Discussion:
[TrouSerS-users] Move the TPM or change the EK
Julie P
2015-08-07 09:56:00 UTC
Permalink
Hi all!

I wanted to know what would happen if a TPM is moved to another machine?
If EK and SRK were already created they are reset?
My tpm is welded (not a 20pins connector) to my motherboard so I can't test by myself.


If we change the EK everything is deleted?
How many times can we recreate an EK with the tpm-tools command "tpm_createek"?

Thank's a lot!
Ken Goldman
2015-08-13 13:09:15 UTC
Permalink
Post by Julie P
Hi all!
I wanted to know what would happen if a TPM is moved to another machine?
If EK and SRK were already created they are reset?
The EK and SRK are in persistent memory. They are not reset by a power
cycle, and thus are not reset if you move to another machine.

The TPM vendor typically generates the EK and its certificate on the
manufacturing line, before the chips are shipped to the platform
manufacturer.
Post by Julie P
How many times can we recreate an EK with the tpm-tools command "tpm_createek"?
Typically, the EK is already generated (by the TPM vendor) so you cannot
recreate it at all.

Less typically, you get a TPM with no EK and you can run the command once.

While the specification provides an option to create a revokable EK, I
don't think any TPM vendor implemented it.



------------------------------------------------------------------------------
Loading...