Spelling and add TODO's for testing new keytool features.

Author: dgarske

.github/workflows/test-keytools.yml

@@ -144,3 +144,9 @@ jobs:
       - name: Generate final signed binary
         run: |
           ./tools/keytools/sign --rsa2048 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig
+
+
+    # TODO: Test WOLFBOOT_UNIVERSAL_KEYSTORE
+    # TODO: Test sign "--no-ts"
+    # TODO: Test keygen with --id "keygen --ecc256 -g generic.key --id 1,2,3 -g restricted.key"
+    # TODO: Test keygen with -i   "keygen --ecc256 -g a.key  --ecc384 -g b.key --rsa2048 -i rsa-pub.der"

.gitignore

@@ -105,6 +105,7 @@ tools/tpm/pcr_read
 tools/tpm/pcr_reset
 tools/tpm/pcr_extend
 tools/tpm/policy_create
+tools/tpm/policy_sign
 config/*.ld
 
 # Generated confiuguration file

docs/keystore.md

@@ -124,7 +124,7 @@ partition with `--id 3` would require turning on bit '3' in the mask, i.e. addin
 
 To restrict the permissions for single keys, it would be sufficient to change the value
 of each key `part_id_mask`. This is done via the `--id` command line option for keygen.
-Each generated or imported key can be associatd with a number of partition by passing the
+Each generated or imported key can be associated with a number of partition by passing the
 partition IDs in a comma-separated list, e.g.:
 
 ```
@@ -176,7 +176,7 @@ The API consists of a few functions described below.
 
 Returns the number of slots in the keystore. At least one slot
 should be populated if you want to authenticate your firmware today.
-The interface assumes that the slots are numbered sequentially, from zero to 
+The interface assumes that the slots are numbered sequentially, from zero to
 `keystore_num_pubkeys() - 1`. Accessing those slots through this API should always
  return a valid public key.
 
@@ -198,5 +198,3 @@ public key associated to the slot `id`.
 `uint32_t keystore_get_mask(int id)`
 
 Returns the permissions mask, as a 32-bit word, for the public key stored in the slot `id`.
-
-