1 files changed, 22 insertions, 0 deletions
diff --git a/docs/modules/ROOT/pages/provisioning-methods.adoc b/docs/modules/ROOT/pages/provisioning-methods.adoc
new file mode 100644
index 0000000..c376c78
--- /dev/null
+++ b/docs/modules/ROOT/pages/provisioning-methods.adoc
@@ -0,0 +1,22 @@
+= Manual provisoning
+//MC: TOMERGE: Looks mostly like a duplicate of this topic: https://github.com/advancedtelematic/aktualizr/blob/master/docs/ota-client-guide/modules/ROOT/pages/simulate-device-cred-provtest.adoc
+As described in the xref:xref:dev@ota-build::sota-variables.adoc[configuration reference], you can set `SOTA_DEPLOY_CREDENTIALS` to `0` to prevent deploying credentials to the built `wic` image. In this case you get a generic image that you can use e.g. on a production line to flash a series of devices. The cost of this approach is that this image is half-baked and should be provisioned before it can connect to the backend.
+Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-shared-prov` by default):
+* For `aktualizr-shared-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`.
+* For `aktualizr-device-prov`
+** put URL to the backend server (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive.
+** put client certificate, private key and root CA certificate (for the *server*, not for the *device*) at `/var/sota/import/client.pem`, `/var/sota/import/pkey.pem` and `/var/sota/import/root.crt` respectively.
+* For  `aktualizr-device-prov-hsm`
+** put URL to the server backend (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive.
+** put root CA certificate (for the *server*, not for the *device*) at `/var/sota/import/root.crt`.
+** put client certificate and private key to slots 1 and 2 of the PKCS#11-compatible device.
+For more extensive information on provisioning methods, see the following topics from the OTA Connect Developer guide:
+//MC: Web links because this topic is only viewable in Github
+* link:https://docs.ota.here.com/ota-client/dev/client-provisioning-methods.html[Device provisioning methods]
+* link:https://docs.ota.here.com/ota-client/dev/enable-device-cred-provisioning.html[Enable device-credential provisioning and install device certificates]
+\ No newline at end of file

diff --git a/docs/modules/ROOT/pages/provisioning-methods.adoc b/docs/modules/ROOT/pages/provisioning-methods.adoc new file mode 100644 index 0000000..c376c78 --- /dev/null +++ b/docs/modules/ROOT/pages/provisioning-methods.adoc
@@ -0,0 +1,22 @@
	1	= Manual provisoning
	2
	3	//MC: TOMERGE: Looks mostly like a duplicate of this topic: https://github.com/advancedtelematic/aktualizr/blob/master/docs/ota-client-guide/modules/ROOT/pages/simulate-device-cred-provtest.adoc
	4
	5	As described in the xref:xref:dev@ota-build::sota-variables.adoc[configuration reference], you can set `SOTA_DEPLOY_CREDENTIALS` to `0` to prevent deploying credentials to the built `wic` image. In this case you get a generic image that you can use e.g. on a production line to flash a series of devices. The cost of this approach is that this image is half-baked and should be provisioned before it can connect to the backend.
	6
	7	Provisioning procedure depends on your provisioning recipe, i.e. the value of `SOTA_CLIENT_PROV` (equal to `aktualizr-shared-prov` by default):
	8
	9	* For `aktualizr-shared-prov` put your `credentials.zip` to `/var/sota/sota_provisioning_credentials.zip` on the filesystem of a running device. If you have the filesystem of our device mounted to your build machine, prefix all paths with `/ostree/deploy/poky` as in `/ostree/deploy/poky/var/sota/sota_provisioning_credentials.zip`.
	10	* For `aktualizr-device-prov`
	11	** put URL to the backend server (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive.
	12	** put client certificate, private key and root CA certificate (for the server, not for the device) at `/var/sota/import/client.pem`, `/var/sota/import/pkey.pem` and `/var/sota/import/root.crt` respectively.
	13	* For `aktualizr-device-prov-hsm`
	14	** put URL to the server backend (together with protocol prefix and port number) at `/var/sota/gateway.url`. If you're using HERE OTA Connect, you can find the URL in the `autoprov.url` file in your credentials archive.
	15	** put root CA certificate (for the server, not for the device) at `/var/sota/import/root.crt`.
	16	** put client certificate and private key to slots 1 and 2 of the PKCS#11-compatible device.
	17
	18	For more extensive information on provisioning methods, see the following topics from the OTA Connect Developer guide:
	19
	20	//MC: Web links because this topic is only viewable in Github
	21	* link:https://docs.ota.here.com/ota-client/dev/client-provisioning-methods.html[Device provisioning methods]
	22	* link:https://docs.ota.here.com/ota-client/dev/enable-device-cred-provisioning.html[Enable device-credential provisioning and install device certificates] \ No newline at end of file