TPM capabilities related to platform identification include endorsement key and TPM identity-generation capabilities.
The formal definition of these capabilities can be found in the latest TCPA specification. The capability names used in this section are exactly those used in the TCPA specification.
The following are the TCPA protected capabilities related to the TPM endorsement key pair.
TPM_CreateEndorsementKeyPair (naturally enough) creates the endorsement key inside the TPM and is used instead of injecting the endorsement key into a TPM. Typically, this is used when a customer creates the endorsement key.
TPM_ReadPubek can be used by anyone to read the public endorsement key unless TPM_DisablePubekRead ...