Jürgen Repp

Normally the certificate contains public information to verify the identity of the entity associated with the certificate. So sealing should not be necessary. If you want to store it in...

It's difficult to say what's the problem without more information. Did all other commands before Esys_EvictControl was called work without problems and was was the error code?

And what's the error code after creating the EK and calling Esys_EvictControl?

Could you please create a trace to see what exactly happens: TSS2_LOG=all+trace your_programm

The tool command `tpm2_getcap handles-persistent` will list the persistent handles. `tpm2_getcap` uses the esys function `Esys_GetCapability` to find the persistent handles.

@SAO-kirito-asuna sorry I can't help with VC projects because I do not use Windows.

For Esys_EvictControl only the used hierarchy needs to be authorized. You can use Esys_SetPrimaryPolicy or Esys_HierarchyChangeAuth to set the authorization.

There are TPMs which support 3072 bits. You have to set the size in publicArea.parameters.keyBits. FAPI currently does not support serialization of 3072bit public info and currently has no default...

You can check the tss integration test: https://github.com/tpm2-software/tpm2-tss/blob/master/test/integration/esys-nv-ram-ordinary-index.int.c

@visyuvi The integration test should just be an example how the functions `Esys_NV_DefineSpace, Esys_NV_Read, Esys_NV_Write`, and `Esys_NV_UndefineSpace`. You can't call the function `test_invoke_esys` from your main. This file did include...