Microchip vs. Self-Generated Files

The manifest file format and generation procedures are public information; hence, they can be generated by users. Due to this nature and when the procedures are followed, there will still be minor differences between Microchip and self-generated files.

Manifest Signature

In the manifest file, each element is signed to ensure the integrity of the content. For a Microchip-generated manifest file, the signing operation is performed by Microchip using its Certificate Authority (CA). The corresponding CA certificate can be downloaded from the Microchip website. This certificate can be used to validate the authenticity of the Microchip-generated files.

Tip:

MCHP Manifest Signer Certificates (under Documentation tab)
Direct link to Download

For a self-generated manifest file, it is not possible to get each element signed by Microchip CA, as users do not have access to a CA private key. It is required to generate/use a local CA to perform the signature operations. In this case, the users must share the validation certificate along with the manifest file to others. This enables them to validate the content before using it further.

The other differences include:

1.Trust&GO – Content remains the same, as the device data are immutable, but signature and verification certificates are different, as self-generated scripts use their own CA.
2.TrustFLEX
1. a.Device and signer certificates can be different if custom PKI is selected during resource generation.
2. b.Slots 1-4, 13-15 vary based on additional key generations as part of resource generation at the user’s location.
3. c.Signature and verification certificates are different, as self-generated scripts use their own CA.

The Trust Platform Design Suite provides the required scripts/tools to self-generate the manifest files.

Tip: