[Skiboot] [PATCH 06/15] Squashed 'libstb/tss2/ibmtpm20tss/' content from commit c0290205e

Mauro S. M. Rodrigues maurosr at linux.vnet.ibm.com
Sat Jan 25 11:15:01 AEDT 2020


git-subtree-dir: libstb/tss2/ibmtpm20tss
git-subtree-split: c0290205ec88c217a74cb0e0a72b803bbf651b52
---
 .gitignore                                    |  278 +
 AUTHORS                                       |    4 +
 COPYING                                       |    0
 ChangeLog                                     |    0
 INSTALL                                       |  370 +
 LICENSE                                       |   92 +
 Makefile.am                                   |   11 +
 NEWS                                          |    0
 README                                        |  166 +
 configure.ac                                  |  137 +
 demo/.cvsignore                               |    1 +
 demo/IBM-TSS-Demo.doc                         |  Bin 0 -> 89600 bytes
 demo/admin.php                                |  340 +
 demo/block.png                                |  Bin 0 -> 8376 bytes
 demo/demo.css                                 |   28 +
 demo/footer.html                              |    5 +
 demo/halgsha1.inc                             |    6 +
 demo/halgsha256.inc                           |    6 +
 demo/handles.php                              |  179 +
 demo/ibm.png                                  |  Bin 0 -> 1914 bytes
 demo/index.php                                |   75 +
 demo/keycreate.php                            |  287 +
 demo/makefile                                 |   55 +
 demo/makefile-common                          |  240 +
 demo/makefile_dev                             |   55 +
 demo/makefilesha1                             |   53 +
 demo/makefilesha1_dev                         |   55 +
 demo/nav.html                                 |   21 +
 demo/navdev.html                              |   21 +
 demo/nv.php                                   |  223 +
 demo/nvram.php                                |  308 +
 demo/pcr.php                                  |  179 +
 demo/quote.php                                |  239 +
 demo/sign.php                                 |  226 +
 demo/unseal.php                               |  230 +
 ibmtss.doc                                    |  Bin 0 -> 242688 bytes
 ibmtss.html                                   | 3905 +++++++++
 m4/.keepdir                                   |    0
 tpmutils/CommonProperties.props               |   19 +
 tpmutils/CommonPropertiesRelease.props        |   17 +
 .../activatecredential.vcxproj                |   96 +
 .../activatecredential.vcxproj.filters        |   31 +
 tpmutils/certify/certify.vcxproj              |   96 +
 tpmutils/certify/certify.vcxproj.filters      |   31 +
 .../certifycreation/certifycreation.vcxproj   |   94 +
 .../certifycreation.vcxproj.filters           |   28 +
 tpmutils/certifyx509/certifyx509.vcxproj      |  171 +
 .../certifyx509/certifyx509.vcxproj.filters   |   31 +
 tpmutils/changeeps/changeeps.vcxproj          |   97 +
 tpmutils/changeeps/changeeps.vcxproj.filters  |   31 +
 tpmutils/changepps/changepps.vcxproj          |   97 +
 tpmutils/changepps/changepps.vcxproj.filters  |   31 +
 tpmutils/clear/clear.vcxproj                  |   97 +
 tpmutils/clear/clear.vcxproj.filters          |   31 +
 tpmutils/clearcontrol/clearcontrol.vcxproj    |   97 +
 .../clearcontrol/clearcontrol.vcxproj.filters |   31 +
 .../clockrateadjust/clockrateadjust.vcxproj   |   97 +
 .../clockrateadjust.vcxproj.filters           |   31 +
 tpmutils/clockset/clockset.vcxproj            |   97 +
 tpmutils/clockset/clockset.vcxproj.filters    |   31 +
 tpmutils/commit/commit.vcxproj                |   94 +
 tpmutils/commit/commit.vcxproj.filters        |   28 +
 tpmutils/contextload/contextload.vcxproj      |   94 +
 .../contextload/contextload.vcxproj.filters   |   28 +
 tpmutils/contextsave/contextsave.vcxproj      |   94 +
 .../contextsave/contextsave.vcxproj.filters   |   28 +
 tpmutils/create/create.vcxproj                |   98 +
 tpmutils/create/create.vcxproj.filters        |   34 +
 tpmutils/createek/createek.vcxproj            |   98 +
 tpmutils/createek/createek.vcxproj.filters    |   34 +
 tpmutils/createekcert/createekcert.vcxproj    |   98 +
 .../createekcert/createekcert.vcxproj.filters |   34 +
 tpmutils/createloaded/createloaded.vcxproj    |   98 +
 .../createloaded/createloaded.vcxproj.filters |   34 +
 tpmutils/createprimary/createprimary.vcxproj  |   99 +
 .../createprimary.vcxproj.filters             |   34 +
 .../dictionaryattacklockreset.vcxproj         |   97 +
 .../dictionaryattacklockreset.vcxproj.filters |   31 +
 .../dictionaryattackparameters.vcxproj        |   97 +
 ...dictionaryattackparameters.vcxproj.filters |   31 +
 tpmutils/duplicate/duplicate.vcxproj          |   97 +
 tpmutils/duplicate/duplicate.vcxproj.filters  |   31 +
 tpmutils/eccparameters/eccparameters.vcxproj  |   97 +
 .../eccparameters.vcxproj.filters             |   31 +
 tpmutils/ecephemeral/ecephemeral.vcxproj      |   94 +
 .../ecephemeral/ecephemeral.vcxproj.filters   |   28 +
 .../encryptdecrypt/encryptdecrypt.vcxproj     |   97 +
 .../encryptdecrypt.vcxproj.filters            |   27 +
 tpmutils/eventextend/eventextend.vcxproj      |   95 +
 .../eventextend/eventextend.vcxproj.filters   |   31 +
 .../eventsequencecomplete.vcxproj             |   97 +
 .../eventsequencecomplete.vcxproj.filters     |   31 +
 tpmutils/evictcontrol/evictcontrol.vcxproj    |   97 +
 .../evictcontrol/evictcontrol.vcxproj.filters |   31 +
 tpmutils/flushcontext/flushcontext.vcxproj    |   97 +
 .../flushcontext/flushcontext.vcxproj.filters |   31 +
 tpmutils/getcapability/getcapability.vcxproj  |   97 +
 .../getcapability.vcxproj.filters             |   31 +
 .../getcommandauditdigest.vcxproj             |   97 +
 .../getcommandauditdigest.vcxproj.filters     |   31 +
 .../getcryptolibrary/getcryptolibrary.vcxproj |  167 +
 .../getcryptolibrary.vcxproj.filters          |   25 +
 tpmutils/getrandom/getrandom.vcxproj          |   97 +
 tpmutils/getrandom/getrandom.vcxproj.filters  |   31 +
 .../getsessionauditdigest.vcxproj             |   97 +
 .../getsessionauditdigest.vcxproj.filters     |   31 +
 tpmutils/gettestresult/gettestresult.vcxproj  |   94 +
 .../gettestresult.vcxproj.filters             |   28 +
 tpmutils/gettime/gettime.vcxproj              |   97 +
 tpmutils/gettime/gettime.vcxproj.filters      |   31 +
 tpmutils/hash/hash.vcxproj                    |   97 +
 tpmutils/hash/hash.vcxproj.filters            |   31 +
 .../hashsequencestart.vcxproj                 |   97 +
 .../hashsequencestart.vcxproj.filters         |   31 +
 .../hierarchychangeauth.vcxproj               |   97 +
 .../hierarchychangeauth.vcxproj.filters       |   31 +
 .../hierarchycontrol/hierarchycontrol.vcxproj |   97 +
 .../hierarchycontrol.vcxproj.filters          |   31 +
 tpmutils/hmac/hmac.vcxproj                    |   97 +
 tpmutils/hmac/hmac.vcxproj.filters            |   31 +
 tpmutils/hmacstart/hmacstart.vcxproj          |   97 +
 tpmutils/hmacstart/hmacstart.vcxproj.filters  |   31 +
 tpmutils/import/import.vcxproj                |   94 +
 tpmutils/import/import.vcxproj.filters        |   27 +
 tpmutils/importpem/importpem.vcxproj          |   96 +
 tpmutils/importpem/importpem.vcxproj.filters  |   34 +
 tpmutils/load/load.vcxproj                    |   97 +
 tpmutils/load/load.vcxproj.filters            |   31 +
 tpmutils/loadexternal/loadexternal.vcxproj    |   99 +
 .../loadexternal/loadexternal.vcxproj.filters |   34 +
 .../makecredential/makecredential.vcxproj     |   97 +
 .../makecredential.vcxproj.filters            |   31 +
 tpmutils/nvcertify/nvcertify.vcxproj          |  100 +
 tpmutils/nvcertify/nvcertify.vcxproj.filters  |   32 +
 tpmutils/nvchangeauth/nvchangeauth.vcxproj    |   97 +
 .../nvchangeauth/nvchangeauth.vcxproj.filters |   31 +
 tpmutils/nvdefinespace/nvdefinespace.vcxproj  |   97 +
 .../nvdefinespace.vcxproj.filters             |   31 +
 tpmutils/nvextend/nvextend.vcxproj            |   97 +
 tpmutils/nvextend/nvextend.vcxproj.filters    |   31 +
 .../nvglobalwritelock.vcxproj                 |   97 +
 .../nvglobalwritelock.vcxproj.filters         |   31 +
 tpmutils/nvincrement/nvincrement.vcxproj      |   97 +
 .../nvincrement/nvincrement.vcxproj.filters   |   31 +
 tpmutils/nvread/nvread.vcxproj                |   98 +
 tpmutils/nvread/nvread.vcxproj.filters        |   34 +
 tpmutils/nvreadlock/nvreadlock.vcxproj        |   97 +
 .../nvreadlock/nvreadlock.vcxproj.filters     |   31 +
 tpmutils/nvreadpublic/nvreadpublic.vcxproj    |   97 +
 .../nvreadpublic/nvreadpublic.vcxproj.filters |   31 +
 tpmutils/nvsetbits/nvsetbits.vcxproj          |   97 +
 tpmutils/nvsetbits/nvsetbits.vcxproj.filters  |   31 +
 .../nvundefinespace/nvundefinespace.vcxproj   |   97 +
 .../nvundefinespace.vcxproj.filters           |   31 +
 .../nvundefinespacespecial.vcxproj            |   97 +
 .../nvundefinespacespecial.vcxproj.filters    |   31 +
 tpmutils/nvwrite/nvwrite.vcxproj              |   98 +
 tpmutils/nvwrite/nvwrite.vcxproj.filters      |   34 +
 tpmutils/nvwritelock/nvwritelock.vcxproj      |   97 +
 .../nvwritelock/nvwritelock.vcxproj.filters   |   31 +
 .../objectchangeauth/objectchangeauth.vcxproj |   97 +
 .../objectchangeauth.vcxproj.filters          |   31 +
 tpmutils/pcrallocate/pcrallocate.vcxproj      |   97 +
 .../pcrallocate/pcrallocate.vcxproj.filters   |   31 +
 tpmutils/pcrevent/pcrevent.vcxproj            |   97 +
 tpmutils/pcrevent/pcrevent.vcxproj.filters    |   31 +
 tpmutils/pcrextend/pcrextend.vcxproj          |   97 +
 tpmutils/pcrextend/pcrextend.vcxproj.filters  |   31 +
 tpmutils/pcrread/pcrread.vcxproj              |   97 +
 tpmutils/pcrread/pcrread.vcxproj.filters      |   31 +
 tpmutils/pcrreset/pcrreset.vcxproj            |   97 +
 tpmutils/pcrreset/pcrreset.vcxproj.filters    |   31 +
 .../policyauthorize/policyauthorize.vcxproj   |   97 +
 .../policyauthorize.vcxproj.filters           |   31 +
 .../policyauthorizenv.vcxproj                 |   97 +
 .../policyauthorizenv.vcxproj.filters         |   31 +
 .../policyauthvalue/policyauthvalue.vcxproj   |   97 +
 .../policyauthvalue.vcxproj.filters           |   31 +
 .../policycommandcode.vcxproj                 |   97 +
 .../policycommandcode.vcxproj.filters         |   31 +
 .../policycountertimer.vcxproj                |   97 +
 .../policycountertimer.vcxproj.filters        |   31 +
 tpmutils/policycphash/policycphash.vcxproj    |   94 +
 .../policycphash/policycphash.vcxproj.filters |   28 +
 .../policyduplicationselect.vcxproj           |   94 +
 .../policyduplicationselect.vcxproj.filters   |   28 +
 .../policygetdigest/policygetdigest.vcxproj   |   94 +
 .../policygetdigest.vcxproj.filters           |   28 +
 tpmutils/policymaker/policymaker.vcxproj      |   98 +
 .../policymaker/policymaker.vcxproj.filters   |   31 +
 .../policymakerpcr/policymakerpcr.vcxproj     |   98 +
 .../policymakerpcr.vcxproj.filters            |   31 +
 .../policynamehash/policynamehash.vcxproj     |   93 +
 .../policynamehash.vcxproj.filters            |   25 +
 tpmutils/policynv/policynv.vcxproj            |   97 +
 tpmutils/policynv/policynv.vcxproj.filters    |   31 +
 .../policynvwritten/policynvwritten.vcxproj   |   97 +
 .../policynvwritten.vcxproj.filters           |   31 +
 tpmutils/policyor/policyor.vcxproj            |   97 +
 tpmutils/policyor/policyor.vcxproj.filters    |   31 +
 .../policypassword/policypassword.vcxproj     |   97 +
 .../policypassword.vcxproj.filters            |   31 +
 tpmutils/policypcr/policypcr.vcxproj          |   97 +
 tpmutils/policypcr/policypcr.vcxproj.filters  |   31 +
 tpmutils/policyrestart/policyrestart.vcxproj  |   97 +
 .../policyrestart.vcxproj.filters             |   31 +
 tpmutils/policysecret/policysecret.vcxproj    |   97 +
 .../policysecret/policysecret.vcxproj.filters |   31 +
 tpmutils/policysigned/policysigned.vcxproj    |   98 +
 .../policysigned/policysigned.vcxproj.filters |   31 +
 .../policytemplate/policytemplate.vcxproj     |   97 +
 .../policytemplate.vcxproj.filters            |   31 +
 tpmutils/policyticket/policyticket.vcxproj    |   97 +
 .../policyticket/policyticket.vcxproj.filters |   31 +
 tpmutils/powerup/powerup.vcxproj              |   97 +
 tpmutils/powerup/powerup.vcxproj.filters      |   31 +
 tpmutils/printattr/printattr.vcxproj          |  170 +
 tpmutils/printattr/printattr.vcxproj.filters  |   28 +
 tpmutils/publicname/publicname.vcxproj        |   94 +
 .../publicname/publicname.vcxproj.filters     |   28 +
 tpmutils/quote/quote.vcxproj                  |   97 +
 tpmutils/quote/quote.vcxproj.filters          |   31 +
 tpmutils/readclock/readclock.vcxproj          |   97 +
 tpmutils/readclock/readclock.vcxproj.filters  |   31 +
 tpmutils/readpublic/readpublic.vcxproj        |   97 +
 .../readpublic/readpublic.vcxproj.filters     |   31 +
 tpmutils/returncode/returncode.vcxproj        |   97 +
 .../returncode/returncode.vcxproj.filters     |   31 +
 tpmutils/rewrap/rewrap.vcxproj                |   97 +
 tpmutils/rewrap/rewrap.vcxproj.filters        |   31 +
 tpmutils/rsadecrypt/rsadecrypt.vcxproj        |   97 +
 .../rsadecrypt/rsadecrypt.vcxproj.filters     |   31 +
 tpmutils/rsaencrypt/rsaencrypt.vcxproj        |   97 +
 .../rsaencrypt/rsaencrypt.vcxproj.filters     |   31 +
 .../sequencecomplete/sequencecomplete.vcxproj |   97 +
 .../sequencecomplete.vcxproj.filters          |   31 +
 .../sequenceupdate/sequenceupdate.vcxproj     |   97 +
 .../sequenceupdate.vcxproj.filters            |   31 +
 .../setcommandcodeauditstatus.vcxproj         |  168 +
 .../setcommandcodeauditstatus.vcxproj.filters |   28 +
 .../setprimarypolicy/setprimarypolicy.vcxproj |   97 +
 .../setprimarypolicy.vcxproj.filters          |   31 +
 tpmutils/shutdown/shutdown.vcxproj            |   97 +
 tpmutils/shutdown/shutdown.vcxproj.filters    |   31 +
 tpmutils/sign/sign.vcxproj                    |   97 +
 tpmutils/sign/sign.vcxproj.filters            |   31 +
 tpmutils/signapp/signapp.vcxproj              |   98 +
 tpmutils/signapp/signapp.vcxproj.filters      |   34 +
 .../startauthsession/startauthsession.vcxproj |   94 +
 .../startauthsession.vcxproj.filters          |   28 +
 tpmutils/startup/startup.vcxproj              |   94 +
 tpmutils/startup/startup.vcxproj.filters      |   28 +
 tpmutils/stirrandom/stirrandom.vcxproj        |   94 +
 .../stirrandom/stirrandom.vcxproj.filters     |   28 +
 tpmutils/t/t.vcxproj.filters                  |   25 +
 tpmutils/timepacket/timepacket.vcxproj        |  168 +
 .../timepacket/timepacket.vcxproj.filters     |   28 +
 tpmutils/tpm2pem/tpm2pem.vcxproj              |   94 +
 tpmutils/tpm2pem/tpm2pem.vcxproj.filters      |   28 +
 tpmutils/tpmcmd/tpmcmd.vcxproj                |  170 +
 tpmutils/tpmcmd/tpmcmd.vcxproj.filters        |   28 +
 tpmutils/tpmproxy/tpmproxy.vcxproj            |  163 +
 tpmutils/tpmproxy/tpmproxy.vcxproj.filters    |   22 +
 .../tpmpublic2eccpoint.vcxproj                |   94 +
 .../tpmpublic2eccpoint.vcxproj.filters        |   28 +
 tpmutils/tpmutils.sln                         | 1683 ++++
 tpmutils/tss/dllmain.cpp                      |   19 +
 tpmutils/tss/stdafx.h                         |   16 +
 tpmutils/tss/targetver.h                      |    8 +
 tpmutils/tss/tss.vcxproj                      |  119 +
 tpmutils/tss/tss.vcxproj.filters              |   85 +
 tpmutils/unseal/unseal.vcxproj                |   97 +
 tpmutils/unseal/unseal.vcxproj.filters        |   31 +
 .../verifysignature/verifysignature.vcxproj   |   94 +
 .../verifysignature.vcxproj.filters           |   28 +
 tpmutils/writeapp/writeapp.vcxproj            |   95 +
 tpmutils/writeapp/writeapp.vcxproj.filters    |   31 +
 tpmutils/zgen2phase/zgen2phase.vcxproj        |   94 +
 .../zgen2phase/zgen2phase.vcxproj.filters     |   28 +
 utils/CommandAttributeData.c                  |  960 ++
 utils/CommandAttributeData12.c                |  121 +
 utils/CommandAttributes.h                     |  108 +
 utils/Commands.c                              | 2294 +++++
 utils/Commands12.c                            |  599 ++
 utils/Commands12_fp.h                         |   93 +
 utils/Commands_fp.h                           |  505 ++
 utils/Makefile.am                             |  594 ++
 utils/Platform.h                              |  361 +
 utils/Unmarshal.c                             | 4961 +++++++++++
 utils/Unmarshal12.c                           |  542 ++
 utils/activatecredential.c                    |  328 +
 utils/applink.c                               |  107 +
 utils/cakey.pem                               |   30 +
 utils/cakeyecc.pem                            |    7 +
 utils/certificates/.cvsignore                 |    4 +
 .../IFX_TPM_EK_Intermediate_CA_01.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_02.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_03.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_04.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_05.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_08.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_17.pem         |   25 +
 .../IFX_TPM_EK_Intermediate_CA_18.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_20.pem         |   27 +
 .../IFX_TPM_EK_Intermediate_CA_21.pem         |   25 +
 utils/certificates/IFX_TPM_EK_Root_CA.pem     |   26 +
 ..._TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem |   25 +
 ...n_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem |   25 +
 ...C_Manufacturing_CA_011.crt-C-v01_00-EN.pem |   20 +
 ...A_Manufacturing_CA_011.crt-C-v01_00-EN.pem |   33 +
 ...M1.2_VRSN_root_certificate-C-v01_00-EN.pem |   24 +
 .../Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem  |   15 +
 ...n-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem |   25 +
 ...-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem |   25 +
 ...-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem |   25 +
 ...-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem |   25 +
 ...-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem |   25 +
 ...-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem |   25 +
 .../Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem  |   33 +
 utils/certificates/InfineonECCChain010.pem    |   35 +
 .../InfineonOPTIGAECCManufacturingCA010.pem   |   20 +
 .../InfineonOPTIGARSAManufacturingCA010.pem   |   33 +
 utils/certificates/InfineonRSAChain010.pem    |   66 +
 utils/certificates/IntelEKIntermediate.pem    |   23 +
 utils/certificates/IntelEKRootCA.pem          |   16 +
 utils/certificates/NationZEkMfrCA001.crt      |   20 +
 utils/certificates/NationZEkMfrCA002.crt      |   20 +
 utils/certificates/NationZEkMfrCA003.crt      |   20 +
 utils/certificates/NationZEkRootCA.crt        |   15 +
 utils/certificates/NuvotonTPMRootCA0100.pem   |   13 +
 utils/certificates/NuvotonTPMRootCA1110.pem   |   13 +
 utils/certificates/NuvotonTPMRootCA2110.pem   |   13 +
 utils/certificates/cacert.pem                 |   21 +
 utils/certificates/cacertecc.pem              |   13 +
 utils/certificates/gstpmroot.pem              |   23 +
 utils/certificates/rootcerts.txt              |   49 +
 utils/certificates/rootcerts.windows.txt      |   49 +
 utils/certificates/stmtpmeccint01.pem         |   15 +
 utils/certificates/stmtpmeccroot01.pem        |   17 +
 utils/certificates/stmtpmekint01.pem          |   23 +
 utils/certificates/stmtpmekint02.pem          |   23 +
 utils/certificates/stmtpmekint03.pem          |   23 +
 utils/certificates/stmtpmekint04.pem          |   23 +
 utils/certificates/stmtpmekint05.pem          |   23 +
 utils/certificates/stmtpmekroot.pem           |   24 +
 utils/certificates/tpmeccroot.pem             |   17 +
 utils/certify.c                               |  409 +
 utils/certifycreation.c                       |  453 +
 utils/certifyx509.c                           | 1497 ++++
 utils/changeeps.c                             |  216 +
 utils/changepps.c                             |  216 +
 utils/clear.c                                 |  238 +
 utils/clearcontrol.c                          |  258 +
 utils/clockrateadjust.c                       |  260 +
 utils/clockset.c                              |  310 +
 utils/commit.c                                |  395 +
 utils/contextload.c                           |  146 +
 utils/contextsave.c                           |  162 +
 utils/create.c                                |  702 ++
 utils/createek.c                              |  294 +
 utils/createekcert.c                          |  488 ++
 utils/createloaded.c                          |  620 ++
 utils/createprimary.c                         |  791 ++
 utils/cryptoutils.c                           | 2069 +++++
 utils/cryptoutils.h                           |  333 +
 utils/dictionaryattacklockreset.c             |  216 +
 utils/dictionaryattackparameters.c            |  255 +
 utils/duplicate.c                             |  353 +
 utils/eccparameters.c                         |  172 +
 utils/ecephemeral.c                           |  195 +
 utils/ekutils.c                               | 2314 +++++
 utils/ekutils.h                               |  258 +
 utils/encryptdecrypt.c                        |  363 +
 utils/eventextend.c                           |  390 +
 utils/eventlib.c                              | 1089 +++
 utils/eventlib.h                              |  211 +
 utils/eventsequencecomplete.c                 |  399 +
 utils/evictcontrol.c                          |  279 +
 utils/flushcontext.c                          |  143 +
 utils/getcapability.c                         |  819 ++
 utils/getcommandauditdigest.c                 |  393 +
 utils/getcryptolibrary.c                      |   60 +
 utils/getrandom.c                             |  295 +
 utils/getsessionauditdigest.c                 |  389 +
 utils/gettestresult.c                         |  206 +
 utils/gettime.c                               |  393 +
 utils/hash.c                                  |  310 +
 utils/hashsequencestart.c                     |  253 +
 utils/hierarchychangeauth.c                   |  358 +
 utils/hierarchycontrol.c                      |  291 +
 utils/hmac.c                                  |  356 +
 utils/hmacstart.c                             |  278 +
 utils/ibmtss/ActivateCredential_fp.h          |   88 +
 utils/ibmtss/ActivateIdentity_fp.h            |   64 +
 utils/ibmtss/BaseTypes.h                      |   85 +
 utils/ibmtss/CertifyCreation_fp.h             |   95 +
 utils/ibmtss/CertifyX509_fp.h                 |   91 +
 utils/ibmtss/Certify_fp.h                     |   93 +
 utils/ibmtss/ChangeEPS_fp.h                   |   79 +
 utils/ibmtss/ChangePPS_fp.h                   |   79 +
 utils/ibmtss/ClearControl_fp.h                |   79 +
 utils/ibmtss/Clear_fp.h                       |   78 +
 utils/ibmtss/ClockRateAdjust_fp.h             |   81 +
 utils/ibmtss/ClockSet_fp.h                    |   81 +
 utils/ibmtss/Commit_fp.h                      |   94 +
 utils/ibmtss/ContextLoad_fp.h                 |   84 +
 utils/ibmtss/ContextSave_fp.h                 |   84 +
 utils/ibmtss/CreateEndorsementKeyPair_fp.h    |   64 +
 utils/ibmtss/CreateLoaded_fp.h                |   90 +
 utils/ibmtss/CreatePrimary_fp.h               |   96 +
 utils/ibmtss/CreateWrapKey_fp.h               |   65 +
 utils/ibmtss/Create_fp.h                      |   96 +
 utils/ibmtss/DictionaryAttackLockReset_fp.h   |   79 +
 utils/ibmtss/DictionaryAttackParameters_fp.h  |   86 +
 utils/ibmtss/Duplicate_fp.h                   |   91 +
 utils/ibmtss/ECC_Parameters_fp.h              |   84 +
 utils/ibmtss/ECDH_KeyGen_fp.h                 |   85 +
 utils/ibmtss/ECDH_ZGen_fp.h                   |   86 +
 utils/ibmtss/EC_Ephemeral_fp.h                |   84 +
 utils/ibmtss/EncryptDecrypt2_fp.h             |   93 +
 utils/ibmtss/EncryptDecrypt_fp.h              |   93 +
 utils/ibmtss/EventSequenceComplete_fp.h       |   88 +
 utils/ibmtss/EvictControl_fp.h                |   82 +
 utils/ibmtss/Extend_fp.h                      |   64 +
 utils/ibmtss/FlushContext_fp.h                |   78 +
 utils/ibmtss/FlushSpecific_fp.h               |   58 +
 utils/ibmtss/GetCapability12_fp.h             |   65 +
 utils/ibmtss/GetCapability_fp.h               |   90 +
 utils/ibmtss/GetCommandAuditDigest_fp.h       |   91 +
 utils/ibmtss/GetRandom_fp.h                   |   84 +
 utils/ibmtss/GetSessionAuditDigest_fp.h       |   93 +
 utils/ibmtss/GetTestResult_fp.h               |   79 +
 utils/ibmtss/GetTime_fp.h                     |   91 +
 utils/ibmtss/HMAC_Start_fp.h                  |   88 +
 utils/ibmtss/HMAC_fp.h                        |   88 +
 utils/ibmtss/HashSequenceStart_fp.h           |   88 +
 utils/ibmtss/Hash_fp.h                        |   89 +
 utils/ibmtss/HierarchyChangeAuth_fp.h         |   80 +
 utils/ibmtss/HierarchyControl_fp.h            |   83 +
 utils/ibmtss/Implementation.h                 | 1446 +++
 utils/ibmtss/Import_fp.h                      |   93 +
 utils/ibmtss/IncrementalSelfTest_fp.h         |   84 +
 utils/ibmtss/LoadExternal_fp.h                |   87 +
 utils/ibmtss/LoadKey2_fp.h                    |   66 +
 utils/ibmtss/Load_fp.h                        |   88 +
 utils/ibmtss/MakeCredential_fp.h              |   89 +
 utils/ibmtss/MakeIdentity_fp.h                |   66 +
 utils/ibmtss/NTC_fp.h                         |   52 +
 utils/ibmtss/NV_Certify_fp.h                  |   98 +
 utils/ibmtss/NV_ChangeAuth_fp.h               |   81 +
 utils/ibmtss/NV_DefineSpace12_fp.h            |   52 +
 utils/ibmtss/NV_DefineSpace_fp.h              |   83 +
 utils/ibmtss/NV_Extend_fp.h                   |   83 +
 utils/ibmtss/NV_GlobalWriteLock_fp.h          |   79 +
 utils/ibmtss/NV_Increment_fp.h                |   81 +
 utils/ibmtss/NV_ReadLock_fp.h                 |   81 +
 utils/ibmtss/NV_ReadPublic_fp.h               |   85 +
 utils/ibmtss/NV_ReadValueAuth_fp.h            |   65 +
 utils/ibmtss/NV_ReadValue_fp.h                |   65 +
 utils/ibmtss/NV_Read_fp.h                     |   89 +
 utils/ibmtss/NV_SetBits_fp.h                  |   83 +
 utils/ibmtss/NV_UndefineSpaceSpecial_fp.h     |   81 +
 utils/ibmtss/NV_UndefineSpace_fp.h            |   81 +
 utils/ibmtss/NV_WriteLock_fp.h                |   81 +
 utils/ibmtss/NV_WriteValueAuth_fp.h           |   57 +
 utils/ibmtss/NV_WriteValue_fp.h               |   55 +
 utils/ibmtss/NV_Write_fp.h                    |   85 +
 utils/ibmtss/OIAP_fp.h                        |   78 +
 utils/ibmtss/OSAP_fp.h                        |   60 +
 utils/ibmtss/ObjectChangeAuth_fp.h            |   89 +
 utils/ibmtss/OwnerReadInternalPub_fp.h        |   62 +
 utils/ibmtss/OwnerSetDisable_fp.h             |   50 +
 utils/ibmtss/PCR_Allocate_fp.h                |   89 +
 utils/ibmtss/PCR_Event_fp.h                   |   85 +
 utils/ibmtss/PCR_Extend_fp.h                  |   81 +
 utils/ibmtss/PCR_Read_fp.h                    |   85 +
 utils/ibmtss/PCR_Reset12_fp.h                 |   51 +
 utils/ibmtss/PCR_Reset_fp.h                   |   78 +
 utils/ibmtss/PCR_SetAuthPolicy_fp.h           |   85 +
 utils/ibmtss/PCR_SetAuthValue_fp.h            |   81 +
 utils/ibmtss/PP_Commands_fp.h                 |   80 +
 utils/ibmtss/Parameters.h                     |  386 +
 utils/ibmtss/Parameters12.h                   |   68 +
 utils/ibmtss/PcrRead12_fp.h                   |   56 +
 utils/ibmtss/PolicyAuthValue_fp.h             |   79 +
 utils/ibmtss/PolicyAuthorizeNV_fp.h           |   81 +
 utils/ibmtss/PolicyAuthorize_fp.h             |   86 +
 utils/ibmtss/PolicyCommandCode_fp.h           |   80 +
 utils/ibmtss/PolicyCounterTimer_fp.h          |   85 +
 utils/ibmtss/PolicyCpHash_fp.h                |   81 +
 utils/ibmtss/PolicyDuplicationSelect_fp.h     |   85 +
 utils/ibmtss/PolicyGetDigest_fp.h             |   84 +
 utils/ibmtss/PolicyLocality_fp.h              |   81 +
 utils/ibmtss/PolicyNV_fp.h                    |   88 +
 utils/ibmtss/PolicyNameHash_fp.h              |   81 +
 utils/ibmtss/PolicyNvWritten_fp.h             |   81 +
 utils/ibmtss/PolicyOR_fp.h                    |   81 +
 utils/ibmtss/PolicyPCR_fp.h                   |   82 +
 utils/ibmtss/PolicyPassword_fp.h              |   79 +
 utils/ibmtss/PolicyPhysicalPresence_fp.h      |   78 +
 utils/ibmtss/PolicyRestart_fp.h               |   79 +
 utils/ibmtss/PolicySecret_fp.h                |   95 +
 utils/ibmtss/PolicySigned_fp.h                |   96 +
 utils/ibmtss/PolicyTemplate_fp.h              |   81 +
 utils/ibmtss/PolicyTicket_fp.h                |   89 +
 utils/ibmtss/Quote2_fp.h                      |   69 +
 utils/ibmtss/Quote_fp.h                       |   91 +
 utils/ibmtss/RSA_Decrypt_fp.h                 |   90 +
 utils/ibmtss/RSA_Encrypt_fp.h                 |   89 +
 utils/ibmtss/ReadClock_fp.h                   |   77 +
 utils/ibmtss/ReadPubek_fp.h                   |   63 +
 utils/ibmtss/ReadPublic_fp.h                  |   84 +
 utils/ibmtss/Rewrap_fp.h                      |   92 +
 utils/ibmtss/SelfTest_fp.h                    |   78 +
 utils/ibmtss/SequenceComplete_fp.h            |   92 +
 utils/ibmtss/SequenceUpdate_fp.h              |   82 +
 utils/ibmtss/SetAlgorithmSet_fp.h             |   81 +
 utils/ibmtss/SetCommandCodeAuditStatus_fp.h   |   84 +
 utils/ibmtss/SetPrimaryPolicy_fp.h            |   79 +
 utils/ibmtss/Shutdown_fp.h                    |   79 +
 utils/ibmtss/Sign12_fp.h                      |   65 +
 utils/ibmtss/Sign_fp.h                        |   89 +
 utils/ibmtss/StartAuthSession_fp.h            |   97 +
 utils/ibmtss/Startup12_fp.h                   |   50 +
 utils/ibmtss/Startup_fp.h                     |   84 +
 utils/ibmtss/StirRandom_fp.h                  |   78 +
 utils/ibmtss/TPMB.h                           |  104 +
 utils/ibmtss/TPM_Types.h                      | 2825 ++++++
 utils/ibmtss/TakeOwnership_fp.h               |   67 +
 utils/ibmtss/TestParms_fp.h                   |   79 +
 utils/ibmtss/TpmBuildSwitches.h               |   87 +
 utils/ibmtss/Unmarshal12_fp.h                 |   94 +
 utils/ibmtss/Unmarshal_fp.h                   |  696 ++
 utils/ibmtss/Unseal_fp.h                      |   83 +
 utils/ibmtss/VerifySignature_fp.h             |   88 +
 utils/ibmtss/ZGen_2Phase_fp.h                 |   93 +
 utils/ibmtss/tpmconstants12.h                 | 1721 ++++
 utils/ibmtss/tpmstructures12.h                | 2482 ++++++
 utils/ibmtss/tpmtypes12.h                     |  148 +
 utils/ibmtss/tss.h                            |  112 +
 utils/ibmtss/tsscrypto.h                      |  164 +
 utils/ibmtss/tsscryptoh.h                     |  107 +
 utils/ibmtss/tsserror.h                       |  115 +
 utils/ibmtss/tsserror12.h                     |  248 +
 utils/ibmtss/tssfile.h                        |   95 +
 utils/ibmtss/tssmarshal.h                     | 1628 ++++
 utils/ibmtss/tssmarshal12.h                   |  192 +
 utils/ibmtss/tssprint.h                       |  288 +
 utils/ibmtss/tssprintcmd.h                    |  172 +
 utils/ibmtss/tssresponsecode.h                |   62 +
 utils/ibmtss/tsstransmit.h                    |   80 +
 utils/ibmtss/tssutils.h                       |   98 +
 utils/imaextend.c                             |  436 +
 utils/imalib.c                                | 1486 ++++
 utils/imalib.h                                |  182 +
 utils/import.c                                |  377 +
 utils/importpem.c                             |  482 +
 utils/load.c                                  |  280 +
 utils/loadexternal.c                          |  542 ++
 utils/makecredential.c                        |  303 +
 utils/makefile-common                         |   99 +
 utils/makefile-common12                       |   70 +
 utils/makefile-common20                       |  180 +
 utils/makefile.mac                            |  454 +
 utils/makefile.mak                            |  255 +
 utils/makefile.min                            |  178 +
 utils/makefile.nofile                         |  243 +
 utils/makefiletpm12                           |  265 +
 utils/makefiletpm20                           |  494 ++
 utils/makefiletpmc                            |  515 ++
 utils/man/man1/tssactivatecredential.1        |   41 +
 utils/man/man1/tsscertify.1                   |   46 +
 utils/man/man1/tsscertifycreation.1           |   49 +
 utils/man/man1/tsscertifyx509.1               |   68 +
 utils/man/man1/tsschangeeps.1                 |   16 +
 utils/man/man1/tsschangepps.1                 |   16 +
 utils/man/man1/tssclear.1                     |   20 +
 utils/man/man1/tssclearcontrol.1              |   23 +
 utils/man/man1/tssclockrateadjust.1           |   22 +
 utils/man/man1/tssclockset.1                  |   31 +
 utils/man/man1/tsscommit.1                    |   46 +
 utils/man/man1/tsscontextload.1               |   11 +
 utils/man/man1/tsscontextsave.1               |   14 +
 utils/man/man1/tsscreate.1                    |  122 +
 utils/man/man1/tsscreateek.1                  |   33 +
 utils/man/man1/tsscreateekcert.1              |   40 +
 utils/man/man1/tsscreateloaded.1              |  123 +
 utils/man/man1/tsscreateprimary.1             |  126 +
 utils/man/man1/tssdictionaryattacklockreset.1 |   16 +
 .../man/man1/tssdictionaryattackparameters.1  |   25 +
 utils/man/man1/tssduplicate.1                 |   43 +
 utils/man/man1/tsseccparameters.1             |   16 +
 utils/man/man1/tssecephemeral.1               |   20 +
 utils/man/man1/tssencryptdecrypt.1            |   37 +
 utils/man/man1/tsseventextend.1               |   29 +
 utils/man/man1/tsseventsequencecomplete.1     |   40 +
 utils/man/man1/tssevictcontrol.1              |   29 +
 utils/man/man1/tssflushcontext.1              |   11 +
 utils/man/man1/tssgetcapability.1             |   58 +
 utils/man/man1/tssgetcommandauditdigest.1     |   43 +
 utils/man/man1/tssgetrandom.1                 |   29 +
 utils/man/man1/tssgetsessionauditdigest.1     |   46 +
 utils/man/man1/tssgettestresult.1             |   16 +
 utils/man/man1/tssgettime.1                   |   43 +
 utils/man/man1/tsshash.1                      |   30 +
 utils/man/man1/tsshashsequencestart.1         |   23 +
 utils/man/man1/tsshierarchychangeauth.1       |   32 +
 utils/man/man1/tsshierarchycontrol.1          |   25 +
 utils/man/man1/tsshmac.1                      |   37 +
 utils/man/man1/tsshmacstart.1                 |   25 +
 utils/man/man1/tssimaextend.1                 |   37 +
 utils/man/man1/tssimport.1                    |   43 +
 utils/man/man1/tssimportpem.1                 |   66 +
 utils/man/man1/tssload.1                      |   31 +
 utils/man/man1/tssloadexternal.1              |   73 +
 utils/man/man1/tssmakecredential.1            |   34 +
 utils/man/man1/tssntc2getconfig.1             |   19 +
 utils/man/man1/tssntc2lockconfig.1            |   10 +
 utils/man/man1/tssntc2preconfig.1             |   67 +
 utils/man/man1/tssnvcertify.1                 |   52 +
 utils/man/man1/tssnvchangeauth.1              |   25 +
 utils/man/man1/tssnvdefinespace.1             |  101 +
 utils/man/man1/tssnvextend.1                  |   28 +
 utils/man/man1/tssnvglobalwritelock.1         |   19 +
 utils/man/man1/tssnvincrement.1               |   19 +
 utils/man/man1/tssnvread.1                    |   50 +
 utils/man/man1/tssnvreadlock.1                |   22 +
 utils/man/man1/tssnvreadpublic.1              |   36 +
 utils/man/man1/tssnvsetbits.1                 |   22 +
 utils/man/man1/tssnvundefinespace.1           |   23 +
 utils/man/man1/tssnvundefinespacespecial.1    |   22 +
 utils/man/man1/tssnvwrite.1                   |   40 +
 utils/man/man1/tssnvwritelock.1               |   22 +
 utils/man/man1/tssobjectchangeauth.1          |   34 +
 utils/man/man1/tsspcrallocate.1               |   25 +
 utils/man/man1/tsspcrevent.1                  |   29 +
 utils/man/man1/tsspcrextend.1                 |   21 +
 utils/man/man1/tsspcrread.1                   |   36 +
 utils/man/man1/tsspcrreset.1                  |   11 +
 utils/man/man1/tsspolicyauthorize.1           |   31 +
 utils/man/man1/tsspolicyauthorizenv.1         |   26 +
 utils/man/man1/tsspolicyauthvalue.1           |   11 +
 utils/man/man1/tsspolicycommandcode.1         |   14 +
 utils/man/man1/tsspolicycountertimer.1        |   67 +
 utils/man/man1/tsspolicycphash.1              |   22 +
 utils/man/man1/tsspolicyduplicationselect.1   |   28 +
 utils/man/man1/tsspolicygetdigest.1           |   14 +
 utils/man/man1/tsspolicymaker.1               |   25 +
 utils/man/man1/tsspolicymakerpcr.1            |   29 +
 utils/man/man1/tsspolicynamehash.1            |   22 +
 utils/man/man1/tsspolicynv.1                  |   77 +
 utils/man/man1/tsspolicynvwritten.1           |   22 +
 utils/man/man1/tsspolicyor.1                  |   14 +
 utils/man/man1/tsspolicypassword.1            |   11 +
 utils/man/man1/tsspolicypcr.1                 |   18 +
 utils/man/man1/tsspolicyrestart.1             |   11 +
 utils/man/man1/tsspolicysecret.1              |   46 +
 utils/man/man1/tsspolicysigned.1              |   46 +
 utils/man/man1/tsspolicytemplate.1            |   14 +
 utils/man/man1/tsspolicyticket.1              |   30 +
 utils/man/man1/tsspowerup.1                   |    8 +
 utils/man/man1/tssprintattr.1                 |   16 +
 utils/man/man1/tsspublicname.1                |   63 +
 utils/man/man1/tssquote.1                     |   46 +
 utils/man/man1/tssreadclock.1                 |   14 +
 utils/man/man1/tssreadpublic.1                |   32 +
 utils/man/man1/tssreturncode.1                |    9 +
 utils/man/man1/tssrewrap.1                    |   43 +
 utils/man/man1/tssrsadecrypt.1                |   33 +
 utils/man/man1/tssrsaencrypt.1                |   17 +
 utils/man/man1/tsssequencecomplete.1          |   34 +
 utils/man/man1/tsssequenceupdate.1            |   22 +
 utils/man/man1/tsssetcommandcodeauditstatus.1 |   31 +
 utils/man/man1/tsssetprimarypolicy.1          |   28 +
 utils/man/man1/tssshutdown.1                  |   14 +
 utils/man/man1/tsssign.1                      |   48 +
 utils/man/man1/tsssignapp.1                   |   15 +
 utils/man/man1/tssstartauthsession.1          |   37 +
 utils/man/man1/tssstartup.1                   |   20 +
 utils/man/man1/tssstirrandom.1                |   11 +
 utils/man/man1/tsstimepacket.1                |   14 +
 utils/man/man1/tsstpm2pem.1                   |   14 +
 utils/man/man1/tsstpmcmd.1                    |   11 +
 utils/man/man1/tsstpmpublic2eccpoint.1        |   17 +
 utils/man/man1/tssunseal.1                    |   25 +
 utils/man/man1/tssverifysignature.1           |   59 +
 utils/man/man1/tsswriteapp.1                  |   15 +
 utils/man/man1/tsszgen2phase.1                |   47 +
 utils/ntc2getconfig.c                         |  199 +
 utils/ntc2lib.c                               |  210 +
 utils/ntc2lib.h                               |  116 +
 utils/ntc2lockconfig.c                        |  135 +
 utils/ntc2preconfig.c                         |  579 ++
 utils/nvcertify.c                             |  449 +
 utils/nvchangeauth.c                          |  255 +
 utils/nvdefinespace.c                         |  591 ++
 utils/nvextend.c                              |  274 +
 utils/nvglobalwritelock.c                     |  237 +
 utils/nvincrement.c                           |  233 +
 utils/nvread.c                                |  483 +
 utils/nvreadlock.c                            |  260 +
 utils/nvreadpublic.c                          |  351 +
 utils/nvsetbits.c                             |  254 +
 utils/nvundefinespace.c                       |  258 +
 utils/nvundefinespacespecial.c                |  244 +
 utils/nvwrite.c                               |  415 +
 utils/nvwritelock.c                           |  259 +
 utils/objectchangeauth.c                      |  328 +
 utils/objecttemplates.c                       |  567 ++
 utils/objecttemplates.h                       |  107 +
 utils/pcrallocate.c                           |  342 +
 utils/pcrevent.c                              |  317 +
 utils/pcrextend.c                             |  269 +
 utils/pcrread.c                               |  437 +
 utils/pcrreset.c                              |  144 +
 utils/policies/Policies.txt                   |  138 +
 utils/policies/aaa                            |    1 +
 utils/policies/bits48321601.bin               |  Bin 0 -> 8 bytes
 utils/policies/msgtpmgen.bin                  |    1 +
 utils/policies/nvwriteahasha.bin              |  Bin 0 -> 36 bytes
 utils/policies/nvwriteahasha.txt              |    1 +
 utils/policies/nvwriteahashb.bin              |  Bin 0 -> 36 bytes
 utils/policies/nvwriteahashb.txt              |    1 +
 utils/policies/nvwritecphasha.bin             |    1 +
 utils/policies/nvwritecphasha.txt             |    1 +
 utils/policies/nvwritecphashb.bin             |    1 +
 utils/policies/nvwritecphashb.txt             |    1 +
 utils/policies/p256privkey.pem                |    5 +
 utils/policies/p256pubkey.pem                 |    4 +
 utils/policies/pnhnamehash.bin                |    1 +
 utils/policies/pnhnamehash.txt                |    1 +
 utils/policies/policyauthorizenv-unseal.bin   |    1 +
 utils/policies/policyauthorizenv-unseal.txt   |    2 +
 utils/policies/policyauthorizenv.bin          |    1 +
 utils/policies/policyauthorizenv.txt          |    1 +
 utils/policies/policyauthorizesha1.bin        |    2 +
 utils/policies/policyauthorizesha1.txt        |    2 +
 utils/policies/policyauthorizesha256.bin      |    1 +
 utils/policies/policyauthorizesha256.txt      |    2 +
 utils/policies/policyauthorizesha384.bin      |    2 +
 utils/policies/policyauthorizesha384.txt      |    2 +
 utils/policies/policyauthorizesha512.bin      |    1 +
 utils/policies/policyauthorizesha512.txt      |    2 +
 utils/policies/policyccactivate.bin           |    1 +
 utils/policies/policyccactivate.txt           |    1 +
 utils/policies/policycccertify.bin            |    1 +
 utils/policies/policycccertify.txt            |    1 +
 utils/policies/policycccreate-auth.bin        |    1 +
 utils/policies/policycccreate-auth.txt        |    2 +
 utils/policies/policyccduplicate.bin          |    1 +
 utils/policies/policyccduplicate.txt          |    1 +
 utils/policies/policyccnvchangeauth-auth.bin  |    1 +
 utils/policies/policyccnvchangeauth-auth.txt  |    2 +
 utils/policies/policyccquote.bin              |    1 +
 utils/policies/policyccquote.txt              |    1 +
 utils/policies/policyccsign-auth.bin          |    1 +
 utils/policies/policyccsign-auth.txt          |    2 +
 utils/policies/policyccsign.bin               |    2 +
 utils/policies/policyccsign.txt               |    1 +
 .../policyccundefinespacespecial-auth.bin     |    1 +
 .../policyccundefinespacespecial-auth.txt     |    2 +
 utils/policies/policycountertimer.bin         |    1 +
 utils/policies/policycountertimer.txt         |    1 +
 utils/policies/policycphash.bin               |    1 +
 utils/policies/policycphash.txt               |    1 +
 utils/policies/policycphashhash.bin           |    1 +
 utils/policies/policycphashhash.txt           |  Bin 0 -> 9 bytes
 utils/policies/policydupsel-no.bin            |    1 +
 utils/policies/policydupsel-no.txt            |    1 +
 utils/policies/policydupsel-yes.bin           |    1 +
 utils/policies/policydupsel-yes.txt           |    1 +
 utils/policies/policyiwgek.txt                |    2 +
 utils/policies/policyiwgekbsha256.bin         |    2 +
 utils/policies/policyiwgekbsha256.txt         |    1 +
 utils/policies/policyiwgekbsha384.bin         |  Bin 0 -> 48 bytes
 utils/policies/policyiwgekbsha384.txt         |    1 +
 utils/policies/policyiwgekbsha512.bin         |    1 +
 utils/policies/policyiwgekbsha512.txt         |    1 +
 utils/policies/policyiwgekcsha256.bin         |    1 +
 utils/policies/policyiwgekcsha256.txt         |    1 +
 utils/policies/policyiwgekcsha384.bin         |    1 +
 utils/policies/policyiwgekcsha384.txt         |    1 +
 utils/policies/policyiwgekcsha512.bin         |    1 +
 utils/policies/policyiwgekcsha512.txt         |    1 +
 utils/policies/policyiwgeksha256.bin          |    1 +
 utils/policies/policyiwgeksha384.bin          |    1 +
 utils/policies/policyiwgeksha512.bin          |    1 +
 utils/policies/policynamehash.bin             |  Bin 0 -> 32 bytes
 utils/policies/policynamehash.txt             |    1 +
 utils/policies/policynvargs.txt               |  Bin 0 -> 13 bytes
 utils/policies/policynvnv.bin                 |  Bin 0 -> 20 bytes
 utils/policies/policynvnv.txt                 |    1 +
 utils/policies/policyor.bin                   |    1 +
 utils/policies/policyor.txt                   |    1 +
 utils/policies/policyorwrittensigned.bin      |  Bin 0 -> 32 bytes
 utils/policies/policyorwrittensigned.txt      |    1 +
 utils/policies/policypcr.bin                  |    1 +
 utils/policies/policypcr0.bin                 |  Bin 0 -> 20 bytes
 utils/policies/policypcr0.txt                 |    1 +
 utils/policies/policypcr1623aaasha1.bin       |    1 +
 utils/policies/policypcr1623aaasha256.bin     |    1 +
 utils/policies/policypcr1623aaasha384.bin     |    1 +
 utils/policies/policypcr1623aaasha512.bin     |    1 +
 utils/policies/policypcr16aaasha1.bin         |    1 +
 utils/policies/policypcr16aaasha1.txt         |    1 +
 utils/policies/policypcr16aaasha256.bin       |    1 +
 utils/policies/policypcr16aaasha256.txt       |    1 +
 utils/policies/policypcr16aaasha384.bin       |  Bin 0 -> 48 bytes
 utils/policies/policypcr16aaasha384.txt       |    1 +
 utils/policies/policypcr16aaasha512.bin       |    1 +
 utils/policies/policypcr16aaasha512.txt       |    1 +
 utils/policies/policypcrbm0.bin               |    1 +
 utils/policies/policysecretnv.bin             |  Bin 0 -> 32 bytes
 utils/policies/policysecretnv.txt             |    2 +
 utils/policies/policysecretnvpf.bin           |    1 +
 utils/policies/policysecretnvpf.txt           |    2 +
 utils/policies/policysecretnvpp.bin           |    1 +
 utils/policies/policysecretnvpp.txt           |    2 +
 utils/policies/policysecretp.bin              |    1 +
 utils/policies/policysecretp.txt              |    2 +
 utils/policies/policysecretpsha256.bin        |    1 +
 utils/policies/policysecretpsha256ha.bin      |  Bin 0 -> 34 bytes
 utils/policies/policysecretpsha384.bin        |  Bin 0 -> 48 bytes
 utils/policies/policysecretpsha384ha.bin      |  Bin 0 -> 50 bytes
 utils/policies/policysecretpsha512.bin        |    1 +
 utils/policies/policysecretpsha512ha.bin      |  Bin 0 -> 66 bytes
 utils/policies/policysecretsha256.bin         |    1 +
 utils/policies/policysecretsha256.txt         |    2 +
 utils/policies/policysignedsha1.bin           |    1 +
 utils/policies/policysignedsha1.txt           |    2 +
 utils/policies/policysignedsha256.bin         |    1 +
 utils/policies/policysignedsha256.txt         |    2 +
 utils/policies/policysignedsha384.bin         |    1 +
 utils/policies/policysignedsha384.txt         |    2 +
 utils/policies/policysignedsha512.bin         |    1 +
 utils/policies/policysignedsha512.txt         |    2 +
 utils/policies/policytemplate.bin             |    1 +
 utils/policies/policytemplate.txt             |    1 +
 utils/policies/policytemplatehash.bin         |    1 +
 utils/policies/policytemplatehash.txt         |    1 +
 utils/policies/policywrittenclrsigned.bin     |    1 +
 utils/policies/policywrittenclrsigned.txt     |    3 +
 utils/policies/policywrittenset.bin           |    1 +
 utils/policies/policywrittenset.txt           |    1 +
 utils/policies/policywrittensetsigned.bin     |    3 +
 utils/policies/policywrittensetsigned.txt     |    3 +
 utils/policies/rsaprivkey.der                 |  Bin 0 -> 1191 bytes
 utils/policies/rsaprivkey.pem                 |   30 +
 utils/policies/rsapubkey.pem                  |    9 +
 utils/policies/sha1.bin                       |  Bin 0 -> 2 bytes
 utils/policies/sha1aaa.bin                    |    1 +
 utils/policies/sha1extaaa.bin                 |    1 +
 utils/policies/sha1extaaa0.bin                |    1 +
 utils/policies/sha1exthaaa.bin                |    1 +
 utils/policies/sha256.bin                     |  Bin 0 -> 2 bytes
 utils/policies/sha256aaa.bin                  |    1 +
 utils/policies/sha256extaaa.bin               |    1 +
 utils/policies/sha256extaaa0.bin              |    1 +
 utils/policies/sha256exthaaa.bin              |    1 +
 utils/policies/sha384.bin                     |  Bin 0 -> 2 bytes
 utils/policies/sha384aaa.bin                  |    2 +
 utils/policies/sha384extaaa.bin               |    1 +
 utils/policies/sha384extaaa0.bin              |  Bin 0 -> 48 bytes
 utils/policies/sha384exthaaa.bin              |    1 +
 utils/policies/sha512.bin                     |  Bin 0 -> 2 bytes
 utils/policies/sha512aaa.bin                  |    1 +
 utils/policies/sha512extaaa.bin               |    1 +
 utils/policies/sha512extaaa0.bin              |  Bin 0 -> 64 bytes
 utils/policies/sha512exthaaa.bin              |    1 +
 utils/policies/zero4.bin                      |  Bin 0 -> 4 bytes
 utils/policies/zero8.bin                      |  Bin 0 -> 8 bytes
 utils/policies/zerosha1.bin                   |  Bin 0 -> 20 bytes
 utils/policies/zerosha256.bin                 |  Bin 0 -> 32 bytes
 utils/policies/zerosha384.bin                 |  Bin 0 -> 48 bytes
 utils/policies/zerosha512.bin                 |  Bin 0 -> 64 bytes
 utils/policyauthorize.c                       |  307 +
 utils/policyauthorizenv.c                     |  279 +
 utils/policyauthvalue.c                       |  142 +
 utils/policycommandcode.c                     |  161 +
 utils/policycountertimer.c                    |  302 +
 utils/policycphash.c                          |  245 +
 utils/policyduplicationselect.c               |  272 +
 utils/policygetdigest.c                       |  162 +
 utils/policymaker.c                           |  354 +
 utils/policymakerpcr.c                        |  439 +
 utils/policynamehash.c                        |  256 +
 utils/policynv.c                              |  360 +
 utils/policynvwritten.c                       |  247 +
 utils/policyor.c                              |  251 +
 utils/policypassword.c                        |  142 +
 utils/policypcr.c                             |  276 +
 utils/policyrestart.c                         |  218 +
 utils/policysecret.c                          |  358 +
 utils/policysigned.c                          |  456 +
 utils/policytemplate.c                        |  166 +
 utils/policyticket.c                          |  354 +
 utils/powerup.c                               |  128 +
 utils/printattr.c                             |  139 +
 utils/publicname.c                            |  452 +
 utils/quote.c                                 |  437 +
 utils/readclock.c                             |  161 +
 utils/readpublic.c                            |  284 +
 utils/reg.bat                                 |  383 +
 utils/reg.sh                                  |  594 ++
 utils/regtests/.cvsignore                     |    1 +
 utils/regtests/initkeys.bat                   |  143 +
 utils/regtests/initkeys.sh                    |  125 +
 utils/regtests/inittpm.bat                    |   79 +
 utils/regtests/inittpm.sh                     |   71 +
 utils/regtests/testaes.bat                    |  143 +
 utils/regtests/testaes.sh                     |  114 +
 utils/regtests/testaes138.bat                 |  142 +
 utils/regtests/testaes138.sh                  |  114 +
 utils/regtests/testattest.bat                 |  580 ++
 utils/regtests/testattest.sh                  |  442 +
 utils/regtests/testattest155.bat              |  162 +
 utils/regtests/testattest155.sh               |  132 +
 utils/regtests/testbind.bat                   |  658 ++
 utils/regtests/testbind.sh                    |  427 +
 utils/regtests/testchangeauth.bat             |  179 +
 utils/regtests/testchangeauth.sh              |  144 +
 utils/regtests/testchangeseed.bat             |  208 +
 utils/regtests/testchangeseed.sh              |  157 +
 utils/regtests/testclocks.bat                 |  104 +
 utils/regtests/testclocks.sh                  |   91 +
 utils/regtests/testcontext.bat                |  237 +
 utils/regtests/testcontext.sh                 |  182 +
 utils/regtests/testcreateloaded.bat           |  299 +
 utils/regtests/testcreateloaded.sh            |  231 +
 utils/regtests/testcredential.bat             |  504 ++
 utils/regtests/testcredential.sh              |  404 +
 utils/regtests/testda.bat                     |  203 +
 utils/regtests/testda.sh                      |  152 +
 utils/regtests/testdup.bat                    |  777 ++
 utils/regtests/testdup.sh                     |  623 ++
 utils/regtests/testecc.bat                    |  324 +
 utils/regtests/testecc.sh                     |  279 +
 utils/regtests/testencsession.bat             |  483 +
 utils/regtests/testencsession.sh              |  340 +
 utils/regtests/testevict.bat                  |  125 +
 utils/regtests/testevict.sh                   |   99 +
 utils/regtests/testgetcap.bat                 |  158 +
 utils/regtests/testgetcap.sh                  |  125 +
 utils/regtests/testhierarchy.bat              |  369 +
 utils/regtests/testhierarchy.sh               |  244 +
 utils/regtests/testhmac.bat                   |  331 +
 utils/regtests/testhmac.sh                    |  254 +
 utils/regtests/testhmacsession.bat            |  111 +
 utils/regtests/testhmacsession.sh             |   90 +
 utils/regtests/testnv.bat                     |  963 ++
 utils/regtests/testnv.sh                      |  707 ++
 utils/regtests/testnvpin.bat                  | 1029 +++
 utils/regtests/testnvpin.sh                   |  739 ++
 utils/regtests/testpcr.bat                    |  348 +
 utils/regtests/testpcr.sh                     |  300 +
 utils/regtests/testpolicy.bat                 | 2715 ++++++
 utils/regtests/testpolicy.sh                  | 2031 +++++
 utils/regtests/testpolicy138.bat              |  600 ++
 utils/regtests/testpolicy138.sh               |  477 +
 utils/regtests/testprimary.bat                |  224 +
 utils/regtests/testprimary.sh                 |  175 +
 utils/regtests/testrng.bat                    |   59 +
 utils/regtests/testrng.sh                     |   54 +
 utils/regtests/testrsa.bat                    |  302 +
 utils/regtests/testrsa.sh                     |  237 +
 utils/regtests/testsalt.bat                   |  433 +
 utils/regtests/testsalt.sh                    |  347 +
 utils/regtests/testshutdown.bat               |  541 ++
 utils/regtests/testshutdown.sh                |  396 +
 utils/regtests/testsign.bat                   |  503 ++
 utils/regtests/testsign.sh                    |  400 +
 utils/regtests/teststorage.bat                |  205 +
 utils/regtests/teststorage.sh                 |  164 +
 utils/regtests/testunseal.bat                 |  765 ++
 utils/regtests/testunseal.sh                  |  619 ++
 utils/regtests/testx509.bat                   |  417 +
 utils/regtests/testx509.sh                    |  339 +
 utils/returncode.c                            |   78 +
 utils/rewrap.c                                |  349 +
 utils/rsadecrypt.c                            |  471 +
 utils/rsaencrypt.c                            |  227 +
 utils/sequencecomplete.c                      |  336 +
 utils/sequenceupdate.c                        |  268 +
 utils/setcommandcodeauditstatus.c             |  298 +
 utils/setprimarypolicy.c                      |  300 +
 utils/shutdown.c                              |  129 +
 utils/sign.c                                  |  489 ++
 utils/signapp.c                               |  836 ++
 utils/startauthsession.c                      |  301 +
 utils/startup.c                               |  191 +
 utils/stirrandom.c                            |  161 +
 utils/timepacket.c                            |  210 +
 utils/tpm2pem.c                               |  150 +
 utils/tpmcmd.c                                |  131 +
 utils/tpmproxy.c                              |  972 +++
 utils/tpmpublic2eccpoint.c                    |  155 +
 utils/tss.c                                   |  282 +
 utils/tss12.c                                 | 1423 +++
 utils/tss12.h                                 |   58 +
 utils/tss20.c                                 | 4901 +++++++++++
 utils/tss20.h                                 |   58 +
 utils/tssauth.c                               |  161 +
 utils/tssauth.h                               |  104 +
 utils/tssauth12.c                             |  746 ++
 utils/tssauth12.h                             |   94 +
 utils/tssauth20.c                             | 1542 ++++
 utils/tssauth20.h                             |   86 +
 utils/tssccattributes.c                       |  150 +
 utils/tssccattributes.h                       |   90 +
 utils/tssccattributes12.c                     |   74 +
 utils/tssccattributes12.h                     |   55 +
 utils/tsscrypto.c                             | 1453 +++
 utils/tsscryptoh.c                            |  632 ++
 utils/tssdev.c                                |  217 +
 utils/tssdev.h                                |   64 +
 utils/tssdevskiboot.c                         |  153 +
 utils/tssdevskiboot.h                         |   50 +
 utils/tssfile.c                               |  321 +
 utils/tssmarshal.c                            | 7768 +++++++++++++++++
 utils/tssmarshal12.c                          | 1136 +++
 utils/tssntc.c                                |  128 +
 utils/tssntc.h                                |   81 +
 utils/tssprint.c                              | 2347 +++++
 utils/tssprintcmd.c                           |  920 ++
 utils/tssproperties.c                         |  534 ++
 utils/tssproperties.h                         |  193 +
 utils/tssresponsecode.c                       |  587 ++
 utils/tsssocket.c                             |  706 ++
 utils/tsssocket.h                             |   67 +
 utils/tsstbsi.c                               |  345 +
 utils/tsstbsi.h                               |   64 +
 utils/tsstransmit.c                           |  234 +
 utils/tssutils.c                              |  322 +
 utils/tssutilsverbose.c                       |   43 +
 utils/unseal.c                                |  253 +
 utils/verifysignature.c                       |  488 ++
 utils/writeapp.c                              |  416 +
 utils/zgen2phase.c                            |  366 +
 utils12/Makefile.am                           |  152 +
 utils12/activateidentity.c                    |  300 +
 utils12/createekcert.c                        |  468 +
 utils12/createendorsementkeypair.c            |  134 +
 utils12/createwrapkey.c                       |  312 +
 utils12/ekutils12.c                           |  284 +
 utils12/ekutils12.h                           |   67 +
 utils12/eventextend.c                         |  317 +
 utils12/extend.c                              |  206 +
 utils12/flushspecific.c                       |  159 +
 utils12/getcapability.c                       |  875 ++
 utils12/imaextend.c                           |  312 +
 utils12/loadkey2.c                            |  231 +
 utils12/makeekblob.c                          |  286 +
 utils12/makefile-common                       |   85 +
 utils12/makefiletpmc                          |  220 +
 utils12/makeidentity.c                        |  289 +
 utils12/man/man1/tss1activateidentity.1       |   30 +
 utils12/man/man1/tss1createekcert.1           |   30 +
 .../man/man1/tss1createendorsementkeypair.1   |    8 +
 utils12/man/man1/tss1createwrapkey.1          |   38 +
 utils12/man/man1/tss1eventextend.1            |   26 +
 utils12/man/man1/tss1extend.1                 |   14 +
 utils12/man/man1/tss1flushspecific.1          |   17 +
 utils12/man/man1/tss1getcapability.1          |   35 +
 utils12/man/man1/tss1imaextend.1              |   28 +
 utils12/man/man1/tss1loadkey2.1               |   20 +
 utils12/man/man1/tss1makeekblob.1             |   16 +
 utils12/man/man1/tss1makeidentity.1           |   29 +
 utils12/man/man1/tss1nvdefinespace.1          |   31 +
 utils12/man/man1/tss1nvreadvalue.1            |   30 +
 utils12/man/man1/tss1nvreadvalueauth.1        |   30 +
 utils12/man/man1/tss1nvwritevalue.1           |   27 +
 utils12/man/man1/tss1nvwritevalueauth.1       |   27 +
 utils12/man/man1/tss1oiap.1                   |    8 +
 utils12/man/man1/tss1osap.1                   |   16 +
 utils12/man/man1/tss1ownerreadinternalpub.1   |   21 +
 utils12/man/man1/tss1ownersetdisable.1        |   21 +
 utils12/man/man1/tss1pcrread.1                |   14 +
 utils12/man/man1/tss1quote2.1                 |   27 +
 utils12/man/man1/tss1sign.1                   |   27 +
 utils12/man/man1/tss1startup.1                |   23 +
 utils12/man/man1/tss1takeownership.1          |   16 +
 utils12/man/man1/tss1tpminit.1                |    8 +
 utils12/nvdefinespace.c                       |  267 +
 utils12/nvreadvalue.c                         |  287 +
 utils12/nvreadvalueauth.c                     |  307 +
 utils12/nvwritevalue.c                        |  260 +
 utils12/nvwritevalueauth.c                    |  260 +
 utils12/oiap.c                                |  125 +
 utils12/osap.c                                |  172 +
 utils12/ownerreadinternalpub.c                |  211 +
 utils12/ownersetdisable.c                     |  200 +
 utils12/pcrread.c                             |  160 +
 utils12/quote2.c                              |  327 +
 utils12/reg.sh                                |  393 +
 utils12/sign.c                                |  282 +
 utils12/startup.c                             |  192 +
 utils12/takeownership.c                       |  347 +
 utils12/tpminit.c                             |  117 +
 1098 files changed, 183111 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 AUTHORS
 create mode 100644 COPYING
 create mode 100644 ChangeLog
 create mode 100644 INSTALL
 create mode 100644 LICENSE
 create mode 100644 Makefile.am
 create mode 100644 NEWS
 create mode 100644 README
 create mode 100644 configure.ac
 create mode 100644 demo/.cvsignore
 create mode 100644 demo/IBM-TSS-Demo.doc
 create mode 100755 demo/admin.php
 create mode 100644 demo/block.png
 create mode 100644 demo/demo.css
 create mode 100644 demo/footer.html
 create mode 100644 demo/halgsha1.inc
 create mode 100644 demo/halgsha256.inc
 create mode 100755 demo/handles.php
 create mode 100644 demo/ibm.png
 create mode 100755 demo/index.php
 create mode 100755 demo/keycreate.php
 create mode 100644 demo/makefile
 create mode 100644 demo/makefile-common
 create mode 100644 demo/makefile_dev
 create mode 100644 demo/makefilesha1
 create mode 100644 demo/makefilesha1_dev
 create mode 100644 demo/nav.html
 create mode 100644 demo/navdev.html
 create mode 100755 demo/nv.php
 create mode 100755 demo/nvram.php
 create mode 100755 demo/pcr.php
 create mode 100755 demo/quote.php
 create mode 100755 demo/sign.php
 create mode 100755 demo/unseal.php
 create mode 100644 ibmtss.doc
 create mode 100644 ibmtss.html
 create mode 100644 m4/.keepdir
 create mode 100644 tpmutils/CommonProperties.props
 create mode 100644 tpmutils/CommonPropertiesRelease.props
 create mode 100644 tpmutils/activatecredential/activatecredential.vcxproj
 create mode 100644 tpmutils/activatecredential/activatecredential.vcxproj.filters
 create mode 100644 tpmutils/certify/certify.vcxproj
 create mode 100644 tpmutils/certify/certify.vcxproj.filters
 create mode 100644 tpmutils/certifycreation/certifycreation.vcxproj
 create mode 100644 tpmutils/certifycreation/certifycreation.vcxproj.filters
 create mode 100644 tpmutils/certifyx509/certifyx509.vcxproj
 create mode 100644 tpmutils/certifyx509/certifyx509.vcxproj.filters
 create mode 100644 tpmutils/changeeps/changeeps.vcxproj
 create mode 100644 tpmutils/changeeps/changeeps.vcxproj.filters
 create mode 100644 tpmutils/changepps/changepps.vcxproj
 create mode 100644 tpmutils/changepps/changepps.vcxproj.filters
 create mode 100644 tpmutils/clear/clear.vcxproj
 create mode 100644 tpmutils/clear/clear.vcxproj.filters
 create mode 100644 tpmutils/clearcontrol/clearcontrol.vcxproj
 create mode 100644 tpmutils/clearcontrol/clearcontrol.vcxproj.filters
 create mode 100644 tpmutils/clockrateadjust/clockrateadjust.vcxproj
 create mode 100644 tpmutils/clockrateadjust/clockrateadjust.vcxproj.filters
 create mode 100644 tpmutils/clockset/clockset.vcxproj
 create mode 100644 tpmutils/clockset/clockset.vcxproj.filters
 create mode 100644 tpmutils/commit/commit.vcxproj
 create mode 100644 tpmutils/commit/commit.vcxproj.filters
 create mode 100644 tpmutils/contextload/contextload.vcxproj
 create mode 100644 tpmutils/contextload/contextload.vcxproj.filters
 create mode 100644 tpmutils/contextsave/contextsave.vcxproj
 create mode 100644 tpmutils/contextsave/contextsave.vcxproj.filters
 create mode 100644 tpmutils/create/create.vcxproj
 create mode 100644 tpmutils/create/create.vcxproj.filters
 create mode 100644 tpmutils/createek/createek.vcxproj
 create mode 100644 tpmutils/createek/createek.vcxproj.filters
 create mode 100644 tpmutils/createekcert/createekcert.vcxproj
 create mode 100644 tpmutils/createekcert/createekcert.vcxproj.filters
 create mode 100644 tpmutils/createloaded/createloaded.vcxproj
 create mode 100644 tpmutils/createloaded/createloaded.vcxproj.filters
 create mode 100644 tpmutils/createprimary/createprimary.vcxproj
 create mode 100644 tpmutils/createprimary/createprimary.vcxproj.filters
 create mode 100644 tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj
 create mode 100644 tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj.filters
 create mode 100644 tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj
 create mode 100644 tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj.filters
 create mode 100644 tpmutils/duplicate/duplicate.vcxproj
 create mode 100644 tpmutils/duplicate/duplicate.vcxproj.filters
 create mode 100644 tpmutils/eccparameters/eccparameters.vcxproj
 create mode 100644 tpmutils/eccparameters/eccparameters.vcxproj.filters
 create mode 100644 tpmutils/ecephemeral/ecephemeral.vcxproj
 create mode 100644 tpmutils/ecephemeral/ecephemeral.vcxproj.filters
 create mode 100644 tpmutils/encryptdecrypt/encryptdecrypt.vcxproj
 create mode 100644 tpmutils/encryptdecrypt/encryptdecrypt.vcxproj.filters
 create mode 100644 tpmutils/eventextend/eventextend.vcxproj
 create mode 100644 tpmutils/eventextend/eventextend.vcxproj.filters
 create mode 100644 tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj
 create mode 100644 tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj.filters
 create mode 100644 tpmutils/evictcontrol/evictcontrol.vcxproj
 create mode 100644 tpmutils/evictcontrol/evictcontrol.vcxproj.filters
 create mode 100644 tpmutils/flushcontext/flushcontext.vcxproj
 create mode 100644 tpmutils/flushcontext/flushcontext.vcxproj.filters
 create mode 100644 tpmutils/getcapability/getcapability.vcxproj
 create mode 100644 tpmutils/getcapability/getcapability.vcxproj.filters
 create mode 100644 tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj
 create mode 100644 tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj.filters
 create mode 100644 tpmutils/getcryptolibrary/getcryptolibrary.vcxproj
 create mode 100644 tpmutils/getcryptolibrary/getcryptolibrary.vcxproj.filters
 create mode 100644 tpmutils/getrandom/getrandom.vcxproj
 create mode 100644 tpmutils/getrandom/getrandom.vcxproj.filters
 create mode 100644 tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj
 create mode 100644 tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj.filters
 create mode 100644 tpmutils/gettestresult/gettestresult.vcxproj
 create mode 100644 tpmutils/gettestresult/gettestresult.vcxproj.filters
 create mode 100644 tpmutils/gettime/gettime.vcxproj
 create mode 100644 tpmutils/gettime/gettime.vcxproj.filters
 create mode 100644 tpmutils/hash/hash.vcxproj
 create mode 100644 tpmutils/hash/hash.vcxproj.filters
 create mode 100644 tpmutils/hashsequencestart/hashsequencestart.vcxproj
 create mode 100644 tpmutils/hashsequencestart/hashsequencestart.vcxproj.filters
 create mode 100644 tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj
 create mode 100644 tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj.filters
 create mode 100644 tpmutils/hierarchycontrol/hierarchycontrol.vcxproj
 create mode 100644 tpmutils/hierarchycontrol/hierarchycontrol.vcxproj.filters
 create mode 100644 tpmutils/hmac/hmac.vcxproj
 create mode 100644 tpmutils/hmac/hmac.vcxproj.filters
 create mode 100644 tpmutils/hmacstart/hmacstart.vcxproj
 create mode 100644 tpmutils/hmacstart/hmacstart.vcxproj.filters
 create mode 100644 tpmutils/import/import.vcxproj
 create mode 100644 tpmutils/import/import.vcxproj.filters
 create mode 100644 tpmutils/importpem/importpem.vcxproj
 create mode 100644 tpmutils/importpem/importpem.vcxproj.filters
 create mode 100644 tpmutils/load/load.vcxproj
 create mode 100644 tpmutils/load/load.vcxproj.filters
 create mode 100644 tpmutils/loadexternal/loadexternal.vcxproj
 create mode 100644 tpmutils/loadexternal/loadexternal.vcxproj.filters
 create mode 100644 tpmutils/makecredential/makecredential.vcxproj
 create mode 100644 tpmutils/makecredential/makecredential.vcxproj.filters
 create mode 100644 tpmutils/nvcertify/nvcertify.vcxproj
 create mode 100644 tpmutils/nvcertify/nvcertify.vcxproj.filters
 create mode 100644 tpmutils/nvchangeauth/nvchangeauth.vcxproj
 create mode 100644 tpmutils/nvchangeauth/nvchangeauth.vcxproj.filters
 create mode 100644 tpmutils/nvdefinespace/nvdefinespace.vcxproj
 create mode 100644 tpmutils/nvdefinespace/nvdefinespace.vcxproj.filters
 create mode 100644 tpmutils/nvextend/nvextend.vcxproj
 create mode 100644 tpmutils/nvextend/nvextend.vcxproj.filters
 create mode 100644 tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj
 create mode 100644 tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj.filters
 create mode 100644 tpmutils/nvincrement/nvincrement.vcxproj
 create mode 100644 tpmutils/nvincrement/nvincrement.vcxproj.filters
 create mode 100644 tpmutils/nvread/nvread.vcxproj
 create mode 100644 tpmutils/nvread/nvread.vcxproj.filters
 create mode 100644 tpmutils/nvreadlock/nvreadlock.vcxproj
 create mode 100644 tpmutils/nvreadlock/nvreadlock.vcxproj.filters
 create mode 100644 tpmutils/nvreadpublic/nvreadpublic.vcxproj
 create mode 100644 tpmutils/nvreadpublic/nvreadpublic.vcxproj.filters
 create mode 100644 tpmutils/nvsetbits/nvsetbits.vcxproj
 create mode 100644 tpmutils/nvsetbits/nvsetbits.vcxproj.filters
 create mode 100644 tpmutils/nvundefinespace/nvundefinespace.vcxproj
 create mode 100644 tpmutils/nvundefinespace/nvundefinespace.vcxproj.filters
 create mode 100644 tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj
 create mode 100644 tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj.filters
 create mode 100644 tpmutils/nvwrite/nvwrite.vcxproj
 create mode 100644 tpmutils/nvwrite/nvwrite.vcxproj.filters
 create mode 100644 tpmutils/nvwritelock/nvwritelock.vcxproj
 create mode 100644 tpmutils/nvwritelock/nvwritelock.vcxproj.filters
 create mode 100644 tpmutils/objectchangeauth/objectchangeauth.vcxproj
 create mode 100644 tpmutils/objectchangeauth/objectchangeauth.vcxproj.filters
 create mode 100644 tpmutils/pcrallocate/pcrallocate.vcxproj
 create mode 100644 tpmutils/pcrallocate/pcrallocate.vcxproj.filters
 create mode 100644 tpmutils/pcrevent/pcrevent.vcxproj
 create mode 100644 tpmutils/pcrevent/pcrevent.vcxproj.filters
 create mode 100644 tpmutils/pcrextend/pcrextend.vcxproj
 create mode 100644 tpmutils/pcrextend/pcrextend.vcxproj.filters
 create mode 100644 tpmutils/pcrread/pcrread.vcxproj
 create mode 100644 tpmutils/pcrread/pcrread.vcxproj.filters
 create mode 100644 tpmutils/pcrreset/pcrreset.vcxproj
 create mode 100644 tpmutils/pcrreset/pcrreset.vcxproj.filters
 create mode 100644 tpmutils/policyauthorize/policyauthorize.vcxproj
 create mode 100644 tpmutils/policyauthorize/policyauthorize.vcxproj.filters
 create mode 100644 tpmutils/policyauthorizenv/policyauthorizenv.vcxproj
 create mode 100644 tpmutils/policyauthorizenv/policyauthorizenv.vcxproj.filters
 create mode 100644 tpmutils/policyauthvalue/policyauthvalue.vcxproj
 create mode 100644 tpmutils/policyauthvalue/policyauthvalue.vcxproj.filters
 create mode 100644 tpmutils/policycommandcode/policycommandcode.vcxproj
 create mode 100644 tpmutils/policycommandcode/policycommandcode.vcxproj.filters
 create mode 100644 tpmutils/policycountertimer/policycountertimer.vcxproj
 create mode 100644 tpmutils/policycountertimer/policycountertimer.vcxproj.filters
 create mode 100644 tpmutils/policycphash/policycphash.vcxproj
 create mode 100644 tpmutils/policycphash/policycphash.vcxproj.filters
 create mode 100644 tpmutils/policyduplicationselect/policyduplicationselect.vcxproj
 create mode 100644 tpmutils/policyduplicationselect/policyduplicationselect.vcxproj.filters
 create mode 100644 tpmutils/policygetdigest/policygetdigest.vcxproj
 create mode 100644 tpmutils/policygetdigest/policygetdigest.vcxproj.filters
 create mode 100644 tpmutils/policymaker/policymaker.vcxproj
 create mode 100644 tpmutils/policymaker/policymaker.vcxproj.filters
 create mode 100644 tpmutils/policymakerpcr/policymakerpcr.vcxproj
 create mode 100644 tpmutils/policymakerpcr/policymakerpcr.vcxproj.filters
 create mode 100644 tpmutils/policynamehash/policynamehash.vcxproj
 create mode 100644 tpmutils/policynamehash/policynamehash.vcxproj.filters
 create mode 100644 tpmutils/policynv/policynv.vcxproj
 create mode 100644 tpmutils/policynv/policynv.vcxproj.filters
 create mode 100644 tpmutils/policynvwritten/policynvwritten.vcxproj
 create mode 100644 tpmutils/policynvwritten/policynvwritten.vcxproj.filters
 create mode 100644 tpmutils/policyor/policyor.vcxproj
 create mode 100644 tpmutils/policyor/policyor.vcxproj.filters
 create mode 100644 tpmutils/policypassword/policypassword.vcxproj
 create mode 100644 tpmutils/policypassword/policypassword.vcxproj.filters
 create mode 100644 tpmutils/policypcr/policypcr.vcxproj
 create mode 100644 tpmutils/policypcr/policypcr.vcxproj.filters
 create mode 100644 tpmutils/policyrestart/policyrestart.vcxproj
 create mode 100644 tpmutils/policyrestart/policyrestart.vcxproj.filters
 create mode 100644 tpmutils/policysecret/policysecret.vcxproj
 create mode 100644 tpmutils/policysecret/policysecret.vcxproj.filters
 create mode 100644 tpmutils/policysigned/policysigned.vcxproj
 create mode 100644 tpmutils/policysigned/policysigned.vcxproj.filters
 create mode 100644 tpmutils/policytemplate/policytemplate.vcxproj
 create mode 100644 tpmutils/policytemplate/policytemplate.vcxproj.filters
 create mode 100644 tpmutils/policyticket/policyticket.vcxproj
 create mode 100644 tpmutils/policyticket/policyticket.vcxproj.filters
 create mode 100644 tpmutils/powerup/powerup.vcxproj
 create mode 100644 tpmutils/powerup/powerup.vcxproj.filters
 create mode 100644 tpmutils/printattr/printattr.vcxproj
 create mode 100644 tpmutils/printattr/printattr.vcxproj.filters
 create mode 100644 tpmutils/publicname/publicname.vcxproj
 create mode 100644 tpmutils/publicname/publicname.vcxproj.filters
 create mode 100644 tpmutils/quote/quote.vcxproj
 create mode 100644 tpmutils/quote/quote.vcxproj.filters
 create mode 100644 tpmutils/readclock/readclock.vcxproj
 create mode 100644 tpmutils/readclock/readclock.vcxproj.filters
 create mode 100644 tpmutils/readpublic/readpublic.vcxproj
 create mode 100644 tpmutils/readpublic/readpublic.vcxproj.filters
 create mode 100644 tpmutils/returncode/returncode.vcxproj
 create mode 100644 tpmutils/returncode/returncode.vcxproj.filters
 create mode 100644 tpmutils/rewrap/rewrap.vcxproj
 create mode 100644 tpmutils/rewrap/rewrap.vcxproj.filters
 create mode 100644 tpmutils/rsadecrypt/rsadecrypt.vcxproj
 create mode 100644 tpmutils/rsadecrypt/rsadecrypt.vcxproj.filters
 create mode 100644 tpmutils/rsaencrypt/rsaencrypt.vcxproj
 create mode 100644 tpmutils/rsaencrypt/rsaencrypt.vcxproj.filters
 create mode 100644 tpmutils/sequencecomplete/sequencecomplete.vcxproj
 create mode 100644 tpmutils/sequencecomplete/sequencecomplete.vcxproj.filters
 create mode 100644 tpmutils/sequenceupdate/sequenceupdate.vcxproj
 create mode 100644 tpmutils/sequenceupdate/sequenceupdate.vcxproj.filters
 create mode 100644 tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj
 create mode 100644 tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj.filters
 create mode 100644 tpmutils/setprimarypolicy/setprimarypolicy.vcxproj
 create mode 100644 tpmutils/setprimarypolicy/setprimarypolicy.vcxproj.filters
 create mode 100644 tpmutils/shutdown/shutdown.vcxproj
 create mode 100644 tpmutils/shutdown/shutdown.vcxproj.filters
 create mode 100644 tpmutils/sign/sign.vcxproj
 create mode 100644 tpmutils/sign/sign.vcxproj.filters
 create mode 100644 tpmutils/signapp/signapp.vcxproj
 create mode 100644 tpmutils/signapp/signapp.vcxproj.filters
 create mode 100644 tpmutils/startauthsession/startauthsession.vcxproj
 create mode 100644 tpmutils/startauthsession/startauthsession.vcxproj.filters
 create mode 100644 tpmutils/startup/startup.vcxproj
 create mode 100644 tpmutils/startup/startup.vcxproj.filters
 create mode 100644 tpmutils/stirrandom/stirrandom.vcxproj
 create mode 100644 tpmutils/stirrandom/stirrandom.vcxproj.filters
 create mode 100644 tpmutils/t/t.vcxproj.filters
 create mode 100644 tpmutils/timepacket/timepacket.vcxproj
 create mode 100644 tpmutils/timepacket/timepacket.vcxproj.filters
 create mode 100644 tpmutils/tpm2pem/tpm2pem.vcxproj
 create mode 100644 tpmutils/tpm2pem/tpm2pem.vcxproj.filters
 create mode 100644 tpmutils/tpmcmd/tpmcmd.vcxproj
 create mode 100644 tpmutils/tpmcmd/tpmcmd.vcxproj.filters
 create mode 100644 tpmutils/tpmproxy/tpmproxy.vcxproj
 create mode 100644 tpmutils/tpmproxy/tpmproxy.vcxproj.filters
 create mode 100644 tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj
 create mode 100644 tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj.filters
 create mode 100644 tpmutils/tpmutils.sln
 create mode 100644 tpmutils/tss/dllmain.cpp
 create mode 100644 tpmutils/tss/stdafx.h
 create mode 100644 tpmutils/tss/targetver.h
 create mode 100644 tpmutils/tss/tss.vcxproj
 create mode 100644 tpmutils/tss/tss.vcxproj.filters
 create mode 100644 tpmutils/unseal/unseal.vcxproj
 create mode 100644 tpmutils/unseal/unseal.vcxproj.filters
 create mode 100644 tpmutils/verifysignature/verifysignature.vcxproj
 create mode 100644 tpmutils/verifysignature/verifysignature.vcxproj.filters
 create mode 100644 tpmutils/writeapp/writeapp.vcxproj
 create mode 100644 tpmutils/writeapp/writeapp.vcxproj.filters
 create mode 100644 tpmutils/zgen2phase/zgen2phase.vcxproj
 create mode 100644 tpmutils/zgen2phase/zgen2phase.vcxproj.filters
 create mode 100644 utils/CommandAttributeData.c
 create mode 100644 utils/CommandAttributeData12.c
 create mode 100644 utils/CommandAttributes.h
 create mode 100644 utils/Commands.c
 create mode 100644 utils/Commands12.c
 create mode 100644 utils/Commands12_fp.h
 create mode 100644 utils/Commands_fp.h
 create mode 100644 utils/Makefile.am
 create mode 100644 utils/Platform.h
 create mode 100644 utils/Unmarshal.c
 create mode 100644 utils/Unmarshal12.c
 create mode 100644 utils/activatecredential.c
 create mode 100644 utils/applink.c
 create mode 100644 utils/cakey.pem
 create mode 100644 utils/cakeyecc.pem
 create mode 100644 utils/certificates/.cvsignore
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem
 create mode 100644 utils/certificates/IFX_TPM_EK_Root_CA.pem
 create mode 100644 utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem
 create mode 100644 utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem
 create mode 100644 utils/certificates/InfineonECCChain010.pem
 create mode 100644 utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem
 create mode 100644 utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem
 create mode 100644 utils/certificates/InfineonRSAChain010.pem
 create mode 100644 utils/certificates/IntelEKIntermediate.pem
 create mode 100644 utils/certificates/IntelEKRootCA.pem
 create mode 100644 utils/certificates/NationZEkMfrCA001.crt
 create mode 100644 utils/certificates/NationZEkMfrCA002.crt
 create mode 100644 utils/certificates/NationZEkMfrCA003.crt
 create mode 100644 utils/certificates/NationZEkRootCA.crt
 create mode 100644 utils/certificates/NuvotonTPMRootCA0100.pem
 create mode 100644 utils/certificates/NuvotonTPMRootCA1110.pem
 create mode 100644 utils/certificates/NuvotonTPMRootCA2110.pem
 create mode 100644 utils/certificates/cacert.pem
 create mode 100644 utils/certificates/cacertecc.pem
 create mode 100644 utils/certificates/gstpmroot.pem
 create mode 100644 utils/certificates/rootcerts.txt
 create mode 100644 utils/certificates/rootcerts.windows.txt
 create mode 100644 utils/certificates/stmtpmeccint01.pem
 create mode 100644 utils/certificates/stmtpmeccroot01.pem
 create mode 100644 utils/certificates/stmtpmekint01.pem
 create mode 100644 utils/certificates/stmtpmekint02.pem
 create mode 100644 utils/certificates/stmtpmekint03.pem
 create mode 100644 utils/certificates/stmtpmekint04.pem
 create mode 100644 utils/certificates/stmtpmekint05.pem
 create mode 100644 utils/certificates/stmtpmekroot.pem
 create mode 100644 utils/certificates/tpmeccroot.pem
 create mode 100644 utils/certify.c
 create mode 100644 utils/certifycreation.c
 create mode 100644 utils/certifyx509.c
 create mode 100644 utils/changeeps.c
 create mode 100644 utils/changepps.c
 create mode 100644 utils/clear.c
 create mode 100644 utils/clearcontrol.c
 create mode 100644 utils/clockrateadjust.c
 create mode 100644 utils/clockset.c
 create mode 100644 utils/commit.c
 create mode 100644 utils/contextload.c
 create mode 100644 utils/contextsave.c
 create mode 100644 utils/create.c
 create mode 100644 utils/createek.c
 create mode 100644 utils/createekcert.c
 create mode 100644 utils/createloaded.c
 create mode 100644 utils/createprimary.c
 create mode 100644 utils/cryptoutils.c
 create mode 100644 utils/cryptoutils.h
 create mode 100644 utils/dictionaryattacklockreset.c
 create mode 100644 utils/dictionaryattackparameters.c
 create mode 100644 utils/duplicate.c
 create mode 100644 utils/eccparameters.c
 create mode 100644 utils/ecephemeral.c
 create mode 100644 utils/ekutils.c
 create mode 100644 utils/ekutils.h
 create mode 100644 utils/encryptdecrypt.c
 create mode 100644 utils/eventextend.c
 create mode 100644 utils/eventlib.c
 create mode 100644 utils/eventlib.h
 create mode 100644 utils/eventsequencecomplete.c
 create mode 100644 utils/evictcontrol.c
 create mode 100644 utils/flushcontext.c
 create mode 100644 utils/getcapability.c
 create mode 100644 utils/getcommandauditdigest.c
 create mode 100644 utils/getcryptolibrary.c
 create mode 100644 utils/getrandom.c
 create mode 100644 utils/getsessionauditdigest.c
 create mode 100644 utils/gettestresult.c
 create mode 100644 utils/gettime.c
 create mode 100644 utils/hash.c
 create mode 100644 utils/hashsequencestart.c
 create mode 100644 utils/hierarchychangeauth.c
 create mode 100644 utils/hierarchycontrol.c
 create mode 100644 utils/hmac.c
 create mode 100644 utils/hmacstart.c
 create mode 100644 utils/ibmtss/ActivateCredential_fp.h
 create mode 100644 utils/ibmtss/ActivateIdentity_fp.h
 create mode 100644 utils/ibmtss/BaseTypes.h
 create mode 100644 utils/ibmtss/CertifyCreation_fp.h
 create mode 100644 utils/ibmtss/CertifyX509_fp.h
 create mode 100644 utils/ibmtss/Certify_fp.h
 create mode 100644 utils/ibmtss/ChangeEPS_fp.h
 create mode 100644 utils/ibmtss/ChangePPS_fp.h
 create mode 100644 utils/ibmtss/ClearControl_fp.h
 create mode 100644 utils/ibmtss/Clear_fp.h
 create mode 100644 utils/ibmtss/ClockRateAdjust_fp.h
 create mode 100644 utils/ibmtss/ClockSet_fp.h
 create mode 100644 utils/ibmtss/Commit_fp.h
 create mode 100644 utils/ibmtss/ContextLoad_fp.h
 create mode 100644 utils/ibmtss/ContextSave_fp.h
 create mode 100644 utils/ibmtss/CreateEndorsementKeyPair_fp.h
 create mode 100644 utils/ibmtss/CreateLoaded_fp.h
 create mode 100644 utils/ibmtss/CreatePrimary_fp.h
 create mode 100644 utils/ibmtss/CreateWrapKey_fp.h
 create mode 100644 utils/ibmtss/Create_fp.h
 create mode 100644 utils/ibmtss/DictionaryAttackLockReset_fp.h
 create mode 100644 utils/ibmtss/DictionaryAttackParameters_fp.h
 create mode 100644 utils/ibmtss/Duplicate_fp.h
 create mode 100644 utils/ibmtss/ECC_Parameters_fp.h
 create mode 100644 utils/ibmtss/ECDH_KeyGen_fp.h
 create mode 100644 utils/ibmtss/ECDH_ZGen_fp.h
 create mode 100644 utils/ibmtss/EC_Ephemeral_fp.h
 create mode 100644 utils/ibmtss/EncryptDecrypt2_fp.h
 create mode 100644 utils/ibmtss/EncryptDecrypt_fp.h
 create mode 100644 utils/ibmtss/EventSequenceComplete_fp.h
 create mode 100644 utils/ibmtss/EvictControl_fp.h
 create mode 100644 utils/ibmtss/Extend_fp.h
 create mode 100644 utils/ibmtss/FlushContext_fp.h
 create mode 100644 utils/ibmtss/FlushSpecific_fp.h
 create mode 100644 utils/ibmtss/GetCapability12_fp.h
 create mode 100644 utils/ibmtss/GetCapability_fp.h
 create mode 100644 utils/ibmtss/GetCommandAuditDigest_fp.h
 create mode 100644 utils/ibmtss/GetRandom_fp.h
 create mode 100644 utils/ibmtss/GetSessionAuditDigest_fp.h
 create mode 100644 utils/ibmtss/GetTestResult_fp.h
 create mode 100644 utils/ibmtss/GetTime_fp.h
 create mode 100644 utils/ibmtss/HMAC_Start_fp.h
 create mode 100644 utils/ibmtss/HMAC_fp.h
 create mode 100644 utils/ibmtss/HashSequenceStart_fp.h
 create mode 100644 utils/ibmtss/Hash_fp.h
 create mode 100644 utils/ibmtss/HierarchyChangeAuth_fp.h
 create mode 100644 utils/ibmtss/HierarchyControl_fp.h
 create mode 100644 utils/ibmtss/Implementation.h
 create mode 100644 utils/ibmtss/Import_fp.h
 create mode 100644 utils/ibmtss/IncrementalSelfTest_fp.h
 create mode 100644 utils/ibmtss/LoadExternal_fp.h
 create mode 100644 utils/ibmtss/LoadKey2_fp.h
 create mode 100644 utils/ibmtss/Load_fp.h
 create mode 100644 utils/ibmtss/MakeCredential_fp.h
 create mode 100644 utils/ibmtss/MakeIdentity_fp.h
 create mode 100644 utils/ibmtss/NTC_fp.h
 create mode 100644 utils/ibmtss/NV_Certify_fp.h
 create mode 100644 utils/ibmtss/NV_ChangeAuth_fp.h
 create mode 100644 utils/ibmtss/NV_DefineSpace12_fp.h
 create mode 100644 utils/ibmtss/NV_DefineSpace_fp.h
 create mode 100644 utils/ibmtss/NV_Extend_fp.h
 create mode 100644 utils/ibmtss/NV_GlobalWriteLock_fp.h
 create mode 100644 utils/ibmtss/NV_Increment_fp.h
 create mode 100644 utils/ibmtss/NV_ReadLock_fp.h
 create mode 100644 utils/ibmtss/NV_ReadPublic_fp.h
 create mode 100644 utils/ibmtss/NV_ReadValueAuth_fp.h
 create mode 100644 utils/ibmtss/NV_ReadValue_fp.h
 create mode 100644 utils/ibmtss/NV_Read_fp.h
 create mode 100644 utils/ibmtss/NV_SetBits_fp.h
 create mode 100644 utils/ibmtss/NV_UndefineSpaceSpecial_fp.h
 create mode 100644 utils/ibmtss/NV_UndefineSpace_fp.h
 create mode 100644 utils/ibmtss/NV_WriteLock_fp.h
 create mode 100644 utils/ibmtss/NV_WriteValueAuth_fp.h
 create mode 100644 utils/ibmtss/NV_WriteValue_fp.h
 create mode 100644 utils/ibmtss/NV_Write_fp.h
 create mode 100644 utils/ibmtss/OIAP_fp.h
 create mode 100644 utils/ibmtss/OSAP_fp.h
 create mode 100644 utils/ibmtss/ObjectChangeAuth_fp.h
 create mode 100644 utils/ibmtss/OwnerReadInternalPub_fp.h
 create mode 100644 utils/ibmtss/OwnerSetDisable_fp.h
 create mode 100644 utils/ibmtss/PCR_Allocate_fp.h
 create mode 100644 utils/ibmtss/PCR_Event_fp.h
 create mode 100644 utils/ibmtss/PCR_Extend_fp.h
 create mode 100644 utils/ibmtss/PCR_Read_fp.h
 create mode 100644 utils/ibmtss/PCR_Reset12_fp.h
 create mode 100644 utils/ibmtss/PCR_Reset_fp.h
 create mode 100644 utils/ibmtss/PCR_SetAuthPolicy_fp.h
 create mode 100644 utils/ibmtss/PCR_SetAuthValue_fp.h
 create mode 100644 utils/ibmtss/PP_Commands_fp.h
 create mode 100644 utils/ibmtss/Parameters.h
 create mode 100644 utils/ibmtss/Parameters12.h
 create mode 100644 utils/ibmtss/PcrRead12_fp.h
 create mode 100644 utils/ibmtss/PolicyAuthValue_fp.h
 create mode 100644 utils/ibmtss/PolicyAuthorizeNV_fp.h
 create mode 100644 utils/ibmtss/PolicyAuthorize_fp.h
 create mode 100644 utils/ibmtss/PolicyCommandCode_fp.h
 create mode 100644 utils/ibmtss/PolicyCounterTimer_fp.h
 create mode 100644 utils/ibmtss/PolicyCpHash_fp.h
 create mode 100644 utils/ibmtss/PolicyDuplicationSelect_fp.h
 create mode 100644 utils/ibmtss/PolicyGetDigest_fp.h
 create mode 100644 utils/ibmtss/PolicyLocality_fp.h
 create mode 100644 utils/ibmtss/PolicyNV_fp.h
 create mode 100644 utils/ibmtss/PolicyNameHash_fp.h
 create mode 100644 utils/ibmtss/PolicyNvWritten_fp.h
 create mode 100644 utils/ibmtss/PolicyOR_fp.h
 create mode 100644 utils/ibmtss/PolicyPCR_fp.h
 create mode 100644 utils/ibmtss/PolicyPassword_fp.h
 create mode 100644 utils/ibmtss/PolicyPhysicalPresence_fp.h
 create mode 100644 utils/ibmtss/PolicyRestart_fp.h
 create mode 100644 utils/ibmtss/PolicySecret_fp.h
 create mode 100644 utils/ibmtss/PolicySigned_fp.h
 create mode 100644 utils/ibmtss/PolicyTemplate_fp.h
 create mode 100644 utils/ibmtss/PolicyTicket_fp.h
 create mode 100644 utils/ibmtss/Quote2_fp.h
 create mode 100644 utils/ibmtss/Quote_fp.h
 create mode 100644 utils/ibmtss/RSA_Decrypt_fp.h
 create mode 100644 utils/ibmtss/RSA_Encrypt_fp.h
 create mode 100644 utils/ibmtss/ReadClock_fp.h
 create mode 100644 utils/ibmtss/ReadPubek_fp.h
 create mode 100644 utils/ibmtss/ReadPublic_fp.h
 create mode 100644 utils/ibmtss/Rewrap_fp.h
 create mode 100644 utils/ibmtss/SelfTest_fp.h
 create mode 100644 utils/ibmtss/SequenceComplete_fp.h
 create mode 100644 utils/ibmtss/SequenceUpdate_fp.h
 create mode 100644 utils/ibmtss/SetAlgorithmSet_fp.h
 create mode 100644 utils/ibmtss/SetCommandCodeAuditStatus_fp.h
 create mode 100644 utils/ibmtss/SetPrimaryPolicy_fp.h
 create mode 100644 utils/ibmtss/Shutdown_fp.h
 create mode 100644 utils/ibmtss/Sign12_fp.h
 create mode 100644 utils/ibmtss/Sign_fp.h
 create mode 100644 utils/ibmtss/StartAuthSession_fp.h
 create mode 100644 utils/ibmtss/Startup12_fp.h
 create mode 100644 utils/ibmtss/Startup_fp.h
 create mode 100644 utils/ibmtss/StirRandom_fp.h
 create mode 100644 utils/ibmtss/TPMB.h
 create mode 100644 utils/ibmtss/TPM_Types.h
 create mode 100644 utils/ibmtss/TakeOwnership_fp.h
 create mode 100644 utils/ibmtss/TestParms_fp.h
 create mode 100644 utils/ibmtss/TpmBuildSwitches.h
 create mode 100644 utils/ibmtss/Unmarshal12_fp.h
 create mode 100644 utils/ibmtss/Unmarshal_fp.h
 create mode 100644 utils/ibmtss/Unseal_fp.h
 create mode 100644 utils/ibmtss/VerifySignature_fp.h
 create mode 100644 utils/ibmtss/ZGen_2Phase_fp.h
 create mode 100644 utils/ibmtss/tpmconstants12.h
 create mode 100644 utils/ibmtss/tpmstructures12.h
 create mode 100644 utils/ibmtss/tpmtypes12.h
 create mode 100644 utils/ibmtss/tss.h
 create mode 100644 utils/ibmtss/tsscrypto.h
 create mode 100644 utils/ibmtss/tsscryptoh.h
 create mode 100644 utils/ibmtss/tsserror.h
 create mode 100644 utils/ibmtss/tsserror12.h
 create mode 100644 utils/ibmtss/tssfile.h
 create mode 100644 utils/ibmtss/tssmarshal.h
 create mode 100644 utils/ibmtss/tssmarshal12.h
 create mode 100644 utils/ibmtss/tssprint.h
 create mode 100644 utils/ibmtss/tssprintcmd.h
 create mode 100644 utils/ibmtss/tssresponsecode.h
 create mode 100644 utils/ibmtss/tsstransmit.h
 create mode 100644 utils/ibmtss/tssutils.h
 create mode 100644 utils/imaextend.c
 create mode 100644 utils/imalib.c
 create mode 100644 utils/imalib.h
 create mode 100644 utils/import.c
 create mode 100644 utils/importpem.c
 create mode 100644 utils/load.c
 create mode 100644 utils/loadexternal.c
 create mode 100644 utils/makecredential.c
 create mode 100644 utils/makefile-common
 create mode 100644 utils/makefile-common12
 create mode 100644 utils/makefile-common20
 create mode 100644 utils/makefile.mac
 create mode 100644 utils/makefile.mak
 create mode 100644 utils/makefile.min
 create mode 100644 utils/makefile.nofile
 create mode 100644 utils/makefiletpm12
 create mode 100644 utils/makefiletpm20
 create mode 100644 utils/makefiletpmc
 create mode 100644 utils/man/man1/tssactivatecredential.1
 create mode 100644 utils/man/man1/tsscertify.1
 create mode 100644 utils/man/man1/tsscertifycreation.1
 create mode 100644 utils/man/man1/tsscertifyx509.1
 create mode 100644 utils/man/man1/tsschangeeps.1
 create mode 100644 utils/man/man1/tsschangepps.1
 create mode 100644 utils/man/man1/tssclear.1
 create mode 100644 utils/man/man1/tssclearcontrol.1
 create mode 100644 utils/man/man1/tssclockrateadjust.1
 create mode 100644 utils/man/man1/tssclockset.1
 create mode 100644 utils/man/man1/tsscommit.1
 create mode 100644 utils/man/man1/tsscontextload.1
 create mode 100644 utils/man/man1/tsscontextsave.1
 create mode 100644 utils/man/man1/tsscreate.1
 create mode 100644 utils/man/man1/tsscreateek.1
 create mode 100644 utils/man/man1/tsscreateekcert.1
 create mode 100644 utils/man/man1/tsscreateloaded.1
 create mode 100644 utils/man/man1/tsscreateprimary.1
 create mode 100644 utils/man/man1/tssdictionaryattacklockreset.1
 create mode 100644 utils/man/man1/tssdictionaryattackparameters.1
 create mode 100644 utils/man/man1/tssduplicate.1
 create mode 100644 utils/man/man1/tsseccparameters.1
 create mode 100644 utils/man/man1/tssecephemeral.1
 create mode 100644 utils/man/man1/tssencryptdecrypt.1
 create mode 100644 utils/man/man1/tsseventextend.1
 create mode 100644 utils/man/man1/tsseventsequencecomplete.1
 create mode 100644 utils/man/man1/tssevictcontrol.1
 create mode 100644 utils/man/man1/tssflushcontext.1
 create mode 100644 utils/man/man1/tssgetcapability.1
 create mode 100644 utils/man/man1/tssgetcommandauditdigest.1
 create mode 100644 utils/man/man1/tssgetrandom.1
 create mode 100644 utils/man/man1/tssgetsessionauditdigest.1
 create mode 100644 utils/man/man1/tssgettestresult.1
 create mode 100644 utils/man/man1/tssgettime.1
 create mode 100644 utils/man/man1/tsshash.1
 create mode 100644 utils/man/man1/tsshashsequencestart.1
 create mode 100644 utils/man/man1/tsshierarchychangeauth.1
 create mode 100644 utils/man/man1/tsshierarchycontrol.1
 create mode 100644 utils/man/man1/tsshmac.1
 create mode 100644 utils/man/man1/tsshmacstart.1
 create mode 100644 utils/man/man1/tssimaextend.1
 create mode 100644 utils/man/man1/tssimport.1
 create mode 100644 utils/man/man1/tssimportpem.1
 create mode 100644 utils/man/man1/tssload.1
 create mode 100644 utils/man/man1/tssloadexternal.1
 create mode 100644 utils/man/man1/tssmakecredential.1
 create mode 100644 utils/man/man1/tssntc2getconfig.1
 create mode 100644 utils/man/man1/tssntc2lockconfig.1
 create mode 100644 utils/man/man1/tssntc2preconfig.1
 create mode 100644 utils/man/man1/tssnvcertify.1
 create mode 100644 utils/man/man1/tssnvchangeauth.1
 create mode 100644 utils/man/man1/tssnvdefinespace.1
 create mode 100644 utils/man/man1/tssnvextend.1
 create mode 100644 utils/man/man1/tssnvglobalwritelock.1
 create mode 100644 utils/man/man1/tssnvincrement.1
 create mode 100644 utils/man/man1/tssnvread.1
 create mode 100644 utils/man/man1/tssnvreadlock.1
 create mode 100644 utils/man/man1/tssnvreadpublic.1
 create mode 100644 utils/man/man1/tssnvsetbits.1
 create mode 100644 utils/man/man1/tssnvundefinespace.1
 create mode 100644 utils/man/man1/tssnvundefinespacespecial.1
 create mode 100644 utils/man/man1/tssnvwrite.1
 create mode 100644 utils/man/man1/tssnvwritelock.1
 create mode 100644 utils/man/man1/tssobjectchangeauth.1
 create mode 100644 utils/man/man1/tsspcrallocate.1
 create mode 100644 utils/man/man1/tsspcrevent.1
 create mode 100644 utils/man/man1/tsspcrextend.1
 create mode 100644 utils/man/man1/tsspcrread.1
 create mode 100644 utils/man/man1/tsspcrreset.1
 create mode 100644 utils/man/man1/tsspolicyauthorize.1
 create mode 100644 utils/man/man1/tsspolicyauthorizenv.1
 create mode 100644 utils/man/man1/tsspolicyauthvalue.1
 create mode 100644 utils/man/man1/tsspolicycommandcode.1
 create mode 100644 utils/man/man1/tsspolicycountertimer.1
 create mode 100644 utils/man/man1/tsspolicycphash.1
 create mode 100644 utils/man/man1/tsspolicyduplicationselect.1
 create mode 100644 utils/man/man1/tsspolicygetdigest.1
 create mode 100644 utils/man/man1/tsspolicymaker.1
 create mode 100644 utils/man/man1/tsspolicymakerpcr.1
 create mode 100644 utils/man/man1/tsspolicynamehash.1
 create mode 100644 utils/man/man1/tsspolicynv.1
 create mode 100644 utils/man/man1/tsspolicynvwritten.1
 create mode 100644 utils/man/man1/tsspolicyor.1
 create mode 100644 utils/man/man1/tsspolicypassword.1
 create mode 100644 utils/man/man1/tsspolicypcr.1
 create mode 100644 utils/man/man1/tsspolicyrestart.1
 create mode 100644 utils/man/man1/tsspolicysecret.1
 create mode 100644 utils/man/man1/tsspolicysigned.1
 create mode 100644 utils/man/man1/tsspolicytemplate.1
 create mode 100644 utils/man/man1/tsspolicyticket.1
 create mode 100644 utils/man/man1/tsspowerup.1
 create mode 100644 utils/man/man1/tssprintattr.1
 create mode 100644 utils/man/man1/tsspublicname.1
 create mode 100644 utils/man/man1/tssquote.1
 create mode 100644 utils/man/man1/tssreadclock.1
 create mode 100644 utils/man/man1/tssreadpublic.1
 create mode 100644 utils/man/man1/tssreturncode.1
 create mode 100644 utils/man/man1/tssrewrap.1
 create mode 100644 utils/man/man1/tssrsadecrypt.1
 create mode 100644 utils/man/man1/tssrsaencrypt.1
 create mode 100644 utils/man/man1/tsssequencecomplete.1
 create mode 100644 utils/man/man1/tsssequenceupdate.1
 create mode 100644 utils/man/man1/tsssetcommandcodeauditstatus.1
 create mode 100644 utils/man/man1/tsssetprimarypolicy.1
 create mode 100644 utils/man/man1/tssshutdown.1
 create mode 100644 utils/man/man1/tsssign.1
 create mode 100644 utils/man/man1/tsssignapp.1
 create mode 100644 utils/man/man1/tssstartauthsession.1
 create mode 100644 utils/man/man1/tssstartup.1
 create mode 100644 utils/man/man1/tssstirrandom.1
 create mode 100644 utils/man/man1/tsstimepacket.1
 create mode 100644 utils/man/man1/tsstpm2pem.1
 create mode 100644 utils/man/man1/tsstpmcmd.1
 create mode 100644 utils/man/man1/tsstpmpublic2eccpoint.1
 create mode 100644 utils/man/man1/tssunseal.1
 create mode 100644 utils/man/man1/tssverifysignature.1
 create mode 100644 utils/man/man1/tsswriteapp.1
 create mode 100644 utils/man/man1/tsszgen2phase.1
 create mode 100644 utils/ntc2getconfig.c
 create mode 100644 utils/ntc2lib.c
 create mode 100644 utils/ntc2lib.h
 create mode 100644 utils/ntc2lockconfig.c
 create mode 100644 utils/ntc2preconfig.c
 create mode 100644 utils/nvcertify.c
 create mode 100644 utils/nvchangeauth.c
 create mode 100644 utils/nvdefinespace.c
 create mode 100644 utils/nvextend.c
 create mode 100644 utils/nvglobalwritelock.c
 create mode 100644 utils/nvincrement.c
 create mode 100644 utils/nvread.c
 create mode 100644 utils/nvreadlock.c
 create mode 100644 utils/nvreadpublic.c
 create mode 100644 utils/nvsetbits.c
 create mode 100644 utils/nvundefinespace.c
 create mode 100644 utils/nvundefinespacespecial.c
 create mode 100644 utils/nvwrite.c
 create mode 100644 utils/nvwritelock.c
 create mode 100644 utils/objectchangeauth.c
 create mode 100644 utils/objecttemplates.c
 create mode 100644 utils/objecttemplates.h
 create mode 100644 utils/pcrallocate.c
 create mode 100644 utils/pcrevent.c
 create mode 100644 utils/pcrextend.c
 create mode 100644 utils/pcrread.c
 create mode 100644 utils/pcrreset.c
 create mode 100644 utils/policies/Policies.txt
 create mode 100644 utils/policies/aaa
 create mode 100644 utils/policies/bits48321601.bin
 create mode 100644 utils/policies/msgtpmgen.bin
 create mode 100644 utils/policies/nvwriteahasha.bin
 create mode 100644 utils/policies/nvwriteahasha.txt
 create mode 100644 utils/policies/nvwriteahashb.bin
 create mode 100644 utils/policies/nvwriteahashb.txt
 create mode 100644 utils/policies/nvwritecphasha.bin
 create mode 100644 utils/policies/nvwritecphasha.txt
 create mode 100644 utils/policies/nvwritecphashb.bin
 create mode 100644 utils/policies/nvwritecphashb.txt
 create mode 100644 utils/policies/p256privkey.pem
 create mode 100644 utils/policies/p256pubkey.pem
 create mode 100644 utils/policies/pnhnamehash.bin
 create mode 100644 utils/policies/pnhnamehash.txt
 create mode 100644 utils/policies/policyauthorizenv-unseal.bin
 create mode 100644 utils/policies/policyauthorizenv-unseal.txt
 create mode 100644 utils/policies/policyauthorizenv.bin
 create mode 100644 utils/policies/policyauthorizenv.txt
 create mode 100644 utils/policies/policyauthorizesha1.bin
 create mode 100644 utils/policies/policyauthorizesha1.txt
 create mode 100644 utils/policies/policyauthorizesha256.bin
 create mode 100644 utils/policies/policyauthorizesha256.txt
 create mode 100644 utils/policies/policyauthorizesha384.bin
 create mode 100644 utils/policies/policyauthorizesha384.txt
 create mode 100644 utils/policies/policyauthorizesha512.bin
 create mode 100644 utils/policies/policyauthorizesha512.txt
 create mode 100644 utils/policies/policyccactivate.bin
 create mode 100644 utils/policies/policyccactivate.txt
 create mode 100644 utils/policies/policycccertify.bin
 create mode 100644 utils/policies/policycccertify.txt
 create mode 100644 utils/policies/policycccreate-auth.bin
 create mode 100644 utils/policies/policycccreate-auth.txt
 create mode 100644 utils/policies/policyccduplicate.bin
 create mode 100644 utils/policies/policyccduplicate.txt
 create mode 100644 utils/policies/policyccnvchangeauth-auth.bin
 create mode 100644 utils/policies/policyccnvchangeauth-auth.txt
 create mode 100644 utils/policies/policyccquote.bin
 create mode 100644 utils/policies/policyccquote.txt
 create mode 100644 utils/policies/policyccsign-auth.bin
 create mode 100644 utils/policies/policyccsign-auth.txt
 create mode 100644 utils/policies/policyccsign.bin
 create mode 100644 utils/policies/policyccsign.txt
 create mode 100644 utils/policies/policyccundefinespacespecial-auth.bin
 create mode 100644 utils/policies/policyccundefinespacespecial-auth.txt
 create mode 100644 utils/policies/policycountertimer.bin
 create mode 100644 utils/policies/policycountertimer.txt
 create mode 100644 utils/policies/policycphash.bin
 create mode 100644 utils/policies/policycphash.txt
 create mode 100644 utils/policies/policycphashhash.bin
 create mode 100644 utils/policies/policycphashhash.txt
 create mode 100644 utils/policies/policydupsel-no.bin
 create mode 100644 utils/policies/policydupsel-no.txt
 create mode 100644 utils/policies/policydupsel-yes.bin
 create mode 100644 utils/policies/policydupsel-yes.txt
 create mode 100644 utils/policies/policyiwgek.txt
 create mode 100644 utils/policies/policyiwgekbsha256.bin
 create mode 100644 utils/policies/policyiwgekbsha256.txt
 create mode 100644 utils/policies/policyiwgekbsha384.bin
 create mode 100644 utils/policies/policyiwgekbsha384.txt
 create mode 100644 utils/policies/policyiwgekbsha512.bin
 create mode 100644 utils/policies/policyiwgekbsha512.txt
 create mode 100644 utils/policies/policyiwgekcsha256.bin
 create mode 100644 utils/policies/policyiwgekcsha256.txt
 create mode 100644 utils/policies/policyiwgekcsha384.bin
 create mode 100644 utils/policies/policyiwgekcsha384.txt
 create mode 100644 utils/policies/policyiwgekcsha512.bin
 create mode 100644 utils/policies/policyiwgekcsha512.txt
 create mode 100644 utils/policies/policyiwgeksha256.bin
 create mode 100644 utils/policies/policyiwgeksha384.bin
 create mode 100644 utils/policies/policyiwgeksha512.bin
 create mode 100644 utils/policies/policynamehash.bin
 create mode 100644 utils/policies/policynamehash.txt
 create mode 100644 utils/policies/policynvargs.txt
 create mode 100644 utils/policies/policynvnv.bin
 create mode 100644 utils/policies/policynvnv.txt
 create mode 100644 utils/policies/policyor.bin
 create mode 100644 utils/policies/policyor.txt
 create mode 100644 utils/policies/policyorwrittensigned.bin
 create mode 100644 utils/policies/policyorwrittensigned.txt
 create mode 100644 utils/policies/policypcr.bin
 create mode 100644 utils/policies/policypcr0.bin
 create mode 100644 utils/policies/policypcr0.txt
 create mode 100644 utils/policies/policypcr1623aaasha1.bin
 create mode 100644 utils/policies/policypcr1623aaasha256.bin
 create mode 100644 utils/policies/policypcr1623aaasha384.bin
 create mode 100644 utils/policies/policypcr1623aaasha512.bin
 create mode 100644 utils/policies/policypcr16aaasha1.bin
 create mode 100644 utils/policies/policypcr16aaasha1.txt
 create mode 100644 utils/policies/policypcr16aaasha256.bin
 create mode 100644 utils/policies/policypcr16aaasha256.txt
 create mode 100644 utils/policies/policypcr16aaasha384.bin
 create mode 100644 utils/policies/policypcr16aaasha384.txt
 create mode 100644 utils/policies/policypcr16aaasha512.bin
 create mode 100644 utils/policies/policypcr16aaasha512.txt
 create mode 100644 utils/policies/policypcrbm0.bin
 create mode 100644 utils/policies/policysecretnv.bin
 create mode 100644 utils/policies/policysecretnv.txt
 create mode 100644 utils/policies/policysecretnvpf.bin
 create mode 100644 utils/policies/policysecretnvpf.txt
 create mode 100644 utils/policies/policysecretnvpp.bin
 create mode 100644 utils/policies/policysecretnvpp.txt
 create mode 100644 utils/policies/policysecretp.bin
 create mode 100644 utils/policies/policysecretp.txt
 create mode 100644 utils/policies/policysecretpsha256.bin
 create mode 100644 utils/policies/policysecretpsha256ha.bin
 create mode 100644 utils/policies/policysecretpsha384.bin
 create mode 100644 utils/policies/policysecretpsha384ha.bin
 create mode 100644 utils/policies/policysecretpsha512.bin
 create mode 100644 utils/policies/policysecretpsha512ha.bin
 create mode 100644 utils/policies/policysecretsha256.bin
 create mode 100644 utils/policies/policysecretsha256.txt
 create mode 100644 utils/policies/policysignedsha1.bin
 create mode 100644 utils/policies/policysignedsha1.txt
 create mode 100644 utils/policies/policysignedsha256.bin
 create mode 100644 utils/policies/policysignedsha256.txt
 create mode 100644 utils/policies/policysignedsha384.bin
 create mode 100644 utils/policies/policysignedsha384.txt
 create mode 100644 utils/policies/policysignedsha512.bin
 create mode 100644 utils/policies/policysignedsha512.txt
 create mode 100644 utils/policies/policytemplate.bin
 create mode 100644 utils/policies/policytemplate.txt
 create mode 100644 utils/policies/policytemplatehash.bin
 create mode 100644 utils/policies/policytemplatehash.txt
 create mode 100644 utils/policies/policywrittenclrsigned.bin
 create mode 100644 utils/policies/policywrittenclrsigned.txt
 create mode 100644 utils/policies/policywrittenset.bin
 create mode 100644 utils/policies/policywrittenset.txt
 create mode 100644 utils/policies/policywrittensetsigned.bin
 create mode 100644 utils/policies/policywrittensetsigned.txt
 create mode 100644 utils/policies/rsaprivkey.der
 create mode 100644 utils/policies/rsaprivkey.pem
 create mode 100644 utils/policies/rsapubkey.pem
 create mode 100644 utils/policies/sha1.bin
 create mode 100644 utils/policies/sha1aaa.bin
 create mode 100644 utils/policies/sha1extaaa.bin
 create mode 100644 utils/policies/sha1extaaa0.bin
 create mode 100644 utils/policies/sha1exthaaa.bin
 create mode 100644 utils/policies/sha256.bin
 create mode 100644 utils/policies/sha256aaa.bin
 create mode 100644 utils/policies/sha256extaaa.bin
 create mode 100644 utils/policies/sha256extaaa0.bin
 create mode 100644 utils/policies/sha256exthaaa.bin
 create mode 100644 utils/policies/sha384.bin
 create mode 100644 utils/policies/sha384aaa.bin
 create mode 100644 utils/policies/sha384extaaa.bin
 create mode 100644 utils/policies/sha384extaaa0.bin
 create mode 100644 utils/policies/sha384exthaaa.bin
 create mode 100644 utils/policies/sha512.bin
 create mode 100644 utils/policies/sha512aaa.bin
 create mode 100644 utils/policies/sha512extaaa.bin
 create mode 100644 utils/policies/sha512extaaa0.bin
 create mode 100644 utils/policies/sha512exthaaa.bin
 create mode 100644 utils/policies/zero4.bin
 create mode 100644 utils/policies/zero8.bin
 create mode 100644 utils/policies/zerosha1.bin
 create mode 100644 utils/policies/zerosha256.bin
 create mode 100644 utils/policies/zerosha384.bin
 create mode 100644 utils/policies/zerosha512.bin
 create mode 100644 utils/policyauthorize.c
 create mode 100644 utils/policyauthorizenv.c
 create mode 100644 utils/policyauthvalue.c
 create mode 100644 utils/policycommandcode.c
 create mode 100644 utils/policycountertimer.c
 create mode 100644 utils/policycphash.c
 create mode 100644 utils/policyduplicationselect.c
 create mode 100644 utils/policygetdigest.c
 create mode 100644 utils/policymaker.c
 create mode 100644 utils/policymakerpcr.c
 create mode 100644 utils/policynamehash.c
 create mode 100644 utils/policynv.c
 create mode 100644 utils/policynvwritten.c
 create mode 100644 utils/policyor.c
 create mode 100644 utils/policypassword.c
 create mode 100644 utils/policypcr.c
 create mode 100644 utils/policyrestart.c
 create mode 100644 utils/policysecret.c
 create mode 100644 utils/policysigned.c
 create mode 100644 utils/policytemplate.c
 create mode 100644 utils/policyticket.c
 create mode 100644 utils/powerup.c
 create mode 100644 utils/printattr.c
 create mode 100644 utils/publicname.c
 create mode 100644 utils/quote.c
 create mode 100644 utils/readclock.c
 create mode 100644 utils/readpublic.c
 create mode 100644 utils/reg.bat
 create mode 100755 utils/reg.sh
 create mode 100644 utils/regtests/.cvsignore
 create mode 100644 utils/regtests/initkeys.bat
 create mode 100755 utils/regtests/initkeys.sh
 create mode 100644 utils/regtests/inittpm.bat
 create mode 100755 utils/regtests/inittpm.sh
 create mode 100644 utils/regtests/testaes.bat
 create mode 100755 utils/regtests/testaes.sh
 create mode 100644 utils/regtests/testaes138.bat
 create mode 100755 utils/regtests/testaes138.sh
 create mode 100644 utils/regtests/testattest.bat
 create mode 100755 utils/regtests/testattest.sh
 create mode 100644 utils/regtests/testattest155.bat
 create mode 100755 utils/regtests/testattest155.sh
 create mode 100644 utils/regtests/testbind.bat
 create mode 100755 utils/regtests/testbind.sh
 create mode 100644 utils/regtests/testchangeauth.bat
 create mode 100755 utils/regtests/testchangeauth.sh
 create mode 100644 utils/regtests/testchangeseed.bat
 create mode 100755 utils/regtests/testchangeseed.sh
 create mode 100644 utils/regtests/testclocks.bat
 create mode 100755 utils/regtests/testclocks.sh
 create mode 100644 utils/regtests/testcontext.bat
 create mode 100755 utils/regtests/testcontext.sh
 create mode 100644 utils/regtests/testcreateloaded.bat
 create mode 100755 utils/regtests/testcreateloaded.sh
 create mode 100644 utils/regtests/testcredential.bat
 create mode 100755 utils/regtests/testcredential.sh
 create mode 100644 utils/regtests/testda.bat
 create mode 100755 utils/regtests/testda.sh
 create mode 100644 utils/regtests/testdup.bat
 create mode 100755 utils/regtests/testdup.sh
 create mode 100644 utils/regtests/testecc.bat
 create mode 100755 utils/regtests/testecc.sh
 create mode 100644 utils/regtests/testencsession.bat
 create mode 100755 utils/regtests/testencsession.sh
 create mode 100644 utils/regtests/testevict.bat
 create mode 100755 utils/regtests/testevict.sh
 create mode 100644 utils/regtests/testgetcap.bat
 create mode 100755 utils/regtests/testgetcap.sh
 create mode 100644 utils/regtests/testhierarchy.bat
 create mode 100755 utils/regtests/testhierarchy.sh
 create mode 100644 utils/regtests/testhmac.bat
 create mode 100755 utils/regtests/testhmac.sh
 create mode 100644 utils/regtests/testhmacsession.bat
 create mode 100755 utils/regtests/testhmacsession.sh
 create mode 100644 utils/regtests/testnv.bat
 create mode 100755 utils/regtests/testnv.sh
 create mode 100644 utils/regtests/testnvpin.bat
 create mode 100755 utils/regtests/testnvpin.sh
 create mode 100644 utils/regtests/testpcr.bat
 create mode 100755 utils/regtests/testpcr.sh
 create mode 100644 utils/regtests/testpolicy.bat
 create mode 100755 utils/regtests/testpolicy.sh
 create mode 100644 utils/regtests/testpolicy138.bat
 create mode 100755 utils/regtests/testpolicy138.sh
 create mode 100644 utils/regtests/testprimary.bat
 create mode 100755 utils/regtests/testprimary.sh
 create mode 100644 utils/regtests/testrng.bat
 create mode 100755 utils/regtests/testrng.sh
 create mode 100644 utils/regtests/testrsa.bat
 create mode 100755 utils/regtests/testrsa.sh
 create mode 100644 utils/regtests/testsalt.bat
 create mode 100755 utils/regtests/testsalt.sh
 create mode 100644 utils/regtests/testshutdown.bat
 create mode 100755 utils/regtests/testshutdown.sh
 create mode 100644 utils/regtests/testsign.bat
 create mode 100755 utils/regtests/testsign.sh
 create mode 100644 utils/regtests/teststorage.bat
 create mode 100755 utils/regtests/teststorage.sh
 create mode 100644 utils/regtests/testunseal.bat
 create mode 100755 utils/regtests/testunseal.sh
 create mode 100644 utils/regtests/testx509.bat
 create mode 100755 utils/regtests/testx509.sh
 create mode 100644 utils/returncode.c
 create mode 100644 utils/rewrap.c
 create mode 100644 utils/rsadecrypt.c
 create mode 100644 utils/rsaencrypt.c
 create mode 100644 utils/sequencecomplete.c
 create mode 100644 utils/sequenceupdate.c
 create mode 100644 utils/setcommandcodeauditstatus.c
 create mode 100644 utils/setprimarypolicy.c
 create mode 100644 utils/shutdown.c
 create mode 100644 utils/sign.c
 create mode 100644 utils/signapp.c
 create mode 100644 utils/startauthsession.c
 create mode 100644 utils/startup.c
 create mode 100644 utils/stirrandom.c
 create mode 100644 utils/timepacket.c
 create mode 100644 utils/tpm2pem.c
 create mode 100644 utils/tpmcmd.c
 create mode 100644 utils/tpmproxy.c
 create mode 100644 utils/tpmpublic2eccpoint.c
 create mode 100644 utils/tss.c
 create mode 100644 utils/tss12.c
 create mode 100644 utils/tss12.h
 create mode 100644 utils/tss20.c
 create mode 100644 utils/tss20.h
 create mode 100644 utils/tssauth.c
 create mode 100644 utils/tssauth.h
 create mode 100644 utils/tssauth12.c
 create mode 100644 utils/tssauth12.h
 create mode 100644 utils/tssauth20.c
 create mode 100644 utils/tssauth20.h
 create mode 100644 utils/tssccattributes.c
 create mode 100644 utils/tssccattributes.h
 create mode 100644 utils/tssccattributes12.c
 create mode 100644 utils/tssccattributes12.h
 create mode 100644 utils/tsscrypto.c
 create mode 100644 utils/tsscryptoh.c
 create mode 100644 utils/tssdev.c
 create mode 100644 utils/tssdev.h
 create mode 100644 utils/tssdevskiboot.c
 create mode 100644 utils/tssdevskiboot.h
 create mode 100644 utils/tssfile.c
 create mode 100644 utils/tssmarshal.c
 create mode 100644 utils/tssmarshal12.c
 create mode 100644 utils/tssntc.c
 create mode 100644 utils/tssntc.h
 create mode 100644 utils/tssprint.c
 create mode 100644 utils/tssprintcmd.c
 create mode 100644 utils/tssproperties.c
 create mode 100644 utils/tssproperties.h
 create mode 100644 utils/tssresponsecode.c
 create mode 100644 utils/tsssocket.c
 create mode 100644 utils/tsssocket.h
 create mode 100644 utils/tsstbsi.c
 create mode 100644 utils/tsstbsi.h
 create mode 100644 utils/tsstransmit.c
 create mode 100644 utils/tssutils.c
 create mode 100644 utils/tssutilsverbose.c
 create mode 100644 utils/unseal.c
 create mode 100644 utils/verifysignature.c
 create mode 100644 utils/writeapp.c
 create mode 100644 utils/zgen2phase.c
 create mode 100644 utils12/Makefile.am
 create mode 100644 utils12/activateidentity.c
 create mode 100644 utils12/createekcert.c
 create mode 100644 utils12/createendorsementkeypair.c
 create mode 100644 utils12/createwrapkey.c
 create mode 100644 utils12/ekutils12.c
 create mode 100644 utils12/ekutils12.h
 create mode 100644 utils12/eventextend.c
 create mode 100644 utils12/extend.c
 create mode 100644 utils12/flushspecific.c
 create mode 100644 utils12/getcapability.c
 create mode 100644 utils12/imaextend.c
 create mode 100644 utils12/loadkey2.c
 create mode 100644 utils12/makeekblob.c
 create mode 100644 utils12/makefile-common
 create mode 100644 utils12/makefiletpmc
 create mode 100644 utils12/makeidentity.c
 create mode 100644 utils12/man/man1/tss1activateidentity.1
 create mode 100644 utils12/man/man1/tss1createekcert.1
 create mode 100644 utils12/man/man1/tss1createendorsementkeypair.1
 create mode 100644 utils12/man/man1/tss1createwrapkey.1
 create mode 100644 utils12/man/man1/tss1eventextend.1
 create mode 100644 utils12/man/man1/tss1extend.1
 create mode 100644 utils12/man/man1/tss1flushspecific.1
 create mode 100644 utils12/man/man1/tss1getcapability.1
 create mode 100644 utils12/man/man1/tss1imaextend.1
 create mode 100644 utils12/man/man1/tss1loadkey2.1
 create mode 100644 utils12/man/man1/tss1makeekblob.1
 create mode 100644 utils12/man/man1/tss1makeidentity.1
 create mode 100644 utils12/man/man1/tss1nvdefinespace.1
 create mode 100644 utils12/man/man1/tss1nvreadvalue.1
 create mode 100644 utils12/man/man1/tss1nvreadvalueauth.1
 create mode 100644 utils12/man/man1/tss1nvwritevalue.1
 create mode 100644 utils12/man/man1/tss1nvwritevalueauth.1
 create mode 100644 utils12/man/man1/tss1oiap.1
 create mode 100644 utils12/man/man1/tss1osap.1
 create mode 100644 utils12/man/man1/tss1ownerreadinternalpub.1
 create mode 100644 utils12/man/man1/tss1ownersetdisable.1
 create mode 100644 utils12/man/man1/tss1pcrread.1
 create mode 100644 utils12/man/man1/tss1quote2.1
 create mode 100644 utils12/man/man1/tss1sign.1
 create mode 100644 utils12/man/man1/tss1startup.1
 create mode 100644 utils12/man/man1/tss1takeownership.1
 create mode 100644 utils12/man/man1/tss1tpminit.1
 create mode 100644 utils12/nvdefinespace.c
 create mode 100644 utils12/nvreadvalue.c
 create mode 100644 utils12/nvreadvalueauth.c
 create mode 100644 utils12/nvwritevalue.c
 create mode 100644 utils12/nvwritevalueauth.c
 create mode 100644 utils12/oiap.c
 create mode 100644 utils12/osap.c
 create mode 100644 utils12/ownerreadinternalpub.c
 create mode 100644 utils12/ownersetdisable.c
 create mode 100644 utils12/pcrread.c
 create mode 100644 utils12/quote2.c
 create mode 100755 utils12/reg.sh
 create mode 100644 utils12/sign.c
 create mode 100644 utils12/startup.c
 create mode 100644 utils12/takeownership.c
 create mode 100644 utils12/tpminit.c

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..ca9dee159
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,278 @@
+*.o
+*.so
+acs/
+tpmutils/Debug/
+tpmutils/activatecredential/Debug/
+tpmutils/certify/Debug/
+tpmutils/certifycreation/Debug/
+tpmutils/changeeps/Debug/
+tpmutils/changepps/Debug/
+tpmutils/clear/Debug/
+tpmutils/clearcontrol/Debug/
+tpmutils/clockrateadjust/Debug/
+tpmutils/clockset/Debug/
+tpmutils/commit/Debug/
+tpmutils/contextload/Debug/
+tpmutils/contextsave/Debug/
+tpmutils/create/Debug/
+tpmutils/createek/Debug/
+tpmutils/createekcert/Debug/
+tpmutils/createloaded/Debug/
+tpmutils/createprimary/Debug/
+tpmutils/dictionaryattacklockreset/Debug/
+tpmutils/dictionaryattackparameters/Debug/
+tpmutils/duplicate/Debug/
+tpmutils/eccparameters/Debug/
+tpmutils/ecephemeral/Debug/
+tpmutils/encryptdecrypt/Debug/
+tpmutils/eventextend/Debug/
+tpmutils/eventsequencecomplete/Debug/
+tpmutils/evictcontrol/Debug/
+tpmutils/flushcontext/Debug/
+tpmutils/getcapability/Debug/
+tpmutils/getcommandauditdigest/Debug/
+tpmutils/getcryptolibrary/Debug/
+tpmutils/getrandom/Debug/
+tpmutils/getsessionauditdigest/Debug/
+tpmutils/gettestresult/Debug/
+tpmutils/gettime/Debug/
+tpmutils/hash/Debug/
+tpmutils/hashsequencestart/Debug/
+tpmutils/hierarchychangeauth/Debug/
+tpmutils/hierarchycontrol/Debug/
+tpmutils/hmac/Debug/
+tpmutils/hmacstart/Debug/
+tpmutils/import/Debug/
+tpmutils/importpem/Debug/
+tpmutils/load/Debug/
+tpmutils/loadexternal/Debug/
+tpmutils/makecredential/Debug/
+tpmutils/nvcertify/Debug/
+tpmutils/nvchangeauth/Debug/
+tpmutils/nvdefinespace/Debug/
+tpmutils/nvextend/Debug/
+tpmutils/nvglobalwritelock/Debug/
+tpmutils/nvincrement/Debug/
+tpmutils/nvread/Debug/
+tpmutils/nvreadlock/Debug/
+tpmutils/nvreadpublic/Debug/
+tpmutils/nvsetbits/Debug/
+tpmutils/nvundefinespace/Debug/
+tpmutils/nvundefinespacespecial/Debug/
+tpmutils/nvwrite/Debug/
+tpmutils/nvwritelock/Debug/
+tpmutils/objectchangeauth/Debug/
+tpmutils/pcrallocate/Debug/
+tpmutils/pcrevent/Debug/
+tpmutils/pcrextend/Debug/
+tpmutils/pcrread/Debug/
+tpmutils/pcrreset/Debug/
+tpmutils/policyauthorize/Debug/
+tpmutils/policyauthorizenv/Debug/
+tpmutils/policyauthvalue/Debug/
+tpmutils/policycommandcode/Debug/
+tpmutils/policycountertimer/Debug/
+tpmutils/policycphash/Debug/
+tpmutils/policyduplicationselect/Debug/
+tpmutils/policygetdigest/Debug/
+tpmutils/policymaker/Debug/
+tpmutils/policymakerpcr/Debug/
+tpmutils/policynamehash/Debug/
+tpmutils/policynv/Debug/
+tpmutils/policynvwritten/Debug/
+tpmutils/policyor/Debug/
+tpmutils/policypassword/Debug/
+tpmutils/policypcr/Debug/
+tpmutils/policyrestart/Debug/
+tpmutils/policysecret/Debug/
+tpmutils/policysigned/Debug/
+tpmutils/policytemplate/Debug/
+tpmutils/policyticket/Debug/
+tpmutils/powerup/Debug/
+tpmutils/publicname/Debug/
+tpmutils/quote/Debug/
+tpmutils/readclock/Debug/
+tpmutils/readpublic/Debug/
+tpmutils/returncode/Debug/
+tpmutils/rewrap/Debug/
+tpmutils/rsadecrypt/Debug/
+tpmutils/rsaencrypt/Debug/
+tpmutils/sequencecomplete/Debug/
+tpmutils/sequenceupdate/Debug/
+tpmutils/setprimarypolicy/Debug/
+tpmutils/shutdown/Debug/
+tpmutils/sign/Debug/
+tpmutils/signapp/Debug/
+tpmutils/startauthsession/Debug/
+tpmutils/startup/Debug/
+tpmutils/stirrandom/Debug/
+tpmutils/timepacket/Debug/
+tpmutils/tpm2pem/Debug/
+tpmutils/tpmpublic2eccpoint/Debug/
+tpmutils/tss/Debug/
+tpmutils/unseal/Debug/
+tpmutils/verifysignature/Debug/
+tpmutils/writeapp/Debug/
+tpmutils/zgen2phase/Debug/
+.gitignore
+tpmutils/.vs/
+.vs
+utils/*.o
+utils/h*.bin
+utils/nvp*.bin
+utils/activatecredential
+utils/certify
+utils/certifycreation
+utils/certifyx509
+utils/changeeps
+utils/changepps
+utils/clear
+utils/clearcontrol
+utils/clockrateadjust
+utils/clockset
+utils/commit
+utils/contextload
+utils/contextsave
+utils/create
+utils/createek
+utils/createekcert
+utils/createloaded
+utils/createprimary
+utils/dictionaryattacklockreset
+utils/dictionaryattackparameters
+utils/duplicate
+utils/eccparameters
+utils/ecephemeral
+utils/encryptdecrypt
+utils/eventextend
+utils/eventsequencecomplete
+utils/evictcontrol
+utils/flushcontext
+utils/getcapability
+utils/getcommandauditdigest
+utils/getrandom
+utils/getsessionauditdigest
+utils/gettestresult
+utils/gettime
+utils/hash
+utils/hashsequencestart
+utils/hierarchychangeauth
+utils/hierarchycontrol
+utils/hmac
+utils/hmacstart
+utils/imaextend
+utils/import
+utils/importpem
+utils/libtss.so
+utils/libtss.so.0
+utils/libtss.so.0.1
+utils/load
+utils/loadexternal
+utils/makecredential
+utils/ntc2getconfig
+utils/ntc2lockconfig
+utils/ntc2preconfig
+utils/nvcertify
+utils/nvchangeauth
+utils/nvdefinespace
+utils/nvextend
+utils/nvglobalwritelock
+utils/nvincrement
+utils/nvread
+utils/nvreadlock
+utils/nvreadpublic
+utils/nvsetbits
+utils/nvundefinespace
+utils/nvundefinespacespecial
+utils/nvwrite
+utils/nvwritelock
+utils/objectchangeauth
+utils/pcrallocate
+utils/pcrevent
+utils/pcrextend
+utils/pcrread
+utils/pcrreset
+utils/policyauthorize
+utils/policyauthorizenv
+utils/policyauthvalue
+utils/policycommandcode
+utils/policycountertimer
+utils/policycphash
+utils/policyduplicationselect
+utils/policygetdigest
+utils/policymaker
+utils/policymakerpcr
+utils/policynamehash
+utils/policynv
+utils/policynvwritten
+utils/policyor
+utils/policypassword
+utils/policypcr
+utils/policyrestart
+utils/policysecret
+utils/policysigned
+utils/policytemplate
+utils/policyticket
+utils/powerup
+utils/printattr
+utils/publicname
+utils/quote
+utils/readclock
+utils/readpublic
+utils/returncode
+utils/rewrap
+utils/rsadecrypt
+utils/rsaencrypt
+utils/sequencecomplete
+utils/sequenceupdate
+utils/setcommandcodeauditstatus
+utils/setprimarypolicy
+utils/shutdown
+utils/sign
+utils/signapp
+utils/startauthsession
+utils/startup
+utils/stirrandom
+utils/timepacket
+utils/tpmcmd
+utils/tpm2pem
+utils/tpmpublic2eccpoint
+utils/unseal
+utils/verifysignature
+utils/writeapp
+utils/zgen2phase
+utils/libibmtss.so
+utils/libibmtss.so.0
+utils/libibmtss.so.0.1
+utils/libibmtssutils.so
+utils/libibmtssutils.so.0
+utils/libibmtssutils.so.0.1
+utils/libibmtss.so.1
+utils/libibmtss.so.1.1
+utils/libibmtssutils.so.1
+utils/libibmtssutils.so.1.1
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
+.deps/
+Makefile
+Makefile.in
+aclocal.m4
+autom4te.cache/
+build-aux/
+config.h
+config.h.in
+config.log
+config.status
+configure
+libtool
+stamp-h1
+utils/.dirstamp
+utils/.deps/
+utils/Makefile
+utils/Makefile.in
+utils12/.deps/
+utils12/Makefile
+utils12/Makefile.in
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 000000000..d20d277a7
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,4 @@
+Kenneth Goldman <kgold at linux.ibm.com>
+
+CONTRIBUTORS:
+Debora Velarde Babb <debora at linux.ibm.com>
diff --git a/COPYING b/COPYING
new file mode 100644
index 000000000..e69de29bb
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 000000000..e69de29bb
diff --git a/INSTALL b/INSTALL
new file mode 100644
index 000000000..209984075
--- /dev/null
+++ b/INSTALL
@@ -0,0 +1,370 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
+Inc.
