TPM2 EK certificate

mrgenie

Hi,

I am trying to use an application that utilizes the TPM EK certificate on the hardware to perform hardware attestation. I am using the UPxtreme i7 board and I noticed there was no EK certificate in the TPM NVRAM. I have been trying unsuccessfully to manually create an EK certificate and upload into the NVRAM. Any ideas on how to go about this?

I am using ubuntu 20.04 on the board and I have installed all the necessary tpm tools.

Wilbert

Hi Mrgenie,

According to Intel's reply, if you need to restore the EK certificate, you need to use Windows 10 and connect to the Internet.

Please change the OS to Windows first, after entering Windows, execute Win key + R -> type "tpm.msc" -> a window appears -> select Clear TPM in the upper right corner.

After clearing, please connect to the Internet, confirm that you can connect to the Internet, and then reboot.

During the restart process, Windows will automatically restore the EK certificate from the cloud, and you can confirm whether it is restored after powering on.

It can be confirmed from the Registry, the path is HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore\Certificates\

Best regards

Wilbert

Hi Mrgenie,

Supplement: After installing Windows, you need to install drivers, at least Chipset and TXE drivers, in order to update the EK certificate normally
Supplement: After installing Windows, you need to install drivers, at least Chipset and TXE drivers, in order to update the EK certificate normally