Doma, don't you mean we are not waiting for EK credential deployment (with EAS)? Do we know that EK's are not required in the EAS system? I would think the EK's are there, and being used in the take-ownership steps, but that the enterprises are willing to forgo the endorsement credentials because they are working with in-house systems. They can trust that all machines have legitimate TPM's because they bought them and took ownership of them. (Assuming they trust the OEM's they bought from.) For limited purposes with partners perhaps they will even act as their own CA's and vouch for them.