Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

SLB9670 Inconsistent EK (Key) in NVRAM

SLB9670 Inconsistent EK (Key) in NVRAM

jfdawson20
Level 1
Level 1
First reply posted First question asked Welcome!
‎Mar 23, 2023 03:46 AM
‎Mar 23, 2023 03:46 AM
Jump to solution

Hello, 

     I have a few product lines that use a SLB9760 for zero touch enrollments where we provision IAK/IDevID certificates into the TPM during device manufacturing. We've observed that while most SLB9670 devices arrive with the EK (key) missing from NVRAM (where we usually create and persist the EK in NVRAM) some have the EK (key) already present at the default NVRAM location. 

This isn't a "problem" in the sense that I can adjust our process to first check for a EK certificate at the NVRAM index and skip the EK generation and persistence step. However, I'd like to understand why not all new SLB9670's we use in production look the same by default? (e.g. most have EK (key) not persisted in NVRAM at handle 0x81010001 and we need to generate it and then persist it). Is this expected? if so why?

Thanks, 

     Jack

0 Likes
Subscribe
1 Solution

Re: SLB9670 Inconsistent EK (Key) in NVRAM

Shreya_S
Moderator
Moderator
Moderator
First comment on blog 100 replies posted 25 solutions authored
‎Mar 27, 2023 04:23 AM
‎Mar 27, 2023 04:23 AM
Jump to solution

Hello,
Greetings!

The EK is not persistent from factory for TPM SLB9760. It is quick to regenerate.

But, EK certificates are pre-defined in TPM NV indices 0x1c00002 and 0x1c0000a. We recommend you to adjust the process by checking for EK cert in these indices first.

Regards,
Shreya

View solution in original post

0 Likes
3 Replies

Re: SLB9670 Inconsistent EK (Key) in NVRAM

Shreya_S
Moderator
Moderator
Moderator
First comment on blog 100 replies posted 25 solutions authored
‎Mar 24, 2023 02:59 AM
‎Mar 24, 2023 02:59 AM
Jump to solution

Hello,

We're looking into your query at the moment.
Will get back to you by Monday. 

Regards,
Shreya

0 Likes

Re: SLB9670 Inconsistent EK (Key) in NVRAM

Shreya_S
Moderator
Moderator
Moderator
First comment on blog 100 replies posted 25 solutions authored
‎Mar 27, 2023 04:23 AM
‎Mar 27, 2023 04:23 AM
Jump to solution

Hello,
Greetings!

The EK is not persistent from factory for TPM SLB9760. It is quick to regenerate.

But, EK certificates are pre-defined in TPM NV indices 0x1c00002 and 0x1c0000a. We recommend you to adjust the process by checking for EK cert in these indices first.

Regards,
Shreya

0 Likes

Re: SLB9670 Inconsistent EK (Key) in NVRAM

Shreya_S
Moderator
Moderator
Moderator
First comment on blog 100 replies posted 25 solutions authored
‎Apr 03, 2023 11:30 PM
‎Apr 03, 2023 11:30 PM
Jump to solution

Hello,

Please let me know if your query is resolved.

This case will close in 2-3 working days.

Regards,
Shreya

0 Likes