Hi V-Temp,
I enjoyed following that discussion between yourself and SciresM, and reviewed the SMC call documentation on SwitchBrew.
I'm sure my question isn't clear. Switchbrew says that "userspace stores... AES(Ksession, AES(Kkek, K...))", presumably referring to non-trusted userspace...