I am trying to add a manual enrollment using the device's TPM.
I have grabbed the Endorsement Key from the device running Linux.
Now, when I save the configuration in the Azure Portal, it returns a 400 Bad Request with the message stating that Endorsement key is invalid, or does not match the Enrollment:
What am I missing?
If you are sure you are getting the TPM information from your device correctly, make sure you have the right IoT Hub Device ID, if not specified, Registration ID is considered.
Note: endorsementKey
The endorsement key is an encryption key that is permanently embedded in the Trusted Platform Module (TPM) security hardware, generally at the time of manufacture. This private portion of the endorsement key is never released outside of the TPM. The public portion of the endorsement key helps to recognize a genuine TPM. The endorsement key is a base64 encoded value.
While using a firmware TPM from Intel, the Endorsement Key gets tampered.
It could be caused by the TSS.NET library (which I doubt). Or it could be caused by the prototype itself which is requesting an RSA key somehow causing the alteration of the EK. Or the issue could lie in the Firmware itself.
In any cases, the EK that I was using is not valid (it is a lot shorter -80 bytes- compared to a valid one) and I assume this is why the Dps is throwing the error.