The TPM hardware security module is employed to securely manage the master key. The entire process of key generation and storage is carried out within the TPM, ensuring that the master key is never exposed as plaintext on disk or in memory. Leveraging the non-volatile storage capabilities of the TPM, the master key is persisted, enabling secure recovery without manual re-injection after device restarts.
Signed-off-by: 邓瑞 cherydeng@dengruideMac-mini.local