Thanks guys, I'll try this but  i also wanted to know if there is a way to know if the TPM still has the EK and AK keys loaded? I have the EK handle and AK handle (not made it persistent) but I want to make sure it's present as these are necessary for ActivateCredential to succeed 
ESys_ActivateCredential complaining about secret parameter doesn't make sense to me, I tested on server side, ak_name is same as that sent and so is EK_PUB object as well as  EK_Cert in nvram, I call the same external_makecredential call that's in the GitHub to create secret and made sure secret,credblob matches on the client side when received from server.

Thanks,
Rahul

On Tue, Mar 17, 2020 at 6:19 AM Imran Desai <imran.desai@intel.com> wrote:
Set this up with all handles in use made persistent. If you still see issues, gdb-break or turn on debug logging at the Esys call and compare the function arguments.
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org
To unsubscribe send an email to tpm2-leave@lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s