+
+   Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.  This file is offered as-is,
+without warranty of any kind.
+
+Basic Installation
+==================
+
+   Briefly, the shell command `./configure && make && make install'
+should configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.  Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below.  The lack of an optional feature in a given package is not
+necessarily a bug.  More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+   The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package, generally using the just-built uninstalled binaries.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.  When installing into a prefix owned by root, it is
+     recommended that the package be configured and built as a regular
+     user, and only the `make install' phase executed with root
+     privileges.
+
+  5. Optionally, type `make installcheck' to repeat any self-tests, but
+     this time using the binaries in their final installed location.
+     This target does not install anything.  Running this target as a
+     regular user, particularly if the prior `make install' required
+     root privileges, verifies that the installation completed
+     correctly.
+
+  6. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  7. Often, you can also type `make uninstall' to remove the installed
+     files again.  In practice, not all packages have tested that
+     uninstallation works correctly, even though it is required by the
+     GNU Coding Standards.
+
+  8. Some packages, particularly those that use Automake, provide `make
+     distcheck', which can by used by developers to test that all other
+     targets like `make install' and `make uninstall' work correctly.
+     This target is generally not run by end users.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.  This
+is known as a "VPATH" build.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.  In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+   The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+   The first method involves providing an override variable for each
+affected directory.  For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'.  Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated.  The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+   The second method involves providing the `DESTDIR' variable.  For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names.  The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters.  On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+   Some packages offer the ability to configure how verbose the
+execution of `make' will be.  For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   HP-UX `make' updates targets which have the same time stamps as
+their prerequisites, which makes it generally unusable when shipped
+generated files such as `configure' are involved.  Use GNU `make'
+instead.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf limitation.  Until the limitation is lifted, you can use
+this workaround:
+
+     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 000000000..ddaa84dcb
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,92 @@
+$Id: LICENSE 679 2016-07-14 12:10:16Z kgoldman $
+
+(c) Copyright IBM Corporation 2016.					
+									
+All rights reserved.							
+									
+Redistribution and use in source and binary forms, with or without	
+modification, are permitted provided that the following conditions are
+met:									
+									
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.		
+									
+Redistributions in binary form must reproduce the above copyright	
+notice, this list of conditions and the following disclaimer in the	
+documentation and/or other materials provided with the distribution.	
+									
+Neither the names of the IBM Corporation nor the names of its	
+contributors may be used to endorse or promote products derived from	
+this software without specific prior written permission.		
+									
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT	
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT	
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+	
+--------------------------------------------------------------------
+			    
+A portion of the source code is derived from the TPM specification,
+which has a TCG copyright.  It is reproduced here for reference.
+
+--------------------------------------------------------------------
+
+Licenses and Notices
+Copyright Licenses:
+
+* Trusted Computing Group (TCG) grants to the user of the source code
+in this specification (the "Source Code") a worldwide, irrevocable,
+nonexclusive, royalty free, copyright license to reproduce, create
+derivative works, distribute, display and perform the Source Code and
+derivative works thereof, and to grant others the rights granted
+herein.
+
+* The TCG grants to the user of the other parts of the specification
+(other than the Source Code) the rights to reproduce, distribute,
+display, and perform the specification solely for the purpose of
+developing products based on such documents.  
+
+Source Code Distribution Conditions:
+
+* Redistributions of Source Code must retain the above copyright
+licenses, this list of conditions and the following disclaimers.
+
+* Redistributions in binary form must reproduce the above copyright
+licenses, this list of conditions and the following disclaimers in the
+documentation and/or other materials provided with the distribution.
+
+Disclaimers:
+
+* THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF
+LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH
+RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)
+THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR
+OTHERWISE. Contact TCG Administration
+(admin at trustedcomputinggroup.org) for information on specification
+licensing rights available through TCG membership agreements.
+
+* THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED
+WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR
+FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR
+NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY
+OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.
+
+* Without limitation, TCG and its members and licensors disclaim all
+liability, including liability for infringement of any proprietary
+rights, relating to use of information in this specification and to
+the implementation of this specification, and TCG disclaims all
+liability for cost of procurement of substitute goods or services,
+lost profits, loss of use, loss of data or any incidental,
+consequential, direct, indirect, or special damages, whether under
+contract, tort, warranty or otherwise, arising in any way out of use
+or reliance upon this specification or any information herein.
+
+Any marks and brands contained herein are the property of their
+respective owners.
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 000000000..be48dbaf3
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,11 @@
+SUBDIRS = utils utils12
+EXTRA_DIST = utils/policies utils/certificates utils/regtests utils/man utils/reg.sh utils/cakey.pem demo
+ACLOCAL_AMFLAGS = -I m4
+
+pkgname = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION)
+tarname = $(pkgname).tar.gz
+
+$(tarname):
+	git archive --format=tar --prefix=$(pkgname)/ v$(PACKAGE_VERSION) $(FILES) | gzip >$@
+
+tar: $(tarname)
diff --git a/NEWS b/NEWS
new file mode 100644
index 000000000..e69de29bb
diff --git a/README b/README
new file mode 100644
index 000000000..7924ddcd8
--- /dev/null
+++ b/README
@@ -0,0 +1,166 @@
+Linux Specific build notes
+--------------------------
+Written by Ken Goldman
+IBM Thomas J. Watson Research Center
+
+
+Prior to the autotools support, most users began by untarring the
+tarball or cloning the git repo, and then executing 'make' or 'make -f
+<makefile>' in the utils and utils12 directories.  For autotools and the
+existing makefiles to co-exist, the existing "makefile" was renamed to
+"makefiletpmc".
+
+$ cd utils
+$ make -f makefiletpmc
+$ cd utils12
+$ make -f makefiletpmc
+
+This builds a TSS
+- with TPM 2.0 and TPM 1.2 support,
+- connecting to a TPM 2.0 SW TPM,
+- with TSS state files in cwd,
+- with tracing support,
+- and with elliptic curve support.
+
+Refer to the "Advanced options", below, for additional compiler options.
+
+
+Autotools
+---------
+
+On Linux (and probably other Unix systems), open source projects expect
+the normal shell command 'autoreconf -i && ./configure && make && make install'
+should configure and build the package.
+
+Example 1: To configure the TSS library to use the software TPM, build and
+install the package in ${HOME}/local/bin and ${HOME}/local/lib directories
+execute the following shell commands:
+
+$ autoreconf -i
+$ ./configure --prefix=${HOME}/local --disable-hwtpm
+$ make clean
+$ make
+$ make install
+
+An initial set of the most common TSS "./configure" options are defined
+to enable/disable different features.
+
+--disable-tpm-2.0 - include only TPM 1.2 support
+--disable-tpm-1.2 - include only TPM 2.0 support
+--disable-hwtpm   - don't use the hardware TPM, use a software one instead
+--disable-rmtpm   - when using a hardware TPM, don't use the resource manager
+--enable-noprint  - build a TSS library without tracing or prints
+--enable-nofile   - build a TSS library that does not use files to preserve state
+--enable-nocrypto - build a TSS library that does not require a crypto library
+		    (dependency on "--enable-nofile")
+--enable-noecc    - build a TSS library that does not require OpenSSL elliptic curve support
+--enable-debug    - build a TSS library used for debugging.
+
+Example 2: To configure the TSS library to use the hardware TPM, build and
+install the package in the default /usr/local directories requires root
+privileges.  Executing the following shell commands will make and install the
+package in the default directories.
+
+$ autoreconf -i
+$ ./configure
+$ make clean
+$ make
+$ sudo make install
+
+Other TSS features can be modified by specifying them directly as CFLAGS
+"./configure" options.
+
+CFLAGS='<options>'
+options:
+-O0					- change compiler optimization (default: 02)
+-DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""	- change hardware TPM (default: /dev/tpm0)
+-DTPM_DATA_DIR_DEFAULT="\"<pathname>\""	- specify directory for TSS state files
+-DTPM_TRACE_LEVEL_DEFAULT="\"<level>""	- change level of tracing (default: 0)
+	0 - no tracing
+	1 - trace errors
+	2 - trace errors and execution flow
+
+Example 3: To install the package in ${HOME}/local/bin and ${HOME}/local/lib
+directories, compile for the gdb debugger, and connect by default to a socket
+simulator TPM at command port 3333, execute the following shell commands:
+
+$ autoreconf -i
+$ ./configure --prefix=${HOME}/local --enable-debug --disable-hwtpm \
+CFLAGS='-DTPM_INTERFACE_TYPE_DEFAULT="\"socsim\"" -DTPM_COMMAND_PORT_DEFAULT="\"3333\""'
+$ make clean
+$ make
+$ make install
+
+The TPM utility binaries are stored in utils/.lib and utils12/.lib directories
+of the source directory.[1]  To debug using these binaries in the source tree,
+use either the binary stored in .lib or the libtool command.
+
+$ libtool --mode=execute gdb <.lib/utility>
+
+[1] For an explanation, refer to the GNU documentation
+https://www.gnu.org/software/libtool/manual/libtool.html#Debugging-executables.
+
+
+Advanced options
+----------------
+
+For all options and details, see the documentation in ibmtss.doc or
+ibmtss.html.
+
+Some of the more common options are below.
+
+1-3 can also be specified in an environment variable or at run time.
+
+4-8, which are used to reduce the size of the library, must be
+specified at compile time.
+
+1) To default to a hardware TPM (rather than the SW TPM)
+
+Add to CCLFLAGS:
+
+	-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
+
+2) To default to /dev/tpmrm0 (rather than /dev/tpm0)
+
+Add to CCLFLAGS:
+
+	-DTPM_DEVICE_DEFAULT="\"/dev/tpm0\""
+
+3) To default to a different directory for TSS state files (rather
+than cwd)
+
+Add to CCLFLAGS:
+
+	-DTPM_DATA_DIR_DEFAULT="\"directory\""
+
+4) To remove TPM 1.2 support
+
+Delete from CCLFLAGS and CCAFLAGS
+
+	-DTPM_TPM12
+
+5) To remove the requirement for a filesystem (see documentation for
+limitations)
+
+Add to CCFLAGS
+
+	-DTPM_TSS_NOFILE
+
+6) To remove the requirement for crypto (see documentation for
+limitations)
+
+Add to CCFLAGS
+
+	-DTPM_TSS_NOCRYPTO
+
+7) To remove print tracing support
+
+Add to CCFLAGS
+
+	-DTPM_TSS_NO_PRINT
+
+8) To remove elliptic curve dependencies
+
+Add to CCFLAGS
+
+	-DTPM_TSS_NOECC
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 000000000..a3cd97af5
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,137 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+# Set package release version"
+# After committing set git tag version.
+AC_INIT(ibmtss, 1.2.1, kgold at linux.ibm.com)
+AC_PREREQ([2.63])
+
+# Convert major.minor.micro to libtool versioning (current-revision-age)
+TSSLIB_VER_MAJOR=1
+TSSLIB_VER_MINOR=3
+TSSLIB_VER_MICRO=0
+TSSLIB_VERSION_INFO=`expr $TSSLIB_VER_MAJOR + $TSSLIB_VER_MINOR`:$TSSLIB_VER_MICRO:$TSSLIB_VER_MINOR
+AC_SUBST([TSSLIB_VERSION_INFO], [$TSSLIB_VERSION_INFO])
+
+# Put autotools auxiliary files in a subdir, so they don't clutter top dir:
+AC_CONFIG_AUX_DIR([build-aux])
+
+AM_INIT_AUTOMAKE([subdir-objects])
+AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_MACRO_DIR([m4])
+
+AC_CANONICAL_HOST
+
+# save userspace CFLAGS options
+USER_CFLAGS=$CFLAGS
+
+# Checks for programs.
+AC_PROG_AWK
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_PROG_CPP
+AC_PROG_INSTALL
+AC_PROG_LN_S
+AC_PROG_MAKE_SET
+LT_INIT([disable-static])
+
+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 1.0.1 ])
+AC_CHECK_HEADERS(openssl/conf.h)
+
+# Checks for header files.
+AC_HEADER_STDC
+
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h limits.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/param.h sys/socket.h unistd.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_TYPE_INT16_T
+AC_TYPE_INT32_T
+AC_TYPE_INT64_T
+AC_TYPE_INT8_T
+AC_TYPE_SIZE_T
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+AC_TYPE_UINT64_T
+AC_TYPE_UINT8_T
+
+# Checks for library functions.
+AC_FUNC_MALLOC
+AC_FUNC_REALLOC
+AC_CHECK_FUNCS([gethostbyname memmove memset socket strerror strtoul])
+
+# Replace autotools default optimization
+AC_ARG_ENABLE(debug,
+   AS_HELP_STRING([--enable-debug], [Build a TSS library used for debugging]))
+   AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -O0"])
+
+# Linux requires -DTPM_POSIX
+case $host_os in
+       linux-*)        CFLAGS="-DTPM_POSIX $CFLAGS" ;;
+esac
+
+AC_ARG_ENABLE(tpm-2.0,
+   AS_HELP_STRING([--disable-tpm-2.0], [Include only TPM 1.2 support]),
+     [case "${enableval}" in
+     yes | no ) tpm20="${enableval}" ;;
+     *) AC_MSG_ERROR([bad value ${enableval} for --disable-tpm-2.0]) ;;
+   esac], [tpm20="yes"])
+   AM_CONDITIONAL([CONFIG_TPM20], [test x$tpm20 = xyes])
+
+AC_ARG_ENABLE(tpm-1.2,
+   AS_HELP_STRING([--disable-tpm-1.2], [Include only TPM 2.0 support]),
+     [case "${enableval}" in
+     yes | no ) tpm12="${enableval}" ;;
+     *) AC_MSG_ERROR([bad value ${enableval} for --disable-tpm-1.2]) ;;
+   esac], [tpm12="yes"])
+   AM_CONDITIONAL([CONFIG_TPM12], [test x$tpm12 = xyes])
+
+AC_ARG_ENABLE(noprint,
+   AS_HELP_STRING([--enable-noprint], [Build a TSS library without tracing or prints]))
+   AM_CONDITIONAL([CONFIG_TSS_NOPRINT], [test "x$enable_noprint" = "xyes"])
+   AS_IF([test "$enable_noprint" != "yes"], [enable_noprint="no"])
+
+AC_ARG_ENABLE(nofile,
+	      AS_HELP_STRING([--enable-nofile], [Build a TSS library that does not
+		   use files to preserve state]))
+   AM_CONDITIONAL([CONFIG_TSS_NOFILE], [test "x$enable_nofile" = "xyes"])
+   AS_IF([test "$enable_nofile" != "yes"], [enable_nofile="no"])
+
+AC_ARG_ENABLE(nocrypto,
+	      AS_HELP_STRING([--enable-nocrypto], [Build a TSS library that does not
+		   require a crypto library]))
+   AM_CONDITIONAL([CONFIG_TSS_NOCRYPTO], [test "x$enable_nocrypto" = "xyes"])
+   AS_IF([test "$enable_nocrypto" != "yes"], [enable_nocrypto="no"])
+
+AC_ARG_ENABLE(noecc,
+	      AS_HELP_STRING([--enable-noecc], [Build a TSS library that does not
+		   require OpenSSL elliptic curve support]))
+   AM_CONDITIONAL([CONFIG_TSS_NOECC], [test "x$enable_noecc" = "xyes"])
+   AS_IF([test "$enable_noecc" != "yes"], [enable_noecc="no"])
+
+AC_ARG_ENABLE(hwtpm,
+   AS_HELP_STRING([--disable-hwtpm], [Use a software TPM instead of the hardware one]),, [enable_hwtpm="yes"])
+   AM_CONDITIONAL([CONFIG_HWTPM], [test "x$enable_hwtpm" = "xyes"])
+   AS_IF([test "$enable_hwtpm" != "yes"], [enable_hwtpm="no"])
+
+AC_ARG_ENABLE(rmtpm,
+   AS_HELP_STRING([--disable-rmtpm], [Do not use the resource manager]),, [enable_rmtpm="yes"])
+   AM_CONDITIONAL([CONFIG_RMTPM], [test "x$enable_rmtpm" = "xyes"])
+   AS_IF([test "$enable_rmtpm" != "yes"], [enable_rmtpm="no"])
+
+AC_CONFIG_FILES([Makefile
+		utils/Makefile
+		utils12/Makefile
+		])
+AC_OUTPUT
+
+# Give some feedback
+echo   "Configuration:"
+echo   "	CFLAGS:		$CFLAGS"
+echo   "	tpm12:		$tpm12"
+echo   "	tpm20:		$tpm20"
+echo   "	hwtpm:		$enable_hwtpm"
+echo   "	rmtpm:		$enable_rmtpm"
+echo   "	nofile:		$enable_nofile"
+echo   "	noprint:	$enable_noprint"
+echo   "	nocrypto:	$enable_nocrypto"
+echo   "	noecc:		$enable_noecc"
diff --git a/demo/.cvsignore b/demo/.cvsignore
new file mode 100644
index 000000000..a8a0dcec4
--- /dev/null
+++ b/demo/.cvsignore
@@ -0,0 +1 @@
+*.bin
diff --git a/demo/IBM-TSS-Demo.doc b/demo/IBM-TSS-Demo.doc
new file mode 100644
index 0000000000000000000000000000000000000000..c6e04c86dbd647541777f89bd9bfdb5abc160217
GIT binary patch
literal 89600
zcmeEv2VfLc*Y at 4iO<9tVLJDOF5L!qh4G;)~5<-h4^twql1(My6-H=3jlcorWh>D1U
zQWQaobOAv?1f_`xqJV;^paE$rn*TX>c6Miz-4Ma=<9+|nfhRM!om)=1=iZr}Irf>?
zh1cH;yvQmX?U+6LtK5Y-$>QyBy-EsuGWIsE6~JHR<>eIp7O)aP at ZaOVWCX6gxtDqE
zadBYmUd`RaM8?2b97 at JoM>1A}rH at P>dH?YJ!#vjFkBfsJi!Weo=`s-kO~quvB9}Q(
zUhZKE*t(W7Y~dGQdx>E>$JZ0Dt2+Bg#c?JEP_T!woctV*_-Tk=h_k=ISe`6j@&d-v
zA?ni*e-Gzz4H)x7`U0HksCdqA$XGw*+ZV#vJ4n|xW^4e?Z_a0oG-f5vbX4aIQtTZx
zY6A)mdy%ol2!Dd|zC at tHA&o=NCKVElL24Hr(pkzUor$jekmyNgsh?6F3ZFyZ0?LKq
z+&n@|sdy&(?a=;;bSj2veB_5jM;=$5YpFlB=n>tsXwSi+j194`4#n!_nV%u%lg3Gs
zw-GHDoc{gBNivN5kmBbwW9)0hHc&&eq(q$OV;o3sYe4Rvz?tNaj-kjGjdtIG9MF*)
ziaf@!0b!~?n5R72pN*jNF3h}Ck3>!4mwF^)5s>MF03Fg<;+GVb&SEYxUlIZykOyjK
zB+j*E<)!@6S&~QTEYY!bE`|_pGL5pWT;}#l^+;!FoF)0Ob(Sbge5`nWP<qAu|5RAw
zm(-u?o~8Ew-LozFWSa$dcmZ`F*WiaEtBJofqx^gP=Z}D at TgRS4T575g6&4|M(&Xz@
zs_q)C&{db0nXlHWyoIEJDV_WD=+>*d5S*{h%`@m)kIF`3Lb2MQ*J;CY)APeJbos%8
z!iUGBP(qPjiuP4?(qw4z(=~-cRBWga6%iTNQ(Y=VMe*x+l}hEVLLF(n6NMo<Avm%{
z%V1$hjxgjYVMvkSBd>f&o)A1dO_vc95fu>|7atu#HAaTHbkiCNb(uvOhFqQ2#al?}
z(6w`)&RqnHtVB}b6Xok`(VdDEBZ*=ZQPdmMd3ow8C`ML~Vw6Y`txPqjwVCR|Od(a5
zWhhn`YHTz$N+jI!0ZqjyQB$e0;GRTNNK5HSY_vhUW%X!Bi?mycw2hKsgJg8|NXCdH
zqb*2sVY5Lurh0T^i7pz7(JeIOYO at 7Hjz-9Y4BH?ZE0T?V!05&iSv0m!kycv`s&Un$
z8ZT0XFeK^nHA0Fy+m;Z-iv(jH(9BjMK?p&I%=}z!uHH~smCUxP7S$N8SJ7b@)s)0O
zdg}uj6Hz@{T%)4HFqBCU|2&N?az=HEt-8Z8T%DrBV!~W{_3P82r;t*pE6{-PHt8C*
z=|Ob4HbsZUhPiatlnRN3nkt4d#;8RPqRF)=IxG%Sl-fZ^&CS*d7y_Z6rZ6|F)W)b9
zwJGia!@#vEIt+r;SF6{k^K4Kv>d=FzaUF^#Q}Sey&R|0%V~m;;|A3|$H3!1etDitD
z>ZZ-ql-T5tQFDl at uiTESRB1*<7IO7MuGXLdnM|ReFgIUan44EBsP%$c7?Z0nQs)W9
zm`@BkuJ$n8Pyr1$1Jblcqi!fI$jv}jqkR;zz~Q1ojXq2ex*4bnb)H@)=%JRyIckGY
zq}OB><%yMGI)kF-YqZFRb`)l*Gc;iWH4w!#B?WovT&-Tn(G^o0a7i-<=X7C_)}kHK
z^ctp8b<p#a95Mq1pe~?J`BWF2V=xr74iC at K=?z+Sz9!sIkRKJEOG6n}kW)ZvUv&;&
zv?LQfHfZ#ryec#+V-)YGP^?K8^qRskn33s3_6;<7J7_#;;7wrxgO<k$&@_Nq9;1;d
z<mGBLLXjaiFPBsgRb}KA5qpYr4LMTgFiyynDU=4Yh}acsK@)>v;&c;3PNA+S+eD%%
za%#<kE|S-v4zye?r1t0B)X{YgCRUnLDMn5)2bB^VbXuW521Hkk(MT^cppD>NrY at t1
zvsI^sKxJz58HKs&=uVGZZBdEDNp1*4DFGopQR<?})D@~jg+580dxQ#o(~Go*qEI0b
z0-}Q)VR#A(b?NGK5>jocNX?Q!Nqj8NM*^CnD at JcnB15Cs>k6rTx!F7wgKNms2oU^S
zwKfziDb;fkrW(fN78*$M^VJzS;DsK2misJlsw%k~DwWt?vGpny45wDF7bVqr-6B&n
zMw2Hrf%FTJVG&^^p at LRtz-44uNmCWc1n*r=ftXQc(B(tIc%- at jEzziYgQ$>|Tc{}}
zu_ at 3M8ie==p$W-qQy~kiD#X+b^;Bn2cU3BJ at T9hc3bKZTLdw$7K<P|%s>Euds4X-i
zydgY;F`-4iF0%#VRr;b#sB@{_pvliL<e^%~KN=&Ir+WTIJ3EJEhlL77S;a6Dc~JED
z2#heFCD0Wi6aCFF=n6}D4<Vi067gXXYo#c&(m at tPdMcGm10jDDiVNXm)P>>2#l_({
zhWtFP?39*~gYF1%adFntxz}FN?^CHd>58>^IyEdFD&-bX^azFAET|vpx}-VOjxiVp
zSwa$5DX6NXT+kAuDJ15>!!YDR>R?pJ*8+i#MY(yITvZB1{~HPbEtCub#IllA)5EOk
zbw!048j#G^glRQ~aESj%452<8O9_23w{?<<t7djzD1dntV{I6W>l>0_QTri at uu+Ik
z|K~eFU5GH~_0{c#l;5%&#>H3~IH at --8pPR9m>y0(E;q3lZW{6|3 at OaPC{0!_ysS_`
z1AP>9SweA6E-uK5>rKfm$d2o at tyL<ifY3rnP3q7h3bVX8KpLY2m~sq<`dP^(N{lI&
zK1UsC%oS;i66KLm6Z3I#H4 at _!g2<E%T>(unB+H~3m^$?68`pl~oN0F9bx{m#Mxh#-
zh^e@;PC;N*s$OJ&3^d7;Z6h-!R;w5EMFreq8ApQWrm at E)l7o!dx<X7n`QjXkCJ4~k
zT$p({1AMB(0Oe+YbZG$;fF=T%ZrEv^md`O#W|NJOwKj~bwdL}K8*msbvFC;Yw2r1~
z@;p!($V*c(&12;ElludsmWf#iTGv3zj$tztWD494K}94RKx9oKg*h`+%pv5GkHagS
z9<DFUFq<~eY$rfUhl`GbjFe<6Kq5E42y151`RdrMcPgKsdDTS)X1c^QYP8X4a>@lX
z3l<fi4r6whSDjW1o4^}G#xuPTvp1$naF$w6@(-uW=s#IAG_W&yItV`bP`3RiTUnrq
z#Cu*1c_HZ<?nsF97p8VtO=^Z|t^*(R8aR#x)If2TfECnXRhA82 at vdNdg8L7~X%TG(
zKOlsd!Lw0VlMg}H3B|g?QLw-;Q`Bp64#~k1eL2iy at LIJXn28yhwo`~<db7ikuE|i-
z?48=#=)}N7)sl>6a*73onBcXhbuu}_W);dR)a6qjX~B!Ob%DVrf7s{_k^G{l9!8^6
zuAWGe&zi2&8B{LnOxRQ%d4)wKus^K@^o9r8Mwl{VnFiMp6!J<{F5y%z99hFVcj*?M
z#r>)9?82h-u#Bv1m5YnHxT;Tu6}U>(5zYk+9#>(LB&2I-Ue3otAV)n0i8^AKI&)+Z
zJOGSj4(2&&_LC+#X{?9_oOlDKqkKVKWXOS at KgHcX8rmZ5C@rQ`qDUDrxP=&;&SYKn
z5Kr)w?1Nw^)`3 at r;`l%`Tbp=hS{jfaN+clR;zkfR;TTSmWKCfqoIiOf3 at T<@ofh*g
zWrTQPi9wRWvyx1S>E!#FwiAr2627FM{4hhJ2&Y5NM?vY-*@fzSl;}?*g5?a~I3udk
zNW!}2Y19xQ<I2W7&PD|cmANvaoTenD at F@uTUjWS at Pk~dw?32M)(jYH3!)Phh8Qgg#
z3z(^cc#|P6)Qm2INr0G^N=_noiZiiF6Q?f}?q+CAJ;KVRl&lR}8Y*C&me<0#oXZpv
zg$^m*&_B!l5OI(px at p8~T5my-AkSk^dAb^IHMdl`S`q=#;fMXn%f*NVr$VVoPdbrd
zBdtu!&DR8zIFP#2s8MPLA6}!3WE2$^LeK>Ra-z{N<*)>zRW#=%o5I%}kW-?Bsv*{y
zqQ{+%wVD{>t_q2D7B*gqVNfHi3%DK$>MR6#8^rpJHYl@*D}a8KrWjgaDAs`0mJOBW
zc+o)?TaQ8OqsfA!EH1yW7~<u`Wwoh%A&SCGXp8uUZnj3N!E#$iDnUa_-LtJqn*0I-
z)<nF~WB at QWT_7veG?57;=kVq=q`@$3JU{0;1b|!Mj2yK#8~RM6PYZ7Ab)hj_r#g!|
zh4C-YWMIz)?869V=)fJ!E5W_txu&S~dKlbHk)eDIkJeZk0UCJ-A*iZoKdiDW<zfC6
zeH4lF$OrEruZS<qI+xJqg+OtUqI(5fk6y!kQrCGtxcbyH(&auH5{IgDgG(9%WwxYk
zT7GA$4QipWTCHx(Mb=7vFn+M at a3i9G$Vj18oG{(!SBTAlBxyAoTGEp?Q!~YlCT>im
z at ip2k%T~mR+YO!iq+xBF*hjPwoLNML&$hXc0`s7n`x{~6D`hq3Fzy`M8hCQy#^_+c
z;rR0IYIWKcrU;BHZ9AgPsUmx6x+DvL2`N`c(`p`UmLyQLazdwd>3lh296Y_AW^PdE
zMdkt7#V(SxLUlB1%<7o-^;ppI8J?7jnjr2~l?tOYr7&7t>M?sjp8LYOa=qs5K-F1!
zMbJ8VepJ at M=$G<IjSrwjzxZAdIr^f5pM(1`oKKy*3mLQ{nk8=jfKVC+vkR}mIFPgh
zV!*tWsmaq|DaVT$hY511$rz={L at O&0A{8V%4Ra-y%cKFRun8-le#mGU3vjb#Tr=9@
zVkW!+EruSuhQ_Y((T5~pd5oFBxXp`7<vX+{YDQ~qT$88pZNgHn)qDzqV3@{N4|_!d
z0KTA`G&*AEX|~VH9i<V)0sV}R5Dzjz+))dqnMu5rMH0$Y1r0J*3P%`wyfl}Jl)L7N
zW=t*Qso|brNyc{(g7wH1EOkzx-lWlzp|P=aFjZ&3UKhj~jey8N9z_FgWgnT#vb+tL
zr_ at 5nJY71-*la;&x|Ie5n~G8sQn47qNT>x^2|W!LsR*{3Q5QF^CgnHv9*T at PHG}*u
z*+7V!cC<;7m8Id+qHHt-J{X0;AetsF+DzQS7{d3;G|q1_-5 at uM&#q)Z!Lly7C8#k)
zjHJCi5;`#w(-C?iEtk at BwI;6)gR9AgXGPWxk|7qBRe}at8EliZNfQc5K at Vast+XjX
zyfsUJX$*VH#t=E=!%HRjR<uC-yrPg08RU^X5V^c)g<$ap0v}^ukVdZpOCZq1F*L|n
zvxOPPxK$>??JXI(L~~)zDPlZP!ki<qw?Z#PyGm43c~i-9^Nn>aG$a>h362z|G-(k-
z1_zndHYiGlhAI*GL`LgxQi39bJ{RjAY7B7}yNBG6YRES;$$YAOZiUyIF42>8iR2ih
zEqiK|0MQT-d*oDP-Ngiktu?WOsGr|_sfJWQZ_okijGT6`SUwmAHKVY!!01C5^$qPa
zPFNT#-eua|5T_>!k}eu)VmcD<ZjipxhATfJQ5Eb6w;vF39o$(s&Eh0gp+rPWqoGr&
zdW)8Z+z*<aAdhD6B?1(UZUD`3rb%62#CLP)h6#kED32VwG&IpvCvPb=nzIuO5WO4h
z7+?Y=aU+$XxCkOzgqe(V7 at j!XTe{O?>CIKu#K>41Z8WxpPj52Uq7p51z~p at yyJ76I
zv1Qo#gkdHL5R<XXV;&*+ciabq=VdbRmc`ZCxLd^6_{3nNUrIw`G9&5=MubMvk_J^S
znN?%IxHUGmm#;Bs8W(4FF^A+Qz+j4Qxa8N#gd4XWXit{=-h7}$0%VD4Qwt5|_Xn#X
z at 6azRR&X at kU6h+S9)VU%<De!XK-g&bcx|SM%53?>cr?eQ7YJgvp_^6^S0b2X#Y$+s
zV8CW5tPIH&dFaN`;a(e*f_7q{FFM at FqDm{8P~&tYQZxD0GNlu^Z4oV`OdH4w8rv;d
z37J8CI5Pt`OMWNSH2$5q%LG9au!6zlh8dK*PGkfkB1M%B72<{TQhpbZ_o6 at cFkvvo
zl9IDWj+`K-7<1En#+4PWn`r(yWegLwMFSgX*=Lh-L%zg4D)^8lYm$V_ at WG81#b`H-
zW)1YZ(QQqd$~9P4(t48npM2Wpj3VMB)Lo&OiMWH4PWK&4L7r5jq6^9^;S4v5zsYqJ
zCwnNbxf-MA$9?;L&@#~pg*@_Gyn at j>RMmX3?X&}wPRnK59vs8FE-?oiHMl<rH>MJ6
zAdobH at d1F_!*_`>*u|Vf)Ms(X1<JvPT;dH4pm7qVY@!<~np|=9CUd<b(JpaIP#Q(B
zhu^TqO;czE?pmQ89Rxi$Mc4>IWm1djQgr$Yv9%0-VdsSwwHWzsTB*gA<v?r$7TRK;
zXmBkJxKX!^gAIF!wJ7EjYXgJ{%xHJH(UbQ@%nqqh=V6m6lWySh6$Gj?G14 at Oa+N@T
zCFWGp9EiPfl#xpscUcP%3u8mVh at 1K3R2f@sUK~+dWOfwoBZguJ0PO-nQOokl%EAlM
zO0~(=39c4*-$a|vOPPmT#{0^8Z*GNY^tmjW>J=v^sED}hf!?G_dmc2twAEI5h>IcI
z#<4ZdI+*kLR*s2|tZNp-C-$}nwjRad6vLH8#>7k7M&nJkV4<aX11X7rLZV!`<aKc4
zYwC<qqOsj!TErT;BK8PorqI+!?xv{}3WdsErE*Xi|GK2mB1n9?Q1FTLb-{L!>OcS4
z&T6$#iQn)5UO-L28>kD^0|cNOkPLJOQh-z-4d at 391BL@5fE*wf7zO-x`{!>@eYD}D
zB^zdy;@^gka{70vPFw0T<z&B{=L<qut(@?Q&#}bhCQJ=vBq>;C&Z`?WUBw)&8a(%a
z99K1VHgnYV%Nd$;oJAyinkvXoVh&nBpXB7g8v5pZ(0LQ{%ds2&gY8_+?Ua-4 at nk$>
zPD+JTVp!^roMvC8g4&&*<P4I|4voZ&QZAxPU8|6*cExm&gp=4RQ|hmY0kU=*Q+=$J
zW$se!<RMvTr(X^Y9L4&x1?b<L&@uSo0r*Aymv~QnCw@)<CIXXyDZo_VXCT3av6q0`
zK$0tC%YeH;PdEGq2)G3#;A!yZfbW4e(33^Lcfjv*A+QMCmZw~Qh=2t(+kv0tq%8v9
z$y2HsupnR&s3w6&&Sq}3vo}*6P%^tc_V3qcu1tYnS~)Xj-%z1$sL0Md6E%=A2gal;
z4_rMr5fOo-z|#U?G%y~J^L;YH67Q$s`W0Xa at G7tr*beLfb^^PA-N4W1Kil)(TQANW
zug%c*>)EMibibawk at dK~?8P<LmtHj;Ac4!GmU9h*CU}V<NfV2d3Qyl0%Umo#(j&`w
zl!p9^GF|L*7TQq{W&^+Osw3sMOyhc2kD1Dl9^^ywx%Qj%jAA89l~c1Fdsj|1X(8E<
z%4HN?)>hVBQ+;pi)Rj|%6w1jCuzrr*`uSN{#p+ti4_f8ew1v!@c(w;P0vrWC1+D@=
z06zjh0oQ=*0O|iPKpEf;{Z|1s01v<ms0q{s>Hz}K8fXJN0kj3$0qp^@Asv8 at z%XDq
zFal5m8sNu^rw^XqeDL(aRX?t}_}aziR$b&V<4rO7t1g-)-`15VahvUINn8Uik?~@>
z7tK5*jt~x+42m>%;P))mm0H^}D%RIdq-CQ%qr}=s^)bcEn#d~aNi*M^FNaSz>Q{_%
za$>R{>z!=Ro&?mmmX&Tu<DCT*10_Hy at I0^(cmY at hya+4?$nL)kyaH?iwgTIL?Z5}X
zZr~(v3iurO1t<e<05^eOfm;C09e04cfH&q2AHWyz0|J2{AOvU(GyysSKVACb&=>C?
z`r^>)pH^R5c4^+~OFU+RDMo9Ik%@!Iz11*t*10EgBvec{jjc5aSZ8mGMrFJ8API;P
zY1ydnpOJvZatWw{{j4dCZ6eSK=nQlLx&kz}cLS1vEFc at m0dj$SKnqL&CIXXymw{J+
zCBUn|Qs6aU8Spyr2Jiu}8`uNv1 at -~^fzN@{!1b?BetlrWfz``a&pWVs!|Ib?pPXQd
z(H>YmVD(AH{)TKbk^isaw~bZtUl7x6 at I$1r+|d?|%KWdakJaUdZOO5&`Blq`DBU4q
z%Wd?I1=F~H0o(v?0>1*cfZM<wfPA}qz;A%B8*~(?1^5GjKoHOz2nAXIU4bN^8;}fi
z2YLYHANB%z1EYXEARo{Ig at 7I?yL__ja at m3P2Uad!IrqTI^(!xzT^?tO$vdzTKdY|p
zSc-g`kD00}-usB at HbzIJ@gn>v>olsv`@bWvw)rpeGEi)Zjn+PljIdxD_i?~@U;?lh
zcnNqJcm-Gjyb6$S{~E9i*a_?cJ^*$D`+)tx3E(7f3iuiL1t<e<05^eO0a_p22JQeg
zu|Dtyd;nh{00;!?0`&j^Xbs%GcK+HY=dYdrV9f`2U%xy5gS%@eW}+!ZXN-}Ve&eOc
z!Re4)>l_rvRVk+17*~<T9L!bLX;hYi>dNSY_)WeQ>a@|Ws<q#`G*q%pO=x`E08apI
zfp$Q9fYxvwfR4a0U^p-WPy-qu3&;nwfDV`i%m(HF&j8N?a{*ch&I9HHYk_xxb-;RH
z6R;Wh2si*71TF#(m<RaGP?^`2V?@rCf}(ZKiQK;rNwhu6B8`b+o{B3HxC)iIUulf1
zZL at 64gLQ6JEdgTh?5gY?Ye?gL3HTQH4!8_l0ch=h75D*g#M<2na0ZlsJ3#wi0YD%S
z1jGQbKpYScv;tZKwElkrXbTJk1_6VCA;1Vg4H$qTU<@!1_-FZ_U!!XNm!ZZ7 at n0|I
z`7h-E9q`X~?^r_`@A<$2;CWyn at B%=4HZKB;fla_>;C)~Vumji$d<g6V_5)u7-vAeY
zi at +t|TY&a`E(2EpJ8;4tZ~z<u7r+(p06YONpgHi*@?VYj*;J+f-(jo7_6UjkpDpJ3
zFXaD^7*E^1V-0D%LxC1R7!VFb0Fgix&=TkkqySF>eSm&Ie?S9d0olN0U<xo5m<CJ-
zo(5(BGl7M`3&0}a6!0DJ3s45cVRUWrT%V^IHmD!|!MtM!^R-Tk_<3$ZFyF~sRr at 8Z
zbH5J93v#fp*}GN;gt`{|Bn$C0-^x2du-&4CJcIXF*d8H~|AWOm|AqYjT9kepJ_M^z
z`boSdK1uwE1wV)<g at 7KI2pW@s<G=~vBaFrY;3RMg_#F5ixC-0`?f{KzV%;F0k}U$i
z%2R%p2Y&cp3VbK8=NoyzqHPx0&dRfWE)N{D8Tdq=vQHk6Ut<~K8p7PVxM5$GZ_;B=
zLVgudqY2EWooWA;QfXgL+|#WerZ-+~55!J7FUu8#Ux|Ca3S-#{`^0|4=O=*C0P%YU
zFcVk^YydU^n}PR%Q^4oIG|0d!0LjCC at LH0GgSb8c$mN3G4s!({`M3p;e0V at MLI9GH
zRzNb)9mobsfv14`_imM4ExTBD`s$&pW&6wa?|T3Ky$$={zPIw#=byQ^|K7 at bQ%ba%
zvLW;~?UZi0K4hg|&XJ-P%p6zRP(8yhCv0SIS=_Th>g<a7#5m#rtO*UeAO9;WHI<j5
zBr|m}j`#r!wYKl~-1<<^FNZS;u}<T=$?TPV24o&J5WD>NUn<F&7v!6>J9h$NiGg&F
zDnH2u_oiGNij>Tk?^yQ5=)hiyH_BkeK!@^*C76e3>BJCHL6?gH&fF5>%moZ*YFi_T
z2Q>aP?qh)|z}vt^;1uvH5bO;f4~PZgfKuQoU=i>>umv~*90i8pbyjy}ys- at YB2W3z
zX5f-M#X|Ee0w?6zECPq+DIfi#fjx3+JLCb2l=tN+bj|gV3kcU`@yb%u_xJyTZppcZ
zDBQZ#gU-$!`=J<yb)c}bzM)0<rN%Ft!UEDMEY>4WA-h5vQOVBu63>a>vw%6k0$>sF
zBCr@(2CM=00w)2IhnoP&gc7{=0O|wLfLuN{BP_|qPF(K;ZvS-gr;A at 4-FNi%`|rH=
z!ko#)bM$%XgZroS?@@7}_#7|Yt)#PAY9;-mfih}aMNK5_gjR?-=r3s(4WvwGt7{RS
z;rdR6&9#Ve#EAft)!7TH<C{Zqe*CXFH>LRH5I4-Z$wv9|I5EYX`zc;u-H;ereWh07
z##)J+WF>B^sdjT6qJ`v=5=ea64 at kOu7T1@FSHMu{@i5>;U@`C#upjscH~<_3P5>u?
zQ@}Ogci<1;KA?bC77R21h62NY;lLc=8Q at u9F0d4M4cGu|1hxau;gyT?fcd~%!27^9
zU_WpO_yjlw`~X}7t^>c_zH$4;_1l-PpS^tK@}b-N_w2mA_4aRDZ?C`o=K2 at c-`>CT
z`JG#L-hSr!owsM=|LvXAo;S-KB*YM`<&x56TqL*7YiiGzBn+u7i(rvpokw(NV~n+G
zo&UtRaqCQS3j1ra$Hp)y4YtGB;7s)CJh{oA{9MvuDnIi%!&DR1XSJr<QcaXYUXw8l
z%5+6FNETnx9XgA;6GgU~_$={L;$?mCfOseIi1 at P%_#OBIsDtrN1hN5%PsD?tfuLG=
z(;qMu_}x6jRRwO#vz5sM)g%Cy-+Wv#Ut)zJ57?&mwLDuj17FI^SOiYVQ$DL+K%Psw
z<}=11?E<4sH{Zu6ag<wg&RRaJ9PKgBn41d}r@%$6g8#@%)RK4>DC5~eTrUES11Er!
zz>k2FKVxoyI}ihO1118KfER!Rz(L>^a2vP-_y*vf0Z<F at 2jYNI;3?n}-~_NF5PQtP
zTHsw^9ndle_lbbLz=yymz!Bgma1;2I!g!tJr@#r|BybA21bhp82fR|3`;qs`u3f$M
z9shUl!nF%!XYL(6v-?chy{q?jY}vS_Y~9-{m#<v%_PV#%Enc^H;o at iMY9+=WGssCr
zB=lr^J_Z_Ebaw>UfHMyx^-ix*NTt6Nn>37e=gncx284+Q#nWR=bk28#*NpR(*t6W8
zh~6Ht*s7LaAX_2x_DuGKN{IfQ|Co<C#TrfS@$=9?tY=VzWY4zc6AiQ7;o^jFZrD#O
zj&$?|fcP!(`UhMSzeB*k#y~Vc{3bq62Ic_7??u2z0P$Vouf$tl at X!wk2O at w3U??ye
z_+652I$LP||IvVjiTY;)qA$pWj#~mQ6b`f+<X5$cAM*f72POTBf_{+>_6Aab3BW`^
z(nm=bNe^!UlKx4$_apT0C%_kP1@!|gcy1A};JHQTEo}P#V8CL!uz0fME4idrGw{z+
zv#3<w8qQ5_Tq;<7v;F6$iSybVC-R at x99$*>h&LkuHK2sObOAa8U4Rq7N#Fu-5om&E
zs+t1LfN&rJhy~(+VZd<USzs=(9oPXx36LWo0q6i&u>PM7SP0T12Of(gKC+NA<H4n4
zf4?Mn0<>$iJMxavCoo at e*$JXKayxJwkoZmf4Fe<|6Myr7X8__a at pL>e0ayyW1}p<s
z0;_-*>SJFg825jGWS|FN0E&Qjfpx$RU?-5!0P{Pr4+w7vnF9I(Qvu&bupK~iU<~jA
z at ELFn_!YPX)WED73iJc+0``rucn0Etc%T)K1l+%O<NCcHu3x@)`QqjC_s-utef at _M
z=kK5Y;nVYn&+q$T_xT<4Z_AGLJGQ*DWyh9PTUKn at v0~YZmlmvG+!L5Ov_9tg1bYP!
z(b+GjZKqXyUhUZfJ}>4|Da?wd at o<>OJ3O~v at Db#uzm#ig-=_S`X;B!I$=48TkaGEC
zOys%vP7!j=Xpzrz5lhWJhLn4GlX#w+GaR`kpMx{o<i|*!igYHArBw&;OX8)(N8;gX
zU>&d?xB`3+G(k(70>s}%z}LVxfW+(W;3x4~3+Mpi_ZUFpc{SDDLUsQ;)zG5VSD5U$
zD7$8l9N@$p$eMF8;#XW`_!SoquK(gZLHW%3&xIwBbdmIM7qAc55449al3tQd?w9Fh
z+lF{P0GI|$2PFM$20bJljRc~A4}pCE>FIGm1-&Fa-3nO9fCZ=jI|CM+eq{6g$OI(m
zav)xF6T|t>jSi19%LJF0AmYh3fNbYIK(d($u$dizt^nE37lFlqTNBtJU>Wc_ at Gh_p
z_#OBID1mh=1)4U4p8!Mvkw6?^!TW~^+?2XU=j;DJ2QJGycfn==37o66^i$f2yT$?F
zJYNd(6q=OeDSVPLOGhB_c9D_4uHYZ>cPT*pT?-I at C0>Rb`8l#V)^Wg6;5A?w at H(&#
zcn>%QC_*t81I>X at U>mR<*bRIL>;papz5vbu>s!Fq00#m8Fg#ZRv;@?EYdCBTkPEyD
zECntAi4nL at 1-u9>1~ve`SZ(_OwSfEg?%x3L at A|##KU}|b?$og(hxQ-Zb7;>_<G-zY
z=pV%#+O&SpJFDK=^U7TFVEfyT9FC=}Z_fN+AI!SG9iC%PC?{jl&5*L%*J=u8-&#$I
z`D~mRAn>zpC`cl{L4WwzI43un!OwSSj1V4DI-Z}ihC;p()@$D7=W+HW{9Lcj=X~xb
zC*J5~U`{6%`|-czJ%}EOv;!b{Bs`2%V!B_>;=xxqJ;_g at a4hL%Jg^nm1~`IuPJlPy
z0}KO(19CpEN0|7$1=tGMp&!I+;&TgNATS8n3J~8Nz*9#c4R{!}{~s)4G3k_<S&zl*
ze`P>wG}my^Cm{cyi;&44m~93NBA)aGqM&DzzNO<@2NVFufa5?8^o{h7bni8Q^zR}-
zI at k$#9w1#L{R;qsfZ9M^pdL^k2nHGg|AYMe?<9RsVjG?R*?^ofzgFO{SvqQyo%9EY
zXMq6mtPVgt69D2_1E3Mm90&!XfR;cs5Cg;mtpNI7*ss5Q|E>7%%*SUw-udyFZ-1%O
zgnuJ2-qMe`YT+k2wd6m^F+SBP{i2Q5c8SP=X@@eJezhjWQzXqAG&`B^{!>WY9p<wS
z=BwYaNmqF$^Co>H-o^oPKK?0Z(jW4GMT$iLdkp^`|H&g@)_b}&OP0VfmPO9XQH1vq
zSnGmsoX)a(>yL#C>o2sezh3Da3^bUx%&{TRXgz$Y^~db|0rz>w?EaIx`ET2*KLUG^
zwNv%8ThDpy;~z_Z+y1H7GgH_a)_t`bNrydfp+bBL;_{iA<+40xU^;vTZxqYMIge$s
z1Xhd`1Jfg{#Rmp+SvvBDu?&RsQLc2r<Xdg(OiWrAI%Vko>5VfG#ol}yn^!nLY6q0o
zI-msM8o+Rth9+dN7#6{zfLIpC;#oAV{;yV!sp9bs`(v#<>T&k`u~y#larXSNRv!I0
zd;VA}k9nLuf2 at _qKF*#$*2?1^XU`vN<?)ZR=a04WR*$pikFj#{=pLIV^O!4tjBZp6
zd#sf|MmH)33y8-kaF5ZAieZnn^2g{##bBxU7<v8}-KZEWnIB`%AEO%;gH3|R*z?Ee
zM#W%r1UGSkN8OWQ*7jtqZ7TIcWjWY5GOz+{D23x+4)$yG2y3ySl+QGXp|pG$-*9Xz
zX|dU)VI|mFDnQNxl(x0CM33kEuXTeOB6UM=><I0J6|q8WK51AMt_!hSra{BC_-jCC
z3J{}XBN56#SkJphyJmXqrJ1{IyMy2UZ+5WoAMBvixd`5EJt*7a;m7}*T^u0mq9}@a
z;7<m`FwZ2E4=arCV^g&gL{~g$bJBclVw>1i`>UiKRURJ9p)3bEHaNJ_JN%f!0e at U^
z6PLM_k;QW8!0!p{#j~KyNkO}~<%m$C2YFDO0&In*Lmu<+kK```|HzZ`X2Ca{aNcc?
zP22>$%At(N;+T}qoXdU(1t+Ho_m6)&xUu8)MHBLqH at 3U~S2;V4c&hEXFJ;xaF>T$l
zPZ3cm=d6 at oT~)61UO1-emei>a&h7*ybyxlNJD=keVCX!+Abk&&^~}vE)X^6Xh2B~C
z6pm)%^_bDfv?rxUT4$W;aBxt%3SRY^dH98S*K6t<(%v_?P2Jd(da<2-+ZP8#X8I0%
zMrhrueye05J~g=Ap!%&x2=OBtb{rnuF|~1*A&ol?YTiQ~+PkDd!r10Lbd9 at YH|{dB
zNwOh4Ro5b=Afm6KVS=XRz~YvJ#<UzVJ!;^z#!1gbq)llva&Ei4XIkgH*}iCbhtW$r
zPFS5dZbz4~JG+csKIGNILuMaKnRR&Zif>1~@x}C=-_1Sp*ZXJxIQdigH&_2CFE3Zv
z*^B>I_pA3F+OIJ5>6OY7uAIq2z@;E*An8B?M|xt$U|hIo<fo)0C*~JK#6^<VX`jUO
zJ8>S^ty70I|Na>x670KN$#M@)iEQf@)I7CsRz&ZP2hW`CGh7wiAY`>RU1)UF`AWgz
zLx*oDKmN7llv3B(A0{7e7MkK6ZBT9A>MumOyHB~4S8&dM@*5GO4RHy-vDxRHre(g_
z>w8qfx^?c=>D`Varn~|s*^=6ec>eKWq}HyI)RLq+{v%Qg0pwEq4M;jUH4iEO$p2;E
z4H4x{S1o^XpthXtKs-t9a)0WjD770AS1G3zsr5h!4=%OtN=*p@)sb4oB(u~y*)d-)
z2M-SiJ3EL!J=PW6QrW7RvQZ;<L2zx`#=Aq5Yf`)_sZ*`gB=4R*0tWR9>Xzs|pnsiS
zJp=mp_8UB?Zu-zV83O}y2h_ at W(ko|Rt=yr31#0{c8kt$IB)3k<$hx}BI>p5yMcUx8
zrA@|;ZK at yLs7TjfWR{RWGFY2ie-u7+V+fg08Zxf9kwG6aMjtXME8v;YwWk);nVRJ{
zb7JFX#@3%auF3P$o4m51*-O*vPoLWS#iv82Piww)UY$)#o2*+Kw{C6hhE)+8UT?a4
zdE-^fTCQ0c_vZ50{hOjbIoR&#M^AkEN$cZBTYr0~-PMDM-+$HX&aL5pmJRv&;=n&{
zj{UuCQhE8V^77r~H;<K<e=S!DlWzRaUFe;Lz5<3lyw**Sv~G{xlAYsgKkIer(+(HC
z_6}PUp@{kB*ww2M?VAsq$#!q=o{*U~^X+ZSyHmox5BIh|cC=Hf@<ZR#3tDb|Kl1r6
z{M3_`Nk2A8>h{UiA7_2&zUfr|w5atlnIopT9y+^iY{}VQ_iS~)=6<-#rG$Z7nSC?o
z4?8dT=t|>N{_Nmao&iH5GxwtpCe?fgVrxq^-(+t-lxo^nQcW__e at 8XRR9T-;&|I#X
zWzat-rxvPT^Dm#MGvvqa3uX-1HTFh1JA!yp&33i%$Ece75m70p71eY at 2{*2qOABZC
zAW$9Ew3tx5yxi%hPF{9SN~O}v$=%D&&cU-zh`VnyuR0;V4PyeDC)bYZ9T3{zw`Epv
zn|?y8q4nFBHfpa4NgULq%ixd>X<>cyT0EKEsAFD8r`)iVf{?__sQ!lLJqx0TltiTF
zM-G}5-fw1TpE)r at X9cIvjLTjcm;Ow9-SctjQ$w<r#f^Nk%f!_k#%&lp??{jN2M0a-
ziDt&paoa8}Ib8PKM|a;p^V{x=P#E(hB3G1Bw=oyd;fELP-jZlDg(AYmVf%rQ-;+Jx
znl^dc^wo947q?ig&CFUAs?3^`y!xuL`<%&Nj*HrGzhmL0+CuDeJJ&q at mR;jcEnl3u
zC^+s&N*5<jyh`d?j^oMpdlw%?qfD|&*Z&^>6C*Ipp(U#cy>U}`FlSQ*4)oh%3(%c#
zYcLh5;-Ubm`ykjVZt3XS%Jt91|K0ljPW}k;l5t35D~2BZuSECJDLp<4Q5YNYsrF#P
zI0jq*%4qVyjN%ChKm?EgqyQs;0$>s_53p5^=r)1;oxx0S6%dg3Vd(r{FBgxo8vxt`
z;CM2BpdT;+pb2w$lEOiHRgoUAD>48iO$lJtjdDAj-97PCaOot(Ik8 at RGlL!l%0n0=
z!285xe@;b>Gf|SLq%%c=0(sIog_UDzk?q2gumn|OIZXRG*-YRI(OR%$P7M|OO<MNM
zdqo-ZS at 8r*2*FdxjK2n5VBM1hyb9e8uR^zDLzI(;;iOI$K-;bwb&zjT3oYSw;Qc)E
zIuxvqSVwI+{h?A7 at JaHRJ+C8=x%)&h{wpmj{h)2~rp#Wf!``in9X{*etcZ6|EOT`7
zm^Q%C+$+0b2r at sh)<D$ifL=LJuhhwbpkh8cu?{0{mcI^f&mG(o4?l!xQ%TJi^ahMz
z3a$%*Z2p(_#st;{e9~g6Pe&h?oA7J-Mx4!5-0^Ib8ly)W0zw6@)@HTtK!KxAJ28c;
zeV%yXh!{0R+cEOFny^vAt at 6D%gLV9faB}8!1l9w*rCmJAOACIyKbm>-5$wfO2+{W|
z3hW%w0(^=AwbNEaUFN~?%?s55H)el9vEBjS!eFi*)5_Q|0AIpzljMMy&N{Nb7#D at 2
zBO_6LE!~AhIFV$PVyi=gQJ_r^Egn%LuD5HZ=-A9I-}s at Jf*fp(up;~tB#il@>2^3%
zn|^XWXVE6&rYrMe9 at 8!;h5`6pHS32u>npnOKCK%yA341EIMcR at 4jXqGNVT;#xQlIY
zFUXn1CZRqbJ{DrV_xrTBsFx(w6 at IkTb+CceLpwVvqItdaDGJg<NsFkr*j|Aq^N)yJ
z at Z3|MZ~sIy0k!n0P>Q5N2hK>Pd at GbnV8Og?qRxvN>kJ;LF|G!TDajPI&ks6U0v#=Z
zXTkN;N0eS4wCg2MC{!eIS-aH{o;BLt5fsExA_ at XHPy4u{gy6|&SP)OBfg{wwkqraX
z2)AQ(KxvAi9jDY)vw-(g>VekS4 at +A9n4uGseNf&9b}Iz at ny)}#z&){iP0lYG0dx62
zXiF9!5e;H#!<HU_OlqcJ!&p05zzvFFGW$hRn~U<KH#8D~7>Pp|i3^Hw)EogbC7O|x
zWGA_)A|tCtvfMmkSGyy6xIqzx5vt90>4}pr7%Ls*sMKPVoLCSaZTw1?{iVBEzE{x$
zWrA3X3E!Yh4J%~?a4iR;PBd*>=o0o<Z)!mab3{I|1<tG=9}T^U-_2nm9UCfqR?Jg0
z%*0y>6e0X?FMPEI%H*I>uoUwpYk+a6$xW#=2BNL at kv}RATQm at TzoZatQhdGdK*}AK
zjW%72_})KRFM;*svPUb+x~xSfLDBO7Z6}s9C=xFrmzn|S&3lmk0iYzX<=vh~4lk=?
zLl%ncLn!LV<#g&%4>3LXtVm%bi*`)j`Z0Xe6?S7lxt@`7P?eO;<1f}>4wLPq8M9&?
zqKH_|po2Jn?ARdGi>)i(BUcN{E!hG1TCBdY58f+$AT2(S52J2YtV#_A;pW53Y$I!6
zH<Hty+<hTxu%z7;(vu5W#BU5(>wfi__i1|S0u0CB>YlOFg}h3|l!T3}r5)aRh|s?9
zxAE6<29oL$_^rnss4v)9pJ~#PCa;QTC$T-)_eQ5q`zzV>(_Ao72YcFli6lFlNevWi
z63 at zOvq^y2iAlUJ8SNRTjZ#UHi8-YKEaddVN+lSe7@}0*($08!g3ZQAB-)+eqkdm~
zs?tbEv!^%`(=ieaq>+&KlzL|)Ol_c%aCoHdR_qhrk4JrSF!xDeyo_Rg&}BQ=Gnz@=
z+8(i((V`LO${JxtI|j$+n4JTB#ol&NtX36e==QTK3qhGZ_QL?FjDHnn=r)KeYm74M
z9fko?nSd(F&@E3_=%dH9WsbuDsZ3xMW#W06rYJMdX&4}t396zDJu2nOnxV`j=V5?Y
zCWQUv at dkU(E`-a%jXt#f<qX at G3%#S;gN5*-=;+8AV<y{c*O3cn-+DI@=LP#tkJr;(
zQqfXco5yH2^yIVY6Ra-Ucf#%o84dSJH01L#y>rq$myS$0Zg;{?oJ++PcvLE#3d@~t
zx~WNe5C%^LHVB?=GWxoo-LOlh4zb?~X+->3D(r75pG(OHCA*)_=N|H;$S;fpg&16s
z_d#AyINqhHfR90Qpu!$L24d+&(lkHFX<3#OFoJoQM>4oa=*q1x`GI)H38&;`pA1U&
zY-=`oH#JPYm9#=>i58e=(@K6jmI~yzi!*b5dzzW;jjIHYDru45TZx)+6_C>1-oXbw
zCQDYI{qVKNZqn-7Sa5mcJUCH at uhVJ`!_)AEXZ_HylKi}P=6}*_Uxa7pyGi$_UT%@R
zWJ7|o(GOD&&OP|XxIKqnYUuaznGGxZ{&Ba*iL{QZ1i!q{FI(PS+UDEBUG<zd?_0cN
zW%9b49h*1&DX8nvH@}JN{pH$zvnB`nKcRlpWAUx+AM9)rH)B$_Sugi_bL^FZ>>eB1
z&Yf3SZ{CU%zsK8s5;G=b(w~!R94&hCEB~Kn&5!@~<HRp6+rPiQ&VaT*U;b at z!%Oov
zZEqjj>z(98<<yOP7M!}a>bEW*`*jREysh!=uocZ`y?%7yhiShBtiL);6LUOf)z`vJ
zw`XeZTkk$=_-ENdK#ME8+bo at R?cC{sc{|U~-7t4t?64!f_LlpMxZVD$_sJs at 2T#O^
zl$YBx%kg^i^vdt|V4PwVutzu#FVy7e!^7zBwC6q>xi7+f#xK)%O+7yT$rJnh8;uEn
zb6#Tj^6~6qlZiROLFa;gI at kN4lj{!Uv=zVHUETJtcjx?eapCuZ-^**9_FYPB|4Gip
zF>QBGobvJX6)PJl2bUB)y?pGs&BJ%59AEy#(a4}TlirVbp{B>oFMIFo^KQq?;~#sT
zNbY<tI=$h<mGegr|DxXFr2!XWdz`%O*XN745$`^?>f`c_`y!4k?Y(#6y3os=9kg)^
zd*ptX{`#u$Z&P>8TcufZs_wDPTYo$KC%RI(qoYa}`AtO!X9HwD at af!qO}OlDPqh|b
zKrJK*aX- at 2b)VpwaB=+W#q++5%h=JRbNYr)-raGBB`yi<aB$g)*Uo)$`P->+pMK->
z`77O314EZMt7dDChRxhkHZF8!(5kaZwLc2YyLiy|$`2*}A8&fr`<rfu^iPg&@cF#y
zYd4=4PH%4hdHr8P&kx(yaAey#UHe}>dAI4M&ObE|akY!L-uQ^~iA`5wmuCfj;OJ+q
z at sZT*YXf`h&c*ud_Bc~47<3tp#{@bT%|7$qD=m5k?bptzn>%aKnUpsYPIMa|boSdx
zihbMFGknkF&rlDZ?04qPKcc^Eomc1By7gWAEcj@^um!PaX0L76u;y>y{!w1H-s-o%
z`1zoFotpKV_C7o8&%&dL4R4etJiq?>`MP()*On$VTjH?z#<Weln$G`v^Rsuq*)jWz
zzMayij2IvM#prW$7AAl3;-VEE`vwfV(zM$M?UByU`0kut(A4vu^6G)S+->~^51k#^
z^NEEQ{11H{_}uE=$5NiZ6<c_zt<$<$3!d7OoxZG_clPwXPR>Qo&P)ALV^=5r^qon)
z_dNIXcOTsJ+}CGsr*m(=^xBq9ql;YDWzShWX#M+}-qlU`a(iBfg7tYNvkTH9*4_<T
z+kCL&c>56}>wfXm?d`js>hKv`|I5_3`Ynn&+GXO}uRqRRlyGPC(lJ|3zY{ZL+^oM2
zFFCTd*UFQ5nhgWqaLTL~q`$ZM?8prLmwSWeeH8b7*|VQ!ZQ1eT1=XQT{l72!v-#T3
zpPm!9Z07OrM$}ka=j<=pr`!%L-grIvUf`ZDMh1*~dP+`{H at a{1|Fu(#*_-{p`SuMD
zrpg>}++lTY at _{omn*4mJq+yfO?q#j_z8TQwyHB>&KkC+P__4IjyF60e10t8-{qeWE
z>z20fe9&WQo%Z*BxOZ{ix6bVcb^LTq{*q~z`-boS^V(+z>n(4;bi%JUkJtLVWZ;4F
z-}g1%egA%GjOU5$kWc4?zjpu5wU6hlYxn1$JG%Oo^_<*Qb8p^(PH(*Oo$~sx{yr`H
zjc(Mq!RQZs_bE at _oPD(6!uY)}cX#}A>FnCKjyBDDsknBl*84YKsH3>N+_hwU;b&eY
zp0j4X;k%^xjWdd$3qNf=ByEto>#xmTDvj^<;m9lLeGXjD7&qXf9do=7?%vhSwWy^>
z_pUdzooYwk_3!0VqgzLx6Z-p;=DA+~xzCShieCJEO80jCu7-84)1!IMs1*$wznnGa
z{ap76FZKJu{jV{38^<~q#lL;xsX4W`CmnJ<(rjA2npYOzXuY&a?f&y?Ut0WvYJ&aS
ztCA1xO}nQV(z{uiA<4h%u1QG)H(y!A#&_ at a&EAyvnw|gPlegZR<1 at Q%+VP!}TZK2+
za<4<&hoc8guXC(nvyArhoIT(0zdpLJ<2RSJPhTxAv+w1%{f`=r=I-dd&S^{T)tS+5
zo^4xt`F^mo*H-V{Q=0~5q$jI<idObJ82#Ih505rU(|&UCl55<;!?lLDe|O#=`7OSD
zW&PN`myg_;)p3`yc*7IL+mu(&4S#h at S;H?I%=7$p at Tnb_?!Oy9w*0qCJDa=~{z1df
z)<pQ^oS$>1%ehVGZ+!Uf*d75vtC}{5Taml7(Y3Z6>N(wRt-sXpqo$$HUU)J)Dx#p^
z^*vdtnnT8S>Ki??z_sVt^CvrXd})4-M#<Zz?Rz8O-4$zZ9J|+i?5VsT6KAfiUGwds
zb<bS%ZM)>P7}uySYmU{<(RXS7@}7Y&tsV05%qiM+``&qXdh3>3wtF4*={#fb>l<R<
zYqfCd$8MjGSie3bIz~CD{`#BEmi!hoD*oDtE_V6FKP~^N#R0ckKLiI{oRrz_#8aRB
zu}ZsS;laa8f(Lm7x&MBlWcKIDUk!TsT2MioInN)y7U*{7^4DX%!!LV1 at oUYLHZRQ$
zZQ8hT_hV0<8x`~7D|K&<K6~dtL9eF|#yhU-e!gqE--nv#*G*IXk^20XnZF%*W$lp2
zIF}y_ZmX}iTe&{fxljGi{T9tvsan1;opq0H+`PQd`^ZyIx~8Qq-`MTF4NiN@)^$^i
zF%0c~Amh^88#Z=taCXd{nC5Sedt;`5r at dZ*@69 at M@WO;TYnJs+Xf&jF@$6;8FKBxW
zKG$R0N3FVVzxnLqy<d(#azdGXx!=m1r62ogUHjCZTH1V;^Y*@nwF}$qZWeMmJn4l(
z|MJh$j{o8ERl9c_&f2#dqH=r2 at YbfbVQKqccYV|A_8)eE&Z%vLK^G>}daM4b3scVC
zuk~F@`Ic7Mxr;YFow(xc%K9~Z?lkaq>3C;Z=u21IOdrtp+>X$0i at c(|`qu3KR=;ar
zts3U78g*gK*XP>$bXfJu$OSJbrnU)~`19CB9hRrWwYoe`-)!J}chA<ox3W#WSB at -O
zICw_S#OKfL_IxkLBWuT+p}IxikJSzIY8yFfV_<1Nw(&&2V~0=t71KHX`+lREpI&m{
zlcPi8%P#Fa5HTRSQ`4{N*Z<S`PWxu#vUZQTswz5k_x1OK at 0GkhtHYUuwBZ|`bw1&E
zqQ=~1qc=>AT^!wX)Y*56PW1aE?kBgO4Q?Maer9c>Hgk4=mV51uR{AenZ7Z37;M34+
zXU@)T5gk)<Cv*0P$Ku-`@;|uvv&_rk1IHOWYVUIV#yzA*H}4*0uO^SU`nq$7hwxjA
zt{V;C;#C?}CT7*~d9S^XlpsvojVsJ;qBp`PY1#B_^iF!Zei-31?e3IfrA~KpyXX9n
z^D~dFJ!L=byBJk$`-V?myRLdSR2eoy{lQDQJ6?SCWABWpuOoBT1S(tq at WSYq_vUZC
zHaDS<U$0qTw#i&SV#-`y+;!jV`Q4lJ3~AV>Nm%6K!WxZ}pI>rpcG_=~-i=@WT)*#v
zm%r8F(2iqCcZ<d^yYY%*+(!*}rF)M3oCPdOdAWS!pYegSvcv274gKrM4*D;rJ2rXa
zz>y0LURl$_;qc(?+xLHC>bk<N1-9{QxvR(~JFGabDcvmzRP^7>r6Vw&GH<S8!HWKn
zxnKYsMVVhD`be_juSlt)b7H1++8QP9s#K&=Q3%X5Hn>=}rV5cr>Fx+03D08S-%#{^
zEp0WhC)&d`62 at o>^|?B2+u+Esh+sjZ&Cq4$YO~u0_f6~4B0gBq8`RoNb)HVEX&YRs
z(FeD0r*eHl-8v($u&25}00FJOwYqI^j=@mSIy_vT0q0Sz57QNBv`EX+73QlA2o`3C
zXBMi9K{!7zJSrk0HauUQs|^;?vm at IE=NTe{1w#q0GDqPmJv)lxq9_hmnWJ!}&d9)0
z1v!itQVi0?7*n2>QcO!JPqY*hEycu0F)>n1tP~R)Eac?nYDb|*bP5)-ba_c)gme`g
z-i}7EbyK`E1-BvTnx3zqGj44_fJJ~id~HeVOF8NxEFl=zv^=BlaMQP#>3h8NO;*|p
zqHi<O_xb1>ZS<Wk`c at NtuZ6zZun!A3dUrRyzmwkKMelK;_pbzi92{Zp#?!7jJ<3US
z2|#^->T3Wr1aM=F?!4fB6KDfugIWT#2SRP4Zv)ZyLFgUv^qy#XS1`RVwu2zP!;{_}
zNAHiKcL>pYM5unc^VA3+YlS52jp7L$APk^=KV-oU58aQzyJG;_JE8U^1H%AXhR~x{
zOMsogQQ!yQC*T_JGf)HaTMuXhv<2v!%Gj1*BY+ZMA+QK|5qJsM2Al%u$)TITufT1<
z7b at 5oNCY|qxY@>%fE<8Ugs%Xv0!x8qz#f3q_9k!(xDDI|YJusYKoWpYEVJ%FPaq!{
z54;4>gOE#rrN9TkN#GaY25=L&1^76iUqBn6Ezk}~07d{>U^eg!@GS5gunsr?TmrrW
zE(6~K&e(<z1Y&`BpcT*t7z`8v^MU7qg}@@<ePAE(4R8^-1bhcLK#)CwP#_El2O at zd
zfh=GOFb$Xv%pl+alFh&=U?^mEF|Z#9h8zt8<^Tt97x*^d>m}-s_W+-A-)Fp4KIPs6
z7M6QA at +p5|&kINXf4Y9*8Q#Z9{O>f`-$_s{lfDMy+Pgk_KM4w6M!SQsA!YPL1hzUE
zgp5I8O`vcBt9t_j3Cn{&*fE|oX%c;C#}l_e?aCG)%9AO at r@V1ZPkQ6lXc?&>Jq1o`
zuV5}^M4;k<_XzTG3}qk%Jby==YZ~K;7Cj4;il at fOyzEwZqOMP<ea7d-9qh^UwYSGj
z9-O_(r~qA+m;2(c3eS;?+l-MgHL<J}3_>IfK}#3}O0)I44clpvRg|OcWLq>_R*@E6
zMOszujOFFT{zaotkw7c_jY97ts-PKHMOu6nX{~IgRaGDT2GiEK(61D2r`aAe`lXxg
za<<2eel2CYTpZ+YI37;O#m1`vo4bYB+U<z5^eY5Cn+elHH~^ue&(3ebv`L?moeOg_
z725PF^o;N!rcC-wO*2eo%b;1UF;~&2CTL1)g*m8MFkWNX0H&!a%q2hvNi8WGtTU+t
z*9TO^AC<!li5so7B`<CdqDu6Gs|MOk`bQh=q&MPrE2?G-QJ8Q71+M^~psgoRa48DX
zC)d^@GvO1o^%4q%p{*;?R(hgi2hbF4ZI8Bwqpj=ER)4gU+DdzRVoPwskq1!QM_jcQ
zo55o#osN8ft~H2l1X?jboRKc2i&{*#X6U-PF*UwI4oam14d+frDbC}8J1&g<3D{wn
zJb-W at 9+(2m0_Fe<fW-iPG=3TI7O)X`AJ_`)08RmCfG>edKog8ybAUcvJq4Hs%mC=)
z)k}dDz)IjSM)oA|18 at U)2bOCca0WOBoX4nN0&0O>fk0EBC7=Tgz*Jy1Kp(X`3p4_E
zS^!Bv3Xlp60!je-c-jo$Ie<Q-^%8If96SfyfLBHzN*IR?*2zGh`grjoplk$50gi{D
zZ@|JPa1;QNLgH=!5Cqf)>H_tE`am$y5Fn08yl{qmIzvvK;r{*Sg4*W{X{rbai%ELA
z<9awS0+;~22Ax?0>{UWH0QzKnF(7eY;yQhv at GC&#+Oy!?LZCi4*Bs~oj&w3|=VhEv
z0~dic(6x5~KTJ^csjB60t=|J2p?mbXn-J(;9Pk1-_&V?nCcf){#6|mtpbvZnPM!yL
zf|H*DiSUD;1jYg5fs4TJKs|7{8PEyn3(N%O19sqM4dCIqFG)a4jPK(>Rooo~P7+1~
zWE+kG*8p<n$%!ZDot$=Z*2zgH=bW5!a>mICC+C}-ZgRHC$tLHToa$YG<W!S0?F~~c
zIn(4s4+kVCnw;l%0m*qLr`gHT>@<_JJP44SWpa`?1Co<W&apitQF4ySDNX?-r<gm#
z&X|b+vhcTnWZ0`{NNX$*2apr&2WgaZS+3_*>3RsHgKTgN5DQ4UZx6lyPk|k`LDFBd
zo|9}6z(O1&fPbaHQVJx_(wr`G(;4RnfjCcj{)uyCDY7%#>OeLQn;bJ=8`G}bqvAgW
z8;`V~n>p>Om{RVcU=xtm at YB}ktffsvT12fY6Ro99LRxbB6*_BalaZF!YTRgRX;YBq
ze&Et3YiU!FHf{HsAZuwek at nZ8(IwW>W+CmJ=V~^wmUgRYzSGYE3(_m6d9s?#gPWdc
zG4j5(w2(e0L$B_Pnrki1v%PD}6}@UiT1#u-b3MA<2R-^!PJ=ykT at _p7v)H`KX`bw4
z>Wn82FFSn8T3VghiS4I+xiiUHTD?vqI?UBM1Y1jM>NK$9(o0Jnt)<my|7_kH>06gt
zOAD{tPkYlP^e*|8<sSBc^bfOlqvV2;c^^I_#hA~YtX0p9f|OFvb>=wf%9Aw at 8Zi3l
zqJB<NjQQ-z)(qZa at LADgyE#s}^5ovH=mV2ok{y`&J*Fw0y{0Yx%lCjIQz)JBu#VDs
z1j1y)!X8j^nWL#B9^a-%gQ{CH-oaEd-T@`!9jaUMn4PKQF*}qzW at lLvu4tu$KI&(y
zpS_b6cm!3!bWPCNEwqJ(r=cq!A_?mq{#zuh_xx{>us#G<NZ96ij>0sGISPzoj-tAw
zXuV{G%4z&)!BO$>Mw|yKqspa9dnd!e0G<Sf0h|#nxa8HESCIhL3!H?=2ub34Cp)9K
zGm1M?@fkT(Y-SR5UuTn$FDF!>6x&juqygxitOOxtMItLjv9Qt_kw}7 at NF>2cBw~^%
zc}tA4Wrc{?CC?fn5ziVTk%#Wm1y7OC1<yz5(t2-^$a?Qb=+Y!Vk;o*!N9<BcfJi7M
z;K5x2Tcsn1v>AuUB~fi8iy at QPs<|W)d1S$p2tAVESrU0j!IOwQvfxRC#4bIg;8_xR
zNWqhch+TRF!IKDyUHTh>$2^VF27!}^xN;j~DR^dSGf%M&^K6y1G<5Q^^xGUNWw*dq
zS+Z?C%7;xO+t#C8UY4FY<)v)aYbjasvi8QZw%crJ$>e1n9 at u7*A!;)jFUvMNKCsP}
zq9d=@>49ywlo)wg=Lfc#goN5m*2%KXN at H31Tqw!LzeWi at f^0UF#^qn5RM}^d#^xU}
zN;SDRY~2r~FLBTpH{=Q+tpltHaX^)x^@Cg(Yg08Rc*ce1d%h$&;{x~ejLXB#`<&P+
zcN4Ky?jW|x{lPAcm6nNJE%7iBEAara5|8S+HdYAw^42BQG!aay34%#AAEB%Mz9wS+
zz98oB`v_gVTFXT2YAq1ETI&(Jx;4;5aBCn4ZVjxmtK_*^TZ;YNMZ_c`WO;}-MpOZ5
z@%i9I#3V~16cQCuTtQ1K=c*SGHi?KbZ<h6{77<p6h+Pt8-7Mn|(m*SO#4d?)ZkF$=
z)<rgnh_Y>#>4)l)DAQ(He&{ZV@@$sls=8!NT at gpW&LSE9cM)OsasQpK|H1j%+8q1$
z9YrhBD{{$lHSu7JH;<VPOBduJw at oaGSgtW1azSpn*m#64{oh`_{xgDSMPB|Dya$<w
z|GR=m#zii8lCk-_9-d6>BodD-b`l}c`aYz+vn2A6_D&-5$P=wZNbJ%>ik&49%Pp5`
zn{bJU*d@!om%nAgB|>7C{>E;dT<k1orGGs<X;7tcd1S$p2tAVESrU0j!IOwQvfxRC
z{<h#*yC>I=?*v%CvxfUwT at MS1$@E??as4E{IBXcgYQ)nkQL2~A+O7`TgC~kCj|hJS
zmOB3SUei*<O&EWB+Dxz?fv{8)y}-v>dusFcm}|o0M|>01bT8Q+4;Wb-FX4?N(oI3W
z<s-Wz*|HgWA0oaVBoPmZn(M^Vi at 3ojjzJ*m#1lx(Sgex8DOtRdwNkRyO4de+51Qk(
zQY>L6egT0jNzL%;A at MS`8B0^L0ZKMl$%gVfetekaRfunSGgqN-Fn0 at 2L>aqf+Dpek
zI^v-y`JwW+N7u?QkR^ZeuJN1QWf;hkKP_%lDlN!KTkOOeM`sr~MW(_FOFX7s#hv%7
z_s#e0uj0=8)%zACT`Q54cHfO;@t~IZQ29H8>;*guFhC?*pajb=;8B19mSpKEVB%#M
zo@)rhGdW>+Dklt2J<0g%?Ba$8QB8-+-wC8?d*jd_yu}G_AWd6(hyJi=F`icCWGa)E
z_V1;ZtMCY<bg2BDLH-zS!N!Z^`6k~n+=`92B=1=zd1;&9Tm>FrGaf3uF2`dUtu#jb
z&U?VO{^&;Sh~F)GfF~`h=mAynkKPfmeGA5Np=TCbJI=X(ZySk>6>ra3P9^fOlElvT
zI9s|d^0JaV*}gsZ;M+#*-&=}I<dNknUp~%~QL{bH|K3tGKHp>>Hq(<%vXztM(TJ{*
zr2+X{KDk6lbd4Tz<zz|ZAy-Zkk$)Z72kk-pyK<7|dP!zP>HSymDvrzJSvd)420axl
zwT900gl$z}diq$NPEYyD!}9XvW789~@^pF<S01LPedS?#idP<{Cz|D9dRkW=rYEfB
zVR}+q9;T<d<zadPTpp&U#pPjonp+;8SRqVLrOVUl33hpyo_3dq<>Nu|@-U50Rbk3c
zPlD4~I_ODl>6*^;6uCT1Pgcvr^n|uNOiy#m!)UJ6gS=Vt?deQDJDtf9r!)OpkIwk%
z6F<}Mb1CeXknBk3T3bWy=!^w8eq;F097NAk5zp)KihG`)>G!e}pNiKI(%FXz{M;A6
z_oOg>ip9^h&;trf?V)SW1be(Zmio4gr`1G&!rtuGL^?}-`+TApZ>A-N{n?g)s(XeX
zem&GtUXGuNSv_j9c+G(}_RPh>5x_689jsl`hZ(G=$m46`*QPEG0YDI7>$-ZhNHYG(
zmdV>`>$-X^`zPB)y`<JWc+6~#raZp7?YGr`dA#^bWBjfdKQFUm323Fe>B>bZ#ueh1
zg0g)SysFraofzrP*7*%9CV6LUQ*3{;)baGzY46I?4T?J~snu0_dnS$#4Yd?McGw*+
zhBo?bQY;$Qsz?kCbX{$4rZ&BITL*K_9;1#snClEGe$i~bc%6kqrkb0{V_xXL!8ynM
zHQL9(vAE+trMdiVH!qhhA#05m at 4cQ^Xn#gLcv(kHt{asXqdv_nb~l&(W$<=)f6woY
z8xq~a56IHY^`RuE)N7!-=l3mMFwQ+sgs$?W@*>^mRKvZ at Au~;>>_N?4V=YolOko}w
zP4VFLJ9eH_%iK0Y$apeVvUDNpSdh6V7aaZZYhZbL?V82-mA5=*eCi){RtHDGe$kQA
zWu{;*zuWn3A;vMdftW^DE7^wDV(7TnwuZz(F?2p+O(S!=Qr$jnbSJzY{Y)E2x03UX
z&12H8)9EJWQOHf%*3?|CR+m1_%%T0h-?lL4T-?q*Or(dud at SC1YEzh*?mpj};g;!#
zoZ}<R>FZNFMVM(X$on+XED;+$XGEFDph at _amgbxzU6)6jLopMaW6Yu6-ia~h8amc}
zD%KpbcRCttu7M<b-c#KY#TIU3$*r~r_G&AJ%-SOL%sk3c%!I7IZN%JC%v<4g+M0FM
zOifC6={LQtxi!NFH*Ifjci5l<vd|adr`xa0{B58}pW3{#V0u?EWNx!WH={{bXE9BR
zG3S<I?)2J~WR{yg-A8pZOUkhBj=jt+iL5b27D~%o+{<hOd>gmyZMGI`2k%I+toOKk
zP#<#-+qG*T3yt*~)88yR)H|~cIpJ|{u(<{IQ at 0H@_ue(4QKq?EVT3Nz+>fV5?8`Kl
zo9fpp#~k`2NFG|zXOArHy<Q`8&Apn`Eqs)DG|t2;%ziDG>hj@}E5wv`3CuUw<XA(K
zZ#fP-vY(Tse^H~3*4%>@PU8y9Wofj`He-9ElLm7djkH<HDBiLbvp!2)7JAlv$~<z}
z6NfxyrdB%k+*9VBG^^Kjtl6sEQui2ZNjoih(>Qb47JaiOm_w7Azdpg-AJS5 at 1kzhM
z=pF~{;9oY9+=sYhh`a$?ItDK2G1$AQ-SE?<p?Jv>Fj<dZ-Ip*1$BqTy_2k=uAf<ve
z0D9EIZ%qXSdm~)I+C?i^jVBdsWU7MA>8D^H4p6X(Y6bf!ANk??O>whhOIzYoBfad{
zB7Ci8V}CmqI at pfI54U4iHFj)rt{ppAWXIC*2B!mc>{&#(J-ag8o;6k5vt0bR{8jvr
z{MG;mc5k!;|J=xIH%GSD!;uYc;>gxDb7XDe at Ue*=j!f6vk=5(($X+dWWc{6;*c!Yg
zDWQWC^XlTn3VS)RLx6ohCpKuf6I-0&#2V!}v1eSISzRw@=H=teRK1*8-VkS&G|ZVL
zr#rJyyz~89fRa5MsAPj`W8~^6*^+un_IV>EI~Jj2c~MICLmwsc9HwO3^Ofv1t&-)B
zR>CWGVT0^kaGS at 4z2ND>wl#KPM at P7@QEC_dd6NzJ#K|`qE^K0^3!6{~7+lyBr7kSl
z!IkZ+?aG97S5`2_mEA9PW$nge0(Np^AG^4*LmqCdQGgpeQ`?PoY2?Pfh;d`5+qtnH
zfz3H?Y(;?^n=#If-2@`=a()*_cf6s&orN}ZXZScJ>onY*oy%}%ZyMa$y;66!M4 at 6I
zIIEb(N5ziSSFtPMDz>b*irwh1VmWwI)GKNg`xz*DO2wY=tiiNCHQ4E(8f>3XgVl_v
z!H#vQ!3OlN!HR2nu$Sw2upc^mFvlDZwjkew4Jz<p`Hr6K0PbKv>F>#s>wB`g!JcdY
zUhJ_g+>_1f>dD;FJy{tLH5$MDEc9e?V?EhsJ1-Vj+l&2yS4H?lcrkUf7fX-vV%bSv
z>;=Fs#f$A4<i*|}?8VA~^+UXvp!H(+Yt>}ULTj?8V`{Q at TGeDjyVqoA(`qv1h?=aM
z4sqjavX=F|*>}O->`;4eHldq0Yd*r8*^TyQYJ)eMTk6d&PVi=`iQa6moe%rd-G}X{
z>BE{f@?rLEec0=%KJ4mXAGR&uhc!0%u&={?Sx%HMyV=^8HR#~WrgZdW-YLG!In9 at S
z-`|%F&-7)Ti+tJgF}|#kw;#I=?Dq3xz3Te0AAxNleym}%AJeq*W1Bkrv7S8;ulHm3
z18T7$b!xH2jcTz0k+s;4xLT~s at LJ3<s}|b}?9$a at gYYZQ@9~^>dUJpFWJ`Zm(8{0L
zKjF_dw)1Bp?fse82!HlYo<Dm_ at 6YxI2C$jI0c=2c0Q)sDfIZnIfbB^NVCgvltn-)v
zRtVH^4P+k$1+qK!0@=V8fo$xkKsF^m5WlkxV&OG{*xR*(*jJ%JEIT2H?e7%C<_`^G
ztFwdHp8wb0dxv*XtO4718od*GI!Q=EdaooQ38W{G0O`Gx-UCS}id0dmH0jboI*3xF
zDxmZ(T}40yK|ny at eKsNL@#yz?j^~f}y)Nc=-M`tL-JO|zW at e}C>^#NYNbjgct(g{0
zUA1T=Iv;y`X;I^&#VS#qqAY^1nWIHTi5B-twYX8K#epGmeoJjxIY%2u4{a2sGVQ{(
z+0$Pep8?u*AEeC}QQ8b2rp*F19jc6Ucw4w?q9gLsVULdv7yIf^5u}4^e;q!})j_9F
zhrLBQB$eo}R`|9|2Ni8yzVy)LvtGIwh3Ilt*jug3Ruw(;n&@HNRF5w0^l%hz3qD=+
z7_FtpY{Ao3kD0yoDD9)iJYi;<9!K)^=uxQ0*b+U`+UT=RQ=gF?^;y$JpE=$1nW?W&
zp at BZ*P4($wsn0H9q at 5i1&}XohK34<u84{<@8}a&VEzp;R2n}S>HUnC=HsFq)0ipT^
z-0NY$8`cIC*%>g=%Yb8H26P`_z;}rTlqL(Q1~`_BTcrUHstl;s>&|Ag?o`Ki=SgaJ
zJY at NkYmE)bX=cd6u7*t3Hl)zlke0TFv==T$7;<c&A&pB6X;o&(x(Y)|Y7H^(WQ2KF
zBce@=c<yV&lt3ej(~L+SYQ)%TBR-QQ3cZbuX>Vc7X<K8y at -k*gzA;k at jnS(y#z9c;
z(t}UB_MpV92YX$6km}Y0<JcZtNa;a9S`Rjq_h45O6RcaA(Adv}6$vH`&oH5_nkmCI
zOc^7~t!Q*KWuz>!Gfo!NNj5RX+|HECvIN5$15CL+$dqOAro?2JVx413`vOx=v^T at 7
zgBcbUX1wiS#s{(rqM at r9P32YkL}6x_8DB at 6u{yzwkIT)N+oC5E+xFz9bx)Gqd$P-;
zCpEb}d8A at aZ8LNBv@_?Nra2d!%;^_k&d$N+v??^`O(CM(oJn0R_{q)!M_FkxVvq%{
zF&1>rx8QJ at 1*;odO1ZS;QYTB2_2o^onI#v^Eg9`$Nt;wl8s}KjFV~XdT2Z5*Yehc;
zE8+sJm=|uv-hozl#9DDS*NXQFtyo=b#rw^y$u_a(2UAf)WNXbcS8IC4SW}a2&Cnui
zPN>*$Pum7{JsT#v+OX5jhUg$0P7ku7B-(~P)ixYzY%8l-*|N^smUo<OnIB}!y%1YA
zCEAi)Xp8y~Tk>@5a5A#vkcl0YJ?+?ME$hFz*>Nq{4&woKvId#GXj`^tK@)olTG+El
z-=1UE_6)PN=W{Q6aw6^NkYJBWqCNVV_DpW&fR3?)Ea2oop}hn5yc~$_?|?}QM at F=F
z<gTkDUwb=J<LAiLFh^b#JEB_Zh-Zx>CptQ at vWt`CBPXuwIH9ZW#FyDljLC5#E7yr_
z1x_3)bK-uD6Yr`zv#PT*le;?8PRE&K;gqn*#2IT-XOiONSc)?R8ZI1f>B3?i7gig%
zu+hwgwVo~n`@2vc?!uH<mpTO&9?e{7(ax2_+OE85;mT1jSAzSyvTdL%`mwIeNpz(u
z*_Bnbu6(KQ#(4)flDyq`7~n?ZFgMm at xDi$0#?2BpJS*Ke*w~#pP2Cya)t#++?j#zy
zbKcY)a~pSgZn?95fIGc2gj{!dR=d-xlZV9H1JMJ{JU<Uqf;@OT%meor5AG*<ut2pJ
z-k!bK?$?W>VZAUN)(d+TPxM=RGDOFdcDkPQ_wz(iL6#Ql$*crV at -sY1%=g5%+>^W2
zo~)FC%Qu^PQQXms_f5P=%96zkYrGg$>&4f?l1ARV+sd1dg|JTEJnrhvu`F-w3cYzy
zA at 2IUx#iHChylHcitWvjg5Gp4>P>WYZ+z5!SlHADtDZhQ4fEk>ln*Csd>GKdm&ZoF
zoHOy|hOI9hqJ3!{<BM5_FV_lu>7wq(VKYAt+4wQZ-j5+}etb31kF#-pB<S~{yGb9W
zTl68-st*Ue`%pBr58l;%Sgg^PMMZt_9M+eC>i)PH`qRPDpPRk>3Fza`#}WQguKc+j
z<IjS8f7T51=ZEG2yssI+u8sj*wGEIqMF6ux0 at xE3K<}&oe#j1BcwPX_D*|X#6F^n>
zK<umodEX(BR^EZQL<F)tDv+w^Ku*O6;!zdI;@Ut=h6S?7Ac$P!ATC)1$pWlF^bQPS
zPjC<)hX>JRKoAQPg1Da-ghoXWOKXDouuCwtj=|gs2xd!>*eyahY!$*in-I3!hwz<K
z2xt96=oB1+dA|^XB0{iE4#6Zp1iR`GeyRzff7?(RnS>H$7Rn{JP;N$tG9*3}4V5r5
zHNr4y8^%{X!YFeO<5F-K5ust&_6uW9L>Ow3VI0p2!!jp~qj_QMFAXDCHJm5SL}gar
zaF!*6b2=-Wo;l(8l!i0DTR%Ls`|(z<epE;HV{TbLMpgFX$&h}Ox9N{{+x}>G=#Q)L
zWk7#g$M%=9+MoF~{n_3jg2mbqG}enCv}Xi^%p>?AGJ<w#5lqgAASow;@5>`_RF9-s
zINBtVGR;VKYDZ#c5=m)bB>O at mxgH(KCy9~t$csd?P`0atjsqBPG=QZ}1Nbq10Io>`
zr0q74t!)Q#N%%&0AVJ+_+iD=yE(19bH4xqCfue**?2Li9WDaCN)<6cg9z<cgK@<yN
z=7VVEH;6g?1`%F72>W(XWEw<q#5IbZ?oqraL<B~W78Av|gea`iq8L;ag`#5bY)zEp
zhbZ)jCdMq9v$oNwxkNL>HyZms(Y%!u&BsHdY1%S|)YdV~(Tib)K at 9iJV$gAn;ec-p
z5#cdB7Id;>NXm_2W8+xHH;v_a*H|VQ#*$_f%Tw!Ejz+}NPA!hlddBg at A&$k4aqRPp
zqitlI)LC&%=@QS|-QxL37;h5K^^kbF_mAg?^mxj%<IyRPXJ2JJ>pCQGUn_w_dI`98
zPawxOLF&f at R(d4h9GSq=*aSW(PM~e8M0`3X(oYznoybhnMB17qa at Qph%kV at g*NGfS
zN at R9PBKED4@Dnt3l6dTu#M0m-qEnK{7pAEv)1+B4E!!rOV42Kit7Nu#h*H76$&3z9
zW at SM#mkN^!sYu4GO$yb*ySgciv`yi-V+#4MDfI4}!hZi0z7pOKO5uU<R&WZ-LQ^={
zKLyW0DXh;=kp+KKiBwPJ^OmWUw at oEaGZlZ`R62D}CDc8Y&4H=Zgr at RoLMpd9r7_(g
zjUw|j9PH9q>ybuELK-h}g%;^_?vhT^Zt0BfnNGGtI!j&BrOr-AO*?}@IvKR?oxy$o
z3`WFd&@w55;K3Q}%+H{6MFyQzGpT5tiKc!gDTbL0Gs)yz!NejHC+AFlh|eS<CzEnv
zX-TH2?aLy+YZjJ9S?qAh;&x&d9g?z`A{@!fqP0dg);ig2G!pfk#@URq&&Ja+8 at GUL
zE;P<Tt9cH&S~)zj%8`7L!-(EFBn0K)7n6fqehxkbIXIN%(7(}OKGPhGP6wgmV2(Hr
zCfZfDJqPo%|6m>m59U$mV3rIT%;}85+z>|Q43;s3Tqeta%r=c&v>N3ytw}B=t#jF+
znTtoKT<&zuWu#6n-E4E2>y=A+d at j8P=i-=`%eaDE29)G7rYx6~CV2#P&11Ah9%~)*
zn9wVa)4`$&D<co<f;{GG<P+U2pZofv7|S4^%fgaCQTUjgU#H?JwIZJ(L-P5oHXnyp
z1(@m-FwUxgr@~F!0=9V-NPoJ3&s7U$k?umCdKPjaxR6^pg)CMp!l7vqo`P4qA~f0;
z(WQG4PmGFqU{yqfT at fu@iimS9BHXQrAde!-`V?`lZxQK(ilmN`W2Hs>s9ubTrYQO9
zQ;c?gF&70z{i1Et5{jCaP}!yg<F+L<?@&TqmlE_XOE9-8VWn>g1N};*9bLkWvJyhe
zOE^_of?utiqgKlN)}@^3RLZcfrHs)l<(OG1x)$PYS&Cs;De(hK>6k9=!mYAWrgkhN
zpi>zeOv<?6P)2F5GD5t|81GYtyKfm45oN><Dq~@+oR?q5y6Q5tRLV(gSx!>Na>kpN
z^W3Uj`rGBC_AaL?temOI<=hoaGs{_DS&quEa{6mku%vqhhYTy|WKzNDo)tXIsvs`A
zf+K?~_-sf8xz!a^t5q_;c_sZiRnpX`lA+F(wDhi&k at HG=M^@q%RVfQvS23k!6*oFm
zan-DfTI(u$IaaYes0!=+DozfoB90-bbR5D7-66cKKZLH9Ls;THgrMF-I2ka6PBBAx
zQZ<B#u0!c>HdNZ(Lz&<(l!d*A;^R9MhtQ$YFCWS~r9*KaI+Pz&t7+b<nx(C)iPx#d
zQMZ~|=G6?esivoWH4mJsDf6%9Xkay(QPuQ~u4ZDh8g>Xbv}@SeqlRrJH3VAJP#spo
z$I&&som|7rj2fH at YKW_<;fP%=>b+_)@T_ILcP;S=wK(R~(ygpk^7JrSHFFpv^oCJu
zKMc*(VH`>y#xS+vQYQ?Tl`(}5!+CB!ob^t_+2Jvqoq at xNC>u_ at is5zYn+G-?fm7QN
z%xpgb^PVGEE_`h{g8Q~3 at Ub7k71t4T2_At(#t1&l8$oT;kuuIVk}d5=Qr%@F7qmw5
zzTrqFnvKN4d?d$gM)H~KNV>U=<m=dxtj`!pa`i~;Ye!<<?hPuv-{5fA8 at w6!25ZXS
zAie4h%(dQRweOqEjCoU5G=GzRYNJ at GF^Z;!qnK?piZf=TIGiwwbBUwqJa`oAb4QV1
zItpL4xA;ioEwVblg;w9UaLIp*<$9wDG#bq+htW*-7>$YNXw3VM=1$aT_7{(4*U-_t
zuQrBjUSrtkGlu5=V>q2ShSa1nOc^qUevFmD&9OXfH<q_-#^P!}mQjvlu?ZbZWxugZ
ziWy68>{vFWjO9V<Sn{jJvZZ<~Gun(pS8E(zw&S?%Fph<8<D@<r$HTC3Op6%DyVc_u
zr81u8X5;B#J)Tw0<4Fk|&qiTs#CW<!k0+*fytIENa6xYZ)<zR#eb@<{w4K0!ffKlu
zHGv7a6F5;bf&0zgX1d|qTr+<gRnNCE4Sk#9L2pYta3U(bCKBa6k;=G<_-9Sz4dJbV
ziMVusN7ki%hpRU4;B5O29lYNm#OECr_I-zwW$%zz^$u3U1l at P}rq{cC5&SN?1K;Jn
zVeg{RdJ-$NCNa`bY_mz!T211v^CTR6CNW1?<3EX$36r=jC at PST<xb*7=_GtBC$XeT
zuB(|OW0{k2ZataiZ6~wQWwMls$*c;S%;TiVb!vEH at +T9eI)$uOQ%GqurB1DBt3gvp
zj+w&c<SERmokDe!saQ9kN_dN at 1ZqyjyxUZ~jixfU$5g&>n at XzZR9cG4Qbld4ZOl}D
ziknJo(NtzvPvu~vY4mC_jWKT1unC{W_p#GR&7a1D+G&`oOy|D(baGlw=jYDT8Dlt|
zGMDMh at R`m$-|6h{I~~X1>12gW=XvyWHsns{v%KltD4EW3t at p6Ddyk$j?@<u`9=eI|
zajxYI83ULhW2`giqCW#$iy3UQoq=~hu at h!6r*cM}f<kMPnG`wAq^$Q$`uNR6KXN9$
zQ)lvN_DocU%;c7!-Dnn#I?UoTA*9PJX7-rHgPyb4Z##<%ezVvTGK)jPzW7<_m&yLH
zS at c$&O+w?@1htrrjm~Vo3!6<y_-tYZ%qA{oHY113=B=T#d7(0g{w?OvvCSNsc9|pT
zJBP+5a|p4Y!@a6G1RB22F_ZUsl>5H4Bj(bx&0HL{=Av#impH$<Y{{6*XT@{5C9JBR
z%h;N^B(|By^ltN5V>pjwi+K!lokzd^^JtYck7fn)Sgt>x!$P^ye4d!k=UL!<ehHh8
zVgLE8j+{?n{Cq01=i}690aKbS;J(EIY&;i`l(&H0f=S^5c9k!{MROs?yDns>i`ZTZ
znH{u{yI~87%wI at uvqglqT*M}uMa;KdM5|tli1u8>tbvQTn6QYTibbMGdNF4jFJ?xU
z#cb7HOjn)7T<yM?DLocb;JTPO?u+R>U@@n27t?0QVuDpZ;FjtK=&OIgFw+mD at A`p^
z7k at x_!3WF~#*}=(^yW+Wu;&u|t(VZ&Z3*xDEn&0&67)lsa5;1d<pY*5ByWkldsxCz
zwWSmUEyXQF?14-9wqz;YS}bEnr)4bexr{fRma*G?86LjNIN5(0larTmJ%1TyO_tL}
zb2;9^@Q%y*y8CiedMxLZ_i|Z8cR5WWmlHW)ImwyJWmS{qxaP~T;^kacTfu^6E68uV
zg7F<!(7W3T99&i~IBW&sgH{ljxdOX_6_{46;F8e1 at k$1FUdfxrD;Z?Al9r;LS5eWM
z>9~@FUMsoVe<jTat>jMhN_JGOWOn0KShilpI^$J%nXJOxV- at MWSK-=c6%)e6JyEus
ztfso at YL02Hrm4YdezIAOqPjdGVKtA3tmgd|YiQPS4Juk|2-jYNr{5Yv`>!EUW;?Ww
zUc-yzHI$^Up;z7-)|IZIy48n#Wbz?B>_22i;D=bZSu2ZquVsqWTAtgl#oS>n34_)$
zCUGs>iq=w7vX=OvYk5~^9cT2`@w34?o*S*>h2uK*yRMV>I_uaQw~my->$qCDjvrLk
zOCNtdoy^x0Zn>Ud>-9AET+e5b>+u}8o<-5?`8;Ml{gc+SK4(3erR&KoTQ5pBHlWjN
z169J$dK<_z-oR5+aWmUMhQ$VYI&2`=a|4HZZ(xew2Hr^AKyj`p0Iu3VznTr~RozJQ
z_8ZyOaU)kdZKR9UMt1mZ<Z{eLu2gPh?vRa`)NCZD<0cGsH<4!{_-^89pH0jO+r-R%
zo9LFXiKR)KXqmbRt*T9oP}@v-^Ua*o-^>*A&A3@@#?o#x>m4 at J&vi4#Ua}prnY00$
zQIFq at cll=g1>@??d{etw-rH<ps at 4{^8E&D(VhcSSw(ynn7OdR1a4K{Q^AoqwDrF1Z
zQ at 5a#u?3eQTll$l3rpK><%H%|R)lONK58qsQnvCz>Q<^Vw=$+^E52o039s17rbZue
zuE|HZwfl(1b{|nFOzis+?g1aMKJ+7M27JWjf{)muxs7Yxw((GR8-3ii5$Cgw+5X$4
zZ?TPy1GeE-ybbNLZ7eO{#*_{p<EHm9x1B%cY4*n)tNoZv)lUdf|Ac4FK9TYAPf+Rp
zi9F*zLCyXXRy%*feqq$mPw=Y!gv=J(WnK8~d~LB^^2c^**KFrP=yp~_ZD(NOcB=BX
zbGKx>^w+l&sj@@H#CFi#YzKEjc3>H?L)x%A7*M){gRORQUFd7FlTOw<S<q`IWBcvo
zY4lE}WbR~4?M@!6 at 1lpsE==3*B1U%?k1TgFqMvLJ+{HU7yJW0>7at7W#Wd4TdFcKr
zB|e`rB<NEPMSsf5^iLTv_*2 at Je9E%wPx-XjZo0SH&0*ns>)lv&+|3x>-SoBG%}A@=
z#CYw-*nc;B19sCabT{*>b~AD4Zql3Y;d7lmxR~!@tL+}1dhcOa#2zx at _F$gB2b1zW
zMCk72l%8O+7k%r!xcTp8 at xZ+pM(w3GYcKOE_EKEAmtTZqwR at SNzK;)@?~^fyeN=SY
zM~&e=jtM)x_VHHwKK85Z$4`Gh(T4lcGuqE;ll=sl?Z at 7CKVg1iNA2gjuqk0b6I1uI
zJZnEb?GMn^_yA`t5765A07l*ih)O)bo}>fvjQ)%^E}wC=-)F=}e#U|3pYxW{=agA~
zF72An at d%LppwF4#?{hkre@;>L=S*yJkcWa#`-5CGIEb_HL2jBJ<f+p^u6rEhn)g8t
z4m`*=i3fR^e2__l56YP3L3WfM<ay;mx>O(Jmu80uFh9h2%R{I-9%7NpA$g~Fi1OG&
z98Ww%^Xx-Z7al at i<1qUg9VSovFdYpJ*D1!n<arp|^ux5zJj_J3FVJfH1)Dm3A$^E1
z*yH#Go%?(tZTc^%(fE>-PG7QJ_e-wz{8IXTU&{E!m#D>lNvz5dy0$vP_BKaYs&|Ai
zgCk5ZK0=D)5l*@sVU@=b_WK;+T;vhD$BJIi^dr~}K7vEbqu6ygD&t>A`B3*Lj^;;Y
zZ2c&!eU8#9;3y-bj<S64QEnO at BhcX(jpB|GpLL9YoMYVWaGZ4g;{+QWXP)tKa@>zo
z>T#TnLC3i*G>$)xPx5iJbC2^$-f<q592ccdCkR(R!8;x&*dKNR&BPO2$veT`vJ))R
zILUz~Cpi^(lCD7~nH+hN-UCjeC`4b->=ZezPob-QicFnT>@qwhdG{0^(Wh7#cM8+^
zQ%p=h#nPsyv1xglmYSz=?sl45{nOm<bDHCEr<s-^Zds=(EI!Se>eJj+Im0s5GyL5A
zj66rrpkjE2=RMBQw$~X(`JACopEIltIfGv08TJl3!;Zu=xM!Y`cb;b`9DIiF3eVtL
zbp~UNvlMnYi<`k&t{R_Zu+>>s*_<Ud^(;&B&dS_}v*->zOHu7vLff7rv%@*wwm8Q=
zr*mj}pJP+tIsAgpF>}B<E;l;Q#y01v&^(Vpm-EawKF`O(d8_k$>v*1#{^#izavuGD
z=b0OSp8gr<X;pllW{oazyYU5XXkEa__yX6gE-)kD0zuKTUwDD at LR`zQaMJmT7}u|e
z_4taS;IDW;>ML5ueMNH7S8Nw%mwiQZ^^1%%zQ{7+3*kMhi`=%pNPPT7nj~DrIP)SV
zwHG<n;u2P^FY%-PCCm*j(aq-)rGA&V*Y^@yiI><^c!`=}mqbC-W#YSD=2^GPtg*k$
zr_Ps|6>*udiI>sNx{OuPWttUVW<kkiF4SDcqV_W1b-Ti7-79$5USYl66~@_L;ibzJ
zj`?3<TF4ciMO~ps^cBV=U7<zV6}IGGA*%2SHwD|uD^#dmWnG)AyrXv&2b-%*^Sml~
z>MB;zS9x4<m4{VVrQdmto at Up$6MKy%N!PF|yT<6sYpB*-!>aZg>xAGA*U9U0oe9Dm
z{p<J`U8jA|>wN8co$n*B(=+)x9m}udtot?hvcBe|&NrA?enVl{H}dY_8$KHN4W_x@
z at J-P-ln(ob<sH7IO6yy4wZEmO<F};u{gyrf-!dciTW+L%i$T%1ENXHC$F4V6DU30=
z!GRt(NH at Ph$KV^R9&m%w*c&9Z`i{LO-_bYlI~mjdj?$R#2#yuI<U96rlQB(i(yskY
z#{1voc<4<QhTTLpQMU7LvbfbP)b(#s+v65HOmAW6c8mK$Lc}ec^KTJ4>=s?sZ_~Nc
zZ8q!P=1slZOf<Pow&iVh+TW%{|J$625cibZq-WlyZ{clLt9?&k=kHmo^*w!czQ at t-
zd&Ua+_TO_+_$l&xj1s=bKKXl23rDKHCra%OO`F~!u*DtPYu&+3{|*-2?=aKo4(4um
zq+Hy=J?sv<BkvFweFv-bJ7hKaf%$@}!4JIj{DEM<A5csELB_6rz|Y_=g^qV|al6Zo
zUUz97a2Kc8yKK(B%l(48OfJ03)RMb+mffXgqkHIgyNA2hJ*o}wan9u)4+8FC6?BiX
z%zHSf{79oFKk{AMA8FtDN4&cHh?>QZ{NVZ{H@$x3Lh+A;Xx>Lrd;gQueUgIjV-j_r
zsnPezh`-OMg!|;A-^ZxU1J-LlAk6v!&21jYe1iwH%y>Xq`2+S1dB8UYKXJtQCw$z0
z62%ff$sG5ec&YY~y-gnSVbh0f>-vyYJsvX5@*&Tx9-?9Uko&$5u?c?2l(dIT%zlV@
z&O at ry9`R-CN0_&L#8Ayg9M*j#;|Gt}Y4eDC4v(;md?e#)j~HM2NajvFBDT?EbXq;;
zZl}lCX+6eW?=j(KkGbjmnAw4kiAjCT$1Q)xx7*J=(fwK8q5e!Olb`u{(9beo<7at3
zJ>i<(6Al?aVVKzyGM%4r(ftXn`#q6ynkTGFc_QxxpD?ui3ENel@>cJs(pPxOdudO(
zne~*iil>-WK4tOHr<gQ-Mpc_<)M!5AVV7szHh9L)?#~D?e8%-2&)8)83}drrd~W%S
zYVT(<R`-krfzL1qdxrm at XY|Z_Mvwewj3{`9XT>x2w*5uaLH)wPpkFv0`U}1hzi=t$
z7ru at Ch0)2spp*U!nuC9#Y3VP#+2J|1+Rs^`|C|vf&qb at D?E62Lc?-`uDcmf3j>oX)
z{M_*cM|56r$>0TfrY~5~=LOA!UeF at s1<TW4FeCc~Sv4=1+V~~cn!H5Q<)yqAd|5X`
zu8V2C&L3q*nbG~yOJ%ssdXp^$#V9(N8nzp3RplcO#VC3yk1F4Mcqt!ksESKt2FQmM
zgM|Vr<i9yV^1(&Eye#S~F1e(M5~yU^SI$-@>iyBEyz)nJS3Zi7CHw1Q`upu>a;&e8
zvS6;NY9lobbq!TD^_ON`k#W~uO<#HVQn?#3kz`AV>6AzeLdC8SyT8PwJ{F?fMEp at j
zLqkPXrEw$GUsnxixIx8>;mThGRdP*A-93ofCd<0en>SKdRZLyzK7SIrw|rERE%&R;
z;dH9MrnQE0ftp;S%9WSWBYhQ7=DphRsXISg!cwl4>+0`RT|@4)QNwlWip1;9 at 2^v0
zSRbO?*{^Yw3)Lk&ORmNyu}hMy&b+MqltqzHvb>0?mx##K<6V{E%|xzE)m1f`h+HL>
z&z>L1Q9k2Q%sfdE#e|4N^yEKV(lWK~dg<T3w0o&Xs|@W-Q5`1!NcuEZYpSZMp{o9u
z67rFd6;*55k~YQSV|^Nls<Bpe=~5Tg at BaQRT?W;~AXD;{5|d0xXHmWMXA(0MU2d<;
zpG!=+n`BDmUPR at UOeD1#Go~~5j;emGo>iAJYfpS_{QidYz7IcMzeHVic$%CgpCLRp
zP*k&N$~B_Sq)ni5?Z3DxE{ge7jeEb3e7)=I|Gy`JCXMH7Y-A%NMzpj4*DGXR6$<~v
z)aPi$hZc5k6e;P{gqP3j68+D-ZQ>uUI5)i~3TK)a>eg#SO%fORv}>4hM6rL5(g>04
z!FuK3uSP|lm5R}mBY!k)wCWZ9)w@@UrO;sJYt(NwEF1Eb?7n>2P(t;kMEl6o)=KPf
z$<ulS$djv3o<WLYLnVi2OPR~Bdm?7YmQw1Jr(1~}NtZMAh<X*!Up>43%Do|ezqd<e
zNBLT({=>EwQkk at nCrArfuB3&Cqy-v6BcZX-L})5B6PgRkucgomt2V90ZX>i6+6nCi
zO`(I(QRpOe7P<(p&Hs%Ocp>$8BdKfuXq0kxWz at X;Pr|a=ten(@o;^04vlh2yazM$`
z%JCV3a^-wMO*kwl#pbM_6o&5wC71myD5XlibF6D!bQZg*?3=&x%UNut^$;btQhL(F
zR`N at s*vdjV)nY5(jExbywb)7>raZN0h}~Z7`C=>aP;?;ch;1lD`t-Gm3=h!@$Scgv
zPE9Tq{pKa2$-7uDqN=1cJx@<5P0G0q#a!7|!VF5!*Xvu5o0gZH|8K|tcy6eo+dS7Y
zt)Mio?%cn+-oeJP?s#YMKO{S~xS*sUqf{>}BO^OCU2jl9ahkY$3GmFMncQgI_M>Ue
zZw at -3Qn$S}_C?`02kW<M7w>xd;|Uc--iizrTdCU=TdDOF`?Yy3f!7jvErHh(crAg~
z5_m0v*AjRwf!7jvErHh(crAfHO5m^h|4M&a_0$)q=2&)XGvz($|C>Kq<120&e{c(y
zzIPKr>HCURH%_bc(F>Jxg=#?=19($tD at +hN2~!27uRljn`tpkfr7yoqP!?#~C at 6jZ
zPXxv9TY?g&hCaT!YzOoXsq615qq$1ISM!yvj6Bx&gIm>wA<lnk>qy{Ayrt{>H^vNF
z$k|FPl+gm^t|GHbmCrC_OYtL4UY#`bzx7_ZIg71a;q_`?*;ei+F+9LG(LXpKG$`WN
z`|=idP4Q!#*or@;nAF+IN(>GDDz+k58Q?@u$da>4McS at 1vS=lvi3N3|iMe%S|H{~*
zRo&4%`JB?KZY(}cMiXW7yIhe~mqv;|O57Er_&tc=I=k}KeuH~Mm=@yD5N64%P)lCD
zEl3r=>&GrLWy?}VGt=v0P$;9B1?0$Hs_d84#Uw?>G?jQOF|)37Ro)TQ-`DTslZks>
ze3bQw{!9ku;{LyiPl>#TYKW87pTs4Po^^33{)@OMvTTS;eR?QwaFkTYml0m&eb at hA
zYW(~CyU19oa^HjhBFqL^DPb#PWQj7qtmFX)k*XqDN1Sk$J*QXKH~5$S5B+oegMW$t
z&_DTbx9&b0;-{>1^JnS(ckkE!5B^2`L;vjl;9tl;^w0JW{`LKb{@MJ&Kkt9&pY^Z)
z$ubnOt*mVH-=~K?E`RW^A-%=9&fkXT%il|1d&$!c`K3O7N_qV!@%ycO)cdEry!t2p
z{Z>Be{p<b@{cDhyi_~&TytMzJf4`NFdjFI<`JdeHZ{?%jKc%k!C;t6bKI;8b+6w=~
zzu(G7y?;u6`zQW2l#j0Rto^+|;%(i2Lw?qhePvcdw$#m~@?>_ECwZpW%A5-?sc)1w
ze at gwCFZHD|yC6^ORN2py>waH1EB?MVuO;wW0<R_TS^}>n at V}CP(%w?~q)Hv8^r at A4
zOX=Av at 9UMBfXX{&<=wne|0?}frBAN(Gn78QbcXBt^vZmI_JY#??jR`rccnd{yzlNJ
zD6>qu2})h4v|E(kvr at O|3HpM8&|NSTj09t$hhQQo?JzT;r=axpl>VosptSdtI#{XK
zm9~P?{!rR9N;^qudnxTXrH%MPru-<Yp(^cHcfmvGC3p&6g169H at DY3kKcSDHw8#Ag
z<$7g&AxH=oly-lp5GI5R{e=EPgb*nV5C#f^geXDj$HWM+LYxpUBnV1>DM?5cQiN0?
