Secure Execution Environments

TPM-based attestation

Endorsement key pair.

  • A key pair is generated by the TPM

    • Cannot be deleted

    • Private key is never released

  • Used to sign/verify RPM assertions

  • Used to send confidential data to a TPM

Endorsement public key certification

  • Usually performed by the TPM manufacturer

Attestation with pseudonymous

The endorsement key never changes, thus, it reveals a host on its attestation.

Identity credentials

  • Temporary credentials used in attestation

  • They are generated by the TPM

  • The public key is certified by a Privacy Certification Authority

  • The endorsement key pair is used to get that certification

PreviousTrusted Computing Platform Alliance (TCPA)NextTrusted Platform identity credentials

Last updated