I am trying to add a manual enrollment using the device's TPM.
I have grabbed the Endorsement Key from the device running Linux.
Now, when I save the configuration in the Azure Portal, it returns a 400 Bad Request
with the message stating that Endorsement key is invalid, or does not match the Enrollment
:
What am I missing?
While using a firmware TPM from Intel, the Endorsement Key gets tampered.
It could be caused by the TSS.NET library (which I doubt). Or it could be caused by the prototype itself which is requesting an RSA key somehow causing the alteration of the EK. Or the issue could lie in the Firmware itself.
In any cases, the EK that I was using is not valid (it is a lot shorter -80 bytes- compared to a valid one) and I assume this is why the Dps is throwing the error.