Fix script. Remove locale slug

micahl · micahl · commit bd7e1dede1da · 2022-10-04T11:45:09.000-07:00
diff --git a/articles/iot-edge/how-to-provision-devices-at-scale-linux-tpm.md b/articles/iot-edge/how-to-provision-devices-at-scale-linux-tpm.md
@@ -178,64 +178,46 @@ Sign in to your device, and install the `tpm2-tools` package.
 # [Ubuntu / Debian / Raspberry Pi OS](#tab/ubuntu+debian+rpios)
 
 
-      ```bash
-      sudo apt-get install tpm2-tools
-      ```
+   ```bash
+   sudo apt-get install tpm2-tools
+   ```
 
 # [Red Hat Enterprise Linux](#tab/rhel)
 
 
-      ```bash
-      sudo yum install tpm2-tools
-      ```
+   ```bash
+   sudo yum install tpm2-tools
+   ```
 
 ---
 
 Run the following script to read the endorsement key, creating one if it does not already exist.
 
-      ```bash
-      #!/bin/sh
-      if [ "$USER" != "root" ]; then
-        SUDO="sudo "
-      fi
-
-      $SUDO tpm2_readpublic -Q -c 0x81010001 -o ek.pub 2> /dev/null
-      if [ $? -gt 0 ]; then
-        # Create the endorsement key (EK)
-        $SUDO tpm2_createek -c ek.ctx > /dev/null
-        $SUDO tpm2_evictcontrol -c ek.ctx 0x81010001 > /dev/null
-        $SUDO tpm2_readpublic -c 0x81010001 -o ek.pub > /dev/null
-        $SUDO tpm2_flushcontext -t > /dev/null
-
-        # Create a storage root key (SRK)
-        $SUDO tpm2_startauthsession --policy-session -S session.ctx > /dev/null
-        $SUDO tpm2_policysecret -S session.ctx -c 0x4000000B > /dev/null
-        $SUDO tpm2_create -C 0x81010001 \
-          -G rsa2048 \
-          -a 'restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth' \
-          -u srk.pub -r srk.priv \
-          -P session:session.ctx > /dev/null
-        $SUDO tpm2_flushcontext --transient-object > /dev/null
-
-        # store the key
-        $SUDO tpm2_startauthsession -S session.ctx --policy-session > /dev/null
-        $SUDO tpm2_policysecret -S session.ctx -c 0x4000000B > /dev/null
-        $SUDO tpm2_load -C 0x81010001 \
-          -u srk.pub -r srk.priv \
-          -P session:session.ctx \
-          -c srk.ctx > /dev/null
-
-        # make the SRK persistent
-        $SUDO tpm2_evictcontrol -c srk.ctx 0x81000001 > /dev/null
-
-        # clean up
-        $SUDO rm session.ctx srk.pub srk.priv srk.ctx ek.ctx 2> /dev/null
-      fi
-
-      printf "Gathering the registration information...\n\nRegistration Id:\n%s\n\nEndorsement Key:\n%s\n" $(sha256sum -b ek.pub | cut -d' ' -f1 | sed -e 's/[^[:alnum:]]//g') $(base64 -w0 ek.pub)
-
-      $SUDO rm ek.pub 2> /dev/null
-      ```
+   ```bash
+   #!/bin/sh
+   if [ "$USER" != "root" ]; then
+     SUDO="sudo "
+   fi
+
+   $SUDO tpm2_readpublic -Q -c 0x81010001 -o ek.pub 2> /dev/null
+   if [ $? -gt 0 ]; then
+     # Create the endorsement key (EK)
+     $SUDO tpm2_createek -c 0x81010001 -G rsa -u ek.pub
+
+     # Create the storage root key (SRK)
+     $SUDO tpm2_createprimary -Q -C o -c srk.ctx > /dev/null
+
+     # make the SRK persistent
+     $SUDO tpm2_evictcontrol -c srk.ctx 0x81000001 > /dev/null
+
+     # open transient handle space for the TPM
+     $SUDO tpm2_flushcontext -t > /dev/null
+   fi
+
+   printf "Gathering the registration information...\n\nRegistration Id:\n%s\n\nEndorsement Key:\n%s\n" $(sha256sum -b ek.pub | cut -d' ' -f1 | sed -e 's/[^[:alnum:]]//g') $(base64 -w0 ek.pub)
+   $SUDO rm ek.pub srk.ctx 2> /dev/null
+
+   ```
 
 The output window displays the device's **Endorsement key** and a unique **Registration ID**. Copy these values for use later when you create an individual enrollment for your device in the device provisioning service.
 
diff --git a/articles/iot-edge/how-to-provision-devices-at-scale-linux-x509.md b/articles/iot-edge/how-to-provision-devices-at-scale-linux-x509.md
@@ -25,7 +25,7 @@ The tasks are as follows:
 Using X.509 certificates as an attestation mechanism is an excellent way to scale production and simplify device provisioning. Typically, X.509 certificates are arranged in a certificate chain of trust. Starting with a self-signed or trusted root certificate, each certificate in the chain signs the next lower certificate. This pattern creates a delegated chain of trust from the root certificate down through each intermediate certificate to the final "leaf" certificate installed on a device.
 
 > [!TIP]
-> If your device has a Hardware Security Module (HSM) such as a TPM 2.0, then we recommend storing the X.509 keys securely in the HSM. Learn more about how to implement the zero-touch provisioning at scale described in [this blueprint](https://azure.microsoft.com/en-us/blog/the-blueprint-to-securely-solve-the-elusive-zerotouch-provisioning-of-iot-devices-at-scale) with the [https://aka.ms/iotedge-tpm2cloud](https://aka.ms/iotedge-tpm2cloud) sample.
+> If your device has a Hardware Security Module (HSM) such as a TPM 2.0, then we recommend storing the X.509 keys securely in the HSM. Learn more about how to implement the zero-touch provisioning at scale described in [this blueprint](https://azure.microsoft.com/blog/the-blueprint-to-securely-solve-the-elusive-zerotouch-provisioning-of-iot-devices-at-scale) with the [https://aka.ms/iotedge-tpm2cloud](https://aka.ms/iotedge-tpm2cloud) sample.
 
 ## Prerequisites
 
