After the acquisition of an environment monitoring infrastructure from a local operator, you need to integrate hundreds of their field devices into your company’s IoT infrastructure. Most of the devices use X.509 authentication but there are some device types that are secured with TPM modules. After all the devices have been transferred to your ownership, you need to ensure that the previous owner won’t have any access to the devices. You decide to re-generate the TPM endorsement keys of the devices. 
Is that the action you should take?

Answer options:

A.Yes
B.No

Correct Answer: B
Option A is incorrect because the endorsement key (EK) is unique to the TPM and cannot be re-generated. Changing it means actually changing the device itself.
Option B is CORRECT because it is the storage root key (SRK) that is used to identify the owner of the device. It works like a password that can be (and should be) changed when a TPM device is sold to a new owner. The new owner can take ownership of the TPM by generating a new SRK, thus ensuring that the previous owner can`t use the TPM.
Reference: 

https://docs.microsoft.com/en-us/azure/iot-dps/concepts-tpm-attestation