I'm trying to use TPM based enrollment to my IoT Hub. We have a couple devices already in the field (running windows iot ent) so I've written a basic PS script to get their TPM public EK and enroll them manually in our DPS. The script produces a base64 string of the ASN.1 encoded public key. When I use that value in the Endorsement Key Field, I get a Bad Request error with the message : "Endorsement key is invalid, or does not match the Enrollment."
Am I using the wrong format to encode the public key? Is there another easy way to access the TPM public EK formatted as a base64 string? Here is my script if that's helpful
$tpm = Get-TpmEndorsementKeyInfo -HashAlgorithm sha256
$hexPub = $tpm.PublicKey.Format($true).Replace(' ', '')
$pubBytes = New-Object byte[] -ArgumentList ($hexPub.Length / 2)
for ($i = 0; $i -lt $hexPub.Length; $i += 2) { $pubBytes[$i/2] = [System.Convert]::ToByte($hexPub.Substring($i, 2), 16) }
$pubString = [System.Convert]::ToBase64String($pubBytes)
Thanks so much
