diff --git a/thesis/02_background.tex b/thesis/02_background.tex
index d345271..2f83ffc 100644
--- a/thesis/02_background.tex
+++ b/thesis/02_background.tex
@@ -39,7 +39,7 @@ The last two entries describe vulnerabilities in dedicated TPM chips, which are
 \begin{itemize}
 	\item \emph{CVE-2017-15361}: TPMs from Infineon used a weak algorithm for finding primes during the RSA key generation process.
 		This weakness made brute force attacks against keys of up to 2048 bits length feasible.
-	  According to Nemec et al.\cite{Nemec17}, 1024 bit keys required in the worst case scenario 3 CPU months and 2048 bit keys needed 100 CPU years.
+	  According to Nemec et al.\cite{Nemec17}, 1024 bit keys required in the worst case scenario 3 CPU months and 2048 bit keys needed 100 CPU years when using one core of an Intel Xeon E5-2650 v3 CPU.
 		Infineon was able to fix that vulnerability per firmware update for all affected TPMs.
 	\item \emph{CVE-2019-16863}: This vulnerability is also known as "\emph{TPM fail}" \cite{moghimi20-tpmfail} and shows how to get an elliptic curve private key via timing and lattice attacks.
 		The authors found TPMs from STMicroelectronics vulnerable, as well as Intel's fTPM implementation.
@@ -109,10 +109,11 @@ The \emph{Endorsement Key} (EK) is the root key for the corresponding hierarchy.
 \end{figure}
 \autoref{fig:ek-key-generation} illustrates the certificate chain of building a new EK.
 Every TPM has, instead of the full EK, a unique key seed to derive root keys from.
-This key seed comes with a corresponding certificate.
-This TPM certificate is signed by the TPM manufacturer by using its own root \emph{Certificate Authority} (CA).
-When the platform user wants to create a new EK, a \emph{Key Derivation Function} (KDF) generates this new EK such that the TPM certificate identifies it and the chain keeps intact.
-Since the platform supports root key generation, it is also possible to encrypt the key and store it on an external storage, e.g. on the platform disk.
+The EK can then be generated with a \emph{key derivation function} (KDF) which allows to add additional entropy to that of the TPM.
+According to Arthur et al.\cite[arthur15] in chapter 15, this additional entropy is not used and the parameter field is filled with zeroes.
+As a result, although it is possible to generate an arbitrary number of EKs, the TPM generates always the same by default.
+Only this default EK comes with a corresponding certificate which is signed by the TPM manufacturer by using its own root \emph{Certificate Authority} (CA).
+Since the platform supports generating and using multiple root keys at a time, it is also possible to encrypt temporaily unused keys and store it on an external storage, e.g. on the platform disk.
 Consequently it is quite easy to have different EKs at once to address privacy features also between different functions of the endorsement hierarchy.
 
 \section{Trusted Boot}%
diff --git a/thesis/04_implementation.tex b/thesis/04_implementation.tex
index cff4b68..1b30cd0 100644
--- a/thesis/04_implementation.tex
+++ b/thesis/04_implementation.tex
@@ -21,7 +21,7 @@ For demonstrating remote attestation via DAA over a simple network infrastructur
 We decided to order one system with an AMD processor in it to find differences in handling the TPM between Intel and AMD systems.
 All features used in this thesis were available on both platform types, so there were no differences found.
 
-\begin{table}[ht]
+\begin{table}
 	\renewcommand{\arraystretch}{1.2}
 	\centering
 	\caption{Systems used for demonstration prototype} \label{tab:systems}
@@ -195,48 +195,91 @@ However, we found no official information on when IMA was introduced or whether
 Every kernel supporting IMA creates a virtual file at \texttt{/sys/kernel/security/ima/ascii\_runtime\_measurements}.
 When IMA is disabled, which is the default, this file has only one entry representing the boot aggregate.
 By enabling IMA via kernel command line parameters, this file gets filled according to the policies defined.
-The first four parameters used in \autoref{code:tbkernelcommandlinetxt} define the behavior of IMA and how the measurement log should look like.
+The first four parameters used in \autoref{code:tbcommandlinetxt} define the behavior of IMA and how the measurement log should look like.
+\begin{itemize}
+  \item \texttt{ima\_appraise=fix} appends the filehash as an extended file attribute for every accessed file.
+  \item \texttt{ima\_policy=appraise\_tcb, ima\_policy=tcb} analyzes resources owned by root and opened for execution.
+  \item \texttt{ima\_hash=sha256} sets the hashing algorithm.
+  \item \texttt{rootflags=i\_version} must be enabled when mounting the filesystem since IMA is checking that number before re-hashing the resource.
+\end{itemize}
+
+Unfoortunately, the resulting IMA log is between 2000 and 3000 lines long when the system is freshly booted.
+The log can blow up to several 10000 entries when uptime exceeds several days.
+However, a thrid party can comprehend the state of the attesting system, when parsing the IMA log.
+Together with the corresponding PCR value, where the hashes of all entries are chained the TPM can \texttt{certify} correctness of the log.
+
 
 \section{Interaction with TPM2}
 \subsection{Prove Certificate Chain}
 Every TPM has a corresponding certificate which is part of a certificate chain maintained by the TPM manufacturer.
+In our case, Infineon certifies its TPM with a number of intermediate CAs which itself are certified with Infineon's root CA.
+The TPM certificate is available for RSA and ECC cryptofamilies respectively.
+Since the verification workflow is the same on all machines and for both cryptofamilies, we demonstrate on system 1 how the process works.
+Note that this works for Infineon TPMs.
+Other Vendors like STM, AMD or Intel may provide certificates via download of their website.
 \begin{enumerate}
-  \item Collect certificates: Depending on the manufacturer, there are different ways to get the TPM's certificates.
-  Infineon decided to store it as X.509 DER formatted blob on the TPM's non-volatile memory.
-  Address \texttt{0x1c00002} holds the certificate for RSA based root keys, whereas \texttt{0x1c0000a} is the ECC equivalent.
-  Although all TPMs are \emph{Infineon Optiga TPM SLB 9665}, the oldest device uses another intermediate CA from the manufacturer.
-  \item Download Infineon intermediate and root CA certificates
-  \item Verify Cert chain with openSSL.
-
+  \item Read the certificate from the TPM NVRAM.
+  The RSA certificate is located at address \texttt{0x1c00002}, that for ECC on address \texttt{0x1c0000a}:
+  \begin{lstlisting}[numbers=none]
+    root@amd1:~# tpm2_nvread -C o 0x1c0000a -o amd1_ecc.crt
+  \end{lstlisting}
+  \item Download the certificates from the intermediate and root CA from infineon's website:
+  \begin{lstlisting}[numbers=none]
+    root@amd1:~# wget https://www.infineon.com/dgdl/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.cer?fileId=5546d46253f65057015404843f751cdc -O infineon_ecc_root_ca.crt #Infineon root CA
+    root@amd1:~# wget https://www.infineon.com/dgdl/Infineon-OPTIGA-ECC-Manufacturing-CA_036-Issued_by_RootCA.crt-C-v01_00-EN.crt?fileId=5546d46262475fbe0162486417b73cbe -O infineon_ecc_intermediate_ca_036.crt #Infineon intermediate CA
+  \end{lstlisting}
+  \item Convert all certificates into PEM format. OpenSSL can only verify a chain in PEM format.
+  \begin{lstlisting}[numbers=none]
+    root@amd1:~# openssl x509 -inform DER -outform PEM -in infineon_ecc_root_ca.crt -out infineon_ecc_root_ca.pem
+    root@amd1:~# openssl x509 -inform DER -outform PEM -in infineon_ecc_intermediate_ca_036.crt -out infineon_ecc_intermediate_ca_036.pem
+    root@amd1:~# openssl x509 -inform DER -outform PEM -in amd1_ecc.crt -out amd1_ecc.pem
+  \end{lstlisting}
+  \item Check the certificate chain with OpenSSL.
+  The option \texttt{-untrusted} is required since the provided root CA is not in the OS' trust store and hence of unknown trust.
+   \begin{lstlisting}[numbers=none]
+     root@amd1:~# openssl verify -verbose -CAfile infineon_ecc_root_ca.pem -untrusted infineon_ecc_intermediate_ca_036.pem amd1_ecc.pem
+     amd1_ecc.pem: OK
+   \end{lstlisting}
 \end{enumerate}
-\begin{lstlisting}[float,language=bash, caption={Verifying the TPM Certificate}, label={code:verifytpmcert}]
-root@amd1:~# tpm2_nvread -C o 0x1c00002 -o amd1_1.cert
-root@amd1:~# tpm2_nvread -C o 0x1c0000a -o amd1_2.cert
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in amd1_1.cert -out amd1_1.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in amd1_2.cert -out amd1_2.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel1_1.cert -out intel1_1.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel1_2.cert -out intel1_2.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel2_2.cert -out intel2_2.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel2_1.cert -out intel2_1.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaEccMfrCA011.crt -out OptigaEccMfrCA011.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaEccMfrCA036.crt -out OptigaEccMfrCA036.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaRsaMfrCA036.crt -out OptigaRsaMfrCA036.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaRsaMfrCA011.crt -out OptigaRsaMfrCA011.pem
-michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA036.pem amd1_2.pem
-amd1_2.pem: OK
-michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA036.pem amd1_1.pem
-amd1_1.pem: OK
-michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA036.pem intel2_2.pem
-intel2_2.pem: OK
-michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA011.pem intel1_2.pem
-intel1_2.pem: OK
-michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA011.pem intel1_1.pem
-intel1_1.pem: OK
-michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA036.pem intel2_1.pem
-intel2_1.pem: OK
+When OpenSSL returns \texttt{OK}, the certificate chain is intact and the TPM is indeed one from Infineon.
+To be correct: The website, probably hosted by infineon, provides a certificate chain which matches and the links to the corresponding parent certificate is correct.
+Unfortunately, Infineon do neither provide any website certification nor any checksums of the provided certificates.
+So, if the above described check fails, no source of trust can ensure that the root certificate is correct.
+
+We found, that both, ECC and RSA chains of all TPMs are intact.
+For documentation reasons, we provide the OpenSSL SHA256 checksums of all used certificates in \autoref{tab:certchksum}.
+These chaecksums were generated with:
+\begin{lstlisting}[numbers=none]
+  openssl x509 -noout -fingerprint -sha256 -inform pem -in amd1_ecc.pem
 \end{lstlisting}
 
-\newpage
+\begin{table}
+  \renewcommand{\arraystretch}{1.2}
+  \centering
+  \caption{ECC certificate chain of used TPMs} \label{tab:certchksum}
+  %\rowcolors{2}{lightgray}{white}
+  \begin{tabular}{rp{9.9cm}}
+    \toprule
+    \textit{Certificate}&\textit{SHA256 checksum} \\
+    \midrule
+    \textbf{ECC root CA}	&\texttt{CF:EB:02:FE:CD:55:AD:7A:73:C6:E1:D1:19:85:D4:C4: 7D:EE:24:8A:B6:3D:CB:66:09:1A:24:89:66:04:43:C3}\\
+    \textbf{ECC intermediate CA 036}	&\texttt{2C:BF:6D:6C:39:94:47:0A:EC:D2:B1:F8:7F:5D:21:11: 08:D1:E0:A4:A8:1E:D9:CB:A2:6B:D2:98:96:5D:E0:1C}\\
+    \textbf{ECC intermediate CA 011}	&\texttt{B5:59:A8:4E:63:32:A7:B4:E3:2B:4D:37:39:E3:72:E3: C5:17:BA:5A:4C:CF:FE:E1:DA:AF:80:BC:64:16:28:EE}\\
+    \textbf{ECC System 1 TPM}	&\texttt{D8:C3:21:3E:BB:C2:CB:96:EA:14:2F:D5:57:61:79:04: BB:DE:8A:F9:21:2A:11:7D:4B:2E:FC:64:BD:35:C1:6E}\\
+    \textbf{ECC System 2 TPM}	&\texttt{FE:1B:EF:42:8B:68:35:D3:FC:5A:13:A0:AE:12:19:BA: A1:60:D6:59:38:1D:79:8E:76:50:48:BE:5C:BD:83:A5}\\
+    \textbf{ECC System 3 TPM}	&\texttt{92:29:68:6D:50:EE:34:08:30:DF:E7:30:D8:F3:C0:C7: 13:3C:DF:F0:6D:9E:2B:2E:0F:54:76:AE:B8:D6:1A:DA}\\
+    \textbf{RSA root CA}	&\texttt{89:9E:35:47:4C:98:07:EB:4C:7F:2F:7A:12:DA:00:28: FB:25:0C:D0:21:54:D0:00:9F:CA:7D:9C:66:57:4F:3B}\\
+    \textbf{RSA intermediate CA 036}	&\texttt{21:6C:47:D2:77:FC:40:CE:90:F0:86:83:21:CB:5E:F5: 91:FC:1D:D8:D0:E4:FD:A1:A2:C8:3C:17:BE:01:B0:7E}\\
+    \textbf{RSA intermediate CA 011}	&\texttt{A8:33:79:F9:2A:34:1B:EB:61:B6:7F:03:50:66:44:94: 0F:EB:4B:85:EA:50:4A:9D:22:13:BC:A5:2C:88:9F:89}\\
+    \textbf{RSA System 1 TPM}	&\texttt{F1:C7:6A:00:CF:2B:63:4D:38:C0:2E:73:3C:84:BF:30: 5C:C2:D3:61:DF:34:D8:95:BB:F1:0F:FB:6B:0C:79:E2}\\
+    \textbf{RSA System 2 TPM}	&\texttt{CB:1F:7D:20:FE:B2:11:C4:2B:20:6B:4F:66:A6:14:1A: 37:94:5F:85:93:6D:2E:92:85:57:BF:3A:BF:9E:DA:DD}\\
+    \textbf{RSA System 3 TPM}	&\texttt{BF:0B:4E:77:80:18:86:9A:EF:09:06:96:E2:4D:72:A3: 47:B6:E3:8F:AA:F9:9C:2E:C0:13:AB:70:E3:E4:5D:93}\\
+    \bottomrule
+  \end{tabular}
+\end{table}
+
+
+
 %TODO Edit pointer
 tpm2-tools 4.x are usable to interact with the TPM from the command line.
 Available on all major releases after summer 2019.
diff --git a/thesis/05_outlook.tex b/thesis/05_outlook.tex
index d07a7da..39e1390 100644
--- a/thesis/05_outlook.tex
+++ b/thesis/05_outlook.tex
@@ -8,6 +8,12 @@ Still hard to set up a system like that.
 Documentation is available, but hardly any implementations for DAA and IMA.
 
 \section{Future Work}
+\subsection{Closing the chain of trust between TPM manufacturer and DAA issuer}
+Activate a credential with to certify that the Membership key is in the Endorsement hierarchy, which can be verified with the TPM certificate.
+\begin{itemize}
+  \item Theoretical concept in the \emph{Practical Guide to TPM 2.0, pp 109 ff}
+  \item Practical approach: with EK, AK and AIK to show validity of EK:\\ \url{https://ericchiang.github.io/post/tpm-keys/?utm_campaign=Go%20Full-Stack&utm_medium=email&utm_source=Revue%20newsletter#credential-activation}
+\end{itemize}
 
 \section{Outlook}
 Hardening of the system beyond IMA useful.
diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf
index e194173..acd9d59 100644
Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