In Imx6q Security Reference Manual Chapter 6, see following:
If the SNVS determines the chip is in a trustworthy state, it allows CAAM to use a secret 256-bit value that CAAM uses to derive cryptographic keys during blob encapsulation and decapsulation.
We can know CAAM use 256-bit secret value to devrie cryptographic key blob encapsulation and decapsulation.
I want to confim if only CAAM can read this 256-bit secret value from SNVS? If not, except CAAM, who can read this 256-bit secret value from SNVS?