Thank you both for a prompt reply yesterday.
From what you contributed yesterday, I understand tpm2_clear will clear the Owner
seed/hierarchy, and that the functionality to perform the clear on the Owner hierarchy can
Platform and Endorsement seeds generally are stable, but the command
Does allow for ChangeEPS and ChangeSPS commands. But I don't think I have
ever seen a production TPM support this, but be aware that it exists.
to be confirmation that these commands are Not present on my TPM:
$ tpm2_getcap commands|grep eps
$ tpm2_getcap commands|grep pps
I read in another discussion that it sounds like this means that platform and endorsement
seeds would effectively be unchangeable in my case.
Also on the note of re-generating primary keys, you may find my
previous thread about the
unique data option in tpm2_createprimary helpful if you want to use unique data in
addition to the seed.
Thanks, do you have a link? I could not find this thread yet
after searching. Also, is there a good reason to use the unique data in addition to being
extra cautious? Maybe this is addressed in the thread.
Regarding Platform authorization value - should I expect this is controlled by BIOS or
Sounds like I can at least clear it via the BIOS, I'll check.