Processors
Intel® Processors, Tools, and Utilities
14818 Discussions

How to verify an Intel PTT endorsement key certificate

dhdj
Beginner
610 Views

My cpu is a i9-14900K I've exported the ek cert using the powershell commands

 

 

$a=Get-TpmEndorsementKeyInfo
$a.manufacturerCertificates|Export-Certificate -filepath "D:\Downloads\test.cer"

 

 


but it is a self signed certificate signed with the private ek, I've also tried computing the pub hash and using https://ekop.intel.com/ekcertservice/ but it returned

{"message":"Forbidden"}

 I've noticed CN = CSME ADL PTT 01SVN but I have no idea where to find the certificate for this. How should I verify the certificate chain on the intel ptt ek certificate?

for example on AMD they have http://ftpm.amd.com/pki/aia/ and their ek cert comes with authority info that points to their certificate chain and easily verifiable.

0 Kudos
8 Replies
Andox
Beginner
520 Views

I have the same question. If you have figured it out, please share how you obtained the issuer certificate(s).

0 Kudos
ACarmona_Intel
Moderator
332 Views

Hello Andox,

 

Thank you for posting in our communities.

You may continue monitoring this case to keep you updated or file a new case so that we can properly support you.

Intel Support: https://www.intel.com/content/www/us/en/support.html

Thank you for your understanding, and have a great day ahead.


Best regards,
Carmona A.
Intel Customer Support Technician

0 Kudos
ACarmona_Intel
Moderator
511 Views

Hello Dhdj,


Thank you for posting in our communities.


I will raise the case with our engineers so we can provide you with the appropriate answer to your query.


Thank you for your patience!


Best regards,

Carmona A.

Intel Customer Support Technician


0 Kudos
LaserLord
Beginner
400 Views

Hello Intel,

I too am experiencing tremendous frustration with this issue. Has there been any update on this?

Thanks

Laser Lord

0 Kudos
ACarmona_Intel
Moderator
332 Views

Hello LaserLord, 

 

Thank you for posting in our communities.

The same advice that I have provided to  @Andox  is that you may continue monitoring this case to keep you updated or file a new case so that we can properly support you.

Intel Support: https://www.intel.com/content/www/us/en/support.html

Thank you for your understanding, and have a great day ahead.


Best regards,
Carmona A.
Intel Customer Support Technician

0 Kudos
ACarmona_Intel
Moderator
334 Views

Hello Dhdj,


Thank you so much for patiently waiting on our response.


Could you kindly provide the make and model of your motherboard? since the Trusted Platform Module (TPM) is a critical security component that can be either physically present on your motherboard or integrated within your processor. It's possible that the TPM has been disabled in the firmware settings by the manufacturer. Since your processor is compatible with Intel® Trusted Execution Technology, enabling the TPM may be necessary for optimal security performance.

 

For further information, we also recommend reviewing the following articles, which offer detailed insights into TPM and its functionalities:

 


We will be waiting for your response!



Best regards,

Carmona A.

Intel Customer Support Technician


0 Kudos
dhdj
Beginner
284 Views

motherboard: ASUS ROG STRIX Z790-E GAMING WIFI (Nuvoton NCT6789D)
tpm (intel ptt) is enabled, secure boot is enabled, bitlocker is enabled.

 

As you can see the certificate is issued by Intel and it does not have a certificate chain.

 

PS C:\Users\dhdj> Get-TpmEndorsementKeyInfo -HashAlgorithm SHA256

IsPresent                : True
PublicKey                : System.Security.Cryptography.AsnEncodedData
PublicKeyHash            : b42b7600978cb39723cdd2508ec63796c21618651f0a0f96f98258b29caa21fb
ManufacturerCertificates : {[Subject]
                             TPMVersion=id:02580012, TPMModel=ADL, TPMManufacturer=id:494E5443

                           [Issuer]
                             CN=CSME ADL PTT  01SVN

                           [Serial Number]
                             7A0A82DDA276FE1C32098160606822AC

                           [Not Before]
                             6/22/2021 7:00:00 PM

                           [Not After]
                             12/31/2049 5:59:59 PM

                           [Thumbprint]
                             9ADE39C8C3D255417DEBFBFC77B2CAE81148D83C
                           }
AdditionalCertificates   : {}

 


The Common Name of the Issuer is CSME ADL PTT 01SVN which resembles something from intel, but there is no way to obtain this certificate thus the certificate chain is not verfiable. 

0 Kudos
ACarmona_Intel
Moderator
220 Views

Hello Dhdj,


Thank you so much for the quick response and for providing us with the complete model of your motherboard along with other relevant information that will help in our investigation.


I will now raise the case again with our engineers so they can further guide us on our next steps. And I will update you as soon as I have our engineer's response.


Again, thank you so much for your patience!



Best regards,

Carmona A.

Intel Customer Support Technician

 


0 Kudos
Reply