...
A symmetric key will be used for both encryption and decryption, generated by the controller module. The configuration blob will contain a symmetric key attribute, to store this symmetric key. The While preparing the configuration blob, the symmetric key will be used to encrypt the sensitive information inside the configuration payload. Controller will use . In turn, the device certificate will be used to encrypt the symmetric key, inside the configuration blob.
While invoking decryption APIs, the EVE agents will also pass the encrypted symmetric key. The symmetric key will be decrypted using the device private key stored inside TPM module. The decrypted symmetric key, in turn, will be used to decrypt the sensitive information.
...