// Inside TEE - no exposure to Rich OS int generate_and_provision_rpmb_key(void) uint8_t entropy[64]; uint8_t rpmb_key[32]; uint8_t device_id[16]; // 1. Gather entropy from hardware TRNG tee_trng_read(entropy, sizeof(entropy));
The TEE sends the generated key to the eMMC/UFS device via a secure CMD23 (SET_BLOCK_COUNT) / CMD25 (WRITE_MULTIPLE_BLOCK) sequence, using the RPMB frame format. This command is authenticated by the TEE, but the key itself is transmitted encrypted or over a secure channel (often with a temporary session key). rpmb key generator
A monotonic write counter is included in the MAC calculation, ensuring that old valid commands cannot be captured and "replayed" later. 2. RPMB Key Generation Methods // Inside TEE - no exposure to Rich