| 步骤 | 执行模块 | 命令 |
| 1a. | LICT→TCM: | TCM_TakeOwnership |
| 1b. | LICT→TCM: | TCM_MakeIdentity |
| 1c. | TCM | Generate (PIKpriv, PIKpub) |
| 1d. | TCM | PR = PIKpub, EC, PC, CC |
| 1d. | TCM | SM2_Sign (PR|PIKpriv) = Sig |
| 2. | LICT→CA: | PR, Sig |
| 3a. | CA | Verify Credentials |
| 3b. | CA | Verify SM2_Verify(Sig|EKpub) = PR |
| 3c. | CA | Generate PIC |
| 3d. | CA | Generate K |
| 3e. | CA | SM2_Enc(K|EKpub) |
| 3f. | CA | Sym_Enc(PIC|K) |
| 4. | CA→LICT: | SM2(K|EKpub), Enc(PIC|K) |
| 5a. | LICT→TCM: | TCM_ActivateIdentity |
| 5b. | TCM | Decrypt K |
| 5c. | TCM | Decrypt PIC |
| 6a. | LICT→TCM: | TCM_Quote(hPIK, passPIK, locM, SPCR) |
| 6b. | TCM | SM2_Sign(locM, SPCR|PIKpriv) = SigL |
| 6c. | LICT→CA: | locM, PCR[SPCR], SML, SigL |
| 7a. | CA | Verify SigL |
| 7b. | CA | Verify platform integrity |
| 7c. | CA | Verify locM |
| 7d. | CA | Mark locM of M as verified |