Optiga Endorsement Credential Certificate (tpm2_getmanufec URL)

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Not applicable
Hi,

TPM2 Tools demonstrates generating an Endorsement Credential Certificate using an endorsement public key and an ekcertservice URL;
https://github.com/tpm2-software/tpm2-tools/blob/3.X/test/system/test_tpm2_getmanufec.sh

Is there a similar URL for Infineon Optiga URLs? Or how is the endorsement certificate generated for these TPMs?

The following page appears to document the relevant CA's but not how to generate the EK certificate, as far as I can understand. https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates/
0 Likes
1 Solution
Not applicable
Seems I resolved it;
tpm2_nvread --index 0x1c00002 -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c0002.cert
tpm2_nvread --index 0x1c0000a -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c000a.cert
emits Infineon certificates with various TCG key extensions.

View solution in original post

0 Likes
1 Reply
Not applicable
Seems I resolved it;
tpm2_nvread --index 0x1c00002 -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c0002.cert
tpm2_nvread --index 0x1c0000a -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c000a.cert
emits Infineon certificates with various TCG key extensions.
0 Likes