Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ TPM

User18882
Level 1
First question asked
Level 1
Hi.
I've got the following device: OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi 3 (https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_30-EN.pdf?...). I am trying to get the EK certificate but is seems that it is absent. I'm using the following command to fetch:
tpm2_nvread --index 0x1c00002 -a 0x40000001


I'm getting the following response:
ERROR: Tss2_Sys_NV_ReadPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Failed to read NVRAM public area at index 0x1C00002
ERROR: Unable to run tpm2_nvread


Here is a list of all NV indices (empty):
pi@raspberrypi:~ $ tpm2_nvlist
pi@raspberrypi:~ $


Does Infineon have a EK certification server to restore the EK certificate? As far as I know this certificate should be already available but it is missing...

Thank you.
0 Likes
1 Reply
AlfTeleco
Level 1
First like received First reply posted Welcome!
Level 1

Hello, 

 

You may need to create it first: 

$tpm2_createek -c endorsement_key.ctx -u endorsement_ppublic_key.pub

Then you can read it: 

$tpm2_nvread -o endorsement_certificate.crt 0x1c00002

 

Regards