|
|
|
|
|
|
by xg15
1140 days ago
|
|
|
> And, TPMs do have actual privacy mechanisms. End-user TPMs do not offer up their endorsement key to any third party. Attestation workflows shield third parties from the endorsement key. Then how do endorsement keys work? If I understood the OP correctly, the purpose of the endorsement key is so a third party can choose only to accept attestation from TPMs of "trusted" vendors. How does this work if the third party can't query the endorsement key? |
|
|
TPMs do offer up their endorsement key (or an endorsement key certificate) to third parties.
And, TPMs can share attestations in a way that doesn't reveal the endorsement key. They use attestation keys for this. Attestation keys can sign TPM attestations, and these keys do not identify the TPM.
This approach requires a trusted CA. The CA confirms the TPM's identity (using an endorsement certificate issued by the TPM vendor), it confirms that the attestation key and endorsement key reside on the same TPM, and it issues a certificate for an attestation key.
The attestation certificate might contain TPM vendor info, firmware version number, and proof that the attestation private key is hardware-bound. But it need not contain any permanent identifier. The TPM can now use its attestation key and certificate to sign attestations for a third party.