To maintain user privacy, the trust key is not used to sign a machine's configuration for attestation purposes. Instead, the trust key is used to generate unique keys called Attestation Identity Keys (AIKs) which are used to communicate with third parties. The reason AIK keys are used is to ensure user privacy when communicating with different sources. The trust key could be used for this purpose, but because it is unique, it could help link a platform's identity to each source it communicated with. AIKs provide a unique anonymous identity that the TPM can use with each different source. Essentially, the AIK acts as an alias for the approval