How does CBoot gets kernel encryption user key from EKB?

Judging by what I’m currently know, EKB decryption and verification is performed solely by Trusty, and after it keys are available for other services (secure and non-secure) by Trusty IPC.

However, after examination of Trusty souce code, it seems that there is no IPC to get the kernel key. Only disk key could be retrieved. So how does CBoot get this key to decrypt kernel?

Nevermind, hwkey-agent just puts it into one of SE keyslots.

Glad to know you find the solution. Thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.