Hello,

 

Could you clarify:

1) Must the tfm_plat_get_huk_derived_key() function to return the same key per each call (as it’s done now), or it may return randomized key (per each call) derived from HUK?

2) If tfm_plat_get_huk_derived_key() may return a different key per call, the generated key must be stored in persistent storage.

    Is this key persistent storage already implemented (using the default parameters) for example in ITS, or the key-storage must be implemented additionally?

    It looks like the current  TFM key storage is placed in RAM, or I have missed something?

 

Thank you,

Andrej Butok