Oh, I missed the L1 in the title. Basically, all the decryption at L1 is happening inside a Trusted Execution Environment. This is a dedicated chip that does all encryption-decryption (among other things). This is why it is so difficult to extract the keys, because they don’t enter the CPU or are stored in RAM, because the dedicated chip handles all of these.
So I don’t think you can find a guide about this, because if anyone has found even one exploit, they would be keeping it to ourselves, so that it doesn’t get patched.
Although it is very difficult, I think the only real solution is to reverse engineer a TEE and find an exploit yourself.
If you manage to do this, please let me know! I am happy to get updates about progress in this topic.
Is it just me, or have I seen like 6-7 of these posts at this point?