Skip to content
/ oem-prov-app Public

The OEM Provisioning Application is a reference application which performs the OEM provisioning. The OEM provisioning consists in importing the assets formatted by the EdgeLock 2GO server into the EdgeLock Enclave.

License

BSD-3-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nxp-imx/oem-prov-app

BranchesTags

Repository files navigation

OEM Provisioning Application Project

This git repository contains the sources (C standard) for the OEM Provisioning Application.

Overview

The OEM Provisioning Application is a tool designed to facilitate the OEM provisioning process. It supports the import of security assets into the EdgeLock Enclave. The application can operate in two main modes.

Modes of operation

The OEM Provisioning Application supports two modes of operation:

Direct on-line mode

  • In this mode, the application connects directly to EdgeLock 2GO Server using the EdgeLock 2GO Agent libraries and retrieves the necessary security assets over a mutual TLS connection.
  • After receiving each asset, the application provisions them into the EdgeLock Enclave.
  • Optionally, the non-volatile key storage can be committed to the physical memory and device lifecycle moved to closed/closed-locked state.

Indirect mode

  • In this mode, the security assets are already available in an external memory location, such as an eMMC/SD card on a FAT32 partition.
  • The OEM Provisioning Application reads the assets from the partition and imports them into the EdgeLock Enclave.
  • Optionally, the non-volatile key storage can be committed to the physical memory and device lifecycle moved to closed/closed-locked state.

Additional features

  1. Commit the secure storage
  • The application can commit the non-volatile key storage into physical memory.
  • The hardware anti-rollback counter is also incremented during this process, ensuring that the device's state cannot be rolled back to a previous insecure state.
  1. Close the device
  • The device lifecycle can be moved to closed or closed-locked states. Once closed, the device can only boot signed images.
  1. Claim Code Injection
  • The application supports the injection of a claim code into the EdgeLock Enclave.
  • The claim code can be read from a file on the local file system.
  1. Retriece Device UUID
  • The application can retrieve the device UUID.

Installation guide

Project installation guide can be found in the Installation Guide

User guide

Project user guide can be found in the User Guide

Yocto layer

A yocto layer used to build/configure OEM Provisioning Application can be found in Yocto layer.

List of changes

The list of changes can be found in the Change Log

License

All the sources are under BSD 3-Clause license.

About

The OEM Provisioning Application is a reference application which performs the OEM provisioning. The OEM provisioning consists in importing the assets formatted by the EdgeLock 2GO server into the EdgeLock Enclave.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages