Seal keys to NV INDEX according to PCR values

[dadiestfish2077]

Ide like to seal a private key to the tpm nv index. Ide like to only be able to read it out if the PCR values match the right PCR policy.

I am performing these commands but getting invalid authorizaton, and I do not know why.

tpm2_changeauth -c o 246 tpm2_pcrread sha256:10 -o pcr.bin tpm2_createpolicy --policy-pcr -l sha256:10 -f pcr.bin -L pcr.policy tpm2_nvdefine -C o -p writepassword -a "authwrite|policyread" -L pcr.bin -L pcr.policy -P 245

tpm2_startauthsession --policy-session -S session.ctx tpm2_policypcr -S session.ctx -l sha256:10 -L policy.pcr tpm2_nvread 0x1000000 -P session:session.ctx

the error is tpm:session(1): a policy check failed.

I have no idea why this fails. any help would be very much appreciated.