diff --git a/drivers/tee/sandbox.c b/drivers/tee/sandbox.c
index 35e8542fa3..86219a9bb1 100644
--- a/drivers/tee/sandbox.c
+++ b/drivers/tee/sandbox.c
@@ -119,6 +119,7 @@ static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params,
 {
 	u32 res;
 	static bool enabled;
+	static bool provisioned;
 
 	switch (func) {
 	case PTA_CMD_ENABLE_SCP03:
@@ -130,12 +131,18 @@ static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params,
 		if (res)
 			return res;
 
-		if (!enabled) {
+		/* If SCP03 was not enabled, enable it */
+		if (!enabled)
 			enabled = true;
-		} else {
-		}
 
-		if (params[0].u.value.a)
+		/* If SCP03 was not provisioned, provision new keys */
+		if (params[0].u.value.a && !provisioned)
+			provisioned = true;
+
+		/*
+		 * Either way, we asume both operations succeeded and that
+		 * the communication channel has now been stablished
+		 */
 
 		return TEE_SUCCESS;
 	default: