Jan 28, 2020
01:02 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jan 28, 2020
01:02 AM
Hi.
I've got the following device: OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi 3 (https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_30-EN.pdf?...). I am trying to get the EK certificate but is seems that it is absent. I'm using the following command to fetch:
I'm getting the following response:
Here is a list of all NV indices (empty):
Does Infineon have a EK certification server to restore the EK certificate? As far as I know this certificate should be already available but it is missing...
Thank you.
I've got the following device: OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi 3 (https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_30-EN.pdf?...). I am trying to get the EK certificate but is seems that it is absent. I'm using the following command to fetch:
tpm2_nvread --index 0x1c00002 -a 0x40000001
I'm getting the following response:
ERROR: Tss2_Sys_NV_ReadPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Failed to read NVRAM public area at index 0x1C00002
ERROR: Unable to run tpm2_nvread
Here is a list of all NV indices (empty):
pi@raspberrypi:~ $ tpm2_nvlist
pi@raspberrypi:~ $
Does Infineon have a EK certification server to restore the EK certificate? As far as I know this certificate should be already available but it is missing...
Thank you.
Solved! Go to Solution.
Labels
- Tags:
- IFX
1 Solution
Dec 21, 2021
03:51 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dec 21, 2021
03:51 AM
Hello,
You may need to create it first:
$tpm2_createek -c endorsement_key.ctx -u endorsement_ppublic_key.pub
Then you can read it:
$tpm2_nvread -o endorsement_certificate.crt 0x1c00002
Regards
1 Reply
Dec 21, 2021
03:51 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dec 21, 2021
03:51 AM
Hello,
You may need to create it first:
$tpm2_createek -c endorsement_key.ctx -u endorsement_ppublic_key.pub
Then you can read it:
$tpm2_nvread -o endorsement_certificate.crt 0x1c00002
Regards