zO-L6qgiIkz$QE*h!9uQ}v<vcu0-;bS5{iWqp;Ran%7qG{Qm7J!2t$Qxp+=|`h6%%k
z5yD8}4dG2;l<<}?S{NgY6~+nUg$csj!bIU6;ay>pFj<%)OckaHip<^<dxkJmm?g{>
z<_PZ#%JF$(&leU53x!3(V&MZpIsW_=%VmGXD>ub`^{Z{!d~N;*5>RH{7D&#~lbkOL
zT}WP1a?Ia19c9s<hG?kCWsRDu)?K`--V3ED{c47fn0#89yRu4gQBD@)Th{_sO2L0;
znxXn at _)0wfjxR29(h}t%B*sQcZL*ZW+`5ui at AjYkx00u)id at hjgTHfafSi=06b><i
zMEb>2 at _oflmC~z>5-I8McTHEh|7LQshVXaqU-8>nd3cD?kSCWCs?tYM(mp^!uOGux
zTpDI2)}Q-l|0e&1{HH4(wW;?_<KOQ5KZ}pEgs(1M{U`FD`@8T%>Uv)dxiCWRSV at oc
z`pEr_e_5>Z*RUJ^#rfeMjjPM|Np|)5|M#aIm-{~{waW>qar$#mw*90o+RbUHJ-(FO
zaZ--#A&`CSlDbQ&z5dnMqVjA0Z}P8)e%<^33O_*ZSeak?-<pQ<*Hk?CPx9aSR{@5L
zv<svrQ|6f~xlQ>d;6E`PrTjId{of5=$u9$xLMui^q^<O}3#CR+sjF%0-T&@?JIQ~_
z6R(l*cf(i8t5RqGugrgX|Gy7c5rYzc<#DXkugY^oxfdlbEBQ%DSH->gEBp6hz25$R
zUjptat`P-g#i{8fdJ*Zl>8YjZX%VGWx#=DTao*wHmQfMG26}Z4p~-pTC~gLNm3g`O
zC9WwR23e)0g|1dsC8=5IdC4V~1%>JPa!h8~<|UWPZgHknLER)*--6V#y!8B1D_d)8
zN2`?Vl-%rs%;Mz2tg2U@{ZG8=<!<%s&Gc%i6tcfz+&v}6dgbZGB{D<U!@$PU+CVQo
zKeZq&J3rIIU_fLa3ugnplG5b-wB+1^e33wYfq|#^?w(fSnwDIeTvA$4oF1UeC>Doo
zu>*WP42JsnSbN*~`Z!xSdOO-%*jxKrTX at _0x>z{%c5(Ezvvc-wadE6^5M)}(e|!6>
zWfFW|R9>z at FC{+p>CittqvT(Am8g{!XaBdM{7ZUSiIo2kl(PRXqUiNE<lb<KiacG^
zB(0Q^^vAZNo}BdCd}(E(w4RHTh2$YSy at niB*EbD`P>zXHU86$Twrn_V>C8_q>y=K@
JYxAcP_&+GxazOw9

literal 0
HcmV?d00001

diff --git a/demo/admin.php b/demo/admin.php
new file mode 100755
index 000000000..234d671d2
--- /dev/null
+++ b/demo/admin.php
@@ -0,0 +1,340 @@
+<!-- $Id: admin.php 1120 2018-01-02 14:32:44Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo Administration
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+<body>
+
+<form method="post" action="admin.php">
+
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo Administration - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    $command = $_POST['command'];
+    $hic = $_POST['hic'];
+    $hip = $_POST['hip'];
+    $pwda = $_POST['pwda'];
+    $pwdn1 = $_POST['pwdn1'];
+    $pwdn2 = $_POST['pwdn2'];
+    
+    $retval = 0;
+    // parameter checks
+    if ($retval == 0) {
+	if ($command == 'Change Password') {
+	    if ($pwdn1 != $pwdn2) {
+		echo "New passwords do not match";
+		$retval = 1;
+		$pwdn1 = $pwda;     // don't roll the old password
+	    }
+	}
+	/* radio buttons, should never occur */
+	if (strlen($hic) == 0) {
+	    echo "Clock - authorization hierarchy must be specified<br>\n";
+	    $retval = 1;
+	}
+	/* radio buttons, should never occur */
+	if (strlen($hip) == 0) {
+	    echo "Password - authorization hierarchy must be specified<br>\n";
+	    $retval = 1;
+	}
+    }
+    // construct the command
+    if ($retval == 0) {
+	switch ($command) {
+	  case 'Change Password':
+	  $commandStr = "/var/www/html/tpm2/hierarchychangeauth";
+	    $commandStr .= " -hi " . $hip;
+	    if (strlen($pwda) != 0) {
+	        $commandStr .= " -pwda " . $pwda;
+	    }
+	    if (strlen($pwdn1) != 0) {
+	        $commandStr .= " -pwdn " . $pwdn1;
+	    }
+	    break;
+
+	  case 'Set TPM Date and Time':
+	    $commandStr = "/var/www/html/tpm2/clockset";
+            $commandStr .= " -hi " . $hic;
+	    $currenttime = time();				// php time in sec
+	    $commandStr .= " -clock " . ($currenttime * 1000);	// TPM command in msec
+	    break;
+
+	  case 'SH disable':
+	    $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he o -state 0";
+	    break;
+	  case 'SH enable':
+	    $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he o -state 1";
+	    break;
+	  case 'EH disable':
+	    $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he e -state 0";
+	    break;
+	  case 'EH enable':
+	    $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he e -state 1";
+	    break;
+	  case 'phEnableNV clear':
+	    $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he n -state o";
+	    break;
+	  case 'phEnableNV set':
+	    $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he n -state 1";
+	    break;
+	  default:
+	    echo ("Invalid command $command");
+	    $retval = 1;
+	    break;
+	}
+    }
+    if ($retval == 0) {
+	// uncomment for test and debug, permits view of TPM command
+        //echo 'Command string: ' . $commandStr. "<br>\n"; $retval = 0;
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval == 0) {
+            ;
+        }
+        else {
+            echo $commandStr . "<br>\n";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>\n";
+            }
+        }
+    }
+}
+     
+echo "<h3>TPM Information</h3>";
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 6", $output, $retval);
+//print_r($output);
+
+$key = searchForValue("TPM_PT_MANUFACTURER", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+echo "Manufacturer: ";
+$chars = str_split ($values[3], 2);
+for ($i = 0 ; $i < count($chars) ; $i++) {
+    echo chr(hexdec($chars[$i]));
+}
+echo "<br>\n";
+
+echo "Vendor String: ";
+$key = searchForValue("TPM_PT_VENDOR_STRING_1", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+$chars = str_split ($values[3], 2);
+for ($i = 0 ; $i < count($chars) ; $i++) {
+    echo chr(hexdec($chars[$i]));
+}
+
+$key = searchForValue("TPM_PT_VENDOR_STRING_2", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+$chars = str_split ($values[3], 2);
+for ($i = 0 ; $i < count($chars) ; $i++) {
+    echo chr(hexdec($chars[$i]));
+}
+echo "<br>\n";
+
+$key = searchForValue("TPM_PT_REVISION", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+echo "Revision: " . hexdec($values[3]) . "<br>\n";
+
+$key = searchForValue("TPM_PT_FIRMWARE_VERSION_1", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+echo "Firmware: " . $values[3];
+
+$key = searchForValue("TPM_PT_FIRMWARE_VERSION_2", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+echo " " . $values[3];
+echo "<br>\n";
+
+unset($output);
+exec ("/var/www/html/tpm2/readclock", $output, $retval);
+$key = searchForValue("TPMS_TIME_INFO", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));
+echo "TPM Time since startup: " . $values[2] . " msec<br>\n";
+
+$key = searchForValue("  TPMS_CLOCK_INFO", $output);
+$value = $output[$key];
+$values = explode (" ", trim($value));				// TPM time in msec
+echo "TPM Date and Time: " . date(DATE_RSS, ($values[2] / 1000));	// php time in sec
+
+?>
+
+<input type="submit" name="command" value="Set TPM Date and Time">
+<input type="radio" name="hic" value="p"
+     <?php if ($hic == "p") echo " checked"; ?>>Platform
+<input type="radio" name="hic" value="o"
+     <?php if (($hic == "o") || !isset($hic)) echo " checked"; ?>>Owner
+
+<h3>TPM Status</h3>
+
+<?php
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 6 -pr 200 -pc 1", $output, $retval);
+$capitems = explode(" ", trim($output[2]));
+$val = hexdec($capitems[3]);
+if ($val & 0x0001) {
+    echo "Owner auth set<br>\n";
+}
+else {
+    echo "Owner auth clear<br>\n";
+}
+if ($val & 0x0002) {
+    echo "Endorsement auth set<br>\n";
+}
+else {
+    echo "Endorsement auth clear<br>\n";
+}
+if ($val & 0x0004) {
+    echo "Lockout auth set<br>\n";
+}
+else {
+    echo "Lockout auth clear<br>\n";
+}
+if ($val & 0x0100) {
+    echo "TPM2_Clear disabled<br>\n";
+}
+else {
+    echo "TPM2_Clear enabled<br>\n";
+}
+if ($val & 0x0200) {
+    echo "In lockout<br>\n";
+}
+else {
+    echo "Not in lockout<br>\n";
+}
+if ($val & 0x0400) {
+    echo "TPM generated EPS<br>\n";
+}
+else {
+    echo "EPS createed outside TPM<br>\n";
+}
+echo "<br>\n";
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 6 -pr 201 -pc 1", $output, $retval);
+$capitems = explode(" ", trim($output[2]));
+$val = hexdec($capitems[3]);
+if ($val & 0x0001) {
+    echo "Platform hierarchy enabled<br>\n";
+}
+else {
+    echo "Platform hierarchy disabled<br>\n";
+}
+if ($val & 0x0002) {
+    echo "Storage hierarchy enabled     <input type=\"submit\" name=\"command\" value=\"SH disable\"><br>\n";
+}
+else {
+    echo "Storage hierarchy disabled     <input type=\"submit\" name=\"command\" value=\"SH enable\"><br>\n";
+}
+if ($val & 0x0004) {
+    echo "Endorsement hierarchy enabled     <input type=\"submit\" name=\"command\" value=\"EH disable\"><br>\n";
+}
+else {
+    echo "Endorsement hierarchy disabled     <input type=\"submit\" name=\"command\" value=\"EH enable\"><br>\n";
+}
+if ($val & 0x0008) {
+    echo "phEnableNV set     <input type=\"submit\" name=\"command\" value=\"phEnableNV clear\"><br>\n";
+}
+else {
+    echo "phEnableNV clear     <input type=\"submit\" name=\"command\" value=\"phEnableNV set\"><br>\n";
+}
+?>
+
+<h3>TPM Random Number Generator</h3>
+
+<?php
+unset($output);
+exec ("/var/www/html/tpm2/getrandom -by 16 -of rng.tmp", $output, $retval);
+$rngbinary = file_get_contents ("rng.tmp");
+$rngstring = bin2hex ($rngbinary);
+echo "Random number: " . $rngstring. "<br>\n";
+unlink ('rng.tmp');
+
+function searchForValue($keyword, $arrayToSearch){
+    foreach($arrayToSearch as $key => $arrayItem){
+        if( stristr( $arrayItem, $keyword ) ){
+            return $key;
+        }
+    }
+}
+
+?>
+
+<h3>TPM Authorization</h3>
+
+<input type="radio" name="hip" value="p"
+     <?php if ($hip == "p") echo " checked"; ?>>Platform
+<input type="radio" name="hip" value="o"
+     <?php if (($hip == "o") || !isset($hip)) echo " checked"; ?>>Owner
+<br>     
+Old Password <input type="password" name="pwda" value="<?php echo $pwdn1; ?>"><br>
+New Password <input type="password" name="pwdn1" value="<?php echo $pwdn1; ?>"><br>
+New Password <input type="password" name="pwdn2" value="<?php echo $pwdn1; ?>"><br>
+
+<input type="submit" name="command" value="Change Password"><br>
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
diff --git a/demo/block.png b/demo/block.png
new file mode 100644
index 0000000000000000000000000000000000000000..b57c24baf4421dd33d53889258abf224cbf585bf
GIT binary patch
literal 8376
zcmd6M2UL?;*X|plfOHEY9Yz!jMJ#lP${=C^3(^T79fZ&mS`x>?2m&esqm-zO;sDZn
zNir%#KtN;wLkmSj2qb|30n_dqbY}d%``!P$-~I1e_p%m?&3n$fPub_)&vTxA>zs|1
zq?m#j005HKCx5&E08k<T2)z at 9f=~Q^o4E=8fka%eIxcjSn9u^+Qs>UtS%MEmMP;OA
zR5xr86_?ln{)mGA%g6{pH;71VR!}mK+o8L4o2H5yOm^pCB^^scLqjz+wF3tZ?AfzN
z`v82emc#Bnwm)cC?KHMGg(Vo8MjtT@(L3zB`>4CFP2|24etRsu^v=f|vP;lD9ct*7
zblBmliTiD1c(VEB)RQMqo;!E$=+UEAr!$UP+&FEUYhjgQd+}Fi_ofRD#r7^$=ffVH
zzLMdD%7c5o_V at P>4GqO$Fentt!^0y0G3 at F0)+gu>6ows&q(;UugCiyp$wi5YiD_wR
zI2`U4uHi;b9j>gkprD|%w6wOimOvmpu6$GVvX|5|+TGnvB9R6L1}GHD^z<~HPG_-L
zd_KQ=>g^eDM>d6?bcz4~sn>#ENXC9CMew0~q@`ozMTBo8(lgu#I2+&<j)(yNQ?vE;
z4e;{8%pVB at 096(1ACK9g2Iq&x<8}^s{xW_o`Pa;kcI86%lz&R;jZSahvT4gBSI2;(
z6ZiIn{6Jb6yxYg;TN%r}_3#Dme8|WgCMOUy%imms96iRIcq=K&x4jS~4j0<wVGW!X
zaujmhLc9lLZYbMOrh(lB(Sm6GcN+xG{-vw`q+#{dd>W<c{ppoX)#B>_A%Sq>^9}a<
zQ=*I^k$1^{yEd$9Lh`6nLOVRL5aAsj5QziCb$dGzfPS+#9uU}N0N9LOx3$*0uG`{Y
zU(<#B)kWX|fPU?=Zh!0YmuF$efAaiwM9{P9<}tEb!$xoz7crF5 at uk%*y$cc^*kuW9
z+VNlP0;0Do-c--Q8;$u4OInX4_f?*3nEkaoTFG)?Dy}u`b8uc<pExNlYr~GQ8mPIX
z=Q-ZNGyRP7Yc8(MGv|ntXvcw=Os7?i`;wV!=N5%4VrHEd;T1 at 0EF{Ea?0o%Cei06R
zb74{8<}!?Z3q$okPkJtP4^0C({$@!}KJUqPlS_k)mTM4!T4lz*EA}kQnt2lnr{AS%
z at 7S>?8id~GCg|NnGLF!2lD9Ix6`OrpNFsCyQox++`$Dp=Nr)k=1=seH0L`J_x+kK=
zLsv%c62?s-brk}SDxnnxaWy<W^2XHTbx!<f`IpPtLN?Qk7LL(SS(9xZo2Evbx(7gq
zV~I0&r^64 at QuPfRr@Wh*%&9kN<mC#n)mg)(u2RLshgqH^iQzi7R?;&jo9XQmcO>OW
za%Vp>5+8qg%?i?OLN&l?Lb3#Nqe2RTm{pDgB5gWh2(lwnHEFVzB)w~l99zsTt3HPA
zM{$&qsw2zquP!9`xU8sO=Uwc8N!2xu%A*uQk(EQh0iw1 at yu$Gu?txR?>dJC9Ct4sg
z+qz>+Z>8P)Ew*}l-`PKKPj^1PD3_D>v+;}0`;9aeO(cw_X&YH#6r6FT-QB#N<Au#?
z;jz=PSs7*tU>J<X!i!?=l#I)@Y#uxow&gd&_Ua~A%3+-X5*yA$(GE5z<wsN&cea_(
z^16mu9cxiPMKuq%#afK at OsPWSU9Om#ZmM(L;(;BKMpZj4G|Fd9E at wvJqg=XPGksv!
z6RV&5J6&*```|&#x{jnY!}iDAh{xxZJT}8~c4B)Ey}Ne#xjm9D*k&|wCI?wNy3yuC
zWcUSEOH+K)gKnM0<U{Yzey$#joEiF(udQ?F2)8GmKVl&F^N%f~pIc%rc(<llki2Jd
zr=sOVfD)Ze;Bf}V3 at P@?Q|x at dHCRYe`pMko@~54S%ZJ}T`f#=6u%dT}O;#KoZKo4=
z$<*Ee7lLy}%Z)wZRVgX7TE5yh_6eK{2LiwmN2C|!XZKO?rY@?}*7{{8Jq_s`!;7*E
z8ue+!%Y|MfPB(V#I?Qc<Lg1Pe;I35 at ot(`kcJ6`*uR?*Gypztw$g7n{@ab0+S^ZRQ
z72YVeM<%M;NbFM3LsMV+cw3_%V%yAK^7xmxbLky)AjhUQf8lamElNBz0{l35G63$G
zOJ`-f-XpeMr;nZ)vSYr-urV|rf||CHsw~Pa$!m&>-l3Hn%cfp)vehB at siNrbx|m=N
z;HX2oQaPzf7b{*x4jj^vQtB+k+3z!`FUo$mKoc=*9~H{0i$m|Yl9`&Tx)=#21%`c5
z<Sx~1ROE{K&F7{UAHMxH?Pmo$*wNvf{zThRGt71BQUkR|-Btw5FbJg5ON&~^p7asQ
zXrV*1Mr_5d!U%UA#TBI<vo>3y`KCD8k8TZ;Bf7SluzFK)Hp6?&?%K^Q`A++aWEXJ}
zN&8I-pNRb~m!gQ6Xz{HyWmYh0NA9%I=>C<O+|P at wFb;Ua0R-adivA%=R5Va`=N?=s
z=05*mvdG4<ck<ewI<h|<+3xokb9bMUWOA|=a<o|(<rueUm6cXw>nuoi%sKXGQX3P$
z(xOBz5P#W5K47Lh<d&@P4EYA1^9;RZ=7&nmJ+tASaQa9Pw(^iw?v&U1%3%Eg&qL~;
zWtqB$gv1-_+H|Z;R6p-|6=wc^HSpn7nS)Nl2Mp_ZeJ$s8?<K$;07vTd4O2o$ok&Ti
z1Ui_UDb>y2qhPZb5S~H1rDHYSGt;?}xVXLcns-m#iZ%bsh+LQ}?97n_&WwIXfhxk^
zd~#1}R+^-C>10tem>3v|kUHfN&XVnB!5VZg!ItFcZ8#xtF9 at FLIL@W at I3-7MMz0(d
z-~(b%%Q(SZ{}G5CWA=i$`~ztG&p`1vB78*wK!6V4um&#lj}Y`7Q2g0N08Re{NA#^8
z%~$M?V<~uD7yJr_w>Ax)yoD8ZW+_+wdM00y(+^^u6$fXqDh*=TcA}6YI40!Zn&8y`
z?EAlAf^+)nS4%Lxe`A73x;_W6 at Bhlo<l_ai)WR+^m%9nE&BB~l4upkppxAynOU8Un
zPlV&3&S?`DDs%4BJ-(_B<sj7KzsQw}5Cbn!G(-3~0B<2(hWC31q|CX0Ks`PK;K9f>
zRe*hCta639<anH}Ffq`L^695n18^~HA0EA`CBhjz4fg(kd_X}o%K$|w+*Qj7R=R2v
zXlEqg0A5!IQ06 at 7FfOhuL{yE!a6Vm%V`uZ1I=1tdV<?>81%!e{wJ+sjhGGe&@Pq)6
zS<JJ64OM3Q)rqi83|C#buZQFBh<{}i>!Ag=_ at CIt`axNz5#Jq@^%L>kYu}TSulC=s
zeaB_K at fuaT-pbxMaHQ4F2AtWEb5%;P#REl&wOr`-^tOFmKc(ZY+=PLHV5%@DN^@nV
zV3NlN!?v|3dS^AuNM<d^4XfN3bqdxJTaJ})?R$jdg`4lo98uVlowIUJ(b&&Kv#pW2
zq at JHlPK9xs7OA1!rfM6D9d-~o0^L~{L?scB(il+Q6a!js&Akay)Chll{TEU<e1FTx
zhA#|-;s5AAy7n`v+C*PLwl+$2g*!7f^v0h$+Gc at s_|u1r1S-cS!kQ#oIpes9sg`GI
zDHe4`UE5QX)kz8HohupFNS!=((Am^J;gMFZXMS(T6%|4dFCk2fH?i_0{p~xJh>*G1
z;}5&>o0^OEjZLuJIsl2#MhJ4irC~}UJ9U>%VG*lPF11mTNDX|&z1$eN85u2Y_ffL4
zb26afB%z+G)UV|*@**Z&cg(woyuv;@%<=ML;>@rRbQqC2Wi2`|<yf&P&Mqr73K(;W
zm>5-fuBNSV_GM;aCoiDl7R5yn9$QGBw1uHIDYLDW>N^xgwpCIAR%_}D8jq9}c~fIA
zC^~BFOpdAdj2C?9uuX<eL*4pbS$(e@)0eWKfbGMrG;h9yYut6?u_7_{$I>Jzz_dNO
zHSM0+!cuA8k3Dr_hWrH9!I_(}@%{6ba<$nowNv_5PqKG`L`x*pT3_*Wjho4oSbUxh
zDKYr?z;wrpt8P&brA?nV#hjUivmh$>6RR3!>y|Mz`0kjbu2|F^zIbWU<m6`XePKqS
z!<EC+UTw~<XRM{kQVZ%L<u(sJZ1c9~n8qT`D;kyNC^XoHB;?Dlf?G7w;ceAqizs=&
zb960)?_|tQo$PHj5dkwP39Fh~RB*RpCLl9hSi$$C6eJ#(w`^9JBRi<@K}Tn$xg%Ad
zu1r?qwX%tg5IWqqUz|JlnLVpPxlhnlgAIdenk{W;BAs&v)?63uWxR8GKf5A5_^hfB
zs at W*klni@!r4K<98c+%EF+IVJfST{eq3_XSDch|krKLQu?lPg|nX2f?08u$IJwHCg
zT$I64C%jxlH6S1LcmxUM4d}?nkgyIJiBw+^f+iyV7MP(4YGd%QW0yn?`V{HMKl at ol
zr809TUjdpdlXjiAO=Q?P?eX^r^z%o|+t`8(R@$7STg^;ZIY`Dc0eHj?tCpvZEslg?
z&D)<4fME>w%-rhTs})XuLC}UU_}==-MP(tCr&+l#sMGAxne#8uO+q`y^dWh=Y5i7+
zr1Irk;~mTDPhUa&{KBcE&|2YsbYn~Omw3(gE2?#eFp1d7FCqskUIh=3KfUn~2AQc)
zj$3bC@$IJ~Sce&(^J|$)*+8CqVkb#BTH4#V(FE3uv^TnaIQS*zInH5FsT>_dJnvd#
zK3T2sEO9h;C&)!Nk6n6$jP5Akb0hL%4m@@zapw2QwtVP}<CnX5<+$u?V$`7*7N^>l
z9M^vKBs6_wzA$)<Owd9Zo!UNc27Xg<K*1rJMbw-=cl=kz;tA|UM`W7x+;aAOmi++(
zn_0V(18tPZOxQ*SilR5&()N2nIv~870K_+rf*;0v+rzH+2O^p_k8SIp=(&0Y$3{)}
zj9SKs8FP17Ms%>NzCdnyifU%3%q(2Q)@D5jP8j}eQU4&YW2_&5%i=~xZoB!4MDG at X
z;&beFchO3&CQ+ChE?-;HP?0nF{n|YzX41!{iIRzj=>dpCrMO_<Pt91QRzyE%@vhjI
zIJkC^v8mPF3qy^i&@TMR0)pv|(1XhGr at Q?Mf><ul>@9 at cHk2D)(ZmVy$`2;7y}n|;
zlv;O^aCyI5NCwX?ujTA$aOyqSGEa|al4(tm)?s2=X4K3a67n$C1BH!~8$cW&AhG)?
zNl^ni8NJ<8u5YD<b8=~tR at wAFz~lcm-^7OUda7-rl9Rm>>p5Tm*Jj#^Px0fb3e7KT
z&LUNzO<oT;KVCSz<43CYoyZQJmJM#G;4XlsKuQa<E|h#aOEk!!K9T}Bq4sDGL{;3Q
zxyMq5jZqPW0ea6z-pw_vK5MdBKG1tW(Ktqek?Qk_*@#~7&W&tWmX$`=fSbtL%BV1%
zGTPgPP0boI=#m?lN at Jc^qC4j!CTA^AOB?u|-`0}Pg<2YfRnMt!H at FsFpXeDI{6}YA
z@?Lubx$}`KlzwU0h}(%CwFH9)tzk9t!<^|7pZC+vNxhoMnl0CG&j`xA3<k(j-eQ*{
zz|;EQ;Y@$s)&CC=^gA>aq*^E^4CwFhUB~T;J}Pe-hmis=F%bmBa)at||7Hrsc at u=^
z&u0tsZ~VXHM&FSqFfFaKB#=jaHH)+64RE{;1qRNX{l!Yahc03^jra230Q^;JQOx2`
z0tOW&>h6Q(t6#T$O9YDCnr#?7oi)BHNQ)><N<fhhclUMOEkySl3<tObwyy@{M#XXS
zEr8<-YGXBpg4zq%v%f5q9wOklV^0A`?K!pt0|^(!_O;_ranR%2wh#mTN at 0@YNVqVz
z?>%19J!Uh&L$N0fN}We2+-d$O4RaO2^H|^Js743AL#Z>3)mNnZLLklryK`Y!P^RH)
z5F?sh*AK>5E#+^`1oB<jzS82aglIj4{}l=P&c!#v{V&+`Iy?K5imfX*jsWI1mNdDr
z6>3?ufGTHs(nyng!PC-|?<rbKmPY2@>A%%gn)$RgM3g)9McJ36zEo1Uv-a_M14aCd
zA0cN%wj)^b{!tOKc5d=iDvaTIhwC|l0<Xt_f#UT8?dZB;K&$hUSLL8`*ZarMjkg#;
z68~7UUUT8Cx<LC_cP4JB*6{E{@UY1?Pzr*KiWshqYo$&y^IxB$<D2vzDC!1oy&N6{
zWgKodwl1I-{~nJ&qw>t4sW~|vBlZ49jj%q_HcV>5Q;bt*)M=BhX;PnaMz|9x3DUqi
zh#}we;S~eb3<J2v&8+2_ at Uo%z&yC~LhqZBfblXy-lpSD&oH~Q<L%qwNI7YvxNCG3m
zxQIQpzav~r%(KENp1esj9|~e%Q;2!@GL7I7<IcHn+84mB at y63j+mWfK1#Hur*s+08
zrF7ag53!vfHvUP5NIJ68C>(wN?R(PlUGEDjAvIO(?l2{AyIrJEaA?!qC223^#L-z9
z;(4!um^csC&cgt5|6F?Wf{DQ2USg$8Y;xxZAJK*QLy~!2(hyTEWDHAk?sLN$G5O<*
zUro*8tD;sF1luK?<7iSe{7XoqeP*7 at 2E&mwntdt$gTjZNn5h>}Q2S>x39kAGf#OyR
zbn9$6QaPKVITbxum=!XqB4pScbkL<+MgBuzUr=6ziUY)9B~ftC3np4l7Y(KuOx at 1m
zL`JBMO$Dr+yG9<p`a=H at rYAV&_<j*n0Q894FkJ6yhdATcniFX-WCW6ocyxxlQB3^@
zlXG-)@^YTp;++MiYdhosF?eH++b!9s-sV2`Y>FQ>qAopN%2b9C|G=HoRKFoS=uyp5
z+scE9-D8Kq^`mshmX8&mC)7O)Gt+mXC*@5QWJzsw{n;$m+vDQmm{o at +03&56fiymx
zI8&a_dDwbc3%1e31^3KMi4l)CM7XNfA1TuzLue%ruWhw at 4DM(Oq+mMYW?y;o6>8Kk
z$}eLN5y_bgGx<;_hqgQxxBv5DvUZ70kAookz1T!*hh}p5($14bKA40Ak|M;WHr`f6
z^$or86~cHLVWXuSuD2WfKytY8&Wg#4ryq$h4MgJmn#{w4)Ea{j(?0h!sn#&kaG3UC
zkl#w8$Zqa+uBp3T+T4?8 at U#Kxhorn3;T86aJmZFy01Yg}Tr~8HtURl_+-IeE2Z?C`
zq2z8?d_AMNXk{X-!eYx%-u4gCsPmteyq7BD^}tWNR+iCX7`)}i<%*$4U3k~&Sr4K?
zoBpZ>*%RK9>m6C|<#93gtqJB+l~egl4(6sFS0%0I2Yx1m@&*hAsB%V<>-5;8*`tdL
z`MNK%$Ramrc2}T#L53=2R(3jVJBd7&+9)9MviTXM&yrg^6)TMv!qErD)`F2-$L8_N
ztfR}iAB5uV@&em8I_SO=WD^6$valRPwNA-I at z6pbyVYAPwKRFbQi*Q- at xFwEEpymi
z`U!J2um<BXV&STd`ItyOzveKUcC%;f%XmFp1|%h0*QM$IR9OBCTEAw>zm#V1`QKS{
zJ<WX+7QUrCfr|0>MfK}ze<oXW95I$$EXdaGHSzQOY<J!w29RJ_4begUfuAMA3u@#`
zqJzK$KRK^zu_{+8^zQ@#fnpF$rONO|ih%z>qL3)d0t6btI{JaR{9l_1za(sa83axu
zFn}OB4r>wv*99r|n?t%2;80#iEhWYXurK<u(939Z4;R3miLNLpBe-8 at 1PiZHEJQIY
zu>#Oc5XIqb0KU;(P8wVa+gE{>eObDNNZEY{!w3Y5Gnb9M6BK^(as-MJ60*gm+&Q1C
z1&Ep09Zr-w1})ZKar?yDue*U5=mq0Ng>De{sIH-JCGzKdKm?t47?(@+fPkV+DTZIz
z$L(fN2D!Qn7Jpz}R3HpCe<8#!*9P<DP(A|K4C2mGcwhkj{{qQ5Y}RBV*PyG_OOT_d
z_e!Nqcryyqd68g!qVjTm5!%o^w~ua;8awWvJj;EA8)f at fP-j{TnwMIc>uKF at PoPlh
zz2DP2ORxFhUG*bfaegKnS5GA$iy2@}^;eE8Cn+WhGLS8OU;C-uoguv5O9wxk-Tm$(
zDPLm#2NxarQ%(K)XvFc)!4SL+JzN1-P^TNcHV+?dCAFm(2;S`Od$e1x=V7pRsqmER
z0|`kB!xy8|VCA3|AdSaA966FZsF*#_ at tW?l5Sa^Jm!TXRh~H#$ORWE(cypic<FJXC
zvW=^r4Lr{bf8{=e;;yZ6UC|HTu5J}9SQ(19{nQhn7wJ62FgsoIycRMLf|&c9hxns4
zg{%ZZ5n2R0-G-kF){B&TX<dKj;477GRj8 at I5PTOxI5}pm^<CUrus^6bzk?w6W2d>x
zkvY-1HYAXvEf3N5C6;G-GPeoVU?S9{C1vSj(RP#m$nhDDrUVl<?196EObUk^SKtE8
zmY_(iZF@%Z^|x1g|FB#0L8}#zX7PEzs*uymY}dsc12ZJ%1J;2n<YvAtBeA at zQhsSO
zv8P|J*fUCF(D;NT=z?F2EtuJrF=FZSx#mMk?i6fJB<G4QOVR2#n<8;RZlKGAp2s*J
z$%UK65c19<RG_BRE4a_f0x`B*tPWXTY}=l-R&CdTMsN359kZ-$AT*M%mq5^K`;EYh
zp2bGf+moonaQ)iCfoTL{VBkj at q{&oFebBhm#pLIxIW=&K1QTLsdR5CgA$p)W%o$-#
zhs4{Xg`W&w67`$XHJiQ)ZuuI7ay|5Z*DDf}i%svLN#*8y*R2{g?+aQNP7aM(9*i1w
z_w8kv6XQ6~tV%k%HB%O)RRq)T7Be)Hk0kHc at gCiX+Hu^EWiYFuI69D>GM5Dt1vfxd
zb*yn#E^rP|(nQm#7QL&{^`jiPZRaFwqEbR2uR^-I^+xE>9Q007XWbsfQ!HeqHf?F=
zOU;>&rn7Ua4N`(5ArBO|Uqc?Ih}2zV|McR_%;9a*X%(ffXRT)VaJ)3Xf8CKynq|t0
z5N!bP3z2&~%xb3F;n`pf2f};sur+L|HzD6Jg!UL7eDlP at a(F~-E03m8qVJaGChK=Y
zZgN#C>83QDL^uLQR1FL3TCY%k&yW8LPQ0GozX^lum#B4G{jUMyTQ&3hg6F!<C;$sE
zRR0JTWdIub6(9u9Reksy-ifmaAiF;;C=#!ih`*I at 1x4cZ67koDZ`EV4;QN2Q;aeek
l3-O=F_^aW4;t*fNk;G6sFI=JrmeT=iOPe1{j(hy{KL7-lo)!QA

literal 0
HcmV?d00001

diff --git a/demo/demo.css b/demo/demo.css
new file mode 100644
index 000000000..325009bd1
--- /dev/null
+++ b/demo/demo.css
@@ -0,0 +1,28 @@
+/* $Id: demo.css 900 2017-01-06 19:25:47Z kgoldman $: */
+
+#header {
+    background-color:#1d6ab2;
+    color:white;
+    text-align:center;
+    padding:5px;
+}
+#nav {
+    line-height:30px;
+    background-color:#eeeeee;
+    height:400px;
+    width:150px;
+    float:left;
+    padding:5px;	      
+}
+#section {
+    width:850px;
+    float:left; 
+    padding:10px;	 	 
+}
+#footer {
+    background-color:#1d6ab2;
+    color:white;
+    clear:both;
+    text-align:center;
+    padding:5px;	 	 
+}
diff --git a/demo/footer.html b/demo/footer.html
new file mode 100644
index 000000000..431a12200
--- /dev/null
+++ b/demo/footer.html
@@ -0,0 +1,5 @@
+<!-- $Id: footer.html 485 2016-01-08 20:59:44Z kgoldman $ -->
+
+<div id="footer">
+Copyright © IBM 2016
+</div>
diff --git a/demo/halgsha1.inc b/demo/halgsha1.inc
new file mode 100644
index 000000000..aeb46d6c8
--- /dev/null
+++ b/demo/halgsha1.inc
@@ -0,0 +1,6 @@
+<?php
+
+  // $Id: halgsha1.inc 485 2016-01-08 20:59:44Z kgoldman $ 
+
+$halg = 'sha1';
+?>
diff --git a/demo/halgsha256.inc b/demo/halgsha256.inc
new file mode 100644
index 000000000..713bccdec
--- /dev/null
+++ b/demo/halgsha256.inc
@@ -0,0 +1,6 @@
+<?php
+  // $Id: halgsha256.inc 485 2016-01-08 20:59:44Z kgoldman $ 
+
+$halg = 'sha256';
+?>
+
diff --git a/demo/handles.php b/demo/handles.php
new file mode 100755
index 000000000..5cb7bece8
--- /dev/null
+++ b/demo/handles.php
@@ -0,0 +1,179 @@
+<!-- $Id: handles.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo Handles
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+<body>
+
+<form method="post" action="handles.php">
+
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo Handles - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    $command = $_POST['command'];
+    $retval = 0;
+
+    //echo "Post parameters<br>\n";
+    //print_r($_POST);
+    //echo "<br>\n";
+
+    // construct the flush command
+    $handles = array_keys($_POST);
+    foreach ($handles as $handle) {
+	// echo "Handle: " . $handle . "<br>\n";
+	// echo "1 " . hexdec($handle) . "<br>\n";
+	// echo "1 " . (hexdec($handle) & 0xff000000) . "<br>\n";
+	switch (hexdec($handle) & 0xff000000) { 
+	    // NV index
+	  case 0x01000000:
+	    $commandStr = "/var/www/html/tpm2/nvundefinespace -hi o -ha " . $handle;
+	    break;	
+	    // loaded sessions, saved sessions, transient objects
+	  case 0x02000000:
+	  case 0x03000000:
+	  case 0x80000000:
+	    $commandStr = "/var/www/html/tpm2/flushcontext -ha " . $handle;
+	    break;	
+	  case 0x81000000:
+	    $commandStr = "/var/www/html/tpm2/evictcontrol -hi p -ho " . $handle . " -hp " . $handle;
+	    break;	
+	  default:
+	    echo "Unknown handle type: " . $handle . "<br>\n";
+	    continue 2;
+	}
+	// run the command
+	//echo 'Command string: ' . $commandStr. "<br>";
+	unset($output);
+	exec ($commandStr, $output, $retval);
+
+	if ($retval == 0) {
+	    ;
+	}
+	else {
+	    // get the TSS error code
+	    $value = $output[0];
+	    $values = explode (" ", trim($value));
+	    //echo "TPM rc: " . $values[3] . "<br>\n";
+	    // do not print the missing file error, because demo may be in different data directory
+	    if (strcmp($values[3], "000b0016") != 0) {
+		echo 'Error executing ' . $commandStr . '<br>';
+		for ($i = 0 ; $i < count($output) ; $i++) {
+		    echo $output[$i] . '<br>';
+		}
+	    }
+	}
+    }
+}
+     
+echo "<h3>NV Indexes</h3>\n";
+unset($output);
+exec ('/var/www/html/tpm2/getcapability -cap 1 -pr 01000000', $output, $retval);
+sscanf($output[0], '%d', $count);
+for ($i = 0 ; $i < $count ; $i++) {
+    printf("<input type=\"checkbox\" name=\"%s\">", trim($output[1 + $i]));
+    printf("%s<br>\n", trim($output[1 + $i]));
+}
+
+echo "<h3>Loaded Sessions</h3>\n";
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 02000000", $output, $retval);
+sscanf($output[0], "%d", $count);
+for ($i = 0 ; $i < $count ; $i++) {
+    printf("<input type=\"checkbox\" name=\"%s\">", trim($output[1 + $i]));
+    printf("%s<br>\n", trim($output[1 + $i]));
+}
+
+echo "<h3>Saved Sessions</h3>\n";
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 03000000", $output, $retval);
+sscanf($output[0], "%d", $count);
+for ($i = 0 ; $i < $count ; $i++) {
+    printf("<input type=\"checkbox\" name=\"%s\">", trim($output[1 + $i]));
+    printf("%s<br>\n", trim($output[1 + $i]));
+}
+
+echo "<h3>Transient Objects</h3>\n";
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 80000000", $output, $retval);
+sscanf($output[0], "%d", $count);
+for ($i = 0 ; $i < $count ; $i++) {
+    printf("<input type=\"checkbox\" name=\"%s\">", trim($output[1 + $i]));
+    printf("%s<br>\n", trim($output[1 + $i]));
+}
+
+echo "<h3>Persistent Objects</h3>\n";
+unset($output);
+exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 81000000", $output, $retval);
+sscanf($output[0], "%d", $count);
+for ($i = 0 ; $i < $count ;1 +  $i++) {
+    printf("<input type=\"checkbox\" name=\"%s\">", trim($output[1 + $i]));
+    printf("%s<br>\n", trim($output[1 + $i]));
+}
+
+?>
+
+<br>   
+<input type="submit" value="Flush Handles">
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
diff --git a/demo/ibm.png b/demo/ibm.png
new file mode 100644
index 0000000000000000000000000000000000000000..d99da69c8d370875136cd3469a6d75155ebc892a
GIT binary patch
literal 1914
zcmV-=2Zi{FP)<h;3K|Lk000e1NJLTq00CnF0052%0{{R3)3KR50001TP)t-s9cr at w
z|Nj7Atq^9g7ih5xWU%=A{cV at XM1Z{jVXlIv&j4MmRg1#Z;_%Vj>*nnADR8uzx7drV
z)a>&3uEyZK(C5qB?7-CMZkWjL^!byp)Z6CqJbSu)qt2GH)hckcq`%!zg}`;5%V3hm
zw8`S1yxRbzaG?MI2E$22K~#90?VagjsxTCU(IhHr>s}XVU9j)}ikGDpa<bxf!Or)u
zFel&?laqxQ1ONa40000000000000000000000000004KV>qVGrg`c>HU`%s0=7`e8
zcm+Pno_o;!c=utInJm7&v;~LH<G#zdd^I+Hvj)A54JM0|{c0agHhI+R_^=qI+V0v*
zTL!HXAtaaC#u2g-`rGWj+v9qpCwO%&o*qxG at i-+qiRzQd`VM`MKKTVacHHJ)_BeHU
z5SCYSdfe%2D+ at 7qg#B%gJDpu=vfE>Q#VR64Sff1-Ki+&;=WX7>OG}A9e=Au&j$CTp
zbIfB`)JLcZYYd*5Sgx&;yH%*PW85j$-sF{G0D$|!{ivfg7vNRGRrmNr$7;g|Uc}jl
z;IW at rTR`5H at u`PYY4v>WvB at Tnwml!BtWgP99WSwtZT??Mb2qm%RyyGBply?Lw<qMs
z1&1s(ap%V=U!*@BF5NMW&X1qw at nRo%dK}4#7-tK23_Q+Bn5V}bdGIZ*D%`w+$5)NJ
z$(%!vakreM)M-mw0XL2InDsZCzLQP%5T;L*htyQUCgE9T;&HX&V!!Z&hNwks^g~Ha
zf%#EKdvg(2+~Kor1K=+sLK(xnk5;RUEix(yN!Nlaf|ANtU%8OE#1<e9OPRUZWHuz)
zC9Oo0GZCDRk|q2|1r>(BR~9p~>b!5A$=xkUh%5u&YC=UO;>4GdUnTPNsV!ArTvU8&
z%h;yv^O*Lh>Uc~iJH<|MB=+~Xb4lMc#lYhWsyW-eB(QtD`nh!1I+52xk8i0f6pxj<
zB4Rb3<6cqK at _|j%LXX2}yQs2Vo7=o_DQg!K(&mXd5p2KZ(s)7y61}3bV6+rjG`+tG
z4 at P|`>O3Y+?E{{<);-37I;V4!_O=-$A59xA29M{K$Jj;vB0MGSf^&H&%laXx_=;gM
zS^_73rA;0^L;@b=#N+7F;rh2a{X9GB5-aDF$WDX at hopVE+f98CJ6m;RLG_pv8I6L8
zeB=y|EgaR#LiKn~t{;<$yoItr79N-MH3g|2f0F0)i_G~Sl<s*8J*Iu>_xpI<OLXO^
z9uE`w?=88X!L0orv)xSQ(>zPYPBU*}ZI_%6zGd0>IQX)b6DBmGedEW0pjfm_5gRcW
z!KscZN66hM*KD7~0K5eByJ%aqP@}Fel%UiMTyso1`vP@^7|vx*mNu_H_hzr}Nyj@`
zwmWh at wUolym>k-*ugz0(w>$Nvw*%dytm%UY&Wx+?A{K}j$lV^+2kDJ9CTsFzVOeTC
z7x36_a_rNWPCe$Pb+FmudU$MQqD~9x>WUy38P;=WxANyaR>r{WtUbmyv&BKeFr1ma
zs`?5Z^ZkA*VQID%tqV;ViX=<kl%x5L<Yubp9%jYUu+HTu=WKH(ey6xmdwD(3yIAm-
zsWm6*)LtvF%#FUloT<l=YqY+Czd-mlkvW?OH^qTyBf9>0xR3=4@@gYXNC}H#n+rB4
zf$5nO)1FzhuhDz(nnE%)t<R6s<C<lJMUM6gx!eC<8(S=%=S*1+`?LQIJidL6_s<Io
z>NntLubh|g__1{beMQ$$S7<7WOOY?&u~@ETX6Er at F<%ogZSyu%u$C8Dup<$yFYk)-
zgLGy+`)Mr2iAKn^Pb;8XGFjgpBU<&{F=bmN`d=`f4-L1WMBL#s0{}enocye#)l+OJ
zWD!&vFd9~132yW|>Fjgp!znYFCtg|un|yBti=eXaQst(~iCaE4$6A&&{eMPEilrsr
zBP9Ir6YE*K_6R9o9S$qqko9kCD!whjP2MBqd3)WQTzlPAUXmV`N6QUE)cm-l(fhDG
z&Esv>Ves_0vfc5b9KnRgF3!%q$4ZZb?r*JB8T)&AkF$LL7LR*_pFQ-<RJL*`D~n18
zytN*)u@`wim=FBK#sUI9wMgRfu6S at cSh-amTY{UMSJc|GsowiyngXn^oK^3NTMs&d
z0RRucxeIw^SnbNa(kowN+t1a=-}iibba{N(7W{CZZlGId&;M^PEhQ?u!_2nl|3>;H
zkz=Nmwl!v-=GaE>`TvCdHY<6rZ|;^7rbi~y<VtIEx5xhmOI-a87Tb8mQ1*D$>CB|3
z6CNAlPEwuf+t16S34H|^9_v2%x=$K1&vCa5&UzEMl5MTW-H5Kr(ULE52$x>koVV33
z36!71V~Mf|sIpE-R*U6Mo=_C(3Zh at 4W+xUSABv9<dTDcgH`LBeFiQ-bqE+_$6t4RN
z000000000000000000000000000000000pF0hr_0OBo&e*#H0l07*qoM6N<$f&kRD
ARR910

literal 0
HcmV?d00001

diff --git a/demo/index.php b/demo/index.php
new file mode 100755
index 000000000..bf48e24af
--- /dev/null
+++ b/demo/index.php
@@ -0,0 +1,75 @@
+<!-- $Id: index.php 900 2017-01-06 19:25:47Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo
+<?php
+echo gethostname();
+?>
+</title>  
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+
+<body>
+
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo Home - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+<h3>Demo Block Diagram</h3>
+<p>
+All software is running on the server side.  There are no remote procedure calls.  The client side uses only the browser.
+<p>
+<img src="block.png" alt="Block Diagram" height="500" width="800"> 
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
diff --git a/demo/keycreate.php b/demo/keycreate.php
new file mode 100755
index 000000000..bd9e9f12b
--- /dev/null
+++ b/demo/keycreate.php
@@ -0,0 +1,287 @@
+<!-- $Id: keycreate.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo Key Creation
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+<body>
+
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo Key Creation - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+  
+<?php
+require '/var/www/html/tpm2/halg.inc';
+
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    //print_r($_POST);
+    $command = $_POST['command'];
+    $hi = $_POST['hi'];
+    $hp = $_POST['hp'];
+    $fixedtpm = $_POST['fixedtpm'];
+    $fixedparent = $_POST['fixedparent'];
+    $da = $_POST['da'];
+    $cl = $_POST['cl'];
+    $keytype = $_POST['keytype'];
+    $pwdpc = $_POST['pwdpc'];
+    $pwdph = $_POST['pwdph'];
+    $pwdk = $_POST['pwdk'];
+    $label= $_POST['label'];
+    $msg = $_POST['msg'];
+    
+    $retval = 0;
+    if ($command == 'Create') {
+	// parameter checks
+	if ($retval == 0) {
+	    if (strlen($label) == 0) {
+		echo "Label must be specified<br>";
+		$retval = 1;
+	    }
+	    if (strlen($keytype) == 0) {
+		echo "Key Type must be specified<br>";
+		$retval = 1;
+	    }
+	    if ($keytype == "bl") {
+		if (strlen($msg) == 0) {
+		    echo "Message must be specified for sealed data blob<br>";
+		    $retval = 1;
+		}
+	    }
+	    if ($keytype != "bl") {
+		if (strlen($msg) != 0) {
+		    echo "Message must not be specified unless sealed data blob<br>";
+		    $retval = 1;
+		}
+	    }
+	    if (strlen($hp) == 0) {
+		echo "Parent handle must be specified<br>";
+		$retval = 1;
+	    }
+	}
+	if ($retval == 0) {
+	    if (isset($cl)) {
+	        $commandStr = "/var/www/html/tpm2/createloaded";
+	    }
+	    else {
+	        $commandStr = "/var/www/html/tpm2/create";
+	    }
+	    // parent handle
+	    $commandStr .= " -hp " . $hp;
+	    // key attributes
+	    if (isset($fixedtpm)) {
+		$commandStr .= " -kt f";
+	    }
+	    if (isset($fixedparent)) {
+		$commandStr .= " -kt p";
+	    }
+	    if (isset($da)) {
+		$commandStr .= " -da";
+	    }
+	    // key type
+	    $commandStr .= " -" . $keytype;
+	    // parent password
+	    if (strlen($pwdpc) != 0) {
+		$commandStr .= " -pwdp " . $pwdpc;
+	    }
+	    // key password
+	    if (strlen($pwdk) != 0) {
+		$commandStr .= " -pwdk " . $pwdk;
+	    }
+	    // key label -> output file name
+	    $commandStr .= " -opu " . $label . "pub.key";
+	    $commandStr .= " -opr " . $label . "priv.key";
+	    $commandStr .= " -nalg $halg";
+	    $commandStr .= " -halg $halg";
+	    // sealed data blob has message to seal and policypcr
+ 	    if ($keytype == "bl") {
+		$commandStr .= " -if message.tmp";
+		$commandStr .= " -pol policies/policypcr16aaa" . $halg . ".bin";
+	    }
+	}
+	if ($retval == 0) {
+	    if ($keytype == "bl") {
+		$rc = file_put_contents ('message.tmp', $msg);
+		if (!$rc) {
+		    echo "could not write message to message.tmp<br>";
+		    $retval = 1;
+		}
+	    }
+	}
+	if ($retval == 0) {
+	    //echo "Command string: $commandStr. <br>"; $retval = 0;
+	    unset($output);
+	    exec ($commandStr, $output, $retval);
+	    if ($retval == 0) {
+		;
+	    }
+	    else {
+		echo "$commandStr <br>";
+		for ($i = 0 ; $i < count($output) ; $i++) {
+		    echo "$output[$i] <br>";
+		}
+	    }
+	}
+	@unlink ('message.tmp');
+    }
+    elseif ($command == 'Create Primary') {
+        $commandStr = "/var/www/html/tpm2/createprimary";
+	// hierarchy
+        if (strlen($hi) != 0) {
+            $commandStr .= " -hi " . $hi;
+        }
+	// hierarchy password
+        if (strlen($pwdph) != 0) {
+            $commandStr .= " -pwdp " . $pwdph;
+        }
+	// key password
+        if (strlen($pwdk)!= 0) {
+            $commandStr .= " -pwdk " . $pwdk;
+        }
+        //echo "Command string: $commandStr <br>"; $retval = 0;
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval == 0) {
+            echo $output[0] . "<br>";
+        }
+        else {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo "$output[$i] <br>";
+            }
+        }
+    }
+    else {
+        echo ("Invalid command $command");
+    }
+}
+?>
+
+<form method="post" action="keycreate.php">
+
+<h3>Common Parameters</h3>
+     Key Password <input type="password" name="pwdk" value="<?php echo $pwdk; ?>">(optional)
+
+<h3>Create Primary</h3>
+    
+<input type="radio" name="hi" value="p"
+     <?php if ($hi == "p") echo " checked"; ?>>Platform
+<input type="radio" name="hi" value="o"
+     <?php if (($hi == "o") || !isset($hi)) echo " checked"; ?>>Owner
+<input type="radio" name="hi" value="e"
+     <?php if ($hi == "e") echo " checked"; ?>>Endorsement
+<input type="radio" name="hi" value="n"
+     <?php if ($hi == "n") echo " checked"; ?>>Null
+<br>
+Hierarchy Password <input type="password" name="pwdph" value="<?php echo $pwdph; ?>">
+<br>
+<input type="submit" name="command" value="Create Primary">
+
+<h3>Create</h3>
+
+Parent Handle <input type="text" name="hp" value="<?php
+     if (strlen($hp) != 0) {
+        echo $hp;
+     }
+     else {
+        echo "80000000";
+     }
+?>"><br> 
+Parent Password <input type="password" name="pwdpc" value="<?php echo $pwdpc; ?>">
+<br>
+Key Label <input type="text" name="label" value="<?php echo $label; ?>">
+<br>
+Key Attributes
+<br>     
+<input type="checkbox" name="fixedtpm" value="t"
+    <?php if ($fixedtpm == "t") echo "checked"; ?>>Fixed TPM<br>
+<input type="checkbox" name="fixedparent" value="t"
+    <?php if ($fixedparent== "t") echo "checked"; ?>>Fixed Parent<br>
+<input type="checkbox" name="da" value="t"
+    <?php if ($da == "t") echo "checked"; ?>>DA Protection<br>
+<input type="checkbox" name="cl" value="t"
+    <?php if ($cl == "t") echo "checked"; ?>>Create Loaded<br>
+Key Type
+<br>
+<input type="radio" name="keytype" value="st"
+     <?php if ($keytype == "st") echo " checked"; ?>>Storage<br>
+<input type="radio" name="keytype" value="si"
+     <?php if ($keytype == "si") echo " checked"; ?>>Signing<br>
+<input type="radio" name="keytype" value="sir"
+     <?php if ($keytype == "sir") echo " checked"; ?>>Restricted Signing<br>
+<input type="radio" name="keytype" value="kh"
+     <?php if ($keytype == "kh") echo " checked"; ?>>Keyed Hash (HMAC)<br>
+<input type="radio" name="keytype" value="den"
+     <?php if ($keytype == "den") echo " checked"; ?>>RSA Decryption, NULL scheme<br> 
+<input type="radio" name="keytype" value="deo"
+     <?php if ($keytype == "deo") echo " checked"; ?>>RSA Decryption, OAEP scheme<br>
+<input type="radio" name="keytype" value="des"
+     <?php if ($keytype == "des") echo " checked"; ?>>AES Encrypt/Decrypt<br>
+<input type="radio" name="keytype" value="bl"
+     <?php if ($keytype == "bl") echo " checked"; ?>>Data Blob for Unseal
+
+--- Message to Seal <input type="text" name="msg" value="<?php echo $msg; ?>"><br>
+
+<input type="radio" name="keytype" value="gp"
+     <?php if ($keytype == "gp") echo " checked"; ?>>RSA General Purpose<br>
+<br>
+<input type="submit" name="command" value="Create">
+</form> 
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>	
diff --git a/demo/makefile b/demo/makefile
new file mode 100644
index 000000000..4b1a8a724
--- /dev/null
+++ b/demo/makefile
@@ -0,0 +1,55 @@
+#										#
+#		   TPM2 with SHA-256 and sockets demo makefile			#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefile 750 2016-09-21 13:31:02Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2016						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# TSS for sockets, hash algorithm SHA-256
+
+DEST=/var/www/html/tpm2
+SRCUTILS=../utils
+
+include makefile-common
+
+$(DEST)/halg.inc:		FORCE
+	cp halgsha256.inc 	$(DEST)/halg.inc
+	chmod 777 		$(DEST)/halg.inc
+
+$(DEST)/nav.html:		FORCE		
+	cp nav.html 		$(DEST)/nav.html
+	chmod 777 		$(DEST)/nav.html
+
+FORCE:
diff --git a/demo/makefile-common b/demo/makefile-common
new file mode 100644
index 000000000..7c880bff2
--- /dev/null
+++ b/demo/makefile-common
@@ -0,0 +1,240 @@
+#										#
+#			   TPM2 demo common makefile				#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefile-common 1327 2018-08-31 19:32:58Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2016, 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+$(DEST)/%.php:	%.php
+		cp $< $@
+		chmod a+r $@
+$(DEST)/%.html:	%.html
+		cp $< $@
+		chmod a+r $@
+$(DEST)/%.css:	%.css
+		cp $< $@
+		chmod a+r $@
+$(DEST)/%.png:	%.png
+		cp $< $@
+		chmod a+r $@
+
+all:					\
+	$(DEST)/nav.html		\
+	$(DEST)/footer.html		\
+	$(DEST)/index.php		\
+	$(DEST)/admin.php		\
+	$(DEST)/nvram.php		\
+	$(DEST)/pcr.php			\
+	$(DEST)/handles.php		\
+	$(DEST)/nv.php			\
+	$(DEST)/keycreate.php		\
+	$(DEST)/nvram.php		\
+	$(DEST)/sign.php		\
+	$(DEST)/unseal.php		\
+	$(DEST)/quote.php		\
+					\
+	$(DEST)/halg.inc		\
+	$(DEST)/demo.css		\
+	$(DEST)/block.png		\
+	$(DEST)/ibm.png			\
+					\
+	$(DEST)/policies/policypcr16aaasha256.bin	\
+	$(DEST)/policies/policypcr16aaasha1.bin	\
+					\
+	$(DEST)/libibmtss.so.1.1	\
+	$(DEST)/libibmtssutils.so.1.1	\
+					\
+	$(DEST)/clockset		\
+	$(DEST)/create			\
+	$(DEST)/createloaded		\
+	$(DEST)/createprimary		\
+	$(DEST)/evictcontrol		\
+	$(DEST)/flushcontext 		\
+	$(DEST)/getcapability 		\
+	$(DEST)/getrandom 		\
+	$(DEST)/hierarchychangeauth	\
+	$(DEST)/hierarchycontrol	\
+	$(DEST)/load			\
+	$(DEST)/nvreadpublic		\
+	$(DEST)/nvdefinespace		\
+	$(DEST)/nvundefinespace		\
+	$(DEST)/nvwrite			\
+	$(DEST)/nvwritelock		\
+	$(DEST)/nvread			\
+	$(DEST)/nvincrement		\
+	$(DEST)/pcrextend		\
+	$(DEST)/pcrread			\
+	$(DEST)/pcrreset		\
+	$(DEST)/policypcr		\
+	$(DEST)/quote 			\
+	$(DEST)/readclock		\
+	$(DEST)/sign			\
+	$(DEST)/startauthsession 	\
+	$(DEST)/verifysignature		\
+	$(DEST)/unseal
+
+$(DEST)/policies/policypcr16aaasha256.bin:	$(SRCUTILS)/policies/policypcr16aaasha256.bin
+	mkdir -p $(DEST)/policies
+	cp $(SRCUTILS)/policies/policypcr16aaasha256.bin $(DEST)/policies/policypcr16aaasha256.bin
+	chmod a+r				$(DEST)/policies/policypcr16aaasha256.bin		
+
+$(DEST)/policies/policypcr16aaasha1.bin:	$(SRCUTILS)/policies/policypcr16aaasha1.bin
+	mkdir -p $(DEST)/policies
+	cp $(SRCUTILS)/policies/policypcr16aaasha1.bin $(DEST)/policies/policypcr16aaasha1.bin
+	chmod a+r				$(DEST)/policies/policypcr16aaasha1.bin
+
+$(DEST)/libibmtss.so.1.1:		$(SRCUTILS)/libibmtss.so.1.1
+	cp $(SRCUTILS)/libibmtss.so.1.1 $(DEST)/libibmtss.so.1.1
+	chmod 777 			$(DEST)/libibmtss.so.1.1
+	ln -sf $(DEST)/libibmtss.so.1.1	$(DEST)/libibmtss.so.1
+	ln -sf $(DEST)/libibmtss.so.1	$(DEST)/libibmtss.so
+
+$(DEST)/libibmtssutils.so.1.1:			$(SRCUTILS)/libibmtssutils.so.1.1
+	cp $(SRCUTILS)/libibmtssutils.so.1.1 	$(DEST)/libibmtssutils.so.1.1
+	chmod 777 				$(DEST)/libibmtssutils.so.1.1
+	ln -sf $(DEST)/libibmtssutils.so.1.1	$(DEST)/libibmtssutils.so.1
+	ln -sf $(DEST)/libibmtssutils.so.1	$(DEST)/libibmtssutils.so
+
+$(DEST)/pcrread:			$(SRCUTILS)/pcrread	
+	cp $(SRCUTILS)/pcrread		$(DEST)/pcrread
+	chmod 777 			$(DEST)/pcrread
+
+$(DEST)/readclock:			$(SRCUTILS)/readclock	
+	cp $(SRCUTILS)/readclock	$(DEST)/readclock
+	chmod 777 			$(DEST)/readclock
+
+$(DEST)/clockset:			$(SRCUTILS)/clockset	
+	cp $(SRCUTILS)/clockset		$(DEST)/clockset
+	chmod 777 			$(DEST)/clockset
+
+$(DEST)/getcapability:			$(SRCUTILS)/getcapability	
+	cp $(SRCUTILS)/getcapability	$(DEST)/getcapability
+	chmod 777 			$(DEST)/getcapability
+
+$(DEST)/getrandom:			$(SRCUTILS)/getrandom	
+	cp $(SRCUTILS)/getrandom	$(DEST)/getrandom
+	chmod 777 			$(DEST)/getrandom
+
+$(DEST)/nvreadpublic:			$(SRCUTILS)/nvreadpublic	
+	cp $(SRCUTILS)/nvreadpublic	$(DEST)/nvreadpublic
+	chmod 777 			$(DEST)/nvreadpublic
+
+$(DEST)/create:				$(SRCUTILS)/create	
+	cp $(SRCUTILS)/create		$(DEST)/create
+	chmod 777 			$(DEST)/create
+
+$(DEST)/createloaded:			$(SRCUTILS)/createloaded	
+	cp $(SRCUTILS)/createloaded	$(DEST)/createloaded
+	chmod 777 			$(DEST)/createloaded
+
+$(DEST)/createprimary:			$(SRCUTILS)/createprimary	
+	cp $(SRCUTILS)/createprimary	$(DEST)/createprimary
+	chmod 777 			$(DEST)/createprimary
+
+$(DEST)/nvdefinespace:			$(SRCUTILS)/nvdefinespace	
+	cp $(SRCUTILS)/nvdefinespace	$(DEST)/nvdefinespace
+	chmod 777 			$(DEST)/nvdefinespace
+
+$(DEST)/nvundefinespace:		$(SRCUTILS)/nvundefinespace	
+	cp $(SRCUTILS)/nvundefinespace	$(DEST)/nvundefinespace
+	chmod 777 			$(DEST)/nvundefinespace
+
+$(DEST)/nvwrite:			$(SRCUTILS)/nvwrite	
+	cp $(SRCUTILS)/nvwrite		$(DEST)/nvwrite
+	chmod 777 			$(DEST)/nvwrite
+
+$(DEST)/nvwritelock:			$(SRCUTILS)/nvwritelock	
+	cp $(SRCUTILS)/nvwritelock	$(DEST)/nvwritelock
+	chmod 777 			$(DEST)/nvwritelock
+
+$(DEST)/nvread:				$(SRCUTILS)/nvread	
+	cp $(SRCUTILS)/nvread		$(DEST)/nvread
+	chmod 777 			$(DEST)/nvread
+
+$(DEST)/nvincrement:			$(SRCUTILS)/nvincrement	
+	cp $(SRCUTILS)/nvincrement	$(DEST)/nvincrement
+	chmod 777 			$(DEST)/nvincrement
+
+$(DEST)/sign:				$(SRCUTILS)/sign
+	cp $(SRCUTILS)/sign		$(DEST)/sign
+	chmod 777 			$(DEST)/sign
+
+$(DEST)/verifysignature:		$(SRCUTILS)/verifysignature
+	cp $(SRCUTILS)/verifysignature	$(DEST)/verifysignature
+	chmod 777 			$(DEST)/verifysignature
+
+$(DEST)/hierarchychangeauth:		$(SRCUTILS)/hierarchychangeauth
+	cp $(SRCUTILS)/hierarchychangeauth	$(DEST)/hierarchychangeauth
+	chmod 777 			$(DEST)/hierarchychangeauth
+
+$(DEST)/hierarchycontrol:		$(SRCUTILS)/hierarchycontrol
+	cp $(SRCUTILS)/hierarchycontrol	$(DEST)/hierarchycontrol
+	chmod 777 			$(DEST)/hierarchycontrol
+
+$(DEST)/pcrextend:			$(SRCUTILS)/pcrextend
+	cp $(SRCUTILS)/pcrextend	$(DEST)/pcrextend
+	chmod 777 			$(DEST)/pcrextend
+
+$(DEST)/pcrreset:			$(SRCUTILS)/pcrreset
+	cp $(SRCUTILS)/pcrreset		$(DEST)/pcrreset
+	chmod 777 			$(DEST)/pcrreset
+
+$(DEST)/load:				$(SRCUTILS)/load
+	cp $(SRCUTILS)/load		$(DEST)/load
+	chmod 777			$(DEST)/load
+
+$(DEST)/startauthsession:		$(SRCUTILS)/startauthsession
+	cp $(SRCUTILS)/startauthsession	$(DEST)/startauthsession
+	chmod 777 			$(DEST)/startauthsession
+
+$(DEST)/unseal:				$(SRCUTILS)/unseal
+	cp $(SRCUTILS)/unseal		$(DEST)/unseal
+	chmod 777 			$(DEST)/unseal
+
+$(DEST)/policypcr:			$(SRCUTILS)/policypcr		
+	cp $(SRCUTILS)/policypcr	$(DEST)/policypcr		
+	chmod 777 			$(DEST)/policypcr		
+
+$(DEST)/flushcontext:			$(SRCUTILS)/flushcontext
+	cp $(SRCUTILS)/flushcontext	$(DEST)/flushcontext
+	chmod 777 			$(DEST)/flushcontext
+
+$(DEST)/quote:				$(SRCUTILS)/quote
+	cp $(SRCUTILS)/quote		$(DEST)/quote
+	chmod 777 			$(DEST)/quote
+
+$(DEST)/evictcontrol:			$(SRCUTILS)/evictcontrol
+	cp $(SRCUTILS)/evictcontrol	$(DEST)/evictcontrol
+	chmod 777 			$(DEST)/evictcontrol
diff --git a/demo/makefile_dev b/demo/makefile_dev
new file mode 100644
index 000000000..70ea505e4
--- /dev/null
+++ b/demo/makefile_dev
@@ -0,0 +1,55 @@
+#										#
+#		   TPM2 with SHA-256 and /dev/tpm0 demo makefile		#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefile_dev 749 2016-09-20 17:10:53Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2016						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# TSS for /dev/tpm0, hash algorithm SHA-256
+
+DEST=/var/www/html/tpm2
+SRCUTILS=../utils
+
+include makefile-common
+
+$(DEST)/halg.inc:		FORCE		
+	cp halgsha256.inc 	$(DEST)/halg.inc
+	chmod 777 		$(DEST)/halg.inc
+
+$(DEST)/nav.html:		FORCE		
+	cp navdev.html 		$(DEST)/nav.html
+	chmod 777 		$(DEST)/nav.html
+
+FORCE:
diff --git a/demo/makefilesha1 b/demo/makefilesha1
new file mode 100644
index 000000000..84be34c14
--- /dev/null
+++ b/demo/makefilesha1
@@ -0,0 +1,53 @@
+#										#
+#		   TPM2 with SHA-1 and sockets demo makefile			#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefilesha1 750 2016-09-21 13:31:02Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2016						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+
+# TSS for sockets, hash algorithm SHA-1
+
+DEST=/var/www/html/tpm2
+SRCUTILS=../utils
+
+include makefile-common
+
+$(DEST)/halg.inc:		FORCE		
+	cp halgsha1.inc 	$(DEST)/halg.inc
+	chmod 777 		$(DEST)/halg.inc
+
+$(DEST)/nav.html:		FORCE		
+	cp nav.html 		$(DEST)/nav.html
+	chmod 777 		$(DEST)/nav.html
+
+FORCE:
diff --git a/demo/makefilesha1_dev b/demo/makefilesha1_dev
new file mode 100644
index 000000000..396f8e0df
--- /dev/null
+++ b/demo/makefilesha1_dev
@@ -0,0 +1,55 @@
+#										#
+#		   TPM2 with SHA-1 and /dev/tpm0 demo makefile			#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefilesha1_dev 749 2016-09-20 17:10:53Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2016						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# TSS for /dev/tpm0, hash algorithm SHA-1
+
+DEST=/var/www/html/tpm2
+SRCUTILS=../utils
+
+include makefile-common
+
+$(DEST)/halg.inc:		FORCE		
+	cp halgsha1.inc 	$(DEST)/halg.inc
+	chmod 777 		$(DEST)/halg.inc
+
+$(DEST)/nav.html:		FORCE		
+	cp navdev.html 		$(DEST)/nav.html
+	chmod 777 		$(DEST)/nav.html
+
+FORCE:
diff --git a/demo/nav.html b/demo/nav.html
new file mode 100644
index 000000000..3408d2b3b
--- /dev/null
+++ b/demo/nav.html
@@ -0,0 +1,21 @@
+<!-- $Id: nav.html 920 2017-01-20 20:16:16Z kgoldman $ -->
+
+<?php
+putenv("TPM_INTERFACE_TYPE=socsim");
+putenv("TPM_ENCRYPT_SESSIONS=0");
+?>
+
+<div id="nav">
+<a href="index.php">Home</a><br>
+<a href="admin.php">Administration</a><br>
+<a href="pcr.php">PCRs</a><br>
+<a href="handles.php">Handles</a><br>
+<a href="nv.php">NV Properties</a><br>
+<a href="keycreate.php">Key Creation</a><br>
+
+<a href="nvram.php">NV Indexes</a><br>
+<a href="sign.php">RSA Sign and Verify</a><br>
+<a href="unseal.php">Unseal</a><br>
+<a href="quote.php">Quote</a><br>
+</div>
+
diff --git a/demo/navdev.html b/demo/navdev.html
new file mode 100644
index 000000000..0bf389e1d
--- /dev/null
+++ b/demo/navdev.html
@@ -0,0 +1,21 @@
+<!-- $Id: navdev.html 920 2017-01-20 20:16:16Z kgoldman $ -->
+
+<?php
+putenv("TPM_INTERFACE_TYPE=dev");
+putenv("TPM_ENCRYPT_SESSIONS=0");
+?>
+
+<div id="nav">
+<a href="index.php">Home</a><br>
+<a href="admin.php">Administration</a><br>
+<a href="pcr.php">PCRs</a><br>
+<a href="handles.php">Handles</a><br>
+<a href="nv.php">NV Properties</a><br>
+<a href="keycreate.php">Key Creation</a><br>
+
+<a href="nvram.php">NV Indexes</a><br>
+<a href="sign.php">RSA Sign and Verify</a><br>
+<a href="unseal.php">Unseal</a><br>
+<a href="quote.php">Quote</a><br>
+</div>
+
diff --git a/demo/nv.php b/demo/nv.php
new file mode 100755
index 000000000..f348f9b6d
--- /dev/null
+++ b/demo/nv.php
@@ -0,0 +1,223 @@
+<!-- $Id: nv.php 1329 2018-09-05 15:16:18Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016, 2018					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+    <head>
+	<title>TSS 2.0 Demo NV Properties
+	    <?php
+	    echo gethostname();
+	    ?>
+	</title>
+	<link rel="stylesheet" type="text/css" href="demo.css">
+    </head>
+    <body>
+
+	<div id="header">
+	    <img src="ibm.png" style="float:right;width:200px;height:70px">
+	    <h2>IBM TSS Demo NV Properties - 
+		<?php
+		echo gethostname();
+		?>
+	    </h2>
+	</div>
+
+	<?php
+	require '/var/www/html/tpm2/nav.html';
+	?>
+
+	<div id="section">
+
+	    <?php
+	    unset($capoutput);
+	    exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 01000000", $capoutput, $retval);
+	    sscanf($capoutput[0], "%d", $count);
+	    for ($index = 0 ; $index < $count ; $index++) {
+
+		$retval = 0;
+		$handle = $capoutput[1 + $index];
+		printf("<h3>Handle: %s</h3>", $handle);
+
+		unset($output);
+		exec ("/var/www/html/tpm2/nvreadpublic -ha $handle", $output, $retval);
+		if ($retval == 0) {
+		    //print_r($output);
+
+		    // first line is name algorithm
+		    $exp = explode(" ", $output[0]);
+		    switch ($exp[3]) {
+			case '000b':
+			    printf("Name Algorithm: SHA-256\n<br>");
+			    break;
+			case '000c':
+			    printf("Name Algorithm: SHA-384\n<br>");
+			    break;
+			case '0004':
+			    printf("Name Algorithm: SHA-1\n<br>");
+			    break;
+			default:
+			    printf("Name Algorithm: %04x unknown\n<br>", $exp[3]);
+		    }
+		    // second line is size
+		    $exp = explode(" ", $output[1]);
+		    printf("Data size: %u\n<br>", $exp[3]);
+		    // third line are attributes
+		    $exp = explode(" ", $output[2]);
+		    $attr = hexdec($exp[2]);
+		    printf("Attributes: %08x\n<br>", $attr);
+		    switch ($attr & 0x000000f0) {
+			case 0x00000000:
+			    printf("Type: Ordinary\n");
+			    break;
+			case 0x00000010:
+			    printf("Type: Counter\n");
+			    break;
+			case 0x00000020:
+			    printf("Type: Bits\n");
+			    break;
+			case 0x00000040:
+			    printf("Type: Extend\n");
+			    break;
+			case 0x00000080:
+			    printf("Type: Pin Fail\n");
+			    break;
+			case 0x00000090:
+			    printf("Type: Pin Pass\n");
+			    break;
+			default:
+			    printf("Type: %08x unknown\n", $attr);
+		    }
+		    echo "<blockquote>\n";
+		    if ($attr & 0x00000001) {		// bit 0
+			printf("\tPlatform Authorization write<br>\n");
+		    }
+		    if ($attr & 0x00000002) {
+			printf("\tOwner Authorization write<br>\n");
+		    }
+		    if ($attr & 0x00000004) {
+			printf("\tIndex Authorization write<br>\n");
+		    }
+		    if ($attr & 0x00000008) {
+			printf("\tPolicy Authorization write<br>\n");
+		    }
+		    if ($attr & 0x00000400) {
+			printf("\tPolicy Authorization delete<br>\n");
+		    }
+		    if ($attr & 0x00000800) {
+			printf("\tWrite locked<br>\n");
+		    }
+		    if ($attr & 0x00001000) {		// bit 12
+			printf("\tWrite all<br>\n");
+		    }
+		    if ($attr & 0x00002000) {
+			printf("\tWrite lockable (write define)<br>\n");
+		    }
+		    if ($attr & 0x00004000) {
+			printf("\tWrite lockable until ST Clear<br>\n");
+		    }
+		    if ($attr & 0x00008000) {
+			printf("\tGlobal lockable<br>\n");
+		    }
+		    if ($attr & 0x00010000) {		// bit 16
+			printf("\tPlatform Authorization read<br>\n");
+		    }
+		    if ($attr & 0x00020000) {
+			printf("\tOwner Authorization read<br>\n");
+		    }
+		    if ($attr & 0x00040000) {
+			printf("\tIndex Authorization read<br>\n");
+		    }
+		    if ($attr & 0x00080000) {
+			printf("\tPolicy Authorization read<br>\n");
+		    }
+		    if ($attr & 0x02000000) {		// bit 25
+			printf("\tNo DA protection<br>\n");
+		    }
+		    if ($attr & 0x04000000) {
+			printf("\tOrderly (hybrid) index<br>\n");
+		    }
+		    if ($attr & 0x08000000) {
+			printf("\tWritten cleared on ST Clear<br>\n");
+		    }
+		    if ($attr & 0x10000000) {		// bit 28
+			printf("\tRead locked<br>\n");
+		    }
+		    if ($attr & 0x20000000) {
+			printf("\tWritten<br>\n");
+		    }
+		    if ($attr & 0x40000000) {
+			printf("\tPlatform created<br>\n");
+		    }
+		    if ($attr & 0x80000000) {
+			printf("\tRead lockable until ST Clear<br>\n");
+		    }
+		    echo "\n</blockquote>\n";
+
+		    // search for policy
+		    for ($i = 0 ; $i < count($output) ; $i++) {
+			$found = strpos($output[$i], "policy");
+			if ($found) {
+			    $exp = explode(" ", $output[$i]);
+			    echo "Policy length: " . $exp[4] . "\n<br>\n";
+			    if ($exp[4] != 0) {
+				echo "Policy:\n<br>";
+				echo "\n<kbd>\n";
+				echo "\t" . $output[$i + 1] . "\n<br>\n";
+				echo "\t" . $output[$i + 2] . "\n<br>\n";
+				if ($exp[4] > 32) {
+				    echo "\t" . $output[$i + 3] . "\n<br>\n";
+				}
+				echo "</kbd>\n";
+			    }
+			}
+		    }
+		}
+		else {
+		    echo $commandStr . "<br>\n";
+		    for ($i = 0 ; $i < count($output) ; $i++) {
+			echo $output[$i] . "<br>\n";
+		    }
+		}
+	    }
+	    ?>
+
+	</div>
+
+	<?php
+	require '/var/www/html/tpm2/footer.html';
+	?>
+
+    </body>
+</html>
diff --git a/demo/nvram.php b/demo/nvram.php
new file mode 100755
index 000000000..bdc492c08
--- /dev/null
+++ b/demo/nvram.php
@@ -0,0 +1,308 @@
+<!-- $Id: nvram.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo NV Indexes
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+			
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo NV Indexes - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    // print_r($_POST);
+    //echo "<br>";
+
+    $command = $_POST['command'];
+    $ha = $_POST['ha'];
+    $pwdpd = $_POST['pwdpd'];
+    $pwdpu = $_POST['pwdpu'];
+    $pwdn = $_POST['pwdn'];
+    $hid = $_POST['hid'];
+    $hiu = $_POST['hiu'];
+    $ty = $_POST['ty'];
+    $wd = $_POST['wd'];
+    $szd = $_POST['szd'];
+    $szr = $_POST['szr'];
+    $ic = $_POST['ic'];
+    
+    $retval = 0;
+    // parameter checks
+    if ($retval == 0) {
+	if (strlen($ha) == 0) {
+	    echo "NV Index handle must be specified<br>";
+	    $retval = 1;
+	}
+	if ($command == 'NV Define Space') {
+	    if (strlen($ty) == 0) {
+		echo "NV Define Space type must be specified<br>";
+		$retval = 1;
+	    }
+	    if (strlen($hid) == 0) {
+		echo "NV Define Space hierarchy must be specified<br>";
+		$retval = 1;
+	    }
+	}
+	if ($command == 'NV Undefine Space') {
+	    if (strlen($hiu) == 0) {
+		echo "NV Define Space hierarchy must be specified<br>";
+		$retval = 1;
+	    }
+	}
+    }
+    // construct the command
+    if ($retval == 0) {
+	switch ($command) {
+	  case 'NV Define Space':
+	    $commandStr = "/var/www/html/tpm2/nvdefinespace";
+	    $commandStr .= " -ha " . $ha;
+	    if (strlen($pwdn) != 0) {
+	        $commandStr .= " -pwdn " . $pwdn;
+	    }
+	    $commandStr .= " -ty " . $ty;
+	    if (strlen($wd) != 0) {
+	        $commandStr .= " +at wd";
+	    }
+	    $commandStr .= " -hi " . $hid;
+	    if (strlen($pwdpd) != 0) {
+	        $commandStr .= " -pwdp " . $pwdpd;
+	    }
+	    if (strlen($szd) != 0) {
+	        $commandStr .= " -sz " . $szd;
+	    }
+	    break;
+	  case 'NV Undefine Space':
+	    $commandStr = "/var/www/html/tpm2/nvundefinespace";
+	    $commandStr .= " -ha " . $ha;
+	    $commandStr .= " -hi " . $hiu;
+	    if (strlen($pwdpu) != 0) {
+	        $commandStr .= " -pwdp " . $pwdpu;
+	    }
+	    break;
+	  case 'NV Write':
+	    $commandStr = "/var/www/html/tpm2/nvwrite";
+	    $commandStr .= " -ha " . $ha;
+	    if (strlen($pwdn) != 0) {
+	        $commandStr .= " -pwdn " . $pwdn;
+	    }
+	    if (strlen($ic) != 0) {
+	        $commandStr .= " -ic " . $ic;
+	    }
+	    break;
+	  case 'NV Write Lock':
+	    $commandStr = "/var/www/html/tpm2/nvwritelock";
+	    $commandStr .= " -ha " . $ha;
+	    if (strlen($pwdn) != 0) {
+	        $commandStr .= " -pwdn " . $pwdn;
+	    }
+	    break;
+	  case 'NV Read':
+	    $commandStr = "/var/www/html/tpm2/nvread";
+	    $commandStr .= " -ha " . $ha;
+	    if (strlen($pwdn) != 0) {
+	        $commandStr .= " -pwdn " . $pwdn;
+	    }
+	    if (strlen($szr) != 0) {
+	        $commandStr .= " -sz " . $szr;
+	    }
+	    break;
+	  case 'NV Increment':
+	    $commandStr = "/var/www/html/tpm2/nvincrement";
+	    $commandStr .= " -ha " . $ha;
+	    if (strlen($pwdn) != 0) {
+	        $commandStr .= " -pwdn " . $pwdn;
+	    }
+  	    break;
+	  default:
+	    echo ("Invalid command $command");
+	    $retval = 1;
+	    break;
+	}
+    }
+    // run the command
+    if ($retval == 0) {
+	//echo 'Command string: ' . $commandStr . "<br>";
+	unset($output);
+	exec ($commandStr, $output, $retval);
+	if ($retval == 0) {
+	    if ($command == 'NV Define Space') {
+		exec ("/var/www/html/tpm2/nvreadpublic -ha " .  $ha);
+	    }
+	    else if ($command == 'NV Read') {
+		echo "NV Read data (hex ascii):<br>\n";
+		echo "<kbd>";
+		for ($l = 1 ; $l < count($output) ; $l++) {
+		    echo $output[$l] . "<br>";
+		}
+		echo "</kbd>";
+
+		// convert back to ascii
+		echo "NV Read data (ascii):<br>\n";
+		for ($l = 1 ; $l < count($output) ; $l++) {
+		    $chars = str_split ($output[$l], 3);
+		    for ($i = 0 ; $i < count($chars) ; $i++) {
+		        echo chr('0x' . trim($chars[$i]));
+		    }
+		    echo "<br>\n";
+		}
+	    }
+	    //echo "Success";
+	}
+	else {
+	    echo $commandStr . "<br>";
+	    for ($i = 0 ; $i < count($output) ; $i++) {
+		echo $output[$i] . "<br>";
+	    }
+	}
+    }
+}
+?>
+
+
+<form method="post" action="nvram.php">
+
+<h3>NV Index Parameters</h3>
+Index Handle <input type="text" name="ha" value="<?php
+     if (strlen($ha) != 0) {
+        echo $ha;
+     }
+     else {
+        echo "01000000";
+     }
+?>">
+<br>
+Index Password <input type="password" name="pwdn" value="<?php echo $pwdn; ?>">
+<br>
+
+<h3>NV Define Space (Create Index)</h3>
+
+Type
+<input type="radio" name="ty" value="o"
+          <?php if (($ty == "o") || !isset($ty)) echo " checked"; ?>>Ordinary
+<input type="radio" name="ty" value="c"
+          <?php if ($ty == "c") echo " checked"; ?>>Counter
+<input type="radio" name="ty" value="b"
+          <?php if ($ty == "b") echo " checked"; ?>>Bits
+<input type="radio" name="ty" value="e"
+          <?php if ($ty == "e") echo " checked"; ?>>Extend
+<br>
+Attributes
+<input type="checkbox" name="wd" value="t" checked>Write Define (Lockable)
+<br>
+Hierarchy
+<input type="radio" name="hid" value="p"
+          <?php if ($hid == "p") echo " checked"; ?>>Platform
+<input type="radio" name="hid" value="o" 
+          <?php if (($hid == "o") || !isset($hid)) echo " checked"; ?>>Owner
+<br>
+Hierarchy Password <input type="password" name="pwdpd" value="<?php echo $pwdpd; ?>">
+<br>
+Index Size <input type="text" name="szd" value="
+<?php
+     if (strlen($szd) != 0) {
+        echo $szd;
+     }
+     else {
+        echo "8";
+     }
+?>">
+<br>
+<input type="submit" name="command" value="NV Define Space">
+
+<h3>NV Undefine Space (Delete Index)</h3>
+
+Hierarchy
+<input type="radio" name="hiu" value="p"
+          <?php if ($hiu == "p")  echo " checked"; ?>>Platform
+<input type="radio" name="hiu" value="o" 
+          <?php if (($hiu == "o") || !isset($hiu)) echo " checked"; ?>>Owner
+<br>
+Hierarchy Password <input type="password" name="pwdpu" value="<?php echo $pwdpu; ?>">
+<br>
+<input type="submit" name="command" value="NV Undefine Space">
+
+<h3>NV Write</h3>
+Data <input type="text" name="ic" value="<?php echo $ic; ?>">
+<br>
+<input type="submit" name="command" value="NV Write">
+
+<h3>NV Write Lock</h3>
+<input type="submit" name="command" value="NV Write Lock">
+
+<h3>NV Read</h3>
+Index Size <input type="text" name="szr" value="<?php
+     if (strlen($szr) != 0) {
+        echo $szr;
+     }
+     else {
+        echo "8";
+     }
+?>">
+
+<br>
+<input type="submit" name="command" value="NV Read">
+
+
+<h3>NV Increment</h3>
+<input type="submit" name="command" value="NV Increment">
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
+
diff --git a/demo/pcr.php b/demo/pcr.php
new file mode 100755
index 000000000..8a1f33ec7
--- /dev/null
+++ b/demo/pcr.php
@@ -0,0 +1,179 @@
+<!-- $Id: pcr.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo PCRs
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+<body>
+
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo PCRs - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+     
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+require '/var/www/html/tpm2/halg.inc';
+
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+ 
+    $command = $_POST['command'];
+    $ha = $_POST['ha'];
+    $ic = $_POST['ic'];
+
+    $retval = 0;
+    // parameter checks
+    if ($retval == 0) {
+	if (strlen($ha) == 0) {
+	    echo "PCR Index must be specified<br>";
+	    $retval = 1;
+	}
+	if ($command == 'PCR Extend') {
+	    if (strlen($ic) == 0) {
+		echo "PCR Extend data must be specified<br>";
+		$retval = 1;
+	    }
+	}
+    }
+    // construct the command
+    if ($retval == 0) {
+	switch ($command) {
+	  case 'PCR Extend':
+	    $commandStr = "/var/www/html/tpm2/pcrextend -halg $halg";
+	    $commandStr .= " -ha " . $ha;
+	    $commandStr .= " -ic " . $ic;
+	    break;
+	  case 'PCR Reset':
+	    $commandStr = "/var/www/html/tpm2/pcrreset";
+	    $commandStr .= " -ha " . $ha;
+	    break;
+	  default:
+	    echo ("Invalid command $command");
+	    $retval = 1;
+	    break;
+	}
+    }
+    // run the command
+    if ($retval == 0) {
+	//echo 'Command string: ' . $commandStr. "<br>"; $retval = 0;
+	unset($output);
+	exec ($commandStr, $output, $retval);
+	if ($retval == 0) {
+	    ;
+	}
+	else {
+	    echo "<br>" . $commandStr . "<br>";
+	    for ($i = 0 ; $i < count($output) ; $i++) {
+		echo $output[$i] . "<br>";
+	    }
+	}
+    }
+}
+     
+echo "<h3>PCRs</h3>";
+echo "<kbd>\n";
+
+for ($i = '0' ; $i < '24' ; $i++) {
+    
+    $commandStr = "/var/www/html/tpm2/pcrread -ha $i -halg $halg";
+    //echo 'Command string: ' . $commandStr. "<br>";
+    unset($output);
+    exec ($commandStr, $output, $retval);
+    printf("PCR %02d: ", $i);
+    if ($retval == 0) {
+	echo $output[2] . $output[3] . "<br>\n";
+    }
+    else {
+	printf("pcrread returned: $retval<br>\n");
+    }
+} 
+
+echo "</kbd>";
+
+?>
+
+<form method="post" action="pcr.php">
+
+<h3>PCR Extend and Reset</h3>
+
+PCR Index <input type="text" name="ha" value="<?php
+     if (strlen($ha) != 0) {
+        echo $ha;
+     }
+     else {
+        echo "16";
+     }
+?>">
+<br>
+
+PCR Extend Data <input type="text" name="ic" value="<?php
+     if (strlen($ic) != 0) {
+        echo $ic;
+     }
+     else {
+        echo "aaa";
+     }
+?>">
+<br>
+
+<input type="submit" name="command" value="PCR Extend">
+<br>
+<input type="submit" name="command" value="PCR Reset">
+<br>
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
diff --git a/demo/quote.php b/demo/quote.php
new file mode 100755
index 000000000..960001706
--- /dev/null
+++ b/demo/quote.php
@@ -0,0 +1,239 @@
+<!-- $Id: quote.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo Quote
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+			
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo Quote- 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+require '/var/www/html/tpm2/halg.inc';
+
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    //print_r($_POST);
+    echo "<br>\n";
+
+    $command = $_POST['command'];
+    $hp = $_POST['hp'];
+    $hpcr = $_POST['hpcr'];
+    $label= $_POST['label'];
+    $quotename = $_POST['quotename'];
+    $pwdk = $_POST['pwdk'];
+
+    $retval = 0;
+    // parameter checks
+    if ($retval == 0) {
+	if (strlen($hp) == 0) {
+	    echo "Parent handle must be specified<br>\n";
+	    $retval = 1;
+	}
+	if (strlen($label) == 0) {
+	    echo "Label must be specified<br>\n";
+	    $retval = 1;
+	}
+	if (strlen($quotename) == 0) {
+	    echo "Quote name must be specified<br>\n";
+	    $retval = 1;
+	}
+ 	if (strlen($hpcr) == 0) {
+	    echo "PCR must be specified<br>\n";
+	    $retval = 1;
+	}
+	else {
+	    if (($hpcr < 0) || ($hpcr > 23)) {
+		echo "PCR must be between 0 and 23<br>\n";
+		$retval = 1;
+	    }
+	}
+    }
+    // load the key
+    if ($retval == 0) {
+        $commandStr = "/var/www/html/tpm2/load";
+        $commandStr .= " -hp " . $hp;
+        $commandStr .= " -ipu " . $label . "pub.key";
+        $commandStr .= " -ipr " . $label . "priv.key";
+        if (strlen($pwdp) != 0) {
+            $commandStr .= " -pwdp " . $pwdp;
+        }
+        //echo 'Command string: ' . $commandStr. "<br>\n";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>\n";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>\n";
+            }
+        }
+    }
+    // get the handle from the response
+    if ($retval == 0) {
+        //print_r($output);
+        $values = explode (" ", $output[0]);
+        $hk = $values[1];
+        echo "Loaded quote signing key handle: " . $hk . "<br>\n";
+    }
+    // construct the quote or verify command using the signing key
+    if ($retval == 0) {
+	switch ($command) {
+	  case 'Quote':
+	    $commandStr = "/var/www/html/tpm2/quote";
+	    $commandStr .= " -hk " . $hk;
+	    $commandStr .= " -halg " . $halg;
+	    $commandStr .= " -hp " . $hpcr;
+	    $commandStr .= " -os " . $quotename . ".sig";
+	    $commandStr .= " -oa " . $quotename . ".att";
+	    if (strlen($pwdk) != 0) {
+	        $commandStr .= " -pwdk " . $pwdk;
+	    }
+	    break;
+	  case 'Verify Quote':
+	    $commandStr = "/var/www/html/tpm2/verifysignature";
+	    $commandStr .= " -hk " . $hk;
+	    $commandStr .= " -halg " . $halg;
+	    $commandStr .= " -is " . $quotename . ".sig";
+	    $commandStr .= " -if " . $quotename . ".att";
+	    break;
+	  default:
+	    echo ("Invalid command $command <br>\n");
+	    $retval = 1;
+	    break;
+	}
+    }
+    // run the quote or verify command
+    if ($retval == 0) {
+	//echo 'Command string: ' . $commandStr. "<br>\n";
+	unset($output);
+	exec ($commandStr, $output, $retval);
+	if ($retval == 0) {
+	    if ($command == 'Quote') {
+		// after a successful quote, display the PCR value quoted */
+		$commandStr = "/var/www/html/tpm2/pcrread -ha $hpcr -halg $halg";
+		//echo 'Command string: ' . $commandStr. "<br>";
+		unset($output);
+		exec ($commandStr, $output, $retval);
+		printf("Quoted PCR %02d: ", $hpcr);
+		if ($retval == 0) {
+		    echo $output[2] . $output[3] . '<br>';
+		}
+		else {
+		    printf("pcrread returned: $retval<br>");
+		}
+	    }
+	    else if ($command == 'Verify Quote') {
+		echo "Success<br>\n";
+	    }
+	}
+	else {
+	    echo $commandStr . "<br>\n";
+	    for ($i = 0 ; $i < count($output) ; $i++) {
+		echo $output[$i] . "<br>\n";
+	    }
+	}
+    }
+    // flush  
+    if (strlen($hk) != 0) {
+        $commandStr = "/var/www/html/tpm2/flushcontext";
+        $commandStr .= " -ha " . $hk;
+        //echo 'Command string: ' . $commandStr. "<br>\n";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>\n";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>\n";
+            }
+        }
+    }
+}
+?>
+
+<form method="post" action="quote.php">
+
+<h3>Parameters</h3>
+     
+Parent Handle <input type="text" name="hp" value="<?php
+if (strlen($hp) != 0) {
+echo $hp;
+}
+ else {
+echo "80000000";
+ }
+?>"><br>
+Key Label <input type="text" name="label" value="<?php echo $label; ?>">
+<br>
+Quote Name <input type="text" name="quotename" value="<?php echo $quotename; ?>">
+<br>
+     
+<h3>Quote</h3>
+
+Key Password <input type="password" name="pwdk" value="<?php echo $pwdk; ?>">
+<br>
+PCR <input type="text" name="hpcr" value="<?php echo $hpcr; ?>">
+<br>
+<input type="submit" name="command" value="Quote">
+
+<h3>Verify</h3>
+<input type="submit" name="command" value="Verify Quote">
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
+
diff --git a/demo/sign.php b/demo/sign.php
new file mode 100755
index 000000000..f7072bcc0
--- /dev/null
+++ b/demo/sign.php
@@ -0,0 +1,226 @@
+<!-- $Id: sign.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo Sign
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+			
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo RSA Sign and Verify - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    //print_r($_POST);
+    echo "<br>";
+
+    $command = $_POST['command'];
+    $hp = $_POST['hp'];
+    $label= $_POST['label'];
+    $sigfile= $_POST['sigfile'];
+    $msg = $_POST['msg'];
+    $pwdk = $_POST['pwdk'];
+
+    $retval = 0;
+    // parameter checks
+    if ($retval == 0) {
+	if (strlen($hp) == 0) {
+	    echo "Parent handle must be specified<br>";
+	    $retval = 1;
+	}
+	if (strlen($label) == 0) {
+	    echo "Label must be specified<br>";
+	    $retval = 1;
+	}
+	if (strlen($sigfile) == 0) {
+	    echo "Signature name must be specified<br>";
+	    $retval = 1;
+	}
+ 	if (strlen($msg) == 0) {
+	    echo "Message must be specified<br>";
+	    $retval = 1;
+	}
+    }
+    if ($retval == 0) {
+	$rc = file_put_contents ('message.tmp', $msg);
+	if (!$rc) {
+	    echo "could not write message to message.tmp<br>";
+	    $retval = 1;
+	}
+    }
+    // load the key
+    if ($retval == 0) {
+        $commandStr = "/var/www/html/tpm2/load";
+        $commandStr .= " -hp " . $hp;
+        $commandStr .= " -ipu " . $label . "pub.key";
+        $commandStr .= " -ipr " . $label . "priv.key";
+        if (strlen($pwdp) != 0) {
+            $commandStr .= " -pwdp " . $pwdp;
+        }
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    // get the handle from the response
+    if ($retval == 0) {
+        //print_r($output);
+        $values = explode (" ", $output[0]);
+        $hk = $values[1];
+        echo "Loaded signing key handle: " . $hk . "<br>";
+    }
+    // construct the sign or verify command using the signing key
+    if ($retval == 0) {
+	switch ($command) {
+	  case 'Sign':
+	    $commandStr = "/var/www/html/tpm2/sign";
+	    $commandStr .= " -hk " . $hk;
+	    $commandStr .= " -os " . $sigfile . ".sig";
+	    $commandStr .= " -if message.tmp";
+	    if (strlen($pwdk) != 0) {
+	        $commandStr .= " -pwdk " . $pwdk;
+	    }
+	    break;
+	  case 'Verify Signature':
+	    $commandStr = "/var/www/html/tpm2/verifysignature";
+	    $commandStr .= " -hk " . $hk;
+	    $commandStr .= " -is " . $sigfile . ".sig";
+	    $commandStr .= " -if message.tmp";
+	    break;
+	  default:
+	    echo ("Invalid command $command");
+	    $retval = 1;
+	    break;
+	}
+    }
+    // run the sign or verify command
+    if ($retval == 0) {
+	//echo 'Command string: ' . $commandStr. "<br>";
+	unset($output);
+	exec ($commandStr, $output, $retval);
+	if ($retval == 0) {
+	    if ($command == 'Sign') {
+		;
+	    }
+	    else if ($command == 'Verify Signature') {
+		;
+	    }
+	    echo "Success";
+	}
+	else {
+	    echo $commandStr . "<br>";
+	    for ($i = 0 ; $i < count($output) ; $i++) {
+		echo $output[$i] . "<br>";
+	    }
+	}
+    }
+    unlink ('message.tmp');
+    // flush  
+    if (strlen($hk) != 0) {
+        $commandStr = "/var/www/html/tpm2/flushcontext";
+        $commandStr .= " -ha " . $hk;
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+}
+?>
+
+<form method="post" action="sign.php">
+
+<h3>Parameters</h3>
+     
+Parent Handle <input type="text" name="hp" value="<?php
+if (strlen($hp) != 0) {
+echo $hp;
+}
+ else {
+echo "80000000";
+ }
+?>"><br>
+Key Label <input type="text" name="label" value="<?php echo $label; ?>">
+<br>
+Message <input type="text" name="msg" value="<?php echo $msg; ?>">
+<br>
+Signature Name <input type="text" name="sigfile" value="<?php echo $sigfile; ?>">
+<br>
+     
+<h3>Sign</h3>
+
+Key Password <input type="password" name="pwdk" value="<?php echo $pwdk; ?>">
+<br>
+<input type="submit" name="command" value="Sign">
+
+<h3>Verify</h3>
+<input type="submit" name="command" value="Verify Signature">
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
+
diff --git a/demo/unseal.php b/demo/unseal.php
new file mode 100755
index 000000000..fb86cc505
--- /dev/null
+++ b/demo/unseal.php
@@ -0,0 +1,230 @@
+<!-- $Id: unseal.php 1104 2017-12-06 13:58:03Z kgoldman $ -->
+
+<?php
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+?>
+
+<html>
+<head>
+<title>TSS 2.0 Demo Unseal
+<?php
+echo gethostname();
+?>
+</title>
+<link rel="stylesheet" type="text/css" href="demo.css">
+</head>
+<body>
+			
+<div id="header">
+<img src="ibm.png" style="float:right;width:200px;height:70px">
+<h2>IBM TSS Demo Unseal - 
+<?php
+echo gethostname();
+?>
+</h2>
+</div>
+
+<?php
+require '/var/www/html/tpm2/nav.html';
+?>
+
+<div id="section">
+
+<?php
+require '/var/www/html/tpm2/halg.inc';
+
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+    //print_r($_POST);
+    echo "<br>";
+
+    $command = $_POST['command'];       // not used
+    $hp = $_POST['hp'];
+    $pwdp = $_POST['pwdp'];
+    $label = $_POST['label'];
+
+    $retval = 0;
+    // parameter checks
+    if ($retval == 0) {
+	if (strlen($hp) == 0) {
+	    echo "Parent handle must be specified<br>";
+	    $retval = 1;
+	}
+	if (strlen($label) == 0) {
+ 	    echo "Sealed data label must be specified<br>";
+	    $retval = 1;
+	}
+    }
+    // load the sealed data blob
+    if ($retval == 0) {
+        $commandStr = "/var/www/html/tpm2/load";
+        $commandStr .= " -hp " . $hp;
+        $commandStr .= " -ipu " . $label . "pub.key";
+        $commandStr .= " -ipr " . $label . "priv.key";
+        if (strlen($pwdp) != 0) {
+            $commandStr .= " -pwdp " . $pwdp;
+        }
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    // get the handle from the response
+    if ($retval == 0) {
+        //print_r($output);
+        $values = explode (" ", $output[0]);
+        $blobhandle = $values[1];
+        echo "Loaded handle: " . $blobhandle . "<br>";
+    }
+    // start policy session
+    if ($retval == 0) {
+        $commandStr = "/var/www/html/tpm2/startauthsession -se p -halg $halg";
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    if ($retval == 0) {
+        //print_r($output);
+        $values = explode (" ", $output[0]);
+        $sessionhandle = $values[1];
+        echo "Policy Session handle: " . $sessionhandle . "<br>";
+    }
+    // policypcr, select PCR 16
+    if ($retval == 0) {
+        $commandStr = "/var/www/html/tpm2/policypcr -halg $halg -bm 10000";
+        $commandStr .= " -ha " . $sessionhandle;
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    // unseal to message file
+    if ($retval == 0) {
+        $commandStr = "/var/www/html/tpm2/unseal";
+        $commandStr .= " -ha " . $blobhandle;
+        $commandStr .= " -of message.tmp";
+        $commandStr .= " -se0 " . $sessionhandle . " 1";
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    // display the message
+    if ($retval == 0) {
+        $message = file_get_contents('message.tmp'); 
+        echo "Unsealed message: " . $message . "<br>";
+    }
+    // flush session
+    if (strlen($sessionhandle) != 0) {
+        $commandStr = "/var/www/html/tpm2/flushcontext";
+        $commandStr .= " -ha " . $sessionhandle;
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    // flush sealed data blob 
+    if (strlen($blobhandle) != 0) {
+        $commandStr = "/var/www/html/tpm2/flushcontext";
+        $commandStr .= " -ha " . $blobhandle;
+        //echo 'Command string: ' . $commandStr. "<br>";
+        unset($output);
+        exec ($commandStr, $output, $retval);
+        if ($retval != 0) {
+            echo $commandStr . "<br>";
+            for ($i = 0 ; $i < count($output) ; $i++) {
+                echo $output[$i] . "<br>";
+            }
+        }
+    }
+    unlink ('message.tmp');
+}
+?>
+
+<form method="post" action="unseal.php">
+
+<h2>Unseal</h2>
+
+<p>
+     (For the IBM TSS demo, the Unseal policy is hard coded to PCR 16 with a SHA-256 value c2 11 97 64 ... or SHA-1 value 1d 47 f6 8a ... .  Set this value by extending PCR 16 with PCR Extend Data aaa.)
+</p>
+
+Parent Handle <input type="text" name="hp" value="<?php
+     if (strlen($hp) != 0) {
+        echo $hp;
+     }
+     else {
+        echo "80000000";
+     }
+?>">
+<br>
+Parent Password <input type="password" name="pwdp" value="<?php echo $pwdp; ?>">
+<br>
+Sealed Data Label <input type="text" name="label" value="<?php echo $label; ?>">
+<br>
+<input type="submit" name="command" value="Unseal">
+
+</div>
+
+<?php
+require '/var/www/html/tpm2/footer.html';
+?>
+
+</body>
+</html>
+
diff --git a/ibmtss.doc b/ibmtss.doc
new file mode 100644
index 0000000000000000000000000000000000000000..9697d201ee5690236ff063a59545b09f6e824dbc
GIT binary patch
literal 242688
zcmeFa34CN#nfG7KqC_cK8wFgh4cc2$*?LK%py_nl4!x438_;%|N>ZH^om7RYq|?o)
zBkub;?lUfk`wFPIZzzuAs0i)~Du~Ot!no_m|NDE+Ik#>lx00sC_r=fu4g5N(Tlb#j
z+0JvG^PF?9|MCgnf5Vlh{U9^z=bX%unZMrIl(|>p`ceFS<060I_)O;O{H>3Fz4OjH
zb at j`9xE_23+yJ=z|9<Y_6!`g at K9w2HG{M?GocIaHS~$zkF`3NkzLv?{FEe!U(8Vu*
z_RF8`zD)kxbkr%CuFMgc-`x7(y}}c}=)Qeu@}|V!ciwqi{Hf93;f8DMk26nkpY^+V
zru%!o-zSI1`7Ofh;}iXJ$=_XEe?QlcJu;K|)Y44m3ZylB|AHT6GH*U2lPN6EWZIy`
z%hqKwYQ{VGt)JPypK(?uGsS&>IyaN~4RrkF_DtppJpY65XP`|cb1T2~b11)QQfAc;
zGno(Y;D7%plNsmpy=l*46)@{3(Bb0#Szq{%YL|Y(?{HuEt#Xq;p}g=r^fTO}&)?z0
z19@%@zn`3U-^~84^4Hv_#;;J$>~ck)<WDFkdF at dC4*h9Vp340;^!&vYnM@>x+)Y2X
zzTFiR`WNKw$^Y^DiLbr;Yl}iP;ri=$XEGOaG5eNG#<Rw5`QrC88Od!wbbTbhC4c&P
z4EOyT^118B?(=;fpUI5Tetn+elIm}EU;R!09`_Ec^}TBKgu(*9esE<b^Ya{S_i`3~
z2Y!Xm;dgkx(eH5I?B78i!|z7VhwGI+Sf at ka=j?jI=RoK1xzX=XU*O~H-wS;|`~JJ@
zbC8Qh?QV2EwD+$5Zd9IZ^L?|KOzRoQHBx_c=0yJ0i1Pn_?)enR_O0I<4er<)b>!Nj
zW%<%b)Sl~D9t{o*MBO|3vYQK~=rQH-k%@fC?(8pA3;D|MSa#p2yZY$qYOXjmksB^g
zWV79qmEw4`p)g#S7%Ehvb?sfvQAb<*x~^>Y*lhNsXmEQ^w7VQFX>aLV673#~c3&Fp
zo{mmFDcW at 5j^6$)ecLuiyT_v?dj`wH9c$LETi3O!eMz+F<n~-sUumjR9+ at 7VDwa!4
zCq+BDAJg04yD>`MsR9?Byn69sDr#6>hsx{7HEk^9r=}}~YI<26uB<ilmqi~Io!psg
zf==nhbh={J&R@(bR}7tm=zDq(6o#j#3d@$K7rE+?id^lAq at OCXr$T2Nmbm(mN?hYg
zq_-+ at Lt(toxWqNC#IE_fz1EeuD%Z4qQe4fCM?KTksq#ee(tKksuXSawo4 at R?P&P!}
zQ7KOrDpLoe-UIoG$?-xuUAqpc+;yQ`DC^5DHj<%rhf?C|wosy{>_A~EG`N8XtZs7!
zw|C4-gVm-vow?PyrrrZnm3*`#U&&9vwMr at hR=4|7JLfOe^rtho2Chwwq2kDXHImiX
zRLGAMD(U*P+UryM0)?AGArRe at ljFr<lY(eld8z at 0S9|qppI_xyn|`gzNxv|21I3By
z@%&V|0U5l0EmWo{*s7ewAdofcEe%%=nkc7J*elvXMVqFr${`N}g=!VWhz9cGQ|U!|
zO<Sl)Q?*q&C>x4gUo4HJ7wHvjp(0JgR!O?H?Mg4mYgGIEMs&5QlnR1B{l at Zq107xM
zHEMwp*O*GFM7XnUSG1#2Xql{(_ZLOWVrewBwQGV>&2OvMm{P5h_#;ald$yGGBWPEl
zg7r!-H>lMD<(gWp%B{^c^^{Ac0>fNsG at 2?$47cU!%5WjtnlI%?8|l}YpkE8r;`OTw
zlTaEdSE_}HLTM`6TsRml>)pIO>cLDF_e${^Xxy5har2w at HD2So#M5ol`^!@e#_Tmg
z+vYdtYrM8~iK7Ek(bnQ{rJPRgpkoUZ=yj}1TGm(ETPzhCwa{x=N87w+agEooF6r1d
zlj6swH_)rsLgjh&>XL%t`V<;Sm)Eg{O7l9V(%^`d7xivV@;lm4o+*tZ&FQW7nzukb
zYrW>JlN3+jF^)uAAZ at gBsyJSpYBW%;^{Us=J}-&adev)hGZ!S<TdtVfinp5D=Cxk)
zI_4iH*P7<pAZgw~`T(}pD_F<;1K3(qFe7rcI9ke2PUeQw8|M{iq4G?T%#h7gic^Jo
z3iO(^P=TgNSTDztgP54|c!Mr`RqB|3bX{wzv_^8Zp)fQ(Ix54}T^wmpXi%pG3N>|7
zp%hywOqNU4!f<&c-E~_VRBC}TO{G*OMucffX(~T8mF@(r4QjPOiKbR65i2rPoG47@
zhxZlIN9wgfgXS-?%QR?>`4wecpo5J`*%j1gff7w^R3fCDv@$31`x-cbT|sB&AG5nm
zXH=$0Su1mLIGvtdL3<V`*0e{(LeI(RA^Km!V@*|{uAo2*6ln^yMg?k=V-PJ)%KK|H
ziR=n$v_P?5jXFitVVhkQ_NBKoXwd=%dM)Y{MMHtZ49Dq(1}&O at xbN~>)M at fLIngm$
zm`E=#XwU-Xc at 1KS>)kKMVM}>5UCq0K0xeLWS0MAv3o5dJFV(;??Ft$+f0^sN2AOYO
zoXF2p;<}(g3zTRYglD#Xx;UObKCTOTGrwQ7&h%!jgvQE>+{8DXhU<dTEKsH?jmo4{
ze9}GgOWSNl=0CNkkB{qu1}#v&X^_fCGF9S^?E`%mL~iiibAI2p4cpHjNR_H}L6;V&
zz;sC!proq6m$_$f{XlwHWnIvz1qwEuQo#u9?1EKGS9-I9axGB0DVIvecStLJZF=cJ
z)fOn-R86J3nZ_OkUAArC*texOz1W~|3lwV#r(zLjHQE*1(|_TP!R_e<2d$gep<dT!
zTBm}UTht2Pv!lOn+hAJ3JmKOE9Saofm9IUAQ&}sxx2Gq))S!q9lo~6dd6O|A`Ukqx
ziw(NCK(RGl49aM1>rI~`uWJh`xInS73buP4+_rsSd(Y<H29))B*E#Q$WnEjWckN#B
zyfAFt(6gzxXLC9syy`7fcC32sUiVzt8+v#2_x5xT_HIZo-K*Y0rN^q*?sd;f-??l1
z;P!3l1$(Vqs9>*kP<cbK!X&(0X)tM7*X9*&p%T5qL1AV>(+AR9=XI=e-U-mUcCTYl
z^n9W><(brRgWH^9b<R8QS=a6r%f?<`UNkzKI$hyrU*^2iAENyVX0FBFLcvhxu3~kX
z(C)z0^hhyv(#~UtR=TI9g~meZgG1F~DpA`5QCH13t6bONiHaa?&8K&s(bN_eIu|I(
z6BL8p-FHE1n>qp+=XKfFb(nR+kZvpxq{*ij<t<X at ynf}n4zoxWhuKmdh7EnC>QsI_
zHJZT9zM~72Y39gcG2P=9`kE^4FW?L=Sbi`}3zTn$$wD*zO#P}w)bQZ^4G&gnUPo?S
zhgl^H(ReaMgN16Ui_N{B77G+<rpTf+11?TinVd-1%Z^}!7AVnlh{0}v`RR0nqJqNA
zKW=oG!mMLZ_S5}F#;hag%KYVZny##qa<89G_x#s&24z{GC{vboa`|@R^;f3~sgCu!
z&Y&?16lWS^WBC}fv5^K*-gTW`YgWxaG<KTSv}+8nl$nPXs$=D{BC at Hf*y+_~)%@nW
z)6|ASDYmz?zgQ`kEc&`DUn%BQM|$C2XBH~lbcVv=O$fb>EA%!ULT}ODJS(#-CIrjb
z-j-gW*QJFjG+m-XIJkYXP#PH6qFCQPMSp6Qq}Sk8YoQuUwWxvdPGR=KNK_uWm_fN3
zE!$T(SX~~C6srWpSdC7v#_O9^vpAbgE+A*KgJXrr7QR{LE>@$Fg5q^lK~(XqY_^cE
z7NYXrXu6~&ttkST^s9EYT8RHHYDH0ew3tG6B7cD8rHM$vs;E+!=1!|hks-qOs%m<&
zI)#i*P}x*Dn{_rmOYE%33VZ*i-YpRWsLkJ|C$j at vdIzHRj%Z*<XSlR;Xu32t9kt_Z
zyJ;S`QHop5&bsRGhoUiBjZ{Uf($TB&@$w9PXr^UqF#+X+(O7Y0gw_4MmGXq$h5a5c
zsQa6?cK0+#llf|Ord%1Zid~c^s=5`aYBsDR*~%ZcN3bNKfMFk9sWwN&((pKAJ_0d>
zyJDqOS;(rDp=zShLa9(O;@KVh3l+Blp>?liwIYTmH|48ic1y+nT%N5hycObwH at jh^
z5Z2+EqYJk8+qLfAf$X+&X&8d2$tC?6RUnHP8#*&wE}`Yq&}%$Dnq{_OIT1^?!K@|r
zn03U{AYx5*Sn{6TP~5w>P*Ff6d^Kim9UsMioEn>`X1C at m)v>(lYDT6e5}(u<STZqP
z3hSLSJYwun{n at N;$d6Byt5c2nWz7ogLIko(+%UQ04~j2Ui&fMHfvyt<@oT(#R#x6~
zoOO`Rp5droh#pB=$5gf23UXuTP$2W9{+_5VOF_@}Y~ME6d%<AT)YP<sds)Cz9H%+k
z)D+cz`g;d<Y~MD}yJtstfA`kj!QTFXsA)xc+U{#=>e;?^YxlMd_1_jtDx|52!uz}H
zzG_-Q4VAq6TJ7qgUHpiYP^<^_bM-exO}Sid`6EOQl#l;K0>ZyA;h-hC?42%IQb{hG
ztu_9vh}ca25=6n-oGcCHnyiMIgFI?MwH;bipNcwB^{NG_Q5wI<o-LNnYJ9(MXX1A2
z4^<45CkiGJbOTFQE}^JXGv%mS#)4OtQ`05W%uOP at zxI4o&1DmvZ&-ClD4X9S1^S$e
z^dA*>N8?C|gd|9DXUo(ywxSv}*F>i>k!@1X`}PcM+S9#raMPZF-hqL>?c2grn`rkq
z#E0{618*}L9?Msv6+t}RH`9ou*;~T!;mK~o at x>uhU#i(A5!#v~h7~Fk#S&|hBa!LG
zGLyqid$#S|vZXn4|F$iM!4gHE>2iot>~BvB at rr~9$716mvQBoAH)G#NuyamblUfwT
zQWZsgQxdyki4`zRz@?!ZlEab0-uyHs5kl=Pj!ru}*c{D_6^F;r&Qdf~P}wEXur$h(
z(^c8ilOjuf>M!hF)!wycUB at bgtt;MPWxVWMoPLYaqtyJm9FxTeL4Sc<sFF-$RH#&l
z?G>G=pj}dBHKkOZQfsgn`1$YxnTT&=bzK=YxR;4L6CG}jrVdVG-^P*U5p;@mZE7l(
z_Ct at 6sE}}m_IqcDHVqUC$zF7>?OfH>rHN?V(fV%IZV25BNlNM=Oc*KCK6Rrw!Qfk@
z6Eug0m!iBFV2keMQnNH|YAioxOs!qVW+Xc)S_G!V18899-Xcyz4&yCihgK{olF7uX
zq>#-KNXd<ca3_ytXQyITnFgdtila{l?p;j4jygH1-4F;Ev}tiJqBD?ic)W~p5c7;~
zHR{YSL!PwmadSkgxnr~GSzj{L1vAVjP3)E-F}Nc8q9Fvx>x|igQn_AtXsF0e3B%JB
z8<NBAzOB$q>?NN<IRw at 6-YL0!6R^8l*5X}Mb?HI4ACzTd#!PX1JhIgZ;uwgGW4p at n
zWriXd1l$~uAxOCz5QUattMg!riAf=v$se>94EsbkQ}6mN;D2??B1}vc$N8FNMGS&`
z0!gV|tT_LKyO7CI#v6 at El_^{cvkp??6qU+um}b#)G^$KvudGyeyNGf38kCyxbF4^f
zjdR0h8Ka<M2kD8UOcmEF(js8hxKW6-cDYxCk&C9=oD%33N2NU*dN+3O+%gzxYJmGb
z;<%7XlBkTkSt%lAUfC1mZ8nFmA#s9=)SJ?{=ZTVs%HE%=<6c~P8gXdyj#){IP!f5w
zQNY?7#G0`XL&^}jH;+T>Wm^|V3j2#(8L1GPkxzfV6QMvquC#2>KuUbRw|`@IPw$>V
zQg8$H&R(*62_@`avLrm2E>skA4&yhAcKhWO%qlHXD|`WmOG#>|3`b|nBGiprHD9ec
zrRL^H&0nGc+*6XlDVtr^&s at zilVb}X2vV<H!Of~hfg+-<#y_S^jD7OT<03AZR*GUY
zfllj|LUlMliQFyslII7GgZ9vPVU#Ew1K+glXr(~+L^u3fIIyL6SML@)-oV_JC~C_#
zwM8uqTQ=R$Y@?~2&zgHslg4VirH)xwtfqqH5o;Q?m${#-W<&R2_nr-X{dIN3mePm3
z4`!R-sFSjA3715MOiY9k=9-YH%N53bO)fO~8OcxOT{ZPGRaY5S77H6uh5Li9P-eaD
zEmyKtY$aLTv758DvxD(JgtkSof!_XIz5RQ(F_%!j_pCct`N at CcPKkHQogtf6cgB;D
z?frvkxB5VjZr!n^dvN3Sel3UUURbstCh$$Y;zbR5vd%}`RMdvvU41<?O at AkPRYx{C
zUE^a+0&BbpG%Hk4aI=xovc1y`Rl3c6#zPw^Pswp+O3aLBe0j1G5hUBRQ!cEHFRH(u
zbEutTQ(apoNJ?cEV87^d6)Vd;M1!ZiT;peLaP`9}E%C$bvN6jOHWA%RRIN~1o^7h+
zXBw2GZ$wpXPN+`O3rkOwRQs8iE7pq8=*P%FlQbIStC1dNLSfE|8*sb>Bblo?FKSv;
z$jjw+(?`0yjG+Z;I?CvF1&apGx3&;v3vNQ0)*DTeqEkn$j?RwuIZT@@Giy|>>YA?<
z^CS+`3D)eAI_58_M(jy)Ttt~!g*#EB)Sac`fmY&m(+3a at HwS5nS`p&bsmY19re&U#
z5JBvT*K%t2hA86N=B{ScQp+&erj7JSCF4U&7|dGKG(uxEWrbQQ6K!ESPD1unu|<^;
zMyiww<C;&`xl%mWv|S+^mD%8)`rsOK4krA1ZX$mWvkaBp)4mTm*IeI^W}6szONft0
zTQtMb<Xc^fs?(F=Sz#pGWL)aqW^3kQ@;g91fi`ek7J9(vZsVFwS=_Ih-;bvGP?ZXj
zU2kv~Y6J&0t{<3UCPY968(CMNCWn(~4*@H4O2^oY!!1lyrxbd_j~y#dbEzcfR$i+H
zCKo1SXo{lqHLDac8J!4<!K^UL=5bvwOpY;DRv4 at j(KQA6aLbtmOfk64nxU;($Ab1M
zC1&{v#;V-9x(P<@26<0CsTrb+O)b;_({`#K&ih!bIk)=8D+~dGWPsZoMEUVbp2j}V
zPEGc31GSZa0K3MplJ}8Sj0Upt;!s6_AQ9a8(wdpf_BGJ)g at R(UAJOL!7fVdwnh6V;
z+ip8jnhDv|A|&P%$YTjJpgMnNd75vjZg{zK_ASkutcI>J%W;!%NQE5txjBC9o<Oil
z0lR^edOxyeBIWVSp7V*qW=}^DE{u&+uVisvw#*0LwtcYIN6_q{s633iRc&Gw!VRUu
zjB|}tw8?-s<oa6zZX_~Bt8SWvR7+LWU{`8#DsRS{z#SxFx~#d6%Ar$IE9Cb)d at zX$
z&FW+5nu<otWh+V{L}{%o2vv;b_ZQ2RM_DANtWa+?<^=%^HWtYnlppCDUB4v2z)~$1
zD$O<!!S%8Hr0QDAy=66;iDl(c*=&M5*2zR<k2d7TZQ__`qNh1rE|R6i+Do))fYaEe
z_TW;?f=viSL-Wz3?t^r^Sek?u-Y&?M6)6<W<f1D!G()9}R534S`&aRjy+*8r at 4A?l
z!~tM6fFK`&5nAB9R&{w?UqX#wew_W)g_u3;7t~L0{oW;~9Pp0~O>wMMh0&Y*)bLmf
z#?DMgzI3p5gBXKpkW$8h?wX4~R5(~Rf1atPnakv`Y|Nb--X+|sfuLj0fTrHv(^F%?
zl$Qzx0=FVxU06O2D<Nl++^|;Sv?dsL46Nct>07H<m~nfoETG_Bt*5tYiLct~V)d+v
zxx5vMp`6B6i{`nd!GlpN`Y}O7uD0h2-NH-5cG3mH3RV*z>65MTz`PO)2Q}j|Lb%gU
z)3Ml!c at R5huqf_Rpv_I65I0$3xZy at 0)Cmd3%4?w_Kg4_-x*|fkF>fo9H`q5e=drK*
zY<&skCn#i(7~hc}5=n~;S_MeZYtc-Fx|yGuAK+$it`@%#W2N~e8mR)COtmvqP0m*;
zL~L@>pU|hd-EsPb8KBE3WpSK%H_u80<lj{ZFvJD}dx8=&N)vDO^EcYEGpq^i**mG$
z#GicwR9vlL##&mGC{zx-ES=Sfl%rRKNe)<(Mhbkem~Ck2jOKDfWoR=4`Qq?p+*mcy
z%qj-Qh3TD5!pK_<RifCgtV9!Bjg%)X)8iU4;y8aw0mjatS+*J>ruT=H6kRbg%2-Fy
zPUnxS2_s>jfp3Fkr)Jiih&g*Ja^&GA0tR(t{v-r0jN(MVHUgLcZ1n3u#&^41Px8Ci
z0NPe7F)4Z>c)*C}nuPJH>ByY64Nr_TYF_YzVmm19qnWlOA?;*n86sdCLI-yPxy;sB
zdp5{sj1|UZv(vR75zq`u9INCf3G_3ZOqI0~pe12=A$^gHhIHZ!TCmRU=03mCo6*1)
zsZehP{r<01Y-`D7t9rn82u1FSYnu(N-Zb2e9qwlI^2 at aZZy@n_{viK~sWGvQexk0f
z+K{g;)HK5J`C!lqzjCAH7xTorYlhx!u9YW`sPHfxVcLwpBgT|k%0oCl)1)j^31^2=
z#Wl?7Fl%*4n!-Y8l1#@y*jP&dJ1qDx%+VlqC9i~pQRjmzWDwjjTPuN<Zo62W+4TE#
zHM-mI&B)2ZdJvfcflZdiWpR~rz~4(IMJoQ7p3E(AK2JE?z~3a}5mtf1LaLlRXDtZS
z%C|#V>Fa>P8s-4{wppmtYEZ(3%x^r&rVkS{qDyVfOAZO^o+EY{>UiCACN^};H$mN_
zkI8y4Vigu&iC%{F<ize`SG)1k_XqD$-W0+xQFD3{6F2oo-Xb#LBYVN&&>kpTbd{+s
zFp3~$P|1SUaE<nMhe_ at pKk4<k|F!EIdTla{7z7_k8<uG$gBE`{@6<Qf+i7dY<iuti
zie)m=$Ofy%PENE75hnU94keZ>mkUBu=6YM6teTgG at GGMZY22JTv8t;D_r(%Z=n)y?
z(YC&U!DvUv>NR%Jf?gWm<b^Y2%Zm?{(msl=Bea#TIDniPnmpSFMKbebxz>AwxSR4+
z<FQ++!n3n^mnhbfVnjCIwRqAlnkJZwz<B4H0YwtzCbT}C#!p48oElr!lZRt$k!RY7
zE#|cvQ|vEA7?|QX1}(@4-?6)eR>qJZuWHMVkdPE&_|C_&W_ke%Sq9K~+b+_gV0 at il
zYj$L$Y&L|998?x at VUIYa7x0!O0p-$C^M0by@$wKhk<jZta%b>-DtWRN6zPsHX;UUK
z82GDPO_+d}>=$YBdx at wZ5tYIaQBFtfI1LLqn<5<#iJ=A4T6)G)CJq75&($hIv0BwK
zxp*q6-?ocYWNlI&AkL~L6Gy^eAH;0Pq_Qwtmu}@m$c2kEPnn+z1O=*lok*Jl&hW-g
zQ*shrn-k=7D(2c2+SSjDWQT3lvu5Gu75&uNO&B7#kIzOHo2D`2KR_H8d##B@$PiOk
zjjE;~$hIxIYUHYA4p_iImViNup{h2Dg|)%i3=*AYaR?(hflXjcWpbivXl%MMf3XGS
zz<})o3U|1K43)p$QAi7?Ot7m{x*^#F<0MO~I$*#N&Iw6M8)~j9&aW0xSfcE=3^)!x
zV6|-QAfX218M8_<$lPftu247Bi)voOm7B(?JsKFtg2&)Vj#zWtM_$V^rnjQ8i3Um<
z()7&8K<+}R>ZUv)@gdfUFyamskaM=;jw6A7!646UGi1IYj&@Xq8C4P#D~K`og$76;
zeI&Bh5%?w5QoGcRW)};xD4nh)$m^BL-5XenN{Yr&JcNl)n{WYW3$o>+TeUCU*+vx1
z%qRq_RPFMhvAE+lRhw0Jt-a7`y5#1sZaHqBwcWeygoiYzmA|c!r4OSfJ7HE4;gw&3
z6gjOCd+JrEsMr)zV6KXck?t1b^V1xT6JmHNHln7BidF4ZL~8`MTUH5rOkpS#5oSOk
zw60{-SsleFp%IdL`2y^|Wk^Qq#Ywx>Y@`WHJ#QpFUZu^6;FKK&X06rUdevHn2-(zk
zSs^!?bEI{trS9(<yOuj^%!&`wKxBgA+~m`lYAW?I=368J`81_M2?pC*LGbKE3Hg24
zB!+tWQzL>=dk_k{a!sEsJ|lOPjyjnOavTKFRVr57ZH&b(7-79$;w5y6!Y9 at Z(ZU!X
z%t5er&P$!k+=Oa`8oYHvsR(Y%?X|@&*J?#Ts3IY3G_cQi+N`Kl4G*@*H+PAG1^9PE
zG-wIlFTsn1GAGJO8fk_~_ at k9Rm)Zgk%uHiCEc-wnP|2AXC7WYVQl!OOze-`=aYXBt
z at ZBqM%yPoDg!cmDYu!O!>y3XHkwdl_)YmYKV)>|dqKh^xnV;@wTw%zDd6I+$n#y2N
zP;|oujKyaOI6b!@-b}HIVe=);<oN^HG-k!CH+2*<aq-R!H;be`Dz?S^khnt$?*#r4
z-_bnF;>wzKSTW&h;#T!FsjMM>ZYy1A2UG9(oE)>EGNxfnwv`y;IJXU92oFXjeeXi~
z8kr{%Gu9ZycW-~ty5`{BOGIq|^3sv)UCKE<a+PVWG at S=s<+9#HQW^7XvX+#14S_Cd
z6?~JV&!pi!c at B^y)x?UXcAMPdUh5bi+sh<*s at EsRCgX9KwuU<DESt*#c9twL`WiE0
z!ve|cTB6Z3EXK`}%A&&aHfzUDkOQn32yKM~e&#rWN;f^Ot-WMFj}NpO!<TgdH!sm)
zG>4O8wcB%e&a6QW(o;A7D&AYta#)Htp>Zl(+CQ24xDTY#73ji7<z0K6PY4S&0whmK
z@>~rQez;5OJBijZG!PvbMC`>%7*r1D!o?9T%k}A4&y;lAK;K~Bu3nznL5dT~=WR{>
zJX1;`PAXz);%0ecgc;jR4`mu*2Jr|+NZDpZJuWR&AT?U*zkz76d!}?9ilbK&H7A+1
z7FaFzI0A%pDWzZa2Uj?r%hT&b)mC#{+%R!j{A0opwr2pETCoe47 at F&{7B!~$GN~SS
zQ4`%s>^DMg;SQTNn!DyyNt{}*WhpgxhKOBl)~eY>Vlb&iPU4v?t at G`5<i<o>5Z$`Q
zWXBel9V<frd=MEUKL3GNM3c0bs|gXw!6JIfI&N*7(=r?G#3Kk$oT?Va_bzuMW*n}u
zPHSdXpJRXkg{%fL8fv)!CX93Lj+U9EA at S=6oUh{2DUe*0j$O4K%9W0`6B2QwB$kqW
zJ6w}`5nwBqv^}UAXI+pFfuwcMt!VG~bd}`?D=xHII|KY?D8-Hy&wxpiV2YF at US00U
zRJR`LvR~+@%P5dy)CecDg1KSkbDX9j{FWCG{8*M%>auugj!keaZH7#4C52P1Dd99t
zk^U6id5g3wUMJFcs`w6<XtI~X*!(TgS4%=5Y)(o-=scok`L&L&Mjn$oN(@7lS1=iQ
zlN>ciq;Pwm>V}P47Az7|8%jkSiI9zV`w9hCZFMO at 2TOq_t+zZqI>ywP6c#p1m}&6F
zP4khBW=Cpq?^<m!<=uGUq^DXQ=eo;YK&OTdDxhH%&*{7?DP+^M`MPQntaM;hMvOdw
zdq at -FP$>mMARNk&x|irxSnf7T7NRBO1MRUQmZ&7lHuiTT0{kE6?zucPnl9<FiIl`K
zZv<gxQA<XZHj0#Hc4&5-*W+4>3|5rGqFX|5=5(I?K=e#vn$`(3Z8CYarRSL1MirIq
z^XDvZo=l##R?z$Pw9gtLDNtARkZ+>P269nS3<+swE&)zruUztQds-fxOe^W3{?^=J
zT<S6jsRdp&yeP>`#prL6-<ZL}F(?xz`A~`I)HohFi{vWA=YfPQaJ9C+D)#=N5BYKS
zH{gT#WI7t+*`aP4+sr&Fua~N4B?O-B(*fOgK3P$DglD^?z-;I^QsYQvg|*nXUZO-T
zPbRget|_|vuGUO>ZkL>TJgZ*5qt at hUz)QxarY5UrwYECjPeWMQC>5q!X|8Q9)k1o8
zhH_fX+iHE3yYcK&e*aLuvV_E?zpVuAM70e;8mDFon$FnvXS0}|*(gPychiwN?>&ec
z18!LWM)F(;c+1)_w1|`Jrt`8F9)hVZ>_FB(4%QMVvLu>tt7^RqodM~c9m??2TQW-I
z at DqMhOBv8OpFjr*R+w8wI<6|59%;S7P9&D%tuV$IGtG>0`6_}Zk!N&J<{$Pcjx}gv
zohVI4Vu*mLC27S=gNYk_+5<yt-D0+DAWvJ}6uPs23nq(3!0r7^Fii_((-ZC7K16F6
zpN;S~)rg-G=N)h27>XF7nY|W{=s~{fVnQ|Y*k#Kak^!03G212}8_JQ-TDY1i458$s
zIKxcuUA7}#(yESx+o&v$-a;}WovI-!#Poq#7h!sYeP_JkyE;uqD<*o0+r3uUx5Nt*
znM%~zV#VbvqtmtxJveoF7NZG}P)#ad;X&T!A<$uvHr4EEh=9-=w at hl=G(vhxlAW!p
zSr at 9gDO=lDL3a1noh;B`5!jw(0pgen?&}iaI-h56E>vPf$Fs#+m!pHkwvbkvH+iYx
z^ayWytPWEL|G1J>nZwRlCZXGFxn*N>)OMgPzucuH<)aNmdi^avLW$glfhqWu3bXel
z1u`fn^xDz8)p(e<B^}!}gboo1(7x*pz5V{nXju-LG)KAN%G7doMbEiGUY<s^I&LeF
z{_p6(>b7-J3&o3&dQu-uR8(Y(;yd;YXTA}8b!V_PFoiQSGr5wxL#Md6nlvI!t=k5B
zS`e|8-pwsN)Y9sUd00mqSNXReKJu%ln}0gmIevi}lNR!BEf~X at YRK=FO4|Qktq%p$
z`T>7%t&9;y(9~=O{j`NdEr>XYkda}0Qn$#m6+eRa(^@FCY8t+0h+~QNwz8#rriFn@
zY;Mm at j_l25A7e{a1Dfg$`UrdvJ}*kjI#EwIcF>pZ3{K8PhBP&_iiU~p!{*T{rAkL7
zinM#s?2MS5w91EASaoWG(hB?P%InjPCBF$%?P_bki>2YUwYA61n^RoJVHDTVxVX;4
zD6X?{ajOoaxK)jdTYVVCt#-ww$jc6LDa?#)B?*W54D05^Kg9b(mLKtZnBA2%0dg;x
z&=PzoX<?3g!EpuEm|ZJs4%ZhHqPWO}_=MA+=dmu>RTeau+)5dTC#upz90)lg`aQu8
z+|fd{Rne-^{2qG0M`{#Yq1guUZz~Nuvdw1Nk9Aye8ZC!*a$hm0 at MXDlsT!IaF17aV
z6S;f3<3AkN>j;-@>H>vr-CODDZfk3&xbUYH7#!l%7Wg|mY7aR at JCuhyYY#bfQp?9l
ziWwY~cj9EJM(SGgrze at HG6BrN=)$<;o6^2ZQ>{JyTUrbI%+B?0RtYXrxtZ7j7vr+)
zXw;La!=Gp|XDEULhgR#rj=@d6JNh>4=-<9!Pw(bELE(JJbdPUI5SzQZ+{IZVVx!}~
zi9lHZ>)dH3*Sxu9t(%CuXGC|cC~E40h<P_!;U at X6+F%M-k^<$N#9D3+ht}C4<J=ws
zA)3}I)HI^yBArCwmq#hduaFYfQH;>#&`>|RMle$0=#99*<of7Po03AUh`)<5`X`y^
zOcOk_sRb^kpCM~zMT^PfXlrjnoS8D=#N$c1;CIf7#a5~3w2pP`NljX60YOd$Di532
ztfl)NznU(edSFv`i_(jHBYpHe+2r*s4Rh+f)*qGLs#aNt)I;+Mb!o`mgb&EnBYa|w
z&Xxi-l%K6GJ*;y>bF at -_wYXVdtNz}TW5;VjTc6q0U3&{oJnt>+D^DiW!l{C0JOpT3
zgV4#I%zNWvRb|73+M8gxTAa)7w8+yC`Ne)_$5BnV%5If1dG|6ns4&&cD0yiL9?0_-
zFY-)_Ie0=Jwa3oVs0fOyHv3|zFg2r$1YLM!qQrBolt;GKU81dZ<-xQBwG%YvMo;@B
zwIQ^+dv-I6CH!9LsJ%yjw<6)}DJE~-gviemm<@P7vyN$e#_MO6=%rH*dZK-rI;8G}
zQsS1%C14XaH6=D;bak#?y=sk)IgGbkt*zT`<!%Uv`q5(x;37S=yFbLfx4KYjRcB<N
z`OKT-h{AxB8g2j98l4dypCG|Wk9BprTf&L#JK`fVv at rxu1r0=<XvC1tQ?~1hJ%z1U
zeBpE6XoGwIiM7fZ7$Qaucc$5louaipEqzU`aDWv7dTI`Mh;;hA2$oMQuO_xk3ii6J
zRGS{wX1ZqSLYzG at RS)e}{1&6-%XRDb&Jq%NQ1n6P`4DpSFGUb3D(tlzk$MzE!WMll
zjj)?VLC!egoyxRyP)`?_g>Gr2v&poDoa4~D#effO at BZvPjZquhV27(?u#SJ16A+Z)
zWa7%?FXV!T+|Yrubu+qS_bF+w;Y~9vjA0kpQ`dy at ODc4t5zCdb$WS~!_QIWVk!^D4
z6wGd2*q5)93fk<P0*wY?RB6aNH}M%~>A@$vCh1H8l6(^2CKZ8JpyL4A;Kebpb#~Me
zdFpe9$UVt{S_;*<W06Ft&Ak_%eNnCz6GsN&2$TL6tV{cvsHIfBD7)P~niRFO>d#cD
zFDYtRlC~|%CfjU{@Ua(j6hiyz%ns2z#`G>9yP0*r3^95MLx_wiphTF at w&f_hCB+`B
zZf{@Pxq9uI+J?`%19`&N{yafS!U!ns-_!>ZS%^E%j3q9I`RBMfR-nh7j%uyHZs7I1
zaIKT1MNk%Jvxbs91>sw~Ph4wlJ|oL%vbv}6JOzgpbZK9_V~;i{#RUh$9BC4RmG23;
z2-%t)uEjz95<sX`#ds5s8{qbd*E>VjKT%gH5?ZkKWG1<Gh-teURAl_ at 2z*4(=ah>q
zeOtRNIZm02qhbg5xs?_1TkXXwpqX2h*cLa*3#v9CLI^v#g4B476O3k025QHHvWCGF
zTRaUf2$>gEwdY>72MQxE7J|}N$Eam5%W&>27G^xdmP4)81>EyQd7&7$lX_r4!TprS
zVWV=e)1TK$$O6x^*qVGEBG;_7dO%_WL>Q*eqXbhdQBg#TmT at 76%`%BV$i<#qu2m0L
zDYJev-5_7iF2GBXTL;@a6|((Jw8L<;6dBJKN5_1`Pjz7Yb*Sx9917D0j`t9yY at GAT
z=>y~%DJ8NdTOs+xY?d8C*YlWJE_aY?sS}wMN|1Eiq*z;MQ!0ptNL{yOeMyN+<00 at G
zp5X5FE=|(sv>It<^}d<P%=J;1tnDT)P*}?p_5{7M;nu!qY1ti{XXK$3%$OCy6o>d!
z9V^<xn2z;ilc39C8exIisf*jSZf7D<ot?*^<C|iVBlegtBd5L8MjFYCK-&#X1cKJ7
zu{6t;M+w?%YZlXcTA<uO7F%)J^HFJ<MwAqRFH2jZr9swP3Z<6(@KRlO?u%2y!0Y_D
z76T6Yid`4t4k-N)|3j*c>=}_D4nO|Igw<@X4xw<|wSnJBv36~+A^}T{tA1>ER!|EC
zI`qOTy(2b8Kqk&CmV6EWgcl_;@Mbt9WQJ1RTFz{PfyZJtV5-cJWoeh**O!9U(yp^v
z1rE888`e+*i^E6OR_&c-+E=Q18^(@ZMbv1tXOwaYZtR5=;l&+oR0wX3md&xZHX8Y*
zgjr5B?daW{xQj(@_p+Se7{MJaizs>8O|ru6 at m14U+AEckujU*FTYa?@H8rZfPzDwf
z6(FlR;lJ`0)_)3{542gpUs8RRiA8Gzi9(g(7Wwx+;fWJ4vF0rIm|3SD&l)#+FBO58
z!r~q`moPHKw~B<sn5B8*Q!;lvw8oQ1UL at ppszN2bn{C48+Jl2c2BYLV6cH#GS8I$8
zy|5#4jV8UDIWyMf*T<AdkTDczBP;X#nvw8?@U1(vwkV~{Y86e=+fwrdL&-I|CAUb-
zB?o?r1T!X3q7Dw at Ah@n%S%o2zi|tlqc9+htb at N<3WvB8UT4(EdJ&SNIn{N(N8a6Dw
z9UI5VBudJ!YDto!nyuZU0E|B-RS}rl7s*PqN_BRxC37~Q_WAIP0A at dyQne1_p*;ff
zM{$%~5~a^!7JK9aCQOp_1YtN76{%HIQw9{l<%~*$Le8WUk6OEulyJU8(7N;@y)ePM
z=~CFb5X#P;FY-|pAuQi3Sr?a$iG!<MT52A%m6Gi`4OJX!mGe|MZ}B_X52c`YOa<R-
zD8$cBTVqDb_3}7Pe()_h-4xG~UaAAZY}v%wjmENQmMkVm$A51 at 0Y6xU!KmiA#jZLd
zLD)#_w<u`E+6{I1wZp at O$tm((E4EkF2iqh&`RYM3BiP?K%upE4Vz%MNWjwm{Qa7x+
zVGU;iL%ov$zh%q}tKX+ZUG*=w<50TVTj_Mh94@(r6m?EBFpY5};o=IpV}We|WBB$b
zkJ$Ed?RA*-sGiYfw<EK5Kf|G)`{18g-XC(|gpWU5Qiz*CAX#w%nnl%KODFxr%i{k8
zJqf+CC@%X+Xp5r at 6di(p1Y_L<$ef`$E(Xn!_clyUHcZFow*!;JBlvH at 3P=%Tz-LC4
zErA0yvSn|jjhTz!I037j^9|u>H04j(aVqR<5=E-R#Uhg)?cWcj;#H`z;jC5>+``B>
z_gtoRg##AN2}h6k`~83&H-?FL(!mX-I}gq5f6IQ87>@KKtv}F5)yXp1)@M;wGOk+X
z`yy|Op+O2?ob$VwI{Dgl0;fW>3bl=E&tG4zkPE)JV(Tzy){qS={jSB3W`VpPRC5#v
zr-)wLPE&+H?x<du;NW*-SV#O}=Sp#Aw;@#CQG3Cl*={Ozsv5Fm%>JX-3U2a3N9$48
zI!4V>u{bj2+RGt}-qD#gRq#O-qX at cdn-CPUioHTtvmH!9?;Z8xz`8`z=4<9DSS5p8
zvT0gtxK^93QRq0$HD^wbE_JfDRKnzBNlkar{#v`U&JB^Hk6N0p7+0NrF at F)i2!*JL
zWN_DT4Sg;mQOpwAJ1U>>iS4rUF%=|3DWcHL)dQWniOWq)GOW2P9Ovvr$R~0`1;mr7
z>v+Dj&kBZV>bEOOoK~)k$)S1CtymrgM5zgs_5I^7;#e*%(amQ~Tiv`!y$W*-(=Td3
z;H^kWEinqhit$Rl{xt8LtdsJDDlnsO;^q3lgduoFP8QX|z|deB+^x>hrH3k2^_EC#
zW+Ket*9?hO?Q|s#MoQ*dQtMgVA2&00WUxxGn9fX~eDS1!HvlYiCu*ah7i%}0j8j-J
z(x?SfV^-?a&X&@pv)N}mB7(;u!uXSdmilmw8DVkPh at m|I)ulGY3?o+%2i-%9m*zJS
zEM1COcS%|_$zE%aONt at y(@aWYC_*zqFEiW`H(gARNmHFJx}$b9?#486ls6I2Sxn2u
zP8Fw}Y7@#{gBIk>+XmfeM^8WBX(aVr38`Ux;Wn7el6+bpzqYes%QZ%tBj-l~8#8TC
z)6mHP=2!2qq;3;|9X0N6R#FsqCDNv9tAwT=@R<LRhM4eS=`hwkol~y-NcQqN(`=Hi
zX7Hr!Z+<`9*GxlX#DgB&U1~V>Y-Y;H(n<U>(X7R13Wa@%UQ@{^;igfW{Ra02ubS-j
z_&LV8>ONk<;OADNwgNf{$J-X9EJ=5eU=LzuQ55WV at Hy;(DGZ4Y!4PfCz-#Lq1ESl^
zrDe*x+mowLnwZk>aIA=E;6t5LM9VZr$q2Aze!oH+x$G{##XGb$Q5GG>rlVj|5Yf|T
zh*p$7lDJQ!Pav2s*AXplby@|8xQWj$H|=G#g{#JQO=H#eZ~y|vlU39-!V#|2n^5a2
z#U5z&)v9EX$cnX^yydJ3nMT1xMxQTbLFxtm+c<~M=GER&0q@^t^q%eEqjp1t!-hqB
z*9dys3tgw|?W?LDUx7K2HuNfr5RxzB(~M*QNE|o6h>^uMuA|an6Z<k^%gYnNWjB7u
zzCbL(xLVqEXS=HTHgp(P+Qt at V1`{;3I-R9*l`dP~w|$^F+S$9YFHs-W;q5V$p#!}x
z at -5-9GLwOBNahb_*9huL3?cI58hpIDQDRavQ^{K}c9O at qXSr<rn%MOA`|bW)?6_2g
z;t9eZUb}rsDkH=$lPzo5c!kt`XvM8D*(l<DBA>7o9LO*s8Y=KAZVQdbf|C!RXB=G-
zA$$L<36F&_(SO9m^-#Bm{8lHIPM`64?Z^yt%2{g;jw5lx#s^!BA%`-!yymXR0BOTW
z at Ck!=EgvcVF1Rr^e%lD<dT0%rdu|l1tO>cDOGK4+Mih$Rr;@cyjS#hU-BbOH_AYMg
zCx6Yf)J`gp_4Ft9`#Y2^OxlN?4U<@R*HP4~I>H-{5wkgKp{#So{zhUTf*SGhS0dUh
z7g>hP+v4O25el%oG<BX2x$lXP2MTDs4DS+F(m)*6t*xa_<n_9PAVfw2Cqwqe4Rhn1
zZrj||uf@}z at M0;8ljF;2ZQU*7NlkIjMhYaihi_R(V}V#FO2SDq7>NT(W%UO_TKnwY
z*Un`MmL(ocl%3;*6eA!b6gL at j4a@26LAb~Qi<bKs5*Y5HXooiX%U8A~YhFxG^<oy7
z{d#0g?k(6MCmsQ_i9^lON#u+w=5EIGa2XiCLMF#sA6coQW{imYJIvWNEYWYj`79SH
zt7C3@#p?D|Yu9vitm5rxaY9FXTQa*M+!4+WM<J!PzBV#A_$&4G%=I0NO}KT;z0P@=
zseW_Bn=6~6{(N<kmytC`m-?%Pso at -(C at Zm9uxYw#OTMew9W>)DhjOxPDPLV at V5*&j
z6{zBxn=HWI$y`@T>VxK1n at I{*s;d>t!vb at 9k!ug9$hEcd=&XPBvZtdIN0}N(Jxb+e
z)5}Pl#iB*K_^dIk0INPSCt{eKHQwuq)XEGbcCg{y**@lOB;Nj(<hUbZL`7+wA`dt#
zmII}yxuHJYC49*j?kzF6Y}pNL`x#Ool~H!U(i`YQuu}0FrmGVF#y5$%n at h67^5}pf
z?FEgyq*I4-<f6)lwr;rNOb8X*5?Z2H7Q2<t?IRfeD=D*eDgHj}nW$jMiS93RMv~CC
z9Vs-zDlG|N?wIzl8Pzhmj2M;}qbJ<<QtW~}`FLd?8+wp4y)@#@870i9xKt0fPuvdu
zbgYWceDY(SYVeUa$08?lPDb2&v=3WKIH*%;dkj&`1}g_A;Y2XRvsg$-m=5`N#DsM$
zsf*_an(HeZg!sHAn+S?0X4AX`*it|)+v`Kk>T2ygG`FibSzfZ|?nU2+&~vNL3z5z4
zZ4{!W*j!jh9|gb}W*iBlfd&s597kwNN;jiDpDrfr(kYYf#cB1Fjo5)lwhtj<yauIK
zxx9|L+DI|Ii#=;tn@*-ntAaO#-{mTpm=bWsCJ=OCm|a#oAw2dYTxS^ey^rYm9YTrP
z4Q-ph5~H*mT?vF6#l6MB0HC$@f-iRjiwqho1bTUyFVjb(+%g6c173yV();XHLy{#T
z4DR802=xZ7!8zyf!0~*Wf7|(8rcj8Ls-D@~eeW`jTmhoW`R=%mcmOa{D+hwr8p-Ia
zmuS at Jq~Q2|x3A1?q^%RP9{=L?yWY*1k1o&?pO(R*Qo&wPX`PLiWt`ijLoe{9TWCFo
z##o`O2<N%_Q(lN!P7nvtQB;<>K>D^TQw at ixN-mgC7+3P36I#snC&otnGlm?>XLsYY
z+tA2Fjz#&o&ZY%B-8^FT!*Y5Ck<(#qUP{zT9USW4Q0Hn3{*T-~Oo4BfHA!hCBm411
zH8ZyAk_>aUAsi&EVN^Z}GXU~=*-A)$6iJL0t{q}9+Gl5~n=6xOjm0x<4NH9WM`yX+
zw)Sc{KVsty`a`cYQ>iy(8+v#2_x5xT_HIb$x=XOpP_Fb;3&tQ}HLKVhW(>jqb##_a
z;;Z|Y8yLZ1k|S9yi6JqI5CPoEgEOd!34X%v?%cI~aQn9Oma+s`HSff0w;Mibh2J!&
z2_Gh%1L^R4)CU}u+B*+r{)vl?XsSs0{t$BpC?{v~dXyd%@_TF}ZOG2zE at aGaG}TM=
ztm;M^=~aQMm+Kxv-zg`chw|8bH!9((#s!CmXHDO#@e^TeUFZoH!qp%w>o`%Y4l@?z
z*=WR$1#=eT5|g2`CgZ<%`)6n9`FI<VusI>OP*{6MlNF(?y7~Ga=&0&+ at 2u`poU(f;
zD=`aEb96P{$1I`{ZnK4&xwq~rR&_G>z!Yx at Cc{YnG3>SsNSz~PGK{$Bm;>bv4v$1n
z=NDI^1N&Jjv6s_w at KH`z(0rS$n7m+&G%=J8$P^Gr=6%a1bZVhpAhJy4U*fh=9yxa^
zNj7xW%P=k~Q#E~=R2B3@>mrGl=7ovb!c#Z@>gy!YAg;Zjl4fc^-;NKcmua`>+Hwap
z=i;yS+yVNxje0q`sCEOF6+MyO1}7Q+xPrM3{Xh_svO{mT6?B?(_&)iiNuj<Fjq1J#
zh0_Mdg;rx|dMYQmU`@WI#*i>Qs%^Wb4nIp}WYnlhx!rb{ObAPmSg4m2LibrxSBnY6
z%eL{!&UB7N`%zXavE`gg&Sy)xa;+dp;L<+by0RN*P`VQDo3(!Br0L{>MlE`YSxVJ%
zaMY|2<JJ;(BK;7D2aRy=Poipqn(l18eZ@)ZiJcrx`Yj?w-YrY8+*CWP(x<zr%W1w?
zLe^GU{Hd+Yr&WuX_5Q|U1;|uTICjYv>C_~5BBpmo?pl%Br<`!@ytD4#Bbml1>--d^
zUSH1XyYftxYuT{B3`e#Ip>vqi*%41f>v at ulG@!n5xG8wRO1^Ywbz2K<nLL~^9N$xy
zs^;a$&l+nd^%D$p$qVi+eBs5m40BU%^$gwR^#{%cXSOEQ+UsA_PMKuUV5ZVYXFd&9
z6_JhKcIFQwfGSpwErx3;!4pSiBYcT7cHHu$d2Z-~OoaEQbi$bp4qDgdMH{3J*s0&9
z+hgpQi`KGzCl=*wmTnk{Np4WsoR8J%kunwg=!@U8C)?${EXmr`OW-b<5c_oYLf;(Q
zhD|f$W>${-WrWSn at h)n&gsNPWnOdl)v%?PaHVeTmgGkl1jUF(~rRg#YifyAv7=lBH
z(wvQOY;UWM!zs?&u+5?TsnBY*m4`YzyoJq;O-+n1 at dv&f`V)FtZs at QT7h2_bD2^}L
zqG;t3aacx)u!{4#`-r%(<A7<XpP?z3BllVlc^A{>Yc^K8w*blWwl(MZ31&)!44a?F
zScgF3PrE5vYnXhy+#HuJK`-nm>R^czTQ_sOT2fqPq1Fx3VMyArh2vFxbHg=DLy(gb
z+%-#hp at TZvc3+94U{)&qj6sLfg=r@&(Rn<GE{V!v9_vJeoB?mdoFsVFOpfcJ6=4A&
zT4v<2Af`otmen~QOr1>t8FJ}ZKgV%1HyYq{ZF$4SEb|(Wapux`y^@H>qU~9`eK%Vi
zr*+Np_*{?drY7#%;ZM%mC?6+00|oc$yb=tn4h@!$@_>4g^aG5XaE*+8Gvv+oh>fOt
z!HXoradDDqi`2P~d<L#obT0S^q9p;*UCbZwv6(=@`cPOxH~+q(>c)59H^qi04 at M$i
zJz>i3oRi(i%x)$xE>hDXrfZ=|Q^G at hM)yOCtX~9>8ikxX1^}prlR2(*H)d3hRodnI
z|2Nj#x__*e;dLR5Yi_F$M3UU>K(5lA5){`CoR#E;jSrGMP5Fms^VTbhcuQEvdx!{~
z_5!B+h<<56y6(Nizn{g~lw6=lTG}``E>eW%vf41Pfo%6$o{0523TGPl0*EF|gtv^_
zFvH%F>1ykY>vU_dsPUDS_O_Pl2q`3Yk2h?CWN31#|GU~dz`^E*oBawbM-Q^gU0xc_
ztv`o9Ow<W3uvq4 at _ChklRN1l`n9S;2c)zF0teLII)m{n{dLG*$hNYDAHyCqAOVg06
zvm at sQC9HHfuFa)9 at S?E#LHf`h&}lr(?0VQPw^Mt)Z0 at sxM%yRsz&V<E<c4&(-k{me
z`h8=bKz<a0LVhK~Ub(EqAw;^MvBM9BBxNvwhgY)&2i=v at 9N8SX!%eDeM8n+ke>f;r
zLzAR$ba>b)id%n`)`hR?1~Ye)3L=CS1}nD>(!CSf8mPIgMsF%gn{n{?2KSnba)`mP
z*y~b-tK+1u8Ie?kW+1&6^zPZwJ-F%YTyA%m at 9*BA=-TesPgMI6ZHe6IOtfq(gDY<)
z)mdYY*|yVq;>B+{lXkbUFvlOFgpcEDS=T*n$zW+-olZ@%TXINBe4GJ-RR6`|`0zYG
zB$<FRAnUMDTO_L+`{TI=;Q)?eBMyl}qQz#ovSyVzror6_F*k9>H6#jtzIS26k`BX@
z>r8#=np!c?YulQ+b+haar_J`6jOdV6edh-MxD1=nBqu?^d4gXXogm>45D($>Jzqk-
z at C3gLvL`$Sp6&^Qs618?!Mh(6r(g?58Pat5g$o4<#MLkY96klqnY4b^9G=vELAwSW
zp~Ln4z>y038k%Q0gE6 at eOCTCc#Gy8Ai;wJ<Z22`z%uOqTATqNOljJ<P=~d#3T3pMy
zgskCUsFGR-8^d5wN5*V+7m?U-NUh?QL0)W1ViYvxD4IqMBA|88+mSNSKqvs3*8+rb
zq%c<<*FnOH=()G^9%eUbY>}W|3&|jE{mODSSq`X>YBs6H>m{Ly&|bJ~mW#Kkd&BGU
zmQB%?lZMYiH;Wy-d37J6WEn-ic!jHd!HkZikvHRvGe-(@f^NS{hM4CDTk0hYq-Vr8
zULcKOa2{`G$Hd4;j*sT?+82fV!T72TRvZUt*K*-j8>jS8!jFTg_+fC!j_oxL?Jj#C
zn>%;!ABN9NLKsS<-wpag0L}XHm_kWMf2Q<ii|5mZMBKg!;gfv|qnM^AZZHi2D45SZ
z_~ts7M1Sgbzf2cL^_aeB9MxB8hw0WGyDPg$fnfrsDYJXExz8Q;+w!R?A8oQN`nYf-
zOoS<%<rV0phzLwKkJC0Z;mOX8u+@&9z|mV$(-eCNy7+)etecFQQMMQ8xb&ptXcx7&
zIkKQww7}-PRzE(3s!k at zL@2H!lLE-j^2c-I1ob4^b+*y6_;tuJBw{$KKzaFeni|^9
z`oy#Gt=I$J?|_prqkJxi7G|dQLiA<9JSg;}!*0lGvNMFL%T-6%J~q1t$XkdG!z$NL
zqrXd~L1635#aTgvx6{H}NT;QtLR$uxi*tHn#wzKR8us>+->w!je;L6)A|Icj&Rz0K
zzG1GC?}(ScgO1Np7#omFQBP~nO3nzP#X2=Zsq{3rCSBQW<jRVk$%_~SCOIZ at jLOcq
zh$)2L^=bqwOP}RAV`Pb3`HPS2W#`>Fge>BX_&(EbHswQjzfPcB#?^MFGTYhM=O<-@
z)HC~OyAg>{zLN{ghLB8<15W?cdVTn~7W1tkI{s|!<yk^JHtTj}rPZ at maw!RQIpkV=
zGLch)7vT+)T9$=noo&_Aa{geWbBp-~!vgc&3rZ-;BF(zn#ZFn?prtZuRt2vXb&eKw
zn9U7jnALje%J5k_?+;`8r1n;4jh at t@kfG+Vt^3#J+FP-zt#LtH^R_Xb=J3DmIdM at 4
z94PBZI7-c;x%M8SpkiZqQmi|3uywfN&34psPNXklW%So;H;(3K_RYCV7ul|lx4r`}
zU2$68C_qSMnfBi3z?J0~I(>C^>vXl!s_ at WwYmb&AD;#TRhtIYuRNFDp%KW|ctTT0Q
zqX$%3D+fd6+LAYCx8l at 8aWRKVS?9#6Xnzxfq71xk*s<M+@*&q-?ufJf3BN=Wh`tM4
z=$x6Jxh&DLQQhIs>(!q;KWm-J?noY4lFJtl{4MkBl(7hw&R&12WxFEhA%Pu1jNL~C
zS4sDxPs&aUQ?kPBwVBRUL>zXH5sH?+_+!_%b#LumoIZC8^H;x`wXwi4-FXHkXdm)U
z`O_ at F44;xD90S~)QDt%>2$%%bG>R=i<dAV$x at EIrvnXMZAZo;6dJl_-drP)s(+SZa
z(ypp(=|aNJhz?H2C99Sev$xqTlD7~vXZhcs5@`C#U7C;$t|vpH&&NhXOquJl5-1(n
zl!`I8L{5H-Lu*z^7u^~$!2 at KsU8ADA9o27mpOvWfO^k7^L`glC;=q9e5JYy8k`xr7
zcCVpCRclXaB4JLecCjT65?D$ZOXX`YcOu2b+D at z))8boh3HC&WhW-28TUg(2-O|^?
z>u!2QKXIm|xPL5aa$VE+1V{_xYjOv=*6dlcD#sl)LM0<vywP2!lzW=_PoZ8v!wzqe
zPmuK>x5%4qL@~m$k}H~QCnCBXfsJ}&?Xf<2&hS{WTcKC+ee?E>@B;pjZ6g+My(g3`
zFD8?@@H!v60l~TxFMpaPjoIFcoCQ{Y*;N{rY!t%LB1%DTU~*!OZ!Dj}vJzU-JCJtg
zYzC&?)426DRxeZj0=wPE$|D at Dc1AQ(B0B5!C6|z<xfE at 1Z+aI@z8XFON9G}NP~T-D
zWTL4_qp(m at Q}3O(sSTc(zp4Ff8^CCBMpMl!+3`uzS-;&%DPt_vnO{FW>5@#80w_<x
zjdN~7!EjVhFef85)(w(hq&Wa;R3CDsE<b0{&MvDcwl-l7&qGpA#BfeLY at yd&Xd_%3
z7U?kGanay$Vylc8<|NMP&FplJx!uCNDl$8O*NmH#90*sh>FQe5v8Hz3Wmj&sOPsM-
zt<EV-O#PfKW^1+C+Bm6I!yG+^CFI?0?7QG>KCs}Io^1k6&5w9eD at N5us@C;8`?hRI
zXj7aC6VgWrEIW&&ajV8+Z>E;XY=i}P<b;z=sUkM&b8LFGGVBccAfmtryH!NvIMeX{
z7g;`DsB8ICP!At`z}`k&dlQ74U)Dw^J535tfHeVz-O1?+vTjjN)l$1ngP3xR8Nh5G
zy1gvH`HlE6#Kyy>erSq&?cY&Rf5MtIXl}8|W1Zl#9S!9U+LC at TxrIUXPx<s>Xr}F`
z^xucz<=4;IC6<E<dVIFHxo2FQFWCeYGOG;<GI+N^E*w3 at d9}{k3!hr-aA4cRON+N{
zAM7PTtJZK%>~(34Qc;CT-Mcni12nZ}afDzJMB*8Lye~8I<hdHu$Q}kZ at +y+T>!+!(
zG>q5GMz+xeujl}GDwq*cOy&@9n%Byev_;D27WjM+tu?D_p{0Ib9Btadbb)0HTce+m
zx1#}1s|5sDhAnTLKCfqE70Q&d*($q}T`Jm)Wi7!b%2ixq`|ssR@^Vy{J>Xx5CUPW0
zByu2;=A9O;NCalp&+7E39RjTb<y8j+g-K+Wa^TlgIP!~B3Q`BOz(6x~r|+S>#NM6_
zn{?1NA+2Wj;j#S5da)geVGaPt4P|ARcj%>kRTC)fN at 1?zD60qzwpY#O9bnq8QqAwx
z)B{$cIBGGIoP*q>B?X_Nk>BUS4SG276f;-<0?#RlKir_?Vo3!V#}oo1=IEZV!0JXA
z?oV~YO1Ua|#$0;EKx7F^g>e%K6(|uSSKF09YeXjmXy_p1b2s_Go1_T6@%D-yC|qhu
zKW_VNnV=?h&nZ9+XBe(!Ad%CeceUzOpSJ79x+T-)cdfYHGqec7(q$@U4l!JICxB{u
zi!FcPb|nI|bR*GoHnixhK2J#7?`q{>wA{%Xa at uS=j1(M`L3EEn#U0O)hjWT4`KK`~
zJWD6yoAjan%oNun_oh{S>rRRB1z0_F!gaX2c1)gk6Hs+#4Rn?>ZOHziW_tnoq4kK?
z at f>@rOweaFT|1v#+jRq0BHkQkug0r==Rz>aR`a^Y1a*@fBfAG5#>Ys8&;u5Dlx!;N
zfuPAE=>@%tYFOBKiA0*X!9EB$k)Pz~y#nu<Do75C)d?TBr1wDrRaA}Hwr5%SfVJqR
zoBPM*yWM at fYfp=-V<e(U5zS?aXSD7O%m|qFi0;+AQy~Vge>Oqz%MKd;+2ypqSSgn*
zooW}eM_Uwisx2Q&M^D&77lTc0^Y7};j;^+Kt5??@fnB#n)8F8;Gq;BqnD%h&2n(t1
zRqkYHVy+6~)q=~#m#rX`RN+Dfa^?Jq5K`mXkc*tiFS6GgxiPqY#w7`_?Th8^5O_1e
z#+Xv46Zq;ua>|tEG~hNkxX}pK;S2a`;jSX#goj)+W-P>|z^>o=V%xXv7CTW}=c~|q
z>4dx0B3|~k$r0i*POaQ-3S>w76)9?vP(5~2N})kDyo!(@m3ZsiXwKOyPifsES|(Ch
z`j!u*ao!S3IG8y9Kola<Iee;~<gi;C%B7o%w*=ZK^dA1^3|>2EF0q6kufHM=G)bmw
zYI;)J=q#y$CQfqtl0WW;^$kvPL0Z&X&HdHIF|E?dp4Zx7uj>psz^(x0(>dMKXhKW~
z=4^-i7I4WU^GFMHgBc+iFCNOAD99lkA&$pb$AKMX+r(lA&bmPIl0c3fEHq7$cWBDs
zBGXIc`_6uT32mndJ`;TlW<Y~Qjc{7V7cF^ZgH1m4tr06cQoB_R$Im?I1>B6M`IGSr
zGeZ)jqLShHc$T9|MbMC%YeXeSnuEt=lj4=gdh$$@w`VNU5}exw%Y+2+rle3s$i|=?
zHz4q(UXf?dxnqKKP?j6e6B09PXQqu^VUwbZ`A`jpZdgeYbyVSWOb+KPYG_i9z84jg
zKd-J|kkbpjd<=tb)~$nZvz=y!URltTg%fSPBW;v6o23+C>==1 at iZ0p1hj>H*B~V4I
zBz5vG=HBjYdpPZA&sP56DI6 at Lix(;9sn*0*1Gc at +O-56PZZa^3H_tB9X5Z!HwNx2I
z*m%Hnhw+#=i8~%5qy at Qw%M{-p=ekS>=kqu!#J;?D2(@Zbz~w^T<D%_w3l+i3Zhhi~
zEmY}jT|^|-)Y+bkmzUX>A&HW-HEP<JRI_Ki1kPky7TM_H<_w%zqE`o)=9r)`zA&&#
zsDM&4p-ZSmq_Uw2Pkx%UHs{FHugJCV+)Q43rEBI$YH9bPanlDJbN%wDGz at x#wCoD+
z3bw$k`B<_VR at IzGoRC8>--Nmy3+5BmEfYeEP(xeDNp`QG^-e_Sp<G)zhKWYlgum7j
z>5kElu_QkA!q3^@BkN(x+jcWcjzNp9uH#4?Ah$8Z$_a#kUWqpkCuS~QQ)ih3=Q+`c
z104D9vaD+_^L0;$z2tC&%_EJDXIOQ&zi(sFqD9#wv)QAv{@<n at +NpRFOEiz^jZW at Z
zySNEAC7b!X{~VLaECN|@fAA2n5_EyhU<=p^`oREr9M}yW5B7i&Pyl<uC>R4pa52~i
z#=%p;)4(5pd;4$s`R`kA_|(;Jy84EHf7A1xSQ@?Pk2|;ROz-8fi^snG(EDUg8Jjuz
z+nLPbBQMr%$!j~0S;RdrJ~z)j&u!kH$;6*VkKUfiJaF;Y$9vz$cZ)W at E7NoCvP>RK
zY`WJ`RZ#o(9p(JoZy%aD=CV`9RxG+RbN{hdjD9J;VR+M`%*fct<1T&6{Z1LX;<4TF
z7n#!+9dp at He0#KgdrI9?weODH@`R<QjQ#bJruacu)9$ukH>}CsarDls8{QH3`-nY1
zH7fl4ao?riSDpFuOy*vvj9qZjg#EV9-1~scOFYF+%fJ`$KgsvN^T5x*%dc`@)C8Zw
zhrzM;$z=Wsd>EW~Ut|G%9GrY?CUXh+95@{j{!@~@cO1rtUnHNot>K5ddg?yhntZ12
z!%fL=zJ3 at VzMOof@rTAm*EOf^woK;UCuFkM9g{iY^+$i;p_%*K`y}`2lSk at P=IG=2
zcywmb`%Z*~$8mEebL5$e@@Fm at 9r<R*g_+DzaB4)#k-7J2 at i!&{M;*sEQmxDbq?b<z
z&j4=#mxDKgE5Mt<Tfo)eec=7z1K{J}i{MM(%iwzO6>tN%5lBwH2EGn%2X}z~0lxvi
z1HT7%f($aW2pj?K15O2}fz!bqKmGnsufOB7 at A~ZJFTI?f%U*i<OYeA>E?!c*xF>VQ
z5yxD1<i(dPLb{Jxbb>VYPdjePU=}7eWsWL=>0=f>#P0bW)p5__u}bdG$i8lCJNJ0q
z>dN?M_kDvh9^`CKgKtlcuP3U_<Q9)Ta_M=#uGPm})^qMDneFEunK=*S`8(WO-PELJ
zW=@{nwnsk;8oAa>#?o7Vg6m5tjDn7zT~6lIU^(aXJ at YWp`hnm<;KAS_Ksx?Vumqe9
z&H;}Cj|S^O57-DE12%y^a2~h_<iQXa1|y&V_5#_AF;E0g15XFf0M7)^1<wPo0<Q+Y
zzU|lF{Ny*UdG|H1{pL$Q`O at 2deH%ZQ#TPI6<~5JM1|zUEN#91qjro7e5sfJ5_&@5t
zk2#58BxpJxZ+`BiZ#LB_;81vTSEZyeFVm%Pe#y<8DSE#K{2RCeTn*j_-VZ(it^pqe
z9|E%Z9|0c)-vHkP-vZwTH-qniTfxu3&%rOiFTwA?(HNV1fqR2vKohtRxG&H+k_Gnz
z%fSk;5;TK0&<@T9=KvFi8xe-<uDb4RuYcQ%u6x^6Z+n{)ktfAhOS*cS*PSn62h(-O
zaelyk-+=Q@|Gs%-qcRSK$A>DZjd|-@`gqrh1}!}-{;w2G9|ax_Hi7fO1>i#PSnxQo
z8$2FptltAJ0{;x20G<e*1fBw(3SI?X4PFEO4O{`P2JZv!2Oj{}fDeKX0r?Ie0Urh5
z0N(`P0^bJT2R{I}gFC?gfHeN6v;Wtg{~x|rBi=cxKFWRHfU1uFpE<fw8UH8w-{)G<
zprwb$f6??e;4k35_- at C7EVv&y4jd0o0P^on0w;r3&<5H;2j~LpKo8gedcj7p4V(`i
z5B>@40T+Qh7y`pUK4Ssw1($)RfTx0|f#-ndf`0 at 54qgj1fw=Xnzy0dxuKwKH-|+Sq
zf9~y9zx}sg)y3cbOMJELt}<pi?#Yjt&jPG;-#4JEE91R*SLtQ^pOJw1?YNWV)vk>V
z`jILhD at D`SfwzDUfNQ`9!H2*{z(>Kyfc*MTfKP(&fbW8vz|G(ma4Wb2{15mI_$~Nf
za4d6xEVv&y4x9i^1SbK_6BdJ0Ks)FFonRH{0_(tbumhY2`hhr|%Ktg+|830wmmu5e
zymNHBzx%!c-5mclKBkv(&*8s(Hrm*rAL;xTO&<%2;9{^3jDr#=gGr#dTm at 9Y3&0D(
zi@=M)OToW_H-R^Uw}7{T_kvG=Pl8W at PlL~Z&w}fK=7#?PJ`a8fZUeJe`;5{voNDiu
zW|ySz@`K%v<J^%v)wsuZ)wi0@%X=2Gd{5`U>~>>nr1F1>=>8+{WAHQZbMPzhNAM@`
zXYdzr6!Z9#z{y}SI0ZZaoC;0 at n&&?dJP34wb>J-U2=FNIXfOzNf?eQzum_Yt8BBsp
zKov}ZX|Ny6fCJ#A;9tS7Zu!<{zxAyTzvILFyy_hve#b4Jz2#dk`qq<m)m<#b7yaz;
zS3K32Do(pq<DqibNuKD_xYYTrbt)$gc|LPj=69}lPjYQdnW1D>if^Lx=fMN-$5;%m
z0Vfeq*ayA>)*YY8JR5u)tULkV4}2c96L@$5xD9li#MljP1P?nolerXp2}FzGDflcn
z^^{EJ4?%(T`w&0eo_wb6!{1y$U1^8-p>d_ZN;dRxZabV7)IF1Ifc_>fG;a*)bm`Q~
zz{|m_!E3-<z+1uFz}vx9;8Wn!;9Bq*a2 at y@_zxi2`A_f#@FVbJ at DuP;@C)!u at F(zR
z at E7pE;Amv*WUv^V0`3n^1*d`2fn at PP;K3jQ>%dvS^#4%Q|3%;O`u`myxUr@>4Y|nO
zlcFJWM|Y?Hx6ziyrQWmj|6<qHl-^}lil&bMj|7hf-Jl0-0KH%%*ajXC{t4^>7l9!#
z3`T%##$GTAo&uf<o(7%{o(rA_UItzcUIAVSUJu>_-V3e-SAq9|_k#}r*`N=C4}q_O
zuYp76{kNPNI8J@;g!wq-_`k*7lR}|J{QnBJ at E?W$yIfmSdY4%tx_%ve1Kb2|2DgJd
z!2f{XfWLtIq9MnEEVv&y9-IJ91R5(&28%%(Xa^mj6RZVYpbwl2HiIo-5DbG6Pyl<u
z7$|~^fySP3Fae$go(&F<|5r02HRhD#f0w%_g+h(^|1rkA#--k~^nbl;YfA4jD at 51l
zfaii2f)|1JfcJtc!BybH;Pc==!56 at PfiHnCgX@8Ogd4z(;FsW6;Md at G@LTXZaDQa*
z0pL_{8dw5WfOgOUI>9Qi2CM~LKz_$r;1NJFd_Gu620lE;|9c&tM`KPo{-5dYNuf|9
z{=W_1rg5qFEdJ+QTT^<MSt*)c04 at Z3z(rsbjDaG!7*xPz;3?p#;A!9);F;iAK)&H~
zz;nTy!CSyv!P~%lz<a?5!H2+y!AHQg;0ACb_$v4s_y+hU_!f|_`5o|G at O$tFun_MP
zthWKc+5hL>e?Cq*{vYq|Nuf|9{=W=g_8*1+r at 6MK^e(ePbp0dv6UZ<ME&@&9KH$FK
zSa32p1DpvS1|ANUf#qNY(43$dw17>Z51b1&gY!T?xDY%RJPzyzBcKYVz%<wo4uFH;
zQlL4;6TlO}E5WP4;qiaw)cH8&`2Uv&*gYu}YQ+D`+!GCAE%z+_zgNTFWmbr;uLiFH
zZvdBrw}7{Tw}H2VtH7tgr@^)0GvGQP&+0$G=fQu1FMuC`AA_HOpMu-L9pE^|pyR;_
z;6!j5SPoWzm7p2qKr3hinp<{&POuGZ2ZzW1;nNr9|4&Z4tNfpEPy9ph{|=`CDbk%;
zA-e7W=YgGI7Z?W<pajZb20Q~i6Fdt%8$1_04?G_z2Jk}gBJd9IPVg at 9Zg4eFg2J`n
zGvKq}I`Ad%WpER?8GH|XAKU_N1wRCeEBpxj7#x9zb|hFx2Ih|c+aI(r|G)acyUPCy
z-4p*1{J+_0KpOv7il#?_qXGFPnPb55-~@0YI0>8%R)CeD8MJ^_&<5IpVn3Z=71$1T
zfb&2<*agl97lAw&0>fY*xD@;|_|+}n_{2Bf_onyp^U^oH?@hOS;+E%J_MA&@dCudX
z<1V_{-0Xi3byd|__)k9g&^bIe!sa}QURTE5$n(1=Lfv at X*!BHCod%@wKN9_)0G<f`
z1w0vC1{BMCDtH=r9e6!>1GpT#8N3Bt39bT~VZ9H06np{v7x*Ih61X0G1>68`1YZST
z1HT5hgFC?gfZu{&+<fEBiDms8Z@!VAC&d>_*A35>f$(|0$o)H`Mx1wCZFk={;HsnG
z2OiR>jJf{7T<JMfNo~x>^oa5NUWV)4BV5ZH^e(eRbpIVVk~zXr;AqViKohthco29n
zcnFBV5^x4M6DZF6aIh4t2R&c|=mmY?TyO!n5Ihz<4h(||sDddl4Q9Xra1bbN{F9q*
zxb_D9TzTyc*Ix0HD_--G*F5El*OXr4uI|>wlIz`rmKa|e^zKmU?s$CpL;n^YH|Cvd
z=~7pEgO<+E$#m|g%luumC})b^{|uf0UIAVSUIktaUJG6i-T>YS-UZ$b-UF at y*MZN0
z{{Wu{UjY9Fz6cci|1!89{0#gY`~v(E{096M{1w~@GR(dgfhO<(a4I+roDLoY9t<7=
zw3cv(<puuqryu?4m6u=1&x<a<^71=As;f`FBfeO&i$4C_bmn|A;&}gpGaB*UaqlGe
z{oTmDyC$2jbaI|z!4Jj$G?vZGO40P8U<o)IoC6*O9t}2v$AI%dKNtXmU>Dd8_JMIQ
z0ZL#JTmmXUYd%w88oUU+7`z0$6ubhw61)*y0p0}O4Bibs20jix0X_*n4Xy>B0a`=y
z{15Cu1pfc_VGHyBQg=@ZeI5VroL7bpM|<xY|DWdSPif!Z%74-HI`BDg3%C{h5ZnfS
z3VsHD4t@{*0R9O61dbr4Z~{0HoCHn=r-1u|2LP at 0DeiDOSOeCAF0c+f3OpKY1KYt4
za2~i2jDaG!80-TRpajZb65MtD|H0CQ`M=lQlR{s||DQd4zB2y){GW97r?l^H<-hnO
zx?T%TBMP<;d=eZ_%pecm5AMzU at jUP*a5VGYz2FnzLCh=u8QcI?G9P*x_%>+A-+UIh
z8JvaB{7P^;=)o8HLvY#jyY9p74Zo?ot?t7iKJ%+&(TDg<T|M{Y4|V-Xc2s|B{kLw{
zz`g5s6l6{p?=Jxr at O<zB at Ivq+@N)19 at CI->cq6z1yc2u`d=z{Pd>nidd<uLTNR~bW
zJ`27NegJL(w}KyopMXDrKY~AjKZ7HYx%+_=!Aam`uo&DQJOG>uB%ibFf9mjmW!?Dy
z#pUzqt{eaR-90J#<@Em>%jPTN at 2~&6UHvKT`&;#2G(8<W5Ud4VU>!IMJQ{R^K5#DB
z47PwlFbqaO0qg~1pa?DovLWMO0z3;m8$1Un68~cG67X8^I`De%2JklULGU5)Vek>~
zG4OHl2_T#FDR3zKckI8z`+px=IUnyF|Icyvq|n##|JoJvmGSrI|0Y*|O8fp+{)?uc
z1~-A5!S}%T!H>X?!7stDz^}pW;E&*#2jHuN`+)m`EVv&y4rtss0h|b0Kn}EmHn0k;
z29E-d2Hjvi*aXf67lOxv$AR78pTHh)5ztsP1b+X^-{1U|-+%1)SH1BneqQ{>tKRsP
zk9~!Um(?y_Rd!b~e~x=^YMGCFP6AfAdr~Ou%6L!nd}aJSC7`kQ?pnUewJfFOhaej(
zMblyMB=9fb$v|rx&jil`F9rV!UItzcUJKp at -VNRZ-V3e*SA+Kf`3oNa*MJ+qjo_=`
zYv4QJyWlqPBk*JJ6Yy(rC&=JmECNS>qvUIVdja_$$ABhq2>kc#|9#B=7q`yGJ4eM+
z+&w8&bo_r!ZoV at 9Z}LBKElX+nq3~ZcJrg_(JRB?q%fSlJ3fe$B=m2MdK5#DB47Px6
zU_00W<RkWj0Z;;EFbOUJ(_lY%DtH=rI(P<n0r+?DTJXDH+;n~2j=$^Qb^R}X_lrxe
z|Hb2f;kE(7()j1D&7h8GH~yti$?^A at ZFe_+?_wmT!T!I6wEtMw?v#GbjYH0rhs+Yu
z{dM5=;BxRra0QUB|7P$O at M&- at _zd_g_yYJZa4YyBxDEUW{1W^c{4e+`xD#ZUCmaEe
z1V;hQAMOR%lA2ip&H!hEhk=!#8EgQ(U?X at 8*be>)>;b7U;<_L)Tfbc7*zf-MWyk!S
zue$FW#CDu at _(MbKnM>2TbU#!{ZOrTR2;lry$I0~*UCSHvF0)cJy$IyNFc<*^pgG<s
z7z0lQPXkW}&j8N@&j<ewUJG6aUJu?1t^pqe9|9i+9|a!+9|xK<eiD2Nd>7mVZU)~2
zw}BslKZC!3{{?>q_hN3j7 at Pu9d7oS#sIlIxgyY?}SIy7=J?{Gk6mn(!u(MGa_jLXj
zUCSHvF0(>(y+3#WI1QW*9tbqIe=v9mI14-iJQAD at dcX#70k{x67Ca8 at 1|y&froc4V
z4-SBX;8LJ?!4tp}!7IV5z^lP)z#G8j;Jx5Va22>3d<6U__yU+E176kBg~0Ldx;2e>
z=QL!q`@R8%Tp8D|ZdArSo&P&s%Nz7Avr;tuFYrb1WpF+C3Q$bvM(|beEAVS at JGcY<
z0sIj(5$m}RxGy*soD9wYXM%@;hl6EcIamP{BWeaMU=!#A=Yq}PJkSq at z%UpA1uy}g
z0G<eD at qX_5V5<IK)zyf1j{j at j_YElI`2W$hjmo&E^S|4*yg~0WD at 4~Pfqwy)fv13{
z0>$#44xRzt04 at h_1XqB!gLi-rf)9ZYgO7k~!RNsZ;6|XVim!ohfNz3t0mTQu1HKD>
z5B>oD2>t{X5idLf90!gECx8>dX<#{60a9gP-tqsnXEoxT<Nq1%`vw$p{D14ZMrGX7
z`QPGN-k^7xm7?iN&<t{*6|@1xa63RJ*annEvjdz5E&vyTy<ilKfg-pBJQ-XDo&uf<
zo(`S?o(U8ael~axcoTRtcnf$dcn^3l_$c at o_&E3k_#F5;_y$PjeY)vSjQ`JhWFy`=
z{vYSQZ$Kf(|9^c%qcZO4{6E#Tyg~0WD at 50Cf^UKEfbW8vfMWOG1K$UK27dwn3;qg@
zRvrv^05}z#22KZOfDX_JR)N)EE$9O4fYt&Y0Uim?2N!?~!DB%l41xV%1{?qf!DZk@
z;KktZ_`m<0M!a+U|MS`QeFF+P{y*8>lQPS?r}O{ld3%>xA-cW<ycE0)yd1m&yb`<$
zyc)b8d;nYnJ_tSmluz|#a6R}6xB+|{{1p5*_!;;)_$Bxi_%+ZP&>i4^!2MVYIu0BU
zP5_I+Dd3 at C2{;3s37Ua&SRM%ukN-oDo}d3ee$>MJA9wfs1M>g&bLQ(^W`*c_HaG`7
z8gzs8Kx=gyKrgrm<iQXa2BTmMOn?$7gGq1zJQF+%JR3X*JP$k{ya2oqya>D)yc4_&
zyc at g+Tn*j_J_0 at pJ_bGxt^;2KUk8WB|848%=l_k}^HIp@{{`-ze?b1<<fOlWb<3;}
zpT(D(fHL7;2!051<SQKj*Mj?#eKG^C2WOB8GYviojwdVOap3LXk6;^F6z>2JWVQN9
z;5P7M at DuQdOyZ~RL*4pi;}3Pu)P1O1-L3oPa6TMPX?4%keK?#J{C9#<ncI>d=KuRB
zG;?IzV}C at TO@Cc-)Sz4cty}S}Uk%QjD!uv!_$K%^_zw6kkUZQBz6bsU{tW&C{udk>
zQ3W^-91l(aCxZKf)4+1D0;~khAO~7O8<323fKIRtYzI5QdEk6-0hj<KPzICW0C*;N
z7D%-L^ZNg1ZJ1yGKhd+W{%>&i`~&L$=hx5IyUa?_^x5D!;CbNr;054?;6>oY;GN)I
z;N9Ro;QinO;M3q*@EPz~@I~-la1*#0d=LBp+yZU|KLoddAAv>Kl_S8B;3#kmXadKA
zEVv&y4x9q+4;~JbLz&9|)H%S7KK}dgjq~&W9li5W$l3okch5f{|KIPVzmff4DVi<=
z%fU*}3|fHfe=BGMo52>a6>J0jU;yj_=YtEtg&+?m!6l#qs$d%I2Qxt9$w6=_co}#(
zcm;SRcr{p%x5JqRKk2!!j&~<+nxFr#c+A55f1tbPACUiVaMIt1|4T&o*MK(wWkA0X
zTmjw*t^^+e9|a!+9|xZVp8}r-@(n%%J`27NegJL(w}KyopMc+j-+|wQKY+{<^coxw
zP5>u at lfhze3XrdH==tAI?VFExhq~_K<m4Dv)?xCv@!E}>Wj^0YVFNzQzmk)_`jam6
zcX8G6Ows!R;8d^*tOjeqTJQ+)NU#&^0_TGZz(t at 8Cc!130;a$;*bipF0dNrfD|i`r
zId}zl4fr?kZtx!PUT`J&5cm)9dGMd$3*d|3OaC8x?*SM^(LVlf3J~cC30(rx1f_+J
zNEK-U0wTSafHdhvX at Y{4qM$TU0RcfUR0RY%Ak@%%hXg^20TL<ZmH+3Ny~*t!Io`ae
z?DzM7-%UQZ({^Teo-#9gdv~x0WbU~S{`2R5`qX=vj+nBKtNU;tG1Sce8>RQ3>E at sR
zkZu}9rBC<6HMkDHK`g{UJor7$I1K?12x%cF<bvGr6of)v$Op1M$PWdeDpZ5&Py=3q
z+Ry}=!mH2>+Cner4Sk?5^n?B|0A#%}2nNHWJpa+^<$tdMXX`&)1G<>`4rqXH&tmHC
zucm%Kn%^oaeL5MYz$fr2OoPv0Hhckd;7eEtYv2d?5!S+b_z5<EtO<XHO>hcM!x=aW
z(GUaI;Wvnd8*mqb at -z2?fAaZ{T at 4;C-&f51zfr#bp(lRC=RXdcx}AjdAAAns!F!c_
z#WVe$8qz>INDmo6*7lj;NeF at GpcoW~5>Oh-Kn17>mEd`(2~D6Wyb8^rIkbS5AomMe
zLmL<ZLtz*UhmkM}#=``758j6<@D+RwiE~8vcmF=@O+eE=)--y!<SU!`J|u6}v8kc2
zIv(uP2m3v_zTUT`Cp`mr_^iR4cf4etxsR(eib|i(g?aD|EP#a|_jJC6#SjVGU_0!9
z-4F#w;3yn}<8U5sz)iRXaqv6bhC6T<?!g}rQh>Q0B+8Soavs-foGH#$@|n+G^8L;}
z=KJQgJ=0i8#mBY%J@#kH|GQWIUzLBDdFDR)$jBoy$OhRV7vzR#;W;P<#i10GgIe$s
z)P_1x59-6qAou<nLL+z`dO|Pg4gFyNOn~>`efR)Afv;gMSUv-u%nyMl*Q!hjPH*y8
zBxvee9<vS~efe-}Oxl9~9v$`VH_U6FYuZT?V}y}c`hFhFhXt?@7J=NyT?|WL8*GOi
zuoL#eKDY;eKmz;=QWRt at 2f+{mSs^>*fSe%rg>%DGP#h{iMW_VNLp7)lt)UIHg?7*l
z2Ekyk`isQJJreK#%vq?u`rY>Y-#f4RlDsL^G-kdJshT}Fkz1*J+fNcb_<!C12b*W^
z<LZo}(x*dUC=7=;;VqE+_ak8x%z&9N3ueRDFc(~~8MeSyh=Nma8qUC3I1d*f8e-rg
z==TKT2*<-iWZJ)Hc$>zobmg{oNcc;AuNd;H81icmGG8)NPZtmNr1EPw>J~V^a%28>
zkcuV!+d-!MZ#Pr2_0dD7{NFUo{68pvzlUC(5i0M^hzx#*%!TMxC<0~SWoQo_U<8bW
zci=;q1<PPFY=J1)1AF1g!pPn_a-Xn94*QHmS#y#Z*={|?cjRYlu}6v6F5#@TwsqEs
z?~AjRl5n8BM{{LF3i$!1)CG++wXzVGAB-_`?)Pq&m=j1&Q2FxioC`%haEIhqe)9Mk
z0r>+`<@Zx{1n`SMsr<tI{FeC{8OAR2%QUvppPA=|`(>FMYZS at v*OsLABz4Fi;C`nl
zSj+w%^7lh_$<cvvloLJp07Mr)1<{8EAUd%QT%dJhH({%O93*}OL{Bn9Sr`UCfD5AF
zR|t59 at dK(uXP6CNz$S1(6zqfjZ~zX%5jYCRz^@4RE+7SD1o!Wc#m8T}cI{%~-?h6Z
z_U_tZ{xq3<yS&<V$?MNQE<dqg?%Y|Qe<}jQv;3>qJhk68Y&Ca6g2Q)}X@^&mSIJfT
zq`eYl7v%b!vg&uqh?&1xreYk~J=J<upNKXjTnU&|Q4WunOZiqEkC#hqMam|6MCui_
z2~n?dMiP^K$IuLFuWC*_7x9}FlafJl`rf<Wb)QRrOJCoUF4Nmh9gzLwirCJ;cf at u&
z*Q_Uc$!BD{HD|NW$Odap(&0dVY+I?7@&}?qf6<~<J?dA#R7g}S$n9a0 at FT$@t4xp+
zo`S;g3>1NqPzuVx3s4tchF72^bc5mWCX9ix at D6+q)8PyF6268NunK;Hjj##iQ<d9c
z7wm>8I1Z=b44j2?5Cgx!B}iSAdlir#vOxhT2+iSLaKR3Uf<NItlzf(Z*YE~>0xsAF
z+hG?(!2vi7N8lVp!*%!#V&OI<+=;t$?c$k)6K75wIdR~?nS?X^dtS~Y964jAB(R-0
zu;+m66SqAlwr$(9N2<7E8-TFKpZk4>)yk`Qm15!V5tCQ3UA-UjDw;~Xb)mazuYFL<
zyuVUfsSwA$Q+}Z(X8N401^TKZw&a<t_Bt-d)YbCWG8eguEJb!AE0KqH-&^}z`r21N
z>ps@~>e~oyIq_CgxoVBriv9OQe(~7{)(jO^{zRz^MxSBqUjMext+P at d<qtd|r7}50
z-?ffE^&Fq~fPi95Fkl*d1~G6ES`}w)2Hl|tjDfddDJ+A+CGZ{a64ZvFFcBufemDR&
zso5m$d?eP|own0)<gBmwJRRG)*&_N7%eW#VjM4}tf6rK>+(1t8Yj at xe2tf8(AQ$8Y
ztq&y#he2(q2g_jvxL`L#!5%mWhu|<AfopIbeuEou6Abjo54?43CTX)^6|9Ceuol+A
zdiV)k5CsR}5FCbMa2C$P1&9W%uYVHuM=u*g6KD=vhZFAHxN{@nTEaEl at wJ$1*N(>=
zj$ywu=I~(xk&)MktRrm=dDoW29G*{*&{x-HkR at JvcJ+7hwDKxmxnG;A7T+zuE@=d-
z-<`bNoctg^(~t9;fRsH{sG`p8`CzW9(LDCI*B&_5Qgc7A+zbIdMEcg2l-TX#3+=0s
zgT0J5mBpUhL08arJ%I3F7!BISClG!Q=D`xsHt!-F1*hON+=e at F7ZTuK@F(1dVC+8x
zvO*5X1$p6V$Pa};`;c0MwI3Nw*y>AM#G^p_l-4D=Uj&n33j6>rh=R)ySc)|OJOv5y
zH*Q?JeC_<T_|p<(JA7m3;mE`6)*X&qxsuTL-`_ZW`t*_|^Owl>g?e4GWZDusH?fb!
zjF2XM`$wzaEF<nD^}D;u$mn6cKlmo=2Fi*&%-`#DYsZBa50h|LuiV7er5;n4b_TP~
zq2`B=^jZ(h_EpTS2bIJpC)Iz_Z*AzWws0OUz^7rnj}PC#0=Njjz#X^?p{0>0RDr6{
z0Xo8$@Vn at y-frlC?63NaL|b!wM|@Y1%$zgUc9MC_5hspGoXH2_(?4l+6V(oIuOIXr
zKUHFm++Xl`dr?z4Jj2*<ZUcn#8^J0syVyh?2!#Sr5DGzIcmb+FRj3X%;1y^LS~o at z
z9tkdp0<9}~(T99c9x6aZcpfT4J*W at f`s5-l3cU3y5BlS+TXjfl1zN{mC)^Xpz}qku
z-hp at FQ<w^(hhM=r;DRVP4QJpi#9h5~HTr7wv8$IZ5r~dH1kohy&<QFY9qm$kdA%CF
z#+|nUHxa#1lmg3AosCug(rhpGF0YcR_NHe)(#mc3A_UWqSUiVWrlnUIx5c_W$ElX~
z8pze&MvW1PzQWytS!a8%qm1ghPjnw#p&zb7>oUj~M!{&91an{+Y=U3l62wF1vb_HT
z4WT0pf=^*OY=-M#n?d=G#9PhEcd=yV#5!JEGS9#^!#{34Yg<HTq!l}!lOmIv-_J?W
zUd{2p&D-8>;d4^7C0AR&tojc(+hXw*<{d`U{zdP91uge5<k<pRK~g#}gY;Qo)dd&v
zD6s0ped2z|-CH+$lGYovj(kp7^kfEn4-v2&Hh~L7f3`proPd*X3a-L65Z(F>Qk26U
zAQfbVY>*vtKnW-brJx4XgcqS5bb`*%1%|_2?)%+{msf5Rs#i});x}T>9gf)_!|q%p
z`*Shp)|tESWf#AQ3>lBj`+KU3P0QQa#%-_FN)`}{H&YuVnYypFy)3qEnfEn)FjwmI
z%uU=aa8$t|9jPfKT&afk5S-nXbR*nzmKxH3(oecSq%S7G=dcv6!=F%q+t2bz>9=7k
zWU0XWbx<9eKxcRl-iKN69sB|}wa&`k7P)54Ictp^utuV+5!*4gh^?6I{+zAYUyj(?
zNoH-yJVsxrTBl{NSRIQ^wA~~vzJ15sO#Z|d?DaQ&!CrsU7bwN^toM>US}8?V(fK#w
zEqE8kgO>l-gy(_ifeWHQ>%$Z1Ku*XHR^6CSd=a=n^dt(rb)^k@(GI+I<{Q!$g6NJ5
zqCj-$65N8IiroK$%#auIK^Rnlnot*d!!Vc+E{KBDa1Ns3E~Ki2&O<RM4kba2{b$df
zJj-_U;O>LFw;w&a<>=9a2Y)6(rMh1www{+CPM%%4UbgSopFO!`zD!TCtgE*9e}iX#
zSN1n3A7_vKJy}5PJtRD!DGr~#5+M7|ufM3`$GcDs@$UJKsoF#dLc*0QkgE4*({ECx
zv~??Cldrr0d;9or^Eb8Ia-^(A-Kj=3YyV1r>OPeIlYW!_(tT8mergOu;7j-lDm>5J
z4l-9p51=5t09Bw5yao5PX3IX_8nNa4y%F2UYrB>5DD7Odp0)4DIcqUnJ12eS*oy73
z79*@Iw{MVX-F<^h>uy_r9lk;4_eI`p at W8lUsqvF;&!H4Tl`}($-bAG-waF&BFLJF7
z-m-O(76n?yFCgbC&>UJoOK1aap&hh`K`<DGz(?>g`~)u822qd+op=&NXM!OF@`Ki&
z5`@E`GH6|@O}Gv;gBH*cIzd;^dNzshWS9b<!*p;#Lc$&Q7I!u7+|^T8+3lBIR8(Bt
z4%dziJJx)^WZ{ypmJr%7d-{giJ9bR at n6R?4Ctu8}Y|%2JV`H64oK?9>6xhAF{#N23
zSKnz@@x)x!;l#2Tlij1Q*t))t?-`RNRoiq>-%R>mQFVDQPi(hq;Y{w;zhzdiMO(Hz
zH*x;&DJ>zX`)2zZYJaE7Eu*~Hr?ua16Tb^x`P^_fxC{4STou++khUt%iNa?v9cI8x
zm<6-p3s?%vphC5W4f)9&JTDoR%@#Rh$uN#vBm1lo+cCCCGSA>I7u#h$9pANCOJTu@
z?+gZ+BfNPh|5DyLZrk^)==EKGm7;7rM~igsQl`>L4c=Zv<zyB6hypG5R>-<DX!*Mc
zM}fB<tUwo5f(xQR>qXY8*fJD=O7J{XhWhX_G=^!A9Q|=oE()%}br5~32vgt_m<@~I
zTUZP(h=d&w1t;JnT!hPT72<%m<aiq{PM!ide<$GtzTwD`13M$v?Od~S#epN_E>V98
z2`ki_cMB8d&71e-ym_;D`CM5}?z~ggzGt1wYOn2mZnvW<zVX at B%4e8fLEEyv?`pBy
z4ecl|Hoa`*%Wj*NkY_IMN%!_RBI1y6C1`9~sRh18RKPo??mkjR at AWZqUe9~?sqRbN
zchX<+Fp25tWcU^q!)>?&Z{thG!YWt|!)mgQf_w0X><!E2JMy?@1vcyR?F at Y9T(De@
zal#roY>n);Mr_B}&cK#qJw(DbyYD(|pxdJJ^K<HCspoy<KA<PZGcR~C=owoX^Il=1
zM+r>4H<;C1zMmpfE#swxU9bhVK@^;V^WZK2mB?P}fQxVxq(}ZCkOOjp){PN_T at VFY
zPyQr4m09pKa6uG2Q;X*i;5jG>rJy0SgkdlOzJ|Hrf+&zrYUYMe_yj(MrLYEmfKA|n
ztq=vjK`h*WfZF(mJ9pw at W6l4ov9VXL%Kg1dm!dD7y~MPEE$-?`wxe-J4<5bB-|p?(
zw;zqWdS}a>pO0R>di3azca~b at nE0H|!thsY&*_Nmc}98VxUtYRrT$d at V@mCe%72*F
ztaG*3x!sZX<SDJa&wD|6Rs3INSvZrf6oS1{2lk>2lCJ%a_DABaYKV>Me%Jl2`&9R(
z?ni4s1=3eF;YDZyO`%8~K0^$*Ej?gg^Z#niiLpj($DH+<<NFxjIW{X at XRR79?b&=s
zB0Pn7^DB7~N(G9Qxn4R+NG#6`Nt!6b-|>`>5~ONHsfY at R(1R at AK`DvKk&rb<`GhQ@
z^GV6lMS2t*gRIC@%eD;RvM?E at z)YA0vtc=`02f3-y}FG1&;nY*P#6XCU;!+Ijo^YP
zh=$AXE8K-#^{{2=4e}|@zAyt^5C!Mq0>r`%2(HhX9-2Zsm=E883!>mK9D$>798SPV
zxDRPwX4HiOPyzIsA<n&WxTc at uxg5jaxyvyzF{h55;&p#aOjJ}<LPDe~hQAFimn*@w
z*0p-|@}<j{iq(}a^O~~0yMg!BzICe+YX8Mc+tt2t at EdAhw!3Nbq8uUN at +wEa|LhLs
z3GNo%N@}Jiom6Uc^+jqQQU6=DFE at mDO(?DNrL^3Q5S0s2uacYM)#a*`Qbgj?#*1RF
z-ZJ%;r?(unT(nHQ<)Hgm_wPCS)A!Jy%pBVc!M3=!<@k=+j=5sB;)}_P*p9J9Y>nF5
zvE`hzwquLnBRty?PY`{zM%+H7UrGim<x`XrDeE3ldZas7DS=8;YM{y~by8`bkWz!}
zqU-gb3(SWIaKToHg0mp<I}a1N*)R!Q5C!8Jvc89j;DRXV)`;(h0vANVr|9uia6y#p
z8?%RiCY&y~APTO+H7L^*{{rQpJgkLv;DShqf_-oueuHmb#g~8!q98>xoFC+e0x%BV
zfe+wAm<}_*1yOJnu7N*R+6lVBAQ%iAU?Xe-7i at +oxDN7c#tpay&o<{h1}Fusp$)VJ
zwaUPO#NN3h-b2kM#GS}ALT|B5GT11 at M&czEkCv1>(Ht2|Fg99VBorNc>Z(=<>|1;Z
zPXxL>N~@8*lzoR(SgZEO(`QtBov%HR_DJFnnt99CDpM^>Eki9cEh}#sdCSCG2FbK^
zTd{b3xw5zAJg&$!>ls{1UgU8dV?7&pSXsG<Jjgu at NWqN5^Q?eU0#!zNksM+h+9tHV
zYyB3z*1Fu6 at Eh=S3v3IDLkSqwlJ|$<OZW;tY{h*)*wdQNf<X4R%>Ut@^;B&_eUyl;
ze{B()fG$`YJ^jx`Z0#Jgw)6K!%$k+-8a4US?eCw+K?f)=?@1HW*YZ!9D1VuIDrcac
z8d0I_;-|E1HxPEgHi!amSyw~e4WSV<h2iiHxF8C&F3hp$gNtw!WI-pgLS85j6`%&x
zggPKkI}C^SLF<r<a1^-EqbSfib(e6uHmon<DaZr)p)foH?*jfdF3y~@#r<|EA)4UX
zlSfY;Ja}-&`h&~(+p&HJ5p!Go#o~jL4~{=b|7P|J8XZ{M&qxv8zSXdALc;4b4&Y}=
zf<}jgH_qAJ$g1L<$nUK3&796JzeG;u-~)!4(~={ZUrDm<*wxSc?k-X8y at C9&f~VGJ
zUYhOBDNl~)93&PJF1gevCm?(6*Oj=5-wQ9G($)HpQ9%?UM7<hMnESFpqcd33iF2Hk
zD<ggNA$$%q;S2Z%mVyh8!zK6??m`A^S=)3z!cRkfm<e;i1$*HvoQDwZaAk#T&=^L-
z6!;l7feSXnez*c5?I{o0APh=F8K?-)Lw$G|UWcAA2`0l5_zspr{Ec7Y<K_Q2Pxaln
zvHix4U*s{r!#B39UHjd4->qG{cJAD{)2H(?ccR+fd1s=*=IQrNiL&>kwM!zcV-jg?
z6VpryKNphLrZ;WK_tYveQ_GNu6t!uLXy3zi%2T4XtzL;G)~htf(`Kv0JfpPuW-TA9
zJhTj?|9$nj^!H}i0_Wg7ywQR0Zh^aS4{~*64F}z!2iV4ee=zbWqsrfV%wN8^Si`c}
z)*HSf`UrCtQ0T6EWKbU(QE8$t=A8-UK5~k^EQ1xW3O0fZv|JAmJ`3mIJY0a{$h8EN
zgg($0wA>>IyWkFJ9Y}}V(?d?s`cRB;S*QjzLF-2ZVHd=}MabQW_xV9TigV at M!A%F3
zZ2EN5!SQSdN53`nt$}a7^+vC^dYM~y at sR5}eyTj;^Xhl=Lc)LWPpRT+%0qrw at b@aN
zx&@CZT at j*Q-PSks#aj>9Y%%<Gurg88P|dNRMBR*T3l&T5Rr`s+-Y}5Cw=m_^BjDn;
z)J=YwaGOW*0FY_cau8pM7BpHvyzTK8_A>vOFY(yAXB6|Kc|4i%jM${^>nQqp4_xfb
za~Dv%3u7}Zh9z(TqTwoBgGF7rR}A6ZkRSAe{;(5v!8N!Jq2Y}CP!ayJRs4e$*zEr=
zw_~f#X3MsStsUQnoy;7=y(wE)>aRlM((lCT<ym1*no|CpVp|d5f?cp1v>rsD11`||
z at Dwr+1#i7rN?HWC;5>Ni$#v51K|^%q6=)1iU;!)ytw)OqN5C3zK{|9N17w6u&=tCY
zx4umzEdpHNOZS-n$&GzkV_&)|i|}*j&dI9$*rBLHu45~YN$5~i)S*QxoG^d>7hilq
z_M`-Ug*<$FkoX7bIx%;Pk>fk0YeUqlcplZ!=Cgg_SXQFhW6ac3G{Y^*)*DjOyB_n1
z8u(1>5!5ba%_F3CiFw`|lo<6=sz`ygl#*8|rSJ3oFgTZr|D5ZX+Urja>T+^D6|`Me
z!Z!QD8!#RwKm=@njo^YKa1_!r56u7tp%AozwlEL|!D3hf5#WN&um%2r1bDg!b4GX$
zia`hH2*Y4FEQTcz0WR1LQSc|+hoIN_zA#7)A&>)dLVM^4ouD&(2TNfYd=C-u1N;aZ
zU?aF777`M!Bkt?+Vusv%Gv-NCp<m9NILP1jGi%SBSk1P4`Mi0eC(C+HLk{xlr6)*b
zS>gLi3IjWG7mTuf3ooUtXqH!5Qx`tO4!v|i<YgWqQkEk<x*#!A7tB)f`cTcK1}Rfb
zd~#B<*K+?)Wu9DF+uYv&B9CuilmSAG2}(tBCuMiO>`mK|w+-FEer`hAp7?C24ufGa
zM8H2NUf+YPt<fubT$H^na?zS|E_soY$tz~7&326M$PsJRNrcrH-oE_%ZW)TJF{P>8
zipn)Za<50Zh@?h+kNmTV at B4T1TaFA}uoHGc`d)Y*C=O+z9Mphm at HtF}84v+3_zhy=
z2Bh!Jv5*l$AP1CyQt%;s1hZf^B>eu{?+nwYWZQG<)V4Kz81I8MBSwr^(|=o^K7C&A
z(~VdBr1Gn?i_>?O(NDh{{z?5iyfetNwse}8r^O3b=~e)rDrLO#@~f%)VrD;yURX-t
zV=cqKcvv|$$r at -giF%*X6MdcMRU at Ohr$(t?&O6Do=USB_P{!xDLv1qdxJRGV=3cHt
zdP<HeDE2AxO-i;RFD)xAn|a7(Ej-zW&xJv6co+6V)4sg73-QqG4W12xu`mN{=J at wU
zZd&c+TJj<>)?&8EDQk``Vk`C!Mr at aG)OtD+R(E=bG<eFqzw4K#RwkL%^Swbq?)&{Z
zZu$jLrl0_x779pHOP)fIxS6ArC%f30$TY$&SC?D1*^p;;C=8{*D(eX1E)ba?hZFD%
zq(ScKAp>NDGEf$pfYyx&!Y=UEk?C$dnaO?$d<PNWf=Ji~+hG^%hA7wrF>n!nft3At
zwjZ8=)Q|^cKF8EQ!F?|{;c8q=-0`csuEuSX^tia6*Z;6`{SqGI|7ywXB?P9(Zv9HH
zUN`4tC0So6Zy at ixW4G9l<ypQJtXQnMiBI5qO6w<ZMSNm`>iv6c)U<IW8jDq%zNvY`
zpS^vPc{XRdxZ9KYzB%`kvLWH}>X{iz%sf|>PW^ZM=BU=Cy>eok(&xI*Zqa9PFu6bX
zY2gn at fM*7<c7vfX48DLluno3Dje*?9fhI5#K7sA91CGPrYx1_*Zd!$9%eidL at g1=p
z^C%JDXK>bf29FXsVXeRuR$gF9^}H;GavJjK0P~Xpm4fg~I0Ac$_6!-^p2D<$rHt9d
zMna(iRD?=U6{<mXr~xgYCA5Mr&=n%U1zKN9q9av6>&-O6Ghr5d1>ZpgEC&~8z50`I
zPV}cRh>q2UMqt&o*~GQJMG$sDBxv2cPdGI?X4SzF#I+tyB^&`R*alX;JVCtpAf8#f
zb?J8W?OV5R9lO2%_AS|>V8_-Sx1uC)Ys1=GtJkhxOVW;I%a-l9b!)363L7 at uTD)Mv
z0=I0iFC`ZCqjC*XPvJaWO;-K#DmGuaz!|kSnwM9(A_nuBe#s3V@{7vVrIkSO5ay=?
zEZ(MQIOTkP8sIzasibz(`jxm7eUdxfs3x{4eK3ta_ze7p at GJxrhZ67#G=|>L2PVN}
z_zsrBKG+Y1hax}d$TfF at k;4sR6pV&3 at HRY(X*qICyvNWOseDEpIX7FQ)>HepVKwUy
z&vMv3{wp=jA-Z1z>Oftn2le4)XaEhN3v`8U&;wovtuGOT*MJN5LV>~98n|E=T!&cj
z)~mAUOf6^xTE{vP?hIPjh7ukDBVio81Mk8_ at Ycf!(p=!Jj}hpk%c7UVhfx<qfD63!
z)bs;qZ{Ip}dx!D^XV2c^6M(nQ-rBl#)7GD0>yKL{xamj1+*X-egxX=|UK at 6;S0nlp
zeo73aw=NN@>^*PM)M{VirKP-AuD{t->^<?@{mfCn0Qb+7-HZ54%U;%{y*k$79TsTs
z;3=iVooN5=bfbp0&G)d+_u&JG02f5T9 at q;N-(+ln7oirkgjNs%F6i(UIs)C{dx(JL
z;DX(769Px at d=?aeIxq+(K?JOXRp5dha0GsZD^PqS at BKn;XaJpH1Vn%fw!vYz0_jKb
z-ZA8aLQolAfI3hY+Cxu>02dsB!w?JUNAsQ*)PT1j0#<<wu0!w`-qX5%@x&26F0zO1
z$dNreckYbb8A)Kzo}DBR-AV3F*O8q^Tsu`%Qb?2X8|1~a8A at teGhT1kLB+#*w@~}<
zUwu~Xr*`^7?bB4=rS`q6HnM2Q`!99#Xh`~ya4DUrG3b%p0^li9Ybiz(k-j-j)f2xg
zGWR8CEk}`|mYtTH$V<z|Di?2goaIUrw-bpW0?CXVeuQJ9tjGMn83}T)=+Y+6+hhf&
z6his(zxMsF>h4fBv6rOm<Y9IpHlgjI5H?W)N<t|JgKF?2+_s9q7P)E7v8{J)Ild$R
z;PN|}Rr@|STh3PNmHupvB!-nN#q1ybGXZk6)|Ox&+9G<R%Oq-4i1 at UmWLVWL#|XD9
z*RtOLF7SJs^(7R9LQodUK at F%0FGCOL3H at OJjDV3a9zKAH@HxzcuVF4kfD2B+X}Ao(
zLdvl$YM>N^!CNpE#=}II3{zkx%!UQ<9YlZ&s*Gbz13ln%cpJvU0*C+?+=080;vL$9
zwD2Tkh8!>ihJoBQNVvh{|L0C|XYyQ3%(0l5L;MjqbnFz!78P^s*bermww~g3hYCyj
zCV4qV=1<4A9{Wk=`!g!NqP%*sa(UHWj|SZ;eXLdoW9l`-Q_HKAe&QuYTJ}1=u76z>
z|2^z!wO3<D5~F~m^V9>ciDLt`h(gp8I~CdblBKu&w5+^kq-CRJ;oax=64jl6?}%-(
z&D6-V+3wo=uE3Ua(Q`N>{9ldO&fqWC_9zutuOO+gy4SCiLxq$&1j;)BW}1v1o-`H8
zF7_aH;I02pyvuwCLSPAe2N}k5Uk~1e@$lpX>;opk7cd7JyvO|lXbHPuH<ae>3Y+`4
zMQrXenPb5v>(yUyJYqYY)7I0mMQp{6S&JnzVjiL->XGC2YLV_0opL4?$=l^EIuPWZ
zQH1C*BD?ss_aOpSz)DyJtHA}o!Yv3w{#Ko+NxTVY-H0IUf+O%dc<ags<GB|E5#WM&
z at JC;?4t-46sz(vTU623)=+Mhx)vYeXhe8CnK<nB*!eQu}=v*171r4DQjDvR|0 at i>F
z4!}W(fs619+=t>HFt36BFc1d8U>FPIU<t@)Mfu}X8kb|#r#$4b5_z^n67QUX!!h#6
zNnGrnn3&i&#t3#XF*{Wv>5=@Yf5}$<0I$3u*9*#*?`Tj~jQ}EE-t8A5GjkUadqxf0
zXu+{cDJUhP_KXthSaS7fp~oC4)!<?MBz+|PA^qTe{hLYK0yp3;+=D6~GR{H-EQg<9
z1K50WGClkit9jTWk7Dk&GqBmDt?Fb(Y}R_vdZLdKv31BEYi)#;t-I2Va)*>sB;n<Q
z+;*K++qF8*^bGRUmwBA{12ZIJf>M at jqQ?=i8eE{|8cR4ivUMTfCqLpDV#o$zP!+1d
z%g_MYKwAihfiMByg9!K$Hh~K^!!K|XZh=2 at pa4h*>7g1_hyE}aM#Ef~2NB?cn{W%_
z;dl505}@ux&IdY!`Pt4J*REZ at eEGb*oaXPyfy<Zo at W-}OULr3aIKYQFU6JzQ;)9)Q
zmdyKd)|VdnU{UJ38rZAPZ8Pt(t+NyF;@DEL&cL_kV4d<RbGg&0v26A_-m6b)71y>M
zET6O?U)#1Q1E1*>l_0fY(KO00NNz~D5-zDaSH)@3;zP*Q{y;p<^J1S?S!vm5StQl}
z)_&LhEPWhF-)@8SlOAUCHe2)^x#sC<o+R}dxn#{rrfcwh*CCk|tg|+{I(ZSZl(I`v
zmq%ag$qyQ7d(UpOccntgJBZ+QnQVz=#1oh^L9u_OB*9`25#WNYV3lD8<X8X-!t+oW
zUVz5X1R`J)xL_~rgQL)MGQa%>5#WL=5HJN7292Q!ya6L%Bzy*+!*rMpU%(vr5+YzV
ztbre38*GOiuoEsoG{iuKPq1^S2SZ^POoT}g0j%8a#PJa5rRZaq4qakgj*HtD7q at xy
zW&&|>8`o at HvgXhlb{oHveO%lODX{MoP&QVh#W`$DUS%X+&_=$0MPA+C$U3tJ7OB3=
zrAvFcGi%<j&Eu7tcn4PQ+FI`4W(y7<S^8^tjb(yHS1*#XZ}@#t8Z1_|$=-5 at _p9!@
zwUPhsn`34UWIo2x>Rj3DZ<#36?50ssY*pkea?~=^@=Ho?(&tI_x3#Z#)7KXu8ghTi
z=VReH at NMk2F)-F at P|1wgM($)DV=I=-3T(wLT2Is#d6Z(d)3HTtwb^p4CqP(v7o{x9
z3n+oBG&3aQzb8$pK at PDC7wiI&+bK8?T7J2Zn^lGp#9eR!qTx4)h00U0G1veuxDM5(
zVeilc=EFA-0n5P!d*LLUf=r+B{sL5i8c-izhT-rIEQCc60c+p~a6v5GhpeA7|A2x}
z2--p~7zV>(0=x$i;DVgf`78=dhZ!&vW<dhq3V-d!jf9KpyWt;vIZx7Q;G<<~+kcpE
ze~8*IFKXNT;}W+}%uj4w&H6i^`KVU8n)_2Csp`L3$n!~zl*B^9rHpr4zIuDaW at RV)
z3*9%WeUYcLsr`~3z16-{(0H}4+NG)TN^zCs*I=~2$n;_wm8*n~&ysXcuEc7HT_z<<
zk>kIUp~z3mP0LHmNy|vf<(^ellNq^bJtmnE+e{&u?f5PhV?6`kkw<CtthH+2XJE^*
z9-_m_(nT%wc%RWW-izpUPMX9V8UK}1WVhOkx2<R!vD(M%>3rq~7DLGy+>?b7FcK!i
z6eu^7&-g+|=mgWib{+Bh<Yn(W at +imnuFd8+ZN+T<)t2)p5!*n(T*0$FO5~X5aCb;c
zGp9|O+h2VW|1UGVssZcVq3dt<b%(^mn4^PoD5{(aWfz}kmFWuNTR_XU0rG4QZ-JKc
zD8lc;B+xSdobb1>7?#5(*a?M^z1D{ogtbm|Ash}pLG)uf%z^c=1)^XNWSxaihvx7G
z^n?B|9&TQj?blx~{CaH9mbKrn{a$U~d_POJZ>CI{B21VtVI<qYfgTV0eLeBIcZQ9%
zcwIA1deKvEnJQ;bTbe}Lk|fg7D$hP5Q)^3oi<2m4risiv?S8AuC6#6$DN?95&IkWX
z=A*I;QLi#yNKE!h1<aACOz8s;j6_B;>3iMR*1nxU|K^>|XD^`?gu!H(0$;!!*b0$w
z3$lK}d+aa+F2QZ9-ad-&zGSVycf_`0J8eD27O|PpL2EI_SI_1<vdL43$%i%K`xsk}
z=MW57zKydjbnCn(^?U|yGbPj5iMJ)SJ$rYKn!OdQnHTGo*_#<k^xi7>O0HpUD>p-u
zE4poZ12ZIPqQ?*Tj$pAPk at YNC0qY?v@(cwn{}O~tg4Tm-g!xJWV-on%iEZQ^fMX!~
z at dt>GJPYMPbfqoy0MVHhunl&>F%TWP1%E)u9FB!TP!4K9Lud=VVHkV_AH#h32EK!B
zupOcxKK=?DpC&l6n+G&p>(;DL8_)8sSfTzGFI%>F at q%RwmMvQ_ciCJ?TQPUVidjq*
zy*8{$?&yfkeUxt_Hm8I_YRiUb8GAkZ($D265tFXV>Dicwi(mN^@p){2qq6<n<*Pi9
zX7^WSIXT#K>{@lKJuO0|*^l-3Kcj;5v-GX>tMuo?`f(5Wd*Pig@&B*@7Q(Y%vA%<f
z at Cr1Bu`mt-zxEpYA7!p|&#-Kd60!M at WV(#gmNpIF5u0cE%MqJvvYvoBdN)adw at _BE
zR8WNq4|v6$CeMSIenN$mSMmOp5T%UjIHiu+#5S~Cj}fkbJS&2Hy-ZVh6<R<`Xa%jI
zAM}R- at HUJEtrK#G^h?mXv5oLC&^l5IohS{WD^;Npc<an!(zd}dI1VS_9{d3T=#%JF
z3P=S{KxW7S72z(Ef{WKrTs(4--7eW(-?n+%Mz(b;zhAj>$-;SGez|bg!l{!#dhesj
z3m3k#aLgF7*>#1OAhF+`f>}QMu`d)<``5bsruM4iv3S{ss8=a9INes2`&OPhYOn9C
zDB+N=pYE&w*7wR^NV?m5kgNTHeircefp`_tl|aqAM^j%XMeZr>%2>yJx5#o2D7#l~
z;=LtLX$h&jRqEG=%gK*GaTVq_kV`B~_oeQ`ujcYR1`L_UJv7(=8zBhAdjj%6D3pf^
zPz|a>N9Y8<e1q?X@(aj^$uI>nE%fpOk7CA-9AjGp*cK62tOn{kaxr<uY!%p!u|;gf
ztThu>c0I1)d3UJibKJ;L^9GN%Fnxr~2UJ=Pv6<>H59Y%<SPwtJUf2i6;11k{4CqEi
z$OKPAe$YDe4dK<W0k*+0I1b*rv<-bamJFSG4Si}39YE_>Kf(iH5DbPPaQoJkUrt^*
zdgT`T-Ll`lA!0*BM8x*(5q#Z`+P?YvbGFH!fArov at 4YF#<{34c<$tqVNVtE2yJCBr
zOPo<QxMd*Y6mivsSd8r5G0&0B)sfQQlvLeGNz=v?WPU>G-Lj*(FBKdf-1#GpuNAo2
zu-)5zl3xTbaL=B`QBux*S9xMjw+HZi6S&0#WPUK$*Y}4j568DaiMKKR9cRKL{`B8S
z7zJbCZ5Rh1z{fBdR>B2{hHDTDf5KDPc_`$Ce9#D9fu`^ytOXZb1nn2f;S02HXh?Vx
z+>E(-bZ5*@E57-9#<Xb at Cr%qTWAKdr-CK8O>;Lt%#*IBa-X^ifvnPH}R}0ek8V01m
z*DvtuDJ?l>8hzTj-RtTT@#Tgcr=ZB$>l2@*$4%GE-QS*1RY_ToW+)9w^t2K)@8T;>
zF;`lWm{pyN`6VxM9-gy$E%B_9E-m?H&XE+aQ;%q-S&wL{nInxQonyA0)G?yc-p3fB
z(*N2=Zy<aEu0neJbw&`s{UlU`N>C3PKtpH;?V&#mg<&up#==)HAHIR5uncy=Zny+-
z at F(1dE{ixGhQa$V8K%Hgm<I9jmrk5G5q09{)vFiD*Dc64$Fs#xnJ}{7>hRU!cDrun
z>E}dUk+h_BrFCLy-;yfdtfoz_V*j4fEfZ_-=%$ni4zFDPi3fDk<2y`=iso8%M)J*^
z7kdZWay<Ist!KV->}Tq+BBQXke7$9>WvXQ*GFk-R!AVH_E$`1m87K>Npf0q8Rxl6-
zfo<rv4XIZ}Y<lw at u^sdGMr at 7Rs`i~@yB=HQg1#2n`;PctQTWcW)-2&b8OKGtWMS|5
z%- at 44qFqVO4zi1VEd-J2Vpswq+k<cvPJqZc4KnnWbuH4o<=vY!E%T9tXTg{76)b{p
zAriL11^5l_!aaz;5`XRrU(k4E$JQSfFP^zrZ6A*rGcbJ2z%i}HgpYX*KVG(Xas3^6
zDf+IlS%z4kX)_-Om-3M#ePgvV&oN(=y6+>$`xx;RdDORoNe&<B^QzNhyS{V0Ta!Au
zIwh!w`xM_k%roA3YDmhjd3=wNPi#~7|Er7n+&=V&0Wc62!M6~&gf$mThAEKpJJw$?
z9wxx=a2v8LW#$5Tz-AUUyYd~mYSnR at _1KQF*@&%JGMC`CV{EH#TV$v8bZj}B9wBGF
z^%&D0TLvxnvfgH|*HtO<tA6Hh{-_jX>s<<5a at +B+FcFH_zfu`x|KWb^)i3*YZqVLc
zr%q8uqe`o3ipOt+h}~(q_om8zV3q$U;tN6R!Ow)XF4RL0`oJid1m3#Q2Yna?T1Va^
zJQZB91-3#Y#6diG>rhs=9)+^+1EYZVXX6ttoj!j2`0kCn*R5H!Xwka)U(J?n>g<na
zkDWSbD#3oe`?1OVd)k2XY96k-nQzKSS7SE at o4rS|q-TF|y&jnTNm=s<&u8i-&7Ac~
zNZL_?VLvw|dO<s#x|HUq6D{_5w?i4plVc>;{e6RFJ2$rZ9vPucPbPA<`YXxdSS4bQ
zm3u~X^C-#oK8m%8sDayqQisHfik(XTR#?Uy586Wq=motYjoi6_EFj;SI2<m+uTUt0
z_jjNXyaJ7(9SnlOkPX$&4$1TbwqmhXQ at LV|T>PsMoA0ni4q2<-o4m+hJ{{i`s1s1O
z`qHp#UOqumF#6O5jWo4#;05FxKumvdG=FbG@=l-`5+C8QdXEQDCXr2SDm!v62U-Uj
z5^e;|p#`*rw$Ki|^`j4Iqu>Yl5w^k!I0dKS48%b^q(*17K4m7Xb*dKO2G9&zKzrx_
z!$9<HIjn>qL4A=&Y(nhSgiFz9<(GI)9z41G<felw4xU^zXU^2AAILW516Bt^tny0?
zdu*mHmgK!+d?)9dFNK6l-+Ic8OCoJ_5@}<6rimQz2_ at 3WuYpS>$(83Z#HQ}`c~+j)
zN*;6{;qg6kyy<(Cc(G$8T=v=r$$~-r%Zy5|tNpYb_&`?vfz9N(QxQ8WfAS?%RQmKJ
zoP|rEZTnw at L$KlOPyh;ow)ZN8t3yNZW&111+YDP_8~g at 0AS?br`-S|3UxRkg4fu}N
zD at +07<If#Avg62(b6YpDtz5Za!O8`ny+7iO&aZVgy_;M}RwX5KT`UqZbIcWy$nW3f
zh at _LQ&3BGS*qryxZ$E*qlvnF{NWNKT%Dl32_ne0(M}+2`gDkWx<q*TOew5>aRXfSi
zN-6DK?(HPf#wMm2`J~@_K!5lEB49bJfR(TnZo(~yhmaM>5VAorC=SzM2CRgwa14&a
z2{;Mykai_yp#gM)G4L+TgfCzYtc0x)3ESXLxDUoE=9&-$IiMuG20ft{tb$0$vzoCC
z)cqv+DE3eM?c^i+s}?R?I1|)1bEX;m?4$QSQ=9q>f1-mRfIPhB;q8>KxSH#P<jKxG
zZkuv`wrR9m-^SCkrUpo%tl{<?j{R5u4XS=6Z?oiwucowVgh&6pb;Xn8tzVuT-xiRR
z)flB^eAe>zCD-K2QDmrP=Pfte;GWD#yj3X4JSNt9%s&|U#o7*wYtLp|fc(8 at U^Ze~
z>nmkca|F=|`+WeFqVmjA_Bny6g1&4 at +fp^`sX8=-M({R_g+6QezF3$ITj3mJ`GIEy
z;0 at RU{y*}b5u}D>iqBTeCVyMxs;9egFFqr_g=CZ1qePBd8~q0(wsUj0spoy^Z1cV+
z%C&RP`&7uLB}&#x6Fec)jfuak3f^+=PudvJ^8TFgbXWyHzy^qf0}u_da07maKj1zD
zp%ZB!J!FTx at C=lMGVlsCh1Z}rXq_5EcpQjstpd at nNYFZ#6Wz)Mp->XE&aEOWdKU>h
zVHX^N!|)6E{b<+8dc^C)%g_Ms#>ewyFHisS3vZXtoswUAyK(HsA^wit*mq;!v6w^0
zcJJQ4+uXM7=5NcEn3&5yU)yqR%a&u;R;>8O^yp6wZ~K7nH*?ZwtoA?-qe7M3Rn at 5Q
zapiMr-=SZ2wVyBVxRU?e3-{Dst@?=fcw(E1&w7s4JMmt<H>tfcc;ZiF3{i1uPV$vP
zuvfxo9e60s at 9ueJb+JwFerQ2jONfWxA>&%^E<y`v32mVrybmA1ESL>jArdab?^gR@
zPUG2ZkxQO*ubZW|3T$_4Y)iJo)(UJnyRA942%YEIT%I6zCVWP?B+q6mmdqT_(S$Hg
zwQ_sXX2BbJB2M*wt$N&mLY{lNB0_zXe0ziWi%zn(GwohNO5DoIBa3~l8u8pi(muhH
zqDlvg-oFOTLCbv=;YiT(|ATM<mzfGOfYyg>go{FR_;<RoiZWLH_?39jI>ra62;CqY
zK7mhR348}jVL7aTRS*dW;Sk(Be^a(YhqfJBd+5;G?`9vGK2^4lr%oNO{&@L#>ge%r
z4SI`>IjHyZ8~UjZ^Eocn{gjbCpTiYl5F1oIr;cGkDwX}=KHZsbs(Zkj%PgdT^so1P
z&$RiV5?y at cbPk&6BPTM|t3Gm)YR5bek!MJ_ye54fN#z*D#8&^EEWG8Q`~N&LxCej0
zLGEoHf^%>l?pgKyrZr;Axopj`MSK^t<=`+qn=R+0C*A936puKOV{P-%!^*mq+9vu5
z?G-X>UqV6#?gO_~_ku-Xb%`XrO|aO}aX1Mg&uEB&%b;cZ3G)0DzJ<lG1lGZNhy-uh
zUnVWjPmIk_8CpUsXbnB!b$Aorf-&$mOn^x+8K%S6Fc0R#LRbXf!g5#z>)|Jegp+Uv
zE<+&et5lEy?#AD}d*d!c`sJA8mk(biaAQxTYs1<Nt_{3{ynOZI1+KYs=ggfs_ftOK
zyJ5qmNgqy{@ZkikdrJLqHEzlRU&ha_O at C9q;7++2n3%ju>a+P7%Gf{GDnadadd?B6
zROuY)J5X9)rBsf3PnvsoTz|f|xL<pf{!?wVg3l1kKJi;x9`IO}XFopb!*R*`?Rcdy
zoI`lMIqJ;JXH+D$tk|l^%UeDo6D<!d2Q35L_ZjKqVXz3kg#&O9&T=J*+lj;wfn-K(
zgZe&e1-l+0Vrz7>wE|lX3h&u`M{LKic=l|z98a<eVS<^kNAvv|Q5X``3_yP-N5|7^
zD^`}SR7zR8QV*4;6iS68?XP`~*vKMwB67?EPeCY%Ovl4Cm<6-pOIQe6){6<Rg4M7d
zB4Hcs2dxJ;2;T(1jXWa&86h)dfndlBg`q4|fGSWGszDcc9eP4P7zm?aG>m}{VG2x#
zS at 0b!g=Me`B4Howhm&v$PD3>O1~(z#XZ!`EfIJWid7&CqhX&9TdcqJG0TW>+d<F8o
z(svSAFeKbaxO4eV%(XjrV(#$O0ST9{UA~c!a4z8#841_;Qm6z{uSH#sk}noui*iT!
