Hi,
Per https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07 (which is latest spec I can find for profile 1 token):
The Certification Reference claim is used to link the class of chip and PSA RoT of the attesting device to an associated entry in the PSA Certification database. It MUST be represented as a thirteen-digit [EAN-13https://www.gs1.org/standards/barcodes/ean-upc].¶https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07#section-3.2.3-1
Linking to the PSA Certification entry can still be achieved if this claim is not present in the token by making an association at a Verifier between the reference value and other token claim values - for example, the Implementation ID.¶https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07#section-3.2.3-2
psa-certification-reference-type = text .regexp "[0-9]{13}"
psa-certification-reference = (
? psa-certification-reference-key =>
psa-certification-reference-type
)
But in the tf-m-tools repo:
iat-verifier\iatverifier\psa_iot_profile1_token_claims.py it checks for PSA 2.0 profile HW version which is EAN-13 + 5.
class HardwareVersionClaim(AttestationClaim): """Class representing a PSA Attestation Token Hardware version claim""" def verify(self, token_item): self._check_type('HARDWARE_VERSION', token_item.value, str)
value_len = len(token_item.value) expected_len = 19 # 'EAN13-Version' 13 + 1 + 5. e.g.:0604565272829-10010 if len(token_item.value) != expected_len: msg = 'Invalid HARDWARE_VERSION length; must be {} characters, found {} characters' self.verifier.error(msg.format(expected_len, value_len)) for idx, character in enumerate(token_item.value): if character not in string.digits: if idx != 13 or character not in '-': msg = 'Invalid character {} at position {}' self.verifier.error(msg.format(character, idx+1))
It seems like this was changed 3yrs ago: SHA-1: 8ac8d17d15353c7f7933ae8065646946ae47f993 * Fix HW Version claim expected length www.psacertified.org issuing HW versions of format '[0-9]{13}-[0-9]{5}'. It is called 'certification reference': https://www.psacertified.org/certified-products/ Signed-off-by: Tamas Ban tamas.ban@arm.com Change-Id: I0417e1ce76896f1128864676f29a4314b3fd1fb8
When I run "check_iat" script, I get these errors:
./scripts/check_iat -k public_key.pem -K -p -t PSA-IoT-Profile1-token cc27xx.cbor ERROR:iat-verifiers:Invalid HARDWARE_VERSION length; must be 19 characters, found 13 characters ERROR:iat-verifiers:Invalid character i at position 1 ERROR:iat-verifiers:Invalid character r at position 2 ERROR:iat-verifiers:Invalid character m at position 3 ERROR:iat-verifiers:Invalid character w at position 4 ERROR:iat-verifiers:Invalid character a at position 5 ERROR:iat-verifiers:Invalid character r at position 6 ERROR:iat-verifiers:Invalid character e at position 7 ERROR:iat-verifiers:Invalid character . at position 8 ERROR:iat-verifiers:Invalid character o at position 9 ERROR:iat-verifiers:Invalid character r at position 10 ERROR:iat-verifiers:Invalid character g at position 11 ERROR:iat-verifiers:Invalid character at position 12 ERROR:iat-verifiers:Invalid character at position 13
Is the verifier tool incorrect or should I be following "EAN13-Version' 13 + 1 + 5" even for profile 1 token?
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
Hi Brian,
The PSA_IOT_PROFILE_1 profile is actually deprecated and has been superseded by the PSA 2.0 profile. We intended to remove support for it last year, but were unable to do so due to incompatibility with the psa-arch test suite.
Strictly speaking, the iat-verifier should still accept tokens using the EAN-13 format, as noted here: https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-24#nam...
However, once the version incompatibility between TF-M and psa-arch is resolved, we will proceed with removing support for PSA_IOT_PROFILE_1.
Do you plan to migrate to the new profile? Do you have any concerns about the removal of support for PSA_IOT_PROFILE_1?
We shared this plan on the mailing list previously, but so far haven't received any feedback.
