The manifest file format and generation procedures are public information; hence, they can be generated by users. Due to this nature and when the procedures are followed, there will still be minor differences between Microchip and self-generated files.
In the manifest file, each element is signed to ensure the integrity of the content. For a Microchip-generated manifest file, the signing operation is performed by Microchip using its Certificate Authority (CA). The corresponding CA certificate can be downloaded from the Microchip website. This certificate can be used to validate the authenticity of the Microchip-generated files.
For a self-generated manifest file, it is not possible to get each element signed by Microchip CA, as users do not have access to a CA private key. It is required to generate/use a local CA to perform the signature operations. In this case, the users must share the validation certificate along with the manifest file to others. This enables them to validate the content before using it further.
The other differences include:
The Trust Platform Design Suite provides the required scripts/tools to self-generate the manifest files.