Factory Process (Provisioning)

The TEE OS image used by the TrustZone Kit and TAs to be deployed have confidentiality requirements. In addition, identity certification is required when the system is running. To enable this feature on a server, necessary data must be loaded in the Huawei factory. The provisioning includes the following steps:

1. Burn and lock the hardware unique key.
2. Burn the image encryption key.
3. Apply for an identity certificate and burn it with the private key.
4. Prevent version rollback.

Due to confidentiality requirements, confidential and trusted data in the TrustZone cannot be loaded online (for example, in a non-Huawei factory environment such as the customer site).