Trusty OS uses secure storage to protect userdata. This secure storage is based on RPMB (Replay Protected Memory Block) on the eMMC chip. RPMB needs to be initialized with an RPMB key, and default execution flow of images does not make this initialization.

RPMB key cannot be changed once it is set.

You can initialize RPMB with a specified key or a random key.

Program a specified 256-bit key

  1. Create a file with the key.

    A file containing the key must be generated.

    The default key file is /usr/local/dea-11.0-r2/device/digi/common/security/rpmb_key_test.bin. In this file, all 256 bits are zero.

    To generate the key file follow these steps:

    $ touch rpmb_key.bin
    $ echo -n "RPMB" > rpmb_key.bin
    $ echo -n -e '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' >> rpmb_key.bin

    Each \x00 is a 8-bit character whose value is the hexadecimal value 00. Replace 00 with custom hexadecimal values to set.

  2. Enter U-Boot fastboot mode:

    => fastboot 0
  3. Execute the following commands:

    $ fastboot stage <path/to/rpmb_key.bin>
    $ fastboot oem set-rpmb-key
  4. Reboot the board.

    The RPMB service in Trusty OS is then initialized.

Program a random key

  1. Enter U-Boot fastboot mode:

    => fastboot 0
  2. Execute the following commands:

    $ fastboot oem set-rpmb-random-key

    The random key is generated on the device, and is invisible to everyone. Your device may no longer boot up if the RPMB key message was destroyed.

  3. Reboot the board.

    The RPMB service in Trusty OS is then initialized.

Do not erase the eMMC of a closed device with the RPMB authentication key already programmed. In that case, Android with Trusty will not boot anymore.