top | item 34858030

(no title)

sarnowski | 3 years ago

TPMs do not reveal a unique serial number or similar identifier by design for privacy reasons.

A TPM can attest that some measurements were done with it and it can attest that it comes from vendor X. You can block an entire vendor if they don’t behave but not individual TPMs via remote attestation.

You can use a scheme in which you can set up an „identity“ on first use and then on next use authenticate the same identity. But that identity is kinda per use case.

discuss

melvyn2|3 years ago

I was under the impression that the EK could be used to identify individual TPMs- why can’t it?