diff --git a/Keymaster.cpp b/Keymaster.cpp
index 7df27ec..4921448 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -96,8 +96,14 @@ bool KeymasterOperation::finish(std::string* output) {
     return true;
 }
 
+/* static */ bool Keymaster::hmacKeyGenerated = false;
+
 Keymaster::Keymaster() {
     auto devices = KmDevice::enumerateAvailableDevices();
+    if (!hmacKeyGenerated) {
+        KmDevice::performHmacKeyAgreement(devices);
+        hmacKeyGenerated = true;
+    }
     for (auto& dev : devices) {
         // Explicitly avoid using STRONGBOX for now.
         // TODO: Re-enable STRONGBOX, since it's what we really want. b/77338527
diff --git a/Keymaster.h b/Keymaster.h
index 7571402..fabe0f4 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -117,6 +117,7 @@ class Keymaster {
   private:
     std::unique_ptr<KmDevice> mDevice;
     DISALLOW_COPY_AND_ASSIGN(Keymaster);
+    static bool hmacKeyGenerated;
 };
 
 }  // namespace vold
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 4a847e3..c14b9a2 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -79,9 +79,10 @@ static bool read_key(struct fstab_rec const* data_rec, bool create_if_absent, Ke
     }
     std::string key_dir = data_rec->key_dir;
     auto dir = key_dir + "/key";
-    LOG(DEBUG) << "key_dir/key: " << key;
-    if (!fs_mkdirs(dir.c_str(), 0700)) {
+    LOG(DEBUG) << "key_dir/key: " << dir;
+    if (fs_mkdirs(dir.c_str(), 0700)) {
         PLOG(ERROR) << "Creating directories: " << dir;
+        return false;
     }
     auto temp = key_dir + "/tmp";
     if (!android::vold::retrieveKey(create_if_absent, dir, temp, key)) return false;