Great question. The master key of PSP is stored in the NIC and shipped with the device. That's how authenticity is provided. Other than that, it's focused on confidentiality and integrity.
This sounds like literally THE one master key? If google was ever made aware one device was lost or potentially compromised they would replace all devices?
I doubt there's one. Probably each NIC has a separate master key. And they could reduce chance of compromise by loading the key at runtime and making it write-only.
As the PSP arch spec said, it seems each NIC has two master key.
> each NIC has two 256-bit AES keys, called master keys, not shared with any hosts
including its own, or with any other NICs. The master keys are "critical security parameters",which are kept ephemerally in on-NIC RAM, and must not be stored on any persistent medium.
