ricardosalveti
commented
5 days ago I am wondering if there is a way to provision data and keys into PKCS11 TA secure storage? We would like to do provision during the device build time or flash phase.
With RPMB and HUK (assuming your device has one), the only feasible way to populate data during provisioning is to run at least some basic software (e.g. initrd) that can create whatever that is needed. You could burn data that is not unique by using a shared HUK/RPMB key, but then it won't really be secure.
I am wondering if there is a way to provision data and keys into PKCS11 TA secure storage? We would like to do provision during the device build time or flash phase.
I have skimmed through issues, but unfortunately I was not able to find any help.