I have recently commited some changes to the OP-TEE docs regarding the offline signing of TAs. I have now revisited my work after the holidays and the signing process is now failing with
ERROR:sign_encrypt.py:Verification failed, ignoring given signature. although I am sure not to have changed anything. There is no TA being producd anymore. I am currently not sure if I made a mistake and did not see this, although I think I should have realized that no TAs are produced successfully. I am currently a bit pressed for time and was hoping that someone could assist me with the signing process. In the previous version there was a header prepended to the file that is to be signed echo "0000: 3031300D 06096086 48016503 04020105 000420" | \ xxd -c 19 -r > /tmp/sighdr cat /tmp/sighdr $(base64 --decode digestfile) > /tmp/hashtosign
This script did not work and I omitted it. Can someone tell me why this was needed in the first place or how I could fix this step? I tried fixing the step as follows echo "0000: 3031300D 06096086 48016503 04020105 000420" | \ xxd -c 19 -r > /tmp/sighdr base64 --decode digestfile > /tmp/digestfile cat /tmp/sighdr /tmp/digestfile > /tmp/hashtosign
but the pkcs11-tool then complains that the signature is too long. Any help appreciated! --- Jan
Btw the changes I commited also have another typo and need to be corrected. I would like to wait with the fix this time though until this is working and thoroughly tested.
op-tee@lists.trustedfirmware.org