Platform Endorsement
A platform endorsement key is an asymmetric key pair located in a TPM's internal persistent memory. A TPM has exactly one such endorsement key pair. The TPM uses the private part of that key pair for decryption, never for encryption or signature operations. The public part of the key will be exported outside the TPM to be used for encryption by other parties. We will see later in more detail the specific uses of the private endorsement key that are allowed by a TPM.
There are both security and privacy concerns about maintaining this key pair. For security reasons, it must be impossible to export the private key from the TPM. Otherwise, other entities can pretend to be a TPM. Also, access to the public key should be restricted ...
Get Trusted Computing Platforms: TCPA Technology in Context now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
