Jürgen Repp

@nikolkam I can reproduce the tcti error if i call Tss2_Sys_StarAuthSession with the tpmKey and bind set to 0x80ffffff for an AMD firmware TPM and an Infineon SLB9670 TPM.

@nikolkam In the meantime I found the time to test your program with tpm2-tss and tpm2-pkcs11. I did use the master branches of both and the tpm2-abrmd resource manager. The...

@nikolkam If i use the kernel resource manager I also get tcti errors with your test example. But they occur quite quickly. The number of sign operations until the error...

@nikolkam yes i did run the test on a physical machine. Perhaps a workaround could be to use the tpm2-abrmd resource manager (https://github.com/tpm2-software/tpm2-abrmd). Yes the number of sign operations did...

@nikolkam I must correct my previous comments. * 0x80ffffff is a valid tpm handle produced by the resource manager. A tcti IO error occurs if such a handle is used...

@nikolkam The error 0x901 (TPM2_RC_CONTEXT_GAP) in the kernel resource manager did occur in the kernel function `tpm2_save_context`: ``` [ 401.923826] tpm tpm0: tpm2_save_context: failed with a TPM error 0x0901 [...

@nikolkam Also sorry for late replay. I just sent an e-mail related to this problem to [email protected]

If the key has an auth value you have to use the handle as described in "Using Key Handle" (https://github.com/tpm2-software/tpm2-openssl/blob/master/docs/keys.md)

If the tpm2 tools are installed you can list the session with tpm2_getcap, (-l lists the possibilities). The sessions can be flushed with tpm2_flushcontext (-l for loaded session, -s for...

> And if I am using TPM-TSS I can just use the Esys_FlushContext to clear the HMAC session? yes Esys_FlushContext can be used for this purpose. Or you could use...