From 9bf2962852cc46ad0ac5cca916eaa80cb3377824 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 9 Mar 2022 16:39:35 -0700
Subject: [PATCH] default to strict NVM operations with key generation

---
 wolfcrypt/src/port/caam/wolfcaam_seco.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c
index c0d0634fc..cad76e0f0 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_seco.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c
@@ -413,7 +413,9 @@ int wc_SECO_GenerateKey(int flags, int group, byte* out, int outSz,
         key_args.key_identifier = keyIdOut;
         key_args.out_size = outSz;
         key_args.out_key  = out;
-        key_args.flags     = flags;
+
+        /* default to strict operations with key in NVM */
+        key_args.flags = flags | HSM_OP_KEY_GENERATION_FLAGS_STRICT_OPERATION;
         key_args.key_group = group;
         key_args.key_info  = keyInfo;
         key_args.key_type  = keyType;