[joerichey]

I don't think that Windows 11 requires any sort of EK cert at all. If they did, it would require them to restrict the TPMs to a list of "approved" vendors.

In this case, they bought the actual TPM2 part of the chip from Infinion, so it might already have an EK Cert on it.

[strstr]

Well, that’s what I get for skimming poorly. They did just slap an off the shelf infineon chip in, so yeah, real EKcert from a legit vendor.

I skimmed and had some wishful thinking that they just made a cheap off the shelf chip do the job of a TPM2 by slamming in an existing TPM2 implementation.

[Nextgrid]

> I skimmed and had some wishful thinking that they just made a cheap off the shelf chip do the job of a TPM2 by slamming in an existing TPM2 implementation.

Is there any evidence that it wouldn't be possible - does Windows have a list of approved EK certificate authorities it expects?

The only reason I could think for this would be DRM, but I wouldn't expect this to be a requirement merely to install the OS (the un-approved TPM would still be good for any non-DRM uses, and would be useful in VMs where the TPM is already emulated by the hypervisor).