EK-Based Key Attestation with TPM Firmware
This document provides guidance to TPM key-attestation verifiers who would like to receive a trustworthy signal of the TPM’s current firmware version before trusting the attested key. An example of where this might be useful is if the verifier wants to include the TPM’s current firmware version as metadata in an Attestation Key (AK) credential based solely on trust in the TPM’s Endorsement Key (EK).