Best regards, Tamas
From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Monday, May 12, 2025 10:12 PM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA_IOT_PROFILE_1 attestation Certification Reference
Hi,
Per https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07 (which is latest spec I can find for profile 1 token):
The Certification Reference claim is used to link the class of chip and PSA RoT of the attesting device to an associated entry in the PSA Certification database. It MUST be represented as a thirteen-digit [EAN-13https://www.gs1.org/standards/barcodes/ean-upc].¶https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07#section-3.2.3-1
Linking to the PSA Certification entry can still be achieved if this claim is not present in the token by making an association at a Verifier between the reference value and other token claim values - for example, the Implementation ID.¶https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07#section-3.2.3-2
psa-certification-reference-type = text .regexp "[0-9]{13}"
psa-certification-reference = (
? psa-certification-reference-key =>
psa-certification-reference-type
)
But in the tf-m-tools repo:
iat-verifier\iatverifier\psa_iot_profile1_token_claims.py it checks for PSA 2.0 profile HW version which is EAN-13 + 5.
class HardwareVersionClaim(AttestationClaim): """Class representing a PSA Attestation Token Hardware version claim""" def verify(self, token_item): self._check_type('HARDWARE_VERSION', token_item.value, str)
value_len = len(token_item.value) expected_len = 19 # 'EAN13-Version' 13 + 1 + 5. e.g.:0604565272829-10010 if len(token_item.value) != expected_len: msg = 'Invalid HARDWARE_VERSION length; must be {} characters, found {} characters' self.verifier.error(msg.format(expected_len, value_len)) for idx, character in enumerate(token_item.value): if character not in string.digits: if idx != 13 or character not in '-': msg = 'Invalid character {} at position {}' self.verifier.error(msg.format(character, idx+1))
It seems like this was changed 3yrs ago: SHA-1: 8ac8d17d15353c7f7933ae8065646946ae47f993
* Fix HW Version claim expected length
www.psacertified.orghttp://www.psacertified.org issuing HW versions of format '[0-9]{13}-[0-9]{5}'. It is called 'certification reference': https://www.psacertified.org/certified-products/
Signed-off-by: Tamas Ban <tamas.ban@arm.commailto:tamas.ban@arm.com> Change-Id: I0417e1ce76896f1128864676f29a4314b3fd1fb8
When I run "check_iat" script, I get these errors:
./scripts/check_iat -k public_key.pem -K -p -t PSA-IoT-Profile1-token cc27xx.cbor ERROR:iat-verifiers:Invalid HARDWARE_VERSION length; must be 19 characters, found 13 characters ERROR:iat-verifiers:Invalid character i at position 1 ERROR:iat-verifiers:Invalid character r at position 2 ERROR:iat-verifiers:Invalid character m at position 3 ERROR:iat-verifiers:Invalid character w at position 4 ERROR:iat-verifiers:Invalid character a at position 5 ERROR:iat-verifiers:Invalid character r at position 6 ERROR:iat-verifiers:Invalid character e at position 7 ERROR:iat-verifiers:Invalid character . at position 8 ERROR:iat-verifiers:Invalid character o at position 9 ERROR:iat-verifiers:Invalid character r at position 10 ERROR:iat-verifiers:Invalid character g at position 11 ERROR:iat-verifiers:Invalid character at position 12 ERROR:iat-verifiers:Invalid character at position 13
Is the verifier tool incorrect or should I be following "EAN13-Version' 13 + 1 + 5" even for profile 1 token?
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
Hi Tamas,
My question is if I should be using EAN-13 +5 format for Profile 1 since www.psacertified.orghttps://urldefense.com/v3/__http:/www.psacertified.org__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqdyGM_Lvg$ is issuing HW versions of format '[0-9]{13}-[0-9]{5}'. It is called 'certification reference': https://www.psacertified.org/certified-products/https://urldefense.com/v3/__https:/www.psacertified.org/certified-products/__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfZxTcdZQ$. I thought that may be the case since the iat-verifier doesn’t support EAN-13 format although that is what the spec dictates.
We do not plan to migrate to the new profile at this time since we cannot support all the required claims.
I think it would be best to keep backward compatibility with Profile 1 (compile time option) even if you update TF-M to use PSA 2.0 profile by default.
Regards, Brian
From: Tamas Ban Tamas.Ban@arm.com Sent: Tuesday, May 13, 2025 12:49 PM To: Quach, Brian brian@ti.com; tf-m@lists.trustedfirmware.org Subject: [EXTERNAL] RE: PSA_IOT_PROFILE_1 attestation Certification Reference
Hi Brian, The PSA_IOT_PROFILE_1 profile is actually deprecated and has been superseded by the PSA 2. 0 profile. We intended to remove support for it last year, but were unable to do so due to incompatibility with the psa-arch test suite. Strictly ZjQcmQRYFpfptBannerStart This message was sent from outside of Texas Instruments.
