Factory provisioning process

When you start using Device Management factory provisioning, you need to configure the CA that signs device keys, and then link the CA with your Device Management account. Only devices that have keys signed by this CA are allowed to connect to the Device Management service. You need to upload a CA certificate containing the CA public key to Device Management to connect to the service.

See the Setting up your own certificate authority section for more details.

After you have set up the CA and linked it with your account, you are ready to provision devices on the factory line, as follows:

1. Install the software image on your device. The software image needs to include the KCM and the FCC modules.
2. Generate device keys, certificates and configuration parameters for the device.
3. Use the factory tool to deliver the generated keys, certificates and configuration parameters to the device on the manufacturing line.
4. Use the KCM and FCC APIs in the device to validate correctness of information, finalize the provisioning process and block the FCC code in the production image as explained in the following sections.

Unless you use FCU, Device Management provisioning relies on your factory tool to generate and format all the information a device needs to connect to Device Management and transfer this information to the device. The software image needs to include logic that receives provisioning information from the factory tool and uses the KCM and FCC APIs in the device to validate the information and write it to the secure storage.

Warning: Powering down a device, a power failure, or even a drop in power that occurs when you store an item with kcm_item_is_factory set to true can cause corruption of the saved factory item. The kcm_factory_reset API will fail if a factory item is corrupted. Do not power down a device while storing KCM factory items.