NG-Production Hardware Trust

Hardware States

Production through revocation

Trust Anchors

CSR

Device keys stay on hardware

Firmware Gate

Approve

Release provenance before NG-Key

Audit Evidence

ISO

Lifecycle records by design

Hardware Lifecycle

Factory to tenant, with every custody change recorded.

Deny by default

registered

test pending

test passed

cert issued

stock internal

reseller pool

project reserved

tenant assigned

installed

rma pending

returned

scrapped

revoked

Certificate Trust

CSR intake with production evidence.

Factory stations authenticate before submitting serial, device UID, firmware version, test evidence, and CSR. NG-Production signs only after a passed test and stores fingerprints, not private keys.

mTLS-ready station identity

CSR proof of possession

Evidence hash stored

RMA and scrap revoke certificates

Firmware Trust Source

Approved releases publish into NG-Key.

Build outputs carry package hashes, secure manifests, signatures, signing profiles, approval state, and publish metadata. NG-Key remains the OTA dispatcher while NG-Production owns release authority.

ISO Evidence

Controls are visible in the product, not just in documents.

Asset inventory, cryptographic custody, firmware approval, supplier batch evidence, access control, and incident/RMA trails are built into the NG-Production data model.