Do not click links or open attachments unless you recognize the source of this email and know the content is safe.
ZjQcmQRYFpfptBannerEnd Hi Brian,
The PSA_IOT_PROFILE_1 profile is actually deprecated and has been superseded by the PSA 2.0 profile. We intended to remove support for it last year, but were unable to do so due to incompatibility with the psa-arch test suite.
Strictly speaking, the iat-verifier should still accept tokens using the EAN-13 format, as noted here: https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-24#nam...https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-24*name-backwards-compatibility-con__;Iw!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqf9k2fKNQ$
However, once the version incompatibility between TF-M and psa-arch is resolved, we will proceed with removing support for PSA_IOT_PROFILE_1.
Do you plan to migrate to the new profile? Do you have any concerns about the removal of support for PSA_IOT_PROFILE_1? We shared this plan on the mailing list previously, but so far haven’t received any feedback.
Best regards, Tamas
From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Monday, May 12, 2025 10:12 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA_IOT_PROFILE_1 attestation Certification Reference
Hi,
Per https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfZXoZDQQ$ (which is latest spec I can find for profile 1 token):
The Certification Reference claim is used to link the class of chip and PSA RoT of the attesting device to an associated entry in the PSA Certification database. It MUST be represented as a thirteen-digit [EAN-13https://urldefense.com/v3/__https:/www.gs1.org/standards/barcodes/ean-upc__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqf8M0p0Ww$].¶https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07*section-3.2.3-1__;Iw!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqcHhvDdLQ$
Linking to the PSA Certification entry can still be achieved if this claim is not present in the token by making an association at a Verifier between the reference value and other token claim values - for example, the Implementation ID.¶https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07*section-3.2.3-2__;Iw!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfox8zsKw$
psa-certification-reference-type = text .regexp "[0-9]{13}"
psa-certification-reference = (
? psa-certification-reference-key =>
psa-certification-reference-type
)
But in the tf-m-tools repo:
iat-verifier\iatverifier\psa_iot_profile1_token_claims.py it checks for PSA 2.0 profile HW version which is EAN-13 + 5.
class HardwareVersionClaim(AttestationClaim): """Class representing a PSA Attestation Token Hardware version claim""" def verify(self, token_item): self._check_type('HARDWARE_VERSION', token_item.value, str)
value_len = len(token_item.value) expected_len = 19 # 'EAN13-Version' 13 + 1 + 5. e.g.:0604565272829-10010 if len(token_item.value) != expected_len: msg = 'Invalid HARDWARE_VERSION length; must be {} characters, found {} characters' self.verifier.error(msg.format(expected_len, value_len)) for idx, character in enumerate(token_item.value): if character not in string.digits: if idx != 13 or character not in '-': msg = 'Invalid character {} at position {}' self.verifier.error(msg.format(character, idx+1))
It seems like this was changed 3yrs ago: SHA-1: 8ac8d17d15353c7f7933ae8065646946ae47f993
* Fix HW Version claim expected length
www.psacertified.orghttps://urldefense.com/v3/__http:/www.psacertified.org__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqdyGM_Lvg$ issuing HW versions of format '[0-9]{13}-[0-9]{5}'. It is called 'certification reference': https://www.psacertified.org/certified-products/https://urldefense.com/v3/__https:/www.psacertified.org/certified-products/__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfZxTcdZQ$
Signed-off-by: Tamas Ban <tamas.ban@arm.commailto:tamas.ban@arm.com> Change-Id: I0417e1ce76896f1128864676f29a4314b3fd1fb8
When I run “check_iat” script, I get these errors:
./scripts/check_iat -k public_key.pem -K -p -t PSA-IoT-Profile1-token cc27xx.cbor ERROR:iat-verifiers:Invalid HARDWARE_VERSION length; must be 19 characters, found 13 characters ERROR:iat-verifiers:Invalid character i at position 1 ERROR:iat-verifiers:Invalid character r at position 2 ERROR:iat-verifiers:Invalid character m at position 3 ERROR:iat-verifiers:Invalid character w at position 4 ERROR:iat-verifiers:Invalid character a at position 5 ERROR:iat-verifiers:Invalid character r at position 6 ERROR:iat-verifiers:Invalid character e at position 7 ERROR:iat-verifiers:Invalid character . at position 8 ERROR:iat-verifiers:Invalid character o at position 9 ERROR:iat-verifiers:Invalid character r at position 10 ERROR:iat-verifiers:Invalid character g at position 11 ERROR:iat-verifiers:Invalid character at position 12 ERROR:iat-verifiers:Invalid character at position 13
Is the verifier tool incorrect or should I be following “EAN13-Version' 13 + 1 + 5” even for profile 1 token?
