Encryption of VEK#

The diagram below shows Encryption of VEK using PKCS#11 app. It includes following steps:

  1. App passes VEK and Key derivation Strings to PKCS#11 library via their APIs.

  2. PKCS#11 Library talks to TOS to derive VEK Encryption key based on key derivation Strings input.

  3. PKCS#11 Library talks to SE Server to encrypt the VEK and returns Encrypted VEK.

  4. App stores the Encrypted VEK in the filesystem (/etc/nvidia/efs/)

image1