Skip to content

Releases: nsacyber/RIM-Tool

Release list

v1.1.0

Choose a tag to compare

@iadgovuser59 iadgovuser59 released this 18 Jun 20:38
2ec2835

This version of the RIM Tool contains several improvements and bug fixes.

Changes

  • Fixed verify bug whereby base TCG PC Client RIMs were processed with whitespace removed, but signatures were verified against this (resulting in validation failures). New RIMs are now processed with whitespace preserved, and are handled according to XML canonicalization.
  • Fixed TCG PC Client RIM create bug involving base RIM signatures being generated before output XML indentation was added. As of version 1.1.0, output base RIMs do not have any indentation added; this may be implemented in a future version.
  • Fixed issue where a verification mismatch could occur between create and verify for CoRIM protected header contents.
  • Added new quick_pcrim.sh script to the RIM Tool to allow for quick start creation of a new TCG PC Client RIM. To use, run sudo quick_pcrim.sh -h in a new command-line terminal (Linux only; requires admin). (Note that online documentation will be updated in the near future for this script.)
  • Added new -k option to the verify command for PC Client RIMs, allowing PEM-formatted public keys to be used as an input for RIM verification as an alternative to certificates.
  • Updated Java library version to Java 25.

Important

The v3.2.0 HIRS release requires any TCG PC Client RIM to be generated with RIM Tool version 1.1 or newer.
PC Client RIMs previously created with either the legacy tcg_rim_tool or RIM Tool v1.0 will need to be recreated using RIM Tool v1.1.

v1.0.0

Choose a tag to compare

@iadgovuser59 iadgovuser59 released this 10 Feb 16:44
d0e2807

The RIM Tool provides the following main commands.

Create Command

Creates a RIM, CoRIM, or CoSWID tag from a given configuration input file, and writes to a specified output file. Can optionally sign as well as create.

Verify Command

Verifies the signature of a RIM, CoRIM, or CoSWID tag.

Print Command

Print the contents of a RIM, CoRIM, or CoSWID tag to the command line.

Sign Command

Signs a file using specific algorithm and formatting options. The signature can either be attached or detached:

  • Attached: the signature and payload (content) are contained in the same output file.
  • Detached: the signature is output to a separate file, which will not contain the payload.

The resultant signed output will be a CBOR-encoded file.

Get Command

Retrieves the payload from a signed object and saves the contents to a file.