Description
Uses TPM 2.0 state to generate time-based one-time passwords that help a person confirm a device is in the expected trusted state. It supports workflows where humans need a simple signal before entering secrets.
Attestation depends on correct enrollment, time, and TPM state. Treat unexpected codes as a warning and plan recovery for legitimate hardware or boot changes.