Thomas Winkler wrote:
>Till Bentz wrote:
>>I tried to create an AIK using the examples as a base. I succeeded in
>>creating TcTpmIdentityProof. But it seems that none of the credentials is
>>inside that proof.
>>I have a STM TPM which is supposed to be 1.2.
>>
>>Does anyone knows, if that chip delivers the above mentioned credentials?
>>Or did I just miss some important point?
> The only TPM manufacturer that I'm aware of that delivers EK credentials for
> its TPMs is Infineon. All the other manufacturers currently do not deliver EK
> certificates.
To be more specific, IFX TPM 1.1 and TPM 1.2 contain a TPM Endorsement Key (EK)
certificate on-chip. For 1.1 an IFX specific extraction method is needed,
for 1.2 it is standardised how to extract certificate(s) from
non-volatile ram.
Both are supported by JTss.
If you use JTssWrapper you have to manually tell TrouSerS via tcsd.conf which
credentials to use.
I don't know of any (OEM) manufacturer shipping platform endorsement or
conformance credentials.
HTH
--
Martin Pirker
IAIK, TU Graz
|
