create_ek_template returns None as certificate when tpm2 tools don't

[gerasiovM]

I've encountered an issue where using create_ek_template returns None as certificate, but using tpm2 tools createek and getekcertificate works and outputs a valid certificate.

Here's the tpm2 tools commands used, exactly:
tpm2_createek -c ek.ctx -G rsa -u ek.pub
tpm2_getekcertificate -o ek.cert -u ek.pub

tpm2-pytss code:

with ESAPI(tcti="tabrmd") as ectx:
  nv_read = NVReadEK(ectx)
  ek_cert, ek_template = create_ek_template("EK-RSA2048", nv_read)

ek_cert comes out as None.

I have no idea what might be causing this or how to fix this, so any help is appreciated.

[whooo]

Do you have a fTPM (Intel or AMD)?
The functions reads the certificate from the matching NV index, if it exists, otherwise it returns None

[gerasiovM]

I don't know how to check whether it's a fTPM, but the TPM seems to be Intel's, at least based on the ek certificate

[whooo]

tpm2-tools has support for requesting a certificate for an Intel TPM from an online service, it isn't currently supported by tpm2-pytss

[whooo]

Closing this issue as resolved, please reopen if there still is an issue.