools/tpm/pcr_extend tools/tpm/policy_create +tools/tpm/policy_sign config/*.ld # Generated confiuguration file diff --git a/docs/keystore.md b/docs/keystore.md index d3bc542a0..8d0ee027f 100644 --- a/docs/keystore.md +++ b/docs/keystore.md @@ -124,7 +124,7 @@ partition with `--id 3` would require turning on bit '3' in the mask, i.e. addin To restrict the permissions for single keys, it would be sufficient to change the value of each key `part_id_mask`. This is done via the `--id` command line option for keygen. -Each generated or imported key can be associatd with a number of partition by passing the +Each generated or imported key can be associated with a number of partition by passing the partition IDs in a comma-separated list, e.g.: ``` @@ -176,7 +176,7 @@ The API consists of a few functions described below. Returns the number of slots in the keystore. At least one slot should be populated if you want to authenticate your firmware today. -The interface assumes that the slots are numbered sequentially, from zero to +The interface assumes that the slots are numbered sequentially, from zero to `keystore_num_pubkeys() - 1`. Accessing those slots through this API should always return a valid public key. @@ -198,5 +198,3 @@ public key associated to the slot `id`. `uint32_t keystore_get_mask(int id)` Returns the permissions mask, as a 32-bit word, for the public key stored in the slot `id`. - -