zdRew>=D*!L3 at NTGRlGw;xb_kA>#^{~j)xTfMeVhJ(*Ej`=UH`;ugh=AGg;Ll{>$yf
z$W^MuUQ!!~y=pm$Or-C1AM5_q{rIrHl0K5Y`3W|_K{y1r4a;Vm2mETuFnmXB$DFes
zbJ7~IwPVZieasPS1^cZL+j8M?MXV<vVP)h05=F4sy?hG9lcofX>v*_tF^?CqQ&f4K
zL@$$7^mr9$xkVDzvWp>n1^ifDW`e8`1~s4#bcY@=5=Oy9m<o$w6|93z5DBN at I>bR1
z)=$Au7 at mPn&>8x{Ko|<c;9VFGs~{4#!FJdIhauBu{0U@%U}yxdKx1eE!(kT8hE=c{
z)c3cE;ky6Dbme;iOs=uX&%2x3k$v0ttv#~j$i98^&&@t}&Rag7_hiH+^PUW&wPnob
z9Ut>Iek9H79iQy#*Cpip@)O_jDN*-HsUxGc4oNfk)dsT$!kP82N9Yvuogj&c-D`hP
ztK>5(u4f{$=ialZ5~Y+^U@!4XVxuBok*l{nMUEmjU-I&nla`O}{|)r_M))0WgKc{L
zxFWW at gSOkTSF8f{9kEqli`d?|wW-JBil{3Hl(oN70X0)FLz1S%uhPtrq$!V~j!^25
zLu_IV`~d4<J!rW_65a(d5C`#~W$Cwtdub2=xga-$K?SG at wV*aMfQHZrT0<LX3%%ei
z7zv}`eV7E3;Zyh;=E6K!1(C29_Q8HQ3di6)T!3guy_Nfo5XVovMMs}K8-4O@^w~pa
zquKUFNAHf_x;1*!PtiX`NB_8Q`O at W*9R2NF^+@=8?@3Q$6OD at uSNng3^+NCU_b`{L
z{V&g)JTX;f(bk!|I9Pu3#XSb=eXl03T1IkhscqYCSM3B2t*7=%EO!6F+4!ZKta9}@
zUZ?!Cv>>l?u05VPrS>|m>sD)o#3z&`6)#~v-JJFfj*vBjJJl#HcIhogk)OBBw4Ag|
ztg;X}c+21)G;f;?+AR7}8nqd|&7y6QNUO8JCwev(PoB+p#8XCx0>vJcqA44d&|jR*
zs~XkxPK9<4{?<KrFs)wZ4oXQ>t_lT<y`+b1 at C=lOO3(p1LKo-*)8I3h0rOxLM8ZKh
z1c%`W)TX2AKwVe`n;{a8z)?5`0oz!gLw0x`D#Hs<1*$_0s0q!X1$2Op&<SS4Du{#&
z5DhVK18zcU>?$qffSgbW3PVX?l#h!|xXLc(>Yb}sub#ehT6R~DALr#Te|xrV=I3C(
z+q`W(UkbGO_~y-v=706o=FPLGB-*^J+7oRa8ysDAnX<uO-s-6KL(=@A_5=K%Q&zt~
zeeSAO8?=nldat|;)^6r5?)kjR)t?|SKb at sgDI;pZSS|jD8Wsj#RQo((uc`Xwp?*em
z`LqgUH#Ry(?D_PJ>6F#`1JyICc>lT|s=fYfi_}?B<gaC|WvpeX<*4PR<>W0Nt8BD9
zL<YM5ZFBRRTK#2j%i$V4n=R*(C*A9q3)Y-RiJZ1pa4dNd-^U!ZR$z<lvF6w=&Ub`E
zl%*<RtB_I=74rJ5r%F=-S0N>06%v&&YsvEbmx=TLC-4O79fWM!K1w04FlY#kU=z5Y
z^A4U5-O0elotLceEv$uj_#JLTy50B?u({t8)(f`X(0P<dl(jbB5l+~%*&>TP={T_D
zMdnzG&9Fwy9vu at _iM|!DYKFw0?|8A)U-05`v{|<}mLT_PEwz?bqU8VTI8mA!mFs#^
z{Gzw)SCOXWA4ynrU=>8Vbzv3y5NXkg&gj4*5Zzb>KZ58;BqXIL`OuZ8;d!VGFF-Y@
z4m_W0)P$DM3R*)y=ntzP67IlVn2I7ygH;d-2jC$53HRYsjBYBdf=I}=m-FFkA8p&^
zYv<1K)4zwJxD&H!$LdYXH?dnFJK5&KtQ}KTSUju<nr~JW!4ng4xnua-6hrXM<~&P&
ziA>G2q@=k<v)s9zpl4z3+{C$>r?kBVr53cH_S_?W`ppZTQHZ#tTSq0ymk~gZPG##)
zwajKSW?7h6x{}zf?oVI+C;gTkN<$e4<(6z-D6*gT|DYb!hgT2q3 at 7Zs^X-J8hnVBT
zNEiiUz~&>88Hu-=UNVpIUF?>%w(H4@*lM#K^C-31DzHU-w{z8cqP`=ZQho%Lzfel!
z=l_7GQYw~H%eF9b4YSC272!yWtXCoL$RuRG3b{wZX=sY<wGONz90{w?gGkUiksBR&
z3d%uwr~uDHWq1Lqz^l*<UV}j}7(|zb!EksJM6X7G)~(TmMZeyLu`mwafp=j%OaLZ+
z^5x8T<YvzeGax~=T~0WC`8aoO6ZXh%)5-;3e*WpFiT~2AGNY1*tP`zOV%WCb4`d7I
z5j7My5dLhVCNdYJ%=1B`DQ1upHpo}bTm6&FF};aFrf+ZZc0YS=;`zC~N#gn0ya-n#
z`4x4a>HgAvHIx3D1+(D`_?Jhs9xd`m at +$b<TI_$}zqbc0{vep!epLR1*u}>%5vIa4
z_#CE#w+_T#jK6s7Vto9esK58L{#RSlJ&<U*%2jLslbxBytILfVb+Z~BpjT}pur~}0
z^2=@B9oFCPp-bU>q#$cpb7iU1B{6kbqvXVJzv7KUjf#EGq&#lqS+=)$=(4kw^DYZY
zl at FetI44DZD6owA|FXUQ*&yx2y$mP++y4L11H-w9nt$;^g7$9zb?Dt6qcVLk##qER
z1f&t|VDVz4gLXz!qmR+aC}os2${7{-D{quGN|N*6*K{f8uG+z-!<@Tn2b(VK+*Lc+
zbQ$Na+QFvFI(O9$HeJrSt9G#I^3GkggH2a(?y4PYx{Oi6sjGIhX~*VfWt^K9mSKMC
z(2Ug4rX8Cgl`$M_+OY{z8J0edshMLFq%wwsO*=M0D#L=;F<Cn{K`O%{-?6K9Y=TsV
zn;MQ?wSyBR$C at td+}zC3rX8D`ai7>J4KM55+|1FY9h)GPb#87}*0~9iqfI+DK`QIq
z+^no~6C_8Qc5H$qZ@@S-ODXHz1j*5+9h at LJ)^s`N=4OsI?brmVoO5%ta?Z`o9BtaM
zxmh{q=4R!bo0~b>v}1F#a?Z`o$~iYTbF^v4CP?L+o12w$Zf at pi(+*CM9BaC~b8|CC
zn|5q&R^GX}S$XH?W{x)P*xanVb8|C!rqZFMy`xP#Ha9Ep+}y0Zb8|CCn|5q&R^GX}
zS$XH?W{x)P-~`FBrYkr%H*>UU$L3}goSU0faBgnqXw#0(%_=xIH>=>>+|1FY9h;j~
zaBgl^!MVAaqfI+DH>=>>+)O^n=FpnU(WV`oAUV{uOphG;EP%sJJ2W?wt9Gzyhdv7+
zSM6Za4$aNvsvT_Fq5EcX)ebi8(A-R}+QFtBdLUn}+QFtBnw!a0JJ_^Cb2GVW2b*?q
zg5+4!CFycU=HYVx$ib!^n;?~RZf;i6IpcD)X$OtVv8GEoXIzdp?U-Gca?Y+xIk)g}
zv}wl{KBb&nbCq&#;p1r2jxBsjIk)DLZ~by;ZsusyjxBsjIk)C2<=ouN(WV`oAUW1_
zm~(S8N1JwRZWiX;+$_wwxtXI)J2p29b8c=H=G@%O(WV`nn}s<yHw$xaZsusyj?K-&
z)ZFYXCdB{PH}0mV@^(gJql?iMOO{(!W%<TkS at xKZY5%u0E?q4SMIK@`Z&yCXEB`;!
zxVi9i=*k~^<Nv+d{@;7$V&$^r6<asojCqXOZf(5u<M!>=#?7w_b?C~?Z*p{~arr)Z
zehlXE4XHAm%6q)#;37+e|CYu*3McP-%6r_Y_yv)_I+HPy`t5)KDnIM>n*viw3pWPv
z*O%YJsc01EuRp&mFwp47uM5b0rw^fSgo+uxc^yE0UsC!QJ&1K8-k+52Mn|I;p~0%2
zUZiv-ttTZUw~DRC%GA at r7{n1BsE3~*YCbxyQtpwpmp(hD&E|21I+0||`_>33 at Ho3+
zMH1aGn9CWgE_)!S+lNc*!>JeJqWf^M(oNC<(ox;X8%jz8ew3kx at f@#>jF;KJXw>7i
z2IcxuLh`LOg}TdyGO_HV>JO!CH6s+)E0e1dsx3M8f1O09cz2R?QSv&8pY?lu2KC)T
zG^soKBZeV{WY?um%6y8G-WxqJ4XiWTA_k`8y*Q>XMkB^3W+kx!)Ygr(c7*y;M>~!%
zwXM5qsS|kvRC(Vz6!ti~XOpFSOm8!g6YqwScQ87u6D_7XNKU$^#n{B?daFy3*WwsT
zW1~L%F2?JLmt5Rvg5fnaYGZhfj5^4?5v3ZkZ>LPL9r2#3LrkwG-PMRr?nr8PYH5eL
zcEOOv#2;>Uhq#Kz=At`Wx=g!hxonYt(w$}P6!B91 at LzI)UFb01dhi%WT=_`1e0_0g
z*3l&&_gur;xcPqVW4v<DL`S|rP40U;)VTT0D37gi`4ak)YDFPmWo&*GrelrEZOO;h
zxGZ7J)l_K)cJt%EkF9a(b~yq0##OmpC2t!$*7##xQ~aO0^2gfkR)v!f*f^%`y76C7
zy2mzJ4x%x=pwY{jo{W^TWEso|*wHenu+Ot(PW76ae2BR=<QSQaHQ}#5$4H&Mm?-!j
zKVu%}We#}YGP`lI1Gz+*Udja&v#q+4UdMG{Qt&!6B6CWaoQqufI4 at F^#x6^}ChMgx
zvzuC<nG4kaBQqQA>pgeQ{2u4 at dZMMr^jz^#m-FU|LY~=_MgF5N<R9C3QyNz%vnqK{
zMjlgo%;Sw1oqQXYd`{Z@&7H?~<#Myo+W2F3`PLcr|AFcJDt;)lCaXzvlV8mAY%7cv
z#-)Huax3hiTLvRAHk=X>fvIDq2ERaFQX8y0)5OYX9#{>tHd6fj6t5}eXTXj7Bn074
zWi8p4wPZ)UaZmo_o|%k<GS|;+<hzlQ{e}ReDt|`CSgDq6R7WFK>^*8onQ}zJz6-4i
zrMNbAM6bHbUr6}#zHyjzY3=9!QgqP|M(?L$qeyt5<b*~IUP_lb2d8PIt5dsXWA<r<
zAi3NQ-!4AHF8hENn-6Hxr|W>h9r|@KUhdwhU!VTOLK}AN+Pzbkk=M$+L7|O}>NkCn
zy=;MjL8(JC<tdUOq*&%W&jc5&5}dEnQ)L_FDf?n at mBBenb`EawL1 at JWc`MWnE#D;H
z3oY|jY#&;_eg5k0@>OqAs8;JjHCq;~-{IMYL!PcWylDMCg=%#xRI5kfx&w+g>GNEp
zz9n8AkiTk|uoi>ES`G?pJ+4%Xv4v`XT%zfiN<BV$q2~t`!{=2Q_;s~6W>+7vu*REf
zYYkslYxvi#XYFYH-rhzNcC?y%;q|YMj9VA|(XKyN9slFNmHTHd{c->PeLw#I^M7Hp
zJl}KveghgeXkt{oc(f~#C;HZIA-z~t(XmFSRs_;^>eZ-G-5S06mMB+JJ}4Sc+vvZJ
zeTzCZt2NE`TBr6^18QCDnl at jfl9kisEZXGNt|b~)k34$3al3T+o-VkscgN5IyHj24
zyJOpq8$sJ|g^d}S`n^qccNBTHQRdPE(yd&REwohHv}4Zq?0X{H=&wq=F`!)4yT*H`
zQjYCBuYpXAj5;qisQF#>_G4xsBwt#4&N%l-TI>IS){3V7Jz9$bDy=<3l_^seEqH%R
zw&}qUCGJ17;Okdf^uBMbC0(?3u*}HZTDzRI2TCTPwHY`fgVNfxL0yIrNsiX~jq+%1
zN`E6bQ(%S+f&TuezY*kb<O>U`P$Z~8fwZBasVi5?T&+~<+U3*Lu9>w-?aVLN&)%|G
z&N?+RH-9a6gO{_v)-a at 1%cnZF$=#_%_U_HIhQE?2yhYaTZF2POz<<sjo%0Ooo_k1-
zr}}ixJ$P`zfxYt$A6j_$@MrqJQD9)7r+ah_?bRb+ at 9ueD?;1K_K*1413%)tHz<~Y*
z2lX#Fs%!QS-pKWK-`sC^4H-YO&<Dfwj()T7lyQY;OfK^I*u3N3E;{X<g5$;(T{AKF
zirIyiE-ANkN!f at 6B_h6jX2aKo7R(7-^i8>WUzgpyqSVgF7j|!XK5A#heY-1O*!IGu
z$Qr+#Z18(ryMM*DzJ9L7A2)~Jiyd|U{`&j(H{8Fu_x}CUR+C7yjejoCKV_R42<*|V
zZiKeFjs7#&y_M_3Oy{Gjoy+ud+eIb(%ADDI=~9U*Mca-yHvCwxYUifozx~0;T(hcc
z)6Z4*?ylJ+XjAav$zdy3m7H=Uq{HZ-+P at aAU1#T|UnguzyW-$$O-n5+)4BcF)Z32#
zFnq}ITN~G;y_$AMt at Bk|tT6(Lq}uf2<SiEqEy!j>p3IoNb;-_~xrRj3T#VZKGR=9$
zyhk$4fCo%dob-QUn&PUG9#A-4Wty?rU&@rvrMuNDW`FM1zt)@lZu9lSZ`?O_kuIkB
z<S<^`rn#Af2TCSknrS#9jWW&I{oc(&Bsr#O8&EQ3N*kQpFf#e43<?U$lrn85fB(RY
zxeKNZE|MvC!QlL5vKOtJt5n16&%PEM)-_+HW}y|@<gGHaK$R{9YqTs}t5v~jO^dzS
z^SM{L6{y~`V9oBu8ucw$qjRa(1{8g{Z|T-UN;K(JvgL&0&Bj05`28|%CgkflzFfE2
z<vM;)rO%Xd9p5h4bxye+^J<M;SnbV-RugyCpA^~h!<}8;-Tmed=V$JS{dmjmRY&h`
zIETS_1`(^F3{5lW92flPs at +hlw&CYj;)%c?w-&rtH{<-VqkkB;@TuaTJ-4uT=dKH$
z4eI)S-G!He>b*bu*qfyy5~}w*pDVQN$LkioGvB{Z&9G_Xr{*iSt5L0#88 at dhu7;;L
zQ03>(c5_mRx+>xSZBF+<`ji!oC$X`?ei at 8Zi6;}Ne!g9%lNx!jEGZHXc}SoyX8!N+
zb-1+uIJX7=VPpTv`IV3vHJk2JGxpbCb-jPRCg*A>Mc-tj`Hc)Nd*Lj^%0R>DlMzCp
z1XP7a&>s52D3}Poj+1%|qkl&kH7-FYWgn%U|Mug`(|66`4lqeIvOzN#0TW>kEQ5`(
z7e>KZhy?>VW`s~E0af9Dd5^DO%3=dnWHQvQwqIbc+D`=bhW;=BNH(e(M*AE0{n at 9@
zXc&{~b|5V!&x6Rl%U;}omHWyf(riYJy4h4M9oS1vx|WuPUsXTKw4{cz#y7*8Q~C+s
z>h7Z6IG3Bg-HcFmlOdzwXQa&Umw9fik!9}lM%9AGQ%0Gf(KYIZ8ue<28V&3E8?Qj?
zpwVsFbs)K;;on~B?x at brSKTt-%t|ThPF>J1O|1aK(}bUq+iWA3wf;7`iChNf9iZCa
z{IirY+UBj5<oU~!Us;U+vkm_=wfrq at _!}W+8#!nrkZTB(Yv at on2XzNlb@xrKa>n6i
zTav81G^rVlKzrW=xcf%VJHTjE*Pz}2vv0U%QkN4?+-e%t+TXnYB`blnSgW~(5R-?b
zI;fjH1CT%?!tyYK`A9=w?q7!*wcHOc$T5wL?p1HyU(ViBOIjXU=s at qw&7x2*t;l6$
z{T;(DeK at 7zmpY)Q8Aw4&2TArfWIkTlc)fkx{h!$z?lUWqGL@<)l=m*WbMJNlrC15e
z2^h_c%&NDV8R>`}&zqWAL<-KJAvd>74SLGRU<Bm%OSd(R5pdRTS>UR?-22KfHr8kh
z9Z)S(4teOHJSb^Olr&|aQQdfz{_*pxP9Gb_7agB4N~9DG9m?%6c?LmljP>U229fX!
zMf|E4@$XgJz*3CBzTw<HGX at 6v@uo$vI=5o#+^(cLVLLa`j?_jbBg5FUer>^^XPePx
zUcXxE+LpdPi4vJqf6J{m^BtegNuEPm^BmIl4IgEUqTMW(b`u&`v9&9jpPIFn?gGSN
z<e_|ZztXB*zgkNukuuR5&4)+Q8Ci^UTZ0V$vl%z$RksLB8=)N4*y||K4tcsv9~JC%
zR8=FNIycjInAVvJS#_Xa<@q0ZFh<TV1X~$`$q!*hsq8(AX&+fQug|HWpI>dIb8*#K
zeR1B^sln_esX?Ab>tYOXYf4tmy++-P7)1&UB8AZwIuL)s$W2XS{9aHsz0_qgHKkMi
zEmzRneI53?vN1EOQ8x?6XTkp!483`Ok{{QC^vvU*OyYR+qZZO5@*bQ#xgx_|?IM0g
zTjK>hX at p-}d{vn8gL4egUU>#j>_>Vc2R*Tko;d5rgF<yn;Py<n)TnMstLqbI-GOYY
zo8>lob*?bNuM|C$%UIvPA2mKfU-jXJ@=#kZr8IJ?-ZrqYKa1bI|Fd6xj>%~}H{uM(
zq)*})dA={4UY9z3d-@^9pAF><hHzbm`wUWHwbC2?6XjhLkDDUDUzWKO{qlDX^fUYl
zs at Dc69L5yLyH1TfLE~xq;YsD1bsw0%KMNOc+MrlpW1|Jve%{aYP37}MQ&n0#TpuJb
zka0?6AwKS9rF(Ms;VI*}nxTF#Z<Sll_YDk59bwg)=3LG9Xn%8R3N^m2GldeFlI$Dt
zRN^0=rH$^Yo;-4e3^!TkHo|kuz-2xAL8{mN{0C8U9(T<-A6m1g|IIc$aq*!t at _M&n
zs)+YUEb>t!F=uIBQEHn9*Q2tGH+kLHka=zvv?UAr;kHfhraB-X9;%&Qb-D4he-Ez7
zFh<w=gjajrFQEn9)tejTjEc?j8krBvcO at ZkUX#1$ZYX7g{Kn8$n17I;wB;)PEwA>G
zNVgTLo*`IEd->e$B at SMC5cA%rG|z|kM!2ZM*@BF5hm~T|hVhOkNS43Ptf&2qQL3nF
z&1VIMznP`lvef<VVYgO_W+Jbr at sQ(o1O*`gzt%y11pVE?{l<IrL=FG_s at D@b9DJZB
z^eAff#5j85Y26dnE0wGB5tnn2o(TL)m+O5^`ORwz^jwplJ6OsH!Iu5;XEMsCsl3ZJ
zqRCt+wNZc(ZLfb at 2xQLL(7%+C^&!W|n~JH8f*i9kpe^WQvOVM&d8;h7QHW!f1-1o!
zO!kKyBOfG8jXh=<J10e3(8uI>$T9NVd}`wvj+vOUE$Cx%KI9mAdpNaGgkwgfY76Eu
z1&u#5d}Vy^Ur_17jm9zqOoi|3j@`*KB;tc*t8NrxB>UOFx>C+p^V}pY6aHPE4flA;
zq{cBB4Ku3I^m*ec&Tqf}^Oic&K2V2sTz<|rmiDN+&wszaIhLAdkl}%&o8Y-SCO)h$
zc2JC&3O<Orb6w-lKAVjj{>*yW?)H-&3E_Dcd753%MaA!TRAWyUypGHdOHxA_LNfc1
zSx<2zO)Wp>7%~R>1u(}TbwRGrdChFA%YI}iJtz<3$^$4O2l2i#4>SzUikdP7)TO2X
zV@)@i-K0;PTj`Zf7-!%aO&?epu=J3X0V8uC=7#|?G6%R<9T^^4m%L5;KyB`IhB?lc
zRJG+WBJy7~=5Xeoxrg<P@^D2yXC5-^VAZf3=~oZvs#aYWihN*%`lnBvuP3#VkePF7
z^mVWQlby3L!e?QYBi7q1zn_{<gfM=|A|^mBV%j3s4s}B~zgf(f8V58 at Y$qdUEo;wE
z<Red%cTyv7H?ACyXyoV2?KPRBV2Ev^)L2QWLjZFH!_R2Y@?w%wDru9_zgvfzb-tnM
z40NyK9+W(@Xp7|k-TJMj5y91u38-nLXF9cI;5AkyLCkczsAr-*^C^Fx-S9mpYitb4
z%e+<240pP@#2IRN(s-5mip)^u37ekOXIjY1>}8&$XXYVB^&%PihPQ9q+IVA!8j{YP
zIYn<ZsuvKL1^bb4F|Tp?bcPKwM&#l)KxX!>YV_$npiA!o?V1kl+ogY-VncfMTs&!K
z16PTRFW#=5 at OI2|b!SFY4JvSXOyozAU%k0;+voX1wjYi7=G8xL*Wcf?`hw7qp3fc&
zyFI(og?{Vvq+03vZ00w0m)@*iH2;;HFSVI>rd-2gOPWm>og>@x9p+{DEbhmj))g-I
z?x;EwrZ=89{9 at m3^&={OG_hZviF5bgEAPLv%%Fm!{y+Ba0=$Z2aRdGvB_ZyvBqT(L
zD?}j>65<dd5I2as5W(Huo#0N3m10E;El{kbK#{hT7D}m5S}5PUIppSq=9GKe`+d*<
zdoJPmanA0Zot>SXot-nYXZFPi)pM0GpX+}+ai;g()4i^KDf8}jlLWs<Up`x4b!W!z
z{Q;hlo5Ol3jNWy4)}`;(KkIW^H at N$meKtRLUt>RU<+;S81D+Xdzn_xralvE#P4g#8
zQ#6llSDu*qajv<6<5!1zESvb<^(%=5 at 7<WTb6UM;%Gt;xFSXNt4!E!N$=RmlCZ@>C
zm(17g(rfLNbzdK5I(bU*>c-d9vh0F#r|!c4W2S#R?3lCi`0vLa9DSi7=HfAZ>nf+U
zGkQ6#ZoqBZraVid>qg&Rk2)#e`GCThHQzto;P=PY$<J=j`Py7}(MI`WcX|bUn0LF%
z?@-gI(_`1HvsOs1DH*qV`1N;E-;2Jmy5~6;qqU*$I?vTqoA7DWd$C)Cvo4%gzZe#B
z-95vqY2D1y)T?F-mKl8E+5eNDbz`r3rEQ(Q{`AXT$DGeDi#pP@&Ed-s*&?qw{fFMm
zSh?QmZrs5c>$5jrGClv!-e*@{a994kqxrS-bVqXsCy{V5s>sVO%yts{KO(&-JvX~d
z$RWySBRU^5R}Z}1u(Eo_r(T%{Y(p}3ez^6(FX*+zFzDopi_5QH{qpW;ua9nNUtS!p
zlIXCclggy*bKNKGd0g+X&S?E-p~lA at 3T~g&`Rbb*{nNXrYTfF0sywEl%jFqkx4d)1
z{K`A_mo2_`xRJ8YYM9^TzJu<6^0eEXkZ<j~c9!<;IP&lQl)GRyJ3vmG3#DoYk#`ZI
z{axa@$wsGj4t07G;NCF*=gV8BA9=DW>f_Jc-rbQk-tS82+DA_YR8QP^amw)wg`08R
zM;`8aZ^qbz4=u(xe0Q|_zI)SMu30S(u-vvW`NqK5)5{Euozwd`SIlqx{_?h)!+*XR
zclpN0DP1oeI6PQ=-Y?I8Te|4`+Z7+_T1~C{W7nr^F8<(W5wkyV&f2|S7jJ(YaNy~;
zsW(FUx}H${CD31|@A|J##%`UqaiGiibgM_(bs}#cu)eD}>+zY at 4@RvHKfn0=u+{PT
z1GRd`-U^SA9%kk=KWo~-g|Xk<x^8C{R}--|TBiKWx-gG-t=y|hQwAyQ(CBsMpi=MQ
z{%3ck&3Ahq`<rP<@KHU#L(MOrKR9?`V8tAznA*TAGZx=JG`PE7!V<5amh|+s at 2WD&
zIqzqs7lwgf`WJm}y641};N|iwo*Bn4D&0}}uF)~`lZGq4yRdTjB~y=Yb#I=(_4(b;
z)h?ernjhU9aP3%B*IwIKjlH@;+3eBnV?ou<JAclP9#{PE_VsuEu+2;U&BM0Y%I{XM
zt4HI at _YNtPN_4IJZcO#Dw2MXe&V+0C?xitg*d*)lFIOgnpI16zgXq9XR{i|;CEm7P
z)Jt1U!#a0Kjg8eLi^uV{+0x_kr+&8P%9xiAwC>wHjHwti(_%}Fl-3TfHNVzmd~`bO
zm*<^UT=p_AZu;Zdxo^#Gz4ymA=LV%7tbOsczG%ytSv~p;%{ueq$qlnVemqxvu<7OF
zhfb+4T^85rIrV>j;LwXlHv;~6=Ku5dI~TQ!U;gysfZ3s at -@m@~^4o2xJ$66!@pZfH
zHY at G6-_iLu<K`WfHhKPo!J%azIQ02o&i!>W1G~lU^8RUhcEL)sLiG^U&vCt~{v(Ua
zdq+II>f~_rlLgzXOY`dWZFC>caq&(2eCXKm!@3_kyQ|W0pUv0#T2HlCDqa1&*PNsj
z(`|!hWKInK()on$IUDV at njzlDFUH;4Q9i|F)9<6yKis-5>!XEf;omd_y(eWEIs5FX
zg*p*y&%5+H>|~@D^mtG9;!nQ5IU?rj#=gHE?Q`^I;H99(aT~Hv{GR6+b0^lPm!gMC
z<EX6fEPZY~-Z#-mNpaaU=j at v`BgdAU?)laBlw;qhS)AK at qcO~D;?#SymK>;9W`3go
zy$MUzGUsd_e63r*Os(Jdd5>2QxvAB4$m6)2 at 6~@+Z4CS-s5-#rTG`X_yN<Y>+TL}o
zYv3iX{6~+!Y&g65*QG`GHPZ)e{N~3G!ge%7F1g^6&^JDBd0PJq)=6pK`ThR+k+j3{
z^Uj4|RLeMJck-G}g4zs|O%MEzOV?Rn{`|YIPit9jp0V`K1d}hy_kY^2r_r3Q6U;6?
zS9q`JvwG#V-Am;TXZi+sjhwFV(+G8^$kjb{R~%D#G&*Vd2dC`P9t_!gxAK_d%OTm*
zkGx->eqry?_hk+03k^cQYd$-?(5=^{MJtpS7>w$EY;IA|2W3s&R!!QZo805edA~F}
z-oTBSmw&RddXd&?_b0!Pd3oSwC*LW1nx385q2?cX=x%(0^``tP-|@3f{}9<!uCV9&
zWo3iZ8BvEe7_6-PO}3ZGrynQm at jF)-b@%11r|#o_`LWQZeEqGx53}m;I~Vm>_`KxH
zyA`h4KT0=D^?iIwweF`KQDu)W<@U2(dPe2AO|aQ>g<t)4EjYYl)+aX0_Ik?=KK^+9
z8RPzGw=Jjbo^o>GbCsDtxc9O5Hre=lSU;<>%QGLx_dmRHrfJoK_?rEZk)K-j_-^yn
z%SUqJ6Xj-oS>xz%;`WNLocr+ydLFjFl>hEb|GXQT(L1kNr1#I6o#z|6d(Y at Ip}!^Q
zP5H`v<)B|;5-Lm_e8XN`893ZwMAB`YUynRI^6^j0%;e3bgG)?1oqHDitXuidR}Or(
z(Cm{>#!nd<0{3gz6>R-(3>>W1J!(sLrFZOWKC?_8vp6C+xsO+k<+$ZXYAZHg*mQpH
z)@=vYhC9}s(XR7X*fOinfgk;Ky?*vM_3$hCMT-`WYQCBMaj{1)g at ryzKR>rNHawQO
zbJR7B2VQ!sG(Latto6s9&m&wvoTTIvZ26J$*4dHsR5UGJp4#@Sdq1i1w)~<8#;f*S
zHkzUCpI9~|)PA|4Ps#p=S?>+Lv(NoT(G=V8+-);%?;3pjdHm#C#+$7^HT>Lfs^0vY
z219;arx5H=aCNSfUhl&<g8X)UHR^D7!pu`=e!bqUf9+=;#j7inv+qvWnlWdPw%fwo
zlBH*qe1F at redG`Gwizf7TVUlhCU>UY_U4!^!;%I}opS8R#^2K|vVFP?o#*k%8M}?c
z_U~HYaqL~?@2)+`3Avf}j)%)V_gzPGHw^dsvTD!1qIFTW8)fz1+rE7DgOru#`j^g}
zb{ID4hepGApB`rK<e#h>X||$ju4Q`Gi!1RDr`?!jczcPeeDQ#1K}BA}()0E`w0~#q
z&s+A@?l|{RO5hXyp!o-yWAg?bJ>9+UdG(0Os99 at Ou30)|zwhzI>E!Z at KOWjV_C?w?
zh4FKfY>Wqu%8A}oakO#QMYUr&4aQgUR|nnI(bhGv`Puovj^&5t<Zs-2`b%B?_mBKP
zy?NpDg}c_A`RPXeK&`9QPk%mf`@rz&fft|cyu6 at d@r|HO7Yl!}nVaT*f584 at S5~+V
zQ at OtSbe?|I{@H`xuU>g1=#Y<c(%s0l1I<+JgElqauiihm>U`c$qpJ?Nss6U at iKl%0
zvbEDc*G)?~_wCK54(lK)7iKJfmzQrNF12~>GA^okwbVz%Y9g;HViBE>I%|)4I;vWs
zxcHO(>NC6Em~ei}C7ChzJXAabtYW@<sIt{Tq5Jss_ZJR5Fn{T3txVUOE_oXb6 at 0&$
zTe|2-;ok421;*+|PW-e-*7mef(~7+w>g3K0w~gp(6>HnwWkH#$P1x)u=O+z#He##y
z>gn<KELS%NojPzn^l4?oiXRqB)gQMyn4v!WG7RQLFM7G_g}33vTqiT#A%DaKm47-`
z&UV#_vtM*sys^LRndJTZKe)vm6IH*Yq#fD*EvaVCkBR+tP*0BzZy&(xRn at k&otd6u
z71!5Se7)+|wxR*+#9~!IQFTx(`Ckv|^?F!aNLM-vsiju-dKj-~g0?W0@>`8~Z2lrk
zM2E|<+mtuD@!t^c{Q{xxj-COm1)5i7mz57KF7mT<>F#W4o?Vn#oHev4*Uxg`fIg1i
zmgeOZ=|x%T1;s_#ewMY_<(2{dDxG_#`(_rDMWmOQGk~IU-*i9Ayo!nvUni&XOxBar
z%exnsWEXK+PH|abdIcxTa-Fiu(yJM8VS$sYv$LmDVfxS_OY at 9e7eC8_3KvWBiW<Jl
z%ICX`TvuV9t1yr6vhw*ZJu{Qv%J_*_Z(8SYxoFP6KI7Ip$F21<?yYm&TjzMR&hcoS
z<JmgL)6zVzU}#Z3_eglLG|wq62o=p}eP`+9FQne`b6~Ta at a0{|z%N@`8re6<3 at oC^
zSD{hnb>^Jcstex>-$cid5m#75{yeNd(lQ>SSg!mf&EeNyU*55FnI`f!-9hZm{*@ML
z08wnfmf?5T;q)`rX)}Bse(9zX*8UCkcn>>e at QxHk1BOefhWuh+1bj#h{CZ=@zNxD;
zlQ-7)Gy|^C1V+-vf^i}}OW*=kGs22iY<?#_YhVpkGZB6!bvxjx12CAs2{Lu%O%ZJE
z9L`onmmX~9_5*$jYPrW7J`q3)`_ab_0k)+9mYMt_p2wRj*dn!ztxjfTfKwGPYB-=X
ziu*GT*fIskn!(=%%mJ1zV%(MjAFW`TtOjbD8SnML{EfhGo7fw&4cNZ}$lb+s*aJlF
zXS%(|JDU#ytBwGBKHyi^6O7ksb_bnjdh-7K<;2ai(G6 at w02>yVc2r7?PD|sX(Co%&
z at yAcxCe>0MF`B5S25O`x8bKq8(Z^^SOWX~NrwKHXCedW#u3;)oqv^!m#7vq+++ED2
zc{HCEkkG`(B*0=?LQD!Qqvf=cm?U75U>$8BCJD9>lLbr`Fj?>pF=@c0!2vo*OdcGj
zV|1KO5|apL=o~SraFH(275bE}(+#>sU(jv3OJCC0bf3PV at 8}UdrYH0h{X)Oe at AQIR
zl5j2<sqpSrU7(j4*YC>PWo<=y>#76ri8J at nond)0d>^K{AK(+jFnaS2_kP at d1k*X5
zc|L`${u#_4dCd32m~RT0UObqeRq}WYXT#<Q?mG`oJ`apL55l3ToX13WWMb<xf#)+}
z?=R>5T1-q0CSny6(ToXbz{FE{mkp;(xNn$ncbIUO4l#cnVcvh0uWXoTs!Xs^mqq!C
zn`UD$&vBYfD`*w1p|!N0HqvI=O515C?Ivytdubmr3*&v_rf`(FIh>$V^dX(4kLY8%
zK%Wq!fU9(kKBLd+Cf%WX^c6jzZ|Na at Pe0I)^fNuBXY?CAr#~p4Mw75VOrDl_wr;aE
ze+cVCN>p<(;j1Z`Qvmg)49cQx%B69%h~A++w3qhNr}Q0ll4iL>ok^MO$)6G_nFdn|
zHP9k at hxX83+E1U-6H<|3IY7b<T$<!Uy(yK_DTA_TG%cmQbb#KY_vr at xNUE~T7o<tr
z<VM1ceEC#F#Z*ed&3w&tgg&6-bdtWJ-$+M}`Hc+7h<s at vl~6fVP!-Lk^>mC*&`CN?
z_vv at im1h`aNXFEIdQ&Q8P$p&57 at 9{rXg9q>dx*EW;0dX8V%m at fX^|_1Q8wk#P|BxC
zw4FYrkLY8%K#z&Nj&LJS@**EfpgbB)<7hlhr1i9qF40xGMxW6$>Z}M at lPz^4dkUi@
zs-zmKrQsx8H`miKIzcDtG~Fll&RmzelM}g6G!@bWnoLt at 8f~Eu=oa0fyYwZ=DltvS
zft<*hTq%aqsh*l>1dXDVw3E)!dAdNK&=ZnXW?4d()P=06HziU9RZ|Vs(L&lnr|3gE
zOCQlgdP#;VfC-tBIR#KG6;cV6QaR0{HFSuM(lI(t_vlyBQe_?@Ju)C~ilSjuNJUga
z(`gkQq{DQCj?o=@M%ro&gY?Oed?<{vDUXIyK24(Kw4V;r`*fIY(f8C at oq3T|Nu8W1
zkdi5dQYoEA&>Y%EJ82iaLzn0)lG0#$lN@!TuH;PN6iHDOLnSnZmeVR)O>5}`x<@Zb
zT9fq`k|Qe$p)|^*EXtv=w2b!AdvuTv(M at _zdRj~uG9nY|Nl8>mHB?JNJ#G>0ptJNb
zou`ZR19jGBo*`T6M)t&ee2__vG?GTq7+OvH=n`F}YxEgCBXu3FOWnzdTqv4yX%vm6
zaWsL}(LuUK*XeV*NiRsaR=blId6O?CQZ>z at xipU!&>lKZ-_j%co_-*8J)RHbM}ZVX
zy(oi<Xd+FasWhFo(tC83KBMb&gPxPRKKF~dlM}g6G!@ZAnnF`)I&Gz6bdzq=9lA#{
z2F!nCOZMbI-6?_wQ5jWI71hvuT15xxFdd;|bccQ+4MUzAq(ge-N%2%l6;w&pG>^8?
z89GNF(Ruowq>Y$o$eb*w3kA~vDyA|jr%IYb%V|Fyr1$AC-J<WQvoZINR7stj$d?9E
z0wq#1)zL&+L+fZgZKTt5jeewG=qWuTeG}H9D3rpfKSfd at O`^55o;J`XIzzvct|{{o
z8Im#epdnO4!>OJcX(@d`x9AStr7vlhHPebN(G_|`!k4opw1*DRLAp$L=!Ol;J$g=m
zkghG$lVt5!Hj_2kPyoe{g+0qM3a5MrUdL!IE$Ys4hmO(*^f`S;k4WB$$C?btg?dpI
z)zf(LcV{}&5K5(LnnqUMEElLh-AQ11mB`~u4~MX9PhtAeCQ?sjnL~=1JojlUd1f<C
z^gVr+%eqb;;6Yo4@)|;C=_C4z<cD!z$(I5tn35=)oQhbcP=AV~92!Q}6M2qOEHzH%
z^@*0z3ffDj$Y&w*BqdTZmD6ZiyO_s-&eN}?zJzH`cb74JS=WxHiOsxz(@(T-J<m(}
ziRQe+`Z2vnrw{O4dXJx{rL>pcBg^BA8wF7>N~SV0ImdE|dXhiIQxyr{-?db<Uuq at H
zd8uWs{c`T%xo7|SeZ{}=nSUpofAX3C3vu`- at fTnB|H8ifUx<Tvn*5XZe|uk~{=NMF
z at 5JqI$Kl^R2mhTo{I@>y at 9)dpDOxg at Ud|n%B{Qexf5xE0_oAf(T9%6cFZ#Ts|0~2k
z-}0FR?Uy=ZwEp^kncZSBkreWu=U23>CHh~qbbv7D&)bp_n=d2!r1<~4|Fv~idtpGv
z)P=MxgwLt*%OWpu{F8sI&;NNZWJ^mbzwDzGzpx_^ra!PE&lXnx$2Ou7BSr|V66*Y|
zg!JQCoTUy0(NH0LFU3Ik8;Zxyd at l?oVk^vp;$tCz*Z-s;8e#-oM~(}H&j<5W^VNJI
zEZzXed$p7voAT`;DRpk^Lm_Uj1|5-=QRMpo8QulXSB=NQ3c|aWFL^~{vu`Tzcq`x?
zNy4Bw!U#3OU?jqTF_M<J at t)Dv#~rwE9nr%MT8Hlw)*8Tu$;_7Uyg1&C4?`6O3YWA*
zxCga0ygv^FD0!KO#1P#iE^!yzmOJ-S7?4Tyzye|9d`U6%khqp`*P^7gJjK>}eFz?x
zzgQ+Y9$pf+<t-MTFpgjAc-fxZLobQTgdrv+#onjgT5SVYiN>LBJ1T!3Pp+e7tpi?3
zS|)@dX_+w4y5wczxv?!S!uEtT=xDvxffmJ=y*`+K$EhO3MA8yTDe3X*O#1UVA>;{3
zp$Wen>gYTY#*UJ-#8cuDN%_WuXQrgkd?YOKl$Zv>V68%$iuP2<g<hN^?7xuD+8?La
z$Al6;7UIi<5m-Bpp)h8pq$QHqk(92U64O;E-z05EQo0J|sHAn;=gGD+RVald#oLQ%
zuJo^zZ5<p}NL5#{`JOF#UKl`CD3v?@yqnm3 at z0B&eSaPsv+d}-zD!as5#rEs3V2C8
zZbBI&X&p(&%}e5O6Gk<a6q=;t<|XmC3D>cXLldr;l9otH18<3GAUO{R*HB5 at kyIuK
z4<eGZj-)gY2FR1Nj-)gYp3TrveiKUJw)t)O%}wGqgsV$iZWBrm;S6zRIKq2L`9pZv
zQpa)j`HOWVrKd1LpQO+vrKb<iI!WtDN>AbX)X_S^{&t+Fge4v4DPc*+X&@}=INgLL
z9jAe?q~kOYmUNs3!jg{DKv>do8VE}yrGYSbf5)jKsm>+j9Z6{*Tz at 2mCMgYs94BcV
zNogR|f+ejZDGh`%5yh{YLfu;^XN6qt at fXV^U5SPDB&D73><IB~iC?2#U)z at WGT}*>
zlGYRAD|wmd$|9;02q`M6bqje#C<WWrYg;B9E1~w*@iJi;Pf=~ReV9VY>BhCh<JlUf
z==+C|r~e#g>u{idUe-DUz3}~|{dz)8N62eJi6*M$x5Y)YOc=tvwcgsgOo+LVj>2_L
z$lc;$iZ2tckR31cZb`L{mI)=ja5hU?CX}LoUMAGcge`Xz7tuheLYlt5o^Z_-j*qbS
z9p`mnG;v8wB%O!C_~Vk+k#rskM?i?3=y!C&p0pp}RZ at 78&QT#f+V)lmPq?}ZIaSzS
z at l+CDCLC4qTp(H|q^gh~CDjjvvs6;qCp>Mp<G2esN752WX)YW?N$W^Tb0POiT1QgZ
zCw!Y$<I#xbZ<~ZClL*hg$>#6)+6Fo;hax-C1YfbK;yxWWV`qp(8)-{6oLh+uW`~EM
zmdzur=GpTG9(HK78tKT+(e7-JXGg^&3U*;fIo&50H#XvUh%9Ft&Kw_h;svlnG?1ME
zLF_bOGs at jw>>%pRPQ<?KM2uvoZ8SS3W83>Jk)3Vq)EJt|Hj at l?c(Maya~8wOX6NNl
zku!ztB$8lsIXj9f*r;E_8xHE&VKbbakW at i8=~)BQq=`3SjASRqD0YO5=ExOPJ%-z$
zU1Ql<Fpiyl<JpNN<|sQi1m8|#r at PRhF@+srbdF4>a-Hei?hJN>k^W3}P|-3rMK#T4
zXUAN2M9kxjK6H8k*JV>sIy*4*Hu1BxlXj8rX3ish3f{(!mtAeP?PkXhJ39W~F#27#
zcI{(F<N at vzMIRKo$k$I_<A0c)IAnW-9ZnyJZg9GEf{l5n*eQC3dFLEEeu#g8QY6hc
zG9*hvi<&%jA_Wp!$~u!0DU%AZagF&}Xu)Ia83_%ATBJ=n#O%ypUNVhHXh38iD1XN<
zYDhHUE3-LAAOOtCf-I>ES&=n$B^zQk=WmpGlOx%a13412cgvGmocYRZ&2oeJh}Z|m
zvy`1_<VD`ZEY8Pt at wih@@*{r=pg;<uVCqG^DTMk^Ukasu6h`6HpCX8-1xJ5j`cn+?
z^k^AjAdasCXduPYAW9&fE*x`*9a}V*hENKnQW~XG24zw<<xno=(NG#j`BXrKR7Ay8
zLZwtj<y1kHR7KTPL$$<H?BBZCaST5<md4R|nm`k25>2KlG?k{&becgkX%@|<IW(8%
z(R^A!3uzH8rX{qLI_rx3#Ec*~$INh*8KIRLGsI<P20<P(f?zr`L#t+Hh6l_Ht!6M&
zq%%`2aN>;(6w6Gpgq~0cGlms2g<vZ)#71Ta=|FylcJkmS at Zf*XgZ~*1{<OY~FAr`p
z53Eq;tq^0x1NbcuTqzG)CmyK1v?Gh>0uR<A9wfo*<=v+|Sgj`W0QKep3gtlw<N@&*
z&U{A=bf07!dHyu9JQ~S3jbgk<GoR7uG3<1ugFG<(d0>=zU|P$(-}(My9w2ERoV(PI
z2WUFoA$uOE7#^f>9;7{F%>y-oHu7N2<iQ%x1LeX4wTwREff58RV;);Cxy*Ci%s6dp
zEANKvVjAxLf2X{={|@ulyDTgAu`D>iJW0t1MXvExyv!4B<_tc}JU}i-c=N;uOsC__
z3ny4EoZ|U=hMo84{#E9og!!$Gn$3CLq8+q{9?)YdVP32!;o7T0Mr1*jWJ9jxN0F33
z=ja+Kbz%8OXXrA8TCpskQ8b%`>-Z;ho4%&|^pJifX=|3HWJIA9N8i&Qbfqh=?<8FN
zbEtyqXgH0aNi>I6(Pq-)xne<qb}Xl;o+i^)dY628{`8|q^a}+$aGNxSX45KKL+j{W
z+CxX^C3SLS`NMOqf~u*3Or3dtkqdc}H~G;?I!__4+#a2yt7I;mlO)tdEXkQX$%}eY
z9~wxRR7mrwnWA|9CepX`3mxIPe1cBWIr at seqlff_X8Cem+Dz}#aXLf4l57v|FU_Jk
zw3LSP0x^YtCpkZ^OKZr^pVt;zLtDrsfY&Cf4QAbeB6=~dw463mZEv23)J!|cA)41K
zilo7Gh)z*Z4EKr5;u#(}CNRHJ9}1^|G=#EfD6OL{bdE05on+=&N*m1U22CEqGK^-@
z99m5qX&b#upV1u>>TW_=b~crHi=L<Rnx7%6#|h=y*gTf|^hZ9^ses3qET{|F(9l9&
zb7&qdp<VPI`Ia#5)U}+~XmTPK66$(F*%wA}G^CRGm=vpczR+A+Dd0tGBMJ3Fp`47Q
z1QP0oLRl%)4~6nls3Qtx=HmwD1KQunG^KCpM;hJ4<4Ao+ at H$M|BUvY*YO1FRG>wG%
zrBL4Pp~EE9HHETQsA~#kuk9G_2MP5~p&TANmidL|&<bj%?IhGig|b<wj|$~;&k3ww
z(C73eX-;81h>XaBj<Os+MNP9952~8Yc+sLc442a8@%m4v=_4}W#nhC{$cDlxnwHWk
zN?X8dBrT)0w43&j`y$qVs5eEE(lXZB$dx?l)N<w}n!JkpMTh7F{oc&uzK+L-G-)DD
zqYbo~qSrH>XebHSixR4&t+b1hHn46(!)XL1Ze)FjMs8+U^!*kdH~O7kP#CW%!ga-E
zJFkmmv4iiac^C6Ly-&wUZ8zgX=43;G)QgVNN&1{_(>?lz9?~=V_+8$FNl)oFve?7&
zhq{pyB~S(xQVC6 at DKwu}(oTAZr1mmhNQJa$5G7GIRnkP7LZ8y-bafxkIg;7W^NT#l
zn?eroyr&!*N at Y|-LcLtLPBl;yji6C9n#R&Nnm`k2DG7D>PVAn4>unnRck+Pj|9D;!
z_P-OP{{;M-KZm6ybvelz0sXzRRoH?X{neI)n^TXGaAWF25^hS>cj9$`dXsQ7>I4#Q
zL`@;#Ce-O9+<+QE!cC*+NVs9N(=gG^qCtEWZWPTS;U>`t5^fO9C*kJMI1+9QT~5MH
zp{HpPuT8C%@cq(P8fNpeB($3dgzpoAS+5-B>xYy%hh-xbydtDv>orce&dr?HW)|NI
zgqu*4NVoxY3<)=%ULfJdQ>!Js_P)dKLL}TkdXR*hM}tYYakQL-n at 0UexM8%K#E+7A
zx%yXS>m;r>ofgqzYAtJJc+~zIr2oTkr2p1dg?udJGV$Cj$7zAIkfB>{g8sjj&xH24
z|G(z1);uFzm;W32L<r+Q$t!;+pNMjYAs!CBrzHEsh^;TxUjL^KX#+<UZHLF at uP=G2
zrjFnGUexr~+uggPWf!zvwH7>mu&<+K9|j-OGIdW$?P%Hjeya^W`&M;#N6SKFPZ=GZ
z(0f%!%N7^RH&M7UWkE;FbgPtX`x`i*qh(o*CC-;_c6RD$S!3gPw=ugdS9G+ji}piz
z|M&aH{&^Yei7CqiW7p35_0P-HS-7S4nwPTdNJq<NbhC|IAiX!Zqh$~Ju8*wQ at P7A>
zmi;ksa#Y2|uZDEA>|MR>3EJ5S`#V}@+3Veu_5I)1>}c8X!F at CR?e7<Lw5%Q*v*pW*
zW_Psg{Tj0zNqK2r-{SmVYCSDFTF=QezG&I=DUV*N2{~E(6RejHZ7y$&vdt5pD|)XE
zC5OVw!IKp>cC<`NDCpE%{ukaM at 6}u3M{2^zfEr^K{2`19n8w#)Ta3>WJ~Sbe4KjS~
z4&l>!GlY4fzt+_aT2@~nCt7`loUnRSm;wh9RN&yx3TPLU6kBU01*FpwP>F&lpb`a9
zK#B}V@%2E~J^t%J0+mF81S*LFkzyd+wD?X*VUNT>M7yM}Dhfnh^&jri7wV#bzEJ-M
zyR=<P6v%e1f3Qm<bVY%T(EW$I6m1|1DB9r7yTrrV`q!FgM2EV4mW$#M`Wr{-ZN}^9
zq!cCa|8~afsH_uyl&dx-PfC<~^Q45_+fhL$JL6U1$ei1nX+`UL%Zk?ZmVJF);TZ(N
zTGF#5t*g*UV@&^-DPt5mrSVmKyTaJIEo({K?lncxcCRVEzFnDD>q?IEdS%hN>y=+$
zSN4r at u2B=kxkl~vILo~;&Y_y3?S^W;zFqk@##vuSw64C+>+5!UW1R2niQ;@;@AWt<
zw8mLo(lKg&bs=kRxsZt;qt=U{<aDljb?vHZxps-K`{umShnFlNZ}j0M>p#sKy05NO
zx-C~K@$J4jZ+!LY;`CL^#YueKH|LFac})`H{4TFa?c at CByfN<8rD$BsrAU0cZ_XR>
zudY7vEmt4$b>Eyfx*Ch(+|~H?IJf2vy|)*vw>71=H6_W_inmqtj_b4k<5lzyip{s*
z4d3*2_kX*J{@=OO{?{^I2LZipl<2tCN0cuA<0amV*6Tpqm&CUv-rEw7?Uj<-EG3pP
z|4D0D2Z6lJcyBY_-^+OITf_clGi>{2v47D1FSL;f{SZPMnb48&SLad(<*(?v)V{Io
zZ|+k2R<nPwOF|QxuuDP{+TY%#_HAi at bC=pTs{Mmq5?a`VT at qT@-mps at HN$G^3(c^i
zJfp+GK&8B8`S3MSlWMOpJwAL&ujBrwjtah(uteFWB`k$b468N!ys00mg8+3}0u*JT
zmH at 9QGC)zg>tE+biGhi-QcGa#l^K|*A@;8iVh4d4w8Tu5omv8`QDb1O+3Iiaswiu<
z1Q at Ex07cEUe{)wwS*#^6eH{iSYQO!PyDG|NErH$FV_>b>?QieuUPB?@wgkA>kOA&B
zd}IFo?|es@@wTe?pZ5j-Z+|)NsNfX!LA9?cino8ixsRfKf2sJoZ|<WI8vca#exYx^
zeS80#`>)z}$%}9I&3zQ at d*a2{eRCg$kcWgg3!U%n<NW46iuPY`#kc$BK8p4Y$l~k1
zxsO8VT^Hgk^scv$^V>cORtf*seFE+C&_Ag9{BIXZlCOquzecoP;#+SR5Pc<o`!zyx
zPtt$zH9~U6YkxKTo5e%>%i=#M9^Q72y?z?JZ7S}#3H@!0-P;zszii&>panp5F1;=B
zUN2)r=hE9cp5#mI+dFn&&oiQPsr~oTzgc^DoAKUeyw`tTuukI73*KhDzp4<mZ#ek}
zHSzzT#OtW3?d{KEUN11;US!`?Vf_!XT!-IhTl#lIwY!!+iu2O!qd4F4i>$xAGRb!I
zvw at btMBi&$0$U-+z(l{#5^s+D%Vyt}FhtG1En$=>FpU4O`L`tu(Pg$Jj6fxZA^K&O
zcs%~H8Mq}3(N(r340Tn8A^KsKco=`#9NZFys5!VLj4#v~#(&r>+!BVUS-2&P?OF^&
z^ph;{c>HDaa7!4XQm!S85xNXR^ouO<F#fWcxFrlxGjU58(FP1da&xihp$@I*v*<Ox
zB at 9ukT}v2wQVc`%lNjFr-S>=nuP}2&g(>l77A2I2D#}(+3R_>(IX^X2O7`FTl=wci
zc26)qGVNo-p^x;X*e9$nqcJ90)Ip~&!}#dSq;a}+OU4r7W84y-wk^praN!3vuYOd+
zt;xN%xrO at D|N0@&>wE8J$Gz|Bp&&I_L8 at 1nA-5@NaW3a?AuC9f28P at w2bQrD9umoC
zM0zU-Pl at zZKo14<RDi!70w-{M6MiJr4&i(e-p1KsfP(NO$z%l#Y58enOEL?a=qQ<m
zO-RYM?Uww%cI#jLEyAvKYQJwP`ZC<L$4tnY7cINi(z*Va30d=^-HrVU?SgAP|Ab>B
z*GaKmm at 4|R4DvpI8gu`7OOP#n?DzQ-nfuS%1=;yeLAIWfuYy$)4_AfH4OJWS1 at HJs
z5Cz*(ynMksKN8vptK4C*|LVXI#aKy2ENm5hc?K<X;-C7xCB`kKj?jsJ>i2drR+SiZ
z>q*=ia}~9=@Ky9XG5GWR&5pMy_?B+{^Zf0Ocl+Rl at 9?6WC>$~&jfDgeVlD*VdXBek
zLgQcCP|;W5CWJCC?YEXaXzA=1%DlAS+U<en8#mF~Yt&IS=WUN-`(FUI=2ywT;(Obp
z`1WVI!tG0Mzx4m(Fa1U=x`d%4{#EGljWG1VUrh_cCWtQ=hFB1v7KZO=o0e4+hD&Ih
z=5?6EW{6J<Ltcna3qvS~PYc6Bh))Z{S%^;yLwkr%3&VhjPYXj_h))YcdWcU8Lv at Hx
z3&U)PPYXj`h))Z{cZg35Lz0M33&V+sPYXj=h))Z{Rftau!)%C83&UrKPYXk4h)=)#
z|MbsLeAEBI`<E|;gRIHHnH6PaNRIdzwGQ8FvZmPa67l(>unhP~BND>x=>5O at De;gc
zz5jRPC24)}`TtkL5{{90JSDw<o35?7_&-Un)^#MOs<5P^d at P>7ThF66eeU0j83zPv
zIgb@(<vFrUAdkNCzuqY-h~{y?&6W=Zav<-SwqoCJq@=md#bL_WrkheN`U(GT&p~bF
zLd$aB0b9kES4jPWP at nrgq7NOd(35%)bjVvYwM%!m)Vvg*SLJ<T=M6G#p^c65lWqHC
z|NINGZQC at eo-ceC6aBSpvuyC_wrIA@nLB7_r#$85!uJdQEeJlQ(6;{1N*aoLx^4*;
zE!z?CmGHeu^w+YkT=q~UVSUl8kFu(j+t&R)dB3v0`q!_%D1<wm5L?!^J+9djQe>jC
z`qz$gOGP2|bXc!0tS_3Hu9B+JHq{np>$)eipSFD+X$j4vtUyP!ZtG`)Lq_Pe#jPYn
znXL-1{#w?k=-Tkw9CO$6Ms54{g`B=|>k6V68*5g#T at PErXo&mWWP_zMhp`p at qWerR
zZ(ILRr%mP_a+Y00%Y=99u+vvGbwOjFm2gZ&Q#YJ9TDQeCPU$1-U!3A=U#+M1w5#YH
z|8Lo5znU91ZRzIU`-*K_N)3(P*R3riy*{yaZBrlU+;wdG<N|-??(M_fT(`S>Te!z`
zo^bHOSAQ+rJ=MwExo!FOxZcifVb3b~$fYgU>{1`^+LkJ|PJ7(iJ~^!OYWKD&kH$_O
zZBtQNy*%2s5NulK*)}C3f6lXQ3qtOnQP=NP?PVXreD)hg`iWxOc1Cf!CFX7E-a4l-
zXJC(4`}XQH%}yqMZRc}aXsv4~#*g)Di%n{Bw}7^IcTYMYHg(nMO2E3TXNjWlg*dM(
z5gybb{I$iI6D at Jew9N@=StR@?itWEX-8$!&$b+G6IVm<gzh7J4NeP#WY>SDD>L{_P
z0R;;p+sX+Y8 at H&o5 at k#Bf#~+zy`XFq+qQ at P{$0eThU-=hYRfyq-nEr87u9}EZi~V5
zxP3#~_Wn?wVtV_nbauARY742%xj3tB&+5{SWwnJgTGuD9ZR&R;@u at YjhsBodh#WSw
zZ9hl!bINZ^pKIPy1?^+-GIiu at b87n-7Pf8aK<;$0sjI3cMQ!nQl&>#o`=pRsZKcS5
z>rX1$mI*1{mdk|s?PJk)hI4+)aW{|9tZPfT+@`^GZK2f;zh2iCZ#%QT!`sT4pVIpe
zZy)x6u-)}->pBk1X>6MsVZXAmZGVKbv at Hj|!*3_T#Z72^`|?$gJ2~$>Xa2zQwu-g)
z^DF`1XM5r3ejJW_2#1R<=WyCJ9QIUR3j4`OK?+@{zn&Bt%%!l(Ns2?DN<lS73d7>0
zFgacdM-!yblrDwih5USz6h<jYW0{*Ylp>`uFJ2nE21&yqSsLD{(ik~Z8Ye5IF+fiS
zCro58z(xknPBQ2hD}%36Wza2M216TUuvAMHKPAZG*HT$bQj)_FH8~{P%3+(G9NeAc
z(8Eg(G5zIG93=;{L2}rXEXSe9<*-j$9)mi`W21{a0)ynC(MKL-k at 7f2QwPdJCSD#%
zsq$EmDG%!cc}!941XGPp(9rG#mB>yg7~BbA8J*yupn&fT6fo6L0ZGP8K@$ZmF;l>0
zYXuIkuYdwq1$+~$0QD3FEH6?(VW|Q<s}yjuUV)EbQACooB7TrpWRtBT=Bg`VpN%5?
zycKaSO%eI&iddeZh at EsRQxQ#Biuj{c5shV3p@^QfiU^bKjAO=~@tH+uSlD;Q=9tbf
z&*+T8;?5|k>Wt^ro#EfWi at CfKPN^xu+CT}{jFr&GS_x71O1SEwgu6YJaK&E<4 at e_K
z309#>cqdN at Yf6+bzFrAW$XQAmigL;*Q&NVbt}+~~lwobHjP<>h(K}Tc*E5x|wn7=d
z)+%F(lnUPOq=Ia16`Z$FfwjE~zH(B5Re%asM5*A1K`JmzRKfZoD#%Mw!QylkJffcJ
zswmP{#e73mTrpCGg`+AoomFwZk17%daejp=j4D-8t*3_XjMcEnL=Ah*)R1AWhU<=M
z_$EXRa(QZ)Rj7uf5;a(|!}K#%b(~<&R*b$n!YtHbYN?KdZtB?Qq>fL5)iJTJI%bD*
zn8FNoJSNYf>ToSphg6w5hqhP8JJK5PGS<NF78=O0)qu9M2GZR%kl~?$+)xe7CFy7l
z98A){yU7}ON!tf&z`RHU3MCqNuBVA{9-7$fqY1-sO$?zPv6}d7fF at 24)PzEsCi)d~
zd4ne0EVOXXQVXX7w9wd33-)PRkS^6idW9CI)oS5(qZU+}wD3Y%8wWJC(al;LGJe`v
z8K;f=$=a}~&_=$F4sJT>AkS3?PkeRIB}fOOf_0!3t%FVjbnx{c9i(RIAf!kKtE+TS
zQ?CO>bzN9%>EdTPq^pZaQ(ZiueO+~7<*titA6 at JY(Z$?S&M()+a|1mLHqpZZYds{m
z=;45u9yCMr&?i+7ayfc9LI;cWkffxKh3fkFn!ggW>!Obgdws;X>7&F)A2L1lvCCf{
zT?6!?k*1H$1^Q?%*T)e<15B_qK!TG2e(Ys{m_7zL9BP1!JOiYc86c#}0A;kT+5oDZ
z4RPGa5WkoiBGJ(h!}AR>s?ZQp3Px~JHNqxiBYf^)1U)Y!<OUkygWg7b{DKiS<Qm~{
znGv#ejnQal3`JjK$om^3IM5gky^OIr)EHy?8{>yqV`vXEMs>L{9#<G+U$rs5t}({R
zI<BW;0w+rooOU&Vr=JOa3O0dev<Z&InxNM}6FvsQ1Zf#27|~>cl`^KNwKm06x@~L9
zG&RMsUZ%Lw*A&&^rl^TDg><Yb_Gg>oNP#I#OHA=WsVUORO|hN6sx*a^i5c{q%<z$)
z8BY0|!8*bW*XV<KGwhWzhq;0|x+<E(K+_za^ev4yHpgQ6t(!RlT+OjC*c=so%(0xl
z3*&T_IX*5jhfRq&49m<hvD_S!6fBUXZh;-z78s>#fvpA>SYl*>pG_^W(82;osKn9&
zle<~qaCd&j%>v!M_&Gld<Of<{ORxpH_O`(7eio=3Y=OPS7JM|7CC12GLWR!`dT4Hm
z$9zspshcG(L|LNCKug?DwM0caWm>Xq<h&Y7{8(#=dh;%PBuW?j;?@QA$zAX)vkUxW
ztZ=836^3=T!YV^6%rdb;NmnbVxLQGrdb(TTMw}Hc#9P6++zP6dR at hN(h4Mx#IOti!
z!O$9sw$?c6V2%0Rtr6s6jTgPGF+0o}Wm(qvEzcV1!>uu~-WsR)u&bc1U7_XJ6<1ul
z;*3{UjPdV^&jY(+SYB5&7j=bsLsxi^tbq;QGqgduoekW4Z191v4KjP!;F!M+x+dG;
zdWH at 9W!Yd?l?_HW*x;~&EoN)jqEm=1dJeY5#uQtO$gzcnOgD^>>xK}8ZkV9j4Ik=s
zgPd+Rj56wmNmkvEZrcrgT)M%*ts8Fj=!S0xbz?c&4M{oO;5 at 7ww2Hgo6D>Q~>Da;1
z(GF8R?6B6$4pzQ)P-GY2G};($hlPCh%)LZAY)P at h(+oQtsItQ{WqVB1u*Wyf_DJh#
zkHdcUh#72;h5~yuc6PuqO$U6c?SSiE4(R9Yfc%~g_&vk{G5s8{W1s^L<vT#N!~tU{
zuF3%w(vFyE=!l=(9C0eh5uO7a5jV&YzDbU_li~>dB1dfL)Scx-cihzLj&uw5L)mr5
z4TtU+ at 7Epbne2}m)*S{EQ_vk{jqIZ`b3%-z6V#lYFgVN!%cGs}LA(?ElAUm^zzLp3
zPMBZfge_%Gcv0horJbEI)Ych~x;Z1<)fvD0I>SE684W|7F}&0nk4;=4Ywm(+zAiY_
z!v%@qF1Rwt1?7n at m|Eh39Wt)?u#+q1sJUXgjw^OJ^VQoGXZYNl72&RU9N~(0QeBZ=
z;tJV1R}?6_VW5s13QhTdL2EaBXzPX=dp8_+cH{Q>pu!$*xYM7 at YJ>-oy5oSfJ60;V
zqgdG;t1aBI$=MwjsL9nGrvu$FY=Ap-IF7s&$C1y>c85i-JBrHOF-z5h&&cpViMt0L
z2YMhm)&sW6o*1d+iSK<qaWBXd4I!R56X}WDQJz?m?TJ6iJRx1-iGT)Ae4^`xO$J`f
zvtGDs>IE|kFFYII#bN2akXPV^{l#ARu+j at p8oV$=+8d=h-q at _~jai1?&@}Z%I$b8`
zZr)Jv_U3asy!ogbF3<2rv78Sss`y}ysSm0weXxag+xcL7fDihIa$d9#W+(gLS(y*~
zI{QLd(-&t=d~w;v7h at cKaX!!&{bPNxKi(G>$-Y>U>WkWRUu<sl#YYxBpls8F<xUTL
z=FtN`_v?X9Q9ZCVrw0;>d*GY$9tf!Efis<YVu at l;Og8L^z2-fUYTXl`b?XTSm!2$Z
zdt&Fno(RsNf}Xtg^n|LOANR!%(Jp>i9^wb7a6e3q@<Y!gKRikE!%As?95VJtP=G%U
zhWO)rls~#P`NLf*02XQis51?Krda??yaRB$cK~8T0<bwY0M98aIRJ}N0#K9_fYhP@
z^sWlP_w at nT)D(a*ih(H84Mde;AOcJRvBx41<u-v>Y8wbkPc9o0h_t*wm^K7rY-1qq
zQL}syW~c_?0I8}6AxbX at PYr_*<QIfBNkO=f7X-JGApBSzga(UX9H0jt!7%U*M%=()
zBqRsp<KkfGmj>frWiS%!gV9U27gj0uf|GqOoKNV*eeQ)z4ZWC`d*i8fZ+vRo8(+Kj
zhIf2#=p^=rT2gP=<@Cm#;@$|a=?w$f5S+CO!G|s(nCTvZx*j3;JU#^128SRkKLp$4
z`(USfAEa3HK^NOTnCI9BnNEFhGN=!tOZ(tdSs#=R?}MQFK3F5y7iIE&k!Rl*SrL7)
zy0k9>n))JMHWWRqLZRasif{Zw(XUS^O!|l7KwK!kO$x=zqEKvY3dJL(emJY%4@<TC
z;jnH$G??|nZP$LRul2*Ch<-Sh&=0|R{qSgLKa42s2c_zMkZ<UR+Ad*ma}L8&k1(hP
zh2cq97<}TwupuD~wTWT4JR}V9`C)jkJPdxdVOY}`2HU1EthNkCLDz8HbPR{DOE@|Q
zg(EmD9LM^H<3Myc_Qi(7U|={_rG&#JCmc at -!y#844%ymptZN9z2BrSkX3!svp8fH#
zUw`Z=<*RZ8&N at Zlu}cIFx<}x?R|KwwMnJEB1RP=_5FQtS;|URPPLII7><HKvMZm2-
z0zWlGV0%*pVl^V+Xc!53cBLfPMdD_UNPLqRiMk<?u&a-RoKzHY<)UD#5rxlfqEOj0
z3O)f*xY<7nagkAQjfsLuTojg&%z!9d%!|VL!YG`mh(dvMG at f;i#%<$h6a_{@y>B$u
z^I4=f=$+hXT*- at u{jg~Cs)$CmK at 27v#lX)b20d+Ju((GIzUUc)asDx=9}t7ej2QIJ
zi@^r6t%$+0${0MWi$RroESxoBVWJZYU%F=+i;w!nLM=HKo>{T*DUW6O6pIxNvA8T9
zhl4tCSYr~0PUdllw2#9ehd3Myh{K}+anQ_)!>pV*qz#M1cU5ullpTOlDx>oX1CXaU
z0F~MUaL8l;+-wJ+B5VMTM-IT<!~u9ObpQgh2f(Iq0JKXuT{{3LI}OBpx&txUdLRzj
z48%IGfxHe3L}A=O{4iu7eA5Q9jvkM_8u7SEU-B7Z;a%eSs5wqM#iQPb at 5AG9G9eyj
ziSe*W<7-Yld~)M4FfSgrtK*TPItck{gHWP52xYX>a1f##2Eoj25ZpZmK{aF$mc$G~
zblD&@H*%h40&*=A at Ud?K?0Y6)KE;J4AS)>WlTs4k#OIU^s!hPU;R(3bkidMK0CPV4
zGRZCxI!=kW=9&l at pG4I4PK0}(M2t(Kv_!ZSCE~#FL at 25xAyX|0OU#q7(J~27?2=&W
znS_(QlMol3gr{UWGzn=1N!Z;f8Iu*0 at xm|}Gp&-5Wu1)QoRhK1Ga2XOlA$Rx7>yc(
zams!$)_4xa at sPpL7%&*l8H2GdZ!qf*gE8A+2&Nhh!9MzwG_8kVvh5JujTnM1u|x1E
zdkCtA4uNUa5FD==f*m?3m~NbcC-k9t3VgeyV3=zP>oF<V<d*{P0V!A<pMr=%Dflfp
z1#8PvU^+Yn8mg)2rJITv8flV>h22u2VV8=t9;s0DO2zj+spuY^%JME1AE%|_Wl<^?
zm#4x>Dh=+cX$T>0(==?dNW;^>G_32NhOEdmBxa<ch_+{^VXkaC6gsEFP&FMY8tF*s
zo{n2i>Dc3!j)K1Fm>HIi at zLqXPff?B;&j|BNk>F=I_%UlP*2BoGVszM12fDrFv>Lp
z7d<mj<eP!uz8S~}&A<uzoR)@X;71zQKLhI{GjJw00|A3Fu(K!wU28J%bwdUg%Vc7J
zY$i^tWTHwV6NTED2sO)uUYATn_RPe)VVP)%%!Ec<CYqBoaU>-Z5A?Dy&oT=ibjd=g
zLl!*TvasDR3mGX{_ at jW7v!QR04Mn4DjJMB*f^#;8dSqjwcQ)4fWV2qD4H=Uh3^L7u
zp=%D*f^+aBGzWXbbMQrM4(=xBVC3K&sHEkfe|`=Q73Dy`ItO~vxv1`x3vG*BWLV{*
z$u<{Xk*#Acyu5QUxo<8W4ar5^uv}D8&(d71E6>F*mAQPxYaWUW^U&Qo53~E{;oH<a
z=%n#IeO#CaHMyaPH5v+M)1laHJrw0#hhl>JPy~1mMUQ?%aiw at DuJidk#!ACbU_1=J
zI1OW79fpy7PEShsFoYxxLyw|i=v6!n9+kszRW2W~^7%NWoextT(#?mwMLs_E%txYc
zKFdAM3&_W>q4{{)KOg5J^3gmfAA?i#aU~}oU(={z`D}kHz$`Xh?w2cov3vpMDiokx
ztpK~U3*e_$fQN<!7{zD)O|&n7k!t~#1r{JGssL3(3gDk#0MEh#Oe!wG!14l2s4PH+
zLLm~g3K4Eth!<{!*zQ?~DgK4H(!UUeIfZa8E<|!uA(qJ%;YWocBz7*s6N at 6;vMj<i
zt0G+VDME8t5sK4`us62|TZR=Ov$_a%bwxPUSOgE%VstYt#w4d={6^on7Gr;4F=P{q
z*$!2V)6ykaY+3?6>k|AHP=f3IOYmS=30_u~;8A at E*2t8?L$MSA6sTDWIjvH}>XgEu
zODUdNm*PjKQh2$PBF?Q8%08tS>|2WH9;FEPD at A3WQheIC6xoAHS<m3Iic<U_TLxS0
zGOX=chT=YD2#+j-OH>)wWtYLPpbREOWw=2H%gf-ZSdLPqa at 44oqpL<alyu55*q|K8
z9n0as=Ob?FU5 at yWa?CC%$JdqRh^#8d<(hJYG?v3crUEO}DsWY=0!@Y$m|$Lk3w9MS
zbL9N)6|jn`z>xR~<P5HWZZ?<EgUSlb(XB*3y-M`9sKhSYO8o9viR&JfhzP30<X)BN
z*}D?eag|6OREbr|{A^Jra_TCvqrMWxQdLM*sY04=6(&1W at o~CUY=^2sW^fg1qpEO`
z=A>8Qd)ir31*xVg%+skxtZ_A(yHw*tt7=@aug1 at L)fhaq8XxCZ<5XQW<_ at n$L47s0
zHB at 7TQVn!8YM^LcgW=vaPzkDG|5gox2h^YkpZC~Zz814pYVoyBEp)op;<jBa8l7w5
z?^%lt;kB5TTnp!-T3l+X<>Qp=a7(ccQo3~*VO)oA=@YX$Otq+kVfQ*T2h|}wxDJ>4
z)j=<*4oazYcvf47IK$zHwHuBpd=Bp_K3lR^@8R%>9M1Nu;h4_nO!gc;98G-I<Rj^N
zD5=(ComxGHnAXG7tR9OT>Jjf!4}14|{ODDW-$=1<Jt{-%aXzdb+6ndOn^=!&og45z
zeQnafYj^|p+cqG~u>l_54XBT5z=6aDOigdV!kh+p6*u6xN+UjYYs7P(M#%a%!ZM%{
zlY<&DIJpr+QX1hotPxtJjclK6<hj&@YNaOlXf$D at c@rAloA6<F6Pjd3;F!t?UPniu
zw<hU~zzgRQ*y%L_ at B59wp|BCqtR4ZQ+7XEFG!kAKBe76xBpmEVVgudlJ`zt{N1~Ve
zNIdf#i7$Ld!l3_1IOdGRw!)DxDH(}I#ZhdtAB8<yqfl=!3fGNC!NznHmRgO%G`mso
za2SOPE~9YDcNC0zjKaO-QP`O?3hDKu;NCb24w|EJHfl7+3?7ZGRilwzI~oqgW3Z+7
z7%WU0gJ;=e at N3-|Xv>U63~iDd3q`B3SZqBOSMA0kvfo&oO&JUQ{IS?sFcw7>W6 at h?
z9QMhLL!SOP8223qpQ3T7s2hiyCgZWed^|RLjK?g$@qBFScq|JZ4~N+Cc$hFAC(6cS
zN#%GP9zGsRWhTH?VFK>(9_HP>CO|240w0e$0hwtNFuQI7AN4(v9T*ewo90A}bD0QV
z_lX$mIT0?A6Hya05i^q}q9A!9n$sp?SH?vAm^l$ewG*+Yej*mAPlB28Bm}xn!nYoi
zu&T!-UP~w8=cq}T8#f8v^Cn?N{UnT)nhYho$<T40j5P1b*i0E=ld+o&6DK2y&uDYj
zn1bu(Q{Zep1*YAm;I7>iTymX)f$>xDAa4q$6imS<4O8%>^Hj{Unu<FPQz0EN73E=5
z(JgW+$_7nEuKF}=)0_q`n`!(`Fbz>&(;($P4GBThkluS5Y6ee(PS!Mp=1s$B8dp3G
zOX{bg%6vN1t*7I*%XE0VPDgH!>3sa{bgb$-9hWMnqp)^5vJ_^($!rF`^q;{;+s?rJ
zrWrU(yA)<ZPHiUZs57zAZYCO?X5xGAnegZ}6H91o=u8;I%*3UXnfR8r<<G>0f|>ZE
zVkUam%tUi7*KL@|K8;zBQkeyBwOLTon1$nJv#{G|7SFv|*c>$reY0mFL3%dwRA(bY
zeKuD2n+?@Lvyq-O8 at JMDV-cTSSFbP!&PsC-tvm-|+H>GwGzUS}bFj>24hkIS;9QS6
z$PAbRmGC(jNv=tA at YCQqNG_d&#r1P=Mt&~*mFHqYkGXJ(o{R62=i<GLxyUS<%SX`8
zMK`H=cp^Iw!&K(sSN(Y~v6zPmR`XElGY<=T&BKYl^WfQk9`YjQ;YH#+>?)XtQ-$;J
zb@@DOFrLq}oeyWX`LOqykDCGW`AG8lFiV|}?FIAksmcPjlPzFB%K{i!EWnj+3*hRw
z0Q+4R at R7oNO<8~?H4Cubcp;o^7oswFA^L<YgvEe`2+mxHBSRNLs%{}3kcs>v$m=Y^
zDT**ygdgn};e_iVJPKHZbAgL+J!BE~L at dIGbbQDnSX3^;d-a^xv<Sh{i;>c4F~XG>
z!^LzlmRl``t=D4wO827{BO-b+k_Ilu;H1SERks-9hA+k+QcDo4yac-HOQ2}5gn3~J
zBHWk2CT9sA*DgVr)lyurU5W$2OYuv=Qr5AS!Jf~o^)y}vS?guU=(Y at lLzbai-(}d7
zvy9*Am*D|zu3v_U4a<<Kz8v$6mSd6Ka-=&hN0aYz#KbO#YT9yiE?&<5yyf^+Y6Uh}
ztiV~iPgT|{@XTQaeh*uLyzmux9<>5iu`94;zzWF5uRzI=6{sG{_YEuHCBG7<6;@()
z=aqQkxDwhuSHdM=C8Fb2BCT*Gj*@N3N*u0Q2_NlMxM;Wv-RxH3kPqJnuEOH*Rro$?
z6$TWoLP6)%h*VjPH8!hpvioYh<FXn}?yI5dzZ!`FtFb74HNWq!MxWf(2(MlZf2_gP
zPHV8hU=8+~tbw8F8r<%(2D5F}pxAc}mh at Z${ef$6rC<%z>(-#Z)LJ}{UJDD^wQyBh
zi>7XC**3ElS5wyFMd4cZAFV}n at megT3FT{Xsh*^p5hvG-X2oXg?c9ucO3m12-;7Y_
zW at z+i#?p{xyc^mKi->02ifl&Jz-H7HHe-5IGtSGbLvi>z^oZbV{5pJ9z79sp>+!zc
zdaSWuk1<~BakS at pT#8+fS?TL>w`e`Gir2$VVFT2)Hz0^c=x)HhE*l_avjOwmHsAw~
z4Y(Y%fzLeN0EGb?Fks*Yq~~tnIEfqJTf}8$8!)qa18&J|#LCVaQKYdElXW*D*k~g>
zd^X}<@J8fEZAA2-jR?!#2)E*m=vKWEH_1<a6O=k_;_p~CVNBOe7-Y8zOC2{s#c31%
zpZ3l>u8L#r<3Fk(h!|^PLqx<vQ9<dTD2gDWU at u5H0!ovjVvV^siMh!&MRU`mx#_Wl
zCfE=}M8$%lh}b}|BX$%-<^9c`#e*8(tDgJE`+h#|`FwYFXLp{Nd1jv3-I>`vJ4x8U
zwV3X at 7T#`ak?OM+*T?ew32RY3X)UrN*Rp?QEe??FNo(;<vvo)@Uk7)KbyzT99s0Vg
zgJQ@!IC`$bM}9mO$Zfs#Sfsxmhuf@&zUg}0>9-ylp6fAv`g+`3upZwTZb0*P8=%o?
z1N=H~fZMPQ at EyAWft=aZa?%Do3fchIs14W=w*e^$8?eaePi(gM6FqJJgw60j at g@I9
z*?Kg$jg$Fb;>lQPos5UJ$>_`fR9 at zu4DXT2m_8vH%L9|KWlk~{$0uXj!ek6+n}Sce
zq at ctk1+}Irc-SKaj|Qe7-!X+_)hWoEnu6wGDF~jOg0rzHxSf~+pT#M-rjg3NuT-?}
zn+iXxRQTAW!oV#RdjeA7Ha-<UPD;hz$*CASBNeH$Qqd+M6=8{~FxE}OWW6+WX`Y58
zQfrciF!MByA<?gQ8fIFiA(!;AOM{PF8ukrI!^&Z4&>5G8zXkG`A`NkoY4Au&!<fZs
z$kR-RLF;sEX_t<(?bFf4ES-OqnvU(m(vdqp9c7c#aV|O?<@3|={epB at EKbL)b{k>V
zbt9rI$<U3s at 3|3=$hV_6;;S(m(Q*1l{5oSJT7+yw^_-39l(Z4cv@$T)AOoe{GO)65
z2Ar%jU^O5EsdgC{<Cp<+_YB+{m4O*!G7vg01KQIvuq`wLgXd;o1TkNffsRWuaGp3D
zXTq>UCRTOI#1{S+bxz+*^t8*wDf>)VJJH`c6UDxn_+)A()&yq4i2qOBJtPxdW at f@+
zK_>61Gf}%F6Ti0Fgd=S>VU+16{4r`1|1N$Lt^{ww&mo(zC~OmSVmD#=oJ|<Y|EKnw
zw+S0{H=|T<Go0SojAjEiBbKZfz8TJ5o000f8H>klM)%2^Q5LfqnQgY9qT?2ncG`lP
zu3O;gv;|W=w&0r)TX5HR3)07Jfm7TTbWYrYU*~SY%C=kaUAwJtGTDmWJ+`9Cek<BJ
zY{h;4$MxYQTj8#?4WqQTp}zSxj?ry{M)z%O>$gG6b{p2)Z$mzr?!#jd+wktfZE#<*
z4H3<<5N4Q#5pQJSOuH<cv&>?>%;LRe7WNO$!b#sO{4p^L;{&sh6rF|Z at mcJD%0hs~
zcJ_O3$2Xm~qkHe|s2;VQ&m!9~E at 3-XYG<RsC>xdJp;<PDTV$iXO*S$IWy8`r8$Y;a
zqkKp<61}qV!I*5^pOlT2VcFQZI2+5CWaFN84tnb3pjWFLtT4^NU8@{iw8_D;F*%q#
zJ_jEM=b$no2M6PFIL?@ZpBLu9*=PsSy6nK`y>_6+c?aS>c3^?`4on=q1N$cJz*@x)
zEStRpt>Sm!w?#YflWs0{G|xqMqg?DK<)l^1TvQV4cDY#IH5U)N<zl#1F5a=u#bozf
zn2*Rso>wlK`{tr0iHgp}nxtGP40d8~mz{9vyAzxG at 5KGVJF(P%C!ZU4q9|}DjKX%J
zZ}d)B%-so3?L7E*%|o$C9@?AHwa7y^n>_q9J`ZLS^ROg553A?pA#Q#i9+1OJ^6;hh
zF8pk;i+yps5ZQ4T=8?r_yKtCfyYIrW at w@PzVi)o?@-eSPK8AJ6$0W0SnDofUdW(E`
z_s&OMpM2O3&By3rbSLJcl5Cuwj};;L?6=K_X>>mGlaDjacf+IgZoFl_8zok|(b9f5
zdJNu;y<}qGZtR?~o7cQOn5Dmmb$1Vp9rhsDZx7Cn*@M0TdoYdcHrR{zdhA7_)n4AC
z?#1fid*R|mKkvO*GiEQ_<Gt7syBBj7?Zpbc0 at M(X)&)3iS^#_V0$lD at z-QwEKKB)%
z(xm_ugA1^Hd;to``M?4+1Qp=Z*##W`D8Tl)1so$Rz?+K- at SyoVylb=%UVZoBL#utz
z9JmiZI_%>dihY<dZXf1O*~jwO2ZM-xSQNVt-E{V2m+pQHHQbM=&ii5DvY+>Y`_W&q
zAFadoV};fMbZT_~8`~e?v*-cr9C!d7JP*L0{~f<n>mU~E97J&YgUIT75EXq6vajJF
z`|}P$Ysx`<5q1z$Gz!^YScoj+Li}n{h|#8nc+ad5ADI{8s6!#vxfCMbqYx2Zg)sFl
zL}@@FPEIOB_bG+!b1cMw*@ducafsKCL+q<Qgg?6;f@$|d7})m^#|IB#y~iOKc^$&V
z at rUrv#6$Rf_90w0JB*QbhoL+5Fs6kchS#jaxZbu1if%>l=~0B$=0%w0T!aLdBBXm4
zp^7w{Rs at frB6N-{!nUX))WjEIhQ<;2X&- at 0+as{EJ%Wb=kKkjMBgh|p1Z at J3pgigb
z@)D2WH=U!{t#=gp9glJx{wRt^9_1XFqxdY~D29wXiU&bQdEZcsSuKkZ)}<IZX2rCh
zVz^8y#;(c5`1jOe^qN+T6^df~s(%dqS{y@*HpdW7>^mOAl5WRv%kvnDrXIuRGwBz8
z46$*?uwl_LT-PYUZ<-~jH7Mb=rUV*hC3x7g1m9bi;J!l%TDg|sU5^rYdX^x0R0&K1
zO0Ye!1kPb4oQqO|*x4nx6k7tvq!O6x97pV%$Khmp9B0jsW485itm}82&tAtdCFD4M
z3OkNpqK<RE+;MbWcpP(<9EWeKQiQcF#g0y;h%hb1#6G3?r)4QDtxIujKq+<&Dn*;Y
zrPw&K6vKQ<F?n<;a{Nm1)woiW>7GEk at d?apa{{Jsp1>OO6WB_c_dbCW)+g}Jh!Yqy
z>IAxtIf1b=PrxXS$8=Aks at X|g>~xZIr%s}W`AJMA71k&5rPoP#PoiJ!Nt_^4Tb#n6
zE~hZr at f4=GoWjoGr!dFo6uz5y3ZG6ng_cuKA!yDiWRY(YPr*R at H2z_J8o!YPWLB@!
z_`>=$s%%c9$o4eu`<=$LX{Vt#{WQ$OPQzl!X%ritfpyC>xY_Lt`kJ0WM~^c|7<L9X
zhM$3+&lz+IJcEs~XRvtb8Pph;p}u1oTzZrt&!!9;Y|F62z6 at Xcm*IoJGIS0vgY}#;
zG><F85AkI<xws6LOUiJmV>#aMT8<HY$`N8y4wwGrNF7j)f7q6z!J!<7N0j69QRS$g
zSdN~P%CUS#ISfO~kr`c%iLvFlO#06+hv%Yl%+orH6yvk_*yJqi`q6bci_hK8vc8^$
z^`x`#Aou2-MNQIK_Lo$kPwxsGaIC<)qbpE7rGotq6|jh`!29znpt-mL)=MgoLbmEv
z!l!K|qTZ~;N95aXmGJ0MiPn88an7+4Ge=h9YCt9W1XZHl+)8v`R0;d8=h$AJ!wJPX
z+z3C1y*lUlj`w*S?Q$L#R_75r`aIT;J<oB`^VmH8JbFc*$N4$u at w@f~{NDBgk~&>L
zWakT5-2DRnX>kF423~+-_yu at +T|lV+1^7<BfQz9QU^?dlbmm{ck9rre#pohz+FZoI
zw=QBWS#Ej}yL(>5e2a at v^t}jOn~P}YbCF|(7m+aKBEsii#0;ZLQ1rNjJc~;hKJpUB
z)Gi at m@+J68p&Ne*`M8Yb`j_!W>&sABUB-taE+f+GGKzdJ<KLq%Lo<-uQJ3+P(G_TS
zyMiS>uV8zxD=>4qf?MPcneKlDt~0K{KKcrLmtMhJ+EwV#z6u##tMGS|Dy*=mLWETn
zvTds{*0BmFe5znLwhATwRq&j~bAqd&2&=;I*ea~ox{8q<t|Gb9RSfTP6{%)dF>t_D
zd_baYui`ZM#rrDm1YAXr=~rPJbQQ-)VbWDh)T)NQel<oKRwJ3{zg3OaovPu~ts0iy
zt2tk?8ejFO#`kvIcB-abSHpR9HF5*0F?CWkbSGECT2YN%iPadspc>(N*RY0YnqEVL
z+co$MyT(4`YZzvF9kBzi!@=n~w!2<OORwvg8E_qgrd&ronV`6ijEL*F6>}Y*#a_p%
z`0H>>yp9&SH_)x)4LEnYfkkFFFxBP;N*!+Cw$}|<d*47}*bUfe+=Q;)O<Zbq6RkVk
zg!`K}p=Eg!*Bo!+vinVZ;&l^O0&n7E+)a#Xa|`3T-ol+hx3JXn7H0U|!YaR8m_P0o
zdXB#Zi;3KybPMlJzlB+fTj*hY8>yXdqg9vN7;SSK2K{cM*6lXuC*DTVu-lvmcN;Bc
z-bUiw+t{_>HqM*gL81K}csSnyM&7}lrFYPvRf9ae8vLnWgLOS?u+*vs_0~1e>0g6e
zLu=5_rv at uSYp^1s27PDMAW7>kiVg1KV9UGc+v+Z6k%evU;%fW5*x&Uow)MQrKDxWe
zB))y`;)dN_toObPtAM-gAHRza6Yg at Z-(5`6y at xJF_i(-aJq+k{5AMX-<R1Kb-@|45
zd-!JLJxmU{hpjDYF|=bXPIRtCUDsO9sj0;(pIX#Ts6||GE$1B8vdykTg-IPWd(>f{
zc^#(qti#gYbqKSs!x)D;oOZ55%Q1B*4Xi^-a2 at A<)M4S=I%H|yM_7;huyno8Ig|JC
z-jMrz*1eA}Lhs{p_<bbKyN}-U at 8hS1_hF%5kNF1mNHVU+;x_fDd9xmCI at P1fv>w^r
z>)~ZqkIJ6)*x0Kc=Dq8&*Qy?i2G_G6z8*h}tcU67dW at J*kAH>Kqfb;ldPdh{Sxi0L
z=G7yw)dRrs0Sdey;F#|N4E2A2){`FK%;X2Kobmt{$ooML&_(e8ZDv2f+^7f8Pk4a8
zw|$5T(!cXV{M_v!{vgXN9`Yj_^c(SzbMGGFD7l>Y5H3p}qPE>56n1%pGp3Ia)$0-O
zjUQo{-6Q<q`3MHyk6<|J5q?)Z!j}<`5We^kdTTUbFsajSz^Y~qsL*RbvPA<{_isQO
zhX&65Xh7|l25ENt;sXG0!=y!n>jrm?w>7Y46(oeW27h8-ERC+Fv2q`)8PrAt#&BoQ
z22J`l!#G4^Hi^MJu3N$z3cAr;CvYIr1jBhG5}}Af5Pd}`P8EM<(U9ed0}V{8rnG)?
zoAdJ7IEk<8Xlm+e>1gX{YH2rEp?u1G<mk&18$_<S1R#PjDiF^U_|lz6cPvw)Oa)*^
zIhxSX(a_XrrmOk*s~wFQ6(ZgiD}N+0Ot6#(V1ShryMeB at rdXaE`(VT|ehzU{!XRas
zmO3JUmK5gPLbGR6>>-^W!MH?NhEwKLTZcK-72$MI-e86yJR}s4)pAZnIFUkSjLg~N
zG%}#J6yMn?Gmz6u1me=5p$r(naN)8>s8^RyG~RAbz3OXg>gZ9gnkcV-xO*1go|cMh
zwK7tSqDD-(j$m1aNa5M1(=edH1V%GEhXEc|eJNhErPfR3)&xG37)E&sOraaoLK)4p
z^ffhgG_ at ryd;CQidocBhQoa>jH<mNtWF(cXl-nk&XUcYhl#4LdO_7^0))ipzD`{P5
zBuJ|7;Dldo*eqWT+&H9pPCJ}A;cN9jI{j+sv#4iDQP}%78U<^CwOxRs4M1<^S-gUx
zWt_k>pY#<zV(F%Z8%-0h^nJa4F%9T7TceYXbSzu;hV7Ff+OjnhsIy3>C<!ne at V7al
zob=G}P%gM<1?!FQ6Q26z4J|eFx^)H4X at hk~v~vwh#S!5)MckaRdLUICe7x`_B5B)%
zN1k4cI|0ofd(P*UpmABF19YtYv$JSR#d3;>)HXCUekY+BI7N_YGGQC)&!2KJklXdA
z+w=d_-pj$CaD<JEH+Geu6EI}_hHPC7`9U5-X4McnM3*!pdPJWzCkC)KHl*8v7?GC5
zn6x5qkk+IPX-nFX_M`)Olf2sUh*zTKa?96Lg3ws`yQ^>2jSe?n`>7uK^h_(Yq2D4N
z;9FyoMn9n|YR8vEi~L4JaitR$0;kxEt0!=j=#fiAx{6VTC<{Znq8vqgDoV?quE at tw
zx-IDX(KVtwm2OMAp>#zn5lOc-UD0}o_(ct4V<W}kHDr`YfWN=A-&l3TF(KDm5p6O&
zCNeZCDEcpt`^LmY1w~qg#w0{Z$3<KW6Rk)He<s`jPU9AGJCIQkA#pMBF*6fPM$eoX
z5uz}e5EB<le|G}sl3yFz%iF=<eQ?L at sD|Y4cy9OR?uV7zpX~82-cYO|bl95+SG1GD
z6)mW6UoWpU at LB_}HSk&kuQl*m1FtpkS_7{&@LB_}HSk&kuQi~K2A=o)FP^J4iw_ik
zYt_+s<rjSZ?_0NFDE)Mv@^j}iI0p at +=WA|CeSP9tJyx7cmJ`tvBKitMzk%p0;NvjX
z5b at 0a8xhah$wWNUZzAnT4iS9-dx&^;7ri)5pY=r;@vQF=6Bip37nBeY6D>U_i#`GI
zyc|x1D|)|_&(Hh}2=~SEJhuyliah9%#(o4t`iXeOv%bhjKtzIg;fY(~O!h@|Z<G(1
za9{Y^6A{Lph<&jw@(}3fH8gO9kC(5vzvL(SEe6xyj54P4Bq6ms`+0 at CM&9S9v at dkY
z&NMg^(TAKs4adU~*8IiGy~H6L1(?b0IQH}^__=502!%Dz<m)n+MZXY+i)RSY2OlNL
zh~kUtHj=OKcY8vX3nc`Buc2 at qC&w at HBNmZHO-zv7ub-1vQI3siRi<<vM=9npWl?f}
zwAfar*P7>w{56%|lD%{yo-dvw-|89pVN5Y!v5};USMaT#$j at KvCWu;@%^V7y#WRFR
zag;Q!@pO9TQQsmxtDch{k%uSq8&5e(?a!n1U`h{Rexs;qrEe%x+gK*bzIu`B(L5?f
zm_*;C&l4$nR!0V`St3odo|7i?CTVJ{FAC;2hH+R)dP-nikxf!2j*6NTC)En!&gFT+
z=da4BBdtZmANHL1$2EyxSqBmsa~P!taa2O7aWOXWbSi|Nl)hqZ4G)fO`Os~eI&133
zkA1i!FpRDjhH^cY+8c^M`gn8g$DD~#3uVbiNj`}zhe#<$fl`lel9YFmPq92*<}N%c
z@)!D?{CV?OW0^PVx3QLse9e?}tdMe}Dt*41DcPYY<)`aH<9?J>Mve8-TG~sXv at qr<
zka>!wjKIew6(PkGBIQ<SRV+{Er6YS?MP7oQlNVnedtP3IUCm`05}wLQJWC`*9-~U&
zNTM~zA_G`jmR$R>kKIx#2}}AYYm_+NRFdd}7w0L*E`@v(o;#T9e$vmTN$EVBpH@<S
z8rx2hXOX|gw(|d0e)|8%{FtDRlzx6CO>&>kj~hLnE}vIz`{UV4D(jH7RC6LFTl`N~
zfM at HJ8?V+v=UtwY=EnA1l%2Sq2eQ0lSY!HQAO^uf`tgG)Jfh6A8}AN;ybfx~8`wl1
zKcmIHH`J2H&#`b3a@;ufB3whY<SB>gl=74|sjHT}0U~*F`dUk_xWN$e#Uk8Bn|QJE
z=>IsJ8}H6U`1=g_>hk(Ek*BoTJ8H?Zc`VPBBQPRe*VK^LpS4gdLXIoP(u8|SEqUS&
zuu-1UJ}T6br?L-M**;FGB~N7^t{hJk`8}qVJe7U8%Jy+cEqN;YaFwrF1!~Dt*@r8i
zGDLp!)RL#N4_DbfwyPyiWgo75N)qYYq?SCDeYnW>k*bEgeogGdMYfN1YROaChl{Mg
zU(}MP(w~d0zcp&fQ|ZrH*5B7^$g^ppKWABgtJIRG(x0<@{avA!JXQPREVnPq)sm-b
zU!3Lk<sG%;soEE3xqT7y5QLqGMYu0>eY4 at G*&4$+%k9ftwdASV7iYPBiB(IUs(o>m
z?PHc&@>KTWEZc{eOY!RZQ`v`|T%V`EvOIg~9<Z at I>|}eJsFpmHeb~wMd8}IURQ6#f
z+nbMC@>KR=C)a0BwdASn!%nt0ceUiH?88p3&yH%zQ`v`|Y;U$|$y3>fom`)-)RL#N
z4?Ef3EYy;xvJYF?K1|h+CoH7VK5S+C=%kiBm3`RC_R&r)c`Ey`mF>e=EqN;Y;0H3L
zcB;8r@>KR=E8B;*TJlu(VJq9mBNouBwWs#%FIL%yt!y8)YROaChplWMx73oSvJYF?
zKCY at IPh}rYvVB}oL!RhI5R1^ilWZU5@;)8O|HbbQ?AaTkvJWTOK2E45Ph}rYvV9y?
zOP<O;oMihrsFpmHeK^VXA;w)^wLTAOa)0F{+efZi@>KTWB-_U}wdASn!%4P}47KE`
z?88a6k7TvvsqDj1wvRv5kT<Z2eK^YY at snEeRQBO0+sF56$y3>fqii2vswGclAC9tp
ze5RH>m3=tM_VJNg@>JIkN7+8!Q%j!8J{)EHcv~%bD*JGh?PGyj@>KTWDBDMZTJlu(
z;UL>bv>Nj4n%IYfY#)u|#}xb0*AKfU*AEBTK7!RspUOTQWc!$^mOPbxILP)fUM+bl
z`*4u$!%r=FD*JGd?PH``@>KTWAlrwS%kZk#H#?4Ah(&~VknO`&-f#4Onfnbpjtn)1
zbCB&rw6L$9K9zmg%l08s{HpS7o7jiFY#)8qlBc?U*vs}I#;IRDeJcB~m+iwuEqN;Y
zu$S#ayvg(G=~LN<y=)(C)RL#N4|~}@jMS2+vJd_NfRs-$2j<oDtFjM!**-WNrG`AE
zeNe>f<-e=}J_bv3kwjT at I+E0ns!LbAw<YR;cwbArqb24{i8)MS3|G`OF~`f8v?6bi
z)<o3lwxk_tPdbn{iLf2<HeV;wnTWYmVm#P{bR(vuJ24|Yh-eFX5(^^U=@sup^&z6o
zu_RVR%taBcoTwS1wuu at ntU_3tuwKz3h*m~C89EXtBIZuH5YbkPv2=Gbm<%BvL|hYw
z5l=Flj38b_TzkYk4<9m$_>$2?T;s-&vBaMQka0v at ODB+tWD=Q7rVw$>o<^pVKr({_
zkzf)+LWzRRBw-|+M37lzHi;xrB$~vKSTcvik$93o63JXLkIW}YWC2-77Lmnd30X?s
zCd<e><ZtBf<X!R}d7msNACP~L56MU5pJWC3n0!J$C7+R%WEJ_G{EK`+z9e6fugN#$
zTk;+Go~$No$PeV-<VW%o`I-DeekH$=-^m|jEm=p_lMUogl1x%aDoG>hWFyHSnPd~$
zOtz4%WE;sM+etRbAv;Je*-7%qE|O1nlRacFDIojEesX{uB!%P<IZTSk5pt9ilVhZW
z94DpZ1UX4gk<;W1DI?|NEU6%s<QzFqE|81l61hySkScPORFiAuI=Mk^l3V09xkGBm
zU2>1qk~(sq)RPC~A$dd^h?s2mh_B*m($ylOPfUmCl4eAY=o8WRW<U%{3t~iC64A%k
zio8KulQyI+5q*j6NeA*Kd5d%;qR+B3=|Z{^6Vi={zR~W)jPxMpq$d%5u)Roc(uedV
zmPGXRS`!=6kMt)4i0D(cBLm4GBHkx;AfoTui8vD%;!50z$opWrLx=|%N`?{97eAbg
zAYNo7 at g}0re-!a0qlq6GL&VsEKM5e?$ape=h%t;wWHOmTrjltyjFkkE86=1VlMoV0
z6l5j|BjF^1%p$W%B#9!?B!<M2IV6t6lLV4T=8}12K1m`A$U?G+EGA3HQt~!gM&2QR
zBY!9FlK05_WI6eO{DXW*J|h1lE6B&>6Y?qfjI1Q9$mir=<O}j8`HFl^z9HX|@5uLL
zHCaP`Apa&mlAp-W<QMWQ`HlQe{vd0~I<lT at Ab*l%l0s5R8WH8Wk!}XbB%8=)vW09V
z;&>L_?IfGzkR2qK>?C<)7s)5P$sV$o6p(#nKRG}S5+Up1Qyis#v3yJ%KQ3=`^Z)E3
zz8IpMbvI0!Zy6_DF+}6=VoN)=7>$|JVh~+ at O(|fGGPtMGQLd9+YNNz^&Lz}~yEvK4
zP>A`NLCT$1So7WW$MK7Fyod-5#=l^Z^2~m`Y6nR(LKQC(^qF&vc=tqc;;RPI^2`Z;
z;o;5z1)_oHGJ)EU<CT9XT``YRe9=YBczx03E#|*DPu3wK0WTWPUb^cO;ryjo#aClQ
z*?Tee#@Vu>WFnZZ=>J8i#VhDPT`0_0DOBf~oWERpm=6tYic)I-#qz(6 at vk#e#y^U8
zPBD*bp+9ph%HzfB0{@Wmaoo+6BA;2?=-iX){o8w#ZqpOWc!zO at cNd3v2ReXvog;Y{
zA?Cl9up|n3w^_<N3V!&H_mqQq at 9NStsI=W58jtJ0-ZMv)9{*eXUd*vVx~qIn;Q!#=
zXn*=V?`7(rk*EV){HSd)7hO3!ID&4x^1utO+p!)umi>#yFKlI;9KQy&EoS7$@{T at O
zy3>Bah~?AXVEq#<o-TRO_zie&oE-kY;k<1Ao5m^BAkr_IV_`?)x+U@=>awU$qFhD$
zBK!?yw`qK at xBq`@z}annRHVsVMO-}JpmH(oXJun*qKFQO35|#jb1 at wk;Av at ZY7(Ci
z6df8A856B=F^!Hfb#rwNcJz-)j0;i3oA at gt6(I?VQ2&IaNFJU#*l)1aM1LPs6UoCj
zD2kr+Gc{p6(eaMKE~eoL39*jW*6|_Xim0G?tC(0tG>^>`A74q}Zd{mkjPx0mp)nze
zQHtmU>;5)21FeH2f+Hhh!s3Er!;@rT{}oZL&eo4J<H`#DlFO^<uSIj`(0IqtpoF0K
zgqS#mSArtSgdP!ey at tA&F7&V&JjB7%bC{*=!2W|QZEd)+w;AeTX+OlnW7r_OVM7Mn
z*)DEWX=wbbDk3D2(ML^;iZpc<=~0%*SjEivCwE2C65}FXHI^qz&YJpuDk`!6geqR9
z7&O>2X|aJ4R`~S2rwPka^=%&UQ63YAL6)pd156t0mejV5@)yVGCEb*WZL7xPR`$5#
OkUHljE5-k#)Bgu$hRXo}

literal 0
HcmV?d00001

diff --git a/ibmtss.html b/ibmtss.html
new file mode 100644
index 000000000..8928f4567
--- /dev/null
+++ b/ibmtss.html
@@ -0,0 +1,3905 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>
+	<title>IBM TSS</title>
+	<meta name="generator" content="LibreOffice 4.3.7.2 (Linux)"/>
+	<meta name="author" content="Ken Goldman"/>
+	<meta name="created" content="2015-11-20T12:35:00"/>
+	<meta name="changedby" content="Kenneth Goldman"/>
+	<meta name="changed" content="2019-12-09T16:12:00"/>
+	<style type="text/css">
+		@page { size: 8.5in 11in; margin-right: 1.25in; margin-top: 1in; margin-bottom: 0.5in }
+		p { margin-bottom: 0.08in; direction: ltr; color: #000000; widows: 2; orphans: 2 }
+		p.western { font-family: "Times New Roman", serif; font-size: 12pt; so-language: en-US }
+		p.cjk { font-family: "Times New Roman", serif; font-size: 12pt }
+		p.ctl { font-family: "Times New Roman", serif; font-size: 12pt; so-language: ar-SA }
+		h1 { margin-bottom: 0.04in; direction: ltr; color: #000000; widows: 2; orphans: 2 }
+		h1.western { font-family: "Arial", sans-serif; font-size: 16pt; so-language: en-US }
+		h1.cjk { font-family: "Times New Roman", serif; font-size: 16pt }
+		h1.ctl { font-family: "Arial", sans-serif; font-size: 16pt; so-language: ar-SA }
+		h2 { margin-top: 0.17in; margin-bottom: 0.04in; direction: ltr; color: #000000; widows: 2; orphans: 2 }
+		h2.western { font-family: "Arial", sans-serif; font-size: 14pt; so-language: en-US }
+		h2.cjk { font-family: "Times New Roman", serif; font-size: 14pt }
+		h2.ctl { font-family: "Arial", sans-serif; font-size: 14pt; so-language: ar-SA; font-style: italic }
+		h3 { margin-top: 0.17in; margin-bottom: 0.04in; direction: ltr; color: #000000; widows: 2; orphans: 2 }
+		h3.western { font-family: "Cambria", serif; font-size: 13pt; so-language: en-US }
+		h3.cjk { font-family: "Times New Roman", serif; font-size: 13pt }
+		h3.ctl { font-family: "Cambria", serif; font-size: 13pt; so-language: ar-SA }
+		h4 { margin-top: 0.17in; margin-bottom: 0.04in; direction: ltr; color: #000000; widows: 2; orphans: 2 }
+		h4.western { font-family: "Calibri", sans-serif; font-size: 14pt; so-language: en-US }
+		h4.cjk { font-family: "Times New Roman", serif; font-size: 14pt }
+		h4.ctl { font-family: "Times New Roman", serif; font-size: 14pt; so-language: ar-SA }
+		a:link { color: #0000ff }
+		a.western:link { so-language: en-US }
+		a.cjk:link { so-language: en-US }
+		a:visited { color: #800080 }
+		a.western:visited { so-language: en-US }
+		a.cjk:visited { so-language: zh-CN }
+		a.ctl:visited { so-language: hi-IN }
+	</style>
+</head>
+<body lang="en-US" text="#000000" link="#0000ff" vlink="#800080" bgcolor="#ffffff" dir="ltr" style="background: #ffffff">
+<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+<br/>
+
+</p>
+<p align="center" style="margin-top: 0.14in; margin-bottom: 0.33in"><font face="Arial, sans-serif"><font size="6" style="font-size: 24pt">IBM
+TPM 2.0 (and 1.2) TSS API</font></font></p>
+<p align="center" style="margin-top: 0.14in; margin-bottom: 0.33in"><font face="Arial, sans-serif"><font size="6" style="font-size: 24pt">Ken
+Goldman</font></font></p>
+<p align="center" style="margin-top: 0.14in; margin-bottom: 0.33in"><font face="Arial, sans-serif"><font size="6" style="font-size: 24pt">IBM
+Research</font></font></p>
+<p align="center" style="margin-top: 0.14in; margin-bottom: 0.33in"><font face="Arial, sans-serif"><font size="6" style="font-size: 24pt">kgoldman at us.ibm.com</font></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" align="center" style="margin-bottom: 0in"><font size="5" style="font-size: 20pt">December
+9, 2019</font></p>
+<p lang="da-DK" class="western" align="center" style="margin-bottom: 0in">
+<br/>
+
+</p>
+<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in; page-break-before: always">
+<br/>
+
+</p>
+<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+<br/>
+
+</p>
+<div id="Table of Contents1" dir="ltr">
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799841"><span style="letter-spacing: 0.4pt">1.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799841">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799841"><b><span style="letter-spacing: 0.4pt">Introduction</span><span lang="en-US">	5</span></b></a></font></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799842"><span style="letter-spacing: 0.4pt">2.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799842">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799842"><b><span style="letter-spacing: 0.4pt">Features</span><span lang="en-US">	6</span></b></a></font></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799843"><span style="letter-spacing: 0.4pt">3.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799843">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799843"><b><span style="letter-spacing: 0.4pt">API</span><span lang="en-US">	7</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799844">3.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TSS_Execute()<span lang="en-US">	7</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799845">3.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TSS_Create()<span lang="en-US">	7</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799846">3.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TSS_Delete()<span lang="en-US">	8</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799847">3.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Optional
+	Customization<span lang="en-US">	9</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799848">3.4.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Property
+	Example<span lang="en-US">	9</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799849">3.4.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Properties<span lang="en-US">	9</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799850">3.4.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TSS_SetProperty()<span lang="en-US">	12</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799851">3.5.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Extra
+	Parameter<span lang="en-US">	13</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799852">3.6.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Other
+	APIs and Headers<span lang="en-US">	13</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799853"><span style="letter-spacing: 0.4pt">4.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799853">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799853"><b><span style="letter-spacing: 0.4pt">Application
+	Notes</span><span lang="en-US">	15</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799854">4.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM
+	Simulator<span lang="en-US">	15</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799855">4.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Parameter
+	Encryption<span lang="en-US">	15</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799856">4.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Session
+	Salt<span lang="en-US">	15</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799857">4.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Session
+	Bind<span lang="en-US">	15</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799858">4.5.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>NV<span lang="en-US">	16</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799859">4.5.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Rationale<span lang="en-US">	16</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799860">4.5.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>NV
+	Pre-provisioning<span lang="en-US">	17</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799861">4.6.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM2_LoadExternal<span lang="en-US">	17</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799862">4.7.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Connecting
+	to Resource Managers<span lang="en-US">	17</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799863">4.8.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Endorsement
+	Key (EK) Certificates<span lang="en-US">	18</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799864">4.8.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Nuvoton<span lang="en-US">	19</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799865">4.8.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>St
+	Micro<span lang="en-US">	19</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799866">4.8.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Infineon<span lang="en-US">	20</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799867">4.8.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>NationZ<span lang="en-US">	20</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799868">4.8.5.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Intel<span lang="en-US">	20</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799869">4.8.5.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Intel
+	EK Certificate Download<span lang="en-US">	20</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799870">4.9.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Command
+	Line Utilities<span lang="en-US">	21</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799871">4.10.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TSS
+	for TPM 1.2<span lang="en-US">	22</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799872"><span style="letter-spacing: 0.4pt">5.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799872">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799872"><b><span style="letter-spacing: 0.4pt">Examples</span><span lang="en-US">	23</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799873">5.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>signapp.c<span lang="en-US">	23</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799874">5.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>writeapp.c<span lang="en-US">	23</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799875"><span style="letter-spacing: 0.4pt">6.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799875">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799875"><b><span style="letter-spacing: 0.4pt">Utility
+	tools</span><span lang="en-US">	25</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799876">6.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Debugging
+	Aids<span lang="en-US">	25</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799877">6.1.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>reponsecode<span lang="en-US">	25</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799878">6.1.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>printattr<span lang="en-US">	25</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799879">6.1.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>timepacket<span lang="en-US">	25</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799880">6.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Policy
+	Aids<span lang="en-US">	25</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799881">6.2.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>policymaker<span lang="en-US">	26</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799882">6.2.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>policymakerpcr<span lang="en-US">	26</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799883">6.2.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>publicname<span lang="en-US">	26</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799884">6.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Key
+	Manipulation<span lang="en-US">	26</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799885">6.3.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>createek<span lang="en-US">	26</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799886">6.3.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>createekcert<span lang="en-US">	27</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799887">6.3.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>tpm2pem<span lang="en-US">	27</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799888">6.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Event
+	Logs<span lang="en-US">	27</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799889">6.4.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>eventextend<span lang="en-US">	27</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799890">6.4.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>imaextend<span lang="en-US">	27</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799891"><span style="letter-spacing: 0.4pt">7.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799891">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799891"><b><span style="letter-spacing: 0.4pt">Build</span><span lang="en-US">	28</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799892">7.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Build
+	Options<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799893">7.1.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TPM20
+	and TPM_TPM12<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799894">7.1.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_POSIX
+	or TPM_WINDOWS<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799895">7.1.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_WINDOWS_TBSI<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799896">7.1.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_WINDOWS_TBSI_WIN8<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799897">7.1.5.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_WINDOWS_TBSI_WIN7<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799898">7.1.6.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NOFILE<span lang="en-US">	28</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799899">7.1.7.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NOCRYPTO<span lang="en-US">	29</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799900">7.1.8.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NO_PRINT<span lang="en-US">	29</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799901">7.1.9.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NOECC<span lang="en-US">	29</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799902">7.1.10.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NORSA<span lang="en-US">	29</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799903">7.1.11.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NOENV<span lang="en-US">	29</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799904">7.1.12.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_NOSOCKET<span lang="en-US">	30</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799905">7.1.13.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NOCMDCHECK<span lang="en-US">	30</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799906">7.1.14.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NODEPRECATED<span lang="en-US">	30</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799907">7.1.15.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>TPM_TSS_NUVOTON<span lang="en-US">	30</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799908">7.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Directories<span lang="en-US">	30</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799909">7.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Linux<span lang="en-US">	31</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799910">7.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Windows<span lang="en-US">	32</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799911">7.4.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Windows
+	gcc<span lang="en-US">	33</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799918">7.4.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Windows
+	Visual Studio<span lang="en-US">	33</span></a></p>
+	<p style="margin-left: 0.33in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799919">7.4.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Windows
+	Tbsi<span lang="en-US">	34</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799920">7.5.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Mac<span lang="en-US">	34</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799921">7.6.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>AIX<span lang="en-US">	35</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799922"><span style="letter-spacing: 0.4pt">8.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799922">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799922"><b><span style="letter-spacing: 0.4pt">Fedora</span><span lang="en-US">	36</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799923">8.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Local
+	Install<span lang="en-US">	36</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799924">8.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Alternative
+	Local Install<span lang="en-US">	36</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799925">8.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Repository
+	Install<span lang="en-US">	37</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799926">8.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Install
+	Test<span lang="en-US">	37</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799927">8.5.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Source
+	rpms<span lang="en-US">	37</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799928"><span style="letter-spacing: 0.4pt">9.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799928">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799928"><b><span style="letter-spacing: 0.4pt">Status</span><span lang="en-US">	39</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799929">9.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Utilities<span lang="en-US">	39</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799930">9.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Bugs<span lang="en-US">	39</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799931">9.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Untested<span lang="en-US">	39</span></a></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799932"><span style="letter-spacing: 0.4pt">10.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799932">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799932"><b><span style="letter-spacing: 0.4pt">Threading</span><span lang="en-US">	40</span></b></a></font></p>
+	<p lang="da-DK" align="center" style="margin-left: 0.17in; margin-bottom: 0in">
+	<font size="4" style="font-size: 15pt"><b><a class="western" href="#__RefHeading___Toc26799933"><span style="letter-spacing: 0.4pt">11.</span></a></b><font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US"><span style="font-weight: normal"><a class="western" href="#__RefHeading___Toc26799933">	</a></span></span></font></font><a class="western" href="#__RefHeading___Toc26799933"><b><span style="letter-spacing: 0.4pt">Troubleshooting</span><span lang="en-US">	41</span></b></a></font></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799934">11.1.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Environment
+	Variables<span lang="en-US">	41</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799935">11.2.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Command
+	line utilities fail on Windows 10<span lang="en-US">	41</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799936">11.3.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>OpenSSL
+	Linking on Windows<span lang="en-US">	41</span></a></p>
+	<p style="margin-left: 0.17in; margin-bottom: 0in"><a class="western" href="#__RefHeading___Toc26799937">11.4.<font face="Calibri, sans-serif"><font size="2" style="font-size: 11pt"><span lang="en-US">	</span></font></font>Loaded
+	objects (keys) disappear<span lang="en-US">	41</span></a></p>
+</div>
+<p class="western" style="margin-bottom: 0in"><a name="_Ref166921735"></a>
+<br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799841"></a>
+	<font size="2" style="font-size: 11pt">Introduction</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The IBM TSS is designed
+for:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">ease of
+	understanding</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">ease of use</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">ease of
+	implementation</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">maximum code
+	reuse</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The package is
+upstreamed to</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Fedora</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Debian</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">RHEL 7.4 and up</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">SLES 12 SP3 and
+	up</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Ubuntu 17.10 and
+	up</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="2">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799842"></a>
+	<font size="2" style="font-size: 11pt">Features</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS handles the
+following, completely hidden from the caller:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">HMAC, password
+	and policy sessions</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Session and HMAC
+	key calculations, including bind and salt sessions</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">HMAC generation
+	and verification (including cpHash and rpHash)</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Parameter
+	encryption and decryption, XOR and AES</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Nonces and nonce
+	rolling</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Session continue
+	flag</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">TPM 2.0 "Name"
+	and bind session tracking</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Different
+	session hash algorithms</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Marshaling,
+	unmarshaling, and communication with the TPM 
+	</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">and almost hidden from
+the caller:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">bind password</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="3">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799843"></a><a name="_Ref511735765"></a><a name="_Ref511735763"></a>
+	<font size="2" style="font-size: 11pt">API</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The API consists of the
+following calls:</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799844"></a>TSS_Execute()</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">#include <ibmtss/tss.h></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM_RC
+	TSS_Execute(TSS_CONTEXT 			*tssContext,</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in">		 
+         RESPONSE_PARAMETERS 	*out,</p>
+<p class="western" style="margin-bottom: 0in">				COMMAND_PARAMETERS
+	*in,</p>
+<p class="western" style="margin-bottom: 0in">				EXTRA_PARAMETERS
+		*extra,</p>
+<p class="western" style="margin-bottom: 0in">				TPM_CC
+				commandCode,</p>
+<p class="western" style="margin-bottom: 0in">		  	 	...);</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is the primary TSS
+function.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">tssContext:  Opaque
+object</p>
+<p class="western" style="margin-bottom: 0in">out:  The standard TPM2
+Part 3 response parameter</p>
+<p class="western" style="margin-bottom: 0in">in: The standard TPM2
+Part 3 command parameter</p>
+<p class="western" style="margin-bottom: 0in">extra:  Some commands
+(only two so far) require extra parameter s.</p>
+<p class="western" style="margin-bottom: 0in">commandCode: The
+standard TPM2 Part 2 command code.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">. . . :  A list of
+session 3-tuples , of the form</p>
+<p class="western" style="margin-bottom: 0in">	 TPMI_SH_AUTH_SESSION
+sessionHandle,</p>
+<p class="western" style="margin-bottom: 0in">   	const char
+*password,</p>
+<p class="western" style="margin-bottom: 0in">   	unsigned int
+sessionAttributes</p>
+<p class="western" style="margin-bottom: 0in">	The list is terminated
+with (TPM_RH_NULL, NULL, 0)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799845"></a><a name="_Ref437348825"></a>
+		TSS_Create()</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">#include <ibmtss/tss.h></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM_RC
+	TSS_Create(TSS_CONTEXT **tssContext);</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This creates the
+TSS_CONTEXT used in the TSS_Execute() function.  It is initialized
+with the default configuration, which can be then changed using 3.4.3
+TSS_SetProperty().</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Returns an error if the
+context cannot be allocated, or if the properties cannot be
+initialized, typically due to an invalid environment variable.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">See 3.3 TSS_Delete().</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">It does not immediately
+open a connection, so that the connection properties can be changed
+from the default first. 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799846"></a><a name="_Ref437348811"></a>
+		TSS_Delete()</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">#include <ibmtss/tss.h></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM_RC	TSS_Delete(TSS_CONTEXT
+*tssContext);</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The deletes the opaque
+context created using 3.2 TSS_Create().  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">It closes an open
+connection.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Returns an error if the
+connection close fails.</p>
+<p class="western" style="margin-bottom: 0in; page-break-before: always">
+<br/>
+
+</p>
+<ol>
+	<ol start="4">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799847"></a><a name="_Ref532809555"></a><a name="_Ref532809551"></a>
+		Optional Customization</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS is designed to
+work by default with no configuration.   
