While billions of TPMs have been embedded into all kinds of computing devices – from PCs to gaming machines – provisioning the TPM for real-world use historically posed some challenges.

TCG has been working in recent years to change this. Last year, we released the AIK enrollment protocol.

This week, TCG and its Infrastructure Work Group have released a new specification, the Endorsement Key (EK) and Platform Certificate Enrollment Specification.

The spec, based on an IETF standard certificate management protocol (CMC), allows certificate authorities (CAs) already supporting CMC to add support for issuance of TCG Enrollment Keys and platform certificates. By adding support for existing certificate authorities, provisioning certificates for TPMs becomes much easier – thereby making the integration of TPMs into existing access control and authentication infrastructure easier and more effective.

What is the benefit of this spec? For one, TPMs can attest to the state of a platform and can supplement TNC protocols, protecting networks and ensuring the integrity of endpoints trying to connect.

For hardware with TPMs, the spec also enables a chain of trust ensuring that a key is bound to a  particular platform. Because the root of trust is hardware, the assurance and resulting security are better than if this all happened in software.