Embedded Intel® Core™ Processors
Communicate Intel® Core™ Hardware, Software, Firmware, Graphics Concerns

Intel PTT Endorsement Key

DChen14
Beginner
3,618 Views

EK is needed when do hlk test such "TPM 2.0 Core Provisioning Test" on win10 RS2.

So how can we do the online Endorsement Key Certificate provisioning?

0 Kudos
3 Replies
CarlosAM_INTEL
Moderator
1,907 Views

Hello, DaolinChen:

Thank you for contacting Intel Embedded Community.

In order to have a better idea of your request, could you please tell us if the design related to this is a third party one or it has been developed by you? In case that it is a third party one, could you please give us all the information related to it? If it is your design, could you please let us know the part number of the processor and chipset used to implement it?

Thanks in advance for your help to find the information that can help you in the best way possible.

Best regards,

Carlos_A.

0 Kudos
DChen14
Beginner
1,907 Views

Hello Carlos_A,

Thanks for your great support!

Refer to "548200: Security Enableing: Boot Guard, Intel PTT and BIOS Guard", for sku shipped after 1/1/2015,

Online provisioning of Endorsement Certificates will start automatically when system boots to OS with successful

nwetwork conection to intel.com for the first time.

But we found that some pre-production PCH can't do this successfully.

We test failed about WHQL item "TPM 2.0 Core Provisioning Test" on intel KBL-S UDIMM KBP DDR4 CRB (I5-7500T CPU and Q270 A0 Pre-Production Pch),

because there's no EK in intel PTT. And there's no certification in windows's regedit item "SYSTEM\CurrentControlSet\Services\Tpm\WMI\Endorsement\EKCertStreo\Certificates".

Does online provisioning of EK need some specific conditions such as production version of CPU/PCH...?

0 Kudos
CarlosAM_INTEL
Moderator
1,907 Views

Hello, DaolinChen:

Thanks for your update.

Based on your previous communication, could you please verify if this problem persists when you use the Intel(R) Q170 or Intel(R) H110 Chipset instead of the Intel(R) Q270Chipset that you are using?

This suggestion is based on the information stated on pages 3, 5, and 6 of the https://www.intel.com/content/dam/www/public/us/en/documents/platform-briefs/7th-generation-core-processor-deskop-iot-platform-brief.pdf 7th Generation Intel(R) Core(TM) and Celeron(R) Desktop Processor Families with Intel(R) H110 and Intel(R) Q170 Chipsets: Platform Brief document # 335406, where is stated that the mentioned platform (processor + chipset) supports the Intel(R) Platform Trust Technology [PTT] with BIOS Guard security feature.

We hope that this information may help you to solve this inconvenience.

Best regards,

Carlos_A.

0 Kudos
Reply