Managing package signature validation on the platform
dev@dev-VirtualBox:~$ ioxclient platform signedpackages
NAME:
ioxclient platform signedpackages - Enable/Disable package signature validation on the platform
USAGE:
ioxclient platform signedpackages command [command options] [arguments...]
COMMANDS:
enable, e Enable package signature validation on the platform
disable, d Disable package signature validation on the platform
get, g Get package signature validation configuration of the platform
trustanchor, ta Manage trust anchor on the platform
help, h Shows a list of commands or help for one command
OPTIONS:
--help, -h show help
--generate-bash-completion
Enable package signature validation
To enable package signature validation on the platform use the below command:
dev@dev-VirtualBox:~$ ioxclient platform signedpackages enable
Currently active profile : 829
Command Name: plt-sign-pkg-enable
Saving current configuration
Successfully updated package signature validation capability on the device to true
Get package signature validation configuration
To check if package signature validation is enabled on the platform use the below command
dev@dev-VirtualBox:~$ ioxclient platform signedpackages get
Currently active profile : 829
Command Name: plt-sign-pkg-get
Package signature validation is enabled on the platform: true
Disable package signature validation
To disable package signature validation on the platform use the below command
dev@dev-VirtualBox:~$ ioxclient platform signedpackages disable
Currently active profile : 829
Command Name: plt-sign-pkg-disable
Successfully updated package signature validation capability on the device to false
Managing Trust Anchor on the platform
To manage the trust anchor used for validating packages' signature refer to the below command
dev@dev-VirtualBox:~$ ioxclient platform signedpackages trustanchor
NAME:
ioxclient platform signedpackages trustanchor - Manage trust anchor on the platform
USAGE:
ioxclient platform signedpackages trustanchor command [command options] [arguments...]
COMMANDS:
get, g Get info of the trust anchor in use on the platform
set, s Add/Replace trust anchor on the platform.
The file to be uploaded has to be a tar.gz file with following files:
-info.txt #contains plain-text.
-ca-chain.cert.pem #file containing concatenated certificates and CRL in PEM format.
delete, d Delete the trust anchor being used by the platform
help, h Shows a list of commands or help for one command
OPTIONS:
--help, -h show help
--generate-bash-completion
Add or Replace trust anchor on the platform
To add or replace trust anchor use the below command
dev@dev-VirtualBox:~$ ioxclient platform signedpackages trustanchor set ./trust_anchor.tar.gz
Currently active profile : 829
Command Name: plt-sign-pkg-ta-set
Response from the server: Imported trust anchor file successfully
- Note that the trust anchor needs to be a tar.gz file and should contain info.txt and cert.pem files.
Get Trust Anchor Info
To get information about the trust anchor used by the platform to validate package signatures use the below command
dev@dev-VirtualBox:~$ ioxclient platform signedpackages trustanchor get
Currently active profile : 829
Command Name: plt-sign-pkg-ta-get
------------ Trust anchor info -----------
checksum: 096b889a655312addadf51a1c62f1a6338bf5c32
metadata: Sample metadata file content
Delete Trust Anchor
To delete the trust anchor used by the platform to validate package signatures use the below command
dev@dev-VirtualBox:~$ ioxclient platform signedpackages trustanchor delete
Currently active profile : mycaf
Command Name: plt-sign-pkg-ta-delete
Successfully deleted the trust anchor on the platform
- Note that when trust anchor is deleted, package signature validation is disabled.
- Before re-enabling package signature validation, a trust anchor needs to be uploaded to the platform.