On Mon, Oct 07, 2019 at 06:13:01PM -0400, Ken Goldman wrote: > The TPM library specification states that the TPM must comply with NIST > SP800-90 A. > > https://trustedcomputinggroup.org/membership/certification/tpm-certified-products/ > > shows that the TPMs get third party certification, Common Criteria EAL 4+. > > While it's theoretically possible that an attacker could compromise > both the TPM vendors and the evaluation agencies, we do have EAL 4+ > assurance against both 1 and 2. Certifications do not equal to trust. /Jarkko
