...
Solution
A symmetric key will be generated by the controller module. This symmetric key will be used for both encryption and decryption, generated by the controller module. The configuration blob will contain a symmetric key attribute field, to store this symmetric key.
While preparing the configuration blob, the controller will use this symmetric key will be used to encrypt the sensitive information. In turn,the controller will use, the EVE node device certificate will be used to encrypt the symmetric key.
While invoking decryption APIsOn EVE node, the EVE agents will also pass the encrypted symmetric key along with the encrypted sensitive information, while calling decryption method API. The symmetric key will be decrypted using first, using the device private key stored inside TPM module. The In turn, the decrypted symmetric key , in turn, will will be used to decrypt the sensitive information.
...