Tpm keys we are going to use in the demo - tearust/tee-on-mac GitHub Wiki

Endorsement hierarchy- Used as TPM chips ID Platform hierarchy - Used as Raspberry Pi or our test virtual machine's key Owner hierarchy, also known as storage hierarchy.- The owner's key. Owner can sell the hardware to some new owners Null hierarchy.- Reset everytime the system boots

1. Null hierarchy reseed when virtual machine boots Everytime our system restart (the virtual machine), we will get new null hierarchy seed. Just like var before = sim.GetNullSeed(); app.Shutdown(); sim.PowerOff(); sim.PowerOn(); app.Startup(); var after = sim.GetNullSeed(); assert(_.isEqual(before, after) == false, 'nseed reset on reboot'); print('OK');

in https://google.github.io/tpm-js/#pg_keys

2. We manually reset owner's seed for each test machine. No need to write code to automatically reseed owner hierarchy. In real product , we will handle the logic of reselling machines to new owners. Code example:https://google.github.io/tpm-js/#pg_certificates The owner process is here https://google.github.io/tpm-js/#pg_ownership

3. We do not handle manufacturer reset and Endosement key. We can hard coded into each test machine's TPM simulator config file Code is https://google.github.io/tpm-js/#pg_keys For creating certificate: Example code https://google.github.io/tpm-js/#pg_certificates The root cert will be saved by manufacturer and will NEVER exposed to the public.