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.25in; margin-bottom: 0in">The
+current default connects to the Microsoft format socket simulation. 
+This will eventually change to connect to the resource manager.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There are three ways to
+customize the configuration:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<li/>
+<p class="western" style="margin-bottom: 0in">At compile time,
+	with a compiler flag</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">At program
+	start, using an environment variable</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">During run time,
+	using the 3.4.3 TSS_SetProperty() function.</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The environment
+variables and TSS_SetProperty property use the same names.  The
+makefile flag uses the name with _DEFAULT appended.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The environment
+variable overrides the compiler flag, and the TSS_SetProperty()
+function overrides both the compiler flag and the environment
+variable.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799848"></a>
+			Property Example</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To change the default
+TPM interface to the TPM device driver:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">With a makefile:</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">With an
+	environment variable:</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> setenv
+TPM_INTERFACE_TYPE  dev</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">With the TSS_SetProperty()
+	function:</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">rc =
+TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev");</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799849"></a><a name="_Ref469903681"></a><a name="_Ref469903677"></a>
+			Properties</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">(Remember that the
+makefile compiler flag requires _DEFAULT to be added, and that the
+quotes must be escaped.).</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The property and legal
+values are:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<h4 class="western"><a name="_Ref473273918"></a>TPM_TRACE_LEVEL</h4>
+<p class="western" style="margin-bottom: 0in">		default -  0</p>
+<p class="western" style="margin-bottom: 0in">	0 - no tracing</p>
+<p class="western" style="margin-bottom: 0in">	1 - trace errors</p>
+<p class="western" style="margin-bottom: 0in">	2 - trace errors and
+execution flow</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<h4 class="western">TPM_DATA_DIR</h4>
+<p class="western" style="margin-bottom: 0in">		default - current
+directory</p>
+<p class="western" style="margin-bottom: 0in">	set the directory
+where the TSS can store persistent data</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<h4 class="western"><a name="_Ref473274005"></a>TPM_INTERFACE_TYPE</h4>
+<p class="western" style="margin-bottom: 0in">		default - socsim 
+</p>
+<p class="western" style="margin-bottom: 0in">	socsim - the socket
+simulator</p>
+<p class="western" style="margin-left: 1in; margin-bottom: 0in">see 
+</p>
+<p class="western" style="margin-left: 1in; text-indent: 0.5in; margin-bottom: 0in">
+TPM_SERVER_NAME</p>
+<p class="western" style="margin-left: 1in; text-indent: 0.5in; margin-bottom: 0in">
+TPM_SERVER_TYPE</p>
+<p class="western" style="margin-left: 1in; text-indent: 0.5in; margin-bottom: 0in">
+TPM_COMMAND_PORT</p>
+<p class="western" style="margin-left: 1in; text-indent: 0.5in; margin-bottom: 0in">
+TPM_PLATFORM_PORT</p>
+<p class="western" style="margin-bottom: 0in">	dev - TPM device
+driver 
+</p>
+<p class="western" style="margin-left: 0.5in; text-indent: 0.5in; margin-bottom: 0in">
+see 
+</p>
+<p class="western" style="margin-left: 1in; text-indent: 0.5in; margin-bottom: 0in">
+TPM_DEVICE</p>
+<h4 class="western"><a name="_Ref473273410"></a>TPM_SERVER_NAME</h4>
+<p class="western" style="margin-bottom: 0in">		default - localhost</p>
+<p class="western" style="margin-bottom: 0in">	set the socket server
+name (full host name or dotted decimal)</p>
+<h4 class="western"><a name="_Ref473273447"></a>TPM_SERVER_TYPE</h4>
+<p class="western" style="margin-bottom: 0in">	Used with
+TPM_INTERFACE_TYPE = socsim</p>
+<p class="western" style="margin-bottom: 0in">		default - mssim</p>
+<p class="western" style="margin-bottom: 0in">	mssim - send packets
+in the Microsoft simulator format (header and footer)</p>
+<p class="western" style="margin-bottom: 0in">	raw - send packets in
+the raw TPM 2.0 specification Part 3 format</p>
+<p class="western" style="margin-bottom: 0in">	rawsingle - same as
+raw but opens and closes the connection for each command</p>
+<p class="western" style="margin-bottom: 0in">		(useful with the IBM
+SW TPM 1.2 simulator)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<h4 class="western"><a name="_Ref473273450"></a>TPM_COMMAND_PORT</h4>
+<p class="western" style="margin-bottom: 0in">		default - 2321</p>
+<p class="western" style="margin-bottom: 0in">	set the socket port
+for TPM commands</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<h4 class="western"><a name="_Ref473273453"></a>TPM_PLATFORM_PORT</h4>
+<p class="western" style="margin-bottom: 0in">		default - 2322</p>
+<p class="western" style="margin-bottom: 0in">	set the socket port
+for TPM simulator platform commands</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<h4 class="western"><a name="_Ref473273499"></a>TPM_DEVICE</h4>
+<p class="western" style="margin-bottom: 0in">		Unix/Linux default -
+/dev/tpm0	(single user)</p>
+<p class="western" style="margin-bottom: 0in">		Windows default -
+Windows 7,8,10 Tbsi</p>
+<p class="western" style="margin-bottom: 0in">	For Unix, sets the TPM
+device name</p>
+<p class="western" style="margin-bottom: 0in">		/dev/tpmrm0 is the
+multi-user kernel resource manager</p>
+<p class="western" style="margin-bottom: 0in">			Once the kernel
+resource manager is upstreamed, this</p>
+<p class="western" style="margin-bottom: 0in">			may become the
+default.</p>
+<p class="western" style="margin-bottom: 0in">	For Windows, not
+currently used, only Tbsi supported</p>
+<p class="western" style="margin-bottom: 0in">	</p>
+<h4 class="western"><a name="_Ref473274288"></a>TPM_ENCRYPT_SESSIONS</h4>
+<p class="western" style="margin-bottom: 0in">		default 1</p>
+<p class="western" style="margin-bottom: 0in">	1 - Session state is
+saved encrypted</p>
+<p class="western" style="margin-bottom: 0in">	0 - Session state is
+saved in plaintext</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Since session state can
+potentially hold secrets, it should normally be encrypted.  When the
+process terminates, the ephemeral encryption key is lost.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">See 4.9 Command Line Utilities
+for the special case of using the command line utilities.  That
+section is not applicable when using the TSS library in programs.</p>
+<p class="western" style="margin-bottom: 0in; page-break-before: always">
+<br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799850"></a><a name="_Ref418692484"></a>
+			TSS_SetProperty()</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">#include <ibmtss/tss.h></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM_RC
+TSS_SetProperty(TSS_CONTEXT *tssContext,</p>
+<p class="western" style="margin-left: 1.5in; text-indent: 0.5in; margin-bottom: 0in">
+int property,</p>
+<p class="western" style="margin-left: 1.5in; text-indent: 0.5in; margin-bottom: 0in">
+const char *value);</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS_SetProperty()
+function overrides the defaults and environment variables
+programmatically.  
+</p>
+<p class="western" style="margin-bottom: 0in">	</p>
+<p class="western" style="margin-bottom: 0in">If the property is
+related to the connection, an open connection is closed before the
+property is processed.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in">NOTE:
+ The close occurs even if the new value is the same as the old value.
+ This can be used to close a connection without deleting the context.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in">Question:
+ Is it good to mandate this behavior?  It offers functionality and
+makes the implementation easier, but perhaps it's too clever?</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">NOTE:  The value
+parameter is always a string. For simplicity, the 'value' pointer is
+stored.  The input should be a constant string.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">NOTE: For the property
+TPM_TRACE_LEVEL, tssContext is ignored.  The trace level is per
+process, not per context.</p>
+<p class="western" style="margin-bottom: 0in; page-break-before: always">
+<br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="5">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799851"></a>Extra
+		Parameter</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The extra parameter is
+a catch-all for any parameters that TSS_Execute() requires beyond the
+normal TPM command and response parameters.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM2_StartAuthSession
+needs the bind password so that it can calculate the session key. 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="6">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799852"></a>Other
+		APIs and Headers</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Headers are in the
+…/utils/ibmtss directory.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">#include <ibmtss/tss.h></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The utility / demo
+applications cheat a bit, in that they call into TSS utility
+functions.  These are less likely to be stable than the official API
+above.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tss.h:  The
+	official API</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tsserror.h: 
+	Included by tss.h for convenience.  Error codes may be added.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tssmarshal.h: 
+	Marshal structures to arrays. These are likely to be stable.  They
+	are similar to the TPM side functions but return errors.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Unmarshal_fp.h:
+	Unmarshal arrays to structures.  
+	</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in">The
+functions without the TSS_ prefix are deprecated.  They were borrowed
+from the TPM side but used a signed value for the size.  The
+functions prefixed TSS_ use an unsigned value for the size.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tssresponsecode.h:
+	 Response code to text.  Useful for debugging.  The API should be
+	stable, but the actual output may change.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tssprint.h: 
+	Functions to print structures.  Useful for debugging.  The API
+	should be stable.  Functions may be added, and the output is likely
+	to change.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tssprintcmd.h: 
+	Functions to print command parameters.  Used in TSS verbose tracing.
+	 The API should be stable, but the actual output may change.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tssutils.h: 
+	Demo helper functions.  These are useful for rapid prototyping but
+	are not recommended for production code.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tssfile.h:  Demo
+	helper functions.  These are useful for rapid prototyping but are
+	not recommended for production code.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">tsscrypto.h: 
+	Sample crypto code.  These are useful for rapid prototyping but are
+	not recommended for production code.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Any of the lower
+	layer TSS functions are for TSS internal use.  They should not be
+	called.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="4">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799853"></a>
+	<font size="2" style="font-size: 11pt">Application Notes</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Several areas have
+non-obvious usage.  They are described here.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799854"></a>TPM
+		Simulator</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">A typical cause of a
+hang when sending the first command to the TPM simulator is that it
+has not received a simulated "powered up."  The IBM TPM
+simulator does not require this, but others may.  Send this command:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> powerup</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The platform firmware
+initializes a hardware TPM.  The TPM simulator requires this command:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> startup</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799855"></a>Parameter
+		Encryption</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The caller does NOT
+perform parameter encryption.  Simply set the session attribute to
+either or both of TPMA_SESSION_ENCRYPT or TPMA_SESSION_DECRYPT.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799856"></a>Session
+		Salt</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To salt, the caller
+should set tpmKey (the handle of a loaded decrypt key) in
+TPM2_StartAuthSession.  The key must be an RSA 2048-bit key or ECC
+NIST P256 key with sign clear and decrypt set.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The caller must supply
+the extra parameter as a StartAuthSession_Extra structure.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The caller does NOT
+supply the HMAC salt.  The encryptedSalt parameter is ignored, as the
+TSS generates the salt.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="4">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799857"></a>Session
+		Bind</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To bind, the caller
+should set bind (the bind entity handle) in TPM2_StartAuthSession. 
+The caller must supply the extra parameter as a
+StartAuthSession_Extra structure and set the bindPassword member to
+the bind handle password.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="5">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799858"></a>NV</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">For applications that
+do not share an NV index and don't use global locks or transient
+locks or written status that change after a reboot, the following
+details are unnecessary.  Just issue the TPM2_NV_DefineSpace and
+everything works, including HMAC sessions.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">For applications that
+do not satisfy the above criteria, the application must issue
+TPM2_NV_ReadPublic and validate that the public area is as expected,
+including the locks.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This will not typically
+occur in real applications.  The transient locks and written status
+permit low level firmware to perform pre-OS operations.  By the time
+post-OS applications are running, the locks and written status should
+be restored.</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799859"></a>
+			Rationale</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Why?  For
+authorization, the TSS includes the Name (a hash of the public NV
+metadata) in the HMAC calculation.  This ensures that the NV index
+has not been replaced with a different version with untrusted
+metadata.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Normally, the TSS
+tracks the Name, even when the application changes the written or
+lock attributes.  However, if the attributes (and therefore the Name)
+change outside the application, the TSS is unable to track the
+change.  In those cases, the application must read the public data
+and validate it.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Why doesn't the TSS
+automatically issue the TPM2_NV_ReadPublic?  If it did that, it would
+encourage the application developer to blindly trust the index.  The
+application is expected to examine the TPM2_NV_ReadPublic return
+(e.g., the policy, the attributes) and decide whether the index is
+trusted.  The TSS cannot enforce this, but it does at least encourage
+it.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The index Name can
+change as the metadata changes.  These changes include the "written"
+bit and the read and write locks.  The TSS automatically tracks the
+changes performed on a single index by the application.  It does not
+track:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Changes "out
+	of band", by a different application, including an attacker.</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This will surface as an
+HMAC failure.  The application should reissue TPM2_NV_ReadPublic and
+decide if the index is still trusted.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="2">
+	<li/>
+<p class="western" style="margin-bottom: 0in">Changes to
+	transient lock status due to a reboot.</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">If the application is
+aware of the reboot, it can reissue TPM2_NV_ReadPublic and
+re-evaluate the return.  Otherwise, it can wait for the potential
+HMAC failure and handle it as above.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="3">
+	<li/>
+<p class="western" style="margin-bottom: 0in">Locks due to a
+	global lock, because it's hard and because global lock is expected
+	to be used only at provisioning, if ever.</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This case will probably
+never occur in practice.  If it does, handle the HMAC failure as
+above.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799860"></a>
+			NV Pre-provisioning</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is the case where
+some other application has used TPM2_NV_DefineSpace to pre-provision
+an index.  As an alternative to the application evaluating the
+TPM2_NV_ReadPublic response, the NV metadata and Name can be
+pre-provisioned when the application is installed.  Two files are
+required:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">	[01nnnnnn] is the hex
+value of the NV index.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<li/>
+<p class="western" style="margin-bottom: 0in">h[01nnnnnn].bin
+	- The Name, a binary hash of the public data</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">nvp[01nnnnnn].bin
+	- The marshaled TPMS_NV_Public</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="6">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799861"></a>TPM2_LoadExternal</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This command is unique,
+in that it has an optional parameter, TPM2B_SENSITIVE <i>inPrivate</i>.
+ The caller should use the size as a flag:  0 for not present, and
+non-zero for present.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Rationale:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TPM uses the
+<i>inPrivate.size </i>zero to indicate that the parameter is not
+present and uses the correct marshaled size to indicate that the
+parameter is present. This TSS uses that design pattern, but, as with
+other TPM2B's that wrap structures, it does not require the caller to
+marshal the structure and determine the correct size.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="7">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799862"></a><a name="_Ref483554623"></a><a name="_Ref483554619"></a>
+		Connecting to Resource Managers</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">An issue arises when
+using the TSS utilities (not the TSS itself) on a platform with a
+resource manager.  Windows 10 has a resource manager called TBS and
+Linux as of 4.12 uses /dev/tpmrm0.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">A resource manager
+flushes all resources (objects like keys, and sessions) when a
+connection closes.  Since the utilities are standalone processes, the
+connection closes after each invocation.  Thus, for example, a
+utility can load a key, but, when the "load" command
+terminates, the resource manager will flush the key.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is not an issue
+for a complete application using the TSS because the TSS keeps the
+connection open through multiple TPM commands.  For prototyping using
+the utilities, the Linux solution is to bypass the resource manager
+using /dev/tpm0.  For Windows 10, use a proxy to simulate this
+persistent connection behavior.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The "tpmproxy"
+program connects as a socket server on one side and a TPM device
+driver on the other.  Once the proxy starts, the Windows resource
+manager sees one persistent connection, as desired.  The utilities
+use the socket interface to the proxy.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Both the TSS and the
+proxy support both a raw packet format and the Microsoft simulator
+wrapped format.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The default, using the
+wrapped format, can also be specified on the TSS side with 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">>
+TPM_INTERFACE_TYPE=socsim</p>
+<p class="western" style="margin-bottom: 0in">>
+TPM_SERVER_TYPE=mssim</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">and the tpmproxy with
+-mssim.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The raw format can be
+specified with</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">>
+TPM_INTERFACE_TYPE=socsim</p>
+<p class="western" style="margin-bottom: 0in">>
+TPM_SERVER_TYPE=raw</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">and the tpmproxy with
+-raw.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="8">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799863"></a>Endorsement
+		Key (EK) Certificates</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS includes
+several TPM vendor EK root certificates for convenience.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There is no reason for
+a user to trust these certificates.  Obtain production certificates
+directly from the TPM vendor.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">These URLs are provided
+for convenience.  Observe that some URLs are http.  I encourage all
+readers to ask the TPM vendors to offer these certificates over a
+secured web page, since they form the root of trust for TPM
+authenticity.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Utilities such as
+"createek" that take a -root argument require a list of EK
+root certificates in a file.  The utilities include a sample file
+…/utils/certificates/rootcerts.txt.  The file MUST be edited,
+since the file names must have a complete path to your install
+directory.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The file must have a
+Unix newline (only LF, 0x0a), not a DOS newline, even on Windows
+platforms.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Certificates must be in
+PEM format.  To convert from DER format (.cer, .crt) to PEM using
+openssl:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> openssl x509 -in
+cert.cer -inform DER -out cert.pem</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799864"></a>
+			Nuvoton</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><a class="western" href="https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%202110.cer"><span lang="en-US">https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%202110.cer</span></a></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><a class="western" href="https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%201110.cer"><span lang="en-US">https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%201110.cer</span></a></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799865"></a>
+			St Micro</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This list was extracted
+from http://www.st.com/resource/en/data_brief/stsw-tpmcert1.pdf</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">GlobalSign Trusted
+Computing CA 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/gstpmroot.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">ST TPM Root certificate
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/stmtpmekroot.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">ST Intermediate CA 01 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/stmtpmekint01.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">ST Intermediate CA 02 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/stmtpmekint02.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">ST Intermediate CA 03 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/stmtpmekint03.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">ST Intermediate CA 04 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/stmtpmekint04.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">ST Intermediate CA 05 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/stmtpmekint05.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">GlobalSign Trusted
+Platform Module ECC</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Root CA 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/cacert/tpmeccroot.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">STM TPM ECC Root CA 01 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/stmtpmeccroot01.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">STM TPM ECC
+Intermediate CA 01 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">http://secure.globalsign.com/stmtpmeccint01.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799866"></a>
+			Infineon</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><a class="western" href="https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates"><span lang="en-US">https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates</span></a></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="4">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799867"></a>
+			NationZ</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Root</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">https://pki.nationz.com.cn/EkRootCA/EkRootCA.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Intermediate
+certificates</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">https://pki.nationz.com.cn/EkMfrCA001/EkMfrCA001.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">https://pki.nationz.com.cn/EkMfrCA002/EkMfrCA002.crt</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">https://pki.nationz.com.cn/EkMfrCA003/EkMfrCA003.crt</span></u></span></font></p>
+<ol>
+	<ol>
+		<ol start="5">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799868"></a>
+			Intel</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">PTT EK Root Certificate</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><span lang="en-US">https://upgrades.intel.com/content/CRL/ekcert/EKRootPublicKey.cer</span></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">PTT EK Intermediate
+Certificate</p>
+<p class="western" style="margin-bottom: 0in">      
+<font color="#0000ff"><span lang="en-US"><u><a class="western" href="http://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDPROD_EK_Platform_Public_Key.cer"><span lang="en-US">http://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDPROD_EK_Platform_Public_Key.cer</span></a></u></span></font></p>
+<ol>
+	<ol>
+		<ol>
+			<ol>
+				<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799869"></a>
+				Intel EK Certificate Download</h3>
+			</ol>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">As of June 2017, the
+Intel PTT did not come provisioned with EK certificates.  They must
+be downloaded using this procedure.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Read the EK
+	public key</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Construct digest
+	data</p>
+	<ul>
+		<li/>
+<p class="western" style="margin-bottom: 0in">For RSA,
+		concatenate the public modulus to the default exponent 010001, all
+		in binary.</p>
+		<li/>
+<p class="western" style="margin-bottom: 0in">For ECC, this
+		step is currently undocumented.</p>
+	</ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Calculate a
+	SHA-256 digest of the digest data</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Base64 encode
+	the digest</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Convert the
+	base64 to URL base64 by changing = to %3D, + to -, and / to _.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Prepend
+	<font color="#0000ff"><span lang="en-US"><u><a class="western" href="https://ekop.intel.com/ekcertservice/"><span lang="en-US">https://ekop.intel.com/ekcertservice/</span></a></u></span></font>
+	to form the certificate URL.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Use a browser to
+	display the certificate (or use wget and edit in a text editor)</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Extract the text
+	between the <certificate> and </certificate> to a text
+	editor.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Convert the URL
+	base64 to base64 by changing %3D to =, - to +, and _ to /.  Remove
+	all newlines.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Base64 decode to
+	create the DER certificate.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="9">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799870"></a><a name="_Ref469903483"></a>
+		Command Line Utilities</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">See also section 4.7 Connecting to Resource Managers.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">As stated in section 3.4.2
+Properties, the default is to build the TSS library to encrypt
+session state with an ephemeral encryption key that is lost when the
+application exits.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This behavior would
+preclude using the command line utilities with sessions, since the
+encryption key would change.  There are two facilities to remedy
+this.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<li/>
+<p class="western" style="margin-bottom: 0in">For stand-alone
+	debugging, save session state in plaintext.   For example, use an
+	environment variable:</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">>
+setenv TPM_ENCRYPT_SESSIONS 0		(csh, tcsh)</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">>
+export TPM_ENCRYPT_SESSIONS=0		(bash)</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">>
+set TPM_ENCRYPT_SESSIONS=0		(windows)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">	or the equivalent
+compile time flag</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">	-DTPM_ENCRYPT_SESSIONS_DEFAULT="\"0\""</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="2">
+	<li/>
+<p class="western" style="margin-bottom: 0in">For using the
+	command line utilities securely, either stand-alone or in scripts, a
+	fixed encryption key can be specified.</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in">In the script:</p>
+<p class="western" style="text-indent: 0.5in">TPM_SESSION_ENCKEY=`./getrandom
+-by 16 -ns`</p>
+<p class="western" style="text-indent: 0.5in">On the command line:</p>
+<p class="western" style="text-indent: 0.5in">> setenv
+TPM_SESSION_ENCKEY `./getrandom -by 16 -ns`</p>
+<p class="western" style="text-indent: 0.5in"><br/>
+<br/>
+
+</p>
+<ol>
+	<ol start="10">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799871"></a><a name="_Ref514762249"></a><a name="_Ref514762246"></a>
+		TSS for TPM 1.2</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is new code in
+2018.  The TSS for TPM 1.2 uses the identical API as in section 3 API,
+but with TPM 1.2 structures and ordinals.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There is currently
+support for about 20 TPM 1.2 commands, specifically those commands
+that are required to implement an attestation client.  It also
+includes support commands to create a SW TPM EK certificate and the
+activate identity blob, and to extend firmware and IMA event logs
+into a TPM for testing.  More commands can be easily added upon user
+request.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To build a combined TPM
+2.0 and TPM 1.2 TSS:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> make -f
+makefiletpmc clean all</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To build a TPM 2.0 only
+TSS</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> make -f
+makefiletpm20 clean all</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To build a TPM 1.2 only
+TSS</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> make -f
+makefiletpm12 clean all</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The utilities and a
+basic regression test (reg.sh) are in the ../utils12 directory.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The regression test
+requires a software TPM 1.2 that is 'straight from the factory' -
+with no TPM state.  The reason is that creating the standard TCG EK
+certificate requires an unlocked TPM.  Once NV is locked, it can
+never be unlocked.  Before running the regression test, remove the
+state and restart the TPM.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The standard TPM 1.2 is
+opt-in and is shipped disabled and deactivated.  While the  IBM
+software TPM comes with tools to enable and activate the TPM, users
+may find it less of a nuisance to use 'makefile-en-ac' to build a TPM
+that is already enabled and activated at its first start.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="5">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; page-break-before: always"><a name="__RefHeading___Toc26799872"></a>
+	<font size="2" style="font-size: 11pt"><span style="letter-spacing: 0.4pt">Examples</span></font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in">Each standalone utility
+serves as an example for a single command.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There are also two
+examples that show how several commands can be chained together to
+form an application</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799873"></a>signapp.c</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The signapp.c source
+demonstrates how the TSS handles bind and salt sessions.  It uses
+sample code to create an EK.  It uses a policy session to authorize
+the EK.  It authorizes a signing key using both HMAC and policy
+sessions, where the policy can be policy password or policy
+authvalue.  The signing key policy also has an AND term for the
+command code 'sign'.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Create an EK for
+	the salt</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Start an
+	authorization policy session, salt with the EK</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Use policysecret
+	to authorize the EK</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Create a signing
+	key under the EK, permit password and policy authorization</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Restart the
+	policy session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Use policysecret
+	to authorize the EK</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Load the signing
+	key under the EK, using the session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Create an HMAC
+	session, salt with the EK, bind with the signing key</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Sign a digest,
+	using the HMAC 
+	</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Verify the
+	signature</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Restart the
+	policy session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Use policy
+	command code and policy authvalue to authorize the signing key</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Sign a digest</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Verify the
+	signature</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Flush the policy
+	and HMAC sessions</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Flush the EK
+	primary key</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Flush the
+	signing key</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799874"></a>writeapp.c</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The writeapp.c source
+demonstrates how the TSS handles bind and salted session, and tracks
+entity Name changes without application coding.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Create an EK for
+	the salt</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Start a session,
+	salt with EK</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Define an NV
+	index, salted session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Flush the
+	session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Start a session,
+	salt with EK, bind to unwritten NV index</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Write NV,
+	changes the Name, bound, salt, encrypt session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Start a session,
+	salt with EK, bind to written NV index</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Write NV, bound,
+	salt, encrypt session</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Undefine NV
+	index</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Flush EK</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="6">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799875"></a>
+	<font size="2" style="font-size: 11pt">Utility tools</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in">In addition to the
+command line tools for each TPM command, there are several utilities
+that are useful for development.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">They accept various
+digest and asymmetric algorithms and other options as applicable. 
+Use -h for details.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799876"></a>Debugging
+		Aids</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799877"></a>
+			reponsecode</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Prints a TPM or TSS hex
+response code as text.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799878"></a>
+			printattr</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Prints a TPM hex
+attribute as text.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">It supports object,
+session, startup, and NV attributes.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799879"></a>
+			timepacket</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is useful for
+profiling - timing the duration of a single command.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">It is occasionally
+useful to debug a command packet obtained from a source other than
+the TSS.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">It takes a hex ascii
+input command string so that TSS processing is excluded.  The string
+can be obtained by running the command first with -v and capturing
+the TSS trace.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tool is restricted
+to commands that:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">can be run
+	repeatedly.  I.e., it cannot use policy sessions.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">do not include
+	varying data.  E.g., it cannot have an HMAC with rolling nonces.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799880"></a>Policy
+		Aids</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">These tools  provide
+primitive aids to calculating and debugging policies.  The regression
+test script comments explain how the tools were used to calculate the
+test policies. The utils/policies directory holds both the 'source'
+hexascii and binary policies.</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799881"></a>
+			policymaker</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tool accepts a set
+of hex ascii AND terms, one per line, and calculates the resulting
+policy.  An empty policyRef is represented by a blank line.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The result can be
+traced and/or output in binary in a format directly usable as a
+utility input.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">-v traces the
+intermediate terms.  In combination with policygetdigest, it can be
+used to debug a policy term by term.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">-ns (no white space)
+traces the output in a format that can be used as input to a policy
+OR (which is just a concatenation of AND terms).</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">-nz calculates the hash
+without the normal 'extend starting with zeros', useful for
+calculating an 'aHash' such as a cpHash.</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799882"></a>
+			policymakerpcr</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tool calculates a
+policypcr AND term in a format suitable for input to policymaker. It
+accepts a bit mask of selected PCRs and a white list of PCR values,
+one per line.</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799883"></a>
+			publicname</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tool calculates a
+TPM Name from a TPM object or NV public structure, or from a PEM or
+DER format public key.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is useful for
+constructing policies at times that the TPM is not available to
+calculate the Name.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799884"></a>Key
+		Manipulation</h2>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799885"></a>
+			createek</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tools aggregates
+several EK manipulation tasks:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Creates an EK
+	primary key based on TCG standards.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Prints an EK
+	template or nonce if provisioned.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Prints an EK
+	certificate.  This function is also integrated into nvread.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Validates an EK
+	certificate against the TPM vendor root certificates.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799886"></a>
+			createekcert</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tools provisions
+an EK certificate in TPM NV for testing.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The EK is generated
+based on TCG standards.</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799887"></a>
+			tpm2pem</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tools converts an
+existing TPM format public key to PEM format.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This function is also
+integrated into several tools, such as create, createprimary,
+createloaded, and readpublic.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="4">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799888"></a>Event
+		Logs</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The package has sample
+functions for parsing pre-OS and post-OS (IMA) event logs.  These
+tools aggregate some of these functions.</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799889"></a>
+			eventextend</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tool parses a
+pre-OS (BIOS, UEFI) event log.  It can:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Extend the
+	events into a TPM, simulating pre-OS firmware.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Calculate
+	expected TPM PCR values.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Calculate a boot
+	aggregate.</p>
+</ul>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799890"></a>
+			imaextend</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This tool parses a
+post-OS Linux IMA log.  It can:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Extend the
+	events into a TPM, simulating post-OS IMA software.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Calculate
+	expected TPM PCR values.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To permit scripting a
+test platform, it can accept beginning and ending events.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="7">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799891"></a>
+	<font size="2" style="font-size: 11pt">Build</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in">The builds for Linux
+and Windows create the TSS shared object / dll and about 110 command
+line programs.  The command line programs can be used in a script for
+rapid prototyping or as sample usage code.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There are currently
+makefiles for common build options, listed later.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The build files clear
+TPM_ENCRYPT_SESSIONS, which is useful for prototyping and regression
+testing.  This should be removed for production applications.</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799892"></a><a name="_Ref156904153"></a>
+		Build Options</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Several compile time
+macros permit building a variation of the TSS library.  Features may
+be lost, but the tradeoff may be important in some environments.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#ff0000"><b>Since
+the regression test does not function against all builds, some
+variations are very lightly tested.  Please report bugs.</b></font></p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799893"></a>
+			TPM_TPM20 and TPM_TPM12</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Define one or both of
+these for a TSS that supports TPM 2.0 and/or TPM 1.2.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM 1.2 support is
+incomplete. See section 4.10 TSS for TPM 1.2.</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799894"></a>
+			TPM_POSIX or TPM_WINDOWS</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Define one of these for
+a POSIX (Linux, AIX, Raspian, zLinux, etc.) or Windows TSS.</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799895"></a>
+			TPM_WINDOWS_TBSI</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">For Windows, compiles
+in hardware TPM support.</p>
+<ol>
+	<ol>
+		<ol start="4">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799896"></a>
+			TPM_WINDOWS_TBSI_WIN8</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">For Windows hardware
+TPM support, use the Windows 8/10 API.</p>
+<ol>
+	<ol>
+		<ol start="5">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799897"></a>
+			TPM_WINDOWS_TBSI_WIN7</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">For Windows hardware
+TPM support, use the Windows 7 API.</p>
+<ol>
+	<ol>
+		<ol start="6">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799898"></a>
+			TPM_TSS_NOFILE</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS library that does not use files for temporary and
+persistent state.  All state is stored in the TSS context and is lost
+when the context is deleted.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Drawbacks:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Scripting, which
+	requires state to persist between processes, does not work.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Names and public
+	keys of persistent entities do not persist, so the entities must be
+	reread (and revalidated) at each connection.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Context save and
+	load are not implemented yet.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">There are
+	currently some fixed size arrays for transient object and session
+	state.</p>
+</ul>
+<ol>
+	<ol>
+		<ol start="7">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799899"></a>
+			TPM_TSS_NOCRYPTO</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS library that does not depend on a crypto library.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Drawbacks:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Salted sessions
+	do not work.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">HMAC sessions do
+	not work, including policies that require HMAC.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Encrypt and
+	decrypt sessions do not work.</p>
+</ul>
+<ol>
+	<ol>
+		<ol start="8">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799900"></a>
+			TPM_TSS_NO_PRINT</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS that does no tracing and compiles out all print
+functions.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="9">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799901"></a>
+			TPM_TSS_NOECC</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS that does not require crypto library elliptic curve
+support.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="10">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799902"></a>
+			TPM_TSS_NORSA</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS that does not require crypto library RSA support.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="11">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799903"></a>
+			TPM_TSS_NOENV</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS that does not call the getenv() function.  This supports
+platforms that do not implement environment variables.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS properties
+still use defaults that can be changed at build time, and it still
+supports the TSS_SetProperty() function.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="12">
+			<li/>
+<h3 class="western"></h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="13">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799904"></a>
+			TPM_NOSOCKET</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS that does not include the socket interface.  This
+supports platforms that do not implement sockets.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">When this macro is
+defined, TPM_INTERFACE_TYPE defaults to dev, not socsim.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="14">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799905"></a>
+			TPM_TSS_NOCMDCHECK</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+builds a TSS that does not implement input parameter checking.  The
+commands are sent as-is to the TPM, which will presumably do its own
+check.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The two main use cases
+of this macro are:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">to reduce the
+	size of the TSS library by about 15%.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">to permit the
+	TSS to send error cases for TPM testing.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The main disadvantage
+of this macro is that debugging is harder.  Rather setting
+breakpoints in the TSS to debug, the developer must rely on the TPM
+return codes.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="15">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799906"></a>
+			TPM_TSS_NODEPRECATED</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+removes deprecated TPM functions,  This slightly reduces the library
+size in cases where the application is not using the functions</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="16">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799907"></a>
+			TPM_TSS_NUVOTON</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Defining this macro
+adds TSS support for the Nuvoton proprietary TPM configuration
+commands.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799908"></a>Directories</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS ships with
+these directories:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 1.5in; text-indent: -1.5in; margin-bottom: 0in">
+…/utils	TSS for both TPM 1.2 and TPM 2.0.  
+</p>
+<p class="western" style="margin-left: 1.5in; margin-bottom: 0in">TPM
+2.0 utility / demo applications</p>
+<p class="western" style="margin-bottom: 0in">…/utils/regtests	TSS
+for TPM 2.0 regression tests</p>
+<p class="western" style="margin-bottom: 0in">…/utils/policies	TSS
+for TPM 2.0 regression test policies and miscellaneous files</p>
+<p class="western" style="margin-bottom: 0in">…/utils/certificates	TPM
+for TPM 2.0 and TPM 1.2 vendor EK root certificates</p>
+<p class="western" style="margin-bottom: 0in">…/utils12		TPM
+1.2 utility / demo applications</p>
+<p class="western" style="margin-left: 1in; text-indent: 0.5in; margin-bottom: 0in">
+TSS for TPM 1.2 regression test</p>
+<p class="western" style="margin-bottom: 0in">…/demo		TSS for
+TPM 2.0 demo web pages</p>
+<p class="western" style="margin-bottom: 0in">…/tpmutils		TSS
+for TPM 2.0 Visual Studio files</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">To extract the tarball</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> cd …</p>
+<p class="western" style="margin-bottom: 0in">> tar xvf
+ibmtssnnn.tar .</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799909"></a>Linux</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">These are the
+mainstream TPM 2.0 instructions.  For the new TPM 1.2 support, see
+the application note in 4.10 TSS for TPM 1.2.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Install OpenSSL 1.0.x
+or  1.1.x.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Note:  OpenSSL 1.1.x
+cannot validate early TPM 1.2 EK certificates.  Newer TPM 1.2
+certificates and TPM 2.0 certificates validate.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> cd …/utils</p>
+<p class="western" style="margin-bottom: 0in">> make -f
+makefiletpmc</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">	Note:  Linux builds
+must have TPM_POSIX defined.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">After building, run the
+regression test against a running simulator.  -h gives help.   The
+Linux version takes about 1 minute.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> ./reg.sh -a</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The regression test can
+run against a <b>software</b> TPM at /dev/tpm0.  It will skip the
+power up sequence.  However, it uses the environment variable TPM_INTERFACE_TYPE
+as the determination.  If the default TPM_INTERFACE_TYPE was changed
+at compile time, the regression test will try the power up sequence
+unless the environment variable is also set.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#ff0000"><b>The
+regression test does not run against a hardware TPM</b></font>, since
+the platform firmware will have set the platform authorization.  
+There are likely to be other errors due to protected or unsupported
+TPM features.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#ff0000"><b>Use
+the regression test for TSS verification, not as a TPM test tool.</b></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TPM device driver
+normally does not permit non-root access.  Either</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> chmod 777
+/dev/tpm0</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">or run as root or sudo.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="4">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799910"></a>Windows</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Read all of this.  It’s
+tricky.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Install OpenSSL 1.1.1. 
+The usual place to get OpenSSL for Windows is
+<font color="#0000ff"><span lang="en-US"><u><a class="western" href="http://slproweb.com/products/Win32OpenSSL.html"><span lang="en-US">http://slproweb.com/products/Win32OpenSSL.html</span></a></u></span></font>.
+ Install Win32 OpenSSL, not the "Light" versions, which I
+believe do not contain the development files. For use with mingw, use
+the 32-bit build.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There is no need to
+build / compile from source.  Just run the downloaded .exe.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">I put the OpenSSL DLLs
+in the OpenSSL binaries directory.  I don't know if this matters.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Recent Shining Light
+installs point to 
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">C:\OpenSSL-Win32
+ 
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Change this to 
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">	C:\Program
+Files\OpenSSL</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">If you chose not to
+install OpenSSL in this location, you must fix the build paths.  In
+other words, use the recommended location.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">After install, copy 
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">C:\Program
+Files\openssl\bin\libcrypto-1.1.dll 
+</p>
+<p class="western" style="margin-bottom: 0in">to 
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">C:\Program
+Files\openssl\bin\libcrypto.dll.  
+</p>
+<p class="western" style="margin-bottom: 0in">Please contribute a fix
+to eliminate this step.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This directory should
+be added to the Path environment variable if it's not already there:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in">c:\Program
+Files\OpenSSL\bin</p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Note:  Windows builds
+must have TPM_WINDOWS defined.</p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Hardware TPM
+development requires the Windows 10 SDK, available here:
+<font color="#0000ff"><span lang="en-US"><u><span lang="en-US">https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk</span></u></span></font></p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">After building, run the
+regression test against a running simulator.   The Windows version
+takes about 15 minutes.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in">The
+Windows script assumes that typical command line tools such as touch
+and diff are installed.  A typical download location is</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><a class="western" href="http://gnuwin32.sourceforge.net/packages.html"><span lang="en-US">http://gnuwin32.sourceforge.net/packages.html</span></a></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in">See
+CoreUtils and DiffUtils.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> reg.bat</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The regression test
+script defaults to the executables being in the same directory as the
+script, …/tpm2/utils.  This is correct for the gcc build, but
+not for the Visual Studio build.  To point to those executables, set
+this environment variable.  <b>Do not omit the trailing slash</b>.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> set
+TPM_EXE_PATH=..\tpmutils\Debug\</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol>
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799911"></a>
+			Windows gcc</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">A mingw (Minimalist GNU
+for Windows) makefile.mak is included.  mingw from
+<font color="#0000ff"><span lang="en-US"><u><a class="western" href="http://www.mingw.org/"><span lang="en-US">http://www.mingw.org/</span></a></u></span></font>
+must be installed.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Issues:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Shining Light
+	does not seem to supply the 64-bit OpenSSL library for mingw. Use
+	the 32-bit library.  
+	</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">mingw does not
+	seem compatible with the Windows 10 TBSI.  Thus, the build does not
+	have hardware TPM support.</p>
+</ul>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">For these reasons, the
+Visual Studio project is recommended.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Contributions to fix
+these are welcome.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> cd …/utils</p>
+<p class="western" style="margin-bottom: 0in">> make -f
+makefile.mak</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="2">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799918"></a>
+			Windows Visual Studio</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">VS solution and project
+files are supplied.  The Visual Studio 2017 Solution is
+…/tpmutils/tpmutils.sln.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The .lib should be in
+c:\program files\openssl\lib\vc.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">If not</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Common Properties</p>
+<p class="western" style="margin-bottom: 0in">Expand Linker, General</p>
+<p class="western" style="margin-bottom: 0in">Change Additional
+Library Directories</p>
+<p class="western" style="margin-bottom: 0in">	to the correct path</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The default is to
+connect to the socket simulator using the Microsoft simulator packet
+format.  To change the default from a SW TPM to a HW TPM, add the
+preprocessor definition:</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TPM_INTERFACE_TYPE_DEFAULT="dev"</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<ol start="3">
+			<li/>
+<h3 class="western"><a name="__RefHeading___Toc26799919"></a>
+			Windows Tbsi</h3>
+		</ol>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">These instructions have
+been tested for Windows 10</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The VS project defines
+TPM_WINDOWS_TBSI , so the TSS build supports the socket and hardware
+TPM interface.  Users that use only the socket interface may not want
+to install Tbsi (Windows TPM Base Services).  Undefine
+TPM_WINDOWS_TBSI.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">	Note:  To define the
+macro in Visual Studio:</p>
+<ol>
+	<li/>
+<p class="western" style="margin-bottom: 0in">View - Other
+	Windows - Property Manager</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Expand one of
+	the projects</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Expand Debug (or
+	Release if doing a release build)</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Double click
+	CommonProperties</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Expand Common
+	Properties, then C/C++, then select Preprocessor</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Next to
+	Preprocessor Definitions, click the value, then the down arrow, then
+	<Edit></p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Remove the
+	macros TPM_WINDOWS_TBSI and TPM_WINDOWS_TBSI_WIN8</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">OK, OK</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in">Note:
+ The TPM_WINDOWS_TBSI_WIN8 macro also supports Windows 10.</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in"></p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.5in; margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="5">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799920"></a>Mac</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This is a contribution.
+ I did not test it.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">install homebrew</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">install openssl
+	-> brew install openssl</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">install gawk ->
+	brew install gawk</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">set PATH of
+	shell (terminal):</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.25in; margin-bottom: 0in">PATH=/usr/local/Cellar/openssl/1.0.2m/bin/:$PATH</p>
+<p class="western" style="margin-left: 0.25in; margin-bottom: 0in">PATH=/usr/local/Cellar/gawk/4.2.0/bin/:$PATH</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-left: 0.25in; margin-bottom: 0in">Make
+this permanent by adding to a profile.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Build using
+	makefile.mac</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="6">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799921"></a>AIX</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Use gnu make (gmake),
+not make.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> cd …/utils</p>
+<p class="western" style="margin-bottom: 0in">> gmake -f
+makefile.aix</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">After building, run the
+regression test against a running Microsoft simulator.  -h gives
+help.  Since the TPM simulator does not run on AIX yet, set the TPM_SERVER_NAME
+environment variable.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> reg.sh -a</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="8">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799922"></a>
+	<font size="2" style="font-size: 11pt">Fedora</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in">This section is only
+relevant to a Fedora rpm install.  It is a work in progress and may
+not be 100% correct yet.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Prerequisite:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"># yum install rpm-build</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799923"></a>Local
+		Install</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Download the rpms:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">TBD</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Install
+	binaries:</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">the libraries -
+	/usr/lib64/libibmtss.so.0.1and the link /usr/lib64/libibmtss.so.0</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">the utilities -
+	/usr/bin/tssxxx.  Note that the installed utilities are namespaced
+	with the 'tss' prefix.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">the license -
+	/usr/share/doc/ibmtss-nnn/LICENSE</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in">#
+rpm -ivh 	ibmtss-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="2">
+	<li/>
+<p class="western" style="margin-bottom: 0in">Install
+	development headers:</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">the headers -
+	/usr/include/ibmtss 
+	</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">the library -
+	link /usr/lib64/libibmtss.so 
+	</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">this
+	documentation - /usr/share/doc/ibmtss-devel-nnn/ibmtss.doc</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in">#
+rpm -ivh	ibmtss-devel-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="3">
+	<li/>
+<p class="western" style="margin-bottom: 0in">Install debug
+	source and support</p>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="text-indent: 0.25in; margin-bottom: 0in">#
+rpm -ivh 	ibmtss-debuginfo-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799924"></a>Alternative
+		Local Install</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Erase an old version as
+needed:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"># yum erase
+ibmtss-devel-nnn-1.el6.x86_64</p>
+<p class="western" style="margin-bottom: 0in"># yum erase
+ibmtss-nnn-1.el6.x86_64</p>
+<p class="western" style="margin-bottom: 0in"># yum erase
+ibmtss-debuginfo-nnn-1.el6.x86_64</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Install (new method)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"># dnf install
+./ibmtss-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"># dnf install
+./ibmtss-devel-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"># dnf install
+./ibmtss-debuginfo-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Install (old method)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"># yum install
+./ibmtss-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"># yum install
+./ibmtss-devel-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"># yum install
+./ibmtss-debuginfo-nnn-1.el6.x86_64.rpm</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799925"></a>Repository
+		Install</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Once the packages have
+been upstreamed, use this process.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"># dnf install ibmtss</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="4">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799926"></a>Install
+		Test</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This assumes that the
+SW TPM has been installed, see this link:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><font color="#0000ff"><span lang="en-US"><u><a class="western" href="https://sourceforge.net/projects/ibmtpm20tss/?source=navbar"><span lang="en-US">https://sourceforge.net/projects/ibmtpm20tss/?source=navbar</span></a></u></span></font></p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">It also assumes that
+the regression test has been installed.  See Section 8.5.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">In reg.sh, change the
+utility prefix variable to tss.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">PREFIX=tss</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Run the regression
+test:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> cd
+~/rpmbuild/BUILD/ibmtss-nnn/utils</p>
+<p class="western" style="margin-bottom: 0in">> ./reg.sh</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="5">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799927"></a><a name="_Ref456884269"></a>
+		Source rpms</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Install source (as
+non-root user)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">> rpm -ivh
+ibmtss-nnn-1.el6.src.rpm</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The src rpm has a
+tarball and spec file.  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol start="9">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799928"></a>
+	<font size="2" style="font-size: 11pt">Status</font></h1>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799929"></a>Utilities</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The utilities serve
+several purposes:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">The utilities
+	are called by a Unix shell or bat script to form the regression
+	test.  
+	</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">The utilities
+	are sample code on how to use the TSS.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">The utilities
+	can be used in a script for rapid prototyping. 
+	</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">The regression
+	test scripts are sample code for how to use the utilities and the
+	TPM to perform multi-step tasks.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">NOTE:  The utility
+command line arguments are not stable.  They change occasionally to
+improve consistency among utilities or to add features</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The utilities currently
+do not permit all TPM command options.  Let me know what needs
+enhancement.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799930"></a>Bugs</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Please report bugs.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799931"></a>Untested</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">These may "just
+work" but they have not been tested yet.  
+</p>
+<p class="western" style="margin-bottom: 0in">Users are welcome to
+suggest ECC tests and prioritize the below list.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">ECC commands -
+	ECDH_KeyGen, ECDH_ZGen 
+	</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">PolicyLocality</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">TestParams 
+	</p>
+</ul>
+<p style="margin-left: 0.5in; margin-bottom: 0.14in; line-height: 115%">
+<br/>
+<br/>
+
+</p>
+<ol start="10">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; letter-spacing: 0.4pt; page-break-before: always"><a name="__RefHeading___Toc26799932"></a>
+	<font size="2" style="font-size: 11pt">Threading</font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The TSS is not thread
+safe.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">There are many issues
+with making a TSS thread safe, because the TPM is inherently single
+threaded.  For example:</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ul>
+	<li/>
+<p class="western" style="margin-bottom: 0in">There is only
+	one channel to a TPM.  Two threads writing bytes to a socket to a
+	resource manager or simulator, or writing bytes to the device
+	driver, will fail.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">The TPM has
+	session state that has to be coordinated with an application.  For
+	example, if a thread begins to calculate an HMAC for a session, and
+	another thread uses the session, the rolling nonces will cause the
+	first thread HMAC to fail.</p>
+	<li/>
+<p class="western" style="margin-bottom: 0in">Applications
+	have state at a higher level.  For example, if a thread begins to
+	use a key and another thread saves the key context and flushes the
+	key, the first thread's application will fail.</p>
+</ul>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">I think the best we can
+do is provide a common "TSS lock semaphore" mechanism, so
+that threads can coordinate access to the TSS using a common API.</p>
+<ol start="11">
+	<li/>
+<h1 class="western" align="justify" style="margin-top: 0.25in; margin-bottom: 0.17in; page-break-before: always"><a name="__RefHeading___Toc26799933"></a>
+	<font size="2" style="font-size: 11pt"><span style="letter-spacing: 0.4pt">Troubleshooting</span></font></h1>
+</ol>
+<p class="western" style="margin-bottom: 0in">This section includes
+some frequent issues and solutions.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol>
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799934"></a>Environment
+		Variables</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The instructions in 3.4
+Optional Customization and elsewhere are often specific to one Unix
+shell.  See your shell documentation for variations.  Windows uses
+yet another syntax.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Settings are local to
+one process (to one window).  When the process exits (when the
+windows is closed), the setting is lost.  To create a persistent
+setting, use a dotfile (Unix) or a control panel setting (Windows.)</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="2">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799935"></a>Command
+		line utilities fail on Windows 10</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">Windows blocks
+executables with the strings setup, install, update, and patch in the
+name.  Thus, TPM utilities like sequenceupdate.exe will not run.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">One work around is to
+run the commands shell as administrator.  Right click "Command
+Prompt" and select "Run as administrator".  
+</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="3">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799936"></a>OpenSSL
+		Linking on Windows</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">A failure linking with
+OpenSSL on Windows is very often caused by multiple versions of
+OpenSSL installed on the platform.  The easiest solution is to run
+the uninstaller, delete all the OpenSSL directories, and then install
+just once.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The Windows 10 crypto
+library has function names that clash with OpenSSL, particularly in
+the area of X.509 support.  Visual Studio includes it by default when
+using.  To remove those headers, define WIN32_LEAN_AND_MEAN.  Use the
+command line utilities as samples.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<ol>
+	<ol start="4">
+		<li/>
+<h2 class="western"><a name="__RefHeading___Toc26799937"></a>Loaded
+		objects (keys) disappear</h2>
+	</ol>
+</ol>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">If an object such as a
+key is loaded successfully in a script but then seems to disappear,
+it is likely the interaction with the resource manager.  The resource
+manager detects that the process (one line of the script) exits and
+then frees all allocated resources.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">This occurs with a
+hardware TPM - always on Windows and with Linux when connecting to
+/dev/tpmrm0.  It will not occur when connecting directly with a
+software TPM or a hardware TPM at /dev/tpm0, which bypasses the
+resource manager.  It will also not occur once the prototyping script
+is replaced by an executable that does not close the connection after
+each TPM command.</p>
+<p class="western" style="margin-bottom: 0in"><br/>
+
+</p>
+<p class="western" style="margin-bottom: 0in">The solution is to use
+a proxy, which keeps the TPM connection alive. See section 4.7 Connecting to Resource Managers.</p>
+<p class="western" style="margin-bottom: 0in; display: none"><a name="_PictureBullets"></a>
+<br/>
+
+</p>
+<div title="footer">
+	<p style="margin-top: 0.46in; margin-bottom: 0in"><font size="3" style="font-size: 11pt">	Page
+	<sdfield type=PAGE subtype=RANDOM format=PAGE>44</sdfield>	</font></p>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/m4/.keepdir b/m4/.keepdir
new file mode 100644
index 000000000..e69de29bb
diff --git a/tpmutils/CommonProperties.props b/tpmutils/CommonProperties.props
new file mode 100644
index 000000000..5ee9f0957
--- /dev/null
+++ b/tpmutils/CommonProperties.props
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_PropertySheetDisplayName>CommonProperties</_PropertySheetDisplayName>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <AdditionalIncludeDirectories>c:/program files/openssl/include;../../utils</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>TPM_WINDOWS;TPM_TPM20;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;TPM_ENCRYPT_SESSIONS_DEFAULT="0";TPM_WINDOWS_TBSI;TPM_WINDOWS_TBSI_WIN8;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>libcrypto32mdd.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>c:\program files\openssl\lib\vc</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup />
+</Project>
\ No newline at end of file
diff --git a/tpmutils/CommonPropertiesRelease.props b/tpmutils/CommonPropertiesRelease.props
new file mode 100644
index 000000000..ad3d34c53
--- /dev/null
+++ b/tpmutils/CommonPropertiesRelease.props
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <AdditionalIncludeDirectories>c:/program files/openssl/include;../../utils</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>TPM_WINDOWS;TPM_TPM20;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;TPM_ENCRYPT_SESSIONS_DEFAULT="0";TPM_WINDOWS_TBSI;TPM_WINDOWS_TBSI_WIN8;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>libcrypto32md.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>c:\program files\openssl\lib\vc</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup />
+</Project>
\ No newline at end of file
diff --git a/tpmutils/activatecredential/activatecredential.vcxproj b/tpmutils/activatecredential/activatecredential.vcxproj
new file mode 100644
index 000000000..b6f343f21
--- /dev/null
+++ b/tpmutils/activatecredential/activatecredential.vcxproj
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A2B17262-A3C2-4048-A82B-4C89875AD9D0}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>activatecredential</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\activatecredential.c" />
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/activatecredential/activatecredential.vcxproj.filters b/tpmutils/activatecredential/activatecredential.vcxproj.filters
new file mode 100644
index 000000000..bc18ff6a2
--- /dev/null
+++ b/tpmutils/activatecredential/activatecredential.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\activatecredential.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/certify/certify.vcxproj b/tpmutils/certify/certify.vcxproj
new file mode 100644
index 000000000..2f52021cb
--- /dev/null
+++ b/tpmutils/certify/certify.vcxproj
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>certify</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\certify.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/certify/certify.vcxproj.filters b/tpmutils/certify/certify.vcxproj.filters
new file mode 100644
index 000000000..e86008402
--- /dev/null
+++ b/tpmutils/certify/certify.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\certify.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/certifycreation/certifycreation.vcxproj b/tpmutils/certifycreation/certifycreation.vcxproj
new file mode 100644
index 000000000..c1500fd9c
--- /dev/null
+++ b/tpmutils/certifycreation/certifycreation.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\certifycreation.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>certifycreation</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/certifycreation/certifycreation.vcxproj.filters b/tpmutils/certifycreation/certifycreation.vcxproj.filters
new file mode 100644
index 000000000..17fdd8a4d
--- /dev/null
+++ b/tpmutils/certifycreation/certifycreation.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\certifycreation.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/certifyx509/certifyx509.vcxproj b/tpmutils/certifyx509/certifyx509.vcxproj
new file mode 100644
index 000000000..e0bed5d41
--- /dev/null
+++ b/tpmutils/certifyx509/certifyx509.vcxproj
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\certifyx509.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{2B9406B7-5843-4495-9BAB-E80F95F54DE3}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>certifyx509</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>
+      </PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>
+      </PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/certifyx509/certifyx509.vcxproj.filters b/tpmutils/certifyx509/certifyx509.vcxproj.filters
new file mode 100644
index 000000000..4dd1ea07f
--- /dev/null
+++ b/tpmutils/certifyx509/certifyx509.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\certifyx509.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/changeeps/changeeps.vcxproj b/tpmutils/changeeps/changeeps.vcxproj
new file mode 100644
index 000000000..d80e38236
--- /dev/null
+++ b/tpmutils/changeeps/changeeps.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{3DA913E8-EF9B-4B9C-8847-D7618BC07551}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>changeeps</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\changeeps.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/changeeps/changeeps.vcxproj.filters b/tpmutils/changeeps/changeeps.vcxproj.filters
new file mode 100644
index 000000000..eeee3434a
--- /dev/null
+++ b/tpmutils/changeeps/changeeps.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\changeeps.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/changepps/changepps.vcxproj b/tpmutils/changepps/changepps.vcxproj
new file mode 100644
index 000000000..2a3ad324f
--- /dev/null
+++ b/tpmutils/changepps/changepps.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>changepps</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\changepps.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/changepps/changepps.vcxproj.filters b/tpmutils/changepps/changepps.vcxproj.filters
new file mode 100644
index 000000000..d447ad3ef
--- /dev/null
+++ b/tpmutils/changepps/changepps.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\changepps.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clear/clear.vcxproj b/tpmutils/clear/clear.vcxproj
new file mode 100644
index 000000000..fabab7f3e
--- /dev/null
+++ b/tpmutils/clear/clear.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D44D7554-7B47-4651-8011-10C821E2C313}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>clear</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\clear.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clear/clear.vcxproj.filters b/tpmutils/clear/clear.vcxproj.filters
new file mode 100644
index 000000000..76ff399ff
--- /dev/null
+++ b/tpmutils/clear/clear.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\clear.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clearcontrol/clearcontrol.vcxproj b/tpmutils/clearcontrol/clearcontrol.vcxproj
new file mode 100644
index 000000000..a4c888ba4
--- /dev/null
+++ b/tpmutils/clearcontrol/clearcontrol.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>clearcontrol</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\clearcontrol.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clearcontrol/clearcontrol.vcxproj.filters b/tpmutils/clearcontrol/clearcontrol.vcxproj.filters
new file mode 100644
index 000000000..1fe5df117
--- /dev/null
+++ b/tpmutils/clearcontrol/clearcontrol.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\clearcontrol.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clockrateadjust/clockrateadjust.vcxproj b/tpmutils/clockrateadjust/clockrateadjust.vcxproj
new file mode 100644
index 000000000..f3bad95a2
--- /dev/null
+++ b/tpmutils/clockrateadjust/clockrateadjust.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{6BB93AB7-5574-49C8-B248-CCA85638C2F1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>clockrateadjust</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\clockrateadjust.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clockrateadjust/clockrateadjust.vcxproj.filters b/tpmutils/clockrateadjust/clockrateadjust.vcxproj.filters
new file mode 100644
index 000000000..2ee6d5f05
--- /dev/null
+++ b/tpmutils/clockrateadjust/clockrateadjust.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\clockrateadjust.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clockset/clockset.vcxproj b/tpmutils/clockset/clockset.vcxproj
new file mode 100644
index 000000000..335bf35e4
--- /dev/null
+++ b/tpmutils/clockset/clockset.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>clockset</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\clockset.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/clockset/clockset.vcxproj.filters b/tpmutils/clockset/clockset.vcxproj.filters
new file mode 100644
index 000000000..ecfbd802f
--- /dev/null
+++ b/tpmutils/clockset/clockset.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\clockset.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/commit/commit.vcxproj b/tpmutils/commit/commit.vcxproj
new file mode 100644
index 000000000..13afa3e6a
--- /dev/null
+++ b/tpmutils/commit/commit.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>commit</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\commit.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/commit/commit.vcxproj.filters b/tpmutils/commit/commit.vcxproj.filters
new file mode 100644
index 000000000..647b10283
--- /dev/null
+++ b/tpmutils/commit/commit.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\commit.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/contextload/contextload.vcxproj b/tpmutils/contextload/contextload.vcxproj
new file mode 100644
index 000000000..f0bdb0b5d
--- /dev/null
+++ b/tpmutils/contextload/contextload.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{BA6A5695-C1B4-4F1F-B794-8D67131443DF}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>contextload</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\contextload.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/contextload/contextload.vcxproj.filters b/tpmutils/contextload/contextload.vcxproj.filters
new file mode 100644
index 000000000..d7590ce31
--- /dev/null
+++ b/tpmutils/contextload/contextload.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\contextload.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/contextsave/contextsave.vcxproj b/tpmutils/contextsave/contextsave.vcxproj
new file mode 100644
index 000000000..856c4e056
--- /dev/null
+++ b/tpmutils/contextsave/contextsave.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>contextsave</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\contextsave.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/contextsave/contextsave.vcxproj.filters b/tpmutils/contextsave/contextsave.vcxproj.filters
new file mode 100644
index 000000000..09ea60039
--- /dev/null
+++ b/tpmutils/contextsave/contextsave.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\contextsave.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/create/create.vcxproj b/tpmutils/create/create.vcxproj
new file mode 100644
index 000000000..500d133a6
--- /dev/null
+++ b/tpmutils/create/create.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{FE0A477A-54D2-4E00-BB87-643E132DA180}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>create</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\create.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\objecttemplates.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/create/create.vcxproj.filters b/tpmutils/create/create.vcxproj.filters
new file mode 100644
index 000000000..4291d6cc7
--- /dev/null
+++ b/tpmutils/create/create.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\create.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\objecttemplates.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createek/createek.vcxproj b/tpmutils/createek/createek.vcxproj
new file mode 100644
index 000000000..6e06acd47
--- /dev/null
+++ b/tpmutils/createek/createek.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{658E9EB7-092C-42C3-8279-BDC65A1D0963}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>createek</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\createek.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createek/createek.vcxproj.filters b/tpmutils/createek/createek.vcxproj.filters
new file mode 100644
index 000000000..6e569abef
--- /dev/null
+++ b/tpmutils/createek/createek.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\createek.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createekcert/createekcert.vcxproj b/tpmutils/createekcert/createekcert.vcxproj
new file mode 100644
index 000000000..725e2b71b
--- /dev/null
+++ b/tpmutils/createekcert/createekcert.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{9D496A11-66C3-46EA-98B6-4D25034535DE}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>createekcert</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\createekcert.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createekcert/createekcert.vcxproj.filters b/tpmutils/createekcert/createekcert.vcxproj.filters
new file mode 100644
index 000000000..ff63c271d
--- /dev/null
+++ b/tpmutils/createekcert/createekcert.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\createekcert.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createloaded/createloaded.vcxproj b/tpmutils/createloaded/createloaded.vcxproj
new file mode 100644
index 000000000..e3ff12165
--- /dev/null
+++ b/tpmutils/createloaded/createloaded.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{0050296D-12F4-410B-A1FE-FA3A53F81B6A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>createloaded</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\createloaded.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\objecttemplates.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createloaded/createloaded.vcxproj.filters b/tpmutils/createloaded/createloaded.vcxproj.filters
new file mode 100644
index 000000000..aedbdc84b
--- /dev/null
+++ b/tpmutils/createloaded/createloaded.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\createloaded.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\objecttemplates.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createprimary/createprimary.vcxproj b/tpmutils/createprimary/createprimary.vcxproj
new file mode 100644
index 000000000..943a00094
--- /dev/null
+++ b/tpmutils/createprimary/createprimary.vcxproj
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{5B976902-A648-4C53-9369-6C1F8C6005E9}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>createprimary</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>c:/program files/openssl/include;../../utils</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\createprimary.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\objecttemplates.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/createprimary/createprimary.vcxproj.filters b/tpmutils/createprimary/createprimary.vcxproj.filters
new file mode 100644
index 000000000..968c70a10
--- /dev/null
+++ b/tpmutils/createprimary/createprimary.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\createprimary.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\objecttemplates.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj b/tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj
new file mode 100644
index 000000000..7061fc28d
--- /dev/null
+++ b/tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{FAE34595-8E6A-445B-AE74-1BD06A45A70A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>dictionaryattacklockreset</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\dictionaryattacklockreset.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj.filters b/tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj.filters
new file mode 100644
index 000000000..4c6016b4f
--- /dev/null
+++ b/tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\dictionaryattacklockreset.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj b/tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj
new file mode 100644
index 000000000..1fa1d349b
--- /dev/null
+++ b/tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>dictionaryattackparameters</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\dictionaryattackparameters.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj.filters b/tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj.filters
new file mode 100644
index 000000000..8609d85a0
--- /dev/null
+++ b/tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\dictionaryattackparameters.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/duplicate/duplicate.vcxproj b/tpmutils/duplicate/duplicate.vcxproj
new file mode 100644
index 000000000..1c2d26bc3
--- /dev/null
+++ b/tpmutils/duplicate/duplicate.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>duplicate</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\duplicate.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/duplicate/duplicate.vcxproj.filters b/tpmutils/duplicate/duplicate.vcxproj.filters
new file mode 100644
index 000000000..e779db88e
--- /dev/null
+++ b/tpmutils/duplicate/duplicate.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\duplicate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/eccparameters/eccparameters.vcxproj b/tpmutils/eccparameters/eccparameters.vcxproj
new file mode 100644
index 000000000..1c127a5fc
--- /dev/null
+++ b/tpmutils/eccparameters/eccparameters.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{CBD90144-0832-4864-A083-752E10180168}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>eccparameters</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\eccparameters.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/eccparameters/eccparameters.vcxproj.filters b/tpmutils/eccparameters/eccparameters.vcxproj.filters
new file mode 100644
index 000000000..a6eec5387
--- /dev/null
+++ b/tpmutils/eccparameters/eccparameters.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\eccparameters.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/ecephemeral/ecephemeral.vcxproj b/tpmutils/ecephemeral/ecephemeral.vcxproj
new file mode 100644
index 000000000..e8e672a42
--- /dev/null
+++ b/tpmutils/ecephemeral/ecephemeral.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>ecephemeral</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ecephemeral.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/ecephemeral/ecephemeral.vcxproj.filters b/tpmutils/ecephemeral/ecephemeral.vcxproj.filters
new file mode 100644
index 000000000..501bd49fe
--- /dev/null
+++ b/tpmutils/ecephemeral/ecephemeral.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\ecephemeral.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/encryptdecrypt/encryptdecrypt.vcxproj b/tpmutils/encryptdecrypt/encryptdecrypt.vcxproj
new file mode 100644
index 000000000..b36b8782d
--- /dev/null
+++ b/tpmutils/encryptdecrypt/encryptdecrypt.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>encryptdecrypt</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\encryptdecrypt.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/encryptdecrypt/encryptdecrypt.vcxproj.filters b/tpmutils/encryptdecrypt/encryptdecrypt.vcxproj.filters
new file mode 100644
index 000000000..fb20d61fd
--- /dev/null
+++ b/tpmutils/encryptdecrypt/encryptdecrypt.vcxproj.filters
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\encryptdecrypt.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/eventextend/eventextend.vcxproj b/tpmutils/eventextend/eventextend.vcxproj
new file mode 100644
index 000000000..45e8b43e6
--- /dev/null
+++ b/tpmutils/eventextend/eventextend.vcxproj
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\eventextend.c" />
+    <ClCompile Include="..\..\utils\eventlib.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>eventextend</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/eventextend/eventextend.vcxproj.filters b/tpmutils/eventextend/eventextend.vcxproj.filters
new file mode 100644
index 000000000..c2b8983e1
--- /dev/null
+++ b/tpmutils/eventextend/eventextend.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\eventextend.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\eventlib.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj b/tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj
new file mode 100644
index 000000000..66e2a2701
--- /dev/null
+++ b/tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>eventsequencecomplete</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\eventsequencecomplete.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj.filters b/tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj.filters
new file mode 100644
index 000000000..82fc6f11e
--- /dev/null
+++ b/tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\eventsequencecomplete.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/evictcontrol/evictcontrol.vcxproj b/tpmutils/evictcontrol/evictcontrol.vcxproj
new file mode 100644
index 000000000..f5b956d28
--- /dev/null
+++ b/tpmutils/evictcontrol/evictcontrol.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>evictcontrol</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\evictcontrol.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/evictcontrol/evictcontrol.vcxproj.filters b/tpmutils/evictcontrol/evictcontrol.vcxproj.filters
new file mode 100644
index 000000000..471223d6b
--- /dev/null
+++ b/tpmutils/evictcontrol/evictcontrol.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\evictcontrol.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/flushcontext/flushcontext.vcxproj b/tpmutils/flushcontext/flushcontext.vcxproj
new file mode 100644
index 000000000..579fe03b0
--- /dev/null
+++ b/tpmutils/flushcontext/flushcontext.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A8378417-7874-4B9E-98E6-C11A3EFB536D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>flushcontext</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="..\CommonProperties.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\flushcontext.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/flushcontext/flushcontext.vcxproj.filters b/tpmutils/flushcontext/flushcontext.vcxproj.filters
new file mode 100644
index 000000000..14c956f80
--- /dev/null
+++ b/tpmutils/flushcontext/flushcontext.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\flushcontext.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getcapability/getcapability.vcxproj b/tpmutils/getcapability/getcapability.vcxproj
new file mode 100644
index 000000000..1036bb5b6
--- /dev/null
+++ b/tpmutils/getcapability/getcapability.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C6A4DBDA-8D62-4D64-8819-29B114F72201}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>getcapability</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\getcapability.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getcapability/getcapability.vcxproj.filters b/tpmutils/getcapability/getcapability.vcxproj.filters
new file mode 100644
index 000000000..79e958a59
--- /dev/null
+++ b/tpmutils/getcapability/getcapability.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\getcapability.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj b/tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj
new file mode 100644
index 000000000..6c20ad65b
--- /dev/null
+++ b/tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>getcommandauditdigest</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\getcommandauditdigest.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj.filters b/tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj.filters
new file mode 100644
index 000000000..2ac38c8ec
--- /dev/null
+++ b/tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\getcommandauditdigest.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getcryptolibrary/getcryptolibrary.vcxproj b/tpmutils/getcryptolibrary/getcryptolibrary.vcxproj
new file mode 100644
index 000000000..299d7eda3
--- /dev/null
+++ b/tpmutils/getcryptolibrary/getcryptolibrary.vcxproj
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{D95B2CAA-2548-41BE-AA63-49A6B0A39630}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>getcryptolibrary</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\getcryptolibrary.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getcryptolibrary/getcryptolibrary.vcxproj.filters b/tpmutils/getcryptolibrary/getcryptolibrary.vcxproj.filters
new file mode 100644
index 000000000..067d2ad8d
--- /dev/null
+++ b/tpmutils/getcryptolibrary/getcryptolibrary.vcxproj.filters
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\getcryptolibrary.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getrandom/getrandom.vcxproj b/tpmutils/getrandom/getrandom.vcxproj
new file mode 100644
index 000000000..e3f30fedb
--- /dev/null
+++ b/tpmutils/getrandom/getrandom.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>getrandom</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\getrandom.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getrandom/getrandom.vcxproj.filters b/tpmutils/getrandom/getrandom.vcxproj.filters
new file mode 100644
index 000000000..6b069e527
--- /dev/null
+++ b/tpmutils/getrandom/getrandom.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\getrandom.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj b/tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj
new file mode 100644
index 000000000..4c225e95c
--- /dev/null
+++ b/tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>getsessionauditdigest</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\getsessionauditdigest.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj.filters b/tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj.filters
new file mode 100644
index 000000000..d1035d5fd
--- /dev/null
+++ b/tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\getsessionauditdigest.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/gettestresult/gettestresult.vcxproj b/tpmutils/gettestresult/gettestresult.vcxproj
new file mode 100644
index 000000000..dee163eb5
--- /dev/null
+++ b/tpmutils/gettestresult/gettestresult.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{3E021AA6-EC72-4D1E-96D1-004262224985}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>gettestresult</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\gettestresult.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/gettestresult/gettestresult.vcxproj.filters b/tpmutils/gettestresult/gettestresult.vcxproj.filters
new file mode 100644
index 000000000..efa643b3d
--- /dev/null
+++ b/tpmutils/gettestresult/gettestresult.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\gettestresult.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/gettime/gettime.vcxproj b/tpmutils/gettime/gettime.vcxproj
new file mode 100644
index 000000000..93307a800
--- /dev/null
+++ b/tpmutils/gettime/gettime.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{FD53EE1E-5408-4389-B316-8195455A1D66}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>gettime</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\gettime.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/gettime/gettime.vcxproj.filters b/tpmutils/gettime/gettime.vcxproj.filters
new file mode 100644
index 000000000..41e1bba96
--- /dev/null
+++ b/tpmutils/gettime/gettime.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\gettime.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hash/hash.vcxproj b/tpmutils/hash/hash.vcxproj
new file mode 100644
index 000000000..f1874b394
--- /dev/null
+++ b/tpmutils/hash/hash.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>hash</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\hash.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hash/hash.vcxproj.filters b/tpmutils/hash/hash.vcxproj.filters
new file mode 100644
index 000000000..325bb3332
--- /dev/null
+++ b/tpmutils/hash/hash.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\hash.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hashsequencestart/hashsequencestart.vcxproj b/tpmutils/hashsequencestart/hashsequencestart.vcxproj
new file mode 100644
index 000000000..92c43ea17
--- /dev/null
+++ b/tpmutils/hashsequencestart/hashsequencestart.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>hashsequencestart</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\hashsequencestart.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hashsequencestart/hashsequencestart.vcxproj.filters b/tpmutils/hashsequencestart/hashsequencestart.vcxproj.filters
new file mode 100644
index 000000000..592847cf3
--- /dev/null
+++ b/tpmutils/hashsequencestart/hashsequencestart.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\hashsequencestart.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj b/tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj
new file mode 100644
index 000000000..fa1dc259e
--- /dev/null
+++ b/tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{FF78859F-AA3A-406C-94DE-8B8EC61E2691}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>hierarchychangeauth</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\hierarchychangeauth.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj.filters b/tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj.filters
new file mode 100644
index 000000000..d8998694e
--- /dev/null
+++ b/tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\hierarchychangeauth.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hierarchycontrol/hierarchycontrol.vcxproj b/tpmutils/hierarchycontrol/hierarchycontrol.vcxproj
new file mode 100644
index 000000000..273796008
--- /dev/null
+++ b/tpmutils/hierarchycontrol/hierarchycontrol.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1E7F8857-8635-4861-BCC0-FD074CC7A32B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>hierarchycontrol</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\hierarchycontrol.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hierarchycontrol/hierarchycontrol.vcxproj.filters b/tpmutils/hierarchycontrol/hierarchycontrol.vcxproj.filters
new file mode 100644
index 000000000..1d02b9cb6
--- /dev/null
+++ b/tpmutils/hierarchycontrol/hierarchycontrol.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\hierarchycontrol.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hmac/hmac.vcxproj b/tpmutils/hmac/hmac.vcxproj
new file mode 100644
index 000000000..e4e44d2ee
--- /dev/null
+++ b/tpmutils/hmac/hmac.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>hmac</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\hmac.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hmac/hmac.vcxproj.filters b/tpmutils/hmac/hmac.vcxproj.filters
new file mode 100644
index 000000000..8e2c6a57a
--- /dev/null
+++ b/tpmutils/hmac/hmac.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\hmac.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hmacstart/hmacstart.vcxproj b/tpmutils/hmacstart/hmacstart.vcxproj
new file mode 100644
index 000000000..9893bf51c
--- /dev/null
+++ b/tpmutils/hmacstart/hmacstart.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>hmacstart</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\hmacstart.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/hmacstart/hmacstart.vcxproj.filters b/tpmutils/hmacstart/hmacstart.vcxproj.filters
new file mode 100644
index 000000000..662af2e84
--- /dev/null
+++ b/tpmutils/hmacstart/hmacstart.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\hmacstart.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/import/import.vcxproj b/tpmutils/import/import.vcxproj
new file mode 100644
index 000000000..b89a5f397
--- /dev/null
+++ b/tpmutils/import/import.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{EBA425BE-67E2-4439-B330-56F441CC4C65}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>import</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\import.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/import/import.vcxproj.filters b/tpmutils/import/import.vcxproj.filters
new file mode 100644
index 000000000..a97db3ba6
--- /dev/null
+++ b/tpmutils/import/import.vcxproj.filters
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{49ee9c1b-538d-4725-b7d8-d0e9ab28e88f}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\import.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/importpem/importpem.vcxproj b/tpmutils/importpem/importpem.vcxproj
new file mode 100644
index 000000000..13fdc7b98
--- /dev/null
+++ b/tpmutils/importpem/importpem.vcxproj
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+    <ClCompile Include="..\..\utils\importpem.c" />
+    <ClCompile Include="..\..\utils\objecttemplates.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>importpem</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/importpem/importpem.vcxproj.filters b/tpmutils/importpem/importpem.vcxproj.filters
new file mode 100644
index 000000000..5210e4023
--- /dev/null
+++ b/tpmutils/importpem/importpem.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\importpem.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\objecttemplates.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/load/load.vcxproj b/tpmutils/load/load.vcxproj
new file mode 100644
index 000000000..2d16f0c79
--- /dev/null
+++ b/tpmutils/load/load.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{DF3F6BC5-C990-47F1-8567-2509D8FD983D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>load</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\load.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/load/load.vcxproj.filters b/tpmutils/load/load.vcxproj.filters
new file mode 100644
index 000000000..fe9dbabea
--- /dev/null
+++ b/tpmutils/load/load.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\load.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/loadexternal/loadexternal.vcxproj b/tpmutils/loadexternal/loadexternal.vcxproj
new file mode 100644
index 000000000..208bcf369
--- /dev/null
+++ b/tpmutils/loadexternal/loadexternal.vcxproj
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>loadexternal</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+    <ClCompile Include="..\..\utils\loadexternal.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/loadexternal/loadexternal.vcxproj.filters b/tpmutils/loadexternal/loadexternal.vcxproj.filters
new file mode 100644
index 000000000..b7af60112
--- /dev/null
+++ b/tpmutils/loadexternal/loadexternal.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\loadexternal.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/makecredential/makecredential.vcxproj b/tpmutils/makecredential/makecredential.vcxproj
new file mode 100644
index 000000000..8b9b78dc8
--- /dev/null
+++ b/tpmutils/makecredential/makecredential.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E3BB242A-89DE-4EDF-B121-3557FB35A230}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>makecredential</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\makecredential.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/makecredential/makecredential.vcxproj.filters b/tpmutils/makecredential/makecredential.vcxproj.filters
new file mode 100644
index 000000000..caef5bc50
--- /dev/null
+++ b/tpmutils/makecredential/makecredential.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\makecredential.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvcertify/nvcertify.vcxproj b/tpmutils/nvcertify/nvcertify.vcxproj
new file mode 100644
index 000000000..2642862d7
--- /dev/null
+++ b/tpmutils/nvcertify/nvcertify.vcxproj
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvcertify</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvcertify.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvcertify/nvcertify.vcxproj.filters b/tpmutils/nvcertify/nvcertify.vcxproj.filters
new file mode 100644
index 000000000..5f70c2a2e
--- /dev/null
+++ b/tpmutils/nvcertify/nvcertify.vcxproj.filters
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="targetver.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvcertify.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvchangeauth/nvchangeauth.vcxproj b/tpmutils/nvchangeauth/nvchangeauth.vcxproj
new file mode 100644
index 000000000..0b0c2b0eb
--- /dev/null
+++ b/tpmutils/nvchangeauth/nvchangeauth.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvchangeauth</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvchangeauth.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvchangeauth/nvchangeauth.vcxproj.filters b/tpmutils/nvchangeauth/nvchangeauth.vcxproj.filters
new file mode 100644
index 000000000..6df539ab0
--- /dev/null
+++ b/tpmutils/nvchangeauth/nvchangeauth.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvchangeauth.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvdefinespace/nvdefinespace.vcxproj b/tpmutils/nvdefinespace/nvdefinespace.vcxproj
new file mode 100644
index 000000000..a0e119bc1
--- /dev/null
+++ b/tpmutils/nvdefinespace/nvdefinespace.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvdefinespace</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvdefinespace.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvdefinespace/nvdefinespace.vcxproj.filters b/tpmutils/nvdefinespace/nvdefinespace.vcxproj.filters
new file mode 100644
index 000000000..c49f994be
--- /dev/null
+++ b/tpmutils/nvdefinespace/nvdefinespace.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvdefinespace.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvextend/nvextend.vcxproj b/tpmutils/nvextend/nvextend.vcxproj
new file mode 100644
index 000000000..03f0521cb
--- /dev/null
+++ b/tpmutils/nvextend/nvextend.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvextend</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvextend.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvextend/nvextend.vcxproj.filters b/tpmutils/nvextend/nvextend.vcxproj.filters
new file mode 100644
index 000000000..ab18faa48
--- /dev/null
+++ b/tpmutils/nvextend/nvextend.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvextend.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj b/tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj
new file mode 100644
index 000000000..a31088d30
--- /dev/null
+++ b/tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7E993D77-3B0B-40B1-BEA8-CE06926D3862}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvglobalwritelock</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvglobalwritelock.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj.filters b/tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj.filters
new file mode 100644
index 000000000..26fb4f349
--- /dev/null
+++ b/tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvglobalwritelock.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvincrement/nvincrement.vcxproj b/tpmutils/nvincrement/nvincrement.vcxproj
new file mode 100644
index 000000000..e4d3b5465
--- /dev/null
+++ b/tpmutils/nvincrement/nvincrement.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{17C7B6D4-B608-4892-8E7C-F32AAF102D46}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvincrement</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvincrement.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvincrement/nvincrement.vcxproj.filters b/tpmutils/nvincrement/nvincrement.vcxproj.filters
new file mode 100644
index 000000000..19af940fe
--- /dev/null
+++ b/tpmutils/nvincrement/nvincrement.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvincrement.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvread/nvread.vcxproj b/tpmutils/nvread/nvread.vcxproj
new file mode 100644
index 000000000..472e7e0d8
--- /dev/null
+++ b/tpmutils/nvread/nvread.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvread</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+    <ClCompile Include="..\..\utils\nvread.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvread/nvread.vcxproj.filters b/tpmutils/nvread/nvread.vcxproj.filters
new file mode 100644
index 000000000..ddf17ae2f
--- /dev/null
+++ b/tpmutils/nvread/nvread.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvread.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvreadlock/nvreadlock.vcxproj b/tpmutils/nvreadlock/nvreadlock.vcxproj
new file mode 100644
index 000000000..d6fefbb46
--- /dev/null
+++ b/tpmutils/nvreadlock/nvreadlock.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvreadlock</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvreadlock.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvreadlock/nvreadlock.vcxproj.filters b/tpmutils/nvreadlock/nvreadlock.vcxproj.filters
new file mode 100644
index 000000000..be1d2205a
--- /dev/null
+++ b/tpmutils/nvreadlock/nvreadlock.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvreadlock.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvreadpublic/nvreadpublic.vcxproj b/tpmutils/nvreadpublic/nvreadpublic.vcxproj
new file mode 100644
index 000000000..89d512808
--- /dev/null
+++ b/tpmutils/nvreadpublic/nvreadpublic.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{54BF993C-8B54-43EE-AAB3-1AB96FC59778}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvreadpublic</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvreadpublic.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvreadpublic/nvreadpublic.vcxproj.filters b/tpmutils/nvreadpublic/nvreadpublic.vcxproj.filters
new file mode 100644
index 000000000..02906e80c
--- /dev/null
+++ b/tpmutils/nvreadpublic/nvreadpublic.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvreadpublic.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvsetbits/nvsetbits.vcxproj b/tpmutils/nvsetbits/nvsetbits.vcxproj
new file mode 100644
index 000000000..fe5a9a360
--- /dev/null
+++ b/tpmutils/nvsetbits/nvsetbits.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{64792A11-D813-45AF-BE32-2C7FBFA37F30}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvsetbits</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvsetbits.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvsetbits/nvsetbits.vcxproj.filters b/tpmutils/nvsetbits/nvsetbits.vcxproj.filters
new file mode 100644
index 000000000..5dcbf6aac
--- /dev/null
+++ b/tpmutils/nvsetbits/nvsetbits.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvsetbits.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvundefinespace/nvundefinespace.vcxproj b/tpmutils/nvundefinespace/nvundefinespace.vcxproj
new file mode 100644
index 000000000..ca3f6c2b1
--- /dev/null
+++ b/tpmutils/nvundefinespace/nvundefinespace.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvundefinespace</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvundefinespace.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvundefinespace/nvundefinespace.vcxproj.filters b/tpmutils/nvundefinespace/nvundefinespace.vcxproj.filters
new file mode 100644
index 000000000..3293abaea
--- /dev/null
+++ b/tpmutils/nvundefinespace/nvundefinespace.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvundefinespace.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj b/tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj
new file mode 100644
index 000000000..37ddab21e
--- /dev/null
+++ b/tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvundefinespacespecial</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvundefinespacespecial.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj.filters b/tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj.filters
new file mode 100644
index 000000000..9c1b0afa3
--- /dev/null
+++ b/tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvundefinespacespecial.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvwrite/nvwrite.vcxproj b/tpmutils/nvwrite/nvwrite.vcxproj
new file mode 100644
index 000000000..d254962fb
--- /dev/null
+++ b/tpmutils/nvwrite/nvwrite.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D75A1275-02E7-4A31-828D-AA01C3EBA71E}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvwrite</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+    <ClCompile Include="..\..\utils\nvwrite.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvwrite/nvwrite.vcxproj.filters b/tpmutils/nvwrite/nvwrite.vcxproj.filters
new file mode 100644
index 000000000..1ea7b205b
--- /dev/null
+++ b/tpmutils/nvwrite/nvwrite.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvwrite.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvwritelock/nvwritelock.vcxproj b/tpmutils/nvwritelock/nvwritelock.vcxproj
new file mode 100644
index 000000000..275c56f5c
--- /dev/null
+++ b/tpmutils/nvwritelock/nvwritelock.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D28C2783-E07C-45FC-B893-E4E27C015849}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>nvwritelock</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\nvwritelock.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/nvwritelock/nvwritelock.vcxproj.filters b/tpmutils/nvwritelock/nvwritelock.vcxproj.filters
new file mode 100644
index 000000000..7575afd5d
--- /dev/null
+++ b/tpmutils/nvwritelock/nvwritelock.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\nvwritelock.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/objectchangeauth/objectchangeauth.vcxproj b/tpmutils/objectchangeauth/objectchangeauth.vcxproj
new file mode 100644
index 000000000..cd6ebbc83
--- /dev/null
+++ b/tpmutils/objectchangeauth/objectchangeauth.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{74D62780-8014-4995-8F98-0E971CDBC654}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>objectchangeauth</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\objectchangeauth.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/objectchangeauth/objectchangeauth.vcxproj.filters b/tpmutils/objectchangeauth/objectchangeauth.vcxproj.filters
new file mode 100644
index 000000000..4c81d53ae
--- /dev/null
+++ b/tpmutils/objectchangeauth/objectchangeauth.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\objectchangeauth.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrallocate/pcrallocate.vcxproj b/tpmutils/pcrallocate/pcrallocate.vcxproj
new file mode 100644
index 000000000..5576cff38
--- /dev/null
+++ b/tpmutils/pcrallocate/pcrallocate.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>pcrallocate</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\pcrallocate.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrallocate/pcrallocate.vcxproj.filters b/tpmutils/pcrallocate/pcrallocate.vcxproj.filters
new file mode 100644
index 000000000..2e092aecf
--- /dev/null
+++ b/tpmutils/pcrallocate/pcrallocate.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\pcrallocate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrevent/pcrevent.vcxproj b/tpmutils/pcrevent/pcrevent.vcxproj
new file mode 100644
index 000000000..026453035
--- /dev/null
+++ b/tpmutils/pcrevent/pcrevent.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>pcrevent</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\pcrevent.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrevent/pcrevent.vcxproj.filters b/tpmutils/pcrevent/pcrevent.vcxproj.filters
new file mode 100644
index 000000000..e3d45fbff
--- /dev/null
+++ b/tpmutils/pcrevent/pcrevent.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\pcrevent.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrextend/pcrextend.vcxproj b/tpmutils/pcrextend/pcrextend.vcxproj
new file mode 100644
index 000000000..937ba21fd
--- /dev/null
+++ b/tpmutils/pcrextend/pcrextend.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>pcrextend</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\pcrextend.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrextend/pcrextend.vcxproj.filters b/tpmutils/pcrextend/pcrextend.vcxproj.filters
new file mode 100644
index 000000000..819b46e9e
--- /dev/null
+++ b/tpmutils/pcrextend/pcrextend.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\pcrextend.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrread/pcrread.vcxproj b/tpmutils/pcrread/pcrread.vcxproj
new file mode 100644
index 000000000..b390c11f0
--- /dev/null
+++ b/tpmutils/pcrread/pcrread.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>pcrread</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\pcrread.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrread/pcrread.vcxproj.filters b/tpmutils/pcrread/pcrread.vcxproj.filters
new file mode 100644
index 000000000..e41822c5a
--- /dev/null
+++ b/tpmutils/pcrread/pcrread.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\pcrread.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrreset/pcrreset.vcxproj b/tpmutils/pcrreset/pcrreset.vcxproj
new file mode 100644
index 000000000..85e94d9c8
--- /dev/null
+++ b/tpmutils/pcrreset/pcrreset.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AB8D68EC-40B3-493A-97D9-068A0F7672D9}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>pcrreset</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\pcrreset.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/pcrreset/pcrreset.vcxproj.filters b/tpmutils/pcrreset/pcrreset.vcxproj.filters
new file mode 100644
index 000000000..e58934666
--- /dev/null
+++ b/tpmutils/pcrreset/pcrreset.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\pcrreset.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyauthorize/policyauthorize.vcxproj b/tpmutils/policyauthorize/policyauthorize.vcxproj
new file mode 100644
index 000000000..51aaf7c2f
--- /dev/null
+++ b/tpmutils/policyauthorize/policyauthorize.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyauthorize</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyauthorize.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyauthorize/policyauthorize.vcxproj.filters b/tpmutils/policyauthorize/policyauthorize.vcxproj.filters
new file mode 100644
index 000000000..77e2b25a0
--- /dev/null
+++ b/tpmutils/policyauthorize/policyauthorize.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policyauthorize.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyauthorizenv/policyauthorizenv.vcxproj b/tpmutils/policyauthorizenv/policyauthorizenv.vcxproj
new file mode 100644
index 000000000..b137d4706
--- /dev/null
+++ b/tpmutils/policyauthorizenv/policyauthorizenv.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyauthorizenv</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyauthorizenv.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyauthorizenv/policyauthorizenv.vcxproj.filters b/tpmutils/policyauthorizenv/policyauthorizenv.vcxproj.filters
new file mode 100644
index 000000000..cdec36298
--- /dev/null
+++ b/tpmutils/policyauthorizenv/policyauthorizenv.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\policyauthorizenv.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyauthvalue/policyauthvalue.vcxproj b/tpmutils/policyauthvalue/policyauthvalue.vcxproj
new file mode 100644
index 000000000..2fe9d5d6e
--- /dev/null
+++ b/tpmutils/policyauthvalue/policyauthvalue.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{03931C8D-6BC7-4B7D-A248-DE898120AAAD}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyauthvalue</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyauthvalue.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyauthvalue/policyauthvalue.vcxproj.filters b/tpmutils/policyauthvalue/policyauthvalue.vcxproj.filters
new file mode 100644
index 000000000..1c0edce21
--- /dev/null
+++ b/tpmutils/policyauthvalue/policyauthvalue.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policyauthvalue.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policycommandcode/policycommandcode.vcxproj b/tpmutils/policycommandcode/policycommandcode.vcxproj
new file mode 100644
index 000000000..bd61e4207
--- /dev/null
+++ b/tpmutils/policycommandcode/policycommandcode.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policycommandcode</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policycommandcode.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policycommandcode/policycommandcode.vcxproj.filters b/tpmutils/policycommandcode/policycommandcode.vcxproj.filters
new file mode 100644
index 000000000..488cc3b1a
--- /dev/null
+++ b/tpmutils/policycommandcode/policycommandcode.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policycommandcode.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policycountertimer/policycountertimer.vcxproj b/tpmutils/policycountertimer/policycountertimer.vcxproj
new file mode 100644
index 000000000..ec61b64b1
--- /dev/null
+++ b/tpmutils/policycountertimer/policycountertimer.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policycountertimer</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policycountertimer.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policycountertimer/policycountertimer.vcxproj.filters b/tpmutils/policycountertimer/policycountertimer.vcxproj.filters
new file mode 100644
index 000000000..2c912be59
--- /dev/null
+++ b/tpmutils/policycountertimer/policycountertimer.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policycountertimer.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policycphash/policycphash.vcxproj b/tpmutils/policycphash/policycphash.vcxproj
new file mode 100644
index 000000000..076c2465f
--- /dev/null
+++ b/tpmutils/policycphash/policycphash.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{13A99FC4-485B-48E2-8436-5807057340B1}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policycphash</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policycphash.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policycphash/policycphash.vcxproj.filters b/tpmutils/policycphash/policycphash.vcxproj.filters
new file mode 100644
index 000000000..8d78b9f8d
--- /dev/null
+++ b/tpmutils/policycphash/policycphash.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policycphash.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyduplicationselect/policyduplicationselect.vcxproj b/tpmutils/policyduplicationselect/policyduplicationselect.vcxproj
new file mode 100644
index 000000000..9093bf9aa
--- /dev/null
+++ b/tpmutils/policyduplicationselect/policyduplicationselect.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyduplicationselect.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{35453517-E41C-4507-BFB6-9D4BCAAB986D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyduplicationselect</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyduplicationselect/policyduplicationselect.vcxproj.filters b/tpmutils/policyduplicationselect/policyduplicationselect.vcxproj.filters
new file mode 100644
index 000000000..315111bcb
--- /dev/null
+++ b/tpmutils/policyduplicationselect/policyduplicationselect.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policyduplicationselect.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policygetdigest/policygetdigest.vcxproj b/tpmutils/policygetdigest/policygetdigest.vcxproj
new file mode 100644
index 000000000..d47bfc772
--- /dev/null
+++ b/tpmutils/policygetdigest/policygetdigest.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policygetdigest</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policygetdigest.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policygetdigest/policygetdigest.vcxproj.filters b/tpmutils/policygetdigest/policygetdigest.vcxproj.filters
new file mode 100644
index 000000000..be9eaafef
--- /dev/null
+++ b/tpmutils/policygetdigest/policygetdigest.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policygetdigest.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policymaker/policymaker.vcxproj b/tpmutils/policymaker/policymaker.vcxproj
new file mode 100644
index 000000000..40d33e69a
--- /dev/null
+++ b/tpmutils/policymaker/policymaker.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policymaker</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policymaker.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policymaker/policymaker.vcxproj.filters b/tpmutils/policymaker/policymaker.vcxproj.filters
new file mode 100644
index 000000000..45ca5da61
--- /dev/null
+++ b/tpmutils/policymaker/policymaker.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policymaker.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policymakerpcr/policymakerpcr.vcxproj b/tpmutils/policymakerpcr/policymakerpcr.vcxproj
new file mode 100644
index 000000000..604d22fd9
--- /dev/null
+++ b/tpmutils/policymakerpcr/policymakerpcr.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E9463166-7A93-4CF8-9A87-45A0A18E0322}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policymakerpcr</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policymakerpcr.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policymakerpcr/policymakerpcr.vcxproj.filters b/tpmutils/policymakerpcr/policymakerpcr.vcxproj.filters
new file mode 100644
index 000000000..3c7f8119a
--- /dev/null
+++ b/tpmutils/policymakerpcr/policymakerpcr.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policymakerpcr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policynamehash/policynamehash.vcxproj b/tpmutils/policynamehash/policynamehash.vcxproj
new file mode 100644
index 000000000..b6cdef4ba
--- /dev/null
+++ b/tpmutils/policynamehash/policynamehash.vcxproj
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policynamehash.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policynamehash</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policynamehash/policynamehash.vcxproj.filters b/tpmutils/policynamehash/policynamehash.vcxproj.filters
new file mode 100644
index 000000000..aaebc1766
--- /dev/null
+++ b/tpmutils/policynamehash/policynamehash.vcxproj.filters
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policynamehash.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policynv/policynv.vcxproj b/tpmutils/policynv/policynv.vcxproj
new file mode 100644
index 000000000..e93df38c6
--- /dev/null
+++ b/tpmutils/policynv/policynv.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policynv</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policynv.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policynv/policynv.vcxproj.filters b/tpmutils/policynv/policynv.vcxproj.filters
new file mode 100644
index 000000000..f696ee0b8
--- /dev/null
+++ b/tpmutils/policynv/policynv.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policynv.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policynvwritten/policynvwritten.vcxproj b/tpmutils/policynvwritten/policynvwritten.vcxproj
new file mode 100644
index 000000000..9a0da5f90
--- /dev/null
+++ b/tpmutils/policynvwritten/policynvwritten.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{826C049F-8499-4ECA-B98C-14338AFC84EC}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policynvwritten</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policynvwritten.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policynvwritten/policynvwritten.vcxproj.filters b/tpmutils/policynvwritten/policynvwritten.vcxproj.filters
new file mode 100644
index 000000000..a1247ce17
--- /dev/null
+++ b/tpmutils/policynvwritten/policynvwritten.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policynvwritten.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyor/policyor.vcxproj b/tpmutils/policyor/policyor.vcxproj
new file mode 100644
index 000000000..6261ef03a
--- /dev/null
+++ b/tpmutils/policyor/policyor.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyor</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyor.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyor/policyor.vcxproj.filters b/tpmutils/policyor/policyor.vcxproj.filters
new file mode 100644
index 000000000..7f37c47b3
--- /dev/null
+++ b/tpmutils/policyor/policyor.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policyor.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policypassword/policypassword.vcxproj b/tpmutils/policypassword/policypassword.vcxproj
new file mode 100644
index 000000000..0c9e432ab
--- /dev/null
+++ b/tpmutils/policypassword/policypassword.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D7B60443-2989-4FD6-A146-0EA6D9E89F22}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policypassword</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policypassword.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policypassword/policypassword.vcxproj.filters b/tpmutils/policypassword/policypassword.vcxproj.filters
new file mode 100644
index 000000000..5b43fee11
--- /dev/null
+++ b/tpmutils/policypassword/policypassword.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policypassword.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policypcr/policypcr.vcxproj b/tpmutils/policypcr/policypcr.vcxproj
new file mode 100644
index 000000000..ad3947207
--- /dev/null
+++ b/tpmutils/policypcr/policypcr.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AA80A720-59FE-496B-A90E-5697281DC9EB}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policypcr</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policypcr.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policypcr/policypcr.vcxproj.filters b/tpmutils/policypcr/policypcr.vcxproj.filters
new file mode 100644
index 000000000..4f94daf4c
--- /dev/null
+++ b/tpmutils/policypcr/policypcr.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policypcr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyrestart/policyrestart.vcxproj b/tpmutils/policyrestart/policyrestart.vcxproj
new file mode 100644
index 000000000..43e1db79d
--- /dev/null
+++ b/tpmutils/policyrestart/policyrestart.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyrestart</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyrestart.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyrestart/policyrestart.vcxproj.filters b/tpmutils/policyrestart/policyrestart.vcxproj.filters
new file mode 100644
index 000000000..92060c09f
--- /dev/null
+++ b/tpmutils/policyrestart/policyrestart.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policyrestart.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policysecret/policysecret.vcxproj b/tpmutils/policysecret/policysecret.vcxproj
new file mode 100644
index 000000000..3fa629eb0
--- /dev/null
+++ b/tpmutils/policysecret/policysecret.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7197B41C-7D27-49D3-93F7-F07841053801}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policysecret</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policysecret.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policysecret/policysecret.vcxproj.filters b/tpmutils/policysecret/policysecret.vcxproj.filters
new file mode 100644
index 000000000..9a3e2c208
--- /dev/null
+++ b/tpmutils/policysecret/policysecret.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policysecret.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policysigned/policysigned.vcxproj b/tpmutils/policysigned/policysigned.vcxproj
new file mode 100644
index 000000000..2025629a4
--- /dev/null
+++ b/tpmutils/policysigned/policysigned.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{54DFC656-03A3-40CA-8576-4093CDFF7E8C}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policysigned</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policysigned.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policysigned/policysigned.vcxproj.filters b/tpmutils/policysigned/policysigned.vcxproj.filters
new file mode 100644
index 000000000..94c00ff02
--- /dev/null
+++ b/tpmutils/policysigned/policysigned.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policysigned.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policytemplate/policytemplate.vcxproj b/tpmutils/policytemplate/policytemplate.vcxproj
new file mode 100644
index 000000000..4087b0800
--- /dev/null
+++ b/tpmutils/policytemplate/policytemplate.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{567E0B94-FF18-430A-9202-CFFEE1C94BDD}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policytemplate</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policytemplate.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policytemplate/policytemplate.vcxproj.filters b/tpmutils/policytemplate/policytemplate.vcxproj.filters
new file mode 100644
index 000000000..f711d36a6
--- /dev/null
+++ b/tpmutils/policytemplate/policytemplate.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\policytemplate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyticket/policyticket.vcxproj b/tpmutils/policyticket/policyticket.vcxproj
