First I would like to say that I hope this is the right place to ask this. Should it not be any Info on where I should post about this would be greatly appreciated. Thank you all in advance.
I am currently working on an IoT Project for my Bachelor’s thesis. The goal is to gather data from an existing machine and send it to an Azure cloud via AMQP. To do this I have set up an [IoT Hub](https://azure.microsoft.com/en-us/services/iot-hub/) and will be using the [Azure IoT Edge runntime](https://azure.microsoft.com/en-us/services/iot-edge/) to connect and send the Data. For initial development, I have authenticated my devices to the cloud using symmetric keys generated by the IoT hub. Now I want to switch to something more secure. All my Devices come with a TPM 2.0 Module. It is possible to use this to [authenticate my devices via the Azure DPS Service](https://docs.microsoft.com/en-us/azure/iot-dps/quick-enroll-device-tpm?tabs=symmetrickey&pivots=programming-language-java). To do this I need the EK and the Registration ID of the TPM. I have already installed the [tpm2-library](https://tpm2-tools.readthedocs.io/en/stable/) and can interact with my TPM. I tried getting the EK using the command:
`tpm2_getekcertificate -o ECcert.bin`
as per [the documentation](https://tpm2-tools.readthedocs.io/en/stable/man/tpm2_getekcertificate.1/) of the tpm2-tools. The response is
`tpm2_getekcertificate: command not found`
1. I am using the command wrong
2. I am using the wrong command
3. There is no EK yet as I have not taken ownership of the TPM and therefore none was created. In this case, I would need to create an EK but I don’t know how to do that.
Any help would be greatly appreciated.