Re: [Trustedjava-support] Problems with Credentials

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thomas Winkler wrote:
>Till Bentz wrote:
>>I tried to create an AIK using the examples as a base. I succeeded in
>>creating TcTpmIdentityProof. But it seems that none of the credentials is
>>inside that proof.
>>I have a STM TPM which is supposed to be 1.2.
>>
>>Does anyone knows, if that chip delivers the above mentioned credentials?
>>Or did I just miss some important point?

> The only TPM manufacturer that I'm aware of that delivers EK credentials for 
> its TPMs is Infineon. All the other manufacturers currently do not deliver EK 
> certificates.

To be more specific, IFX TPM 1.1 and TPM 1.2 contain a TPM Endorsement Key (EK)
certificate on-chip. For 1.1 an IFX specific extraction method is needed,
for 1.2 it is standardised how to extract certificate(s) from
non-volatile ram.
Both are supported by JTss.

If you use JTssWrapper you have to manually tell TrouSerS via tcsd.conf which
credentials to use.

I don't know of any (OEM) manufacturer shipping platform endorsement or
conformance credentials.

HTH

-- 
Martin Pirker
IAIK, TU Graz