new file mode 100644
index 000000000..ed69c79c0
--- /dev/null
+++ b/tpmutils/policyticket/policyticket.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{F9A80497-C9A5-4792-92AF-99B248FC399F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>policyticket</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\policyticket.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/policyticket/policyticket.vcxproj.filters b/tpmutils/policyticket/policyticket.vcxproj.filters
new file mode 100644
index 000000000..197312ec1
--- /dev/null
+++ b/tpmutils/policyticket/policyticket.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\policyticket.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/powerup/powerup.vcxproj b/tpmutils/powerup/powerup.vcxproj
new file mode 100644
index 000000000..049fb3136
--- /dev/null
+++ b/tpmutils/powerup/powerup.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>powerup</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\powerup.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/powerup/powerup.vcxproj.filters b/tpmutils/powerup/powerup.vcxproj.filters
new file mode 100644
index 000000000..804da23e0
--- /dev/null
+++ b/tpmutils/powerup/powerup.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\powerup.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/printattr/printattr.vcxproj b/tpmutils/printattr/printattr.vcxproj
new file mode 100644
index 000000000..d3c1a80d8
--- /dev/null
+++ b/tpmutils/printattr/printattr.vcxproj
@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\printattr.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{C975A00B-23E5-4D34-B903-987C393F1B3D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>printattr</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/printattr/printattr.vcxproj.filters b/tpmutils/printattr/printattr.vcxproj.filters
new file mode 100644
index 000000000..9f668ed80
--- /dev/null
+++ b/tpmutils/printattr/printattr.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\printattr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/publicname/publicname.vcxproj b/tpmutils/publicname/publicname.vcxproj
new file mode 100644
index 000000000..3c15be51c
--- /dev/null
+++ b/tpmutils/publicname/publicname.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7D2C2747-68F9-45EE-9802-E52C931DD011}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>publicname</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\publicname.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/publicname/publicname.vcxproj.filters b/tpmutils/publicname/publicname.vcxproj.filters
new file mode 100644
index 000000000..a950260e9
--- /dev/null
+++ b/tpmutils/publicname/publicname.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\publicname.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/quote/quote.vcxproj b/tpmutils/quote/quote.vcxproj
new file mode 100644
index 000000000..6ea60a0e3
--- /dev/null
+++ b/tpmutils/quote/quote.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>quote</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\quote.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/quote/quote.vcxproj.filters b/tpmutils/quote/quote.vcxproj.filters
new file mode 100644
index 000000000..17e309302
--- /dev/null
+++ b/tpmutils/quote/quote.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\quote.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/readclock/readclock.vcxproj b/tpmutils/readclock/readclock.vcxproj
new file mode 100644
index 000000000..0d26985c5
--- /dev/null
+++ b/tpmutils/readclock/readclock.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{18057134-8F5A-4D9B-A419-C633DE19D8CC}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>readclock</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\readclock.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/readclock/readclock.vcxproj.filters b/tpmutils/readclock/readclock.vcxproj.filters
new file mode 100644
index 000000000..7d47cb716
--- /dev/null
+++ b/tpmutils/readclock/readclock.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\readclock.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/readpublic/readpublic.vcxproj b/tpmutils/readpublic/readpublic.vcxproj
new file mode 100644
index 000000000..c50e65293
--- /dev/null
+++ b/tpmutils/readpublic/readpublic.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>readpublic</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\readpublic.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/readpublic/readpublic.vcxproj.filters b/tpmutils/readpublic/readpublic.vcxproj.filters
new file mode 100644
index 000000000..9e131cb06
--- /dev/null
+++ b/tpmutils/readpublic/readpublic.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\readpublic.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/returncode/returncode.vcxproj b/tpmutils/returncode/returncode.vcxproj
new file mode 100644
index 000000000..23740c996
--- /dev/null
+++ b/tpmutils/returncode/returncode.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{29A866A4-1335-4392-AE4A-33C3F6494214}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>returncode</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\returncode.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/returncode/returncode.vcxproj.filters b/tpmutils/returncode/returncode.vcxproj.filters
new file mode 100644
index 000000000..b47b7546b
--- /dev/null
+++ b/tpmutils/returncode/returncode.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\returncode.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/rewrap/rewrap.vcxproj b/tpmutils/rewrap/rewrap.vcxproj
new file mode 100644
index 000000000..b10a2de80
--- /dev/null
+++ b/tpmutils/rewrap/rewrap.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>rewrap</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\rewrap.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/rewrap/rewrap.vcxproj.filters b/tpmutils/rewrap/rewrap.vcxproj.filters
new file mode 100644
index 000000000..300e8f546
--- /dev/null
+++ b/tpmutils/rewrap/rewrap.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\rewrap.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/rsadecrypt/rsadecrypt.vcxproj b/tpmutils/rsadecrypt/rsadecrypt.vcxproj
new file mode 100644
index 000000000..1328d4fc9
--- /dev/null
+++ b/tpmutils/rsadecrypt/rsadecrypt.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>rsadecrypt</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\rsadecrypt.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/rsadecrypt/rsadecrypt.vcxproj.filters b/tpmutils/rsadecrypt/rsadecrypt.vcxproj.filters
new file mode 100644
index 000000000..1b964a3c8
--- /dev/null
+++ b/tpmutils/rsadecrypt/rsadecrypt.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\rsadecrypt.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/rsaencrypt/rsaencrypt.vcxproj b/tpmutils/rsaencrypt/rsaencrypt.vcxproj
new file mode 100644
index 000000000..52e89a100
--- /dev/null
+++ b/tpmutils/rsaencrypt/rsaencrypt.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>rsaencrypt</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\rsaencrypt.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/rsaencrypt/rsaencrypt.vcxproj.filters b/tpmutils/rsaencrypt/rsaencrypt.vcxproj.filters
new file mode 100644
index 000000000..5a502b9ee
--- /dev/null
+++ b/tpmutils/rsaencrypt/rsaencrypt.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\rsaencrypt.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/sequencecomplete/sequencecomplete.vcxproj b/tpmutils/sequencecomplete/sequencecomplete.vcxproj
new file mode 100644
index 000000000..0eaa489bf
--- /dev/null
+++ b/tpmutils/sequencecomplete/sequencecomplete.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{87D056D6-AB21-4420-B58E-4C595FE22726}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>sequencecomplete</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\sequencecomplete.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/sequencecomplete/sequencecomplete.vcxproj.filters b/tpmutils/sequencecomplete/sequencecomplete.vcxproj.filters
new file mode 100644
index 000000000..b96fd0179
--- /dev/null
+++ b/tpmutils/sequencecomplete/sequencecomplete.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\sequencecomplete.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/sequenceupdate/sequenceupdate.vcxproj b/tpmutils/sequenceupdate/sequenceupdate.vcxproj
new file mode 100644
index 000000000..f5482cc13
--- /dev/null
+++ b/tpmutils/sequenceupdate/sequenceupdate.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>sequenceupdate</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="..\CommonProperties.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\sequenceupdate.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/sequenceupdate/sequenceupdate.vcxproj.filters b/tpmutils/sequenceupdate/sequenceupdate.vcxproj.filters
new file mode 100644
index 000000000..ed0f82974
--- /dev/null
+++ b/tpmutils/sequenceupdate/sequenceupdate.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\sequenceupdate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj b/tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj
new file mode 100644
index 000000000..0d68dc67a
--- /dev/null
+++ b/tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj
@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\setcommandcodeauditstatus.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{CD14E844-7356-47FA-9C06-223D5F363A97}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>setcommandcodeauditstatus</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj.filters b/tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj.filters
new file mode 100644
index 000000000..7bba876c5
--- /dev/null
+++ b/tpmutils/setcommandcodeauditstatus/setcommandcodeauditstatus.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\setcommandcodeauditstatus.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/setprimarypolicy/setprimarypolicy.vcxproj b/tpmutils/setprimarypolicy/setprimarypolicy.vcxproj
new file mode 100644
index 000000000..2a47ab28c
--- /dev/null
+++ b/tpmutils/setprimarypolicy/setprimarypolicy.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>setprimarypolicy</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\setprimarypolicy.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/setprimarypolicy/setprimarypolicy.vcxproj.filters b/tpmutils/setprimarypolicy/setprimarypolicy.vcxproj.filters
new file mode 100644
index 000000000..6575e17b6
--- /dev/null
+++ b/tpmutils/setprimarypolicy/setprimarypolicy.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\setprimarypolicy.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/shutdown/shutdown.vcxproj b/tpmutils/shutdown/shutdown.vcxproj
new file mode 100644
index 000000000..19e44df1c
--- /dev/null
+++ b/tpmutils/shutdown/shutdown.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>shutdown</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\shutdown.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/shutdown/shutdown.vcxproj.filters b/tpmutils/shutdown/shutdown.vcxproj.filters
new file mode 100644
index 000000000..52afda899
--- /dev/null
+++ b/tpmutils/shutdown/shutdown.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\shutdown.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/sign/sign.vcxproj b/tpmutils/sign/sign.vcxproj
new file mode 100644
index 000000000..5c877357f
--- /dev/null
+++ b/tpmutils/sign/sign.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>sign</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\sign.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/sign/sign.vcxproj.filters b/tpmutils/sign/sign.vcxproj.filters
new file mode 100644
index 000000000..03f218e8f
--- /dev/null
+++ b/tpmutils/sign/sign.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\sign.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/signapp/signapp.vcxproj b/tpmutils/signapp/signapp.vcxproj
new file mode 100644
index 000000000..000350c18
--- /dev/null
+++ b/tpmutils/signapp/signapp.vcxproj
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E139963F-4EE2-453D-ADBB-65CB1F963CB0}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>signapp</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+    <ClCompile Include="..\..\utils\signapp.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/signapp/signapp.vcxproj.filters b/tpmutils/signapp/signapp.vcxproj.filters
new file mode 100644
index 000000000..8b0c54cc4
--- /dev/null
+++ b/tpmutils/signapp/signapp.vcxproj.filters
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\signapp.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/startauthsession/startauthsession.vcxproj b/tpmutils/startauthsession/startauthsession.vcxproj
new file mode 100644
index 000000000..34463231e
--- /dev/null
+++ b/tpmutils/startauthsession/startauthsession.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{BC6E6238-F667-485D-8374-B9A61F7B31B3}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>startauthsession</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\startauthsession.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/startauthsession/startauthsession.vcxproj.filters b/tpmutils/startauthsession/startauthsession.vcxproj.filters
new file mode 100644
index 000000000..a76423a1d
--- /dev/null
+++ b/tpmutils/startauthsession/startauthsession.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\startauthsession.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/startup/startup.vcxproj b/tpmutils/startup/startup.vcxproj
new file mode 100644
index 000000000..2567a5209
--- /dev/null
+++ b/tpmutils/startup/startup.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8849C601-3B21-431D-AF37-07E534709F22}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>startup</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\startup.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/startup/startup.vcxproj.filters b/tpmutils/startup/startup.vcxproj.filters
new file mode 100644
index 000000000..2b841e013
--- /dev/null
+++ b/tpmutils/startup/startup.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\startup.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/stirrandom/stirrandom.vcxproj b/tpmutils/stirrandom/stirrandom.vcxproj
new file mode 100644
index 000000000..82acd3161
--- /dev/null
+++ b/tpmutils/stirrandom/stirrandom.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>stirrandom</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\stirrandom.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/stirrandom/stirrandom.vcxproj.filters b/tpmutils/stirrandom/stirrandom.vcxproj.filters
new file mode 100644
index 000000000..b3d0b4f1a
--- /dev/null
+++ b/tpmutils/stirrandom/stirrandom.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\stirrandom.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/t/t.vcxproj.filters b/tpmutils/t/t.vcxproj.filters
new file mode 100644
index 000000000..0210ccc61
--- /dev/null
+++ b/tpmutils/t/t.vcxproj.filters
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\t.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/timepacket/timepacket.vcxproj b/tpmutils/timepacket/timepacket.vcxproj
new file mode 100644
index 000000000..0ab43557c
--- /dev/null
+++ b/tpmutils/timepacket/timepacket.vcxproj
@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{6498A6AF-C90C-430D-95F1-5578A18170C8}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>timepacket</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\timepacket.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/timepacket/timepacket.vcxproj.filters b/tpmutils/timepacket/timepacket.vcxproj.filters
new file mode 100644
index 000000000..541e8a9a4
--- /dev/null
+++ b/tpmutils/timepacket/timepacket.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\timepacket.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpm2pem/tpm2pem.vcxproj b/tpmutils/tpm2pem/tpm2pem.vcxproj
new file mode 100644
index 000000000..33a9bee90
--- /dev/null
+++ b/tpmutils/tpm2pem/tpm2pem.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\tpm2pem.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>tpm2pem</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="..\CommonPropertiesRelease.props" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpm2pem/tpm2pem.vcxproj.filters b/tpmutils/tpm2pem/tpm2pem.vcxproj.filters
new file mode 100644
index 000000000..f205619c2
--- /dev/null
+++ b/tpmutils/tpm2pem/tpm2pem.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tpm2pem.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmcmd/tpmcmd.vcxproj b/tpmutils/tpmcmd/tpmcmd.vcxproj
new file mode 100644
index 000000000..f5d33e82d
--- /dev/null
+++ b/tpmutils/tpmcmd/tpmcmd.vcxproj
@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\tpmcmd.c" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>tpmcmd</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmcmd/tpmcmd.vcxproj.filters b/tpmutils/tpmcmd/tpmcmd.vcxproj.filters
new file mode 100644
index 000000000..cbe571897
--- /dev/null
+++ b/tpmutils/tpmcmd/tpmcmd.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tpmcmd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmproxy/tpmproxy.vcxproj b/tpmutils/tpmproxy/tpmproxy.vcxproj
new file mode 100644
index 000000000..0a59f4ca9
--- /dev/null
+++ b/tpmutils/tpmproxy/tpmproxy.vcxproj
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{4D260CDA-D160-43F8-94DF-D98A1D7E0385}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>tpmproxy</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>
+      </PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>Tbs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>
+      </PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>Tbs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\tpmproxy.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmproxy/tpmproxy.vcxproj.filters b/tpmutils/tpmproxy/tpmproxy.vcxproj.filters
new file mode 100644
index 000000000..88122c911
--- /dev/null
+++ b/tpmutils/tpmproxy/tpmproxy.vcxproj.filters
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\tpmproxy.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj b/tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj
new file mode 100644
index 000000000..8250dcb2e
--- /dev/null
+++ b/tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\tpmpublic2eccpoint.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>tpmpublic2eccpoint</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj.filters b/tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj.filters
new file mode 100644
index 000000000..63832220f
--- /dev/null
+++ b/tpmutils/tpmpublic2eccpoint/tpmpublic2eccpoint.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\tpmpublic2eccpoint.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tpmutils.sln b/tpmutils/tpmutils.sln
new file mode 100644
index 000000000..56e1f9b64
--- /dev/null
+++ b/tpmutils/tpmutils.sln
@@ -0,0 +1,1683 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.28307.421
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "startup", "startup\startup.vcxproj", "{8849C601-3B21-431D-AF37-07E534709F22}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createprimary", "createprimary\createprimary.vcxproj", "{5B976902-A648-4C53-9369-6C1F8C6005E9}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "returncode", "returncode\returncode.vcxproj", "{29A866A4-1335-4392-AE4A-33C3F6494214}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "flushcontext", "flushcontext\flushcontext.vcxproj", "{A8378417-7874-4B9E-98E6-C11A3EFB536D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "create", "create\create.vcxproj", "{FE0A477A-54D2-4E00-BB87-643E132DA180}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getcapability", "getcapability\getcapability.vcxproj", "{C6A4DBDA-8D62-4D64-8819-29B114F72201}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "load", "load\load.vcxproj", "{DF3F6BC5-C990-47F1-8567-2509D8FD983D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "loadexternal", "loadexternal\loadexternal.vcxproj", "{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ibmtss", "tss\tss.vcxproj", "{5C11AF70-45A6-4888-A66A-C0A70302BD89}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "verifysignature", "verifysignature\verifysignature.vcxproj", "{D25746E2-59E2-4365-A25F-C924E773B965}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrextend", "pcrextend\pcrextend.vcxproj", "{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrread", "pcrread\pcrread.vcxproj", "{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrreset", "pcrreset\pcrreset.vcxproj", "{AB8D68EC-40B3-493A-97D9-068A0F7672D9}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "readpublic", "readpublic\readpublic.vcxproj", "{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "objectchangeauth", "objectchangeauth\objectchangeauth.vcxproj", "{74D62780-8014-4995-8F98-0E971CDBC654}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsaencrypt", "rsaencrypt\rsaencrypt.vcxproj", "{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsadecrypt", "rsadecrypt\rsadecrypt.vcxproj", "{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hash", "hash\hash.vcxproj", "{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hmac", "hmac\hmac.vcxproj", "{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getrandom", "getrandom\getrandom.vcxproj", "{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "stirrandom", "stirrandom\stirrandom.vcxproj", "{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "certify", "certify\certify.vcxproj", "{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "quote", "quote\quote.vcxproj", "{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gettime", "gettime\gettime.vcxproj", "{FD53EE1E-5408-4389-B316-8195455A1D66}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "startauthsession", "startauthsession\startauthsession.vcxproj", "{BC6E6238-F667-485D-8374-B9A61F7B31B3}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvdefinespace", "nvdefinespace\nvdefinespace.vcxproj", "{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvundefinespace", "nvundefinespace\nvundefinespace.vcxproj", "{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvread", "nvread\nvread.vcxproj", "{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvwrite", "nvwrite\nvwrite.vcxproj", "{D75A1275-02E7-4A31-828D-AA01C3EBA71E}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvreadpublic", "nvreadpublic\nvreadpublic.vcxproj", "{54BF993C-8B54-43EE-AAB3-1AB96FC59778}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policycommandcode", "policycommandcode\policycommandcode.vcxproj", "{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policypassword", "policypassword\policypassword.vcxproj", "{D7B60443-2989-4FD6-A146-0EA6D9E89F22}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyauthvalue", "policyauthvalue\policyauthvalue.vcxproj", "{03931C8D-6BC7-4B7D-A248-DE898120AAAD}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policygetdigest", "policygetdigest\policygetdigest.vcxproj", "{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policynvwritten", "policynvwritten\policynvwritten.vcxproj", "{826C049F-8499-4ECA-B98C-14338AFC84EC}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policysecret", "policysecret\policysecret.vcxproj", "{7197B41C-7D27-49D3-93F7-F07841053801}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policymaker", "policymaker\policymaker.vcxproj", "{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "encryptdecrypt", "encryptdecrypt\encryptdecrypt.vcxproj", "{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policysigned", "policysigned\policysigned.vcxproj", "{54DFC656-03A3-40CA-8576-4093CDFF7E8C}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hierarchychangeauth", "hierarchychangeauth\hierarchychangeauth.vcxproj", "{FF78859F-AA3A-406C-94DE-8B8EC61E2691}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hierarchycontrol", "hierarchycontrol\hierarchycontrol.vcxproj", "{1E7F8857-8635-4861-BCC0-FD074CC7A32B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "setprimarypolicy", "setprimarypolicy\setprimarypolicy.vcxproj", "{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "changepps", "changepps\changepps.vcxproj", "{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "changeeps", "changeeps\changeeps.vcxproj", "{3DA913E8-EF9B-4B9C-8847-D7618BC07551}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clear", "clear\clear.vcxproj", "{D44D7554-7B47-4651-8011-10C821E2C313}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clearcontrol", "clearcontrol\clearcontrol.vcxproj", "{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "powerup", "powerup\powerup.vcxproj", "{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "evictcontrol", "evictcontrol\evictcontrol.vcxproj", "{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sequencecomplete", "sequencecomplete\sequencecomplete.vcxproj", "{87D056D6-AB21-4420-B58E-4C595FE22726}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "contextsave", "contextsave\contextsave.vcxproj", "{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "contextload", "contextload\contextload.vcxproj", "{BA6A5695-C1B4-4F1F-B794-8D67131443DF}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sequenceupdate", "sequenceupdate\sequenceupdate.vcxproj", "{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hmacstart", "hmacstart\hmacstart.vcxproj", "{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hashsequencestart", "hashsequencestart\hashsequencestart.vcxproj", "{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "readclock", "readclock\readclock.vcxproj", "{18057134-8F5A-4D9B-A419-C633DE19D8CC}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clockset", "clockset\clockset.vcxproj", "{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clockrateadjust", "clockrateadjust\clockrateadjust.vcxproj", "{6BB93AB7-5574-49C8-B248-CCA85638C2F1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyauthorize", "policyauthorize\policyauthorize.vcxproj", "{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyticket", "policyticket\policyticket.vcxproj", "{F9A80497-C9A5-4792-92AF-99B248FC399F}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policymakerpcr", "policymakerpcr\policymakerpcr.vcxproj", "{E9463166-7A93-4CF8-9A87-45A0A18E0322}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policynv", "policynv\policynv.vcxproj", "{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policycphash", "policycphash\policycphash.vcxproj", "{13A99FC4-485B-48E2-8436-5807057340B1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policycountertimer", "policycountertimer\policycountertimer.vcxproj", "{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyor", "policyor\policyor.vcxproj", "{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyrestart", "policyrestart\policyrestart.vcxproj", "{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dictionaryattackparameters", "dictionaryattackparameters\dictionaryattackparameters.vcxproj", "{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dictionaryattacklockreset", "dictionaryattacklockreset\dictionaryattacklockreset.vcxproj", "{FAE34595-8E6A-445B-AE74-1BD06A45A70A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unseal", "unseal\unseal.vcxproj", "{6B714F5E-F30C-443C-B855-0BA40BD255A4}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "duplicate", "duplicate\duplicate.vcxproj", "{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rewrap", "rewrap\rewrap.vcxproj", "{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "import", "import\import.vcxproj", "{EBA425BE-67E2-4439-B330-56F441CC4C65}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sign", "sign\sign.vcxproj", "{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvreadlock", "nvreadlock\nvreadlock.vcxproj", "{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvcertify", "nvcertify\nvcertify.vcxproj", "{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvchangeauth", "nvchangeauth\nvchangeauth.vcxproj", "{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvglobalwritelock", "nvglobalwritelock\nvglobalwritelock.vcxproj", "{7E993D77-3B0B-40B1-BEA8-CE06926D3862}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvwritelock", "nvwritelock\nvwritelock.vcxproj", "{D28C2783-E07C-45FC-B893-E4E27C015849}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eventsequencecomplete", "eventsequencecomplete\eventsequencecomplete.vcxproj", "{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrevent", "pcrevent\pcrevent.vcxproj", "{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getcommandauditdigest", "getcommandauditdigest\getcommandauditdigest.vcxproj", "{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getsessionauditdigest", "getsessionauditdigest\getsessionauditdigest.vcxproj", "{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "signapp", "signapp\signapp.vcxproj", "{E139963F-4EE2-453D-ADBB-65CB1F963CB0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvundefinespacespecial", "nvundefinespacespecial\nvundefinespacespecial.vcxproj", "{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eccparameters", "eccparameters\eccparameters.vcxproj", "{CBD90144-0832-4864-A083-752E10180168}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policypcr", "policypcr\policypcr.vcxproj", "{AA80A720-59FE-496B-A90E-5697281DC9EB}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shutdown", "shutdown\shutdown.vcxproj", "{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrallocate", "pcrallocate\pcrallocate.vcxproj", "{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createek", "createek\createek.vcxproj", "{658E9EB7-092C-42C3-8279-BDC65A1D0963}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvsetbits", "nvsetbits\nvsetbits.vcxproj", "{64792A11-D813-45AF-BE32-2C7FBFA37F30}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvincrement", "nvincrement\nvincrement.vcxproj", "{17C7B6D4-B608-4892-8E7C-F32AAF102D46}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvextend", "nvextend\nvextend.vcxproj", "{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "activatecredential", "activatecredential\activatecredential.vcxproj", "{A2B17262-A3C2-4048-A82B-4C89875AD9D0}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "makecredential", "makecredential\makecredential.vcxproj", "{E3BB242A-89DE-4EDF-B121-3557FB35A230}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createloaded", "createloaded\createloaded.vcxproj", "{0050296D-12F4-410B-A1FE-FA3A53F81B6A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policytemplate", "policytemplate\policytemplate.vcxproj", "{567E0B94-FF18-430A-9202-CFFEE1C94BDD}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyauthorizenv", "policyauthorizenv\policyauthorizenv.vcxproj", "{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "importpem", "importpem\importpem.vcxproj", "{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "writeapp", "writeapp\writeapp.vcxproj", "{BEFBAF6A-9211-4422-B3AB-E06D8689193E}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecephemeral", "ecephemeral\ecephemeral.vcxproj", "{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "commit", "commit\commit.vcxproj", "{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tpm2pem", "tpm2pem\tpm2pem.vcxproj", "{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tpmpublic2eccpoint", "tpmpublic2eccpoint\tpmpublic2eccpoint.vcxproj", "{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zgen2phase", "zgen2phase\zgen2phase.vcxproj", "{A84C8114-2B6D-4770-A3A6-78C81905C2E3}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createekcert", "createekcert\createekcert.vcxproj", "{9D496A11-66C3-46EA-98B6-4D25034535DE}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gettestresult", "gettestresult\gettestresult.vcxproj", "{3E021AA6-EC72-4D1E-96D1-004262224985}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyduplicationselect", "policyduplicationselect\policyduplicationselect.vcxproj", "{35453517-E41C-4507-BFB6-9D4BCAAB986D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policynamehash", "policynamehash\policynamehash.vcxproj", "{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eventextend", "eventextend\eventextend.vcxproj", "{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "certifycreation", "certifycreation\certifycreation.vcxproj", "{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "publicname", "publicname\publicname.vcxproj", "{7D2C2747-68F9-45EE-9802-E52C931DD011}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getcryptolibrary", "getcryptolibrary\getcryptolibrary.vcxproj", "{D95B2CAA-2548-41BE-AA63-49A6B0A39630}"
+	ProjectSection(ProjectDependencies) = postProject
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89} = {5C11AF70-45A6-4888-A66A-C0A70302BD89}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "timepacket", "timepacket\timepacket.vcxproj", "{6498A6AF-C90C-430D-95F1-5578A18170C8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "setcommandcodeauditstatus", "setcommandcodeauditstatus\setcommandcodeauditstatus.vcxproj", "{CD14E844-7356-47FA-9C06-223D5F363A97}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "certifyx509", "certifyx509\certifyx509.vcxproj", "{2B9406B7-5843-4495-9BAB-E80F95F54DE3}"
+	ProjectSection(ProjectDependencies) = postProject
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89} = {5C11AF70-45A6-4888-A66A-C0A70302BD89}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tpmproxy", "tpmproxy\tpmproxy.vcxproj", "{4D260CDA-D160-43F8-94DF-D98A1D7E0385}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "printattr", "printattr\printattr.vcxproj", "{C975A00B-23E5-4D34-B903-987C393F1B3D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tpmcmd", "tpmcmd\tpmcmd.vcxproj", "{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|Mixed Platforms = Debug|Mixed Platforms
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Any CPU = Release|Any CPU
+		Release|Mixed Platforms = Release|Mixed Platforms
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8849C601-3B21-431D-AF37-07E534709F22}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Debug|Win32.Build.0 = Debug|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Debug|x64.ActiveCfg = Debug|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Release|Any CPU.ActiveCfg = Release|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Release|Win32.ActiveCfg = Release|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Release|Win32.Build.0 = Release|Win32
+		{8849C601-3B21-431D-AF37-07E534709F22}.Release|x64.ActiveCfg = Release|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Win32.ActiveCfg = Debug|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Win32.Build.0 = Debug|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|x64.ActiveCfg = Debug|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Any CPU.ActiveCfg = Release|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Win32.ActiveCfg = Release|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Win32.Build.0 = Release|Win32
+		{5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|x64.ActiveCfg = Release|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Win32.ActiveCfg = Debug|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Win32.Build.0 = Debug|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|x64.ActiveCfg = Debug|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Any CPU.ActiveCfg = Release|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Win32.ActiveCfg = Release|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Win32.Build.0 = Release|Win32
+		{29A866A4-1335-4392-AE4A-33C3F6494214}.Release|x64.ActiveCfg = Release|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Win32.Build.0 = Debug|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|x64.ActiveCfg = Debug|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Win32.ActiveCfg = Release|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Win32.Build.0 = Release|Win32
+		{A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|x64.ActiveCfg = Release|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Win32.ActiveCfg = Debug|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Win32.Build.0 = Debug|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|x64.ActiveCfg = Debug|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Any CPU.ActiveCfg = Release|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Win32.ActiveCfg = Release|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Win32.Build.0 = Release|Win32
+		{FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|x64.ActiveCfg = Release|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Win32.Build.0 = Debug|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|x64.ActiveCfg = Debug|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Any CPU.ActiveCfg = Release|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Win32.ActiveCfg = Release|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Win32.Build.0 = Release|Win32
+		{C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|x64.ActiveCfg = Release|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Win32.Build.0 = Debug|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|x64.ActiveCfg = Debug|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Win32.ActiveCfg = Release|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Win32.Build.0 = Release|Win32
+		{DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|x64.ActiveCfg = Release|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Win32.Build.0 = Debug|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|x64.ActiveCfg = Debug|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Any CPU.ActiveCfg = Release|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Win32.ActiveCfg = Release|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Win32.Build.0 = Release|Win32
+		{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|x64.ActiveCfg = Release|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Win32.ActiveCfg = Debug|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Win32.Build.0 = Debug|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|x64.ActiveCfg = Debug|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Any CPU.ActiveCfg = Release|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Win32.ActiveCfg = Release|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Win32.Build.0 = Release|Win32
+		{5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|x64.ActiveCfg = Release|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Win32.Build.0 = Debug|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Debug|x64.ActiveCfg = Debug|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Release|Win32.ActiveCfg = Release|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Release|Win32.Build.0 = Release|Win32
+		{D25746E2-59E2-4365-A25F-C924E773B965}.Release|x64.ActiveCfg = Release|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Win32.ActiveCfg = Debug|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Win32.Build.0 = Debug|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|x64.ActiveCfg = Debug|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Any CPU.ActiveCfg = Release|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Win32.ActiveCfg = Release|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Win32.Build.0 = Release|Win32
+		{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|x64.ActiveCfg = Release|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Win32.Build.0 = Debug|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|x64.ActiveCfg = Debug|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Any CPU.ActiveCfg = Release|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Win32.ActiveCfg = Release|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Win32.Build.0 = Release|Win32
+		{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|x64.ActiveCfg = Release|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Win32.Build.0 = Debug|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|x64.ActiveCfg = Debug|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Any CPU.ActiveCfg = Release|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Win32.ActiveCfg = Release|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Win32.Build.0 = Release|Win32
+		{AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|x64.ActiveCfg = Release|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Win32.Build.0 = Debug|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|x64.ActiveCfg = Debug|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Any CPU.ActiveCfg = Release|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Win32.ActiveCfg = Release|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Win32.Build.0 = Release|Win32
+		{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|x64.ActiveCfg = Release|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Win32.ActiveCfg = Debug|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Win32.Build.0 = Debug|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Debug|x64.ActiveCfg = Debug|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Release|Any CPU.ActiveCfg = Release|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Release|Win32.ActiveCfg = Release|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Release|Win32.Build.0 = Release|Win32
+		{74D62780-8014-4995-8F98-0E971CDBC654}.Release|x64.ActiveCfg = Release|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Win32.Build.0 = Debug|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|x64.ActiveCfg = Debug|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Win32.ActiveCfg = Release|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Win32.Build.0 = Release|Win32
+		{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|x64.ActiveCfg = Release|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Win32.ActiveCfg = Debug|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Win32.Build.0 = Debug|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|x64.ActiveCfg = Debug|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Any CPU.ActiveCfg = Release|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Win32.ActiveCfg = Release|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Win32.Build.0 = Release|Win32
+		{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|x64.ActiveCfg = Release|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Win32.ActiveCfg = Debug|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Win32.Build.0 = Debug|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|x64.ActiveCfg = Debug|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Any CPU.ActiveCfg = Release|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Win32.ActiveCfg = Release|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Win32.Build.0 = Release|Win32
+		{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|x64.ActiveCfg = Release|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Win32.ActiveCfg = Debug|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Win32.Build.0 = Debug|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|x64.ActiveCfg = Debug|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Any CPU.ActiveCfg = Release|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Win32.ActiveCfg = Release|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Win32.Build.0 = Release|Win32
+		{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|x64.ActiveCfg = Release|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Win32.Build.0 = Debug|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|x64.ActiveCfg = Debug|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Win32.ActiveCfg = Release|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Win32.Build.0 = Release|Win32
+		{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|x64.ActiveCfg = Release|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Win32.Build.0 = Debug|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|x64.ActiveCfg = Debug|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Any CPU.ActiveCfg = Release|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Win32.ActiveCfg = Release|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Win32.Build.0 = Release|Win32
+		{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|x64.ActiveCfg = Release|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Win32.ActiveCfg = Debug|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Win32.Build.0 = Debug|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|x64.ActiveCfg = Debug|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Any CPU.ActiveCfg = Release|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Win32.ActiveCfg = Release|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Win32.Build.0 = Release|Win32
+		{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|x64.ActiveCfg = Release|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Win32.Build.0 = Debug|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|x64.ActiveCfg = Debug|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Any CPU.ActiveCfg = Release|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Win32.ActiveCfg = Release|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Win32.Build.0 = Release|Win32
+		{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|x64.ActiveCfg = Release|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Win32.ActiveCfg = Debug|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Win32.Build.0 = Debug|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|x64.ActiveCfg = Debug|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Any CPU.ActiveCfg = Release|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Win32.ActiveCfg = Release|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Win32.Build.0 = Release|Win32
+		{FD53EE1E-5408-4389-B316-8195455A1D66}.Release|x64.ActiveCfg = Release|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Win32.ActiveCfg = Debug|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Win32.Build.0 = Debug|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|x64.ActiveCfg = Debug|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Any CPU.ActiveCfg = Release|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Win32.ActiveCfg = Release|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Win32.Build.0 = Release|Win32
+		{BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|x64.ActiveCfg = Release|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Win32.ActiveCfg = Debug|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Win32.Build.0 = Debug|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|x64.ActiveCfg = Debug|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Any CPU.ActiveCfg = Release|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Win32.ActiveCfg = Release|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Win32.Build.0 = Release|Win32
+		{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|x64.ActiveCfg = Release|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Win32.ActiveCfg = Debug|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Win32.Build.0 = Debug|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|x64.ActiveCfg = Debug|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Any CPU.ActiveCfg = Release|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Win32.ActiveCfg = Release|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Win32.Build.0 = Release|Win32
+		{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|x64.ActiveCfg = Release|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Win32.Build.0 = Debug|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|x64.ActiveCfg = Debug|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Win32.ActiveCfg = Release|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Win32.Build.0 = Release|Win32
+		{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|x64.ActiveCfg = Release|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Win32.Build.0 = Debug|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|x64.ActiveCfg = Debug|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Win32.ActiveCfg = Release|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Win32.Build.0 = Release|Win32
+		{D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|x64.ActiveCfg = Release|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Win32.ActiveCfg = Debug|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Win32.Build.0 = Debug|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|x64.ActiveCfg = Debug|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Any CPU.ActiveCfg = Release|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Win32.ActiveCfg = Release|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Win32.Build.0 = Release|Win32
+		{54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|x64.ActiveCfg = Release|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Win32.ActiveCfg = Debug|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Win32.Build.0 = Debug|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|x64.ActiveCfg = Debug|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Any CPU.ActiveCfg = Release|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Win32.ActiveCfg = Release|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Win32.Build.0 = Release|Win32
+		{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|x64.ActiveCfg = Release|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Win32.Build.0 = Debug|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|x64.ActiveCfg = Debug|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Win32.ActiveCfg = Release|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Win32.Build.0 = Release|Win32
+		{D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|x64.ActiveCfg = Release|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Win32.ActiveCfg = Debug|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Win32.Build.0 = Debug|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|x64.ActiveCfg = Debug|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Any CPU.ActiveCfg = Release|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Win32.ActiveCfg = Release|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Win32.Build.0 = Release|Win32
+		{03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|x64.ActiveCfg = Release|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Win32.Build.0 = Debug|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|x64.ActiveCfg = Debug|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Win32.ActiveCfg = Release|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Win32.Build.0 = Release|Win32
+		{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|x64.ActiveCfg = Release|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Win32.ActiveCfg = Debug|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Win32.Build.0 = Debug|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|x64.ActiveCfg = Debug|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Any CPU.ActiveCfg = Release|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Win32.ActiveCfg = Release|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Win32.Build.0 = Release|Win32
+		{826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|x64.ActiveCfg = Release|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Win32.ActiveCfg = Debug|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Win32.Build.0 = Debug|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Debug|x64.ActiveCfg = Debug|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Release|Any CPU.ActiveCfg = Release|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Release|Win32.ActiveCfg = Release|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Release|Win32.Build.0 = Release|Win32
+		{7197B41C-7D27-49D3-93F7-F07841053801}.Release|x64.ActiveCfg = Release|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Win32.ActiveCfg = Debug|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Win32.Build.0 = Debug|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|x64.ActiveCfg = Debug|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Any CPU.ActiveCfg = Release|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Win32.ActiveCfg = Release|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Win32.Build.0 = Release|Win32
+		{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|x64.ActiveCfg = Release|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Win32.Build.0 = Debug|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|x64.ActiveCfg = Debug|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Any CPU.ActiveCfg = Release|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Win32.ActiveCfg = Release|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Win32.Build.0 = Release|Win32
+		{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|x64.ActiveCfg = Release|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Win32.Build.0 = Debug|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|x64.ActiveCfg = Debug|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Any CPU.ActiveCfg = Release|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Win32.ActiveCfg = Release|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Win32.Build.0 = Release|Win32
+		{54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|x64.ActiveCfg = Release|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Win32.ActiveCfg = Debug|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Win32.Build.0 = Debug|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|x64.ActiveCfg = Debug|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Any CPU.ActiveCfg = Release|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Win32.ActiveCfg = Release|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Win32.Build.0 = Release|Win32
+		{FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|x64.ActiveCfg = Release|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Win32.Build.0 = Debug|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|x64.ActiveCfg = Debug|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Win32.ActiveCfg = Release|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Win32.Build.0 = Release|Win32
+		{1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|x64.ActiveCfg = Release|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Win32.Build.0 = Debug|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|x64.ActiveCfg = Debug|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Any CPU.ActiveCfg = Release|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Win32.ActiveCfg = Release|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Win32.Build.0 = Release|Win32
+		{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|x64.ActiveCfg = Release|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Win32.Build.0 = Debug|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|x64.ActiveCfg = Debug|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Win32.ActiveCfg = Release|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Win32.Build.0 = Release|Win32
+		{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|x64.ActiveCfg = Release|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Win32.Build.0 = Debug|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|x64.ActiveCfg = Debug|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Any CPU.ActiveCfg = Release|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Win32.ActiveCfg = Release|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Win32.Build.0 = Release|Win32
+		{3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|x64.ActiveCfg = Release|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Win32.Build.0 = Debug|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Debug|x64.ActiveCfg = Debug|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Release|Win32.ActiveCfg = Release|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Release|Win32.Build.0 = Release|Win32
+		{D44D7554-7B47-4651-8011-10C821E2C313}.Release|x64.ActiveCfg = Release|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Win32.ActiveCfg = Debug|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Win32.Build.0 = Debug|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|x64.ActiveCfg = Debug|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Any CPU.ActiveCfg = Release|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Win32.ActiveCfg = Release|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Win32.Build.0 = Release|Win32
+		{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|x64.ActiveCfg = Release|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Win32.Build.0 = Debug|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|x64.ActiveCfg = Debug|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Win32.ActiveCfg = Release|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Win32.Build.0 = Release|Win32
+		{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|x64.ActiveCfg = Release|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Win32.Build.0 = Debug|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|x64.ActiveCfg = Debug|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Win32.ActiveCfg = Release|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Win32.Build.0 = Release|Win32
+		{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|x64.ActiveCfg = Release|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Win32.ActiveCfg = Debug|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Win32.Build.0 = Debug|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|x64.ActiveCfg = Debug|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Any CPU.ActiveCfg = Release|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Win32.ActiveCfg = Release|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Win32.Build.0 = Release|Win32
+		{87D056D6-AB21-4420-B58E-4C595FE22726}.Release|x64.ActiveCfg = Release|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Win32.ActiveCfg = Debug|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Win32.Build.0 = Debug|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|x64.ActiveCfg = Debug|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Any CPU.ActiveCfg = Release|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Win32.ActiveCfg = Release|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Win32.Build.0 = Release|Win32
+		{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|x64.ActiveCfg = Release|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Win32.ActiveCfg = Debug|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Win32.Build.0 = Debug|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|x64.ActiveCfg = Debug|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Any CPU.ActiveCfg = Release|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Win32.ActiveCfg = Release|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Win32.Build.0 = Release|Win32
+		{BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|x64.ActiveCfg = Release|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Win32.Build.0 = Debug|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|x64.ActiveCfg = Debug|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Any CPU.ActiveCfg = Release|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Win32.ActiveCfg = Release|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Win32.Build.0 = Release|Win32
+		{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|x64.ActiveCfg = Release|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Win32.ActiveCfg = Debug|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Win32.Build.0 = Debug|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|x64.ActiveCfg = Debug|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Any CPU.ActiveCfg = Release|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Win32.ActiveCfg = Release|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Win32.Build.0 = Release|Win32
+		{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|x64.ActiveCfg = Release|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Win32.Build.0 = Debug|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|x64.ActiveCfg = Debug|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Any CPU.ActiveCfg = Release|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Win32.ActiveCfg = Release|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Win32.Build.0 = Release|Win32
+		{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|x64.ActiveCfg = Release|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Win32.ActiveCfg = Debug|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Win32.Build.0 = Debug|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|x64.ActiveCfg = Debug|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Any CPU.ActiveCfg = Release|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Win32.ActiveCfg = Release|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Win32.Build.0 = Release|Win32
+		{18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|x64.ActiveCfg = Release|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Win32.ActiveCfg = Debug|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Win32.Build.0 = Debug|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|x64.ActiveCfg = Debug|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Any CPU.ActiveCfg = Release|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Win32.ActiveCfg = Release|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Win32.Build.0 = Release|Win32
+		{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|x64.ActiveCfg = Release|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Win32.ActiveCfg = Debug|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Win32.Build.0 = Debug|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|x64.ActiveCfg = Debug|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Any CPU.ActiveCfg = Release|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Win32.ActiveCfg = Release|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Win32.Build.0 = Release|Win32
+		{6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|x64.ActiveCfg = Release|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Win32.Build.0 = Debug|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|x64.ActiveCfg = Debug|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Any CPU.ActiveCfg = Release|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Win32.ActiveCfg = Release|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Win32.Build.0 = Release|Win32
+		{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|x64.ActiveCfg = Release|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Win32.ActiveCfg = Debug|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Win32.Build.0 = Debug|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|x64.ActiveCfg = Debug|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Any CPU.ActiveCfg = Release|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Win32.ActiveCfg = Release|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Win32.Build.0 = Release|Win32
+		{F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|x64.ActiveCfg = Release|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Win32.ActiveCfg = Debug|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Win32.Build.0 = Debug|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|x64.ActiveCfg = Debug|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Any CPU.ActiveCfg = Release|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Win32.ActiveCfg = Release|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Win32.Build.0 = Release|Win32
+		{E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|x64.ActiveCfg = Release|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Win32.ActiveCfg = Debug|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Win32.Build.0 = Debug|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|x64.ActiveCfg = Debug|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Any CPU.ActiveCfg = Release|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Win32.ActiveCfg = Release|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Win32.Build.0 = Release|Win32
+		{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|x64.ActiveCfg = Release|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Win32.ActiveCfg = Debug|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Win32.Build.0 = Debug|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Debug|x64.ActiveCfg = Debug|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Release|Any CPU.ActiveCfg = Release|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Release|Win32.ActiveCfg = Release|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Release|Win32.Build.0 = Release|Win32
+		{13A99FC4-485B-48E2-8436-5807057340B1}.Release|x64.ActiveCfg = Release|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Win32.ActiveCfg = Debug|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Win32.Build.0 = Debug|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|x64.ActiveCfg = Debug|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Any CPU.ActiveCfg = Release|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Win32.ActiveCfg = Release|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Win32.Build.0 = Release|Win32
+		{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|x64.ActiveCfg = Release|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Win32.Build.0 = Debug|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|x64.ActiveCfg = Debug|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Win32.ActiveCfg = Release|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Win32.Build.0 = Release|Win32
+		{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|x64.ActiveCfg = Release|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Win32.ActiveCfg = Debug|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Win32.Build.0 = Debug|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|x64.ActiveCfg = Debug|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Any CPU.ActiveCfg = Release|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Win32.ActiveCfg = Release|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Win32.Build.0 = Release|Win32
+		{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|x64.ActiveCfg = Release|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Win32.Build.0 = Debug|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|x64.ActiveCfg = Debug|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Any CPU.ActiveCfg = Release|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Win32.ActiveCfg = Release|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Win32.Build.0 = Release|Win32
+		{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|x64.ActiveCfg = Release|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Win32.Build.0 = Debug|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|x64.ActiveCfg = Debug|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Any CPU.ActiveCfg = Release|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Win32.ActiveCfg = Release|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Win32.Build.0 = Release|Win32
+		{FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|x64.ActiveCfg = Release|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Win32.ActiveCfg = Debug|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Win32.Build.0 = Debug|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|x64.ActiveCfg = Debug|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Any CPU.ActiveCfg = Release|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Win32.ActiveCfg = Release|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Win32.Build.0 = Release|Win32
+		{6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|x64.ActiveCfg = Release|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Win32.ActiveCfg = Debug|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Win32.Build.0 = Debug|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|x64.ActiveCfg = Debug|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Any CPU.ActiveCfg = Release|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Win32.ActiveCfg = Release|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Win32.Build.0 = Release|Win32
+		{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|x64.ActiveCfg = Release|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Win32.Build.0 = Debug|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|x64.ActiveCfg = Debug|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Win32.ActiveCfg = Release|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Win32.Build.0 = Release|Win32
+		{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|x64.ActiveCfg = Release|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Win32.ActiveCfg = Debug|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Win32.Build.0 = Debug|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|x64.ActiveCfg = Debug|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Any CPU.ActiveCfg = Release|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Win32.ActiveCfg = Release|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Win32.Build.0 = Release|Win32
+		{EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|x64.ActiveCfg = Release|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Win32.ActiveCfg = Debug|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Win32.Build.0 = Debug|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|x64.ActiveCfg = Debug|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Any CPU.ActiveCfg = Release|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Win32.ActiveCfg = Release|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Win32.Build.0 = Release|Win32
+		{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|x64.ActiveCfg = Release|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Win32.Build.0 = Debug|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|x64.ActiveCfg = Debug|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Win32.ActiveCfg = Release|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Win32.Build.0 = Release|Win32
+		{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|x64.ActiveCfg = Release|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Win32.ActiveCfg = Debug|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Win32.Build.0 = Debug|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|x64.ActiveCfg = Debug|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Any CPU.ActiveCfg = Release|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Win32.ActiveCfg = Release|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Win32.Build.0 = Release|Win32
+		{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|x64.ActiveCfg = Release|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Win32.ActiveCfg = Debug|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Win32.Build.0 = Debug|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|x64.ActiveCfg = Debug|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Any CPU.ActiveCfg = Release|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Win32.ActiveCfg = Release|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Win32.Build.0 = Release|Win32
+		{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|x64.ActiveCfg = Release|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Win32.ActiveCfg = Debug|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Win32.Build.0 = Debug|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|x64.ActiveCfg = Debug|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Any CPU.ActiveCfg = Release|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Win32.ActiveCfg = Release|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Win32.Build.0 = Release|Win32
+		{7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|x64.ActiveCfg = Release|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Win32.Build.0 = Debug|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|x64.ActiveCfg = Debug|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Win32.ActiveCfg = Release|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Win32.Build.0 = Release|Win32
+		{D28C2783-E07C-45FC-B893-E4E27C015849}.Release|x64.ActiveCfg = Release|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Win32.Build.0 = Debug|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|x64.ActiveCfg = Debug|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Any CPU.ActiveCfg = Release|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Win32.ActiveCfg = Release|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Win32.Build.0 = Release|Win32
+		{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|x64.ActiveCfg = Release|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Win32.Build.0 = Debug|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|x64.ActiveCfg = Debug|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Any CPU.ActiveCfg = Release|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Win32.ActiveCfg = Release|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Win32.Build.0 = Release|Win32
+		{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|x64.ActiveCfg = Release|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Win32.Build.0 = Debug|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|x64.ActiveCfg = Debug|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Win32.ActiveCfg = Release|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Win32.Build.0 = Release|Win32
+		{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|x64.ActiveCfg = Release|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Win32.Build.0 = Debug|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|x64.ActiveCfg = Debug|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Any CPU.ActiveCfg = Release|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Win32.ActiveCfg = Release|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Win32.Build.0 = Release|Win32
+		{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|x64.ActiveCfg = Release|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Win32.ActiveCfg = Debug|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Win32.Build.0 = Debug|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|x64.ActiveCfg = Debug|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Any CPU.ActiveCfg = Release|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Win32.ActiveCfg = Release|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Win32.Build.0 = Release|Win32
+		{E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|x64.ActiveCfg = Release|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Win32.Build.0 = Debug|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|x64.ActiveCfg = Debug|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Any CPU.ActiveCfg = Release|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Win32.ActiveCfg = Release|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Win32.Build.0 = Release|Win32
+		{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|x64.ActiveCfg = Release|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Debug|Win32.Build.0 = Debug|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Debug|x64.ActiveCfg = Debug|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Release|Any CPU.ActiveCfg = Release|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Release|Win32.ActiveCfg = Release|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Release|Win32.Build.0 = Release|Win32
+		{CBD90144-0832-4864-A083-752E10180168}.Release|x64.ActiveCfg = Release|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Win32.Build.0 = Debug|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|x64.ActiveCfg = Debug|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Any CPU.ActiveCfg = Release|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Win32.ActiveCfg = Release|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Win32.Build.0 = Release|Win32
+		{AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|x64.ActiveCfg = Release|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Win32.Build.0 = Debug|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|x64.ActiveCfg = Debug|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Win32.ActiveCfg = Release|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Win32.Build.0 = Release|Win32
+		{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|x64.ActiveCfg = Release|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Win32.Build.0 = Debug|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|x64.ActiveCfg = Debug|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Win32.ActiveCfg = Release|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Win32.Build.0 = Release|Win32
+		{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|x64.ActiveCfg = Release|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Win32.ActiveCfg = Debug|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Win32.Build.0 = Debug|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|x64.ActiveCfg = Debug|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Any CPU.ActiveCfg = Release|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Win32.ActiveCfg = Release|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Win32.Build.0 = Release|Win32
+		{658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|x64.ActiveCfg = Release|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Win32.ActiveCfg = Debug|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Win32.Build.0 = Debug|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|x64.ActiveCfg = Debug|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Any CPU.ActiveCfg = Release|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Win32.ActiveCfg = Release|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Win32.Build.0 = Release|Win32
+		{64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|x64.ActiveCfg = Release|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Win32.ActiveCfg = Debug|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Win32.Build.0 = Debug|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|x64.ActiveCfg = Debug|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Any CPU.ActiveCfg = Release|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Win32.ActiveCfg = Release|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Win32.Build.0 = Release|Win32
+		{17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|x64.ActiveCfg = Release|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Win32.ActiveCfg = Debug|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Win32.Build.0 = Debug|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|x64.ActiveCfg = Debug|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Any CPU.ActiveCfg = Release|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Win32.ActiveCfg = Release|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Win32.Build.0 = Release|Win32
+		{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|x64.ActiveCfg = Release|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Win32.Build.0 = Debug|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|x64.ActiveCfg = Debug|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Win32.ActiveCfg = Release|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Win32.Build.0 = Release|Win32
+		{A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|x64.ActiveCfg = Release|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Win32.ActiveCfg = Debug|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Win32.Build.0 = Debug|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|x64.ActiveCfg = Debug|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Any CPU.ActiveCfg = Release|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Win32.ActiveCfg = Release|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Win32.Build.0 = Release|Win32
+		{E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|x64.ActiveCfg = Release|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Win32.Build.0 = Debug|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|x64.ActiveCfg = Debug|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Any CPU.ActiveCfg = Release|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Win32.ActiveCfg = Release|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Win32.Build.0 = Release|Win32
+		{0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|x64.ActiveCfg = Release|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Win32.ActiveCfg = Debug|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Win32.Build.0 = Debug|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|x64.ActiveCfg = Debug|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Any CPU.ActiveCfg = Release|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Win32.ActiveCfg = Release|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Win32.Build.0 = Release|Win32
+		{567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|x64.ActiveCfg = Release|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Win32.ActiveCfg = Debug|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Win32.Build.0 = Debug|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|x64.ActiveCfg = Debug|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Any CPU.ActiveCfg = Release|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Win32.ActiveCfg = Release|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Win32.Build.0 = Release|Win32
+		{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|x64.ActiveCfg = Release|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Win32.Build.0 = Debug|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|x64.ActiveCfg = Debug|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Any CPU.ActiveCfg = Release|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Win32.ActiveCfg = Release|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Win32.Build.0 = Release|Win32
+		{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|x64.ActiveCfg = Release|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Win32.ActiveCfg = Debug|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Win32.Build.0 = Debug|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|x64.ActiveCfg = Debug|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Any CPU.ActiveCfg = Release|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Win32.ActiveCfg = Release|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Win32.Build.0 = Release|Win32
+		{BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|x64.ActiveCfg = Release|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Win32.Build.0 = Debug|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|x64.ActiveCfg = Debug|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Win32.ActiveCfg = Release|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Win32.Build.0 = Release|Win32
+		{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|x64.ActiveCfg = Release|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Win32.Build.0 = Debug|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|x64.ActiveCfg = Debug|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Any CPU.ActiveCfg = Release|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Win32.ActiveCfg = Release|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Win32.Build.0 = Release|Win32
+		{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|x64.ActiveCfg = Release|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Debug|Win32.Build.0 = Debug|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Debug|x64.ActiveCfg = Debug|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Release|Any CPU.ActiveCfg = Release|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Release|Win32.ActiveCfg = Release|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Release|Win32.Build.0 = Release|Win32
+		{C8DB3D93-F5FC-448C-B942-3F2FD9416C17}.Release|x64.ActiveCfg = Release|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Debug|Win32.Build.0 = Debug|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Debug|x64.ActiveCfg = Debug|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Release|Any CPU.ActiveCfg = Release|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Release|Win32.ActiveCfg = Release|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Release|Win32.Build.0 = Release|Win32
+		{9F6BDCAC-E6D5-4C45-9533-DEB7D2926A0C}.Release|x64.ActiveCfg = Release|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Debug|Win32.Build.0 = Debug|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Debug|x64.ActiveCfg = Debug|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Release|Any CPU.ActiveCfg = Release|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Release|Win32.ActiveCfg = Release|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Release|Win32.Build.0 = Release|Win32
+		{A84C8114-2B6D-4770-A3A6-78C81905C2E3}.Release|x64.ActiveCfg = Release|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Debug|Win32.ActiveCfg = Debug|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Debug|Win32.Build.0 = Debug|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Debug|x64.ActiveCfg = Debug|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Release|Any CPU.ActiveCfg = Release|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Release|Win32.ActiveCfg = Release|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Release|Win32.Build.0 = Release|Win32
+		{9D496A11-66C3-46EA-98B6-4D25034535DE}.Release|x64.ActiveCfg = Release|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Debug|Win32.ActiveCfg = Debug|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Debug|Win32.Build.0 = Debug|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Debug|x64.ActiveCfg = Debug|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Release|Any CPU.ActiveCfg = Release|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Release|Win32.ActiveCfg = Release|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Release|Win32.Build.0 = Release|Win32
+		{3E021AA6-EC72-4D1E-96D1-004262224985}.Release|x64.ActiveCfg = Release|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Debug|Win32.Build.0 = Debug|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Debug|x64.ActiveCfg = Debug|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Release|Win32.ActiveCfg = Release|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Release|Win32.Build.0 = Release|Win32
+		{35453517-E41C-4507-BFB6-9D4BCAAB986D}.Release|x64.ActiveCfg = Release|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Debug|Win32.Build.0 = Debug|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Debug|x64.ActiveCfg = Debug|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Release|Any CPU.ActiveCfg = Release|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Release|Win32.ActiveCfg = Release|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Release|Win32.Build.0 = Release|Win32
+		{C71DCE69-67E6-4EFC-9AF4-BD7C20FFAD89}.Release|x64.ActiveCfg = Release|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Debug|Win32.ActiveCfg = Debug|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Debug|Win32.Build.0 = Debug|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Debug|x64.ActiveCfg = Debug|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Release|Any CPU.ActiveCfg = Release|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Release|Win32.ActiveCfg = Release|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Release|Win32.Build.0 = Release|Win32
+		{725DCEBE-1DD3-4011-87D4-AE8B023B77D9}.Release|x64.ActiveCfg = Release|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Debug|Win32.Build.0 = Debug|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Debug|x64.ActiveCfg = Debug|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Release|Any CPU.ActiveCfg = Release|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Release|Win32.ActiveCfg = Release|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Release|Win32.Build.0 = Release|Win32
+		{1D36BC6A-C612-4567-AD03-91C46D0D1FA1}.Release|x64.ActiveCfg = Release|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Debug|Win32.ActiveCfg = Debug|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Debug|Win32.Build.0 = Debug|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Debug|x64.ActiveCfg = Debug|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Release|Any CPU.ActiveCfg = Release|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Release|Win32.ActiveCfg = Release|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Release|Win32.Build.0 = Release|Win32
+		{7D2C2747-68F9-45EE-9802-E52C931DD011}.Release|x64.ActiveCfg = Release|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|Win32.Build.0 = Debug|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|x64.ActiveCfg = Debug|x64
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Debug|x64.Build.0 = Debug|x64
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|Any CPU.ActiveCfg = Release|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|Win32.ActiveCfg = Release|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|Win32.Build.0 = Release|Win32
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|x64.ActiveCfg = Release|x64
+		{D95B2CAA-2548-41BE-AA63-49A6B0A39630}.Release|x64.Build.0 = Release|x64
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|Win32.Build.0 = Debug|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|x64.ActiveCfg = Debug|x64
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Debug|x64.Build.0 = Debug|x64
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|Any CPU.ActiveCfg = Release|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|Win32.ActiveCfg = Release|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|Win32.Build.0 = Release|Win32
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|x64.ActiveCfg = Release|x64
+		{6498A6AF-C90C-430D-95F1-5578A18170C8}.Release|x64.Build.0 = Release|x64
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|Win32.Build.0 = Debug|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|x64.ActiveCfg = Debug|x64
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Debug|x64.Build.0 = Debug|x64
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|Any CPU.ActiveCfg = Release|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|Win32.ActiveCfg = Release|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|Win32.Build.0 = Release|Win32
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|x64.ActiveCfg = Release|x64
+		{CD14E844-7356-47FA-9C06-223D5F363A97}.Release|x64.Build.0 = Release|x64
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|Win32.ActiveCfg = Debug|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|Win32.Build.0 = Debug|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|x64.ActiveCfg = Debug|x64
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Debug|x64.Build.0 = Debug|x64
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|Any CPU.ActiveCfg = Release|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|Win32.ActiveCfg = Release|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|Win32.Build.0 = Release|Win32
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|x64.ActiveCfg = Release|x64
+		{2B9406B7-5843-4495-9BAB-E80F95F54DE3}.Release|x64.Build.0 = Release|x64
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|Win32.ActiveCfg = Debug|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|Win32.Build.0 = Debug|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|x64.ActiveCfg = Debug|x64
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Debug|x64.Build.0 = Debug|x64
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|Any CPU.ActiveCfg = Release|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|Win32.ActiveCfg = Release|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|Win32.Build.0 = Release|Win32
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|x64.ActiveCfg = Release|x64
+		{4D260CDA-D160-43F8-94DF-D98A1D7E0385}.Release|x64.Build.0 = Release|x64
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|Win32.Build.0 = Debug|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|x64.ActiveCfg = Debug|x64
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Debug|x64.Build.0 = Debug|x64
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|Any CPU.ActiveCfg = Release|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|Win32.ActiveCfg = Release|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|Win32.Build.0 = Release|Win32
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|x64.ActiveCfg = Release|x64
+		{C975A00B-23E5-4D34-B903-987C393F1B3D}.Release|x64.Build.0 = Release|x64
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|Win32.ActiveCfg = Debug|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|Win32.Build.0 = Debug|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|x64.ActiveCfg = Debug|x64
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Debug|x64.Build.0 = Debug|x64
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|Any CPU.ActiveCfg = Release|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|Win32.ActiveCfg = Release|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|Win32.Build.0 = Release|Win32
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|x64.ActiveCfg = Release|x64
+		{CBB55ED3-AA2F-40D2-87BD-5790C85C0F33}.Release|x64.Build.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {9A735B13-375F-4A46-AD2A-0BCAFC2F8FC4}
+	EndGlobalSection
+EndGlobal
diff --git a/tpmutils/tss/dllmain.cpp b/tpmutils/tss/dllmain.cpp
new file mode 100644
index 000000000..69b58914b
--- /dev/null
+++ b/tpmutils/tss/dllmain.cpp
@@ -0,0 +1,19 @@
+// dllmain.cpp : Defines the entry point for the DLL application.
+#include "stdafx.h"
+
+BOOL APIENTRY DllMain( HMODULE hModule,
+                       DWORD  ul_reason_for_call,
+                       LPVOID lpReserved
+					 )
+{
+	switch (ul_reason_for_call)
+	{
+	case DLL_PROCESS_ATTACH:
+	case DLL_THREAD_ATTACH:
+	case DLL_THREAD_DETACH:
+	case DLL_PROCESS_DETACH:
+		break;
+	}
+	return TRUE;
+}
+
diff --git a/tpmutils/tss/stdafx.h b/tpmutils/tss/stdafx.h
new file mode 100644
index 000000000..f3a07375c
--- /dev/null
+++ b/tpmutils/tss/stdafx.h
@@ -0,0 +1,16 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#include "targetver.h"
+
+#define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
+// Windows Header Files:
+#include <windows.h>
+
+
+
+// TODO: reference additional headers your program requires here
diff --git a/tpmutils/tss/targetver.h b/tpmutils/tss/targetver.h
new file mode 100644
index 000000000..87c0086de
--- /dev/null
+++ b/tpmutils/tss/targetver.h
@@ -0,0 +1,8 @@
+#pragma once
+
+// Including SDKDDKVer.h defines the highest available Windows platform.
+
+// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
+// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
+
+#include <SDKDDKVer.h>
diff --git a/tpmutils/tss/tss.vcxproj b/tpmutils/tss/tss.vcxproj
new file mode 100644
index 000000000..39f73a622
--- /dev/null
+++ b/tpmutils/tss/tss.vcxproj
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{5C11AF70-45A6-4888-A66A-C0A70302BD89}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>tss</RootNamespace>
+    <ProjectName>ibmtss</ProjectName>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;TPM_TSS;TPM_TPM20;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>../../utils;c:/program files/openssl/include</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>Tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;TPM_TSS;TPM_TPM20;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>../../utils;c:/program files/openssl/include</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>Tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\CommandAttributeData.c" />
+    <ClCompile Include="..\..\utils\Commands.c" />
+    <ClCompile Include="..\..\utils\tss.c" />
+    <ClCompile Include="..\..\utils\tss20.c" />
+    <ClCompile Include="..\..\utils\tssauth.c" />
+    <ClCompile Include="..\..\utils\tssauth20.c" />
+    <ClCompile Include="..\..\utils\tssccattributes.c" />
+    <ClCompile Include="..\..\utils\tsscrypto.c" />
+    <ClCompile Include="..\..\utils\tsscryptoh.c" />
+    <ClCompile Include="..\..\utils\tssfile.c" />
+    <ClCompile Include="..\..\utils\tssmarshal.c" />
+    <ClCompile Include="..\..\utils\tssntc.c" />
+    <ClCompile Include="..\..\utils\tssprint.c" />
+    <ClCompile Include="..\..\utils\tssprintcmd.c" />
+    <ClCompile Include="..\..\utils\tssproperties.c" />
+    <ClCompile Include="..\..\utils\tssresponsecode.c" />
+    <ClCompile Include="..\..\utils\tsssocket.c" />
+    <ClCompile Include="..\..\utils\tsstbsi.c" />
+    <ClCompile Include="..\..\utils\tsstransmit.c" />
+    <ClCompile Include="..\..\utils\tssutils.c" />
+    <ClCompile Include="..\..\utils\Unmarshal.c" />
+    <ClCompile Include="dllmain.cpp">
+      <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+      </PrecompiledHeader>
+      <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+      </PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/tss/tss.vcxproj.filters b/tpmutils/tss/tss.vcxproj.filters
new file mode 100644
index 000000000..9595f19d7
--- /dev/null
+++ b/tpmutils/tss/tss.vcxproj.filters
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tss.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssmarshal.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssauth.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tsscrypto.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssprint.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssproperties.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssresponsecode.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tsssocket.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tsstbsi.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tsstransmit.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssccattributes.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssfile.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\CommandAttributeData.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\Commands.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\Unmarshal.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tsscryptoh.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssntc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tss20.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssauth20.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\tssprintcmd.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/unseal/unseal.vcxproj b/tpmutils/unseal/unseal.vcxproj
new file mode 100644
index 000000000..6e7c28cab
--- /dev/null
+++ b/tpmutils/unseal/unseal.vcxproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{6B714F5E-F30C-443C-B855-0BA40BD255A4}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>unseal</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\unseal.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/unseal/unseal.vcxproj.filters b/tpmutils/unseal/unseal.vcxproj.filters
new file mode 100644
index 000000000..6bb27cdc8
--- /dev/null
+++ b/tpmutils/unseal/unseal.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\unseal.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/verifysignature/verifysignature.vcxproj b/tpmutils/verifysignature/verifysignature.vcxproj
new file mode 100644
index 000000000..d9a15874d
--- /dev/null
+++ b/tpmutils/verifysignature/verifysignature.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D25746E2-59E2-4365-A25F-C924E773B965}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>verifysignature</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\verifysignature.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/verifysignature/verifysignature.vcxproj.filters b/tpmutils/verifysignature/verifysignature.vcxproj.filters
new file mode 100644
index 000000000..9c79b41c7
--- /dev/null
+++ b/tpmutils/verifysignature/verifysignature.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\verifysignature.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/writeapp/writeapp.vcxproj b/tpmutils/writeapp/writeapp.vcxproj
new file mode 100644
index 000000000..4f560f12c
--- /dev/null
+++ b/tpmutils/writeapp/writeapp.vcxproj
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\ekutils.c" />
+    <ClCompile Include="..\..\utils\writeapp.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{BEFBAF6A-9211-4422-B3AB-E06D8689193E}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>writeapp</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/writeapp/writeapp.vcxproj.filters b/tpmutils/writeapp/writeapp.vcxproj.filters
new file mode 100644
index 000000000..59ec432d3
--- /dev/null
+++ b/tpmutils/writeapp/writeapp.vcxproj.filters
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\writeapp.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\ekutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/zgen2phase/zgen2phase.vcxproj b/tpmutils/zgen2phase/zgen2phase.vcxproj
new file mode 100644
index 000000000..ac6c6004c
--- /dev/null
+++ b/tpmutils/zgen2phase/zgen2phase.vcxproj
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\applink.c" />
+    <ClCompile Include="..\..\utils\cryptoutils.c" />
+    <ClCompile Include="..\..\utils\zgen2phase.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\tss\tss.vcxproj">
+      <Project>{5c11af70-45a6-4888-a66a-c0a70302bd89}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A84C8114-2B6D-4770-A3A6-78C81905C2E3}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>zgen2phase</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="..\CommonProperties.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="..\CommonPropertiesRelease.props" />
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/tpmutils/zgen2phase/zgen2phase.vcxproj.filters b/tpmutils/zgen2phase/zgen2phase.vcxproj.filters
new file mode 100644
index 000000000..d10aee596
--- /dev/null
+++ b/tpmutils/zgen2phase/zgen2phase.vcxproj.filters
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\utils\zgen2phase.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\applink.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\utils\cryptoutils.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/utils/CommandAttributeData.c b/utils/CommandAttributeData.c
new file mode 100644
index 000000000..48f3b16cf
--- /dev/null
+++ b/utils/CommandAttributeData.c
@@ -0,0 +1,960 @@
+/********************************************************************************/
+/*										*/
+/*			  Command Attributes Table   				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+// 9.3	CommandAttributeData.c
+
+#ifdef TPM_TPM12
+#include <ibmtss/tpmconstants12.h>
+#endif
+
+#include "CommandAttributes.h"
+#if defined COMPRESSED_LISTS
+#   define      PAD_LIST    0
+#else
+#   define      PAD_LIST    1
+#endif
+
+// This is the command code attribute array for GetCapability(). Both this array and
+// s_commandAttributes provides command code attributes, but tuned for different purpose
+
+/* bitfield is:
+   
+   command index
+   reserved
+   nv
+   extensive
+   flushed
+   cHandles
+   rHandle
+   V
+   reserved, flags TPM 1.2 command
+*/
+   
+#include "tssccattributes.h"
+
+const TPMA_CC_TSS    s_ccAttr [] = {
+    
+#if (PAD_LIST || CC_NV_UndefineSpaceSpecial)
+    {{0x011f, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_UndefineSpaceSpecial
+#endif
+#if (PAD_LIST || CC_EvictControl)
+    {{0x0120, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_EvictControl
+#endif
+#if (PAD_LIST || CC_HierarchyControl)
+    {{0x0121, 0, 1, 1, 0, 1, 0, 0, 0}},     // TPM_CC_HierarchyControl
+#endif
+#if (PAD_LIST || CC_NV_UndefineSpace)
+    {{0x0122, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_UndefineSpace
+#endif
+#if (PAD_LIST)
+    {{0x0123, 0, 0, 0, 0, 0, 0, 0, 0}},     // No command
+#endif
+#if (PAD_LIST || CC_ChangeEPS)
+    {{0x0124, 0, 1, 1, 0, 1, 0, 0, 0}},     // TPM_CC_ChangeEPS
+#endif
+#if (PAD_LIST || CC_ChangePPS)
+    {{0x0125, 0, 1, 1, 0, 1, 0, 0, 0}},     // TPM_CC_ChangePPS
+#endif
+#if (PAD_LIST || CC_Clear)
+    {{0x0126, 0, 1, 1, 0, 1, 0, 0, 0}},     // TPM_CC_Clear
+#endif
+#if (PAD_LIST || CC_ClearControl)
+    {{0x0127, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ClearControl
+#endif
+#if (PAD_LIST || CC_ClockSet)
+    {{0x0128, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ClockSet
+#endif
+#if (PAD_LIST || CC_HierarchyChangeAuth)
+    {{0x0129, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_HierarchyChangeAuth
+#endif
+#if (PAD_LIST || CC_NV_DefineSpace)
+    {{0x012a, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_NV_DefineSpace
+#endif
+#if (PAD_LIST || CC_PCR_Allocate)
+    {{0x012b, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PCR_Allocate
+#endif
+#if (PAD_LIST || CC_PCR_SetAuthPolicy)
+    {{0x012c, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PCR_SetAuthPolicy
+#endif
+#if (PAD_LIST || CC_PP_Commands)
+    {{0x012d, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PP_Commands
+#endif
+#if (PAD_LIST || CC_SetPrimaryPolicy)
+    {{0x012e, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_SetPrimaryPolicy
+#endif
+#if (PAD_LIST || CC_FieldUpgradeStart)
+    {{0x012f, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_FieldUpgradeStart
+#endif
+#if (PAD_LIST || CC_ClockRateAdjust)
+    {{0x0130, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ClockRateAdjust
+#endif
+#if (PAD_LIST || CC_CreatePrimary)
+    {{0x0131, 0, 0, 0, 0, 1, 1, 0, 0}},     // TPM_CC_CreatePrimary
+#endif
+#if (PAD_LIST || CC_NV_GlobalWriteLock)
+    {{0x0132, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_NV_GlobalWriteLock
+#endif
+#if (PAD_LIST || CC_GetCommandAuditDigest)
+    {{0x0133, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_GetCommandAuditDigest
+#endif
+#if (PAD_LIST || CC_NV_Increment)
+    {{0x0134, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_Increment
+#endif
+#if (PAD_LIST || CC_NV_SetBits)
+    {{0x0135, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_SetBits
+#endif
+#if (PAD_LIST || CC_NV_Extend)
+    {{0x0136, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_Extend
+#endif
+#if (PAD_LIST || CC_NV_Write)
+    {{0x0137, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_Write
+#endif
+#if (PAD_LIST || CC_NV_WriteLock)
+    {{0x0138, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_WriteLock
+#endif
+#if (PAD_LIST || CC_DictionaryAttackLockReset)
+    {{0x0139, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_DictionaryAttackLockReset
+#endif
+#if (PAD_LIST || CC_DictionaryAttackParameters)
+    {{0x013a, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_DictionaryAttackParameters
+#endif
+#if (PAD_LIST || CC_NV_ChangeAuth)
+    {{0x013b, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_NV_ChangeAuth
+#endif
+#if (PAD_LIST || CC_PCR_Event)
+    {{0x013c, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PCR_Event
+#endif
+#if (PAD_LIST || CC_PCR_Reset)
+    {{0x013d, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PCR_Reset
+#endif
+#if (PAD_LIST || CC_SequenceComplete)
+    {{0x013e, 0, 0, 0, 1, 1, 0, 0, 0}},     // TPM_CC_SequenceComplete
+#endif
+#if (PAD_LIST || CC_SetAlgorithmSet)
+    {{0x013f, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_SetAlgorithmSet
+#endif
+#if (PAD_LIST || CC_SetCommandCodeAuditStatus)
+    {{0x0140, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_SetCommandCodeAuditStatus
+#endif
+#if (PAD_LIST || CC_FieldUpgradeData)
+    {{0x0141, 0, 1, 0, 0, 0, 0, 0, 0}},     // TPM_CC_FieldUpgradeData
+#endif
+#if (PAD_LIST || CC_IncrementalSelfTest)
+    {{0x0142, 0, 1, 0, 0, 0, 0, 0, 0}},     // TPM_CC_IncrementalSelfTest
+#endif
+#if (PAD_LIST || CC_SelfTest)
+    {{0x0143, 0, 1, 0, 0, 0, 0, 0, 0}},     // TPM_CC_SelfTest
+#endif
+#if (PAD_LIST || CC_Startup)
+    {{0x0144, 0, 1, 0, 0, 0, 0, 0, 0}},     // TPM_CC_Startup
+#endif
+#if (PAD_LIST || CC_Shutdown)
+    {{0x0145, 0, 1, 0, 0, 0, 0, 0, 0}},     // TPM_CC_Shutdown
+#endif
+#if (PAD_LIST || CC_StirRandom)
+    {{0x0146, 0, 1, 0, 0, 0, 0, 0, 0}},     // TPM_CC_StirRandom
+#endif
+#if (PAD_LIST || CC_ActivateCredential)
+    {{0x0147, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_ActivateCredential
+#endif
+#if (PAD_LIST || CC_Certify)
+    {{0x0148, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_Certify
+#endif
+#if (PAD_LIST || CC_PolicyNV)
+    {{0x0149, 0, 0, 0, 0, 3, 0, 0, 0}},     // TPM_CC_PolicyNV
+#endif
+#if (PAD_LIST || CC_CertifyCreation)
+    {{0x014a, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_CertifyCreation
+#endif
+#if (PAD_LIST || CC_CertifyX509)
+    {{0x0197, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_CertifyX509
+#endif
+#if (PAD_LIST || CC_Duplicate)
+    {{0x014b, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_Duplicate
+#endif
+#if (PAD_LIST || CC_GetTime)
+    {{0x014c, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_GetTime
+#endif
+#if (PAD_LIST || CC_GetSessionAuditDigest)
+    {{0x014d, 0, 0, 0, 0, 3, 0, 0, 0}},     // TPM_CC_GetSessionAuditDigest
+#endif
+#if (PAD_LIST || CC_NV_Read)
+    {{0x014e, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_Read
+#endif
+#if (PAD_LIST || CC_NV_ReadLock)
+    {{0x014f, 0, 1, 0, 0, 2, 0, 0, 0}},     // TPM_CC_NV_ReadLock
+#endif
+#if (PAD_LIST || CC_ObjectChangeAuth)
+    {{0x0150, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_ObjectChangeAuth
+#endif
+#if (PAD_LIST || CC_PolicySecret)
+    {{0x0151, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_PolicySecret
+#endif
+#if (PAD_LIST || CC_Rewrap)
+    {{0x0152, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_Rewrap
+#endif
+#if (PAD_LIST || CC_Create)
+    {{0x0153, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_Create
+#endif
+#if (PAD_LIST || CC_ECDH_ZGen)
+    {{0x0154, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ECDH_ZGen
+#endif
+#if (PAD_LIST || CC_HMAC)
+    {{0x0155, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_HMAC
+#endif
+#if (PAD_LIST || CC_Import)
+    {{0x0156, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_Import
+#endif
+#if (PAD_LIST || CC_Load)
+    {{0x0157, 0, 0, 0, 0, 1, 1, 0, 0}},     // TPM_CC_Load
+#endif
+#if (PAD_LIST || CC_Quote)
+    {{0x0158, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_Quote
+#endif
+#if (PAD_LIST || CC_RSA_Decrypt)
+    {{0x0159, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_RSA_Decrypt
+#endif
+#if (PAD_LIST)
+    {{0x015a, 0, 0, 0, 0, 0, 0, 0, 0}},     // No command
+#endif
+#if (PAD_LIST || CC_HMAC_Start)
+    {{0x015b, 0, 0, 0, 0, 1, 1, 0, 0}},     // TPM_CC_HMAC_Start
+#endif
+#if (PAD_LIST || CC_SequenceUpdate)
+    {{0x015c, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_SequenceUpdate
+#endif
+#if (PAD_LIST || CC_Sign)
+    {{0x015d, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_Sign
+#endif
+#if (PAD_LIST || CC_Unseal)
+    {{0x015e, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_Unseal
+#endif
+#if (PAD_LIST)
+    {{0x015f, 0, 0, 0, 0, 0, 0, 0, 0}},     // No command
+#endif
+#if (PAD_LIST || CC_PolicySigned)
+    {{0x0160, 0, 0, 0, 0, 2, 0, 0, 0}},     // TPM_CC_PolicySigned
+#endif
+#if (PAD_LIST || CC_ContextLoad)
+    {{0x0161, 0, 0, 0, 0, 0, 1, 0, 0}},     // TPM_CC_ContextLoad
+#endif
+#if (PAD_LIST || CC_ContextSave)
+    {{0x0162, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ContextSave
+#endif
+#if (PAD_LIST || CC_ECDH_KeyGen)
+    {{0x0163, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ECDH_KeyGen
+#endif
+#if (PAD_LIST || CC_EncryptDecrypt)
+    {{0x0164, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_EncryptDecrypt
+#endif
+#if (PAD_LIST || CC_FlushContext)
+    {{0x0165, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_FlushContext
+#endif
+#if (PAD_LIST)
+    {{0x0166, 0, 0, 0, 0, 0, 0, 0, 0}},     // No command
+#endif
+#if (PAD_LIST || CC_LoadExternal)
+    {{0x0167, 0, 0, 0, 0, 0, 1, 0, 0}},     // TPM_CC_LoadExternal
+#endif
+#if (PAD_LIST || CC_MakeCredential)
+    {{0x0168, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_MakeCredential
+#endif
+#if (PAD_LIST || CC_NV_ReadPublic)
+    {{0x0169, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_NV_ReadPublic
+#endif
+#if (PAD_LIST || CC_PolicyAuthorize)
+    {{0x016a, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyAuthorize
+#endif
+#if (PAD_LIST || CC_PolicyAuthValue)
+    {{0x016b, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyAuthValue
+#endif
+#if (PAD_LIST || CC_PolicyCommandCode)
+    {{0x016c, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyCommandCode
+#endif
+#if (PAD_LIST || CC_PolicyCounterTimer)
+    {{0x016d, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyCounterTimer
+#endif
+#if (PAD_LIST || CC_PolicyCpHash)
+    {{0x016e, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyCpHash
+#endif
+#if (PAD_LIST || CC_PolicyLocality)
+    {{0x016f, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyLocality
+#endif
+#if (PAD_LIST || CC_PolicyNameHash)
+    {{0x0170, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyNameHash
+#endif
+#if (PAD_LIST || CC_PolicyOR)
+    {{0x0171, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyOR
+#endif
+#if (PAD_LIST || CC_PolicyTicket)
+    {{0x0172, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyTicket
+#endif
+#if (PAD_LIST || CC_ReadPublic)
+    {{0x0173, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ReadPublic
+#endif
+#if (PAD_LIST || CC_RSA_Encrypt)
+    {{0x0174, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_RSA_Encrypt
+#endif
+#if (PAD_LIST)
+    {{0x0175, 0, 0, 0, 0, 0, 0, 0, 0}},     // No command
+#endif
+#if (PAD_LIST || CC_StartAuthSession)
+    {{0x0176, 0, 0, 0, 0, 2, 1, 0, 0}},     // TPM_CC_StartAuthSession
+#endif
+#if (PAD_LIST || CC_VerifySignature)
+    {{0x0177, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_VerifySignature
+#endif
+#if (PAD_LIST || CC_ECC_Parameters)
+    {{0x0178, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_ECC_Parameters
+#endif
+#if (PAD_LIST || CC_FirmwareRead)
+    {{0x0179, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_FirmwareRead
+#endif
+#if (PAD_LIST || CC_GetCapability)
+    {{0x017a, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_GetCapability
+#endif
+#if (PAD_LIST || CC_GetRandom)
+    {{0x017b, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_GetRandom
+#endif
+#if (PAD_LIST || CC_GetTestResult)
+    {{0x017c, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_GetTestResult
+#endif
+#if (PAD_LIST || CC_Hash)
+    {{0x017d, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_Hash
+#endif
+#if (PAD_LIST || CC_PCR_Read)
+    {{0x017e, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_PCR_Read
+#endif
+#if (PAD_LIST || CC_PolicyPCR)
+    {{0x017f, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyPCR
+#endif
+#if (PAD_LIST || CC_PolicyRestart)
+    {{0x0180, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyRestart
+#endif
+#if (PAD_LIST || CC_ReadClock)
+    {{0x0181, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_ReadClock
+#endif
+#if (PAD_LIST || CC_PCR_Extend)
+    {{0x0182, 0, 1, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PCR_Extend
+#endif
+#if (PAD_LIST || CC_PCR_SetAuthValue)
+    {{0x0183, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PCR_SetAuthValue
+#endif
+#if (PAD_LIST || CC_NV_Certify)
+    {{0x0184, 0, 0, 0, 0, 3, 0, 0, 0}},     // TPM_CC_NV_Certify
+#endif
+#if (PAD_LIST || CC_EventSequenceComplete)
+    {{0x0185, 0, 1, 0, 1, 2, 0, 0, 0}},     // TPM_CC_EventSequenceComplete
+#endif
+#if (PAD_LIST || CC_HashSequenceStart)
+    {{0x0186, 0, 0, 0, 0, 0, 1, 0, 0}},     // TPM_CC_HashSequenceStart
+#endif
+#if (PAD_LIST || CC_PolicyPhysicalPresence)
+    {{0x0187, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyPhysicalPresence
+#endif
+#if (PAD_LIST || CC_PolicyDuplicationSelect)
+    {{0x0188, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyDuplicationSelect
+#endif
+#if (PAD_LIST || CC_PolicyGetDigest)
+    {{0x0189, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyGetDigest
+#endif
+#if (PAD_LIST || CC_TestParms)
+    {{0x018a, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_TestParms
+#endif
+#if (PAD_LIST || CC_Commit)
+    {{0x018b, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_Commit
+#endif
+#if (PAD_LIST || CC_PolicyPassword)
+    {{0x018c, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyPassword
+#endif
+#if (PAD_LIST || CC_ZGen_2Phase)
+    {{0x018d, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_ZGen_2Phase
+#endif
+#if (PAD_LIST || CC_EC_Ephemeral)
+    {{0x018e, 0, 0, 0, 0, 0, 0, 0, 0}},     // TPM_CC_EC_Ephemeral
+#endif
+#if (PAD_LIST || CC_PolicyNvWritten)
+    {{0x018f, 0, 0, 0, 0, 1, 0, 0, 0}},     // TPM_CC_PolicyNvWritten
+#endif
+#if (PAD_LIST || CC_PolicyTemplate)
+    {{0x0190, 0, 0, 0, 0, 1, 0, 0, 0}},       // TPM_CC_PolicyTemplate
+#endif
+#if (PAD_LIST || CC_CreateLoaded)
+    {{0x0191, 0, 0, 0, 0, 1, 1, 0, 0}},       // TPM_CC_CreateLoaded
+#endif
+#if (PAD_LIST || CC_PolicyAuthorizeNV)
+    {{0x0192, 0, 0, 0, 0, 3, 0, 0, 0}},       // TPM_CC_PolicyAuthorizeNV
+#endif
+#if (PAD_LIST || CC_EncryptDecrypt2)
+    {{0x0193, 0, 0, 0, 0, 1, 0, 0, 0}},       // TPM_CC_EncryptDecrypt2
+#endif
+    
+#if (PAD_LIST || CC_Vendor_TCG_Test)
+    {{0x0000, 0, 0, 0, 0, 0, 0, 1, 0}},     // TPM_CC_Vendor_TCG_Test
+#endif
+
+#if (PAD_LIST || CC_NTC2_PreConfig)
+    {{0x20000211, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_PreConfig
+#endif
+
+#if (PAD_LIST || CC_NTC2_LockPreConfig)
+    {{0x20000212, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_LockPreConfig
+#endif
+
+#if (PAD_LIST || CC_NTC2_GetConfig)
+    {{0x20000213, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_GetConfig
+#endif
+
+    {{0x0000, 0, 0, 0, 0, 0, 0, 0, 0}},     // kg - terminator?
+};
+
+// This is the command code attribute structure.
+
+const COMMAND_ATTRIBUTES    s_commandAttributes [] = {
+#if (PAD_LIST || CC_NV_UndefineSpaceSpecial)
+    (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial    *  // 0x011f
+			 (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_EvictControl)
+    (COMMAND_ATTRIBUTES)(CC_EvictControl               *  // 0x0120
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_HierarchyControl)
+    (COMMAND_ATTRIBUTES)(CC_HierarchyControl           *  // 0x0121
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_NV_UndefineSpace)
+    (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace           *  // 0x0122
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST)
+    (COMMAND_ATTRIBUTES)(0),                              // 0x0123
+#endif
+#if (PAD_LIST || CC_ChangeEPS)
+    (COMMAND_ATTRIBUTES)(CC_ChangeEPS                  *  // 0x0124
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_ChangePPS)
+    (COMMAND_ATTRIBUTES)(CC_ChangePPS                  *  // 0x0125
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_Clear)
+    (COMMAND_ATTRIBUTES)(CC_Clear                      *  // 0x0126
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_ClearControl)
+    (COMMAND_ATTRIBUTES)(CC_ClearControl               *  // 0x0127
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_ClockSet)
+    (COMMAND_ATTRIBUTES)(CC_ClockSet                   *  // 0x0128
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_HierarchyChangeAuth)
+    (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth        *  // 0x0129
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_NV_DefineSpace)
+    (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace             *  // 0x012a
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_PCR_Allocate)
+    (COMMAND_ATTRIBUTES)(CC_PCR_Allocate               *  // 0x012b
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_PCR_SetAuthPolicy)
+    (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy          *  // 0x012c
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_PP_Commands)
+    (COMMAND_ATTRIBUTES)(CC_PP_Commands                *  // 0x012d
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)),
+#endif
+#if (PAD_LIST || CC_SetPrimaryPolicy)
+    (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy           *  // 0x012e
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_FieldUpgradeStart)
+    (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart          *  // 0x012f
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_ClockRateAdjust)
+    (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust            *  // 0x0130
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_CreatePrimary)
+    (COMMAND_ATTRIBUTES)(CC_CreatePrimary              *  // 0x0131
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_NV_GlobalWriteLock)
+    (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock         *  // 0x0132
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_GetCommandAuditDigest)
+    (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest      *  // 0x0133
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_NV_Increment)
+    (COMMAND_ATTRIBUTES)(CC_NV_Increment               *  // 0x0134
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_NV_SetBits)
+    (COMMAND_ATTRIBUTES)(CC_NV_SetBits                 *  // 0x0135
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_NV_Extend)
+    (COMMAND_ATTRIBUTES)(CC_NV_Extend                  *  // 0x0136
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_NV_Write)
+    (COMMAND_ATTRIBUTES)(CC_NV_Write                   *  // 0x0137
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_NV_WriteLock)
+    (COMMAND_ATTRIBUTES)(CC_NV_WriteLock               *  // 0x0138
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_DictionaryAttackLockReset)
+    (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset  *  // 0x0139
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_DictionaryAttackParameters)
+    (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters *  // 0x013a
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_NV_ChangeAuth)
+    (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth              *  // 0x013b
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)),
+#endif
+#if (PAD_LIST || CC_PCR_Event)
+    (COMMAND_ATTRIBUTES)(CC_PCR_Event                  *  // 0x013c
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_PCR_Reset)
+    (COMMAND_ATTRIBUTES)(CC_PCR_Reset                  *  // 0x013d
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_SequenceComplete)
+    (COMMAND_ATTRIBUTES)(CC_SequenceComplete           *  // 0x013e
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_SetAlgorithmSet)
+    (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet            *  // 0x013f
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_SetCommandCodeAuditStatus)
+    (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus  *  // 0x0140
+			 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
+#endif
+#if (PAD_LIST || CC_FieldUpgradeData)
+    (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData           *  // 0x0141
+			 (IS_IMPLEMENTED+DECRYPT_2)),
+#endif
+#if (PAD_LIST || CC_IncrementalSelfTest)
+    (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest        *  // 0x0142
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_SelfTest)
+    (COMMAND_ATTRIBUTES)(CC_SelfTest                   *  // 0x0143
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_Startup)
+    (COMMAND_ATTRIBUTES)(CC_Startup                    *  // 0x0144
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#if (PAD_LIST || CC_Shutdown)
+    (COMMAND_ATTRIBUTES)(CC_Shutdown                   *  // 0x0145
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_StirRandom)
+    (COMMAND_ATTRIBUTES)(CC_StirRandom                 *  // 0x0146
+			 (IS_IMPLEMENTED+DECRYPT_2)),
+#endif
+#if (PAD_LIST || CC_ActivateCredential)
+    (COMMAND_ATTRIBUTES)(CC_ActivateCredential         *  // 0x0147
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Certify)
+    (COMMAND_ATTRIBUTES)(CC_Certify                    *  // 0x0148
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_PolicyNV)
+    (COMMAND_ATTRIBUTES)(CC_PolicyNV                   *  // 0x0149
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_CertifyCreation)
+    (COMMAND_ATTRIBUTES)(CC_CertifyCreation            *  // 0x014a
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_CertifyX509)
+    (COMMAND_ATTRIBUTES)(CC_CertifyX509                *  // 0x0197
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Duplicate)
+    (COMMAND_ATTRIBUTES)(CC_Duplicate                  *  // 0x014b
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_GetTime)
+    (COMMAND_ATTRIBUTES)(CC_GetTime                    *  // 0x014c
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_GetSessionAuditDigest)
+    (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest      *  // 0x014d
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_NV_Read)
+    (COMMAND_ATTRIBUTES)(CC_NV_Read                    *  // 0x014e
+			 (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_NV_ReadLock)
+    (COMMAND_ATTRIBUTES)(CC_NV_ReadLock                *  // 0x014f
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_ObjectChangeAuth)
+    (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth           *  // 0x0150
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_PolicySecret)
+    (COMMAND_ATTRIBUTES)(CC_PolicySecret               *  // 0x0151
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Rewrap)
+    (COMMAND_ATTRIBUTES)(CC_Rewrap                     *  // 0x0152
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Create)
+    (COMMAND_ATTRIBUTES)(CC_Create                     *  // 0x0153
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_ECDH_ZGen)
+    (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen                  *  // 0x0154
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_HMAC)
+    (COMMAND_ATTRIBUTES)(CC_HMAC                       *  // 0x0155
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Import)
+    (COMMAND_ATTRIBUTES)(CC_Import                     *  // 0x0156
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Load)
+    (COMMAND_ATTRIBUTES)(CC_Load                       *  // 0x0157
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_Quote)
+    (COMMAND_ATTRIBUTES)(CC_Quote                      *  // 0x0158
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_RSA_Decrypt)
+    (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt                *  // 0x0159
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST)
+    (COMMAND_ATTRIBUTES)(0),                              // 0x015a
+#endif
+#if (PAD_LIST || CC_HMAC_Start)
+    (COMMAND_ATTRIBUTES)(CC_HMAC_Start                 *  // 0x015b
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_SequenceUpdate)
+    (COMMAND_ATTRIBUTES)(CC_SequenceUpdate             *  // 0x015c
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_Sign)
+    (COMMAND_ATTRIBUTES)(CC_Sign                       *  // 0x015d
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_Unseal)
+    (COMMAND_ATTRIBUTES)(CC_Unseal                     *  // 0x015e
+			 (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST)
+    (COMMAND_ATTRIBUTES)(0),                              // 0x015f
+#endif
+#if (PAD_LIST || CC_PolicySigned)
+    (COMMAND_ATTRIBUTES)(CC_PolicySigned               *  // 0x0160
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_ContextLoad)
+    (COMMAND_ATTRIBUTES)(CC_ContextLoad                *  // 0x0161
+			 (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_ContextSave)
+    (COMMAND_ATTRIBUTES)(CC_ContextSave                *  // 0x0162
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#if (PAD_LIST || CC_ECDH_KeyGen)
+    (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen                *  // 0x0163
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_EncryptDecrypt)
+    (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt             *  // 0x0164
+			 (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_FlushContext)
+    (COMMAND_ATTRIBUTES)(CC_FlushContext               *  // 0x0165
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#if (PAD_LIST)
+    (COMMAND_ATTRIBUTES)(0),                              // 0x0166
+#endif
+#if (PAD_LIST || CC_LoadExternal)
+    (COMMAND_ATTRIBUTES)(CC_LoadExternal               *  // 0x0167
+			 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_MakeCredential)
+    (COMMAND_ATTRIBUTES)(CC_MakeCredential             *  // 0x0168
+			 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_NV_ReadPublic)
+    (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic              *  // 0x0169
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_PolicyAuthorize)
+    (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize            *  // 0x016a
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyAuthValue)
+    (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue            *  // 0x016b
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyCommandCode)
+    (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode          *  // 0x016c
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyCounterTimer)
+    (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer         *  // 0x016d
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyCpHash)
+    (COMMAND_ATTRIBUTES)(CC_PolicyCpHash               *  // 0x016e
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyLocality)
+    (COMMAND_ATTRIBUTES)(CC_PolicyLocality             *  // 0x016f
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyNameHash)
+    (COMMAND_ATTRIBUTES)(CC_PolicyNameHash             *  // 0x0170
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyOR)
+    (COMMAND_ATTRIBUTES)(CC_PolicyOR                   *  // 0x0171
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyTicket)
+    (COMMAND_ATTRIBUTES)(CC_PolicyTicket               *  // 0x0172
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_ReadPublic)
+    (COMMAND_ATTRIBUTES)(CC_ReadPublic                 *  // 0x0173
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_RSA_Encrypt)
+    (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt                *  // 0x0174
+			 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
+#endif
+#if (PAD_LIST)
+    (COMMAND_ATTRIBUTES)(0),                              // 0x0175
+#endif
+#if (PAD_LIST || CC_StartAuthSession)
+    (COMMAND_ATTRIBUTES)(CC_StartAuthSession           *  // 0x0176
+			 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_VerifySignature)
+    (COMMAND_ATTRIBUTES)(CC_VerifySignature            *  // 0x0177
+			 (IS_IMPLEMENTED+DECRYPT_2)),
+#endif
+#if (PAD_LIST || CC_ECC_Parameters)
+    (COMMAND_ATTRIBUTES)(CC_ECC_Parameters             *  // 0x0178
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_FirmwareRead)
+    (COMMAND_ATTRIBUTES)(CC_FirmwareRead               *  // 0x0179
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_GetCapability)
+    (COMMAND_ATTRIBUTES)(CC_GetCapability              *  // 0x017a
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_GetRandom)
+    (COMMAND_ATTRIBUTES)(CC_GetRandom                  *  // 0x017b
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_GetTestResult)
+    (COMMAND_ATTRIBUTES)(CC_GetTestResult              *  // 0x017c
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_Hash)
+    (COMMAND_ATTRIBUTES)(CC_Hash                       *  // 0x017d
+			 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_PCR_Read)
+    (COMMAND_ATTRIBUTES)(CC_PCR_Read                   *  // 0x017e
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_PolicyPCR)
+    (COMMAND_ATTRIBUTES)(CC_PolicyPCR                  *  // 0x017f
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyRestart)
+    (COMMAND_ATTRIBUTES)(CC_PolicyRestart              *  // 0x0180
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_ReadClock)
+    (COMMAND_ATTRIBUTES)(CC_ReadClock                  *  // 0x0181
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#if (PAD_LIST || CC_PCR_Extend)
+    (COMMAND_ATTRIBUTES)(CC_PCR_Extend                 *  // 0x0182
+			 (IS_IMPLEMENTED+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_PCR_SetAuthValue)
+    (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue           *  // 0x0183
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
+#endif
+#if (PAD_LIST || CC_NV_Certify)
+    (COMMAND_ATTRIBUTES)(CC_NV_Certify                 *  // 0x0184
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_EventSequenceComplete)
+    (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete      *  // 0x0185
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)),
+#endif
+#if (PAD_LIST || CC_HashSequenceStart)
+    (COMMAND_ATTRIBUTES)(CC_HashSequenceStart          *  // 0x0186
+			 (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_PolicyPhysicalPresence)
+    (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence     *  // 0x0187
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyDuplicationSelect)
+    (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect    *  // 0x0188
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyGetDigest)
+    (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest            *  // 0x0189
+			 (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_TestParms)
+    (COMMAND_ATTRIBUTES)(CC_TestParms                  *  // 0x018a
+			 (IS_IMPLEMENTED)),
+#endif
+#if (PAD_LIST || CC_Commit)
+    (COMMAND_ATTRIBUTES)(CC_Commit                     *  // 0x018b
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_PolicyPassword)
+    (COMMAND_ATTRIBUTES)(CC_PolicyPassword             *  // 0x018c
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_ZGen_2Phase)
+    (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase                *  // 0x018d
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_EC_Ephemeral)
+    (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral               *  // 0x018e
+			 (IS_IMPLEMENTED+ENCRYPT_2)),
+#endif
+#if (PAD_LIST || CC_PolicyNvWritten)
+    (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten            *  // 0x018f
+			 (IS_IMPLEMENTED+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_PolicyTemplate)
+    (COMMAND_ATTRIBUTES)(CC_PolicyTemplate             *  // 0x0190
+			 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_CreateLoaded)
+    (COMMAND_ATTRIBUTES)(CC_CreateLoaded               *  // 0x0191
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)),
+#endif
+#if (PAD_LIST || CC_PolicyAuthorizeNV)
+    (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV          *  // 0x0192
+			 (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)),
+#endif
+#if (PAD_LIST || CC_EncryptDecrypt2)
+    (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2            *  // 0x0193
+			 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
+#endif
+    
+#if (PAD_LIST || CC_Vendor_TCG_Test)
+    (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test            *  // 0x0000
+			 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
+#endif
+
+#ifdef TPM_TSS_NUVOTON
+#if (PAD_LIST || CC_NTC2_PreConfig)
+    (COMMAND_ATTRIBUTES)(CC_NTC2_PreConfig             *  // 0x20000211
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#if (PAD_LIST || CC_NTC2_LockPreConfig)
+    (COMMAND_ATTRIBUTES)(CC_NTC2_LockPreConfig         *  // 0x20000212
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#if (PAD_LIST || CC_NTC2_GetConfig)
+    (COMMAND_ATTRIBUTES)(CC_NTC2_GetConfig             *  // 0x20000213
+			 (IS_IMPLEMENTED+NO_SESSIONS)),
+#endif
+#endif	/* TPM_TSS_NUVOTON */
+    
+    0
+};
diff --git a/utils/CommandAttributeData12.c b/utils/CommandAttributeData12.c
new file mode 100644
index 000000000..7bf8b6f96
--- /dev/null
+++ b/utils/CommandAttributeData12.c
@@ -0,0 +1,121 @@
+/********************************************************************************/
+/*										*/
+/*			  Command Attributes Table for TPM 1.2			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2018 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+
+#include <ibmtss/tpmconstants12.h>
+
+#include "CommandAttributes.h"
+#if defined COMPRESSED_LISTS
+#   define      PAD_LIST    0
+#else
+#   define      PAD_LIST    1
+#endif
+
+// This is the command code attribute array for GetCapability(). Both this array and
+// s_commandAttributes provides command code attributes, but tuned for different purpose
+
+/* bitfield is:
+   
+   command index
+   reserved
+   nv
+   extensive
+   flushed
+   cHandles not included in HMAC
+   rHandle not included in HMAC
+   V
+   reserved, flags TPM 1.2 command
+*/
+   
+#include "tssccattributes.h"
+const TPMA_CC_TSS    s_ccAttr12 [] = {
+    
+    /*                                  R  N  E  F  C  R  V  R */
+
+    {{TPM_ORD_ActivateIdentity,		0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_ContinueSelfTest,		0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_CreateEndorsementKeyPair,	0, 1, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_CreateWrapKey,		0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_Extend,			0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_FlushSpecific,		0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_GetCapability,		0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_LoadKey2, 		0, 0, 0, 0, 1, 1, 0, 1}},
+    {{TPM_ORD_MakeIdentity, 		0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_NV_DefineSpace, 		1, 1, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_NV_ReadValueAuth,		1, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_NV_ReadValue,		1, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_NV_WriteValue,		1, 1, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_NV_WriteValueAuth,	1, 1, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_OIAP, 			0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_OSAP, 			0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_OwnerReadInternalPub,	0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_OwnerSetDisable, 		0, 1, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_PcrRead,			0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_PCR_Reset,		0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_ReadPubek, 		0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_Quote2, 			0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_Sign, 			0, 0, 0, 0, 1, 0, 0, 1}},
+    {{TPM_ORD_Startup, 			0, 1, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_TakeOwnership,		0, 0, 0, 0, 0, 0, 0, 1}},
+    {{TPM_ORD_Init, 			0, 0, 0, 0, 0, 0, 0, 1}},
+
+    {{0x0000, 				0, 0, 0, 0, 0, 0, 0, 0}},     // kg - terminator?
+};
+
diff --git a/utils/CommandAttributes.h b/utils/CommandAttributes.h
new file mode 100644
index 000000000..c19a3fbf4
--- /dev/null
+++ b/utils/CommandAttributes.h
@@ -0,0 +1,108 @@
+/********************************************************************************/
+/*										*/
+/*			  Command Attributes	   				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: CommandAttributes.h 1289 2018-07-30 16:31:47Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2018				*/
+/*										*/
+/********************************************************************************/
+
+#ifndef COMMANDATTRIBUTES_H
+#define COMMANDATTRIBUTES_H
+
+#include <ibmtss/TPM_Types.h>
+
+#define IS_IMPLEMENTED 	0x0001
+#define HANDLE_1_USER 	0x0002
+#define HANDLE_1_ADMIN	0x0004
+#define HANDLE_1_DUP	0x0008
+#define HANDLE_2_USER	0x0010
+#define PP_COMMAND	0x0020
+#define PP_REQUIRED	0x0040
+#define ALLOW_TRIAL	0x0080
+#define NO_SESSIONS	0x0100
+#define DECRYPT_2	0x0200
+#define DECRYPT_4	0x0400
+#define ENCRYPT_2	0x0800
+#define ENCRYPT_4	0x1000
+#define R_HANDLE	0x2000
+
+typedef UINT32 COMMAND_ATTRIBUTES;
+
+typedef union {
+    struct {
+	uint32_t commandCode;
+	uint8_t reserved1;
+	uint8_t nv;
+	uint8_t extensive;
+	uint8_t flushed;
+	uint8_t cHandles;
+	uint8_t rHandle;
+	uint8_t V;
+	uint8_t tpm12Ordinal;	/* kgold - was reserved, flags TPM 1.2 ordinal */
+    };
+    /* must be a union so the below 'bitfield' structure intiializer works */
+    uint8_t dummy;
+} TPMA_CC_TSS;
+
+extern const TPMA_CC_TSS s_ccAttr [];
+#ifdef TPM_TPM12
+extern const TPMA_CC_TSS s_ccAttr12 [];
+#endif
+
+extern const COMMAND_ATTRIBUTES    s_commandAttributes [];
+
+#endif
+
diff --git a/utils/Commands.c b/utils/Commands.c
new file mode 100644
index 000000000..4f2a57681
--- /dev/null
+++ b/utils/Commands.c
@@ -0,0 +1,2294 @@
+/********************************************************************************/
+/*										*/
+/*			  Command Parameter Unmarshaling			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+/* The TSS using the command parameter unmarshaling to validate caller input parameters before
+   sending them to the TPM.
+
+   It is essentially the same as the TPM side code.
