- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
EK is needed when do hlk test such "TPM 2.0 Core Provisioning Test" on win10 RS2.
So how can we do the online Endorsement Key Certificate provisioning?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, DaolinChen:
Thank you for contacting Intel Embedded Community.
In order to have a better idea of your request, could you please tell us if the design related to this is a third party one or it has been developed by you? In case that it is a third party one, could you please give us all the information related to it? If it is your design, could you please let us know the part number of the processor and chipset used to implement it?
Thanks in advance for your help to find the information that can help you in the best way possible.
Best regards,
Carlos_A.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Carlos_A,
Thanks for your great support!
Refer to "548200: Security Enableing: Boot Guard, Intel PTT and BIOS Guard", for sku shipped after 1/1/2015,
Online provisioning of Endorsement Certificates will start automatically when system boots to OS with successful
nwetwork conection to intel.com for the first time.
But we found that some pre-production PCH can't do this successfully.
We test failed about WHQL item "TPM 2.0 Core Provisioning Test" on intel KBL-S UDIMM KBP DDR4 CRB (I5-7500T CPU and Q270 A0 Pre-Production Pch),
because there's no EK in intel PTT. And there's no certification in windows's regedit item "SYSTEM\CurrentControlSet\Services\Tpm\WMI\Endorsement\EKCertStreo\Certificates".
Does online provisioning of EK need some specific conditions such as production version of CPU/PCH...?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, DaolinChen:
Thanks for your update.
Based on your previous communication, could you please verify if this problem persists when you use the Intel(R) Q170 or Intel(R) H110 Chipset instead of the Intel(R) Q270Chipset that you are using?
This suggestion is based on the information stated on pages 3, 5, and 6 of the https://www.intel.com/content/dam/www/public/us/en/documents/platform-briefs/7th-generation-core-processor-deskop-iot-platform-brief.pdf 7th Generation Intel(R) Core(TM) and Celeron(R) Desktop Processor Families with Intel(R) H110 and Intel(R) Q170 Chipsets: Platform Brief document # 335406, where is stated that the mentioned platform (processor + chipset) supports the Intel(R) Platform Trust Technology [PTT] with BIOS Guard security feature.
We hope that this information may help you to solve this inconvenience.
Best regards,
Carlos_A.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page