On Tue, 2018-02-20 at 16:24 +0200, Jarkko Sakkinen wrote: > On Fri, 2018-02-16 at 11:45 -0800, James Bottomley wrote: > > > > tsscreateek -cp -alg ec -noflush > > Can you describe in high-level what this command does? I will rather > add a test to my smoke test suite than depend on TSS implementations > for various reasons. This seems like a good test case to add as > part of it. It's basically doing a create primary on the endorsement seed for an elliptic curve key. However, it first tries to get the seed template and unique data from the correct NV index, and if that doesn't work it uses the data defined in: https://trustedcomputinggroup.org/tcg-ek-credential-profile-tpm-family-2-0/ to build a template and uses that. I think what's happening is my Nuvoton recognises the template and tries its derivation shortcut which causes a BUG_ON in its implementation because no EC keys or certificate was provisioned in this TPM. James
