Getting the EK is not as easy as one would expect, it depends on how the TPM
manufacturer provisions it. Some require that you generate the EK and then
get a hash and look it up online, some store it in NV indices. IIRC, Infineon
TPM's store them in NV incidces. The tpm2_getekcertificate tool looks in the following NV indices:
#define RSA_EK_CERT_NV_INDEX 0x01C00002
#define ECC_EK_CERT_NV_INDEX 0x01C0000A

Since the EK is a primary key, you usually need to create it with a template defined in the link below.
This will then create a key that matches the manufacturer generated EK Certificate.

IIRC the NV indices and templates needed are covered in:

So this would involve a NV read using the C API would look like calling the function

From: Andy Purcell <>
Sent: Tuesday, July 20, 2021 12:18 PM
To: <>
Subject: [tpm2] Want to use c++ to get TPM Serial Number - how do it?
I have a need to use C++ to obtain the unique TPM information like a Serial Number.
My system is running Windows 10/64. This is on an HP Desktop PC with TPM 2.0 chip.
I can use PowerShell
Get-TpmEndorsementKeyInfo -hashalgorithm sha256
To get this output:
ManufacturerCertificates : {[Subject]
                             TPMVersion=id:073E, TPMModel=SLB 9670 TPM2.0, TPMManufacturer=id:49465800
                             CN=Infineon OPTIGA(TM) RSA Manufacturing CA 034, OU=OPTIGA(TM) TPM2.0, O=Infineon Technologies AG, C=DE
                           [Serial Number]
But how can I get this same Serial Number information using C++?