Mobile and Desktop Processors
Intel® Core™ processors, Intel Atom® processors, tools, and utilities
Annonces
FPGA community forums and blogs have moved to the Altera Community. Existing Intel Community members can sign in with their current credentials.
16889 Discussions

404 error retrieving endorsement key certificate on Intel N100 fTPM

akowalsk
Débutant
‎10-24-2023 08:27 AM
3 104 Visites

I am attempting to configure a new Intel N100-based mini-computer for tpm2 remote attestation.  However, I am unable to retrieve the endorsement certificate from the intel ekcertservice (this is built-in to the tpm2-tools commands).  Both the RSA and ECC versions fail with an HTTP 404 error from Intel's endpoint.

 

Desired behavior is the ekcertservice response with the correct endorsement key certificate.

 

I have attached screenshots of the system bios, the CPU information and the Trusted Computing configuration.  I am also attaching the verbose output from the tpm2 getekcertificate command (both ECC and RSA), as well as the output from the Intel® System Support Utility ran on the computer.

 

Aperçu du fichier
3462 KB
Aperçu du fichier
3021 KB
Aperçu du fichier
3 KB
Aperçu du fichier
8 KB
Aperçu du fichier
3 KB
0 Compliments

Lien copié

2 Réponses
DeividA_Intel
Employé
‎10-25-2023 11:53 AM
3 063 Visites

Hello akowalsk,  


Thank you for posting on the Intel® communities. I understand you are having an issue retrieving the endorsement certificate.


I would like to let you know that the Intel® PTT is an integrated TPM that adheres to the 2.0 specifications and offers the same capabilities of a discrete TPM, only it resides in the system’s firmware, thus removing the need for dedicated processing or memory resources.


However, it’s possible that your TPM may have been turned off in the firmware by the computer manufacturer and may require you to enable it to meet the new requirement. Since this is a mini PC manufactured by PELADN, I recommend you to get in contact with PELADN to get further information related to TPM and endorsement certificate.


Please keep in mind that this thread will no longer be monitored by Intel.  


Regards,  

Deivid A.  

Intel Customer Support Technician  


0 Compliments
Copier le lien
akowalsk
Débutant
‎10-25-2023 01:24 PM
3 057 Visites
En réponse à DeividA_Intel

The TPM is definitely enabled and definitely works (for example, I can seal information in it, etc.).  The issue is that the intel server is returning a 404 response when I try to retrieve the Endorsement Key Certificate using this command: https://tpm2-tools.readthedocs.io/en/latest/man/tpm2_getekcertificate.1/

 

The tool makes a GET request to https://ekop.intel.com/ekcertservice/ZAj_57djofAHy6RPePTR7fULr1bPsLSrZ3Vk9hrSrDw%3D which returns a 404.  Other systems work just fine (the path param is different, I think that's unique to each TPM).  Intel is the company responsible for the endorsement certificate, not PELADN, since it's burned into the chip itself.

En réponse à DeividA_Intel
0 Compliments
Copier le lien
Répondre

L'assistance à la communauté est fournie du lundi au vendredi. D'autres moyens d'entrer en contact sont disponibles ici.

Intel ne vérifie pas l'intégralité des solutions, y compris, entre autres, les transferts de fichiers qui peuvent avoir lieu au sein de cette communauté. Intel décline donc toutes garanties explicites et implicites, y compris, sans s'y limiter, les garanties implicites de qualité marchande, d'adéquation à un usage particulier et de respect des droits de propriété intellectuelle, ainsi que toute garantie découlant des performances, des transactions ou de l'utilisation.

Pour obtenir des informations plus complètes sur l'optimisation des compilateurs, voir notre Avis d'optimisation.