diff --git a/Keymaster.cpp b/Keymaster.cpp
index 7df27ec..4921448 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -96,8 +96,14 @@ bool KeymasterOperation::finish(std::string* output) {
     return true;
 }
 
+/* static */ bool Keymaster::hmacKeyGenerated = false;
+
 Keymaster::Keymaster() {
     auto devices = KmDevice::enumerateAvailableDevices();
+    if (!hmacKeyGenerated) {
+        KmDevice::performHmacKeyAgreement(devices);
+        hmacKeyGenerated = true;
+    }
     for (auto& dev : devices) {
         // Explicitly avoid using STRONGBOX for now.
         // TODO: Re-enable STRONGBOX, since it's what we really want. b/77338527
diff --git a/Keymaster.h b/Keymaster.h
index 7571402..fabe0f4 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -117,6 +117,7 @@ class Keymaster {
   private:
     std::unique_ptr<KmDevice> mDevice;
     DISALLOW_COPY_AND_ASSIGN(Keymaster);
+    static bool hmacKeyGenerated;
 };
 
 }  // namespace vold