Not applicable
Jul 31, 2018
03:12 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jul 31, 2018
03:12 AM
Hi,
TPM2 Tools demonstrates generating an Endorsement Credential Certificate using an endorsement public key and an ekcertservice URL;
https://github.com/tpm2-software/tpm2-tools/blob/3.X/test/system/test_tpm2_getmanufec.sh
Is there a similar URL for Infineon Optiga URLs? Or how is the endorsement certificate generated for these TPMs?
The following page appears to document the relevant CA's but not how to generate the EK certificate, as far as I can understand. https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates/
TPM2 Tools demonstrates generating an Endorsement Credential Certificate using an endorsement public key and an ekcertservice URL;
https://github.com/tpm2-software/tpm2-tools/blob/3.X/test/system/test_tpm2_getmanufec.sh
Is there a similar URL for Infineon Optiga URLs? Or how is the endorsement certificate generated for these TPMs?
The following page appears to document the relevant CA's but not how to generate the EK certificate, as far as I can understand. https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates/
Solved! Go to Solution.
- Tags:
- endorsement
- IFX
- tpm
1 Solution
Not applicable
Jul 31, 2018
07:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jul 31, 2018
07:47 AM
Seems I resolved it;
tpm2_nvread --index 0x1c00002 -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c0002.cert
tpm2_nvread --index 0x1c0000a -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c000a.cert
emits Infineon certificates with various TCG key extensions.
tpm2_nvread --index 0x1c00002 -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c0002.cert
tpm2_nvread --index 0x1c0000a -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c000a.cert
emits Infineon certificates with various TCG key extensions.
1 Reply
Not applicable
Jul 31, 2018
07:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jul 31, 2018
07:47 AM
Seems I resolved it;
tpm2_nvread --index 0x1c00002 -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c0002.cert
tpm2_nvread --index 0x1c0000a -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c000a.cert
emits Infineon certificates with various TCG key extensions.
tpm2_nvread --index 0x1c00002 -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c0002.cert
tpm2_nvread --index 0x1c0000a -a 0x40000001 -o 0 --tcti $(TPM_TCTI) > nvread.1c000a.cert
emits Infineon certificates with various TCG key extensions.