`create` Command¶

Creates a RIM, CoRIM, or CoSWID tag from a given configuration input file, and writes to a specified output file.

Can optionally sign as well as create. Please see the Sign command page for further details.

Usage¶

UnsignedSigned

rim create -r <string> -a <file> -u -o <file> [-l <file>]

rim create -r <string> -a <file> -k <file> -p <file> -o <file> [-l <file>] [-al <string>] [-d] [-e] [-pk <file>] [-uk <file>]

Parameters¶

UnsignedSigned

Parameter	Description	Required	Type
`-r`, `--rim-type`	Specifies the RIM type.	Yes	String
`-c`, `--config`	Specifies the configuration file for building the RIM.	Yes	File
`-l`, `--rimel`	Support RIM (PC Client RIM only).	No¹	File
`-u`, `--unsigned`	Specifies that the RIM is unsigned.	Yes
`-o`, `--out`	The path of the file to write the RIM to.	Yes	File

Parameter	Description	Required	Type
`-r`, `--rim-type`	Specifies the RIM type.	Yes	String
`-c`, `--config`	Specifies the configuration file for building the RIM.	Yes	File
`-l`, `--rimel`	Support RIM (PC Client RIM only).	No¹	File
`-k`, `--private-key-file`	The private key used to sign the Base RIM created by this tool.	Yes	File
`-p`, `--public-certificate`	The public key certificate to be used to verify the RIM.	Yes²	File
`-al`, `--algorithm`	The algorithm used³. By default, uses the certificate algorithm.	No	String
`-d`, `--detached`	Uses a detached signature file. By default, embeds the signature.	No	File
`-e`, `--embed-cert`	Embeds a certificate, depending on output type.⁴	No
`-pk`, `--protected-kid`	A hexadecimal string that represents the key identifier to place in the COSE protected header.⁵	No	String
`-uk`, `--unprotected-kid`	A hexadecimal string that represents the key identifier to place in the COSE unprotected header.⁵	No	String
`-o`, `--out`	The path of the file to write the RIM to.	Yes	File

Examples¶

Before Starting

Before running these examples, please ensure that you change into the data directory (requires install):

Linux

cd /opt/rimtool/data

Create a signed TCG PC Client Base RIM:

Linux

rim create -r pcrim -c pcrim/rim_fields.json -l pcrim/laptop.default.1.rimel -p pcrim/RimSignCert.pem -k pcrim/rimKey.pem --out ~/laptop.default.1.swidtag

Create an unsigned CoSWID tag:

Linux

rim create -r coswid -u -c coswid/coswid_rim_1.json --out ~/coswid_rim_1.coswid.cose

Create a CoRIM using CoMID:

Linux

rim create -r corim_comid -c corim/corim_1.json -k keys/COMP_OEM1_rim_signer_ecc_512_sha384.key -p certs/COMP_OEM1_rim_signer_ecc_512_sha384.pem --out ~/corim_1.corim.cose

A Support RIM file is only used for a TCG PC Client RIM . If this type is used, this option is required. ↩↩
Some key files may include a certificate, in which case this option may not be needed. ↩
Must be an IANA-registered COSE algorithm . ↩
For XML-DSig : the provided certificate is embedded into the signed SWID tag.

For COSE : the provided certificate and its thumbprint are embedded into the protected header. ↩
Applicable to COSE types only (CoSWIDs and CoRIMs). By default, uses SKID of verification certificate. ↩↩

create Command¶

Usage¶

Parameters¶

Examples¶

`create` Command¶