HUK Key

2.2.1

Verify that the HUK key derivation function of the secure OS is working properly.

See Test Networking.

1. The TrustZone kit has been burnt into the servers (at least two servers) and the TrustZone license has been activated.
2. The REE patch has been loaded to the server. The CA and TA can be loaded and can communicate with each other properly.

1. Log in to the REE OS and load the TrustZone REE patch tzdriver. (See Expected Result 1.)

   insmod tzdriver

   /usr/bin/teecd &

2. Write CA 1 and TA 1 and make the following requirements on the CA 1 and TA 1 code. (See Expected Result 2.)

   Test the HUK key derivation function: TEE_EXT_ROOT_DeriveKey2.

3. Write CA 2 and TA 2 (TA 2 uses the same API parameters as TA 1). Call the TEE_EXT_ROOT_DeriveKey2 key derivation function. (See Expected Result 3.)
4. Deploy CA 1 and TA 1 on another server and then run CA 1 and TA1 again. (See Expected Result 4.)

1. The REE patch is loaded and no error information is displayed.
2. The APIs and algorithms are working properly.
3. The key derivation result of TA 2 is different from that of TA 1.
4. Both of CA 1 and TA 1 have a different key derivation result on the new server.

Ask the Huawei R&D to provide the TA and CA source code and binary files for the test.