How to validate system after provisioner completes #185
Description
As a matter of best practice, I'd like to validate that devices I've provisioned with this tool are secured and ready for deployment.
To do this, I'm guessing I would need to validate that:
- Secure boot is enforced and active, using my signing key (as specified in CUSTOMER_KEY_FILE_PEM).
- The correct firmware version is running (as specified in RPI_DEVICE_FIRMWARE_FILE).
- A unique device specific encryption key was written to OTP.
- The above device specific encryption key is being used (and must be used) to decrypt and boot my OS image.
- JTAG is disabled.
I've been searching through the documentation, but I haven't been able to find a solid path through verifying each of these items.
I think it'd be a great addition to the documentation, as it would give users of this tool a reliable method of checking the security of their devices, rather than just assuming it's all working properly.