TPM-based attestation
Endorsement key pair.
A key pair is generated by the TPM
Cannot be deleted
Private key is never released
Used to sign/verify RPM assertions
Used to send confidential data to a TPM
Endorsement public key certification
Usually performed by the TPM manufacturer
Attestation with pseudonymous
The endorsement key never changes, thus, it reveals a host on its attestation.
Identity credentials
Temporary credentials used in attestation
They are generated by the TPM
The public key is certified by a Privacy Certification Authority
The endorsement key pair is used to get that certification
Last updated