同步操作将从 openEuler/secGear 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
The sign_tool.sh helps to sign the enclave.
The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the SGX enclave and the 'sign_too.py' for signing the trustzone enclave.
The tool supports the following two modes:
single-step method, it is only for the dubug mode.
For example:
$ ./signtool.sh –d sign –x 2 –i test.enclave -m manifest.txt –e device_pubkey.pem –o signed.enclave
two-step method, it is used when the signature needs to be obtained from the signing organization or the private key is stored on another secure platform.
For example:
(1) generate the digest value.
$ ./signtool.sh –d digest –x 2 –i input -m manifest.txt –e device_pubkey.pem –o digest.data
For trustzone, temporary files KeyInfo.enc, rawData.enc, and rawDataHash.bin are generated in the current directory. And for SGX, a temporary file signdata is generated in the current directory. The temporary file is required when generating the signed enclave in step 3 and is deleted after the signed enclave is generated.
(2) send the digest.data to the signing organization or platform and get the signature.
(3) use the signature to generate the signed enclave.
$ ./signtool.sh –d sign –x 2 –i input -m manifest.txt –p pub.pem –e device_pubkey.pem –s signature –o signed.enclave
-d <parameter>: sign tool command, sign/digest.
The sign command is used to generate a signed enclave.
The digest command is used to generate a digest value.
-i <file>: enclave to be signed.
-x <parameter>: enclave type, 1: SGX, 2:trustzone.
-m <file>: manifest file, required by trustzone.
-a <parameter>: API_LEVEL, indicates trustzone GP API version, defalut is 1.
-f <parameter>: OTRP_FLAG, indicates whether the OTRP standard protocol is supported, default is 0.
-t <parameter>: trustzone TA_TYPE, default is 1.
-c <file>: config file.
-k <file>: private key required for single-step method required when trustzone TA_TYPE is 2 or SGX.
-p <file>: signing server public key certificate, required for two-step method.
-s <file>: the signed digest value required for two-step method, this parameter is empty to indicate single-step method.
-e <file>: the device's public key certificate, used to protect the AES key of the encrypted rawdata, required by trustzone.
-o <file>: output parameters, the sign command outputs sigend enclave, the digest command outpus digest value.
-h: printf help message.
Note:
Using the ./sign_tool.sh -h
to get help information.
For trustzone, it will randomly generate a AES key and temporarily stored in the file in plaintext, please ensure security.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。