"Public" really means anyone who "trusts" the manufacturer of the chip. If
they have a root-of-trust that you can link to the EK cert they put on your
chip during manufacturing, you can convince an arbitrary person (the
public) that your chip is an authentic TPM. The manufacturer, because they
publish the root certificates, becomes a sort of "CA".
If there is no cert on the chip when you get it, you can't establish this
chain of trust. You can create your EK, and create your own cert, but then
the root-of-trust stops with you.
-Tadd
On Wed, Jun 15, 2016 at 10:37 AM Jan Schermer <[email protected]> wrote:
> I got the tools, looks like I can to everything using tpm_nvdefine if
> needed.
>
> What do you mean trusted by public? EK is not really a "public"
> certificate in the sense SSL certificates are, there's no CA, just the
> public portion should be provided by the OEM...
>
> Jan
>
> > On 15 Jun 2016, at 19:05, Ken Goldman <[email protected]> wrote:
> >
> > On 6/14/2016 4:55 AM, Jan Schermer wrote:
> >>
> >> Does anybody know whether this is something I can do using only
> >> tpm-tools? Can I create all the needed indexes and set the nvLocked
> >> bit and get it working properly? (= with TXT working) Or do I
> >> absolutely need this Intel utility because I does something magical
> >> I'm not aware of?
> >
> > You can definitely set nvLocked through the API.
> >
> > I don't know about the TXT indexes.
> >
> > I also wonder if it comes with an EK certificate? If it doesn't, you
> > can provision your own, but it won't be trusted by the public.
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> > reports.
> http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
> > _______________________________________________
> > TrouSerS-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/trousers-users
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.
> http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
