Factory Process (Provisioning)

Kunpeng BoostKit for Commercial Cryptography Application uses a TEE OS image. To enable this feature on a server, necessary data must be pre-loaded in the Huawei factory. The provisioning includes the following steps:

1. Burn and lock the hardware unique key (HUK).
2. Burn the image encryption key.
3. Apply for an identity certificate and burn it with the private key (TA).
4. Prevent version rollback.

Due to confidentiality requirements, confidential and trusted data in the TrustZone cannot be loaded online (for example, in a non-Huawei factory environment such as the customer site).