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
Hi,
I thought that may be the case since the iat-verifier doesn’t support EAN-13 format although that is what the spec dictates.
The PSA Attestation API specification needs to be issued at v2.0 - it had been tangled up with another blocking issue, and editing effort has been focused on Crypto API updates.
The specification update to the PSATOKEN is in the following PR: https://github.com/ARM-software/psa-api/pull/131. The definition of the report is no longer provided by the specification, as this is now taken from the draft RFC. Section 4.6 in the RFC describes the compatibility and changes between IOT_PROFILE_1 and PSA-TOKEN, including the change in the certification reference.
The implementation determines which format of report it produces - It is not possible for the caller to select this. The API version (PSA_INITIAL_ATTEST_API_VERSION_MAJOR) should enable a caller to determine what type of report they will receive.
Regards, Andrew
From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Date: Wednesday, 21 May 2025 at 19:38 To: Tamas Ban Tamas.Ban@arm.com, tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: PSA_IOT_PROFILE_1 attestation Certification Reference
Hi Tamas,
My question is if I should be using EAN-13 +5 format for Profile 1 since www.psacertified.orghttps://urldefense.com/v3/__http:/www.psacertified.org__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqdyGM_Lvg$ is issuing HW versions of format '[0-9]{13}-[0-9]{5}'. It is called 'certification reference': https://www.psacertified.org/certified-products/https://urldefense.com/v3/__https:/www.psacertified.org/certified-products/__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfZxTcdZQ$. I thought that may be the case since the iat-verifier doesn’t support EAN-13 format although that is what the spec dictates.
We do not plan to migrate to the new profile at this time since we cannot support all the required claims.
I think it would be best to keep backward compatibility with Profile 1 (compile time option) even if you update TF-M to use PSA 2.0 profile by default.
Regards, Brian
From: Tamas Ban Tamas.Ban@arm.com Sent: Tuesday, May 13, 2025 12:49 PM To: Quach, Brian brian@ti.com; tf-m@lists.trustedfirmware.org Subject: [EXTERNAL] RE: PSA_IOT_PROFILE_1 attestation Certification Reference
Hi Brian, The PSA_IOT_PROFILE_1 profile is actually deprecated and has been superseded by the PSA 2. 0 profile. We intended to remove support for it last year, but were unable to do so due to incompatibility with the psa-arch test suite. Strictly ZjQcmQRYFpfptBannerStart This message was sent from outside of Texas Instruments. Do not click links or open attachments unless you recognize the source of this email and know the content is safe. Report Suspicious https://us-phishalarm-ewt.proofpoint.com/EWT/v1/G3vK!tvdkkbcDei0aJagkHPOjXaSd_PMfYv4PdfKm6cndifuWHQFbDXPEFMPW_a2BjO39gbhXG_rdlJfQ5-nBwy_OP9StQyYBgfOaSQxibnijR6Cgj09zZYzou5p1oWE4PRpQ50-56EU$ ZjQcmQRYFpfptBannerEnd Hi Brian,
The PSA_IOT_PROFILE_1 profile is actually deprecated and has been superseded by the PSA 2.0 profile. We intended to remove support for it last year, but were unable to do so due to incompatibility with the psa-arch test suite.
Strictly speaking, the iat-verifier should still accept tokens using the EAN-13 format, as noted here: https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-24#nam...https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-24*name-backwards-compatibility-con__;Iw!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqf9k2fKNQ$
However, once the version incompatibility between TF-M and psa-arch is resolved, we will proceed with removing support for PSA_IOT_PROFILE_1.
