Hi Rahul,
This is news to me! Do I understand you correctly that it is somehow possible to output the unique factory programmed KEK of a secure C6748? Is the cornerstone of the security mechanism not that the KEK is never exposed to the developer?
What would prevent an attacker in the field to simply take over the device and somehow get the device into Secure Supervisor mode and force it to provide the KEK?