I am having a hard time finding where happens the creation of policy(authorization) for
the tpm2-tools to create AIK under the EK hierarchy?
I know the sequence goes like this:
Creatak ... using the object context created by EK
But the EK context object does not carry the Policy Authorization for creating AIK, so I
am guessing the TSS2 stack is creating it based on the input form the tools.
I also tried looking up in the TCG spec for more information what is the authorization
procedure to enable use of the EK Hierarchy, but the search on the TCG website returned
only blog posts and two mentions of AIK in
In this document, endorsementPolicy and endorsementAuth are mentioned, but I am having
hard time finding how the TSS / Tools interact to set those and later use them for the
creation of AIK.
Could someone point me to the right place of code?