[tpm2] tpm2_certify signature verification