Do you plan to migrate to the new profile? Do you have any concerns about the removal of support for PSA_IOT_PROFILE_1? We shared this plan on the mailing list previously, but so far haven’t received any feedback.
Best regards, Tamas
From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Monday, May 12, 2025 10:12 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA_IOT_PROFILE_1 attestation Certification Reference
Hi,
Per https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfZXoZDQQ$ (which is latest spec I can find for profile 1 token):
The Certification Reference claim is used to link the class of chip and PSA RoT of the attesting device to an associated entry in the PSA Certification database. It MUST be represented as a thirteen-digit [EAN-13https://urldefense.com/v3/__https:/www.gs1.org/standards/barcodes/ean-upc__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqf8M0p0Ww$].¶https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07*section-3.2.3-1__;Iw!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqcHhvDdLQ$
Linking to the PSA Certification entry can still be achieved if this claim is not present in the token by making an association at a Verifier between the reference value and other token claim values - for example, the Implementation ID.¶https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-07*section-3.2.3-2__;Iw!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfox8zsKw$
psa-certification-reference-type = text .regexp "[0-9]{13}"
psa-certification-reference = (
? psa-certification-reference-key =>
psa-certification-reference-type
)
But in the tf-m-tools repo:
iat-verifier\iatverifier\psa_iot_profile1_token_claims.py it checks for PSA 2.0 profile HW version which is EAN-13 + 5.
class HardwareVersionClaim(AttestationClaim): """Class representing a PSA Attestation Token Hardware version claim""" def verify(self, token_item): self._check_type('HARDWARE_VERSION', token_item.value, str)
value_len = len(token_item.value) expected_len = 19 # 'EAN13-Version' 13 + 1 + 5. e.g.:0604565272829-10010 if len(token_item.value) != expected_len: msg = 'Invalid HARDWARE_VERSION length; must be {} characters, found {} characters' self.verifier.error(msg.format(expected_len, value_len)) for idx, character in enumerate(token_item.value): if character not in string.digits: if idx != 13 or character not in '-': msg = 'Invalid character {} at position {}' self.verifier.error(msg.format(character, idx+1))
It seems like this was changed 3yrs ago: SHA-1: 8ac8d17d15353c7f7933ae8065646946ae47f993
* Fix HW Version claim expected length
www.psacertified.orghttps://urldefense.com/v3/__http:/www.psacertified.org__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqdyGM_Lvg$ issuing HW versions of format '[0-9]{13}-[0-9]{5}'. It is called 'certification reference': https://www.psacertified.org/certified-products/https://urldefense.com/v3/__https:/www.psacertified.org/certified-products/__;!!G3vK!SZS-UAx8qyjgqx-l83dZu1fuMJ1ps7HQ1Kj7DorDLVwsWQc_2qr-IVwZ6Z53nmj4jqfZxTcdZQ$
Signed-off-by: Tamas Ban <tamas.ban@arm.commailto:tamas.ban@arm.com> Change-Id: I0417e1ce76896f1128864676f29a4314b3fd1fb8
When I run “check_iat” script, I get these errors:
./scripts/check_iat -k public_key.pem -K -p -t PSA-IoT-Profile1-token cc27xx.cbor ERROR:iat-verifiers:Invalid HARDWARE_VERSION length; must be 19 characters, found 13 characters ERROR:iat-verifiers:Invalid character i at position 1 ERROR:iat-verifiers:Invalid character r at position 2 ERROR:iat-verifiers:Invalid character m at position 3 ERROR:iat-verifiers:Invalid character w at position 4 ERROR:iat-verifiers:Invalid character a at position 5 ERROR:iat-verifiers:Invalid character r at position 6 ERROR:iat-verifiers:Invalid character e at position 7 ERROR:iat-verifiers:Invalid character . at position 8 ERROR:iat-verifiers:Invalid character o at position 9 ERROR:iat-verifiers:Invalid character r at position 10 ERROR:iat-verifiers:Invalid character g at position 11 ERROR:iat-verifiers:Invalid character at position 12 ERROR:iat-verifiers:Invalid character at position 13
Is the verifier tool incorrect or should I be following “EAN13-Version' 13 + 1 + 5” even for profile 1 token?
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
tf-m@lists.trustedfirmware.org
-
Andrew Thoelke -
Quach, Brian -
Tamas Ban