Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Environment Requirements

Hardware Requirements

Table 1 lists the hardware requirements.

Table 1 Hardware environment

Item

Version

Server

TaiShan 200 server (model 2280, dual sockets)

Motherboard

Kunpeng motherboard

BMC

1711 board (model BC82SMMAB)

CPU

Kunpeng 920 processor (model 7260, 5250, or 5220)

Chassis

No special requirements; an 8- or 12-drive chassis recommended

The TrustZone feature must have been pre-installed on the TaiShan server, that is, the iTrustee secure OS and the matched BMC and BIOS firmware have been pre-installed on the TaiShan server. For details about how to check whether they have been pre-installed, see Checking the TrustZone Kit.

Software Packages

Table 2 describes how to obtain the software packages.

Table 2 Software packages

Software Package

Description

How to Obtain

itrustee_tzdriver

Source code of the patch package in the iTrustee REE

https://gitee.com/openeuler/itrustee_tzdriver

itrustee_client

Source code of the patch package in the iTrustee REE

https://gitee.com/openeuler/itrustee_client

libboundscheck

Huawei safety function library

https://gitee.com/openeuler/libboundscheck

BoostKit-teeos_1.1.3.SPC3.zip

TEE OS firmware package

Download from Huawei enterprise website:

BoostKit-teeos_1.1.3.SPC3.zip

NOTE:
  • The software package of the current version is restricted in commercial use. You need to submit an application and wait for approval before downloading the software package.
  • The iTrustee firmware has been pre-deployed on the TaiShan server that integrates the TrustZone feature. If a new version of iTrustee firmware is released, you can upgrade the firmware by yourself. For details, see Upgrading Firmware.

After obtaining the software package, verify that it is consistent with that provided on the website.

Verification method: Obtain the digital certificate and software.

Obtain the verification tool and method from the following link:

https://support.huawei.com/enterprise/en/tool/pgp-verify-TL1000000054

Verify the software package integrity by following the procedure described in the OpenPGP Signature Verification Guide obtained from the URL.

Checking the TrustZone Kit

Perform the following steps to check whether the TrustZone kit has been pre-installed on the Kunpeng server.

  1. Check the iBMC and BIOS versions.

    Log in to the iBMC and view the iBMC and BIOS firmware versions on the home page.

    The iBMC firmware version must be 3.01.12.49 or later, and the BIOS firmware version must be 1.83 or later. If either version is earlier, the server does not have the Kunpeng TrustZone kit.

  2. Check the TrustZone license.

    Log in to the iBMC WebUI. On the home page, choose iBMC Management > License Management to check the license status.

    The license must have been imported and is still valid, and the Kunpeng accelerator SEC Function feature is Enabled. If this condition is not met, the Kunpeng TrustZone function cannot be enabled even if the firmware related to the TrustZone kit has been burnt to the server.

  3. Check the secure OS boot key.
    1. Log in to the server BIOS.

    2. Choose Advanced > TEE Config to view the TEE configuration option.

    3. Check the OEMKEY installation status.

      If TEE OEMKEY is in the Install state, the Kunpeng TrustZone kit has been pre-installed on the server. You can set Support TEE to enable the TrustZone function on the Kunpeng server.