Signature statuses
Following is a list of all possible signature statuses. Each module can have one or more of these signature statuses.
- Ok – The module is signed with a trusted CA (Certification Authority) signed certificate and is validly timestamped.
- Not timestamped – The module is not timestamped. This status is allowed in all verification modes, but verification will fail
once the signing certificate expires.
- Self-signed signing certificate – The module is signed with a self-signed certificate. This status is allowed in medium verification
mode as long as the certificate is installed in the user trust store, but will not be allowed in high verification mode.
- Self-signed timestamp certificate – The module is timestamped by a TSA (Time Stamping Authority) that uses a self-signed certificate.
This status is allowed in medium verification mode as long as the certificate is installed in the user trust store, but will
not be allowed in high verification mode.
- Certificate path validation failure – The module is signed with a certificate that failed validation. This usually happens
when there is not a trust anchor for the certificate in one of the trust stores, or the certificate has expired and the module
is not timestamped. This status is only allowed in low verification mode.
- Unsigned – The module is not signed. This status is allowed only in low verification mode.
- Invalid signature – The module failed signature verification. This usually means the module was modified after it was signed,
possibly by a malicious party. This status is not allowed in any verification mode.
- Unknown – The module’s signature status is not available, either because the remote platform’s version is earlier than
Niagara 4.8 where signature verification is not supported, or the signature needs to be reloaded. Rebooting the platform will reload
signatures on supported versions.