On 2/20/2018 9:24 AM, Jarkko Sakkinen wrote:
On Fri, 2018-02-16 at 11:45 -0800, James Bottomley wrote:
tsscreateek -cp -alg ec -noflush
Can you describe in high-level what this command does? I will rather
add a test to my smoke test suite than depend on TSS implementations
for various reasons. This seems like a good test case to add as
part of it.
It actually does a lot under the covers, but the end result is an ECC
Endorsement Key is created on the TPM.
1 - Reads the possible EK template and EK nonce from the TPM NV. This
involves:
nvreadpublic to check for the existence and get the index size
nvread to get the data, possibly in a loop
which in turn needs a getcapability to determine
the chunk size for the NV read
2 - Runs createprimary
3 - Similar to #1 to read the EK certificate from NV
It then validates the EK public key against the certificate (not using
the TPM) to check that everything worked.
