Signing an IDF

ELIAS provides the possibility to sign image definition files (IDFs) by using private code-signing certificates. To do so, you need to import an appropriate certificate into the ELIAS certificate management.

  1. Create and import a code signing certificate (.pem/.cer Base64-encoded) in the certificate management of ELIAS. To do so, select Security > Manage certificates... > Import...

    The Organization attribute of the certificate must be filled to use a certificate in ELIAS.

  2. To sign the IDF currently opened in ELIAS, ensure that it is saved, and then select Security > Sign IDF…

    Depending on the format of the certificate, the signing process might involve specifying the file path of the private key file.

    The generated signature file is saved to the directory (container) of the IDF. Once an IDF is signed, the string signed is added to the IDF file name shown in the image title.

  3. Transfer the code signing certificate and root certificate to the devices to /setup/cacerts. To do so, use the Scout feature Files configured for transfer. For further information, see Files configured for transfer in the Scout guide.
  4. Make sure the signature verification for the devices is enabled. Signature verification is an option of the device configuration in Device configuration > Firmware > Security. For further information, see Firmware security through signature.

Any changes to the signed IDF in ELIAS will delete the signature. After having changed and saved a signed IDF, repeat the signing procedure.

The result of the signature verification is documented in the update log on the device. After the update is performed, the update log file is sent to the Scout Server and can be viewed for the selected device in the Properties window by double-clicking the Update status field.