When this error is generated, the system has detected that the cryptographic identity of the host has changed. This can occur through three primary vectors:

In a secure provisioning workflow, a management server or database (db) records the public portion of the EK ($EK_{pub}$) when a host is first registered. When the host attempts to re-attest or provision new certificates, the server compares the presented EK against the stored record. If the server returns an error stating the keys do not match, it indicates a fundamental discrepancy between the expected identity and the physical hardware presenting itself.

While rare, it is possible to physically replace the TPM chip on some server platforms. Additionally, specific maintenance operations might clear the TPM, although standard clearing operations generally do not regenerate the manufacturing-burned EK. However, if the TPM is replaced or firmware is flashed in a way that regenerates keys, a mismatch will occur.