# Trusted Platform identity credentials TPM endorsement credential * Endorsement public key certificate * To attest that the TPM is genuine Platform credential * Signed by a Platform Entity (e.g. manufacturer) * To attest that a given TPM has been integrated into a platform Conformance credential * Signed by a Conformance Entity * To attest that the TPM & the platform designs conform with TCPA ## Issuing protocol TP **generates a new identity key pair**. * IdPriv, IdPub TP **sends a new identity request to a Privacy Certification Authority** (PCA) including: * IdPub, EndCred, PlaCred, ConCred, Sign(BindData) **IdPriv is used to generate a signature on BindData**, which encompasses the hash of the PCA’s public key and IdPriv. * The signature is attached to the request. On receipt of the request, the **Privacy CA(PCA) verifies the submitted credentials and the signature**. * If the verification is successful, the PCA proceeds to create the identity credential (IdCred), essentially a certificate on IdPub signed by the Privacy CA. **PCA sends Identity Credentials** to TP. * Encrypted with EndPub of the TPM * Enc( IdCred, EndPub ) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://davidjosearaujo.gitbook.io/notes-mcs/secure-execution-environments/bootstrap-security/trusted-platform-identity-credentials.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.