Thank you for contacting Intel Embedded Community.
In order to have a better idea of your request, could you please tell us if the design related to this is a third party one or it has been developed by you? In case that it is a third party one, could you please give us all the information related to it? If it is your design, could you please let us know the part number of the processor and chipset used to implement it?
Thanks in advance for your help to find the information that can help you in the best way possible.
Thanks for your great support!
Refer to "548200: Security Enableing: Boot Guard, Intel PTT and BIOS Guard", for sku shipped after 1/1/2015,
Online provisioning of Endorsement Certificates will start automatically when system boots to OS with successful
nwetwork conection to intel.com for the first time.
But we found that some pre-production PCH can't do this successfully.
We test failed about WHQL item "TPM 2.0 Core Provisioning Test" on intel KBL-S UDIMM KBP DDR4 CRB (I5-7500T CPU and Q270 A0 Pre-Production Pch)，
because there's no EK in intel PTT. And there's no certification in windows's regedit item "SYSTEM\CurrentControlSet\Services\Tpm\WMI\Endorsement\EKCertStreo\Certificates".
Does online provisioning of EK need some specific conditions such as production version of CPU/PCH...?
Thanks for your update.
Based on your previous communication, could you please verify if this problem persists when you use the Intel(R) Q170 or Intel(R) H110 Chipset instead of the Intel(R) Q270Chipset that you are using?
This suggestion is based on the information stated on pages 3, 5, and 6 of the 7th Generation Intel(R) Core(TM) and Celeron(R) Desktop Processor Families with Intel(R) H110 and Intel(R) Q170 Chipsets: Platform Brief document # 335406, where is stated that the mentioned platform (processor + chipset) supports the Intel(R) Platform Trust Technology [PTT] with BIOS Guard security feature.
We hope that this information may help you to solve this inconvenience.