I have one finding about the RM and PolicySecret command,
It says in page 10 of the following document
"TCG TSS 2.0 TAB and Resource Manager specification"
The RM performs a mapping from the (unchanging) virtual handle to the (currently assigned) TPM
handle. It replaces the virtual handle with the TPM handle in the TPM command packet.
NOTE: The TPM 2.0 library specification excludes the handle from command stream HMAC calculations to enable this
This means that if the virtual handle and the (currently assigned) TPM differs,
the HMAC calculations for most of the commands go well.
But, the PolicySecret command takes the policy handle to extend as a parameter for HMAC.
If, the virtual handle and the (currently assigned) TPM differs, the HMAC calculations
for this command doesn't go well and produces the error code 0x98e.
Is my understanding right?
If so, is there any workaround?
Thank you in advance.