On my Project we want to use TF-A (5.8. Trusted Board Boot — Trusted Firmware-A documentation) for our booting solution in order to enable secure boot on our arm platform.
For our test, we use the arm ./cert_create tool to create the BLx_Key_Certificates and the BLx_Content_Certificates.
-> As inputs for ./cert_create tool- we give test public and private keys.
Now we want to use our infrastructure (signature platform where we can't retrieve the private key). Our signature platform get raw data to sign and return a signature.
As sum-up, the arm./cert_create tool solution is to use create self-signed BLx_Key_Certificates and the BLx_Content_Certificate using the Public Key and Private Key given as input of the tool:
Here a sum-up, on how BLx_Key_Certificates and the BLx_Content_Certificate are created.x = X509_new();X509_set_version(...);X509_set_serialNumber(...);X509_set_subject_name(....);X509_set_issuer_name(....);cert_add_ext(....);...X509_sign(x, privKey, digestAlgo) -> As mentionned we don't have access to the Private Key... so we can't use this function.
So we would like to
Do you know how we should proceed to do it ? Does the arm ./cert_create tool propose dedicated "option" to be interfaced with an external signature platform to generate the signature ?
Thank you for your help