Environment Requirements

Hardware Requirements

Table 1 lists the hardware requirements.

**Table 1** Hardware environment
Item	Version
Server	TaiShan 200 server (model 2280)
Motherboard	Kunpeng motherboard
BMC	1711 board (model: BC82SMMAB); firmware version: 3.01.12.49 or later
BIOS	Firmware version: 1.83 or later
CPU	Kunpeng 920 processor (model 7260, 5250, or 5220)
Chassis	No special requirements; an 8- or 12-drive chassis recommended

The TrustZone feature must have been pre-installed on the server, that is, the TEE OS, TEE OS boot key, BMC, BIOS, and license must have been pre-installed on the server. For details about how to check whether they have been pre-installed, see Checking the TrustZone Kit.
For common servers, the TrustZone feature cannot be enabled only by upgrading the BMC, BIOS, and TEE OS firmware.
By default, the TrustZone feature is disabled on the server. See Setting the BIOS for how to enable it.

Software Packages

Table 2 describes how to obtain the software packages.

**Table 2** Software packages
Software Package	Version (Branch) Requirement	Description	How to Obtain
itrustee_tzdriver	master	Source code of the patch package in the iTrustee REE	https://gitee.com/openeuler/itrustee_tzdriver
itrustee_client	master	Source code of the patch package in the iTrustee REE	https://gitee.com/openeuler/itrustee_client
libboundscheck	master	Huawei safety function library	https://gitee.com/openeuler/libboundscheck
BoostKit-teeos_1.3.2.SPC5.zip	1.3.2.SPC5	TEE OS firmware package	Download from Huawei enterprise website: BoostKit-teeos_1.3.2.SPC5.zip Download from Huawei carrier website: BoostKit-teeos_1.3.2.SPC5.zip NOTE: The iTrustee firmware has been pre-deployed on the TaiShan server that integrates the TrustZone feature. If a new version of iTrustee firmware is released, you can upgrade the firmware by yourself. For details, see Upgrading Firmware.

Verifying Software Package Integrity

After downloading a software package from the Huawei carrier or enterprise website, verify that the obtained software package is the same as the one provided on the website.

Verify a software package as follows:

Obtain the corresponding software digital certificate and software installation package from Software Packages.
Obtain the verification tool and guide from:
- Huawei enterprise website:
  https://support.huawei.com/enterprise/en/tool/pgp-verify-TL1000000054
- Huawei carrier website:
  https://support.huawei.com/carrier/digitalSignatureAction
Verify the installation package integrity by following the instructions described in the OpenPGP Signature Verification Guide obtained in 2.

Checking the TrustZone Kit

Perform the following steps to check whether the TrustZone kit has been pre-installed on the Kunpeng server.

Check the iBMC and BIOS versions.
Log in to the iBMC and view the iBMC and BIOS firmware versions on the home page.

The iBMC firmware version must be 3.01.12.49 or later, and the BIOS firmware version must be 1.83 or later. If either version is earlier, the server does not have the Kunpeng TrustZone kit.
Check the TrustZone license.
Log in to the iBMC WebUI. On the home page, choose iBMC Management > License Management to check the license status.

The license must have been imported and is still valid, and the Kunpeng accelerator SEC Function feature is Enabled. If this condition is not met, the Kunpeng TrustZone function cannot be enabled even if the firmware related to the TrustZone kit has been burnt to the server.
Check the secure OS boot key.
1. Log in to the server BIOS.
2. Choose Advanced > TEE Config to view the TEE configuration option.
3. Check the OEMKEY installation status.
  
  If TEE OEMKEY is in the Install state, the Kunpeng TrustZone kit has been pre-installed on the server. You can set Support TEE to enable the TrustZone function on the Kunpeng server.

Parent topic: Setting Up the TA and CA Operating Environment