Hi Joanna, > Unfortunately, the datasheet, nor any other document I was able to find, > tells how one could retrieve such a certificate out of the TPM's NV > memory. And ideally that this worked for all the TPMs from all sorts of > vendors...
This info lives in the TPM Main Structures spec, section 19.1.2, under NV Reserved index values: 0x0000F000 TPM_NV_INDEX_EKCert Reading this NV index should get you the EK Cert if the vendor supports it. Kent > Of course, without being able to authenticate the EK key, all the Remote > Attestation schemes are pretty useless in practice, so I thought this > might be a good list to ask this question, as one of the primary > applications of tboot is remote attestation actually. Plus, tboot has > quite a few tools to talk to the TPM. > > Thanks, > joanna. > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > tboot-devel mailing list > tboot-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tboot-devel > -- IBM LTC Security ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
