Encryption of VEK#
The diagram below shows Encryption of VEK using PKCS#11 app. It includes following steps:
App passes VEK and Key derivation Strings to PKCS#11 library via their APIs.
PKCS#11 Library talks to TOS to derive VEK Encryption key based on key derivation Strings input.
PKCS#11 Library talks to SE Server to encrypt the VEK and returns Encrypted VEK.
App stores the Encrypted VEK in the filesystem (/etc/nvidia/efs/)