Getting the EK is not as easy as one would expect, it depends on how the TPM
manufacturer provisions it. Some require that you generate the EK and then
get a hash and look it up online, some store it in NV indices. IIRC, Infineon
TPM's store them in NV incidces. The tpm2_getekcertificate tool looks in the following NV indices:
#define RSA_EK_CERT_NV_INDEX 0x01C00002
#define ECC_EK_CERT_NV_INDEX 0x01C0000A

Since the EK is a primary key, you usually need to create it with a template defined in the link below.
This will then create a key that matches the manufacturer generated EK Certificate.

IIRC the NV indices and templates needed are covered in:
  - https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_Credential_Profile_EK_V2.1_R13.pdf

So this would involve a NV read using the C API would look like calling the function
Esys_NV_Read().



From: Andy Purcell <andy_purcell@keysight.com>
Sent: Tuesday, July 20, 2021 12:18 PM
To: tpm2@lists.01.org <tpm2@lists.01.org>
Subject: [tpm2] Want to use c++ to get TPM Serial Number - how do it?
 
I have a need to use C++ to obtain the unique TPM information like a Serial Number.
My system is running Windows 10/64. This is on an HP Desktop PC with TPM 2.0 chip.
 
I can use PowerShell
Get-TpmEndorsementKeyInfo -hashalgorithm sha256
 
To get this output:
               
ManufacturerCertificates : {[Subject]
                             TPMVersion=id:073E, TPMModel=SLB 9670 TPM2.0, TPMManufacturer=id:49465800
                           [Issuer]
                             CN=Infineon OPTIGA(TM) RSA Manufacturing CA 034, OU=OPTIGA(TM) TPM2.0, O=Infineon Technologies AG, C=DE
                           [Serial Number]
                             4880DE8E
                           [Thumbprint]
                             B8395DA6A1D661C8CCD35D47E3DA6E9532EFFEC4
 
But how can I get this same Serial Number information using C++?
 
ap