Skip to content

tpm2_getekcertificate: add option --x509-trunc #3483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JuergenReppSIT merged 2 commits into from
May 5, 2025
Merged

tpm2_getekcertificate: add option --x509-trunc #3483

JuergenReppSIT merged 2 commits into from
May 5, 2025
+35 −3

Conversation

@saurontech
Copy link
Contributor

@saurontech saurontech commented May 5, 2025

New option to handle x509 DER with trailing data

ST micro's ST33HTPHF2ENIST TPM creates NIST P-256 ECC and RSA EK certificates with 0xff data padded to a fixed 1600 bytes length. The option "--x509-trunc" or "-t" parses the output of "nv_read" with a X509 parser and truncates the trailing data. This makes the output formate more accessable to GOLANG's X509.ParseCertificate(). Details about this issue can be found at: #3474

Also, added the documentation to ./man/tpm2_getekcertificate.1.md mentioned at : #3481 (comment)

Sorry to mess up the original PR by missing the --signed-off in a commit.
I'll be more careful next time.

Signed-off-by: Samuel Cheng samuelogre@gmail.com

saurontech added 2 commits May 2, 2025 16:40
@saurontech
tpm2_getekcertificate: add option --x509-trunc
1fe5ccd 
New option to handle x509 DER with trailing data

ST micro's ST33HTPHF2ENIST TPM creates NIST P-256 ECC and RSA EK certificates with 0xff data padded to a fixed 1600 bytes length.
The option "--x509-trunc" or "-t" parses the output of "nv_read" with a X509 parser and truncates the trailing data.
This makes the output formate more accessable to GOLANG's X509.ParseCertificate().
Details about this issue can be found at: tpm2-software#3474

Signed-off-by: Samuel Cheng <samuelogre@gmail.com>
@saurontech
tpm2_getekcertificate.1.md: add document for option "-t", "--x509-trunc"
9ff8e19 
Add new option "-t", "--x509-trunc" to man/tpm2_getekcertificate.1.md

Signed-off-by: Samuel Cheng <samuelogre@gmail.com>
@saurontech
Copy link
Contributor Author

saurontech commented May 5, 2025

@JuergenReppSIT Sorry, but I've already signed-off both commits, I don't get why the DCO test failed.
I'm really sorry, but this is my first time working with this workflow.
If you don't mind, could you please give me some guidance.
Thanks a lot.

@JuergenReppSIT
Copy link
Member

JuergenReppSIT commented May 5, 2025

@saurontech I also don't get why the DCO test failed. Both commits the "Signed-of-by" looks right. Thank you for updating the PR.

@JuergenReppSIT JuergenReppSIT merged commit 2087ed3 into tpm2-software:master May 5, 2025
22 of 23 checks passed
@saurontech saurontech deleted the x509-trunc branch May 5, 2025 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@saurontech @JuergenReppSIT