Showing results for 
Search instead for 
Did you mean: 
Blue Screen Again
Posts: 1
Registered: ‎07-14-2018
Location: FR
Views: 257
Message 1 of 2

Regenerate TPM seeds



We are thinking of enabling TPM on our systems. But one thing bother us.


To generate Endorsement Keys and Storage Root Key, the different modules use their seeds.

Seeds which are generate during the manufacturing of the TPM ship.


So if someone could record those seeds during the manufacturing, the TPM become a weak point on the system, or even worse.


So, is it possible to regenerate those seeds ?


PS: I didn't see any mention of that on the official paper from Lenovo Press: "A Technical Introduction to the Use of Trusted Platform Module 2.0 with Linux"

Lenovo Staff
Lenovo Staff
Posts: 6,235
Registered: ‎10-29-2009
Location: NC
Views: 193
Message 2 of 2

Re: Regenerate TPM seeds


TPM 2.0 has a platform hierarchy, which is indeed set at factory and can't be regenerated.  But there are other hierarchies (including for encryption purpose) where root key isn't generated until you take ownership.  And you can always clear the TPM and take ownership again.

And we're back...

Move delayed but still coming

Learn More

Check out current deals!

Shop current deals

Top Kudoed Authors