Hello,

I am working on embedded automotive systems repair and investigating behavior of Samsung eMMC (KLMBG4GEUF) in systems that appear to use OP-TEE for secure storage.

Real scenario:

- Two identical devices (same hardware) - One working, one not booting - Full eMMC dump taken from working device: - USER - BOOT1 / BOOT2 - EXT_CSD - RPMB (reported readable, but content appears empty or not usable)

Tests:

- Writing full dump to another device → no boot - Swapping eMMC between boards → both fail - Writing only USER → no change

From observations:

- RPMB appears non-clonable - Secure storage likely bound to hardware - Boot seems dependent on this binding

Questions:

1. In OP-TEE, is RPMB always tied to a hardware unique key (HUK)? 2. Is it expected that RPMB content cannot be reused across identical devices? 3. Does OP-TEE enforce secure storage binding in a way that prevents cloning? 4. In case of damaged eMMC, is there any supported way to reinitialize or recover secure storage?

I am not trying to bypass security, but to understand the architectural limitation in real repair scenarios.

Any clarification would be highly appreciated.

Best regards,