Re-generating TPM Endorsement Keys for Securing IoT Field Devices

Correct Answer: B.

Option A is incorrect because the endorsement key (EK) is unique to the TPM and cannot be re-generated.

Changing it means actually changing the device itself.

Option B is CORRECT because it is the storage root key (SRK) that is used to identify the owner of the device.

It works like a password that can be (and should be) changed when a TPM device is sold to a new owner.

The new owner can take ownership of the TPM by generating a new SRK, thus ensuring that the previous owner can't use the TPM.

Reference:

Yes, re-generating the TPM endorsement keys of the devices is the action that should be taken to ensure that the previous owner won't have any access to the devices.

TPM (Trusted Platform Module) is a hardware-based security component that provides secure storage for sensitive data, such as encryption keys and digital certificates. TPM endorsement keys are used to establish trust between the TPM and other entities, such as a server or a device. The endorsement key is unique to each TPM and is used to sign attestation data, which provides proof of the device's identity and integrity.

Regenerating the TPM endorsement keys of the devices will prevent the previous owner from accessing the devices because the keys are used to establish trust between the TPM and other entities. By generating new keys, the previous owner's trust relationship with the devices will be broken, and they will no longer have access to the devices.

In addition, regenerating the keys will also provide increased security for the devices. If the previous owner had access to the old keys, they could potentially use them to compromise the devices or steal sensitive data. By generating new keys, any potential security risks associated with the old keys will be mitigated.

Therefore, it is recommended to regenerate the TPM endorsement keys of the devices to ensure the security and integrity of the IoT infrastructure.