16 Nov
2023
16 Nov
'23
12:26 p.m.
@Jérome You solution worked well. Thank you!
@Étienne It works for me now, so actually there is no need for me. I also think that for the sake of transparency, it is letting the signing step be done by official tools like openssl or pkcs11-tool is the better solution! It would just be great if the documentation could be changed accordingly. Make clear that the pubkey must be used for the digest and stitch steps Fix the pkcs11-tool command example
Maybe mention that the --ta-version flag must be set for some TAs e.g. oemcrypto. This has taken me quite a while to find out. Had to look at the make commands in Yocto.
Cheers, Jan