Document Details
Quick Create Simulated Device Tpm
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
powershell_heavy
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation demonstrates a clear Windows bias. It assumes a Windows development environment by default, provides detailed instructions and tooling references (e.g., Visual Studio, .exe simulators, Windows-specific command prompts) primarily for Windows, and often omits or relegates Linux/macOS instructions to external links. Many code/build/run steps reference Windows tools or paths, and Linux equivalents are not provided inline or are only referenced indirectly.
Recommendations:
- Provide explicit, inline instructions for Linux and macOS environments alongside Windows steps, not just as external links.
- Include Linux/macOS equivalents for all Windows-specific tools (e.g., Visual Studio alternatives, .exe simulator alternatives, command-line instructions using bash/zsh).
- When referencing command prompts, include bash/zsh examples and clarify which commands are cross-platform.
- Ensure that all code samples and build instructions are tested and documented for Linux/macOS, including any required dependencies or environment setup.
- Avoid assuming the use of Windows-only features or tools (e.g., .exe files, Visual Studio) without providing alternatives.
- Where possible, use platform-agnostic language and tooling, or clearly indicate platform-specific requirements in each section.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-09-15 00:00 | #112 | completed | ✅ Clean |
| 2025-08-17 00:01 | #83 | in_progress | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ❌ Biased |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
| 2025-07-09 13:09 | #3 | cancelled | ✅ Clean |
| 2025-07-08 04:23 | #2 | cancelled | ❌ Biased |
Flagged Code Snippets
5. When the program begins running, it will display the *_Endorsement key_* and *_Registration ID_*. Copy these values for the next section. Make sure to leave the program running.
::: zone-end
::: zone pivot="programming-language-csharp"
In this section, you'll build and execute a sample that reads the endorsement key from your TPM 2.0 hardware security module. This value will be used for device enrollment with your Device Provisioning Service instance.
1. In a command prompt, change directories to the project directory for the TPM device provisioning sample.
::: zone-end
::: zone pivot="programming-language-csharp"
1. In the Azure portal, select the **Overview** tab for your Device Provisioning Service.
2. Copy the **_ID Scope_** value.
3. In a command prompt, change directories to the project directory for the TPM device provisioning sample.
::: zone-end
::: zone pivot="programming-language-nodejs"
1. Open a Git CMD or Git Bash command-line environment.
2. Clone the [azure-utpm-c](https://github.com/Azure/azure-utpm-c) GitHub repository using the following command:
::: zone-end
::: zone pivot="programming-language-java"
1. Open a Git CMD or Git Bash command-line environment.
2. Clone the [Java](https://github.com/Azure/azure-iot-sdk-java.git) GitHub repository using the following command:
::: zone-end
::: zone pivot="programming-language-ansi-c, programming-language-nodejs, programming-language-java"
## Build and run the TPM device simulator
In this section, you'll build and run the TPM simulator. This simulator listens over a socket on ports 2321 and 2322. Don't close the command window. You'll need to keep this simulator running until the end of this quickstart.
::: zone-end
::: zone pivot="programming-language-ansi-c"
1. Run the following command to build Azure IoT C SDK that includes the TPM device simulator sample code. A Visual Studio solution for the simulated device is generated in the `cmake` directory. This sample provides a TPM [attestation mechanism](concepts-service.md#attestation-mechanism) via Shared Access Signature (SAS) Token authentication.
>[!TIP]
>If `cmake` does not find your C++ compiler, you may get build errors while running the above command. If that happens, try running the command in the [Visual Studio command prompt](/dotnet/framework/tools/developer-command-prompt-for-vs).
2. When the build succeeds, the last few output lines look similar to the following output:
3. Go to the root folder of the git repository you cloned.
4. Run the [TPM](/windows/device-security/tpm/trusted-platform-module-overview) simulator using the path shown below.
> [!NOTE]
> There are some known issues to installing the above packages. To resolve these issues, run `npm install --global --production windows-build-tools` using a command prompt in **Run as administrator** mode, run `SET VCTargetsPath=C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140` after replacing the path with your installed version, and then rerun the above installation commands.
>
5. Install all required packages running the following command at your command prompt in the **registerdevice** folder:
11. Run the sample.
12. The output window displays the **_Endorsement key_** and the **_Registration ID_** needed for device enrollment. Copy these values.
::: zone-end
::: zone pivot="programming-language-java"
1. Run the [TPM](/windows/device-security/tpm/trusted-platform-module-overview) simulator to be the [HSM](https://azure.microsoft.com/blog/azure-iot-supports-new-security-hardware-to-strengthen-iot-security/) for the simulated device.
