|
|
|
|
|
|
by CuriousCosmic
1511 days ago
|
|
|
https://docs.microsoft.com/en-us/windows-server/identity/ad-... This link has some useful details on attestation. For a lot of software you should be able to still use a custom TPM since you could use the EKPub based attestation which is per-device. This would allow you to bake your custom key into the device prior to installation and then whitelist it. I'm by no means an expert but since this is mostly handled at the OS level, provided you control the infra you should be able to roll your own custom TPM and still support attestation & endorsement. So if you are dealing with this on your own personal hardware or in your company (and you have IT's blessing), you should be able to do it but it won't work out of the box. |
|
|