When signing a root metadata, the signing key does not need to be listed
in the root metadata. This CL removes those checks.
Use case: When rotating a root key, the new root metadata need to signed
with both the existing root key and the new root key but the old root
key does NOT need to be listed in the new root metadata. In fact if the
rotation aims to revoke the old root key, the old root key MUST NOT be
listed in the new root signature requirements.
Change-Id: If6896c98ff49cf2dcc936f5d075a93dd440b18a6
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/69360
Reviewed-by: Joe Ethier <jethier@google.com>
Commit-Queue: Ali Zhang <alizhang@google.com>
Allow adding multiple root and targets keys when generating a root
metadata.
Bug: b/205623081
No-Docs-Update-Reason: module in early development
Change-Id: Ia6d023506edfd95d4633348c2e5f2896d7ff7050
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/68088
Pigweed-Auto-Submit: Ali Zhang <alizhang@google.com>
Reviewed-by: Joe Ethier <jethier@google.com>
Reviewed-by: David Rogers <davidrogers@google.com>
Commit-Queue: Ali Zhang <alizhang@google.com>
Adds support for signing the targets metadata in an update bundle.
No-Docs-Update-Reason: module in early development
Change-Id: I25ef525aace986de12bf74bbeb5b8ac67c75ced2
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/63761
Commit-Queue: Ali Zhang <alizhang@google.com>
Reviewed-by: Joe Ethier <jethier@google.com>
Adds a dev_sign module to sign a root metadata with development keys.
No-Docs-Update-Reason: module in early development.
Change-Id: I3417ab711968d4f8ee1bcf9f164d9730d53af1b7
Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/62901
Reviewed-by: Joe Ethier <jethier@google.com>
Commit-Queue: Ali Zhang <alizhang@google.com>