1.1 Microchip vs. Self-Generated Files
The manifest file format and generation procedures are publicly available, allowing users to generate manifest files independently. However, even when following the documented procedures, there may be minor differences between Microchip-generated and self-generated files.
Manifest Signature
In the manifest file, each secure sub-system device is signed to ensure content integrity. For a Microchip-generated manifest file, the signing operation is performed by Microchip using its Certificate Authority (CA). The corresponding CA certificate can be downloaded from the Microchip website and can be used to validate the authenticity of the Microchip-generated files.
- MCHP Manifest Signer Certificates are available in the Documentation section.
For a self-generated manifest file, it is not possible to have each secure sub-system device signed by the Microchip CA, as users do not have access to a CA private key. Instead, users must generate or use a local CA to perform the signature operations. In this case, users are required to share the validation certificate along with the manifest file to enable others to verify the content before further use.
Other differences include:
- Trust&GO – Content remains the same, as the secure sub-system device data are immutable, but signature and verification certificates are different, as self-generated scripts use their own CA.
- TrustFLEX
- Device and signer certificates may differ if custom PKI is selected during resource generation.
- For CryptoAuthentication™ secure sub-system devices, slots 1-4 and 13-15 may vary based on additional key generation performed during resource generation at the user’s location.
- Signature and verification certificates will differ, as self-generated scripts use their own CA.