Before some manual steps were required under u-boot console to trigger
the RPMB key provisioning, this was not so friendly for both the users
and the factory during manufactoring.
With this change, manual trigger is never required. Now by booting the
special firmware, the RPMB key is auto provisioned. And the result could
be checked both from frimware booting log and from linux mmc command.
Although, with a well equiped kernel image - with CONFIG_TEE_STMM_EFI or
CONFIG_TCG_FTPM_TEE enabled, it is also possible to auto provision the
RPMB key by a simple booting of that OS image, this brings extra
dependency on the OS image. It's better for the bootloader to finish
this task by its own, which benifits for some operation envioronment,
such as the manufactoring.
Before some manual steps were required under u-boot console to trigger the RPMB key provisioning, this was not so friendly for both the users and the factory during manufactoring.
With this change, manual trigger is never required. Now by booting the special firmware, the RPMB key is auto provisioned. And the result could be checked both from frimware booting log and from linux
mmc
command.Although, with a well equiped kernel image - with CONFIG_TEE_STMM_EFI or CONFIG_TCG_FTPM_TEE enabled, it is also possible to auto provision the RPMB key by a simple booting of that OS image, this brings extra dependency on the OS image. It's better for the bootloader to finish this task by its own, which benifits for some operation envioronment, such as the manufactoring.