 |
Software APIs
|
|
Software APIs
|
The manifest only supports one of the following signatures: More...
Data Fields | |
| sigverify_rsa_buffer_t | rsa_signature |
| RSA signature of the image. More... | |
| ecdsa_p256_signature_t | ecdsa_signature |
| ECDSA P256 signature of the image. More... | |
The manifest only supports one of the following signatures:
kManifestVersionMajor1: rsa_signature.kManifestVersionMajor2: ecdsa_signature.Both signatures use SHA-256 as the hash function.
On-target verification should also integrate usage constraints comparison to signature verification to harden it against potential attacks. During verification, the digest of an image should be computed by first reading the usage constraints from the hardware and then concatenating the rest of the image:
digest = SHA256(usage_constraints_from_hw || rest_of_the_image)
The start and the length of the region that should be concatenated to the usage constraints read from the hardware can be obtained using manifest_digest_region_get().
Definition at line 216 of file manifest.h.
ECDSA P256 signature of the image.
ECDSA P256 signature of the image generated using a NIST P256 ECC key and the SHA-256 hash function. The signed region of an image starts immediately after the end of the union encapsulating this field and ends at the end of the image.
RSA signature of the image.
RSASSA-PKCS1-v1_5 signature of the image generated using a 3072-bit RSA private key and the SHA-256 hash function. The signed region of an image starts immediately after this field and ends at the end of the image.