Endorsement key certificate (SLB96702.0)

User18882 · ‎Jan 28, 2020

Hi.
I've got the following device: OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi 3 (https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_30-EN.pdf?...). I am trying to get the EK certificate but is seems that it is absent. I'm using the following command to fetch:

tpm2_nvread --index 0x1c00002 -a 0x40000001

I'm getting the following response:

ERROR: Tss2_Sys_NV_ReadPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Failed to read NVRAM public area at index 0x1C00002
ERROR: Unable to run tpm2_nvread

Here is a list of all NV indices (empty):

pi@raspberrypi:~ $ tpm2_nvlist
pi@raspberrypi:~ $

Does Infineon have a EK certification server to restore the EK certificate? As far as I know this certificate should be already available but it is missing...

Thank you.

AlfTeleco · ‎Dec 21, 2021

Hello,

You may need to create it first:

$tpm2_createek -c endorsement_key.ctx -u endorsement_ppublic_key.pub

Then you can read it:

$tpm2_nvread -o endorsement_certificate.crt 0x1c00002

Regards

Endorsement key certificate (SLB96702.0)

Re: Endorsement key certificate (SLB96702.0)