1# Hardware trust 2 3Reliable trust in a device's hardware is the basis of a growing set of features, 4for example remote key provisioning. 5 6## `libhwtrust` 7 8The library for handling, inspecting and validating data realted to the hardware 9root-of-trust and the features that rely on it is `libhwtrust`. 10 11## `hwtrust` 12 13There is a command-line utility that provides easy access to the logic in 14`libhwtrust` called `hwtrust`. 15 16Build it as part of Android with `m hwtrust` and run `hwtrust --help` to see a 17list of its functions. 18 19Alternatively, use Cargo by running `cargo run -- --help` in this directory to 20build and run the utility. If the Cargo build has errors, please help to keep it 21working by sending fixes or reporting the problem. Building as part of Android 22should always work as a fallback. 23 24### Verifying DICE chains 25 26`hwtrust` can be used to validate that a DICE chain is well-formed and check 27that the signatures verify correctly. To do so, place the CBOR-encoded DICE 28chain in a file, e.g. `chain.bin`, then call the tool. 29 30```shell 31hwtrust dice-chain chain.bin 32``` 33 34The exit code is zero if the chain passed verification and non-zero otherwise. 35 36### Verifying Factory Certificate Signing Requests 37 38The `rkp_factory_extraction_tool` is used in the manufacturing process to capture 39a "CSR" that contains a full DICE chain and other device properties. The `factory-csr` 40subcommand parses and validates the output of `rkp_factory_extraction_tool`. 41 42 43```shell 44hwtrust factory-csr csr.json 45``` 46