diff --git a/Keymaster.cpp b/Keymaster.cpp
index 7d061bb..7df27ec 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -25,6 +25,7 @@ namespace vold {
 
 using ::android::hardware::hidl_string;
 using ::android::hardware::hidl_vec;
+using ::android::hardware::keymaster::V4_0::SecurityLevel;
 
 KeymasterOperation::~KeymasterOperation() {
     if (mDevice) mDevice->abort(mOpHandle);
@@ -97,8 +98,15 @@ bool KeymasterOperation::finish(std::string* output) {
 
 Keymaster::Keymaster() {
     auto devices = KmDevice::enumerateAvailableDevices();
-    if (devices.empty()) return;
-    mDevice = std::move(devices[0]);
+    for (auto& dev : devices) {
+        // Explicitly avoid using STRONGBOX for now.
+        // TODO: Re-enable STRONGBOX, since it's what we really want. b/77338527
+        if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) {
+            mDevice = std::move(dev);
+            break;
+        }
+    }
+    if (!mDevice) return;
     auto& version = mDevice->halVersion();
     LOG(INFO) << "Using " << version.keymasterName << " from " << version.authorName
               << " for encryption.  Security level: " << toString(version.securityLevel)