move things around and add efm8 and efm32 builds

tools/gencert/attest

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+zCCAaGgAwIBAgIBADAKBggqhkjOPQQDAjAsMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCTUQxEDAOBgNVBAoMB1RFU1QgQ0EwIBcNMTgwNTEwMDMwNjIwWhgPMjA2
+ODA0MjcwMzA2MjBaMHwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEPMA0GA1UE
+BwwGTGF1cmVsMRUwEwYDVQQKDAxURVNUIENPTVBBTlkxIjAgBgNVBAsMGUF1dGhl
+bnRpY2F0b3IgQXR0ZXN0YXRpb24xFDASBgNVBAMMC2Nvbm9ycHAuY29tMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAERakCwS6cCjP6PoRQSrgC3E25rxWxtjrqjT8D
+A1VlfXA/tAKkl/SDuKb5PNAYrZIMt4paPhRIku8I+Mrq+zKrIKNiMGAwRgYDVR0j
+BD8wPaEwpC4wLDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1EMRAwDgYDVQQKDAdU
+RVNUIENBggkA98nsifJjlNkwCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwCgYIKoZI
+zj0EAwIDSAAwRQIgGDiwRQNpqqe3OGIBrySXXn50ZBuje/fm0695KNvcpYgCIQDN
+BvHjqxYhjtjAFK8JT1tz716eS+c1692bbY9988Q61w==
+-----END CERTIFICATE-----

tools/gencert/ca_sign.sh

@@ -0,0 +1,13 @@
+
+[[ "$#" != 4 ]] && echo "usage: $0 <private-key> <CA-cert> <signing-key> <output-cert>" && exit 1
+
+# generate a "signing request"
+echo "generate request"
+openssl req -new -key "$1" -out "$1".csr
+
+# CA sign the request
+echo "sign request with CA key"
+openssl x509 -days 18250 -req -in "$1".csr -extfile v3.ext -CA "$2" -CAkey "$3" -out "$4" -set_serial 0
+
+echo "output as der"
+openssl  x509 -in "$4" -outform der -out "$4".der

tools/gencert/cbytes.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+from __future__ import print_function
+"""
+    cbytes.py
+
+    Output a c file with the DER certificate.
+    Read der file as input
+"""
+import sys,fileinput,binascii
+
+if len(sys.argv) not in [2,3]:
+    print('usage: %s <certificate.der|hex-input> [-s]' % sys.argv[0])
+    print('    -s: just output c string (for general use)')
+    sys.exit(1)
+
+buf = None
+try:
+    buf = bytearray(open(sys.argv[1], 'rb').read())
+except:
+    n = sys.argv[1].replace('\n','')
+    n = sys.argv[1].replace('\r','')
+    buf = bytearray(binascii.unhexlify(n))
+
+c_str = ''
+size = len(buf)
+
+a = ''.join(map(lambda c:'\\x%02x'%c, buf))
+
+for i in range(0,len(a), 80):
+    c_str += ("\""+a[i:i+80]+"\"\n")
+
+if '-s' in sys.argv:
+    print(c_str)
+    sys.exit(0)
+
+print('// generated')
+print('#include <stdint.h>')
+print()
+print('code uint8_t __attest[] = \n%s;' % c_str)
+print('const uint16_t __attest_size = sizeof(__attest)-1;')
+
+

tools/gencert/dump_pem.py

@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+from __future__ import print_function
+import sys,fileinput,binascii
+try:
+    import ecdsa
+except:
+    print('python ecdsa module is required')
+    print('try running: ')
+    print('     pip install ecdsa')
+    sys.exit(1)
+
+
+if len(sys.argv) not in [2]:
+    print('usage: %s <key.pem>' % sys.argv[0])
+    sys.exit(1)
+
+pemkey = sys.argv[1]
+attestkey = ecdsa.SigningKey.from_pem(open(pemkey).read())
+
+hstr = binascii.hexlify(attestkey.to_string())
+print(hstr)
+
+cstr = ''
+it = iter(hstr)
+for d1 in it:
+    d2 = next(it)
+    cstr += '\\x'+d1+d2
+
+print('"%s"' % cstr)
+

tools/gencert/genca.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+keyname=key.pem
+certname=cert.pem
+smallcertname=cert.der
+curve=prime256v1
+
+# generate EC private key
+openssl ecparam -genkey -name "$curve" -out "$keyname"
+# generate a "signing request"
+openssl req -new -key "$keyname" -out "$keyname".csr
+# self sign the request
+openssl x509 -req -days 18250  -in "$keyname".csr -signkey "$keyname" -out "$certname"
+
+# convert to smaller size format DER
+openssl  x509 -in $certname  -outform der -out $smallcertname
+

tools/gencert/v3.ext

@@ -0,0 +1,3 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment