The error "failed to fetch device certificate. tpm public key match failed." typically occurs in systems that use a to securely store a device private key, and then attempt to retrieve a corresponding certificate (often from a provisioning server like an EST server or cloud IoT service).
The core issue is:
// Load stored public key from secure storage ret = secure_storage_read("device_pubkey", stored_pubkey, sizeof(stored_pubkey)); if (ret == STORAGE_NOT_FOUND) // First enrollment – just store and proceed secure_storage_write("device_pubkey", tpm_pubkey); return enroll_device(ctx); The error "failed to fetch device certificate
// Compare if (memcmp(tpm_pubkey, stored_pubkey, pubkey_len) != 0) // MISMATCH – force re-enrollment log_error("TPM public key mismatch – re-enrolling"); secure_storage_write("device_pubkey", tpm_pubkey); return enroll_device(ctx); // Compare if (memcmp(tpm_pubkey
