Skip to content
/ oem-prov-app Public

The OEM Provisioning Application is a reference application which performs the OEM provisioning. The OEM provisioning consists in importing the assets formatted by the EdgeLock 2GO server into the EdgeLock Enclave.

License

BSD-3-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nxp-imx/oem-prov-app

BranchesTags

Repository files navigation

OEM Provisioning Application Project

This git repository contains the sources (C standard) for the OEM Provisioning Application.

Overview

The OEM Provisioning Application is a tool designed to facilitate the OEM provisioning process. It supports the import of security assets into the EdgeLock Enclave. The application can operate in two main modes.

Modes of operation

The OEM Provisioning Application operates in two primary modes:

Device provisioning via cloud mode (online mode)

  • The application connects to the EdgeLock 2GO Server using EdgeLock 2GO Agent libraries over a mutual TLS connection.
  • It retrieves and provisions security assets into the EdgeLock Enclave.
  • Optionally, it can:
    • Commit non-volatile key storage to physical memory.
    • Transition the device lifecycle to closed or closed-locked state.

Offline modes

There are two types of offline provisioning:

a. Provisioning via Proxy

  • Security assets are device-specific (tied to the device UUID).
  • Assets are stored externally (e.g., on an eMMC/SD card on a FAT32 partition or on the local filesystem).
  • The application reads and imports these assets into the EdgeLock Enclave.

b. Product-Based Provisioning

  • Security assets are not tied to a specific device UUID, but they are tied to the device family and the EdgeLock 2GO provisioning group.
  • Like proxy mode, assets are read from external storage and provisioned into the enclave.

Additional features

  1. Commit the secure storage
  • The application can commit the non-volatile key storage into physical memory.
  • The hardware anti-rollback counter is also incremented during this process, ensuring that the device's state cannot be rolled back to a previous insecure state.
  1. Forward the device lifecycle
  • The device lifecycle can be moved to closed or closed-locked states. Once closed, the device can only boot signed images.
  1. Claim Code Injection
  • The application supports the injection of a claim code into the EdgeLock Enclave.
  • The claim code can be read from a file on the local file system.
  1. Retrieve Device UUID
  • The application can retrieve the device UUID.

Installation guide

Project installation guide can be found in the Installation Guide

User guide

Project user guide can be found in the User Guide

List of changes

The list of changes can be found in the Change Log

License

All the sources are under BSD 3-Clause license.

About

The OEM Provisioning Application is a reference application which performs the OEM provisioning. The OEM provisioning consists in importing the assets formatted by the EdgeLock 2GO server into the EdgeLock Enclave.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages