I have recently commited some changes to the OP-TEE docs regarding the offline signing of TAs. I have now revisited my work after the holidays and the signing process is now failing with
ERROR:sign_encrypt.py:Verification failed, ignoring given signature.
although I am sure not to have changed anything. There is no TA being producd anymore. I am currently not sure if I made a mistake and did not see this, although I think I should have realized that no TAs are produced successfully.
I am currently a bit pressed for time and was hoping that someone could assist me with the signing process. In the previous version there was a header prepended to the file that is to be signed
echo "0000: 3031300D 06096086 48016503 04020105 000420" | \
xxd -c 19 -r > /tmp/sighdr
cat /tmp/sighdr $(base64 --decode digestfile) > /tmp/hashtosign
This script did not work and I omitted it. Can someone tell me why this was needed in the first place or how I could fix this step?
I tried fixing the step as follows
echo "0000: 3031300D 06096086 48016503 04020105 000420" | \
xxd -c 19 -r > /tmp/sighdr
base64 --decode digestfile > /tmp/digestfile
cat /tmp/sighdr /tmp/digestfile > /tmp/hashtosign
but the pkcs11-tool then complains that the signature is too long.
Any help appreciated!
---
Jan
[BCC all OP-TEE maintainers]
Hi OP-TEE maintainers & contributors,
OP-TEE v4.1.0 is scheduled to be released on 2024-01-19. So, now is
a good time to start testing the master branch on the various platforms
and report/fix any bugs.
The GitHub pull request for collecting Tested-by tags or any other
comments is https://github.com/OP-TEE/optee_os/pull/6574.
As usual, we will create a release candidate tag one week before the
release date for final testing.
In addition to that you can find some additional information related to
releases here: https://optee.readthedocs.io/en/latest/general/releases.html
Thanks,
Jens