2. Select **Allow Access**. The simulator listens over a socket on ports 2321 and 2322. Don't close this command window; you need to keep this simulator running until the end of this quickstart guide.
3. Open a second command prompt.
4. In the second command prompt, navigate to the root folder and build the sample dependencies.
::: zone-end
::: zone pivot="programming-language-ansi-c, programming-language-csharp, programming-language-java"
<a id="simulatetpm"></a>
## Read cryptographic keys from the TPM device
::: zone-end
::: zone pivot="programming-language-ansi-c, programming-language-java"
In this section, you'll build and execute a sample that reads the endorsement key and registration ID from the TPM simulator you left running, and is still listening over ports 2321 and 2322. These values will be used for device enrollment with your Device Provisioning Service instance.
::: zone-end
::: zone pivot="programming-language-ansi-c"
1. Launch Visual Studio.
2. Open the solution generated in the *cmake* folder named `azure_iot_sdks.sln`.
3. On the Visual Studio menu, select **Build** > **Build Solution** to build all projects in the solution.
4. In Visual Studio's *Solution Explorer* window, navigate to the **Provision\_Tools** folder. Right-click the **tpm_device_provision** project and select **Set as Startup Project**.
5. On the Visual Studio menu, select **Debug** > **Start without debugging** to run the solution. The app reads and displays a **_Registration ID_** and an **_Endorsement key_**. Note or copy these values. These will be used in the next section for device enrollment.
::: zone-end
::: zone pivot="programming-language-java"
1. Sign in to the Azure portal, select the **All resources** button on the left-hand menu and open your Device Provisioning Service. Note your _ID Scope_ and _Provisioning Service Global Endpoint_.
2. Edit `src/main/java/samples/com/microsoft/azure/sdk/iot/ProvisioningTpmSample.java` to include your _ID Scope_ and _Provisioning Service Global Endpoint_ as noted before.
::: zone-end
::: zone pivot="programming-language-csharp, programming-language-ansi-c, programming-language-nodejs, programming-language-java"
<a id="portalenrollment"></a>
## Create a device enrollment entry
::: zone-end
::: zone pivot="programming-language-ansi-c, programming-language-nodejs, programming-language-java"
<!-- INCLUDE -->
[!INCLUDE [iot-dps-individual-enrollment-tpm.md](../../includes/iot-dps-individual-enrollment-tpm.md)]
::: zone-end
::: zone pivot="programming-language-csharp"
The C# TPM sample for this quickstart doesn't provide a registration ID. When prompted to add one for the individual enrollment, provide your own value.
<!-- INCLUDE -->
[!INCLUDE [iot-dps-individual-enrollment-tpm.md](../../includes/iot-dps-individual-enrollment-tpm.md)]
::: zone-end
::: zone pivot="programming-language-csharp, programming-language-ansi-c, programming-language-nodejs, programming-language-java"
## Register the device
In this section, you'll configure sample code to use the [Advanced Message Queuing Protocol (AMQP)](https://wikipedia.org/wiki/Advanced_Message_Queuing_Protocol) to send the device's boot sequence to your Device Provisioning Service instance. This boot sequence causes the device to be registered to an IoT hub linked to the Device Provisioning Service instance.
::: zone-end
::: zone pivot="programming-language-ansi-c"
<a id="firstbootsequence"></a>
1. In the Azure portal, select the **Overview** tab for your Device Provisioning Service.
2. Copy the **_ID Scope_** value.
3. In Visual Studio's *Solution Explorer* window, navigate to the **Provision\_Samples** folder. Expand the sample project named **prov\_dev\_client\_sample**. Expand **Source Files**, and open **prov\_dev\_client\_sample.c**.
4. Near the top of the file, find the `#define` statements for each device protocol as shown below. Make sure only `SAMPLE_AMQP` is uncommented.
Currently, the [MQTT protocol isn't supported for TPM Individual Enrollment](https://github.com/Azure/azure-iot-sdk-c#provisioning-client-sdk).
7. Right-click the **prov\_dev\_client\_sample** project and select **Set as Startup Project**.
8. On the Visual Studio menu, select **Debug** > **Start without debugging** to run the solution. In the prompt to rebuild the project, select **Yes**, to rebuild the project before running.
The following output is an example of the provisioning device client sample successfully booting up, and connecting to a Device Provisioning Service instance to get IoT hub information and registering: