Factory Process (Provisioning)

The TMM images used by the TEE Kit have confidentiality requirements. In addition, identity authentication is required when the system is running. To enable identity authentication on a server, necessary data must be pre-loaded in the Huawei factory. The provisioning includes the following steps:

1. Burn and lock the hardware unique key.
2. Burn the image encryption key.
3. Apply for an identity certificate and burn it with the private key.
4. Prevent version rollback.

Due to confidentiality requirements, confidential and trusted data in the TEE Kit cannot be loaded online (for example, in a non-Huawei factory environment such as the customer site).