29Ara
Key Hierarchies in TPM 2.0
I am currently trying to figure out just how key hierarchies in a TPM 2.0 work. I read that there are four possible hierarchies (storage, endorsement, platform, null). I also read, that these hierarchies form key trees with a parent key encrypting child keys. But I am unsure whether I grasped this concept correctly.
Does this mean, that I can have one tree hierarchy of keys with a storage root key (SRK) on top and another separate tree hierarchy of keys with an endorsement key (EK) on top?