Documentation
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Importing the Level-2 CA Certificate of a TA

Case No.

2.8.1

Test Objective

Verify that the level-2 CA certificate of a TA can be imported into the secure OS.

Test Networking

See Test Networking.

Prerequisites
  1. The TrustZone kit has been burnt into the server and the TrustZone license has been activated.
  2. The REE patch has been loaded to the server. The CA and TA can be loaded and can communicate with each other properly.
  3. The root public key certificate for the test has been preset on the TA.

Test Procedure
  1. Log in to the REE OS and load the TrustZone REE patch tzdriver. (See Expected Result 1.)

    insmod tzdriver

    /usr/bin/teecd &

  2. Generate a level-2 CA certificate based on the test root public key.
  3. Build and compile a third-party TA based on the level-2 CA certificate.
  4. Run the third-party TA generated in step 3. (See Expected Result 2.)
  5. Import the level-2 CA certificate generated in step 2 into the secure OS.
  6. Repeat step 4. (See Expected Result 3.)

Expected Result
  1. The REE patch is loaded and no error information is displayed.
  2. The TA fails to be loaded. The tlogcat output shows that the TA certificate verification fails.
  3. The TA is running properly.

Test Result

   

Remarks

Ask the Huawei R&D to provide the TA and CA source code and binary files for the test.

Case No.

2.8.2

Test Objective

Verify that a TA certificate revocation list (CRL) can be imported into the secure OS.

Test Networking

See Test Networking.

Prerequisites
  1. The TrustZone kit has been burnt into the server and the TrustZone license has been activated.
  2. The REE patch has been loaded to the server. The CA and TA can be loaded and can communicate with each other properly.
  3. The root public key certificate for the test has been preset on the TA.

Test Procedure
  1. Log in to the REE OS and load the TrustZone REE patch tzdriver. (See Expected Result 1.)

    insmod tzdriver

    /usr/bin/teecd &

  2. Generate a level-2 CA certificate and a level-2 CA CRL based on the test root public key.
  3. Build and compile a third-party TA based on the level-2 CA certificate.
  4. Run the third-party TA generated in step 3. (See Expected Result 2.)
  5. Import the level-2 CA certificate generated in step 2 into the secure OS.
  6. Repeat step 4. (See Expected Result 3.)
  7. Import the level-2 CA CRL generated in step 2 into the secure OS. (See Expected Result 4.)
  8. Repeat step 4. (See Expected Result 2.)

Expected Result
  1. The REE patch is loaded and no error information is displayed.
  2. The TA fails to be loaded. The tlogcat output shows that the TA certificate verification fails.
  3. The TA is running properly.
  4. The CRL is imported successfully.

Test Result

   

Remarks

Ask the Huawei R&D to provide the TA and CA source code and binary files for the test.