HP EliteBook 745 Sure Recover User Guide - Page 14
Generating manifest signature, Hosting the files, files
View all HP EliteBook 745 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 14 highlights
[System.IO.File]::WriteAllLines($pathToManifest + '\' + $mftFilename, $content, $encoding) 2. Save the script. 3. Execute the script. powershell .\generate-manifest.ps1 Generating manifest signature Sure Recover validates the agent and image using cryptographic signatures. The following examples use a private/public key pair in X.509 PEM format (.PEM extension). Adjust the commands as appropriate to use DER binary certificates (.CER or .CRT extension), BASE-64 encoded PEM certificates (.CER or .CRT extension), or PKCS1 PEM files (.PEM extension). The example also uses OpenSSL, which generates signatures in big-endian format. You can use any utility to sign manifests, but some BIOS versions only support signatures in littleendian format. 1. Generate a 2048-bit RSA private key using the following command. If you have a 2048-bit RSA private/ public key pair in pem format, copy them to C:\staging, and then skip to step 3. openssl genrsa -out my-recovery-private.pem 2048 2. Generate the public key from your private key (if you have a public key corresponding to your private key in PEM format, copy it to C:\staging), using the following command: openssl rsa -in my-recovery-private.pem -pubout -out my-recoverypublic.pem 3. Create a signature file (using sha256-based hash) based on your 2048-bit RSA private key from step 1, using the following command: openssl dgst -sha256 -sign my-recovery-private.pem -out custom.sig custom.mft 4. Verify the signature file, using your public key from the previous step, using the following command: openssl dgst -sha256 -verify my-recovery-public.pem -signature custom.sig custom.mft NOTE: ● If you need to create a signature file only, the required steps are 1 and 3. ● For HP Sure Recover, the minimum required steps are 1, 2, and 3. You need the public key from step 2 to provision your target system. ● Step 4 is optional but recommended so that your signature file and manifest file validate correctly. Hosting the files Host the following files on your server from the C:\staging folder: ● *.swm ● custom.mft (or the file name you chose for the manifest file) ● custom.sig (or the matching file name you chose for the signature file) 8 Chapter 2 Creating a corporate image