Releases: nsacyber/RIM-Tool
Release list
v1.1.0
This version of the RIM Tool contains several improvements and bug fixes.
Changes
- Fixed
verifybug whereby base TCG PC Client RIMs were processed with whitespace removed, but signatures were verified against this (resulting in validation failures). New RIMs are now processed with whitespace preserved, and are handled according to XML canonicalization. - Fixed TCG PC Client RIM
createbug involving base RIM signatures being generated before output XML indentation was added. As of version 1.1.0, output base RIMs do not have any indentation added; this may be implemented in a future version. - Fixed issue where a verification mismatch could occur between
createandverifyfor CoRIM protected header contents. - Added new
quick_pcrim.shscript to the RIM Tool to allow for quick start creation of a new TCG PC Client RIM. To use, runsudo quick_pcrim.sh -hin a new command-line terminal (Linux only; requires admin). (Note that online documentation will be updated in the near future for this script.) - Added new
-koption to theverifycommand for PC Client RIMs, allowing PEM-formatted public keys to be used as an input for RIM verification as an alternative to certificates. - Updated Java library version to Java 25.
Important
The v3.2.0 HIRS release requires any TCG PC Client RIM to be generated with RIM Tool version 1.1 or newer.
PC Client RIMs previously created with either the legacy tcg_rim_tool or RIM Tool v1.0 will need to be recreated using RIM Tool v1.1.
v1.0.0
The RIM Tool provides the following main commands.
Create Command
Creates a RIM, CoRIM, or CoSWID tag from a given configuration input file, and writes to a specified output file. Can optionally sign as well as create.
Verify Command
Verifies the signature of a RIM, CoRIM, or CoSWID tag.
Print Command
Print the contents of a RIM, CoRIM, or CoSWID tag to the command line.
Sign Command
Signs a file using specific algorithm and formatting options. The signature can either be attached or detached:
- Attached: the signature and payload (content) are contained in the same output file.
- Detached: the signature is output to a separate file, which will not contain the payload.
The resultant signed output will be a CBOR-encoded file.
Get Command
Retrieves the payload from a signed object and saves the contents to a file.