Trying to use encrypted secure boot. All works, but I want to be able to generate a DEK blob while sitting at the Linux command prompt on the device itself. I understand that I am able to burn fuses and lock the processor using OCOTP sysfs capability but also want this to actually generate a DEK blob by writing a chosen dek.bin to a sysfs file and reading back a DEK blob from that or another sysfs file.
I know this is possible because I was able to do it before but forgot how since then. I remember there was a specific patch that was needed for the kernel in order to do this. I have been unable to find this anywhere. I know there are a couple of different patches out there but they generate a more general blob than the specific DEK blob that I need that has a "81" header, etc. I basically want to duplicate the exact code functionality done by uboot dek_blob command but in the Linux kernel accessible by user space on the command line.
Any help would be most appreciated. Thanks in advance,