On Tue, Nov 20, 2018 at 05:15:08AM -0600, Dr. Greg wrote: > Malware would not necessarily need the Intel attestation service. > Once access to the PROVISION bit is available, malware teams could > simply build their own attestation service.
AFAIK not possible as they wouldn't have access to the root provisioning key. Can be confirmed from the SDM's key derivation table (41-56). /Jarkko
