[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-users
Subject:    Re: [TrouSerS-users] Move the TPM or change the EK
From:       Ken Goldman <kgoldman () us ! ibm ! com>
Date:       2015-08-13 13:09:15
Message-ID: mqi4tk$dkc$1 () ger ! gmane ! org
[Download RAW message or body]

On 8/7/2015 5:56 AM, Julie P wrote:
> Hi all!
>
> I wanted to know what would happen if a TPM is moved to another machine?
> If EK and SRK were already created they are reset?

The EK and SRK are in persistent memory.  They are not reset by a power 
cycle, and thus are not reset if you move to another machine.

The TPM vendor typically generates the EK and its certificate on the 
manufacturing line, before the chips are shipped to the platform 
manufacturer.

> How many times can we recreate an EK with the tpm-tools command
> "tpm_createek"?

Typically, the EK is already generated (by the TPM vendor) so you cannot 
recreate it at all.

Less typically, you get a TPM with no EK and you can run the command once.

While the specification provides an option to create a revokable EK, I 
don't think any TPM vendor implemented it.



------------------------------------------------------------------------------
_______________________________________________
TrouSerS-users mailing list
TrouSerS-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-users
[prev in list] [next in list] [prev in thread] [next in thread]