Systems and techniques are described for key establishment. For instance, a process can, during a first cryptographic key derivation, store a first trusted measurement value of a first entity in a first storage location, store an expected measurement value of a second entity in a second storage location, and generate a first instance of a cryptographic key using the first trusted measurement value, the expected measurement value, and a key derivation function (KDF). The process can, during a second cryptographic key derivation, obtain the expected measurement value as a second trusted measurement value of the second entity and store it in the second storage location, obtain the first trusted measurement value as a second expected measurement value and store it in the first storage location, and generate a second instance of the cryptographic key using the second expected measurement value, the second trusted measurement value, and the key derivation function.