tsscreateek - Man Page

tsscreateek

createek provides several options regarding the IWG standard EKs

-cp creates an EK primary key based on the EK NV indexes. By default, the EK is flushed, but -noflush will override that. By default, the EK public key is verified against the EK certificate, but -nopub will skip the check.

-root reads the EK certificate and validates it agains the EK CA certificates

-ce prints provisioned EK certificates

-te and -no print the deprecated EK template and nonce if present

[-pwde

endorsement hierarchy password (default empty)]

[-pwdk

password for endorsement key (default empty)]

[-high

Use the IWG NV high range. Specify before algorithm]

-rsa keybits

2048 3072 4096

-ecc curve

nistp256 nistp384 nistp521

-te

print EK Template

-no

print EK nonce

-ce

print EK certificate

-cp

CreatePrimary  the EK

[-noflush

Do not flush the primary key after validation]

[-nopub

Do not verify the public key against the certificate]

[-root

filename - validate EK certificate against the root] filename contains a list of PEM format CA root certificate filenames, one per line. The list may contain up to 100 certificates.