> If the TPM is virtualised (vTPM), the EKpub and EKcert validation will fail, as the EK won’t be signed by AMD or Intel.
Using `swtpm` will not give you the ability to create quotes of your PCR that are signed by an Endorsement Key that is itself signed by Intel or AMD.
It will be very obvious that you are using a self-generated key, possibly from a virtualised TPM.
Passing through the host's TPM will lead to multiple boot events being recorded, which will be flagged as an anomaly.
> If the TPM is virtualised (vTPM), the EKpub and EKcert validation will fail, as the EK won’t be signed by AMD or Intel.
Using `swtpm` will not give you the ability to create quotes of your PCR that are signed by an Endorsement Key that is itself signed by Intel or AMD.
It will be very obvious that you are using a self-generated key, possibly from a virtualised TPM.
Passing through the host's TPM will lead to multiple boot events being recorded, which will be flagged as an anomaly.