The Trusted Platform Module (TPM) is used for the secure generation and utilization of cryptographic keys. It also enables capabilities such as remote attestation and secure storage of data. In prior art TPM implementations, the host device needs to carry a manufacturer provisioned Endorsement Key (EK) Certificate for use in Attestation Identity Key (AIK) processes. In a discrete TPM implementation, the discrete TPM manufacturer will provision this certificate and store it in the TPM hardware. Prior art discrete TPM implementations could easily store the EK certificate, as they contain sufficient on-chip storage to include the certificate; however for TPM implementations integrated with existing platform hardware, the size of the certificate precludes it from being stored in the existing platform silicon. One of the places where sufficiently large storage is available is on Serial Peripheral Interface (SPI) Flash memory; however, this would require the certificate to be provisioned post-OEM manufacturing, thereby adding manufacturing costs associated with this type of provisioning.
Descriptions of certain details and implementations follow, including a description of the figures, which may depict some or all of the embodiments described below, as well as discussing other potential embodiments or implementations of the inventive concepts presented herein. An overview of embodiments of the invention is provided below, followed by a more detailed description with reference to the drawings.