+*/
+
+#include "Commands_fp.h"
+#include <ibmtss/Parameters.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/*
+  In_Unmarshal - shared by TPM and TSS
+*/
+
+TPM_RC
+Startup_In_Unmarshal(Startup_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_SU_Unmarshalu(&target->startupType, buffer, size);	
+	if (rc != TPM_RC_SUCCESS) {	
+	    rc += RC_Startup_startupType;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Shutdown_In_Unmarshal(Shutdown_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_SU_Unmarshalu(&target->shutdownType, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Shutdown_shutdownType;
+	}
+    }
+    return rc;
+}
+TPM_RC
+SelfTest_In_Unmarshal(SelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->fullTest, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SelfTest_fullTest;
+	}
+    }
+    return rc;
+}
+TPM_RC
+IncrementalSelfTest_In_Unmarshal(IncrementalSelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_ALG_Unmarshalu(&target->toTest, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_IncrementalSelfTest_toTest;
+	}
+    }
+    return rc;
+}
+TPM_RC
+StartAuthSession_In_Unmarshal(StartAuthSession_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->tpmKey = handles[0];
+	target->bind = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceCaller, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_StartAuthSession_nonceCaller;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->encryptedSalt, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_StartAuthSession_encryptedSalt;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_SE_Unmarshalu(&target->sessionType, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_StartAuthSession_sessionType;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_Unmarshalu(&target->symmetric, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_StartAuthSession_symmetric;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->authHash, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_StartAuthSession_authHash;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyRestart_In_Unmarshal(PolicyRestart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	target->sessionHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+Create_In_Unmarshal(Create_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->parentHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(&target->inSensitive, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Create_inSensitive;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Create_inPublic;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->outsideInfo, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Create_outsideInfo;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->creationPCR, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Create_creationPCR;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Load_In_Unmarshal(Load_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->parentHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->inPrivate, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Load_inPrivate;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Load_inPublic;
+	}
+    }
+    return rc;
+}
+TPM_RC
+LoadExternal_In_Unmarshal(LoadExternal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_Unmarshalu(&target->inPrivate, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_LoadExternal_inPrivate;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_LoadExternal_inPublic;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_LoadExternal_hierarchy;
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+ReadPublic_In_Unmarshal(ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->objectHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+ActivateCredential_In_Unmarshal(ActivateCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->activateHandle = handles[0];
+	target->keyHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ID_OBJECT_Unmarshalu(&target->credentialBlob, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ActivateCredential_credentialBlob;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->secret, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ActivateCredential_secret;
+	}
+    }
+    return rc;
+}
+TPM_RC
+MakeCredential_In_Unmarshal(MakeCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->handle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->credential, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_MakeCredential_credential;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->objectName, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_MakeCredential_objectName;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Unseal_In_Unmarshal(Unseal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->itemHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+ObjectChangeAuth_In_Unmarshal(ObjectChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->objectHandle = handles[0];
+	target->parentHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->newAuth, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+CreateLoaded_In_Unmarshal(CreateLoaded_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->parentHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(&target->inSensitive, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Create_inSensitive;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_TEMPLATE_Unmarshalu(&target->inPublic, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CreateLoaded_inPublic;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Duplicate_In_Unmarshal(Duplicate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->objectHandle = handles[0];
+	target->newParentHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->encryptionKeyIn, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Duplicate_encryptionKeyIn;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetricAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Duplicate_symmetricAlg;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Rewrap_In_Unmarshal(Rewrap_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->oldParent = handles[0];
+	target->newParent = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->inDuplicate, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Rewrap_inDuplicate;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Rewrap_name;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->inSymSeed, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Rewrap_inSymSeed;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Import_In_Unmarshal(Import_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->parentHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->encryptionKey, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->objectPublic, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Import_objectPublic;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->duplicate, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Import_duplicate;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->inSymSeed, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Import_inSymSeed;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetricAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Import_symmetricAlg;
+	}
+    }
+    return rc;
+}
+TPM_RC
+RSA_Encrypt_In_Unmarshal(RSA_Encrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->message, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_RSA_Encrypt_message;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_RSA_DECRYPT_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_RSA_Encrypt_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->label, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_RSA_Encrypt_label;
+	}
+    }
+    return rc;
+}
+TPM_RC
+RSA_Decrypt_In_Unmarshal(RSA_Decrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->cipherText, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_RSA_Decrypt_cipherText;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_RSA_DECRYPT_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_RSA_Decrypt_inScheme;
+	}
+   }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->label, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_RSA_Decrypt_label;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ECDH_KeyGen_In_Unmarshal(ECDH_KeyGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+ECDH_ZGen_In_Unmarshal(ECDH_ZGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->inPoint, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ECDH_ZGen_inPoint;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ECC_Parameters_In_Unmarshal(ECC_Parameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ECC_Parameters_curveID;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ZGen_2Phase_In_Unmarshal(ZGen_2Phase_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyA = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->inQsB, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ZGen_2Phase_inQsB;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->inQeB, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ZGen_2Phase_inQeB;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(&target->inScheme, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ZGen_2Phase_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->counter, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ZGen_2Phase_counter;
+	}
+    }
+    return rc;
+}
+TPM_RC
+EncryptDecrypt_In_Unmarshal(EncryptDecrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->decrypt, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt_decrypt;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->mode, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt_mode;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_IV_Unmarshalu(&target->ivIn, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt_ivIn;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->inData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt_inData;
+	}
+    }
+    return rc;
+}
+TPM_RC
+EncryptDecrypt2_In_Unmarshal(EncryptDecrypt2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->inData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt2_inData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->decrypt, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt2_decrypt;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->mode, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt2_mode;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_IV_Unmarshalu(&target->ivIn, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EncryptDecrypt2_ivIn;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Hash_In_Unmarshal(Hash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->data, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Hash_data;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Hash_hashAlg;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Hash_hierarchy;
+	}
+    }
+    return rc;
+}
+TPM_RC
+HMAC_In_Unmarshal(HMAC_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->handle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HMAC_buffer;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HMAC_hashAlg;
+	}
+    }
+    return rc;
+}
+TPM_RC
+GetRandom_In_Unmarshal(GetRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->bytesRequested, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetRandom_bytesRequested;
+	}
+    }
+    return rc;
+}
+TPM_RC
+StirRandom_In_Unmarshal(StirRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->inData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_StirRandom_inData;
+	}
+    }
+    return rc;
+}
+TPM_RC
+HMAC_Start_In_Unmarshal(HMAC_Start_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->handle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->auth, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HMAC_Start_auth;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HMAC_Start_hashAlg;
+	}
+    }
+    return rc;
+}
+TPM_RC
+HashSequenceStart_In_Unmarshal(HashSequenceStart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->auth, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HashSequenceStart_auth;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HashSequenceStart_hashAlg;
+	}
+    }
+    return rc;
+}
+TPM_RC
+SequenceUpdate_In_Unmarshal(SequenceUpdate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->sequenceHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SequenceUpdate_buffer;
+	}
+    }
+    return rc;
+}
+TPM_RC
+SequenceComplete_In_Unmarshal(SequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->sequenceHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SequenceComplete_buffer;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SequenceComplete_hierarchy;
+	}
+    }
+    return rc;
+}
+TPM_RC
+EventSequenceComplete_In_Unmarshal(EventSequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->pcrHandle = handles[0];
+	target->sequenceHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->buffer, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EventSequenceComplete_buffer;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Certify_In_Unmarshal(Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->objectHandle = handles[0];
+	target->signHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Certify_qualifyingData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Certify_inScheme;
+	}
+    }
+    return rc;
+}
+TPM_RC
+CertifyX509_In_Unmarshal(CertifyX509_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->objectHandle = handles[0];
+	target->signHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->reserved, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyX509_reserved;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyX509_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->partialCertificate, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyX509_partialCertificate;
+	}
+    }
+    return rc;
+}
+TPM_RC
+CertifyCreation_In_Unmarshal(CertifyCreation_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->signHandle = handles[0];
+	target->objectHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyCreation_creationHash;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyCreation_creationHash;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyCreation_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_CREATION_Unmarshalu(&target->creationTicket, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CertifyCreation_creationTicket;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Quote_In_Unmarshal(Quote_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->signHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Quote_qualifyingData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Quote_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->PCRselect, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Quote_PCRselect;
+	}
+    }
+    return rc;
+}
+TPM_RC
+GetSessionAuditDigest_In_Unmarshal(GetSessionAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->privacyAdminHandle = handles[0];
+	target->signHandle = handles[1];
+	target->sessionHandle = handles[2];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetSessionAuditDigest_qualifyingData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetSessionAuditDigest_inScheme;
+	}
+    }
+    return rc;
+}
+TPM_RC
+GetCommandAuditDigest_In_Unmarshal(GetCommandAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->privacyHandle = handles[0];
+	target->signHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetCommandAuditDigest_qualifyingData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetCommandAuditDigest_inScheme;
+	}
+    }
+    return rc;
+}
+TPM_RC
+GetTime_In_Unmarshal(GetTime_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->privacyAdminHandle = handles[0];
+	target->signHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetTime_qualifyingData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetTime_inScheme;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Commit_In_Unmarshal(Commit_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->signHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->P1, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Commit_P1;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->s2, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Commit_s2;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->y2, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Commit_y2;
+	}
+    }
+    return rc;
+}
+TPM_RC
+EC_Ephemeral_In_Unmarshal(EC_Ephemeral_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EC_Ephemeral_curveID;
+	}
+    }
+    return rc;
+}
+TPM_RC
+VerifySignature_In_Unmarshal(VerifySignature_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_VerifySignature_digest;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_VerifySignature_signature;
+	}
+    }
+    return rc;
+}
+TPM_RC
+Sign_In_Unmarshal(Sign_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Sign_digest;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Sign_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_HASHCHECK_Unmarshalu(&target->validation, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_Sign_validation;
+	}
+    }
+    return rc;
+}
+TPM_RC
+SetCommandCodeAuditStatus_In_Unmarshal(SetCommandCodeAuditStatus_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->auth = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->auditAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SetCommandCodeAuditStatus_auditAlg;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_CC_Unmarshalu(&target->setList, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SetCommandCodeAuditStatus_setList;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_CC_Unmarshalu(&target->clearList, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SetCommandCodeAuditStatus_clearList;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_Extend_In_Unmarshal(PCR_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->pcrHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->digests, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_Extend_digests;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_Event_In_Unmarshal(PCR_Event_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->pcrHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_EVENT_Unmarshalu(&target->eventData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_Event_eventData;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_Read_In_Unmarshal(PCR_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelectionIn, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_Read_pcrSelectionIn;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_Allocate_In_Unmarshal(PCR_Allocate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrAllocation, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_Allocate_pcrAllocation;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_SetAuthPolicy_In_Unmarshal(PCR_SetAuthPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_SetAuthPolicy_authPolicy;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_SetAuthPolicy_hashAlg;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_PCR_Unmarshalu(&target->pcrNum, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_SetAuthPolicy_pcrNum;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_SetAuthValue_In_Unmarshal(PCR_SetAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->pcrHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->auth, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PCR_SetAuthValue_auth;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PCR_Reset_In_Unmarshal(PCR_Reset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->pcrHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+PolicySigned_In_Unmarshal(PolicySigned_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authObject = handles[0];
+	target->policySession = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySigned_nonceTPM;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySigned_cpHashA;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySigned_policyRef;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_INT32_Unmarshalu(&target->expiration, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySigned_expiration;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->auth, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySigned_auth;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicySecret_In_Unmarshal(PolicySecret_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->policySession = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySecret_nonceTPM;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySecret_cpHashA;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySecret_policyRef;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_INT32_Unmarshalu(&target->expiration, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicySecret_expiration;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyTicket_In_Unmarshal(PolicyTicket_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_TIMEOUT_Unmarshalu(&target->timeout, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyTicket_timeout;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyTicket_cpHashA;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyTicket_policyRef;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->authName, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyTicket_authName;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_AUTH_Unmarshalu(&target->ticket, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyTicket_ticket;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyOR_In_Unmarshal(PolicyOR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	/* Policy OR requires at least two OR terms */
+	rc = TSS_TPML_DIGEST_Unmarshalu(&target->pHashList, buffer, size, 2);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyOR_pHashList;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyPCR_In_Unmarshal(PolicyPCR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->pcrDigest, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyPCR_pcrDigest;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrs, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyPCR_pcrs;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyLocality_In_Unmarshal(PolicyLocality_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMA_LOCALITY_Unmarshalu(&target->locality, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyLocality_locality;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyNV_In_Unmarshal(PolicyNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+	target->policySession = handles[2];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_OPERAND_Unmarshalu(&target->operandB, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyNV_operandB;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyNV_offset;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_EO_Unmarshalu(&target->operation, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyNV_operation;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyAuthorizeNV_In_Unmarshal(PolicyAuthorizeNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+	target->policySession = handles[2];
+    }
+    return rc;
+}
+TPM_RC
+PolicyCounterTimer_In_Unmarshal(PolicyCounterTimer_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_OPERAND_Unmarshalu(&target->operandB, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyCounterTimer_operandB;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyCounterTimer_offset;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_EO_Unmarshalu(&target->operation, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyCounterTimer_operation;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyCommandCode_In_Unmarshal(PolicyCommandCode_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_CC_Unmarshalu(&target->code, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyCommandCode_code;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyPhysicalPresence_In_Unmarshal(PolicyPhysicalPresence_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+PolicyCpHash_In_Unmarshal(PolicyCpHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->cpHashA, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyCpHash_cpHashA;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyNameHash_In_Unmarshal(PolicyNameHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->nameHash, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyNameHash_nameHash;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyDuplicationSelect_In_Unmarshal(PolicyDuplicationSelect_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->objectName, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyDuplicationSelect_objectName;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->newParentName, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyDuplicationSelect_newParentName;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->includeObject, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyDuplicationSelect_includeObject;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyAuthorize_In_Unmarshal(PolicyAuthorize_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->approvedPolicy, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyAuthorize_approvedPolicy;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->policyRef, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyAuthorize_policyRef;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->keySign, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyAuthorize_keySign;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_VERIFIED_Unmarshalu(&target->checkTicket, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyAuthorize_checkTicket;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyAuthValue_In_Unmarshal(PolicyAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+PolicyPassword_In_Unmarshal(PolicyPassword_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+PolicyGetDigest_In_Unmarshal(PolicyGetDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+PolicyNvWritten_In_Unmarshal(PolicyNvWritten_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->writtenSet, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyNvWritten_writtenSet;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PolicyTemplate_In_Unmarshal(PolicyTemplate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->policySession = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->templateHash, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PolicyTemplate_templateHash;
+	}
+    }
+    return rc;
+}
+TPM_RC
+CreatePrimary_In_Unmarshal(CreatePrimary_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->primaryHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(&target->inSensitive, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CreatePrimary_inSensitive;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->inPublic, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CreatePrimary_inPublic;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->outsideInfo, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CreatePrimary_outsideInfo;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->creationPCR, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_CreatePrimary_creationPCR;
+	}
+    }
+    return rc;
+}
+TPM_RC
+HierarchyControl_In_Unmarshal(HierarchyControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_ENABLES_Unmarshalu(&target->enable, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HierarchyControl_enable;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->state, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HierarchyControl_state;
+	}
+    }
+    return rc;
+}
+TPM_RC
+SetPrimaryPolicy_In_Unmarshal(SetPrimaryPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SetPrimaryPolicy_authPolicy;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SetPrimaryPolicy_hashAlg;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ChangePPS_In_Unmarshal(ChangePPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+ChangeEPS_In_Unmarshal(ChangeEPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+Clear_In_Unmarshal(Clear_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+ClearControl_In_Unmarshal(ClearControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->auth = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->disable, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ClearControl_disable;
+	}
+    }
+    return rc;
+}
+TPM_RC
+HierarchyChangeAuth_In_Unmarshal(HierarchyChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->newAuth, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_HierarchyChangeAuth_newAuth;
+	}
+    }
+    return rc;
+}
+TPM_RC
+DictionaryAttackLockReset_In_Unmarshal(DictionaryAttackLockReset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->lockHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+DictionaryAttackParameters_In_Unmarshal(DictionaryAttackParameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->lockHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->newMaxTries, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_DictionaryAttackParameters_newMaxTries;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->newRecoveryTime, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_DictionaryAttackParameters_newRecoveryTime;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->lockoutRecovery, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_DictionaryAttackParameters_lockoutRecovery;
+	}
+    }
+    return rc;
+}
+TPM_RC
+PP_Commands_In_Unmarshal(PP_Commands_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->auth = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_CC_Unmarshalu(&target->setList, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PP_Commands_setList;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_CC_Unmarshalu(&target->clearList, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_PP_Commands_clearList;
+	}
+    }
+    return rc;
+}
+TPM_RC
+SetAlgorithmSet_In_Unmarshal(SetAlgorithmSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->algorithmSet, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_SetAlgorithmSet_algorithmSet;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ContextSave_In_Unmarshal(ContextSave_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->saveHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+ContextLoad_In_Unmarshal(ContextLoad_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_CONTEXT_Unmarshalu(&target->context, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ContextLoad_context;
+	}
+    }
+    return rc;
+}
+TPM_RC
+FlushContext_In_Unmarshal(FlushContext_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_CONTEXT_Unmarshalu(&target->flushHandle, buffer, size, NO);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_FlushContext_flushHandle;
+	}
+    }
+    return rc;
+}
+TPM_RC
+EvictControl_In_Unmarshal(EvictControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->auth = handles[0];
+	target->objectHandle = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_PERSISTENT_Unmarshalu(&target->persistentHandle, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_EvictControl_persistentHandle;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ClockSet_In_Unmarshal(ClockSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->auth = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->newTime, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ClockSet_newTime;
+	}
+    }
+    return rc;
+}
+TPM_RC
+ClockRateAdjust_In_Unmarshal(ClockRateAdjust_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->auth = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_CLOCK_ADJUST_Unmarshalu(&target->rateAdjust, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_ClockRateAdjust_rateAdjust;
+	}
+    }
+    return rc;
+}
+TPM_RC
+GetCapability_In_Unmarshal(GetCapability_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_CAP_Unmarshalu(&target->capability, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetCapability_capability;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->property, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetCapability_property;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->propertyCount, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_GetCapability_propertyCount;
+	}
+    }
+    return rc;
+}
+TPM_RC
+TestParms_In_Unmarshal(TestParms_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_PUBLIC_PARMS_Unmarshalu(&target->parameters, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_TestParms_parameters;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_DefineSpace_In_Unmarshal(NV_DefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->auth, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_DefineSpace_auth;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NV_PUBLIC_Unmarshalu(&target->publicInfo, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_DefineSpace_publicInfo;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_UndefineSpace_In_Unmarshal(NV_UndefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+    }
+    return rc;
+}
+TPM_RC
+NV_UndefineSpaceSpecial_In_Unmarshal(NV_UndefineSpaceSpecial_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->nvIndex = handles[0];
+	target->platform = handles[1];
+    }
+    return rc;
+}
+TPM_RC
+NV_ReadPublic_In_Unmarshal(NV_ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->nvIndex = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+NV_Write_In_Unmarshal(NV_Write_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->data, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Write_data;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Write_offset;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_Increment_In_Unmarshal(NV_Increment_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+    }
+    return rc;
+}
+TPM_RC
+NV_Extend_In_Unmarshal(NV_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+ 	target->nvIndex = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->data, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Extend_data;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_SetBits_In_Unmarshal(NV_SetBits_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->bits, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_SetBits_bits;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_WriteLock_In_Unmarshal(NV_WriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+	target->nvIndex = handles[1];
+    }
+    return rc;
+}
+TPM_RC
+NV_GlobalWriteLock_In_Unmarshal(NV_GlobalWriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+    }
+    return rc;
+}
+TPM_RC
+NV_Read_In_Unmarshal(NV_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+ 	target->nvIndex = handles[1];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Read_size;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Read_offset;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_ReadLock_In_Unmarshal(NV_ReadLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    buffer = buffer;
+    size = size;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->authHandle = handles[0];
+ 	target->nvIndex = handles[1];
+    }
+    return rc;
+}
+TPM_RC
+NV_ChangeAuth_In_Unmarshal(NV_ChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->nvIndex = handles[0];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->newAuth, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_ChangeAuth_newAuth;
+	}
+    }
+    return rc;
+}
+TPM_RC
+NV_Certify_In_Unmarshal(NV_Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	target->signHandle = handles[0];
+	target->authHandle = handles[1];
+	target->nvIndex = handles[2];
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->qualifyingData, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Certify_qualifyingData;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIG_SCHEME_Unmarshalu(&target->inScheme, buffer, size, YES);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Certify_inScheme;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Certify_size;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size);
+	if (rc != TPM_RC_SUCCESS) {
+	    rc += RC_NV_Certify_offset;
+	}
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NOCMDCHECK */
diff --git a/utils/Commands12.c b/utils/Commands12.c
new file mode 100644
index 000000000..44e3d0ae8
--- /dev/null
+++ b/utils/Commands12.c
@@ -0,0 +1,599 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              	                                   	*/
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*            $Id: Commands12.c 1285 2018-07-27 18:33:41Z kgoldman $         	*/
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2018						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include "Commands12_fp.h"
+#include <ibmtss/Parameters.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+COMMAND_PARAMETERS in;
+RESPONSE_PARAMETERS out;
+
+/*
+  In_Unmarshal
+*/
+
+TPM_RC
+ActivateIdentity_In_Unmarshal(ActivateIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	target->idKeyHandle = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->blobSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	if (target->blobSize > sizeof(target->blob)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->blob, target->blobSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+CreateEndorsementKeyPair_In_Unmarshal(CreateEndorsementKeyPair_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->antiReplay, TPM_NONCE_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Unmarshalu(&target->keyInfo, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+CreateWrapKey_In_Unmarshal(CreateWrapKey_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->parentHandle = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->dataUsageAuth, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->dataMigrationAuth, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Unmarshalu(&target->keyInfo, buffer, size);
+    	if (rc != 0) {
+    	    rc += (TPM_RC_P + TPM_RC_3);
+    	}
+    }
+    return rc;
+}
+
+TPM_RC
+Extend_In_Unmarshal(Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	target->pcrNum = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->inDigest, SHA1_DIGEST_SIZE, buffer, size);
+    	if (rc != 0) {
+    	    rc += (TPM_RC_P + TPM_RC_1);
+    	}
+    }
+    return rc;
+}
+
+TPM_RC
+FlushSpecific_In_Unmarshal(FlushSpecific_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	target->handle = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->resourceType, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+GetCapability12_In_Unmarshal(GetCapability12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->capArea, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->subCapSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+	if (target->subCapSize > sizeof(target->subCap)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->subCap, target->subCapSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_3);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+LoadKey2_In_Unmarshal(LoadKey2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->parentHandle = handles[0];
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Unmarshalu(&target->inKey, buffer, size);
+    	if (rc != 0) {
+    	    rc += (TPM_RC_P + TPM_RC_1);
+    	}
+    }
+    return rc;
+}
+
+TPM_RC
+MakeIdentity_In_Unmarshal(MakeIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->identityAuth, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->labelPrivCADigest, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Unmarshalu(&target->idKeyParams, buffer, size);
+    	if (rc != 0) {
+    	    rc += (TPM_RC_P + TPM_RC_3);
+    	}
+    }
+    return rc;
+}
+
+TPM_RC
+NV_DefineSpace12_In_Unmarshal(NV_DefineSpace12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(&target->pubInfo, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->encAuth, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+NV_ReadValueAuth_In_Unmarshal(NV_ReadValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->nvIndex = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+NV_ReadValue_In_Unmarshal(NV_ReadValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->nvIndex = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+NV_WriteValue_In_Unmarshal(NV_WriteValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->nvIndex = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+	if (target->dataSize > sizeof(target->data)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_3);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+NV_WriteValueAuth_In_Unmarshal(NV_WriteValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->nvIndex = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->offset, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+	if (target->dataSize > sizeof(target->data)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_3);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+OSAP_In_Unmarshal(OSAP_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->entityType, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->entityValue, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->nonceOddOSAP, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_3);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+OwnerSetDisable_In_Unmarshal(OwnerSetDisable_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->disableState, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+OwnerReadInternalPub_In_Unmarshal(OwnerReadInternalPub_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->keyHandle , buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+PcrRead12_In_Unmarshal(PcrRead12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    buffer = buffer;
+    size = size;
+
+    if (rc == 0) {
+	target->pcrIndex = handles[0];
+    }
+    return rc;
+}
+
+TPM_RC
+PCR_Reset12_In_Unmarshal(PCR_Reset12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+    	rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->pcrSelection, buffer, size);
+    	if (rc != 0) {
+    	    rc += (TPM_RC_P + TPM_RC_1);
+    	}
+    }
+    return rc;
+}
+
+TPM_RC
+Quote2_In_Unmarshal(Quote2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->externalData, SHA1_DIGEST_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->targetPCR, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->addVersion, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_3);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+ReadPubek_In_Unmarshal(ReadPubek_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->antiReplay, TPM_NONCE_SIZE, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+Sign12_In_Unmarshal(Sign12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	target->keyHandle = handles[0];
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->areaToSignSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    if (rc == 0) {
+	if (target->areaToSignSize > sizeof(target->areaToSign)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->areaToSign, target->areaToSignSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+Startup12_In_Unmarshal(Startup12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+    if (rc == 0) {
+	rc = TSS_TPM_STARTUP_TYPE_Unmarshalu(&target->startupType, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+TakeOwnership_In_Unmarshal(TakeOwnership_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = 0;
+    handles = handles;
+
+   if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->protocolID, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_1);
+	}
+    }
+   if (rc == 0) {
+       rc = TSS_UINT32_Unmarshalu(&target->encOwnerAuthSize, buffer, size);	
+       if (rc != 0) {	
+	   rc += (TPM_RC_P + TPM_RC_1);
+       }
+   }
+     if (rc == 0) {
+	 if (target->encOwnerAuthSize > sizeof(target->encOwnerAuth)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->encOwnerAuth, target->encOwnerAuthSize , buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_2);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->encSrkAuthSize, buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_3);
+	}
+    }
+    if (rc == 0) {
+	if (target->encSrkAuthSize > sizeof(target->encSrkAuth)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->encSrkAuth, target->encSrkAuthSize , buffer, size);	
+	if (rc != 0) {	
+	    rc += (TPM_RC_P + TPM_RC_4);
+	}
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Unmarshalu(&target->srkParams, buffer, size);
+    	if (rc != 0) {
+    	    rc += (TPM_RC_P + TPM_RC_5);
+    	}
+    }
+    return rc;
+}
+
diff --git a/utils/Commands12_fp.h b/utils/Commands12_fp.h
new file mode 100644
index 000000000..29a4bf1e2
--- /dev/null
+++ b/utils/Commands12_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              	                                        */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*            $Id: Commands12_fp.h 1257 2018-06-27 20:52:08Z kgoldman $         */
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2018						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef COMMANDS12_FP_H
+#define COMMANDS12_FP_H
+
+#include <ibmtss/TPM_Types.h>
+#include <ibmtss/Parameters12.h>
+
+TPM_RC
+ActivateIdentity_In_Unmarshal(ActivateIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+CreateEndorsementKeyPair_In_Unmarshal(CreateEndorsementKeyPair_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+CreateWrapKey_In_Unmarshal(CreateWrapKey_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Extend_In_Unmarshal(Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+FlushSpecific_In_Unmarshal(FlushSpecific_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+GetCapability12_In_Unmarshal(GetCapability12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+LoadKey2_In_Unmarshal(LoadKey2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+MakeIdentity_In_Unmarshal(MakeIdentity_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_DefineSpace12_In_Unmarshal(NV_DefineSpace12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_ReadValueAuth_In_Unmarshal(NV_ReadValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_ReadValue_In_Unmarshal(NV_ReadValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_WriteValue_In_Unmarshal(NV_WriteValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_WriteValueAuth_In_Unmarshal(NV_WriteValueAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+OSAP_In_Unmarshal(OSAP_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+OwnerSetDisable_In_Unmarshal(OwnerSetDisable_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+OwnerReadInternalPub_In_Unmarshal(OwnerReadInternalPub_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PcrRead12_In_Unmarshal(PcrRead12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PCR_Reset12_In_Unmarshal(PCR_Reset12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+ReadPubek_In_Unmarshal(ReadPubek_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Quote2_In_Unmarshal(Quote2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Sign12_In_Unmarshal(Sign12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Startup12_In_Unmarshal(Startup12_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+TakeOwnership_In_Unmarshal(TakeOwnership_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+
+#endif
diff --git a/utils/Commands_fp.h b/utils/Commands_fp.h
new file mode 100644
index 000000000..8041d94ae
--- /dev/null
+++ b/utils/Commands_fp.h
@@ -0,0 +1,505 @@
+/********************************************************************************/
+/*										*/
+/*			  Command and Response Marshal and Unmarshal		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef COMMANDS_FP_H
+#define COMMANDS_FP_H
+
+#include <ibmtss/TPM_Types.h>
+
+#include <ibmtss/ActivateCredential_fp.h>
+#include <ibmtss/CertifyCreation_fp.h>
+#include <ibmtss/CertifyX509_fp.h>
+#include <ibmtss/Certify_fp.h>
+#include <ibmtss/ChangeEPS_fp.h>
+#include <ibmtss/ChangePPS_fp.h>
+#include <ibmtss/ClearControl_fp.h>
+#include <ibmtss/Clear_fp.h>
+#include <ibmtss/ClockRateAdjust_fp.h>
+#include <ibmtss/ClockSet_fp.h>
+#include <ibmtss/Commit_fp.h>
+#include <ibmtss/ContextLoad_fp.h>
+#include <ibmtss/ContextSave_fp.h>
+#include <ibmtss/CreatePrimary_fp.h>
+#include <ibmtss/Create_fp.h>
+#include <ibmtss/CreateLoaded_fp.h>
+#include <ibmtss/DictionaryAttackLockReset_fp.h>
+#include <ibmtss/DictionaryAttackParameters_fp.h>
+#include <ibmtss/Duplicate_fp.h>
+#include <ibmtss/ECC_Parameters_fp.h>
+#include <ibmtss/ECDH_KeyGen_fp.h>
+#include <ibmtss/ECDH_ZGen_fp.h>
+#include <ibmtss/EC_Ephemeral_fp.h>
+#include <ibmtss/EncryptDecrypt_fp.h>
+#include <ibmtss/EncryptDecrypt2_fp.h>
+#include <ibmtss/EventSequenceComplete_fp.h>
+#include <ibmtss/EvictControl_fp.h>
+#include <ibmtss/FlushContext_fp.h>
+#include <ibmtss/GetCapability_fp.h>
+#include <ibmtss/GetCommandAuditDigest_fp.h>
+#include <ibmtss/GetRandom_fp.h>
+#include <ibmtss/GetSessionAuditDigest_fp.h>
+#include <ibmtss/GetTestResult_fp.h>
+#include <ibmtss/GetTime_fp.h>
+#include <ibmtss/HMAC_Start_fp.h>
+#include <ibmtss/HMAC_fp.h>
+#include <ibmtss/HashSequenceStart_fp.h>
+#include <ibmtss/Hash_fp.h>
+#include <ibmtss/HierarchyChangeAuth_fp.h>
+#include <ibmtss/HierarchyControl_fp.h>
+#include <ibmtss/Import_fp.h>
+#include <ibmtss/IncrementalSelfTest_fp.h>
+#include <ibmtss/LoadExternal_fp.h>
+#include <ibmtss/Load_fp.h>
+#include <ibmtss/MakeCredential_fp.h>
+#include <ibmtss/NV_Certify_fp.h>
+#include <ibmtss/NV_ChangeAuth_fp.h>
+#include <ibmtss/NV_DefineSpace_fp.h>
+#include <ibmtss/NV_Extend_fp.h>
+#include <ibmtss/NV_GlobalWriteLock_fp.h>
+#include <ibmtss/NV_Increment_fp.h>
+#include <ibmtss/NV_ReadLock_fp.h>
+#include <ibmtss/NV_ReadPublic_fp.h>
+#include <ibmtss/NV_Read_fp.h>
+#include <ibmtss/NV_SetBits_fp.h>
+#include <ibmtss/NV_UndefineSpaceSpecial_fp.h>
+#include <ibmtss/NV_UndefineSpace_fp.h>
+#include <ibmtss/NV_WriteLock_fp.h>
+#include <ibmtss/NV_Write_fp.h>
+#include <ibmtss/ObjectChangeAuth_fp.h>
+#include <ibmtss/PCR_Allocate_fp.h>
+#include <ibmtss/PCR_Event_fp.h>
+#include <ibmtss/PCR_Extend_fp.h>
+#include <ibmtss/PCR_Read_fp.h>
+#include <ibmtss/PCR_Reset_fp.h>
+#include <ibmtss/PCR_SetAuthPolicy_fp.h>
+#include <ibmtss/PCR_SetAuthValue_fp.h>
+#include <ibmtss/PP_Commands_fp.h>
+#include <ibmtss/PolicyAuthValue_fp.h>
+#include <ibmtss/PolicyAuthorize_fp.h>
+#include <ibmtss/PolicyCommandCode_fp.h>
+#include <ibmtss/PolicyCounterTimer_fp.h>
+#include <ibmtss/PolicyCpHash_fp.h>
+#include <ibmtss/PolicyDuplicationSelect_fp.h>
+#include <ibmtss/PolicyGetDigest_fp.h>
+#include <ibmtss/PolicyLocality_fp.h>
+#include <ibmtss/PolicyAuthorizeNV_fp.h>
+#include <ibmtss/PolicyNV_fp.h>
+#include <ibmtss/PolicyNvWritten_fp.h>
+#include <ibmtss/PolicyNameHash_fp.h>
+#include <ibmtss/PolicyOR_fp.h>
+#include <ibmtss/PolicyPCR_fp.h>
+#include <ibmtss/PolicyPassword_fp.h>
+#include <ibmtss/PolicyPhysicalPresence_fp.h>
+#include <ibmtss/PolicyRestart_fp.h>
+#include <ibmtss/PolicySecret_fp.h>
+#include <ibmtss/PolicySigned_fp.h>
+#include <ibmtss/PolicyTemplate_fp.h>
+#include <ibmtss/PolicyTicket_fp.h>
+#include <ibmtss/Quote_fp.h>
+#include <ibmtss/RSA_Decrypt_fp.h>
+#include <ibmtss/RSA_Encrypt_fp.h>
+#include <ibmtss/ReadClock_fp.h>
+#include <ibmtss/ReadPublic_fp.h>
+#include <ibmtss/Rewrap_fp.h>
+#include <ibmtss/SelfTest_fp.h>
+#include <ibmtss/SequenceComplete_fp.h>
+#include <ibmtss/SequenceUpdate_fp.h>
+#include <ibmtss/SetAlgorithmSet_fp.h>
+#include <ibmtss/SetCommandCodeAuditStatus_fp.h>
+#include <ibmtss/SetPrimaryPolicy_fp.h>
+#include <ibmtss/Shutdown_fp.h>
+#include <ibmtss/Sign_fp.h>
+#include <ibmtss/StartAuthSession_fp.h>
+#include <ibmtss/Startup_fp.h>
+#include <ibmtss/StirRandom_fp.h>
+#include <ibmtss/TestParms_fp.h>
+#include <ibmtss/Unseal_fp.h>
+#include <ibmtss/VerifySignature_fp.h>
+#include <ibmtss/ZGen_2Phase_fp.h>
+#include <ibmtss/NTC_fp.h>
+
+TPM_RC
+Startup_In_Unmarshal(Startup_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Shutdown_In_Unmarshal(Shutdown_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+SelfTest_In_Unmarshal(SelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+IncrementalSelfTest_In_Unmarshal(IncrementalSelfTest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+IncrementalSelfTest_Out_Marshal(IncrementalSelfTest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+UINT16
+GetTestResult_Out_Marshal(GetTestResult_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+StartAuthSession_In_Unmarshal(StartAuthSession_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+StartAuthSession_Out_Marshal(StartAuthSession_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PolicyRestart_In_Unmarshal(PolicyRestart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Create_In_Unmarshal(Create_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Create_Out_Marshal(Create_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Load_In_Unmarshal(Load_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Load_Out_Marshal(Load_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+LoadExternal_In_Unmarshal(LoadExternal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+LoadExternal_Out_Marshal(LoadExternal_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ReadPublic_In_Unmarshal(ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ReadPublic_Out_Marshal(ReadPublic_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ActivateCredential_In_Unmarshal(ActivateCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ActivateCredential_Out_Marshal(ActivateCredential_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+MakeCredential_In_Unmarshal(MakeCredential_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+MakeCredential_Out_Marshal(MakeCredential_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Unseal_In_Unmarshal(Unseal_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Unseal_Out_Marshal(Unseal_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ObjectChangeAuth_In_Unmarshal(ObjectChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ObjectChangeAuth_Out_Marshal(ObjectChangeAuth_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+CreateLoaded_In_Unmarshal(CreateLoaded_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Duplicate_In_Unmarshal(Duplicate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Duplicate_Out_Marshal(Duplicate_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Rewrap_In_Unmarshal(Rewrap_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Rewrap_Out_Marshal(Rewrap_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Import_In_Unmarshal(Import_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Import_Out_Marshal(Import_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+RSA_Encrypt_In_Unmarshal(RSA_Encrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+RSA_Encrypt_Out_Marshal(RSA_Encrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+RSA_Decrypt_In_Unmarshal(RSA_Decrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+RSA_Decrypt_Out_Marshal(RSA_Decrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ECDH_KeyGen_In_Unmarshal(ECDH_KeyGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ECDH_KeyGen_Out_Marshal(ECDH_KeyGen_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ECDH_ZGen_In_Unmarshal(ECDH_ZGen_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ECDH_ZGen_Out_Marshal(ECDH_ZGen_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ECC_Parameters_In_Unmarshal(ECC_Parameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ECC_Parameters_Out_Marshal(ECC_Parameters_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ZGen_2Phase_In_Unmarshal(ZGen_2Phase_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ZGen_2Phase_Out_Marshal(ZGen_2Phase_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+EncryptDecrypt_In_Unmarshal(EncryptDecrypt_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+EncryptDecrypt_Out_Marshal(EncryptDecrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+EncryptDecrypt2_In_Unmarshal(EncryptDecrypt2_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Hash_In_Unmarshal(Hash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Hash_Out_Marshal(Hash_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+HMAC_In_Unmarshal(HMAC_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+HMAC_Out_Marshal(HMAC_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+GetRandom_In_Unmarshal(GetRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+GetRandom_Out_Marshal(GetRandom_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+StirRandom_In_Unmarshal(StirRandom_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+HMAC_Start_In_Unmarshal(HMAC_Start_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+HMAC_Start_Out_Marshal(HMAC_Start_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+HashSequenceStart_In_Unmarshal(HashSequenceStart_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+HashSequenceStart_Out_Marshal(HashSequenceStart_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+SequenceUpdate_In_Unmarshal(SequenceUpdate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+SequenceComplete_In_Unmarshal(SequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+SequenceComplete_Out_Marshal(SequenceComplete_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+EventSequenceComplete_In_Unmarshal(EventSequenceComplete_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+EventSequenceComplete_Out_Marshal(EventSequenceComplete_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Certify_In_Unmarshal(Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Certify_Out_Marshal(Certify_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+CertifyX509_In_Unmarshal(CertifyX509_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+CertifyCreation_In_Unmarshal(CertifyCreation_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+CertifyCreation_Out_Marshal(CertifyCreation_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+CertifyX509_In_Unmarshal(CertifyX509_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+CertifyX509_Out_Marshal(CertifyX509_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Quote_In_Unmarshal(Quote_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Quote_Out_Marshal(Quote_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+GetSessionAuditDigest_In_Unmarshal(GetSessionAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+GetSessionAuditDigest_Out_Marshal(GetSessionAuditDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+GetCommandAuditDigest_In_Unmarshal(GetCommandAuditDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+GetCommandAuditDigest_Out_Marshal(GetCommandAuditDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+GetTime_In_Unmarshal(GetTime_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+GetTime_Out_Marshal(GetTime_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Commit_In_Unmarshal(Commit_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Commit_Out_Marshal(Commit_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+EC_Ephemeral_In_Unmarshal(EC_Ephemeral_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+EC_Ephemeral_Out_Marshal(EC_Ephemeral_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+VerifySignature_In_Unmarshal(VerifySignature_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+VerifySignature_Out_Marshal(VerifySignature_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+Sign_In_Unmarshal(Sign_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+Sign_Out_Marshal(Sign_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+SetCommandCodeAuditStatus_In_Unmarshal(SetCommandCodeAuditStatus_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PCR_Extend_In_Unmarshal(PCR_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PCR_Event_In_Unmarshal(PCR_Event_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+PCR_Event_Out_Marshal(PCR_Event_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PCR_Read_In_Unmarshal(PCR_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+PCR_Read_Out_Marshal(PCR_Read_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PCR_Allocate_In_Unmarshal(PCR_Allocate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+PCR_Allocate_Out_Marshal(PCR_Allocate_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PCR_SetAuthPolicy_In_Unmarshal(PCR_SetAuthPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PCR_SetAuthValue_In_Unmarshal(PCR_SetAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PCR_Reset_In_Unmarshal(PCR_Reset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicySigned_In_Unmarshal(PolicySigned_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+PolicySigned_Out_Marshal(PolicySigned_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PolicySecret_In_Unmarshal(PolicySecret_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+PolicySecret_Out_Marshal(PolicySecret_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PolicyTicket_In_Unmarshal(PolicyTicket_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyOR_In_Unmarshal(PolicyOR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyPCR_In_Unmarshal(PolicyPCR_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyLocality_In_Unmarshal(PolicyLocality_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyNV_In_Unmarshal(PolicyNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyAuthorizeNV_In_Unmarshal(PolicyAuthorizeNV_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyCounterTimer_In_Unmarshal(PolicyCounterTimer_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyCommandCode_In_Unmarshal(PolicyCommandCode_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyPhysicalPresence_In_Unmarshal(PolicyPhysicalPresence_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyCpHash_In_Unmarshal(PolicyCpHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyNameHash_In_Unmarshal(PolicyNameHash_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyDuplicationSelect_In_Unmarshal(PolicyDuplicationSelect_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyAuthorize_In_Unmarshal(PolicyAuthorize_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyAuthValue_In_Unmarshal(PolicyAuthValue_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyPassword_In_Unmarshal(PolicyPassword_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyGetDigest_In_Unmarshal(PolicyGetDigest_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+PolicyGetDigest_Out_Marshal(PolicyGetDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+PolicyNvWritten_In_Unmarshal(PolicyNvWritten_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PolicyTemplate_In_Unmarshal(PolicyTemplate_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+CreatePrimary_In_Unmarshal(CreatePrimary_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+CreatePrimary_Out_Marshal(CreatePrimary_Out *source, TPMI_ST_COMMAND_TAG  tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+HierarchyControl_In_Unmarshal(HierarchyControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+SetPrimaryPolicy_In_Unmarshal(SetPrimaryPolicy_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+ChangePPS_In_Unmarshal(ChangePPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+ChangeEPS_In_Unmarshal(ChangeEPS_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+Clear_In_Unmarshal(Clear_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+ClearControl_In_Unmarshal(ClearControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+HierarchyChangeAuth_In_Unmarshal(HierarchyChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+DictionaryAttackLockReset_In_Unmarshal(DictionaryAttackLockReset_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+DictionaryAttackParameters_In_Unmarshal(DictionaryAttackParameters_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+PP_Commands_In_Unmarshal(PP_Commands_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+SetAlgorithmSet_In_Unmarshal(SetAlgorithmSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+ContextSave_In_Unmarshal(ContextSave_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ContextSave_Out_Marshal(ContextSave_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ContextLoad_In_Unmarshal(ContextLoad_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ContextLoad_Out_Marshal(ContextLoad_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+FlushContext_In_Unmarshal(FlushContext_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+EvictControl_In_Unmarshal(EvictControl_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+ReadClock_Out_Marshal(ReadClock_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+ClockSet_In_Unmarshal(ClockSet_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+ClockRateAdjust_In_Unmarshal(ClockRateAdjust_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+GetCapability_In_Unmarshal(GetCapability_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+GetCapability_Out_Marshal(GetCapability_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+TestParms_In_Unmarshal(TestParms_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_DefineSpace_In_Unmarshal(NV_DefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_UndefineSpace_In_Unmarshal(NV_UndefineSpace_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_UndefineSpaceSpecial_In_Unmarshal(NV_UndefineSpaceSpecial_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_ReadPublic_In_Unmarshal(NV_ReadPublic_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+NV_ReadPublic_Out_Marshal(NV_ReadPublic_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+NV_Write_In_Unmarshal(NV_Write_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_Increment_In_Unmarshal(NV_Increment_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_Extend_In_Unmarshal(NV_Extend_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_SetBits_In_Unmarshal(NV_SetBits_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_WriteLock_In_Unmarshal(NV_WriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_GlobalWriteLock_In_Unmarshal(NV_GlobalWriteLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_Read_In_Unmarshal(NV_Read_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+NV_Read_Out_Marshal(NV_Read_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+TPM_RC
+NV_ReadLock_In_Unmarshal(NV_ReadLock_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_ChangeAuth_In_Unmarshal(NV_ChangeAuth_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+TPM_RC
+NV_Certify_In_Unmarshal(NV_Certify_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+UINT16
+NV_Certify_Out_Marshal(NV_Certify_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, uint32_t *size);
+
+#endif
diff --git a/utils/Makefile.am b/utils/Makefile.am
new file mode 100644
index 000000000..6ae48f346
--- /dev/null
+++ b/utils/Makefile.am
@@ -0,0 +1,594 @@
+transform=s&^&tss&
+
+lib_LTLIBRARIES = libibmtss.la
+#if CONFIG_TPM20
+lib_LTLIBRARIES += libibmtssutils.la
+#endif
+
+# default TSS Library
+libibmtss_la_SOURCES = tssfile.c tsscryptoh.c tsscrypto.c
+libibmtss_la_LIBADD = $(LIBCRYPTO_LIBS)
+
+# TSS shared library object files (utils/makefile-common)
+libibmtss_la_SOURCES += tss.c tssproperties.c tssmarshal.c tssauth.c tssutils.c tsssocket.c tssdev.c tsstransmit.c tssresponsecode.c tssccattributes.c tssprint.c Unmarshal.c CommandAttributeData.c
+
+# TPM 2.0
+# TSS share libarary object files
+if CONFIG_TPM20
+libibmtss_la_SOURCES += tss20.c tssauth20.c Commands.c tssprintcmd.c
+libibmtss_la_SOURCES += ntc2lib.c tssntc.c
+endif
+
+# (from utils/makefile-common12)
+if CONFIG_TPM12
+libibmtss_la_SOURCES += tss12.c tssauth12.c tssmarshal12.c Unmarshal12.c Commands12.c tssccattributes12.c CommandAttributeData12.c
+endif
+
+libibmtss_la_CFLAGS = -fPIC
+if CONFIG_HWTPM
+libibmtss_la_CFLAGS += -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
+endif
+
+if CONFIG_RMTPM
+libibmtss_la_CFLAGS += -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""
+endif
+
+if CONFIG_TPM20
+libibmtss_la_CFLAGS += -DTPM_TPM20
+endif
+
+if CONFIG_TPM12
+libibmtss_la_CFLAGS += -DTPM_TPM12
+endif
+
+if CONFIG_TSS_NOPRINT
+libibmtss_la_CFLAGS += -DTPM_TSS_NO_PRINT
+endif
+
+if CONFIG_TSS_NOFILE
+libibmtss_la_CFLAGS += -DTPM_TSS_NOFILE
+if CONFIG_TSS_NOCRYPTO
+libibmtss_la_CFLAGS += -DTPM_TSS_NOCRYPTO
+endif
+endif
+
+if CONFIG_TSS_NOECC
+libibmtss_la_CFLAGS += -DTPM_TSS_NOECC
+endif
+
+libibmtss_la_CCFLAGS = -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wformat=2 -Wold-style-definition -Wno-self-assign -ggdb
+libibmtss_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
+
+libibmtssutils_la_SOURCES = cryptoutils.c ekutils.c imalib.c eventlib.c
+libibmtssutils_la_CFLAGS = -fPIC
+
+if CONFIG_TPM20
+libibmtssutils_la_CFLAGS += -DTPM_TPM20
+endif
+
+if CONFIG_TPM12
+libibmtssutils_la_CFLAGS += -DTPM_TPM12
+endif
+
+if CONFIG_TSS_NOECC
+libibmtssutils_la_CFLAGS += -DTPM_TSS_NOECC
+endif
+
+#current[:revision[:age]]
+#result: [current-age].age.revision
+libibmtssutils_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
+libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS)
+
+noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h
+# install every header in ibmtss
+nobase_include_HEADERS = ibmtss/*.h
+
+notrans_man_MANS = man/man1/*.1
+
+if CONFIG_TPM20
+noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
+endif
+
+if CONFIG_TPM12
+noinst_HEADERS += tss12.h Commands12_fp.h tssauth12.h tssccattributes12.h ibmtss/Unmarshal12_fp.h ibmtss/Parameters12.h ibmtss/tpmstructures12.h ibmtss/tpmconstants12.h ibmtss/tpmtypes12.h
+endif
+
+if CONFIG_TPM20
+bin_PROGRAMS = activatecredential eventextend imaextend certify certifycreation certifyx509 changeeps changepps clear \
+	clearcontrol clockrateadjust clockset commit contextload contextsave create createloaded createprimary \
+	dictionaryattacklockreset dictionaryattackparameters duplicate eccparameters ecephemeral encryptdecrypt \
+	eventsequencecomplete evictcontrol flushcontext getcommandauditdigest getcapability getcryptolibrary \
+	getrandom gettestresult getsessionauditdigest gettime hashsequencestart hash hierarchycontrol \
+	hierarchychangeauth hmac hmacstart import importpem load loadexternal makecredential nvcertify nvchangeauth \
+	nvdefinespace nvextend nvglobalwritelock nvincrement nvread nvreadlock nvreadpublic nvsetbits \
+	nvundefinespace nvundefinespacespecial nvwrite nvwritelock objectchangeauth pcrallocate pcrevent pcrextend \
+	pcrread pcrreset policyauthorize policyauthvalue policycommandcode policycphash policynamehash \
+	policycountertimer policyduplicationselect policygetdigest policymaker policymakerpcr policyauthorizenv \
+	policynv policynvwritten policyor policypassword policypcr policyrestart policysigned policysecret \
+	policytemplate policyticket quote powerup readclock readpublic returncode rewrap rsadecrypt rsaencrypt \
+	sequenceupdate sequencecomplete setcommandcodeauditstatus setprimarypolicy shutdown sign startauthsession \
+	startup stirrandom unseal \
+	verifysignature zgen2phase signapp writeapp timepacket createek createekcert tpm2pem tpmpublic2eccpoint \
+	ntc2getconfig ntc2preconfig ntc2lockconfig publicname tpmcmd printattr
+
+if CONFIG_TSS_NOECC
+UTILS_CFLAGS = -DTPM_TSS_NOECC
+endif
+
+activatecredential_SOURCES = activatecredential.c
+activatecredential_CFLAGS = $(UTILS_CFLAGS)
+activatecredential_LDADD = libibmtssutils.la libibmtss.la
+
+eventextend_SOURCES = eventextend.c
+eventextend_CFLAGS = $(UTILS_CFLAGS)
+eventextend_LDADD = libibmtssutils.la libibmtss.la
+
+imaextend_SOURCES = imaextend.c
+imaextend_CFLAGS = $(UTILS_CFLAGS)
+imaextend_LDADD = libibmtssutils.la libibmtss.la
+
+certify_SOURCES = certify.c
+certify_CFLAGS = $(UTILS_CFLAGS)
+certify_LDADD = libibmtssutils.la libibmtss.la
+
+certifycreation_SOURCES = certifycreation.c
+certifycreation_CFLAGS = $(UTILS_CFLAGS)
+certifycreation_LDADD = libibmtssutils.la libibmtss.la
+
+certifyx509_SOURCES = certifyx509.c
+certifyx509_CFLAGS = $(UTILS_CFLAGS)
+certifyx509_LDADD = libibmtssutils.la libibmtss.la
+
+changeeps_SOURCES = changeeps.c
+changeeps_CFLAGS = $(UTILS_CFLAGS)
+changeeps_LDADD = libibmtssutils.la libibmtss.la
+
+changepps_SOURCES = changepps.c
+changepps_CFLAGS = $(UTILS_CFLAGS) -DTPM_POSIX
+changepps_LDADD = libibmtssutils.la libibmtss.la
+
+clear_SOURCES = clear.c
+clear_CFLAGS = $(UTILS_CFLAGS)
+clear_LDADD = libibmtssutils.la libibmtss.la
+
+clearcontrol_SOURCES = clearcontrol.c
+clearcontrol_CFLAGS = $(UTILS_CFLAGS)
+clearcontrol_LDADD = libibmtssutils.la libibmtss.la
+
+clockrateadjust_SOURCES = clockrateadjust.c
+clockrateadjust_CFLAGS = $(UTILS_CFLAGS)
+clockrateadjust_LDADD = libibmtssutils.la libibmtss.la
+
+clockset_SOURCES = clockset.c
+clockset_CFLAGS = $(UTILS_CFLAGS)
+clockset_LDADD = libibmtssutils.la libibmtss.la
+
+commit_SOURCES = commit.c
+commit_CFLAGS = $(UTILS_CFLAGS)
+commit_LDADD = libibmtssutils.la libibmtss.la
+
+contextload_SOURCES = contextload.c
+contextload_CFLAGS = $(UTILS_CFLAGS)
+contextload_LDADD = libibmtssutils.la libibmtss.la
+
+contextsave_SOURCES = contextsave.c
+contextsave_CFLAGS = $(UTILS_CFLAGS)
+contextsave_LDADD = libibmtssutils.la libibmtss.la
+
+create_SOURCES = create.c objecttemplates.c
+create_CFLAGS = $(UTILS_CFLAGS)
+create_LDADD = libibmtssutils.la libibmtss.la
+
+createloaded_SOURCES = createloaded.c objecttemplates.c
+createloaded_CFLAGS = $(UTILS_CFLAGS)
+createloaded_LDADD = libibmtssutils.la libibmtss.la
+
+createprimary_SOURCES = createprimary.c objecttemplates.c
+createprimary_CFLAGS = $(UTILS_CFLAGS)
+createprimary_LDADD = libibmtssutils.la libibmtss.la
+
+dictionaryattacklockreset_SOURCES = dictionaryattacklockreset.c
+dictionaryattacklockreset_CFLAGS = $(UTILS_CFLAGS)
+dictionaryattacklockreset_LDADD = libibmtssutils.la libibmtss.la
+
+dictionaryattackparameters_SOURCES = dictionaryattackparameters.c
+dictionaryattackparameters_CFLAGS = $(UTILS_CFLAGS)
+dictionaryattackparameters_LDADD = libibmtssutils.la libibmtss.la
+
+duplicate_SOURCES = duplicate.c
+duplicate_CFLAGS = $(UTILS_CFLAGS)
+duplicate_LDADD = libibmtssutils.la libibmtss.la
+
+eccparameters_SOURCES = eccparameters.c
+eccparameters_CFLAGS = $(UTILS_CFLAGS)
+eccparameters_LDADD = libibmtssutils.la libibmtss.la
+
+ecephemeral_SOURCES = ecephemeral.c
+ecephemeral_CFLAGS = $(UTILS_CFLAGS)
+ecephemeral_LDADD = libibmtssutils.la libibmtss.la
+
+encryptdecrypt_SOURCES = encryptdecrypt.c
+encryptdecrypt_CFLAGS = $(UTILS_CFLAGS)
+encryptdecrypt_LDADD = libibmtssutils.la libibmtss.la
+
+eventsequencecomplete_SOURCES = eventsequencecomplete.c
+eventsequencecomplete_CFLAGS = $(UTILS_CFLAGS)
+eventsequencecomplete_LDADD = libibmtssutils.la libibmtss.la
+
+evictcontrol_SOURCES = evictcontrol.c
+evictcontrol_CFLAGS = $(UTILS_CFLAGS)
+evictcontrol_LDADD = libibmtssutils.la libibmtss.la
+
+flushcontext_SOURCES = flushcontext.c
+flushcontext_CFLAGS = $(UTILS_CFLAGS)
+flushcontext_LDADD = libibmtssutils.la libibmtss.la
+
+getcommandauditdigest_SOURCES = getcommandauditdigest.c
+getcommandauditdigest_CFLAGS = $(UTILS_CFLAGS)
+getcommandauditdigest_LDADD = libibmtssutils.la libibmtss.la
+
+getcapability_SOURCES = getcapability.c
+getcapability_CFLAGS = $(UTILS_CFLAGS)
+getcapability_LDADD = libibmtssutils.la libibmtss.la
+
+getcryptolibrary_SOURCES = getcryptolibrary.c
+getcryptolibrary_CFLAGS = $(UTILS_CFLAGS)
+getcryptolibrary_LDADD = libibmtssutils.la libibmtss.la
+
+getrandom_SOURCES = getrandom.c
+getrandom_CFLAGS = $(UTILS_CFLAGS)
+getrandom_LDADD = libibmtssutils.la libibmtss.la
+
+gettestresult_SOURCES = gettestresult.c
+gettestresult_CFLAGS = $(UTILS_CFLAGS)
+gettestresult_LDADD = libibmtssutils.la libibmtss.la
+
+getsessionauditdigest_SOURCES = getsessionauditdigest.c
+getsessionauditdigest_CFLAGS = $(UTILS_CFLAGS)
+getsessionauditdigest_LDADD = libibmtssutils.la libibmtss.la
+
+gettime_SOURCES = gettime.c
+gettime_CFLAGS = $(UTILS_CFLAGS)
+gettime_LDADD = libibmtssutils.la libibmtss.la
+
+hashsequencestart_SOURCES = hashsequencestart.c
+hashsequencestart_CFLAGS = $(UTILS_CFLAGS)
+hashsequencestart_LDADD = libibmtssutils.la libibmtss.la
+
+hash_SOURCES = hash.c
+hash_CFLAGS = $(UTILS_CFLAGS)
+hash_LDADD = libibmtssutils.la libibmtss.la
+
+hierarchycontrol_SOURCES = hierarchycontrol.c
+hierarchycontrol_CFLAGS = $(UTILS_CFLAGS)
+hierarchycontrol_LDADD = libibmtssutils.la libibmtss.la
+
+hierarchychangeauth_SOURCES = hierarchychangeauth.c
+hierarchychangeauth_CFLAGS = $(UTILS_CFLAGS)
+hierarchychangeauth_LDADD = libibmtssutils.la libibmtss.la
+
+hmac_SOURCES = hmac.c
+hmac_CFLAGS = $(UTILS_CFLAGS)
+hmac_LDADD = libibmtssutils.la libibmtss.la
+
+hmacstart_SOURCES = hmacstart.c
+hmacstart_CFLAGS = $(UTILS_CFLAGS)
+hmacstart_LDADD = libibmtssutils.la libibmtss.la
+
+import_SOURCES = import.c
+import_CFLAGS = $(UTILS_CFLAGS)
+import_LDADD = libibmtssutils.la libibmtss.la
+
+importpem_SOURCES = importpem.c objecttemplates.c
+importpem_CFLAGS = $(UTILS_CFLAGS)
+importpem_LDADD = libibmtssutils.la libibmtss.la
+
+load_SOURCES = load.c
+load_CFLAGS = $(UTILS_CFLAGS)
+load_LDADD = libibmtssutils.la libibmtss.la
+
+loadexternal_SOURCES = loadexternal.c
+loadexternal_CFLAGS = $(UTILS_CFLAGS)
+loadexternal_LDADD = libibmtssutils.la libibmtss.la
+
+makecredential_SOURCES = makecredential.c
+makecredential_CFLAGS = $(UTILS_CFLAGS)
+makecredential_LDADD = libibmtssutils.la libibmtss.la
+
+nvcertify_SOURCES = nvcertify.c
+nvcertify_CFLAGS = $(UTILS_CFLAGS)
+nvcertify_LDADD = libibmtssutils.la libibmtss.la
+
+nvchangeauth_SOURCES = nvchangeauth.c
+nvchangeauth_CFLAGS = $(UTILS_CFLAGS)
+nvchangeauth_LDADD = libibmtssutils.la libibmtss.la
+
+nvdefinespace_SOURCES = nvdefinespace.c
+nvdefinespace_CFLAGS = $(UTILS_CFLAGS)
+nvdefinespace_LDADD = libibmtssutils.la libibmtss.la
+
+nvextend_SOURCES = nvextend.c
+nvextend_CFLAGS = $(UTILS_CFLAGS)
+nvextend_LDADD = libibmtssutils.la libibmtss.la
+
+nvglobalwritelock_SOURCES = nvglobalwritelock.c
+nvglobalwritelock_CFLAGS = $(UTILS_CFLAGS)
+nvglobalwritelock_LDADD = libibmtssutils.la libibmtss.la
+
+nvincrement_SOURCES = nvincrement.c
+nvincrement_CFLAGS = $(UTILS_CFLAGS)
+nvincrement_LDADD = libibmtssutils.la libibmtss.la
+
+nvread_SOURCES = nvread.c
+nvread_CFLAGS = $(UTILS_CFLAGS)
+nvread_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+nvreadlock_SOURCES = nvreadlock.c
+nvreadlock_CFLAGS = $(UTILS_CFLAGS)
+nvreadlock_LDADD = libibmtssutils.la libibmtss.la
+
+nvreadpublic_SOURCES = nvreadpublic.c
+nvreadpublic_CFLAGS = $(UTILS_CFLAGS)
+nvreadpublic_LDADD = libibmtssutils.la libibmtss.la
+
+nvsetbits_SOURCES = nvsetbits.c
+nvsetbits_CFLAGS = $(UTILS_CFLAGS)
+nvsetbits_LDADD = libibmtssutils.la libibmtss.la
+
+nvundefinespace_SOURCES = nvundefinespace.c
+nvundefinespace_CFLAGS = $(UTILS_CFLAGS)
+nvundefinespace_LDADD = libibmtssutils.la libibmtss.la
+
+nvundefinespacespecial_SOURCES = nvundefinespacespecial.c
+nvundefinespacespecial_CFLAGS = $(UTILS_CFLAGS)
+nvundefinespacespecial_LDADD = libibmtssutils.la libibmtss.la
+
+nvwrite_SOURCES = nvwrite.c
+nvwrite_CFLAGS = $(UTILS_CFLAGS)
+nvwrite_LDADD = libibmtssutils.la libibmtss.la
+
+nvwritelock_SOURCES = nvwritelock.c
+nvwritelock_CFLAGS = $(UTILS_CFLAGS)
+nvwritelock_LDADD = libibmtssutils.la libibmtss.la
+
+objectchangeauth_SOURCES = objectchangeauth.c
+objectchangeauth_CFLAGS = $(UTILS_CFLAGS)
+objectchangeauth_LDADD = libibmtssutils.la libibmtss.la
+
+pcrallocate_SOURCES = pcrallocate.c
+pcrallocate_CFLAGS = $(UTILS_CFLAGS)
+pcrallocate_LDADD = libibmtssutils.la libibmtss.la
+
+pcrevent_SOURCES = pcrevent.c
+pcrevent_CFLAGS = $(UTILS_CFLAGS)
+pcrevent_LDADD = libibmtssutils.la libibmtss.la
+
+pcrextend_SOURCES = pcrextend.c
+pcrextend_CFLAGS = $(UTILS_CFLAGS)
+pcrextend_LDADD = libibmtssutils.la libibmtss.la
+
+pcrread_SOURCES = pcrread.c
+pcrread_CFLAGS = $(UTILS_CFLAGS)
+pcrread_LDADD = libibmtssutils.la libibmtss.la
+
+pcrreset_SOURCES = pcrreset.c
+pcrreset_CFLAGS = $(UTILS_CFLAGS)
+pcrreset_LDADD = libibmtssutils.la libibmtss.la
+
+policyauthorize_SOURCES = policyauthorize.c
+policyauthorize_CFLAGS = $(UTILS_CFLAGS)
+policyauthorize_LDADD = libibmtssutils.la libibmtss.la
+
+policyauthvalue_SOURCES = policyauthvalue.c
+policyauthvalue_CFLAGS = $(UTILS_CFLAGS)
+policyauthvalue_LDADD = libibmtssutils.la libibmtss.la
+
+policycommandcode_SOURCES = policycommandcode.c
+policycommandcode_CFLAGS = $(UTILS_CFLAGS)
+policycommandcode_LDADD = libibmtssutils.la libibmtss.la
+
+policycphash_SOURCES = policycphash.c
+policycphash_CFLAGS = $(UTILS_CFLAGS)
+policycphash_LDADD = libibmtssutils.la libibmtss.la
+
+policynamehash_SOURCES = policynamehash.c
+policynamehash_CFLAGS = $(UTILS_CFLAGS)
+policynamehash_LDADD = libibmtssutils.la libibmtss.la
+
+policycountertimer_SOURCES = policycountertimer.c
+policycountertimer_CFLAGS = $(UTILS_CFLAGS)
+policycountertimer_LDADD = libibmtssutils.la libibmtss.la
+
+policyduplicationselect_SOURCES = policyduplicationselect.c
+policyduplicationselect_CFLAGS = $(UTILS_CFLAGS)
+policyduplicationselect_LDADD = libibmtssutils.la libibmtss.la
+
+policygetdigest_SOURCES = policygetdigest.c
+policygetdigest_CFLAGS = $(UTILS_CFLAGS)
+policygetdigest_LDADD = libibmtssutils.la libibmtss.la
+
+policymaker_SOURCES = policymaker.c
+policymaker_CFLAGS = $(UTILS_CFLAGS)
+policymaker_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+policymakerpcr_SOURCES = policymakerpcr.c
+policymakerpcr_CFLAGS = $(UTILS_CFLAGS)
+policymakerpcr_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+policyauthorizenv_SOURCES = policyauthorizenv.c
+policyauthorizenv_CFLAGS = $(UTILS_CFLAGS)
+policyauthorizenv_LDADD = libibmtssutils.la libibmtss.la
+
+policynv_SOURCES = policynv.c
+policynv_CFLAGS = $(UTILS_CFLAGS)
+policynv_LDADD = libibmtssutils.la libibmtss.la
+
+policynvwritten_SOURCES = policynvwritten.c
+policynvwritten_CFLAGS = $(UTILS_CFLAGS)
+policynvwritten_LDADD = libibmtssutils.la libibmtss.la
+
+policyor_SOURCES = policyor.c
+policyor_CFLAGS = $(UTILS_CFLAGS)
+policyor_LDADD = libibmtssutils.la libibmtss.la
+
+policypassword_SOURCES = policypassword.c
+policypassword_CFLAGS = $(UTILS_CFLAGS)
+policypassword_LDADD = libibmtssutils.la libibmtss.la
+
+policypcr_SOURCES = policypcr.c
+policypcr_CFLAGS = $(UTILS_CFLAGS)
+policypcr_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+policyrestart_SOURCES = policyrestart.c
+policyrestart_CFLAGS = $(UTILS_CFLAGS)
+policyrestart_LDADD = libibmtssutils.la libibmtss.la
+
+policysigned_SOURCES = policysigned.c
+policysigned_CFLAGS = $(UTILS_CFLAGS)
+policysigned_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+policysecret_SOURCES = policysecret.c
+policysecret_CFLAGS = $(UTILS_CFLAGS)
+policysecret_LDADD = libibmtssutils.la libibmtss.la
+
+policytemplate_SOURCES = policytemplate.c
+policytemplate_CFLAGS = $(UTILS_CFLAGS)
+policytemplate_LDADD = libibmtssutils.la libibmtss.la
+
+policyticket_SOURCES = policyticket.c
+policyticket_CFLAGS = $(UTILS_CFLAGS)
+policyticket_LDADD = libibmtssutils.la libibmtss.la
+
+quote_SOURCES = quote.c
+quote_CFLAGS = $(UTILS_CFLAGS)
+quote_LDADD = libibmtssutils.la libibmtss.la
+
+powerup_SOURCES = powerup.c
+powerup_CFLAGS = $(UTILS_CFLAGS)
+powerup_LDADD = libibmtssutils.la libibmtss.la
+
+readclock_SOURCES = readclock.c
+readclock_CFLAGS = $(UTILS_CFLAGS)
+readclock_LDADD = libibmtssutils.la libibmtss.la
+
+readpublic_SOURCES = readpublic.c
+readpublic_CFLAGS = $(UTILS_CFLAGS)
+readpublic_LDADD = libibmtssutils.la libibmtss.la
+
+returncode_SOURCES = returncode.c
+returncode_CFLAGS = $(UTILS_CFLAGS)
+returncode_LDADD = libibmtssutils.la libibmtss.la
+
+rewrap_SOURCES = rewrap.c
+rewrap_CFLAGS = $(UTILS_CFLAGS)
+rewrap_LDADD = libibmtssutils.la libibmtss.la
+
+rsadecrypt_SOURCES = rsadecrypt.c
+rsadecrypt_CFLAGS = $(UTILS_CFLAGS)
+rsadecrypt_LDADD = libibmtssutils.la libibmtss.la
+
+rsaencrypt_SOURCES = rsaencrypt.c
+rsaencrypt_CFLAGS = $(UTILS_CFLAGS)
+rsaencrypt_LDADD = libibmtssutils.la libibmtss.la
+
+sequenceupdate_SOURCES = sequenceupdate.c
+sequenceupdate_CFLAGS = $(UTILS_CFLAGS)
+sequenceupdate_LDADD = libibmtssutils.la libibmtss.la
+
+sequencecomplete_SOURCES = sequencecomplete.c
+sequencecomplete_CFLAGS = $(UTILS_CFLAGS)
+sequencecomplete_LDADD = libibmtssutils.la libibmtss.la
+
+setcommandcodeauditstatus_SOURCES = setcommandcodeauditstatus.c
+setcommandcodeauditstatus_CFLAGS = $(UTILS_CFLAGS)
+setcommandcodeauditstatus_LDADD = libibmtssutils.la libibmtss.la
+
+setprimarypolicy_SOURCES = setprimarypolicy.c
+setprimarypolicy_CFLAGS = $(UTILS_CFLAGS)
+setprimarypolicy_LDADD = libibmtssutils.la libibmtss.la
+
+shutdown_SOURCES = shutdown.c
+shutdown_CFLAGS = $(UTILS_CFLAGS)
+shutdown_LDADD = libibmtssutils.la libibmtss.la
+
+sign_SOURCES = sign.c
+sign_CFLAGS = $(UTILS_CFLAGS)
+sign_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+startauthsession_SOURCES = startauthsession.c
+startauthsession_CFLAGS = $(UTILS_CFLAGS)
+startauthsession_LDADD = libibmtssutils.la libibmtss.la
+
+startup_SOURCES = startup.c
+startup_CFLAGS = $(UTILS_CFLAGS)
+startup_LDADD = libibmtssutils.la libibmtss.la
+
+stirrandom_SOURCES = stirrandom.c
+stirrandom_CFLAGS = $(UTILS_CFLAGS)
+stirrandom_LDADD = libibmtssutils.la libibmtss.la
+
+unseal_SOURCES = unseal.c
+unseal_CFLAGS = $(UTILS_CFLAGS)
+unseal_LDADD = libibmtssutils.la libibmtss.la
+
+verifysignature_SOURCES = verifysignature.c
+verifysignature_CFLAGS = $(UTILS_CFLAGS)
+verifysignature_LDADD = libibmtssutils.la libibmtss.la
+
+zgen2phase_SOURCES = zgen2phase.c
+zgen2phase_CFLAGS = $(UTILS_CFLAGS)
+zgen2phase_LDADD = libibmtssutils.la libibmtss.la
+
+signapp_SOURCES = signapp.c
+signapp_CFLAGS = $(UTILS_CFLAGS)
+signapp_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+writeapp_SOURCES = writeapp.c
+writeapp_CFLAGS = $(UTILS_CFLAGS)
+writeapp_LDADD = libibmtssutils.la libibmtss.la
+
+timepacket_SOURCES = timepacket.c
+timepacket_CFLAGS = $(UTILS_CFLAGS)
+timepacket_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+createek_SOURCES = createek.c
+createek_CFLAGS = $(UTILS_CFLAGS)
+createek_LDADD = libibmtssutils.la libibmtss.la $(LIBCRYPTO_LIBS)
+
+createekcert_SOURCES = createekcert.c
+createekcert_CFLAGS = $(UTILS_CFLAGS)
+createekcert_LDADD = libibmtssutils.la libibmtss.la
+
+tpm2pem_SOURCES = tpm2pem.c
+tpm2pem_CFLAGS = $(UTILS_CFLAGS)
+tpm2pem_LDADD = libibmtssutils.la libibmtss.la
+
+tpmpublic2eccpoint_SOURCES = tpmpublic2eccpoint.c
+tpmpublic2eccpoint_CFLAGS = $(UTILS_CFLAGS)
+tpmpublic2eccpoint_LDADD = libibmtssutils.la libibmtss.la
+
+ntc2getconfig_SOURCES = ntc2getconfig.c
+ntc2getconfig_CFLAGS = $(UTILS_CFLAGS)
+ntc2getconfig_LDADD = libibmtssutils.la libibmtss.la
+
+ntc2preconfig_SOURCES = ntc2preconfig.c
+ntc2preconfig_CFLAGS = $(UTILS_CFLAGS)
+ntc2preconfig_LDADD = libibmtssutils.la libibmtss.la
+
+ntc2lockconfig_SOURCES = ntc2lockconfig.c
+ntc2lockconfig_CFLAGS = $(UTILS_CFLAGS)
+ntc2lockconfig_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la
+
+publicname_SOURCES = publicname.c
+publicname_CFLAGS = $(OPENSSL_CFLAGS)
+publicname_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la
+
+tpmcmd_SOURCES = tpmcmd.c
+tpmcmd_CFLAGS = $(OPENSSL_CFLAGS)
+tpmcmd_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la
+
+printattr_SOURCES = printattr.c
+printattr_CFLAGS = $(OPENSSL_CFLAGS)
+printattr_LDADD = $(OPENSSL_LIBS) libibmtssutils.la libibmtss.la
+
+endif
diff --git a/utils/Platform.h b/utils/Platform.h
new file mode 100644
index 000000000..9c5a594d3
--- /dev/null
+++ b/utils/Platform.h
@@ -0,0 +1,361 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Platform.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 122 */
+
+// C.8	Platform.h
+
+#ifndef    PLATFORM_H
+#define    PLATFORM_H
+
+// C.8.1.	Includes and Defines
+
+#include <ibmtss/BaseTypes.h>
+#include "stdint.h"
+#include "TpmError.h"
+#include <ibmtss/TpmBuildSwitches.h>
+
+// C.8.2.	Power Functions
+// C.8.2.1.	_plat__Signal_PowerOn
+// Signal power on This signal is simulate by a RPC call
+
+LIB_EXPORT int
+_plat__Signal_PowerOn(void);
+
+// C.8.2.2.	_plat__Signal_Reset
+// Signal reset This signal is simulate by a RPC call
+
+LIB_EXPORT int
+_plat__Signal_Reset(void);
+
+// C.8.2.3.	_plat__WasPowerLost()
+// Indicates if the power was lost before a _TPM__Init().
+
+LIB_EXPORT BOOL
+_plat__WasPowerLost(BOOL clear);
+
+// C.8.2.4.	_plat__Signal_PowerOff()
+// Signal power off This signal is simulate by a RPC call
+
+LIB_EXPORT void
+_plat__Signal_PowerOff(void);
+
+// C.8.3.	Physical Presence Functions
+// C.8.3.1.	_plat__PhysicalPresenceAsserted()
+// Check if physical presence is signaled
+// Return Value	Meaning
+// TRUE	if physical presence is signaled
+// FALSE	if physical presence is not signaled
+
+LIB_EXPORT BOOL
+_plat__PhysicalPresenceAsserted(void);
+
+// C.8.3.2.	_plat__Signal_PhysicalPresenceOn
+// Signal physical presence on This signal is simulate by a RPC call
+
+LIB_EXPORT void
+_plat__Signal_PhysicalPresenceOn(void);
+
+// C.8.3.3.	_plat__Signal_PhysicalPresenceOff()
+// Signal physical presence off This signal is simulate by a RPC call
+
+LIB_EXPORT void
+_plat__Signal_PhysicalPresenceOff(void);
+
+// C.8.4.	Command Canceling Functions
+// C.8.4.1.	_plat__IsCanceled()
+// Check if the cancel flag is set
+// Return Value	Meaning
+// TRUE	if cancel flag is set
+// FALSE	if cancel flag is not set
+
+LIB_EXPORT BOOL
+_plat__IsCanceled(void);
+
+// C.8.4.2.	_plat__SetCancel()
+// Set cancel flag.
+
+LIB_EXPORT void
+_plat__SetCancel(void);
+
+// C.8.4.3.	_plat__ClearCancel()
+// Clear cancel flag
+
+LIB_EXPORT void
+_plat__ClearCancel( void);
+
+// C.8.5.	NV memory functions
+// C.8.5.1.	_plat__NvErrors()
+
+// This function is used by the simulator to set the error flags in the NV subsystem to simulate an
+// error in the NV loading process
+
+LIB_EXPORT void
+_plat__NvErrors(
+		BOOL        recoverable,
+		BOOL        unrecoverable
+		);
+
+// C.8.5.2.	_plat__NVEnable()
+
+// Enable platform NV memory NV memory is automatically enabled at power on event.  This function is
+// mostly for TPM_Manufacture() to access NV memory without a power on event
+
+// Return Value	Meaning
+// 0	if success
+// non-0	if fail
+
+LIB_EXPORT int
+_plat__NVEnable(
+		void    *platParameter              // IN: platform specific parameters
+		);
+
+// C.8.5.3.	_plat__NVDisable()
+
+// Disable platform NV memory NV memory is automatically disabled at power off event.  This function
+// is mostly for TPM_Manufacture() to disable NV memory without a power off event
+
+LIB_EXPORT void
+_plat__NVDisable(void);
+
+// C.8.5.4.	_plat__IsNvAvailable()
+// Check if NV is available
+// Return Value	Meaning
+// 0	NV is available
+// 1	NV is not available due to write failure
+// 2	NV is not available due to rate limit
+
+LIB_EXPORT int
+_plat__IsNvAvailable(void);
+
+// C.8.5.5.	_plat__NvCommit()
+// Update NV chip
+// Return Value	Meaning
+// 0	NV write success
+// non-0	NV write fail
+
+LIB_EXPORT int
+_plat__NvCommit(void);
+
+// C.8.5.6.	_plat__NvMemoryRead()
+// Read a chunk of NV memory
+
+LIB_EXPORT void
+_plat__NvMemoryRead(
+		    unsigned int        startOffset,         // IN: read start
+		    unsigned int        size,                // IN: size of bytes to read
+		    void                *data                // OUT: data buffer
+		    );
+
+// C.8.5.7.	_plat__NvIsDifferent()
+
+// This function checks to see if the NV is different from the test value. This is so that NV will
+// not be written if it has not changed.
+
+// Return Value	Meaning
+// TRUE	the NV location is different from the test value
+// FALSE	the NV location is the same as the test value
+
+LIB_EXPORT BOOL
+_plat__NvIsDifferent(
+		     unsigned int         startOffset,         // IN: read start
+		     unsigned int         size,                // IN: size of bytes to compare
+		     void                *data                 // IN: data buffer
+		     );
+
+// C.8.5.8.	_plat__NvMemoryWrite()
+
+// Write a chunk of NV memory
+
+LIB_EXPORT void
+_plat__NvMemoryWrite(
+		     unsigned int        startOffset,         // IN: read start
+		     unsigned int        size,                // IN: size of bytes to read
+		     void                *data                // OUT: data buffer
+		     );
+
+// C.8.5.9.	_plat__NvMemoryClear()
+
+// Function is used to set a range of NV memory bytes to an implementation-dependent value. The
+// value represents the errase state of the memory.
+
+LIB_EXPORT void
+_plat__NvMemoryClear(
+		     unsigned int     start,         // IN: clear start
+		     unsigned int     size           // IN: number of bytes to be clear
+		     );
+
+// C.8.5.10.	_plat__NvMemoryMove()
+
+// Move a chunk of NV memory from source to destination This function should ensure that if there
+// overlap, the original data is copied before it is written
+
+LIB_EXPORT void
+_plat__NvMemoryMove(
+		    unsigned int        sourceOffset,         // IN: source offset
+		    unsigned int        destOffset,           // IN: destination offset
+		    unsigned int        size                  // IN: size of data being moved
+		    );
+
+// C.8.5.11.	_plat__SetNvAvail()
+
+// Set the current NV state to available.  This function is for testing purposes only.  It is not
+// part of the platform NV logic
+
+LIB_EXPORT void
+_plat__SetNvAvail(void);
+
+// C.8.5.12.	_plat__ClearNvAvail()
+
+// Set the current NV state to unavailable.  This function is for testing purposes only.  It is not
+// part of the platform NV logic
+
+LIB_EXPORT void
+_plat__ClearNvAvail(void);
+
+// C.8.6.	Locality Functions
+// C.8.6.1.	_plat__LocalityGet()
+// Get the most recent command locality in locality value form
+
+LIB_EXPORT unsigned char
+_plat__LocalityGet(void);
+
+// C.8.6.2.	_plat__LocalitySet()
+// Set the most recent command locality in locality value form
+
+LIB_EXPORT void
+_plat__LocalitySet(
+		   unsigned char   locality
+		   );
+
+// C.8.7.	Clock Constants and Functions
+// Assume that the nominal divisor is 30000
+
+#define     CLOCK_NOMINAL           30000
+
+// A 1% change in rate is 300 counts
+
+#define     CLOCK_ADJUST_COARSE     300
+
+// A .1 change in rate is 30 counts
+
+#define     CLOCK_ADJUST_MEDIUM     30
+
+// A minimum change in rate is 1 count
+
+#define     CLOCK_ADJUST_FINE       1
+
+// The clock tolerance is +/-15% (4500 counts) Allow some guard band (16.7%)
+
+#define     CLOCK_ADJUST_LIMIT      5000
+
+// C.8.7.1.	_plat__ClockReset()
+
+// This function sets the current clock time as initial time.  This function is called at a power on
+// event to reset the clock
+
+LIB_EXPORT void
+_plat__ClockReset(void);
+
+// C.8.7.2.	_plat__ClockTimeFromStart()
+
+// Function returns the compensated time from the start of the command when
+// _plat__ClockTimeFromStart() was called.
+
+LIB_EXPORT unsigned long long
+_plat__ClockTimeFromStart(void);
+
+// C.8.7.3.	_plat__ClockTimeElapsed()
+
+// Get the time elapsed from current to the last time the _plat__ClockTimeElapsed() is called.  For
+// the first _plat__ClockTimeElapsed() call after a power on event, this call report the elapsed
+// time from power on to the current call
+
+LIB_EXPORT unsigned long long
+_plat__ClockTimeElapsed(void);
+
+// C.8.7.4.	_plat__ClockAdjustRate()
+// Adjust the clock rate
+
+LIB_EXPORT void
+_plat__ClockAdjustRate(
+		       int         adjust              // IN: the adjust number.  It could be
+		       // positive or negative
+		       );
+
+// C.8.8.	Single Function Files
+// C.8.8.1.	_plat__GetEntropy()
+
+// This function is used to get available hardware entropy. In a hardware implementation of this
+// function, there would be no call to the system to get entropy. If the caller does not ask for any
+// entropy, then this is a startup indication and firstValue should be reset.
+
+//     Return Value	Meaning
+//     < 0	hardware failure of the entropy generator, this is sticky
+//       >= 0	the returned amount of entropy (bytes)
+
+LIB_EXPORT int32_t
+_plat__GetEntropy(
+		  unsigned char       *entropy,           // output buffer
+		  uint32_t             amount             // amount requested
+		  );
+
+#endif
diff --git a/utils/Unmarshal.c b/utils/Unmarshal.c
new file mode 100644
index 000000000..70dacda3e
--- /dev/null
+++ b/utils/Unmarshal.c
@@ -0,0 +1,4961 @@
+/********************************************************************************/
+/*										*/
+/*			     Parameter Unmarshaling				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <string.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+
+/* The functions with the TSS_ prefix are preferred.  They use an unsigned size.  The functions
+   without the prefix are deprecated.  */
+
+/* TPM_TSS_NOCMDCHECK defined strips the unmarshal functions used for command parameter checking
+   TPM_TSS_NODEPRECATED	defines strips the deprecated functions that used a signed size
+*/
+
+/* The int and array functions are common to TPM 1.2 and TPM 2.0 */
+
+TPM_RC
+TSS_UINT8_Unmarshalu(UINT8 *target, BYTE **buffer, uint32_t *size)
+{
+    if (*size < sizeof(UINT8)) {
+	return TPM_RC_INSUFFICIENT;
+    }
+    *target = (*buffer)[0];
+    *buffer += sizeof(UINT8);
+    *size -= sizeof(UINT8);
+    return TPM_RC_SUCCESS;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC
+TSS_INT8_Unmarshalu(INT8 *target, BYTE **buffer, uint32_t *size)
+{
+    return TSS_UINT8_Unmarshalu((UINT8 *)target, buffer, size);
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+TPM_RC
+TSS_UINT16_Unmarshalu(uint16_t *target, BYTE **buffer, uint32_t *size)
+{
+    if (*size < sizeof(uint16_t)) {
+	return TPM_RC_INSUFFICIENT;
+    }
+    *target = ((uint16_t)((*buffer)[0]) << 8) |
+	      ((uint16_t)((*buffer)[1]) << 0);
+    *buffer += sizeof(uint16_t);
+    *size -= sizeof(uint16_t);
+    return TPM_RC_SUCCESS;
+}
+
+TPM_RC
+TSS_UINT32_Unmarshalu(UINT32 *target, BYTE **buffer, uint32_t *size)
+{
+    if (*size < sizeof(uint32_t)) {
+	return TPM_RC_INSUFFICIENT;
+    }
+    *target = ((uint32_t)((*buffer)[0]) << 24) |
+	      ((uint32_t)((*buffer)[1]) << 16) |
+	      ((uint32_t)((*buffer)[2]) <<  8) |
+	      ((uint32_t)((*buffer)[3]) <<  0);
+    *buffer += sizeof(uint32_t);
+    *size -= sizeof(uint32_t);
+    return TPM_RC_SUCCESS;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK    
+TPM_RC
+TSS_INT32_Unmarshalu(INT32 *target, BYTE **buffer, uint32_t *size)
+{
+    return TSS_UINT32_Unmarshalu((UINT32 *)target, buffer, size);
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+TPM_RC
+TSS_UINT64_Unmarshalu(UINT64 *target, BYTE **buffer, uint32_t *size)
+{
+    if (*size < sizeof(UINT64)) {
+	return TPM_RC_INSUFFICIENT;
+    }
+    *target = ((UINT64)((*buffer)[0]) << 56) |
+	      ((UINT64)((*buffer)[1]) << 48) |
+	      ((UINT64)((*buffer)[2]) << 40) |
+	      ((UINT64)((*buffer)[3]) << 32) |
+	      ((UINT64)((*buffer)[4]) << 24) |
+	      ((UINT64)((*buffer)[5]) << 16) |
+	      ((UINT64)((*buffer)[6]) <<  8) |
+	      ((UINT64)((*buffer)[7]) <<  0);
+    *buffer += sizeof(UINT64);
+    *size -= sizeof(UINT64);
+    return TPM_RC_SUCCESS;
+}
+
+TPM_RC
+TSS_Array_Unmarshalu(BYTE *targetBuffer, uint16_t targetSize, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (*size < targetSize) {
+	rc = TPM_RC_INSUFFICIENT;
+    }
+    else {
+	memcpy(targetBuffer, *buffer, targetSize);
+	*buffer += targetSize;
+	*size -= targetSize;
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NODEPRECATED
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_UINT8_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_INT8_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_UINT16_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_UINT32_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_INT32_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_UINT64_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC Array_Unmarshal(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, INT32 *size)
+{
+    return TSS_Array_Unmarshalu(targetBuffer, targetSize, buffer, (uint32_t *)size);
+}
+
+#endif /* TPM_TSS_NOCMDCHECK */
+#endif /* TPM_TSS_NODEPRECATED */
+#ifdef TPM_TPM20
+
+TPM_RC
+TSS_TPM2B_Unmarshalu(TPM2B *target, uint16_t targetSize, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size > targetSize) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_Array_Unmarshalu(target->buffer, target->size, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 5 - Definition of Types for Documentation Clarity */
+
+TPM_RC
+TSS_TPM_KEY_BITS_Unmarshalu(TPM_KEY_BITS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 7 - Definition of (UINT32) TPM_GENERATED Constants <O> */
+
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC
+TSS_TPM_GENERATED_Unmarshalu(TPM_GENERATED *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (*target != TPM_GENERATED_VALUE) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_ALG_ID_Unmarshalu(TPM_ALG_ID *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> */
+
+#ifdef TPM_ALG_ECC
+TPM_RC
+TSS_TPM_ECC_CURVE_Unmarshalu(TPM_ECC_CURVE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+#endif	/*  TPM_ALG_ECC */
+
+/* Table 13 - Definition of (UINT32) TPM_CC Constants (Numeric Order) <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_CC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 17 - Definition of (UINT32) TPM_RC Constants (Actions) <OUT> */
+
+TPM_RC
+TSS_TPM_RC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 18 - Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> */
+
+TPM_RC
+TSS_TPM_CLOCK_ADJUST_Unmarshalu(TPM_CLOCK_ADJUST *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_INT8_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_CLOCK_COARSE_SLOWER:
+	  case TPM_CLOCK_MEDIUM_SLOWER:
+	  case TPM_CLOCK_FINE_SLOWER:
+	  case TPM_CLOCK_NO_CHANGE:
+	  case TPM_CLOCK_FINE_FASTER:
+	  case TPM_CLOCK_MEDIUM_FASTER:
+	  case TPM_CLOCK_COARSE_FASTER:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 19 - Definition of (UINT16) TPM_EO Constants <IN/OUT> */
+
+TPM_RC
+TSS_TPM_EO_Unmarshalu(TPM_EO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_EO_EQ:
+	  case TPM_EO_NEQ:
+	  case TPM_EO_SIGNED_GT:
+	  case TPM_EO_UNSIGNED_GT:
+	  case TPM_EO_SIGNED_LT:
+	  case TPM_EO_UNSIGNED_LT:
+	  case TPM_EO_SIGNED_GE:
+	  case TPM_EO_UNSIGNED_GE:
+	  case TPM_EO_SIGNED_LE:
+	  case TPM_EO_UNSIGNED_LE:
+	  case TPM_EO_BITSET:
+	  case TPM_EO_BITCLEAR:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 20 - Definition of (UINT16) TPM_ST Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_ST_Unmarshalu(TPM_ST *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+/* Table 21 - Definition of (UINT16) TPM_SU Constants <IN> */
+
+TPM_RC
+TSS_TPM_SU_Unmarshalu(TPM_SU *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_SU_CLEAR:
+	  case TPM_SU_STATE:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 22 - Definition of (UINT8) TPM_SE Constants <IN> */
+
+TPM_RC
+TSS_TPM_SE_Unmarshalu(TPM_SE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT8_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_SE_HMAC:
+	  case TPM_SE_POLICY:
+	  case TPM_SE_TRIAL:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 23 - Definition of (UINT32) TPM_CAP Constants  */
+
+TPM_RC
+TSS_TPM_CAP_Unmarshalu(TPM_CAP *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 24 - Definition of (UINT32) TPM_PT Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_PT_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 25 - Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_PT_PCR_Unmarshalu(TPM_PT_PCR *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 27 - Definition of Types for Handles */
+
+TPM_RC
+TSS_TPM_HANDLE_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 31 - Definition of (UINT32) TPMA_ALGORITHM Bits */
+
+TPM_RC
+TSS_TPMA_ALGORITHM_Unmarshalu(TPMA_ALGORITHM *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->val & TPMA_ALGORITHM_RESERVED) {
+	    rc = TPM_RC_RESERVED_BITS;
+	}
+    }
+    return rc;
+}
+
+/* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */
+
+TPM_RC
+TSS_TPMA_OBJECT_Unmarshalu(TPMA_OBJECT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->val & TPMA_OBJECT_RESERVED) {
+	    rc = TPM_RC_RESERVED_BITS;
+	}
+    }
+    return rc;
+}
+
+/* Table 33 - Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> */
+
+TPM_RC
+TSS_TPMA_SESSION_Unmarshalu(TPMA_SESSION *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT8_Unmarshalu(&target->val, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->val & TPMA_SESSION_RESERVED) {
+	    rc = TPM_RC_RESERVED_BITS;
+	}
+    }
+    return rc;
+}
+
+/* Table 34 - Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> */
+
+TPM_RC
+TSS_TPMA_LOCALITY_Unmarshalu(TPMA_LOCALITY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT8_Unmarshalu(&target->val, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 38 - Definition of (TPM_CC) TPMA_CC Bits <OUT> */
+
+TPM_RC
+TSS_TPMA_CC_Unmarshalu(TPMA_CC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->val & TPMA_CC_RESERVED) {
+	    rc = TPM_RC_RESERVED_BITS;
+	}
+    }
+    return rc;
+}
+
+/* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */
+
+TPM_RC
+TSS_TPMI_YES_NO_Unmarshalu(TPMI_YES_NO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT8_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */
+
+TPM_RC
+TSS_TPMI_DH_OBJECT_Unmarshalu(TPMI_DH_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST);
+	BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST);
+	BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull;
+	if (isNotTransient &&
+	    isNotPersistent &&
+	    isNotLegalNull) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */
+
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC
+TSS_TPMI_DH_PERSISTENT_Unmarshalu(TPMI_DH_PERSISTENT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST);
+	if (isNotPersistent) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> */
+
+TPM_RC
+TSS_TPMI_DH_ENTITY_Unmarshalu(TPMI_DH_ENTITY *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotOwner = *target != TPM_RH_OWNER;
+	BOOL isNotEndorsement = *target != TPM_RH_ENDORSEMENT;
+	BOOL isNotPlatform = *target != TPM_RH_PLATFORM;
+	BOOL isNotLockout = *target != TPM_RH_LOCKOUT;
+	BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST);
+	BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST);
+	BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
+	BOOL isNotPcr = (*target > PCR_LAST);
+	BOOL isNotAuth = (*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF);
+	BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull;
+	if (isNotOwner &&
+	    isNotEndorsement &&
+	    isNotPlatform &&
+	    isNotLockout &&
+	    isNotTransient &&
+	    isNotPersistent &&
+	    isNotNv &&
+	    isNotPcr &&
+	    isNotAuth &&
+	    isNotLegalNull) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 43 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> */
+
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC
+TSS_TPMI_DH_PCR_Unmarshalu(TPMI_DH_PCR *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotPcr = (*target > PCR_LAST);
+	BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull;
+	if (isNotPcr &&
+	    isNotLegalNull) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, uint32_t *size, BOOL allowPwd)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST);
+	BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST);
+	BOOL isNotLegalPwd = (*target != TPM_RS_PW) || !allowPwd;
+	if (isNotHmacSession &&
+	    isNotPolicySession &&
+	    isNotLegalPwd) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> */
+
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC
+TSS_TPMI_SH_HMAC_Unmarshalu(TPMI_SH_HMAC *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST);
+	if (isNotHmacSession) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 46 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_SH_POLICY_Unmarshalu(TPMI_SH_POLICY *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST);
+	if (isNotPolicySession) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 47 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type  */
+
+TPM_RC
+TSS_TPMI_DH_CONTEXT_Unmarshalu(TPMI_DH_CONTEXT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST);
+	BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST);
+	BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST);
+	if (isNotHmacSession &&
+	    isNotPolicySession &&
+	    isNotTransient) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type  */
+
+TPM_RC
+TSS_TPMI_DH_SAVED_Unmarshalu(TPMI_DH_SAVED *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST);
+	BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST);
+	BOOL isNotTransient = (*target != 0x80000000);
+	BOOL isNotSequence = (*target != 0x80000001);
+	BOOL isNotTransientStClear = (*target != 0x80000002);
+
+	if (isNotHmacSession &&
+	    isNotPolicySession &&
+	    isNotTransient && 
+	    isNotSequence &&
+	    isNotTransientStClear) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type  */
+
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_Unmarshalu(TPMI_RH_HIERARCHY *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_OWNER:
+	  case TPM_RH_PLATFORM:
+	  case TPM_RH_ENDORSEMENT:
+	    break;
+	  case TPM_RH_NULL:
+	    if (!allowNull) {
+		rc = TPM_RC_VALUE;
+	    }
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+/* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */
+
+#ifndef TPM_TSS_NOCMDCHECK
+TPM_RC
+TSS_TPMI_RH_ENABLES_Unmarshalu(TPMI_RH_ENABLES *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_OWNER:
+	  case TPM_RH_PLATFORM:
+	  case TPM_RH_ENDORSEMENT:
+	  case TPM_RH_PLATFORM_NV:
+	    break;
+	  case TPM_RH_NULL:
+	    if (!allowNull) {
+		rc = TPM_RC_VALUE;
+	    }
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_AUTH_Unmarshalu(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_OWNER:
+	  case TPM_RH_PLATFORM:
+	  case TPM_RH_ENDORSEMENT:
+	  case TPM_RH_LOCKOUT:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_PLATFORM_Unmarshalu(TPMI_RH_PLATFORM *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_PLATFORM:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_ENDORSEMENT_Unmarshalu(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_ENDORSEMENT:
+	    break;
+	  case TPM_RH_NULL:
+	    if (!allowNull) {
+		rc = TPM_RC_VALUE;
+	    }
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_PROVISION_Unmarshalu(TPMI_RH_PROVISION *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_OWNER:
+	  case TPM_RH_PLATFORM:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_CLEAR_Unmarshalu(TPMI_RH_CLEAR *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_LOCKOUT:
+	  case TPM_RH_PLATFORM:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_NV_AUTH_Unmarshalu(TPMI_RH_NV_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_OWNER:
+	  case TPM_RH_PLATFORM:
+	    break;
+	  default:
+	      {
+		  BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
+		  if (isNotNv) {
+		      rc = TPM_RC_VALUE;
+		  }
+	      }
+	}
+    }
+    return rc;
+}
+
+/* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_LOCKOUT_Unmarshalu(TPMI_RH_LOCKOUT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_RH_LOCKOUT:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 58 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_RH_NV_INDEX_Unmarshalu(TPMI_RH_NV_INDEX *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
+	if (isNotNv) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+
+TPM_RC
+TSS_TPMI_ALG_HASH_Unmarshalu(TPMI_ALG_HASH *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */
+
+TPM_RC
+TSS_TPMI_ALG_SYM_Unmarshalu(TPMI_ALG_SYM *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */
+
+TPM_RC
+TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */
+
+TPM_RC
+TSS_TPMI_ALG_SYM_MODE_Unmarshalu(TPMI_ALG_SYM_MODE *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */
+
+TPM_RC
+TSS_TPMI_ALG_KDF_Unmarshalu(TPMI_ALG_KDF *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+   
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 65 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 66 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */
+
+TPM_RC
+TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 67 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */
+
+TPM_RC
+TSS_TPMI_ST_COMMAND_TAG_Unmarshalu(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ST_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_ST_NO_SESSIONS:
+	  case TPM_ST_SESSIONS:
+	    break;
+	  default:
+	    rc = TPM_RC_BAD_TAG;
+	}
+    }
+    return rc;
+}
+
+/* Table 70 TPMI_ALG_MAC_SCHEME */
+
+TPM_RC
+TSS_TPMI_ALG_MAC_SCHEME_Unmarshalu(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+    
+/* Table 70 TPMI_ALG_CIPHER_MODE */
+
+TPM_RC
+TSS_TPMI_ALG_CIPHER_MODE_Unmarshalu(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 68 - Definition of TPMS_EMPTY Structure <IN/OUT> */
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC
+TSS_TPMS_EMPTY_Unmarshalu(TPMS_EMPTY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    target = target;
+    buffer = buffer;
+    size = size;
+    return rc;
+}
+
+/* Table 70 - Definition of TPMU_HA Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_HA_Unmarshalu(TPMU_HA *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_SHA1
+      case TPM_ALG_SHA1:
+	rc = TSS_Array_Unmarshalu(target->sha1, SHA1_DIGEST_SIZE, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SHA256
+      case TPM_ALG_SHA256:
+	rc = TSS_Array_Unmarshalu(target->sha256, SHA256_DIGEST_SIZE, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SHA384
+      case TPM_ALG_SHA384:
+	rc =TSS_Array_Unmarshalu(target->sha384, SHA384_DIGEST_SIZE, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SHA512
+      case TPM_ALG_SHA512:
+	rc = TSS_Array_Unmarshalu(target->sha512, SHA512_DIGEST_SIZE, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SM3_256
+      case TPM_ALG_SM3_256:
+	rc = TSS_Array_Unmarshalu(target->sm3_256, SM3_256_DIGEST_SIZE, buffer, size);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 71 - Definition of TPMT_HA Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPMT_HA_Unmarshalu(TPMT_HA *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_HA_Unmarshalu(&target->digest, buffer, size, target->hashAlg);
+    }
+    return rc;
+}
+
+/* Table 72 - Definition of TPM2B_DIGEST Structure */
+
+TPM_RC
+TSS_TPM2B_DIGEST_Unmarshalu(TPM2B_DIGEST *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 73 - Definition of TPM2B_DATA Structure */
+
+TPM_RC
+TSS_TPM2B_DATA_Unmarshalu(TPM2B_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 74 - Definition of Types for TPM2B_NONCE */
+
+TPM_RC
+TSS_TPM2B_NONCE_Unmarshalu(TPM2B_NONCE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 75 - Definition of Types for TPM2B_AUTH */
+
+TPM_RC
+TSS_TPM2B_AUTH_Unmarshalu(TPM2B_AUTH *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 76 - Definition of Types for TPM2B_OPERAND */
+
+TPM_RC
+TSS_TPM2B_OPERAND_Unmarshalu(TPM2B_OPERAND *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 77 - Definition of TPM2B_EVENT Structure */
+
+TPM_RC
+TSS_TPM2B_EVENT_Unmarshalu(TPM2B_EVENT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+ 
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 78 - Definition of TPM2B_MAX_BUFFER Structure */
+
+TPM_RC
+TSS_TPM2B_MAX_BUFFER_Unmarshalu(TPM2B_MAX_BUFFER *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 79 - Definition of TPM2B_MAX_NV_BUFFER Structure */
+
+TPM_RC
+TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 80 - Definition of TPM2B_TIMEOUT Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_TIMEOUT_Unmarshalu(TPM2B_TIMEOUT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 81 - Definition of TPM2B_IV Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_IV_Unmarshalu(TPM2B_IV *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 83 - Definition of TPM2B_NAME Structure */
+
+TPM_RC
+TSS_TPM2B_NAME_Unmarshalu(TPM2B_NAME *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.name), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 85 - Definition of TPMS_PCR_SELECTION Structure */
+
+TPM_RC
+TSS_TPMS_PCR_SELECTION_Unmarshalu(TPMS_PCR_SELECTION *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hash, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT8_Unmarshalu(&target->sizeofSelect, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->sizeofSelect > PCR_SELECT_MAX) {
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_Array_Unmarshalu(target->pcrSelect, target->sizeofSelect, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 88 - Definition of TPMT_TK_CREATION Structure */
+
+TPM_RC
+TSS_TPMT_TK_CREATION_Unmarshalu(TPMT_TK_CREATION *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->tag != TPM_ST_CREATION) {
+	    rc = TPM_RC_TAG;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 89 - Definition of TPMT_TK_VERIFIED Structure */
+
+TPM_RC
+TSS_TPMT_TK_VERIFIED_Unmarshalu(TPMT_TK_VERIFIED *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->tag != TPM_ST_VERIFIED) {
+	    rc = TPM_RC_TAG;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 90 - Definition of TPMT_TK_AUTH Structure */
+
+TPM_RC
+TSS_TPMT_TK_AUTH_Unmarshalu(TPMT_TK_AUTH *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if ((target->tag != TPM_ST_AUTH_SIGNED) &&
+	    (target->tag != TPM_ST_AUTH_SECRET)) {
+	    rc = TPM_RC_TAG;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */
+
+TPM_RC
+TSS_TPMT_TK_HASHCHECK_Unmarshalu(TPMT_TK_HASHCHECK *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ST_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->tag != TPM_ST_HASHCHECK) {
+	    rc = TPM_RC_TAG;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 92 - Definition of TPMS_ALG_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_ALG_PROPERTY_Unmarshalu(TPMS_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(&target->alg, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMA_ALGORITHM_Unmarshalu(&target->algProperties, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 93 - Definition of TPMS_TAGGED_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_PT_Unmarshalu(&target->property, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->value, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 94 - Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_PT_PCR_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT8_Unmarshalu(&target->sizeofSelect, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_Array_Unmarshalu(target->pcrSelect, target->sizeofSelect, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 100 - Definition of TPMS_TAGGED_POLICY Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TAGGED_POLICY_Unmarshalu(TPMS_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size) 
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(&target->handle, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_HA_Unmarshalu(&target->policyHash, buffer, size, YES);
+    }
+    return rc;
+}
+
+/* Table 95 - Definition of TPML_CC Structure */
+
+TPM_RC
+TSS_TPML_CC_Unmarshalu(TPML_CC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_CAP_CC) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPM_CC_Unmarshalu(&target->commandCodes[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 96 - Definition of TPML_CCA Structure <OUT> */
+
+TPM_RC
+TSS_TPML_CCA_Unmarshalu(TPML_CCA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_CAP_CC) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMA_CC_Unmarshalu(&target->commandAttributes[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 97 - Definition of TPML_ALG Structure */
+
+TPM_RC
+TSS_TPML_ALG_Unmarshalu(TPML_ALG *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_ALG_LIST_SIZE) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(&target->algorithms[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 98 - Definition of TPML_HANDLE Structure <OUT> */
+
+TPM_RC
+TSS_TPML_HANDLE_Unmarshalu(TPML_HANDLE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_CAP_HANDLES) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(&target->handle[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 99 - Definition of TPML_DIGEST Structure */
+
+/* PolicyOr has a restriction of at least a count of two.  This function is also used to unmarshal
+   PCR_Read, where a count of one is permitted.
+*/
+
+TPM_RC
+TSS_TPML_DIGEST_Unmarshalu(TPML_DIGEST *target, BYTE **buffer, uint32_t *size, uint32_t minCount)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count < minCount) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > 8) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->digests[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 100 - Definition of TPML_DIGEST_VALUES Structure */
+
+TPM_RC
+TSS_TPML_DIGEST_VALUES_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > HASH_COUNT) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMT_HA_Unmarshalu(&target->digests[i], buffer, size, NO);
+    }
+    return rc;
+}
+
+/* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+
+TPM_RC
+TSS_TPML_PCR_SELECTION_Unmarshalu(TPML_PCR_SELECTION *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > HASH_COUNT) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMS_PCR_SELECTION_Unmarshalu(&target->pcrSelections[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 103 - Definition of TPML_ALG_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_ALG_PROPERTY_Unmarshalu(TPML_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_CAP_ALGS) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMS_ALG_PROPERTY_Unmarshalu(&target->algProperties[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 104 - Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(TPML_TAGGED_TPM_PROPERTY  *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_TPM_PROPERTIES) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(&target->tpmProperty[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 105 - Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_PCR_PROPERTIES) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(&target->pcrProperty[i], buffer, size);
+    }
+    return rc;
+}
+
+/* Table 106 - Definition of {ECC} TPML_ECC_CURVE Structure <OUT> */
+
+TPM_RC
+TSS_TPML_ECC_CURVE_Unmarshalu(TPML_ECC_CURVE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_ECC_CURVES) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPM_ECC_CURVE_Unmarshalu(&target->eccCurves[i], buffer, size);
+    }
+    return rc;	
+}
+
+/* Table 112 - Definition of TPML_TAGGED_POLICY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_TAGGED_POLICY_Unmarshalu(TPML_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t i;  
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > MAX_TAGGED_POLICIES) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMS_TAGGED_POLICY_Unmarshalu(&target->policies[i], buffer, size);
+    }
+    return rc;	
+}
+
+/* Table 107 - Definition of TPMU_CAPABILITIES Union <OUT> */
+
+TPM_RC
+TSS_TPMU_CAPABILITIES_Unmarshalu(TPMU_CAPABILITIES *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+      case TPM_CAP_ALGS:
+	rc = TSS_TPML_ALG_PROPERTY_Unmarshalu(&target->algorithms, buffer, size);
+	break;
+      case TPM_CAP_HANDLES:
+	rc = TSS_TPML_HANDLE_Unmarshalu(&target->handles, buffer, size);
+	break;
+      case TPM_CAP_COMMANDS:
+	rc = TSS_TPML_CCA_Unmarshalu(&target->command, buffer, size);
+	break;
+      case TPM_CAP_PP_COMMANDS:
+	rc = TSS_TPML_CC_Unmarshalu(&target->ppCommands, buffer, size);
+	break;
+      case TPM_CAP_AUDIT_COMMANDS:
+	rc = TSS_TPML_CC_Unmarshalu(&target->auditCommands, buffer, size);
+	break;
+      case TPM_CAP_PCRS:
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->assignedPCR, buffer, size);
+	break;
+      case TPM_CAP_TPM_PROPERTIES:
+	rc = TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(&target->tpmProperties, buffer, size);
+	break;
+      case TPM_CAP_PCR_PROPERTIES:
+	rc = TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(&target->pcrProperties, buffer, size);
+	break;
+      case TPM_CAP_ECC_CURVES:
+	rc = TSS_TPML_ECC_CURVE_Unmarshalu(&target->eccCurves, buffer, size);
+	break;
+      case TPM_CAP_AUTH_POLICIES:
+	rc = TSS_TPML_TAGGED_POLICY_Unmarshalu(&target->authPolicies, buffer, size);
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 108 - Definition of TPMS_CAPABILITY_DATA Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CAPABILITY_DATA_Unmarshalu(TPMS_CAPABILITY_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+  
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_CAP_Unmarshalu(&target->capability, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_CAPABILITIES_Unmarshalu(&target->data, buffer, size, target->capability);
+    }
+    return rc;
+}
+
+/* Table 109 - Definition of TPMS_CLOCK_INFO Structure */
+
+TPM_RC
+TSS_TPMS_CLOCK_INFO_Unmarshalu(TPMS_CLOCK_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->clock, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->resetCount, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->restartCount, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->safe, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 110 - Definition of TPMS_TIME_INFO Structure */
+
+TPM_RC
+TSS_TPMS_TIME_INFO_Unmarshalu(TPMS_TIME_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->time, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_CLOCK_INFO_Unmarshalu(&target->clockInfo, buffer, size);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_TIME_INFO_Unmarshalu(&target->time, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->firmwareVersion, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 112 - Definition of TPMS_CERTIFY_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CERTIFY_INFO_Unmarshalu(TPMS_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->qualifiedName, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 113 - Definition of TPMS_QUOTE_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_QUOTE_INFO_Unmarshalu(TPMS_QUOTE_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelect, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->pcrDigest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 114 - Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->auditCounter, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(&target->digestAlg, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->auditDigest, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->commandDigest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 115 - Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->exclusiveSession, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->sessionDigest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 116 - Definition of TPMS_CREATION_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CREATION_INFO_Unmarshalu(TPMS_CREATION_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->objectName, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 117 - Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->indexName, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->offset, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->nvContents, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure <OUT> */
+TPM_RC
+TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Unmarshalu(TPMS_NV_DIGEST_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->indexName, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->nvDigest, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 118 - Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT> */
+
+TPM_RC
+TSS_TPMI_ST_ATTEST_Unmarshalu(TPMI_ST_ATTEST *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ST_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/*  Table 119 - Definition of TPMU_ATTEST Union <OUT> */
+
+TPM_RC
+TSS_TPMU_ATTEST_Unmarshalu(TPMU_ATTEST *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+      case TPM_ST_ATTEST_CERTIFY:
+	rc = TSS_TPMS_CERTIFY_INFO_Unmarshalu(&target->certify, buffer, size);
+	break;
+      case TPM_ST_ATTEST_CREATION:
+	rc = TSS_TPMS_CREATION_INFO_Unmarshalu(&target->creation, buffer, size);
+	break;
+      case TPM_ST_ATTEST_QUOTE:
+	rc = TSS_TPMS_QUOTE_INFO_Unmarshalu(&target->quote, buffer, size);
+	break;
+      case TPM_ST_ATTEST_COMMAND_AUDIT:
+	rc = TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(&target->commandAudit, buffer, size);
+	break;
+      case TPM_ST_ATTEST_SESSION_AUDIT:
+	rc = TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(&target->sessionAudit, buffer, size);
+	break;
+      case TPM_ST_ATTEST_TIME:
+	rc = TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(&target->time, buffer, size);
+	break;
+      case TPM_ST_ATTEST_NV:
+	rc = TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(&target->nv, buffer, size);
+	break;
+      case TPM_ST_ATTEST_NV_DIGEST:
+	rc = TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Unmarshalu(&target->nvDigest, buffer, size);
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+	
+    }
+    return rc;
+}
+
+/* Table 120 - Definition of TPMS_ATTEST Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_ATTEST_Unmarshalu(TPMS_ATTEST *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_GENERATED_Unmarshalu(&target->magic, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ST_ATTEST_Unmarshalu(&target->type, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->qualifiedSigner, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->extraData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_CLOCK_INFO_Unmarshalu(&target->clockInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->firmwareVersion, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_ATTEST_Unmarshalu(&target->attested, buffer, size, target->type);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 121 - Definition of TPM2B_ATTEST Structure <OUT> */
+
+TPM_RC
+TSS_TPM2B_ATTEST_Unmarshalu(TPM2B_ATTEST *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.attestationData), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 123 - Definition of TPMS_AUTH_RESPONSE Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_AUTH_RESPONSE_Unmarshalu(TPMS_AUTH_RESPONSE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonce, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMA_SESSION_Unmarshalu(&target->sessionAttributes, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->hmac, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 124 - Definition of {!ALG.S} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */
+
+#ifdef TPM_ALG_AES
+
+TPM_RC
+TSS_TPMI_AES_KEY_BITS_Unmarshalu(TPMI_AES_KEY_BITS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+#endif	/* TPM_ALG_AES */
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+#ifdef TPM_ALG_CAMELLIA
+TPM_RC
+TSS_TPMI_CAMELLIA_KEY_BITS_Unmarshalu(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+#endif	/*  TPM_ALG_CAMELLIA */
+
+#ifdef TPM_ALG_SM4
+TPM_RC
+TSS_TPMI_SM4_KEY_BITS_Unmarshalu(TPMI_SM4_KEY_BITS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+#endif	/* TPM_ALG_SM4 */
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */
+
+TPM_RC
+TSS_TPMU_SYM_KEY_BITS_Unmarshalu(TPMU_SYM_KEY_BITS *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_AES
+      case TPM_ALG_AES:
+	rc = TSS_TPMI_AES_KEY_BITS_Unmarshalu(&target->aes, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SM4
+      case TPM_ALG_SM4:
+	rc = TSS_TPMI_SM4_KEY_BITS_Unmarshalu(&target->sm4, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_CAMELLIA
+      case TPM_ALG_CAMELLIA:
+	rc = TSS_TPMI_CAMELLIA_KEY_BITS_Unmarshalu(&target->camellia, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->xorr, buffer, size, NO);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 126 - Definition of TPMU_SYM_MODE Union */
+
+TPM_RC
+TSS_TPMU_SYM_MODE_Unmarshalu(TPMU_SYM_MODE *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_AES
+      case TPM_ALG_AES:
+	rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->aes, buffer, size, YES);
+	break;
+#endif
+#ifdef TPM_ALG_SM4
+      case TPM_ALG_SM4:
+	rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->sm4, buffer, size, YES);
+	break;
+#endif
+#ifdef TPM_ALG_CAMELLIA
+      case TPM_ALG_CAMELLIA:
+	rc = TSS_TPMI_ALG_SYM_MODE_Unmarshalu(&target->camellia, buffer, size, YES);
+	break;
+#endif
+      case TPM_ALG_XOR:
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 128 - Definition of TPMT_SYM_DEF Structure */
+
+TPM_RC
+TSS_TPMT_SYM_DEF_Unmarshalu(TPMT_SYM_DEF *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_SYM_Unmarshalu(&target->algorithm, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SYM_KEY_BITS_Unmarshalu(&target->keyBits, buffer, size, target->algorithm);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SYM_MODE_Unmarshalu(&target->mode, buffer, size, target->algorithm);
+    }
+    return rc;
+}
+
+/* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */
+
+TPM_RC
+TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(&target->algorithm, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SYM_KEY_BITS_Unmarshalu(&target->keyBits, buffer, size, target->algorithm);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SYM_MODE_Unmarshalu(&target->mode, buffer, size, target->algorithm);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 130 - Definition of TPM2B_SYM_KEY Structure */
+
+TPM_RC
+TSS_TPM2B_SYM_KEY_Unmarshalu(TPM2B_SYM_KEY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 131 - Definition of TPMS_SYMCIPHER_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->sym, buffer, size, NO);
+    }
+    return rc;
+}
+
+/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure */
+
+TPM_RC
+TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure <IN> */
+
+TPM_RC
+TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->userAuth, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->data, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 134 - Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> */
+
+TPM_RC
+TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t startSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	startSize = *size;
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(&target->sensitive, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+
+TPM_RC
+TSS_TPMS_SCHEME_HASH_Unmarshalu(TPMS_SCHEME_HASH *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO);
+    }
+    return rc;
+}
+
+/* Table 136 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */
+
+TPM_RC
+TSS_TPMS_SCHEME_ECDAA_Unmarshalu(TPMS_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size) 
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO);	
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->count, buffer, size);	
+    }
+    return rc;
+}
+
+/* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 138 - Definition of Types for HMAC_SIG_SCHEME */
+
+TPM_RC
+TSS_TPMS_SCHEME_HMAC_Unmarshalu(TPMS_SCHEME_HMAC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 139 - Definition of TPMS_SCHEME_XOR Structure */
+
+TPM_RC
+TSS_TPMS_SCHEME_XOR_Unmarshalu(TPMS_SCHEME_XOR *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hashAlg, buffer, size, NO);	/* as of rev 147 */
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_KDF_Unmarshalu(&target->kdf, buffer, size, YES);
+    }
+    return rc;
+}
+
+/* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	rc = TSS_TPMS_SCHEME_HMAC_Unmarshalu(&target->hmac, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+	rc = TSS_TPMS_SCHEME_XOR_Unmarshalu(&target->xorr, buffer, size);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+
+/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_ECDAA_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SIG_SCHEME_Unmarshalu(TPMU_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	rc = TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(&target->rsassa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(&target->rsapss, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	rc = TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(&target->ecdsa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	rc = TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(&target->ecdaa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	rc = TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(&target->sm2, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(&target->ecSchnorr, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	rc = TSS_TPMS_SCHEME_HMAC_Unmarshalu(&target->hmac, buffer, size);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_SIG_SCHEME_Unmarshalu(TPMT_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SIG_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 146 - Definition of Types for {RSA} Encryption Schemes */
+
+TPM_RC
+TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 146 - Definition of Types for {RSA} Encryption Schemes */
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC
+TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_EMPTY_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 147 - Definition of Types for {ECC} ECC Key Exchange */
+
+TPM_RC
+TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); 
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 147 - Definition of Types for {ECC} ECC Key Exchange */
+
+TPM_RC
+TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); 
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */
+
+TPM_RC
+TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); 
+    }
+    return rc;
+}
+
+/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */
+
+TPM_RC
+TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size); 
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */
+
+TPM_RC
+TSS_TPMS_SCHEME_KDF2_Unmarshalu(TPMS_SCHEME_KDF2 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */
+
+TPM_RC
+TSS_TPMS_SCHEME_MGF1_Unmarshalu(TPMS_SCHEME_MGF1 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 149 - Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_KDF_SCHEME_Unmarshalu(TPMU_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_MGF1
+      case TPM_ALG_MGF1:
+	rc = TSS_TPMS_SCHEME_MGF1_Unmarshalu(&target->mgf1, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_KDF1_SP800_56A
+      case TPM_ALG_KDF1_SP800_56A:
+	rc = TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(&target->kdf1_SP800_56a, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_KDF2
+      case TPM_ALG_KDF2:
+	rc = TSS_TPMS_SCHEME_KDF2_Unmarshalu(&target->kdf2, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_KDF1_SP800_108
+      case TPM_ALG_KDF1_SP800_108:
+	rc = TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(&target->kdf1_sp800_108, buffer, size);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 150 - Definition of TPMT_KDF_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_KDF_SCHEME_Unmarshalu(TPMT_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_KDF_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_KDF_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+
+/* Table 151 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */
+
+#if 0
+TPM_RC
+TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+#endif	/* 0 */
+
+/* Table 152 - Definition of TPMU_ASYM_SCHEME Union */
+
+TPM_RC
+TSS_TPMU_ASYM_SCHEME_Unmarshalu(TPMU_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_ECDH
+      case TPM_ALG_ECDH:
+	rc = TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(&target->ecdh, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECMQV
+      case TPM_ALG_ECMQV:
+	rc = TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(&target->ecmqvh, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	rc = TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(&target->rsassa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(&target->rsapss, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	rc = TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(&target->ecdsa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	rc = TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(&target->ecdaa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	rc = TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(&target->sm2, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(&target->ecSchnorr, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSAES
+      case TPM_ALG_RSAES:
+	rc = TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(&target->rsaes, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_OAEP
+      case TPM_ALG_OAEP:
+	rc = TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(&target->oaep, buffer, size);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 153 - Definition of TPMT_ASYM_SCHEME Structure <> */
+
+#if 0
+TPM_RC
+TSS_TPMT_ASYM_SCHEME_Unmarshalu(TPMT_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+#endif	/* 0 */
+
+/* Table 154 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_RSA_SCHEME_Unmarshalu(TPMT_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 156 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */
+
+TPM_RC
+TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */
+
+TPM_RC
+TSS_TPMT_RSA_DECRYPT_Unmarshalu(TPMT_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NOCMDCHECK */
+
+/* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */
+TPM_RC
+TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */
+
+TPM_RC
+TSS_TPMI_RSA_KEY_BITS_Unmarshalu(TPMI_RSA_KEY_BITS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 160 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */
+
+TPM_RC
+TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+ 
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 161 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */
+
+TPM_RC
+TSS_TPM2B_ECC_PARAMETER_Unmarshalu(TPM2B_ECC_PARAMETER *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+     	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 162 - Definition of {ECC} TPMS_ECC_POINT Structure */
+
+TPM_RC
+TSS_TPMS_ECC_POINT_Unmarshalu(TPMS_ECC_POINT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->x, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->y, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 163 - Definition of {ECC} TPM2B_ECC_POINT Structure */
+
+TPM_RC
+TSS_TPM2B_ECC_POINT_Unmarshalu(TPM2B_ECC_POINT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t startSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	startSize = *size;
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_ECC_POINT_Unmarshalu(&target->point, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+
+/* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */
+
+TPM_RC
+TSS_TPMI_ECC_CURVE_Unmarshalu(TPMI_ECC_CURVE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ECC_CURVE_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_ECC_SCHEME_Unmarshalu(TPMT_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(&target->scheme, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_ASYM_SCHEME_Unmarshalu(&target->details, buffer, size, target->scheme);
+    }
+    return rc;
+}
+
+/* Table 167 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->keySize, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_KDF_SCHEME_Unmarshalu(&target->kdf, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_ECC_SCHEME_Unmarshalu(&target->sign, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->p, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->a, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->b, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->gX, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->gY, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->n, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->h, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_RSA_Unmarshalu(TPMS_SIGNATURE_RSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hash, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->sig, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 169 - Definition of Types for {RSA} Signature */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SIGNATURE_RSA_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 169 - Definition of Types for {RSA} Signature */
+    
+TPM_RC
+TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SIGNATURE_RSA_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 170 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECC_Unmarshalu(TPMS_SIGNATURE_ECC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->hash, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->signatureR, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->signatureS, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 171 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+     
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+     
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMS_SIGNATURE_SM2_Unmarshalu(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+     
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+     
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 172 - Definition of TPMU_SIGNATURE Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SIGNATURE_Unmarshalu(TPMU_SIGNATURE *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	rc = TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(&target->rsassa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	rc = TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(&target->rsapss, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	rc = TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(&target->ecdsa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	rc = TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(&target->ecdaa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	rc = TSS_TPMS_SIGNATURE_SM2_Unmarshalu(&target->sm2, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	rc = TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(&target->ecschnorr, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	rc = TSS_TPMT_HA_Unmarshalu(&target->hmac, buffer, size, NO);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 173 - Definition of TPMT_SIGNATURE Structure */
+
+TPM_RC
+TSS_TPMT_SIGNATURE_Unmarshalu(TPMT_SIGNATURE *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(&target->sigAlg, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SIGNATURE_Unmarshalu(&target->signature, buffer, size, target->sigAlg);
+    }
+    return rc;
+}
+
+/* Table 175 - Definition of TPM2B_ENCRYPTED_SECRET Structure */
+
+TPM_RC
+TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.secret), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+
+TPM_RC
+TSS_TPMI_ALG_PUBLIC_Unmarshalu(TPMI_ALG_PUBLIC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(target, buffer, size);  
+    }
+    return rc;
+}
+
+/* Table 177 - Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_PUBLIC_ID_Unmarshalu(TPMU_PUBLIC_ID *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->keyedHash, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->sym, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA: 
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->rsa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	rc = TSS_TPMS_ECC_POINT_Unmarshalu(&target->ecc, buffer, size);
+	break;
+#endif
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES);
+    }
+    return rc;
+}
+
+/* Table 179 - Definition of TPMS_ASYM_PARMS Structure <> */
+
+#if 0
+TPM_RC
+TSS_TPMS_ASYM_PARMS_Unmarshalu(TPMS_ASYM_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetric, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_ASYM_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES);
+    }
+    return rc;
+}
+#endif
+
+/* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_RSA_PARMS_Unmarshalu(TPMS_RSA_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetric, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_RSA_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RSA_KEY_BITS_Unmarshalu(&target->keyBits, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->exponent, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_ECC_PARMS_Unmarshalu(TPMS_ECC_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(&target->symmetric, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_ECC_SCHEME_Unmarshalu(&target->scheme, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ECC_CURVE_Unmarshalu(&target->curveID, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_KDF_SCHEME_Unmarshalu(&target->kdf, buffer, size, YES);
+    }
+    return rc;
+}
+
+/* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_PUBLIC_PARMS_Unmarshalu(TPMU_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	rc = TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(&target->keyedHashDetail, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	rc = TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(&target->symDetail, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	rc = TSS_TPMS_RSA_PARMS_Unmarshalu(&target->rsaDetail, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	rc = TSS_TPMS_ECC_PARMS_Unmarshalu(&target->eccDetail, buffer, size);
+	break;
+#endif
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 183 - Definition of TPMT_PUBLIC_PARMS Structure */
+
+TPM_RC
+TSS_TPMT_PUBLIC_PARMS_Unmarshalu(TPMT_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_PUBLIC_Unmarshalu(&target->type, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_PUBLIC_PARMS_Unmarshalu(&target->parameters, buffer, size, target->type);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 184 - Definition of TPMT_PUBLIC Structure */
+
+TPM_RC
+TSS_TPMT_PUBLIC_Unmarshalu(TPMT_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_PUBLIC_Unmarshalu(&target->type, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->nameAlg, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMA_OBJECT_Unmarshalu(&target->objectAttributes, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_PUBLIC_PARMS_Unmarshalu(&target->parameters, buffer, size, target->type);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_PUBLIC_ID_Unmarshalu(&target->unique, buffer, size, target->type);
+    }
+    return rc;
+}
+
+/* Table 185 - Definition of TPM2B_PUBLIC Structure */
+
+TPM_RC
+TSS_TPM2B_PUBLIC_Unmarshalu(TPM2B_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t startSize = 0;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	startSize = *size;
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_PUBLIC_Unmarshalu(&target->publicArea, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 192 - Definition of TPM2B_TEMPLATE Structure */
+
+TPM_RC
+TSS_TPM2B_TEMPLATE_Unmarshalu(TPM2B_TEMPLATE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+    
+/* Table 187 - Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    switch (selector) {
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	rc = TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(&target->rsa, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	rc = TSS_TPM2B_ECC_PARAMETER_Unmarshalu(&target->ecc, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->bits, buffer, size);
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	rc = TSS_TPM2B_SYM_KEY_Unmarshalu(&target->sym, buffer, size);
+	break;
+#endif
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 188 - Definition of TPMT_SENSITIVE Structure */
+
+TPM_RC
+TSS_TPMT_SENSITIVE_Unmarshalu(TPMT_SENSITIVE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_PUBLIC_Unmarshalu(&target->sensitiveType, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->authValue, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->seedValue, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(&target->sensitive, buffer, size, target->sensitiveType);
+    }
+    return rc;
+}
+
+/* Table 189 - Definition of TPM2B_SENSITIVE Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_SENSITIVE_Unmarshalu(TPM2B_SENSITIVE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t startSize = 0;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->t.size, buffer, size);
+    }
+    if (target->t.size != 0) {
+	if (rc == TPM_RC_SUCCESS) {
+	    startSize = *size;
+	}
+	if (rc == TPM_RC_SUCCESS) {
+	    rc = TSS_TPMT_SENSITIVE_Unmarshalu(&target->t.sensitiveArea, buffer, size);
+	}
+	if (rc == TPM_RC_SUCCESS) {
+	    if (target->t.size != startSize - *size) {
+		rc = TPM_RC_SIZE;
+	    }
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 191 - Definition of TPM2B_PRIVATE Structure <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM2B_PRIVATE_Unmarshalu(TPM2B_PRIVATE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 193 - Definition of TPM2B_ID_OBJECT Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_ID_OBJECT_Unmarshalu(TPM2B_ID_OBJECT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.credential), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 196 - Definition of (UINT32) TPMA_NV Bits */
+
+TPM_RC
+TSS_TPMA_NV_Unmarshalu(TPMA_NV *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->val, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->val & TPMA_NV_RESERVED) {
+	    rc = TPM_RC_RESERVED_BITS;
+	}
+    }
+    return rc;
+}
+
+/* Table 197 - Definition of TPMS_NV_PUBLIC Structure */
+
+TPM_RC
+TSS_TPMS_NV_PUBLIC_Unmarshalu(TPMS_NV_PUBLIC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_NV_INDEX_Unmarshalu(&target->nvIndex, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->nameAlg, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMA_NV_Unmarshalu(&target->attributes, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->authPolicy, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->dataSize, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */
+
+TPM_RC
+TSS_TPM2B_NV_PUBLIC_Unmarshalu(TPM2B_NV_PUBLIC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t startSize = 0;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	startSize = *size;
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_NV_PUBLIC_Unmarshalu(&target->nvPublic, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 200 - Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMS_CONTEXT_DATA_Unmarshalu(TPMS_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->integrity, buffer, size);	
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(&target->encrypted, buffer, size);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCMDCHECK */
+
+/* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_CONTEXT_DATA_Unmarshalu(TPM2B_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_Unmarshalu(&target->b, sizeof(target->t.buffer), buffer, size);
+    }
+    return rc;
+}
+
+/* Table 202 - Definition of TPMS_CONTEXT Structure */
+
+TPM_RC
+TSS_TPMS_CONTEXT_Unmarshalu(TPMS_CONTEXT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT64_Unmarshalu(&target->sequence, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_SAVED_Unmarshalu(&target->savedHandle, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_RH_HIERARCHY_Unmarshalu(&target->hierarchy, buffer, size, YES);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_CONTEXT_DATA_Unmarshalu(&target->contextBlob, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 204 - Definition of TPMS_CREATION_DATA Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CREATION_DATA_Unmarshalu(TPMS_CREATION_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelect, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->pcrDigest, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMA_LOCALITY_Unmarshalu(&target->locality, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_Unmarshalu(&target->parentNameAlg, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->parentName, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->parentQualifiedName, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->outsideInfo, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 205 - Definition of TPM2B_CREATION_DATA Structure <OUT> */
+
+TPM_RC
+TSS_TPM2B_CREATION_DATA_Unmarshalu(TPM2B_CREATION_DATA *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t startSize = 0;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	startSize = *size;
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_CREATION_DATA_Unmarshalu(&target->creationData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->size != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+#ifndef TPM_TSS_NOCMDCHECK
+
+/* Deprecated functions that use a sized value for the size parameter.  The recommended functions
+   use an unsigned value.
+
+*/
+
+TPM_RC TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_Unmarshalu(target, targetSize, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_GENERATED_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_ALG_ID_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_ECC_CURVE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_CC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_CC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_RC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_RC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_CLOCK_ADJUST_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_EO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_ST_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_SU_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_SE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_CAP_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_PT_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_PT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_PT_PCR_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_HANDLE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_ALGORITHM_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_SESSION_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_LOCALITY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_CC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_YES_NO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_DH_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+#if 0
+TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_DH_PARENT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+#endif
+
+TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_DH_PERSISTENT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_DH_ENTITY_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_DH_PCR_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd)
+{
+    return TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(target, buffer, (uint32_t *)size, allowPwd);
+}
+
+TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_SH_HMAC_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_SH_POLICY_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_DH_CONTEXT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_HIERARCHY_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_ENABLES_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_HIERARCHY_AUTH_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_PLATFORM_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_ENDORSEMENT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_PROVISION_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_CLEAR_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_NV_AUTH_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_LOCKOUT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_RH_NV_INDEX_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_HASH_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_SYM_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_SYM_MODE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_KDF_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ST_COMMAND_TAG_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_MAC_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_CIPHER_MODE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_EMPTY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_HA_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_HA_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_DIGEST_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_NONCE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_AUTH_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_OPERAND_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_EVENT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_MAX_BUFFER_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_TIMEOUT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_IV_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_NAME_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_PCR_SELECTION_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_CREATION_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_VERIFIED_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_AUTH_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_HASHCHECK_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_ALG_PROPERTY_Unmarshal(TPMS_ALG_PROPERTY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ALG_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_TAGGED_PROPERTY_Unmarshal(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_TAGGED_PCR_SELECT_Unmarshal(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_CC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_CCA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_ALG_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_HANDLE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size,uint32_t minCount)
+{
+    return TSS_TPML_DIGEST_Unmarshalu(target, buffer, (uint32_t *)size, minCount);
+}
+
+TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_DIGEST_VALUES_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_PCR_SELECTION_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_ALG_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY  *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY  *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_ECC_CURVE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+#if 0
+TPM_RC TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_TAGGED_POLICY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+#endif
+
+TPM_RC TPMU_CAPABILITIES_Unmarshal(TPMU_CAPABILITIES *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_CAPABILITIES_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CLOCK_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TIME_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_TIME_ATTEST_INFO_Unmarshal(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_CERTIFY_INFO_Unmarshal(TPMS_CERTIFY_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CERTIFY_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_QUOTE_INFO_Unmarshal(TPMS_QUOTE_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_QUOTE_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_COMMAND_AUDIT_INFO_Unmarshal(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SESSION_AUDIT_INFO_Unmarshal(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_CREATION_INFO_Unmarshal(TPMS_CREATION_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CREATION_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_NV_CERTIFY_INFO_Unmarshal(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ST_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_ATTEST_Unmarshal(TPMU_ATTEST *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMS_ATTEST_Unmarshal(TPMS_ATTEST *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_ATTEST_Unmarshal(TPM2B_ATTEST *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ATTEST_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_CAPABILITY_DATA_Unmarshal(TPMS_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CAPABILITY_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_AUTH_RESPONSE_Unmarshal(TPMS_AUTH_RESPONSE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_AUTH_RESPONSE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_AES_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SYM_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SYM_MODE_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_SYM_DEF_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SYM_KEY_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+#if 0
+TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_LABEL_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+#endif
+
+TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_HASH_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) 
+{
+    return TSS_TPMS_SCHEME_ECDAA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_HMAC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_XOR_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SIG_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_SIG_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_KDF2_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_MGF1_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_KDF_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_KDF_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+#if 0
+TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+#endif
+
+TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_ASYM_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+#if 0
+TPM_RC TPMT_ASYM_SCHEME_Unmarshal(TPMT_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_ASYM_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+#endif
+
+TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_RSA_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_RSA_DECRYPT_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RSA_KEY_BITS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ECC_PARAMETER_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ECC_POINT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ECC_POINT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ECC_CURVE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_ECC_SCHEME_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_RSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_SM2_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SIGNATURE_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_SIGNATURE_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_PUBLIC_ID_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+#if 0
+TPM_RC TPMS_ASYM_PARMS_Unmarshal(TPMS_ASYM_PARMS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ASYM_PARMS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+#endif
+
+TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_RSA_PARMS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ECC_PARMS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_PUBLIC_PARMS_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_PUBLIC_PARMS_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPMT_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull)
+{
+    return TSS_TPM2B_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size, allowNull);
+}
+
+TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_TEMPLATE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(target, buffer, (uint32_t *)size, selector);
+}
+
+TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_SENSITIVE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SENSITIVE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PRIVATE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ID_OBJECT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_NV_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_NV_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_NV_PUBLIC_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CONTEXT_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_CONTEXT_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CONTEXT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPMS_CREATION_DATA_Unmarshal(TPMS_CREATION_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CREATION_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+TPM_RC TPM2B_CREATION_DATA_Unmarshal(TPM2B_CREATION_DATA *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_CREATION_DATA_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+
+#endif 	/* TPM_TSS_NOCMDCHECK */
+
+#endif /* TPM_TPM20 */
diff --git a/utils/Unmarshal12.c b/utils/Unmarshal12.c
new file mode 100644
index 000000000..34a4bb1c0
--- /dev/null
+++ b/utils/Unmarshal12.c
@@ -0,0 +1,542 @@
+/********************************************************************************/
+/*										*/
+/*			     Parameter Unmarshaling				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Unmarshal12.c 1285 2018-07-27 18:33:41Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2017					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <string.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tpmconstants12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+TPM_RC
+TSS_TPM_STARTUP_TYPE_Unmarshalu(TPM_STARTUP_TYPE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_ST_CLEAR:
+	  case TPM_ST_STATE:
+	  case TPM_ST_DEACTIVATED:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* 5.0 */
+
+
+TPM_RC
+TSS_TPM_VERSION_Unmarshalu(TPM_VERSION *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->major, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->minor, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->revMajor, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->revMinor, buffer, size);
+    }
+    return rc;
+}
+
+/* 6.0 */
+
+TPM_RC
+TSS_TPM_TAG_Unmarshalu(TPM_TAG *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(target, buffer, size);  
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	switch (*target) {
+	  case TPM_TAG_RSP_COMMAND:
+	  case TPM_TAG_RSP_AUTH1_COMMAND:
+	  case TPM_TAG_RSP_AUTH2_COMMAND:
+	    break;
+	  default:
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+ 
+/* 8.0 */
+
+TPM_RC
+TSS_TPM_PCR_SELECTION_Unmarshalu(TPM_PCR_SELECTION *target, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->sizeOfSelect, buffer, size);   
+    }
+    if (rc == 0) {
+	if (target->sizeOfSelect > sizeof(target->pcrSelect)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->pcrSelect, target->sizeOfSelect, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM4B_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t sizeRead32;
+    uint32_t startSize;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&sizeRead32, buffer, size);
+    }
+    if (rc == 0) {
+	if (sizeRead32 == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == 0) {
+	startSize = *size;
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_LONG_Unmarshalu(target, buffer, size);
+    }
+    if (rc == 0) {
+	if (sizeRead32 != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);                      
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->localityAtCreation, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->localityAtRelease, buffer, size);   
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->creationPCRSelection, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->releasePCRSelection, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->digestAtCreation, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->digestAtRelease, SHA1_DIGEST_SIZE, buffer, size); 
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_PCR_INFO_SHORT_Unmarshalu(TPM_PCR_INFO_SHORT *target, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Unmarshalu(&target->pcrSelection, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->localityAtRelease, buffer, size);   
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->digestAtRelease, SHA1_DIGEST_SIZE, buffer, size); 
+    }
+    return rc;
+}
+
+/* 9.0 */
+
+TPM_RC
+TSS_TPM_SYMMETRIC_KEY_Unmarshalu(TPM_SYMMETRIC_KEY *target, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->algId, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->encScheme, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->size, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->size > sizeof(target->data)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->data, target->size, buffer, size); 
+    }
+    return rc;
+}
+
+/* 10.0 */
+
+TPM_RC
+TSS_TPM_RSA_KEY_PARMS_Unmarshalu(TPM_RSA_KEY_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->keyLength, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->numPrimes, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->exponentSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->exponentSize > sizeof(target->exponent)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->exponent, target->exponentSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+      case TPM_ALG_RSA:		/* A structure of type TPM_RSA_KEY_PARMS */
+	rc = TSS_TPM_RSA_KEY_PARMS_Unmarshalu(&target->rsaParms, buffer, size);
+	break;
+      case TPM_ALG_AES128:	/* A structure of type TPM_SYMMETRIC_KEY_PARMS */
+	/* not implemented yet */
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM4B_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    uint32_t sizeRead32;
+    uint32_t startSize;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&sizeRead32, buffer, size);
+    }
+    if (rc == 0) {
+	if (sizeRead32 == 0) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == 0) {
+	startSize = *size;
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_PARMS_Unmarshalu(target, buffer, size, selector);
+    }
+    if (rc == 0) {
+	if (sizeRead32 != startSize - *size) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_KEY_PARMS_Unmarshalu(TPM_KEY_PARMS *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->algorithmID, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->encScheme, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->sigScheme, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_TPM4B_TPMU_PARMS_Unmarshalu(&target->parms, buffer, size, target->algorithmID);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_KEY12_Unmarshalu(TPM_KEY12 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->fill, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->keyUsage, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->keyFlags, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->authDataUsage, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Unmarshalu(&target->algorithmParms, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM4B_TPM_PCR_INFO_LONG_Unmarshalu(&target->PCRInfo, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Unmarshalu(&target->pubKey, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Unmarshalu(&target->encData, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_STORE_PUBKEY_Unmarshalu(TPM_STORE_PUBKEY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->keyLength, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->keyLength > sizeof(target->key)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->key, target->keyLength, buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_PUBKEY_Unmarshalu(TPM_PUBKEY *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Unmarshalu(&target->algorithmParms, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Unmarshalu(&target->pubKey, buffer, size);
+    }
+    return rc;
+}
+
+/* 19 */
+
+TPM_RC
+TSS_TPM_NV_ATTRIBUTES_Unmarshalu(TPM_NV_ATTRIBUTES *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);                      
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->attributes, buffer, size);                      
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(TPM_NV_DATA_PUBLIC *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);                      
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->nvIndex, buffer, size);                      
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_SHORT_Unmarshalu(&target->pcrInfoRead, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_SHORT_Unmarshalu(&target->pcrInfoWrite, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_NV_ATTRIBUTES_Unmarshalu(&target->permission, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->bReadSTClear, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->bWriteSTClear, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->bWriteDefine, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);                      
+    }
+    return rc;
+}						  
+
+/* 21 */
+
+TPM_RC
+TSS_TPM_CAP_VERSION_INFO_Unmarshalu(TPM_CAP_VERSION_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_VERSION_Unmarshalu(&target->version, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->specLevel, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->errataRev, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->tpmVendorID, sizeof(target->tpmVendorID), buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->vendorSpecificSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->vendorSpecificSize > sizeof(target->vendorSpecific)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->vendorSpecific, target->vendorSpecificSize, buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_DA_INFO_Unmarshalu(TPM_DA_INFO *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->state, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->currentCount, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->thresholdCount, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_DA_ACTION_TYPE_Unmarshalu(&target->actionAtThreshold, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->actionDependValue, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->vendorDataSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->vendorDataSize > sizeof(target->vendorData)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->vendorData, target->vendorDataSize , buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_DA_INFO_LIMITED_Unmarshalu(TPM_DA_INFO_LIMITED *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->state, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_DA_ACTION_TYPE_Unmarshalu(&target->actionAtThreshold, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->vendorDataSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->vendorDataSize > sizeof(target->vendorData)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->vendorData, target->vendorDataSize , buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_DA_ACTION_TYPE_Unmarshalu(TPM_DA_ACTION_TYPE *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->tag, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->actions, buffer, size);
+    }
+    return rc;
+}
diff --git a/utils/activatecredential.c b/utils/activatecredential.c
new file mode 100644
index 000000000..07be7154e
--- /dev/null
+++ b/utils/activatecredential.c
@@ -0,0 +1,328 @@
+/********************************************************************************/
+/*										*/
+/*			    ActivateCredential					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ActivateCredential_In 	in;
+    ActivateCredential_Out 	out;
+    TPMI_DH_OBJECT		activateHandle = 0;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    const char			*inputCredentialFilename = NULL;
+    const char			*secretFilename = NULL;
+    const char			*outputCredentialFilename = NULL;
+    const char			*activatePassword = NULL; 
+    const char			*keyPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-icred") == 0) {
+	    i++;
+	    if (i < argc) {
+		inputCredentialFilename = argv[i];
+	    }
+	    else {
+		printf("-icred option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ocred") == 0) {
+	    i++;
+	    if (i < argc) {
+		outputCredentialFilename = argv[i];
+	    }
+	    else {
+		printf("-ocred option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-is") == 0) {
+	    i++;
+	    if (i < argc) {
+		secretFilename = argv[i];
+	    }
+	    else {
+		printf("-is option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &activateHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		activatePassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (activateHandle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+     if (inputCredentialFilename == NULL) {
+	printf("Missing name parameter -icred\n");
+	printUsage();
+    }
+    if (secretFilename == NULL) {
+	printf("Missing name parameter -is\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.activateHandle = activateHandle;
+	in.keyHandle = keyHandle;
+    }
+    /* read the credential */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.credentialBlob,
+				    (UnmarshalFunction_t)TSS_TPM2B_ID_OBJECT_Unmarshalu,
+				    inputCredentialFilename);
+    }
+    /* read the secret */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.secret,
+				    (UnmarshalFunction_t)TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu,
+				    secretFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ActivateCredential,
+			 sessionHandle0, activatePassword, sessionAttributes0,
+			 sessionHandle1, keyPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* optionally save the certInfo */
+    if ((rc == 0) && (outputCredentialFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.certInfo.t.buffer,
+				      out.certInfo.t.size,
+				      outputCredentialFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("activatecredential: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("activatecredential: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("activatecredential\n");
+    printf("\n");
+    printf("Runs TPM2_ActivateCredential\n");
+    printf("\n");
+    printf("\t-ha\tactivation handle of object associated with the certificate\n");
+    printf("\t-hk\thandle of loaded decryption key\n");
+    printf("\t-icred\tinput credential file name\n");
+    printf("\t-is\tsecret file name\n");
+    printf("\n");
+    printf("\t[-pwda\tpassword for activation key (default empty)]\n");
+    printf("\t[-pwdk\tpassword for decryption key (default empty)]\n");
+    printf("\t[-ocred\t output credential file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2]\tsession handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/applink.c b/utils/applink.c
new file mode 100644
index 000000000..92d9c877a
--- /dev/null
+++ b/utils/applink.c
@@ -0,0 +1,107 @@
+#define APPLINK_STDIN	1
+#define APPLINK_STDOUT	2
+#define APPLINK_STDERR	3
+#define APPLINK_FPRINTF	4
+#define APPLINK_FGETS	5
+#define APPLINK_FREAD	6
+#define APPLINK_FWRITE	7
+#define APPLINK_FSETMOD	8
+#define APPLINK_FEOF	9
+#define APPLINK_FCLOSE 	10	/* should not be used */
+
+#define APPLINK_FOPEN	11	/* solely for completeness */
+#define APPLINK_FSEEK	12
+#define APPLINK_FTELL	13
+#define APPLINK_FFLUSH	14
+#define APPLINK_FERROR	15
+#define APPLINK_CLEARERR 16
+#define APPLINK_FILENO	17	/* to be used with below */
+
+#define APPLINK_OPEN	18	/* formally can't be used, as flags can vary */
+#define APPLINK_READ	19
+#define APPLINK_WRITE	20
+#define APPLINK_LSEEK	21
+#define APPLINK_CLOSE	22
+#define APPLINK_MAX	22	/* always same as last macro */
+
+#ifndef APPMACROS_ONLY
+#include <stdio.h>
+#include <io.h>
+#include <fcntl.h>
+
+static void *app_stdin(void)		{ return stdin;  }
+static void *app_stdout(void)		{ return stdout; }
+static void *app_stderr(void)		{ return stderr; }
+static int   app_feof(FILE *fp)		{ return feof(fp); }
+static int   app_ferror(FILE *fp)	{ return ferror(fp); }
+static void  app_clearerr(FILE *fp)	{ clearerr(fp); }
+static int   app_fileno(FILE *fp)	{ return _fileno(fp); }
+static int   app_fsetmod(FILE *fp,char mod)
+{ return _setmode (_fileno(fp),mod=='b'?_O_BINARY:_O_TEXT); }
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /* function prototype */
+__declspec(dllexport)
+void **
+#if defined(__BORLANDC__)
+    __stdcall	/* __stdcall appears to be the only way to get the name
+		 * decoration right with Borland C. Otherwise it works
+		 * purely incidentally, as we pass no parameters. */
+#else
+    __cdecl
+#endif
+    OPENSSL_Applink(void);
+
+    /* function implementation */
+    __declspec(dllexport)
+void **
+#if defined(__BORLANDC__)
+__stdcall	/* __stdcall appears to be the only way to get the name
+		 * decoration right with Borland C. Otherwise it works
+		 * purely incidentally, as we pass no parameters. */
+#else
+__cdecl
+#endif
+OPENSSL_Applink(void)
+{ static int once=1;
+  static void *OPENSSL_ApplinkTable[APPLINK_MAX+1]={(void *)APPLINK_MAX};
+
+    if (once)
+    {	OPENSSL_ApplinkTable[APPLINK_STDIN]	= app_stdin;
+	OPENSSL_ApplinkTable[APPLINK_STDOUT]	= app_stdout;
+	OPENSSL_ApplinkTable[APPLINK_STDERR]	= app_stderr;
+	OPENSSL_ApplinkTable[APPLINK_FPRINTF]	= fprintf;
+	OPENSSL_ApplinkTable[APPLINK_FGETS]	= fgets;
+	OPENSSL_ApplinkTable[APPLINK_FREAD]	= fread;
+	OPENSSL_ApplinkTable[APPLINK_FWRITE]	= fwrite;
+	OPENSSL_ApplinkTable[APPLINK_FSETMOD]	= app_fsetmod;
+	OPENSSL_ApplinkTable[APPLINK_FEOF]	= app_feof;
+	OPENSSL_ApplinkTable[APPLINK_FCLOSE]	= fclose;
+
+	OPENSSL_ApplinkTable[APPLINK_FOPEN]	= fopen;
+	OPENSSL_ApplinkTable[APPLINK_FSEEK]	= fseek;
+	OPENSSL_ApplinkTable[APPLINK_FTELL]	= ftell;
+	OPENSSL_ApplinkTable[APPLINK_FFLUSH]	= fflush;
+	OPENSSL_ApplinkTable[APPLINK_FERROR]	= app_ferror;
+	OPENSSL_ApplinkTable[APPLINK_CLEARERR]	= app_clearerr;
+	OPENSSL_ApplinkTable[APPLINK_FILENO]	= app_fileno;
+
+	OPENSSL_ApplinkTable[APPLINK_OPEN]	= _open;
+	OPENSSL_ApplinkTable[APPLINK_READ]	= _read;
+	OPENSSL_ApplinkTable[APPLINK_WRITE]	= _write;
+	OPENSSL_ApplinkTable[APPLINK_LSEEK]	= _lseek;
+	OPENSSL_ApplinkTable[APPLINK_CLOSE]	= _close;
+
+	once = 0;
+    }
+
+  return OPENSSL_ApplinkTable;
+}
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/utils/cakey.pem b/utils/cakey.pem
new file mode 100644
index 000000000..cd244448e
--- /dev/null
+++ b/utils/cakey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,DC8B29E70BAB3352C50FCDD88DCF6D71
+
+qAJXoHCJv0ke4jrCnrXcWwpCXYJqyphZ1qQY3TS2UZwpGT4nCQPnFfcKLIQptuZ+
+Q0lu+QYkrMsZ4/+aymY0DIlqNYDfgHhJ6Pfgpt3JDFAw7nePrFVQeo4XRUR+uNTm
+OH/fTKcdNx9arkI+rvz7hsxZSo4MR5Nej+kRtJyLuNNQicmte0GzvA98tClbT+5f
+iI/lTki5lpf68Mn4kc5XkOkctQXMu31tkdeRnaKRUga1Zcf36eKzd3FLw6Lg6rQC
+7Zrl9oLup0wvVfkc4j6KnPGUKxpIH8NudSTQJtQ72e4klHlgEx8pp/EHT/Xo+NQA
+rWlpz5hMbx7tje0hDschtfEbyzgWCAz10WVe49xP8oi/+y9v9c4WfZ300mnw1jtm
+6Gcm7W0Q+IiyJ64Xk/HseSIELn6EpfUBqJf6CUmj2MS+1DRM0NJB0ck4gt5fJGMl
+ASCIxXphwMu0gzAgP5TrMQYaRJuNGGbXbMX2O8lQQjHfP+Gl2YRjuITXkSBwojhA
+plhF6r1Y5tHAINlgW3/hp3g5KT85hIKwE9KuHB8ArJiCUgl370cAQz5UBlSKKnbT
+PKvkiq3oOH2TYZ9Lz+4ElAdW8xe+r4uRuZMperDZUbU/qi7sK3I7tT2cJLqKBQZM
+1t7u5VvB7cMvLGAPs/gyKKtltbiSFarIcW/PssS7rGuHfLbuFc42A45g2Ndt0dMx
+PKqSwlanXyvksjRb5egymN4BbFJ49fnY38M7gDvYLujhH27PZCOv70SnRI2LGLJH
+dhqPZ+Bb1pUB2CjX+xGw/NWehmBLURYNVgLBbvTqdZ8iCQC3PWPggq+f3KGSyU9r
+unuCLm+CUQ0iOaA+egq0rUCSQkA1MXGtjh/Vdv4e5xl9lxOBdsv25xHwjcWrDFWj
+pR1xsFSGoL0pDN6ZklyYBEj4BTg1/Jlf7ljQ+mti99mxroclKMrAKivPYQ38Gcgc
+virFMjQk5OT0g+mD+rpHRc5CGwWglAvddjCT5IsXks3dt/kGNhAVfQtKA7mJxf6n
+z0EXJn9KFvljUratXtT0TyQjcQ0zYs9dKwcq/couEXeVa98tdnrwtfgmKw7wyCWW
+PJd8eZY9aaZdWwzff19bBUURcYsiJIYij6PmhY40WB5/4MBmD43vnrbrIJaIQqDU
+f7TBiIWq5TzoWo/dYc1nyaPeXuc822YSR9KfCTOyxH27ipJ+b9mL315FgVjILdyO
+/Y3IFzWkxmd+15gFA4HGnVN32w3fovjfZbOwAw57y31qzgrSZi07z+rpJJNy9VOB
+cXYlZ632UIJ38yRiZe14u0+3I79RKr/gWB4CzUuSpXQLPt8vBfU3oP7tKSh58Rcq
+Nyc3/gAlQQW7/mCeoilhbnQvVnq20hjuoLeY0FmYNA+0rc49FNDsDeegLgopv+UN
+7z2rVQNykQorJWDLTAHvRrHrb67oTIE8bzcupmcVR7RmzeL8Sp8xmiuYAUNKemih
+6KlaONH91/LdYsp/zM46jjulp6VEEJXzBUAAssiKXnyAEhqFAq56rV3xDNwUAHXE
+i2jkvf6p8lgBSU+8UvwYXKMDWjl78cmVZkp1p17CPP1JGK4TaEoFwyVZIZWsZl/D
+-----END RSA PRIVATE KEY-----
diff --git a/utils/cakeyecc.pem b/utils/cakeyecc.pem
new file mode 100644
index 000000000..498ded495
--- /dev/null
+++ b/utils/cakeyecc.pem
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiv+ODLOPcsbwICCAAw
+HQYJYIZIAWUDBAEqBBC/F0OaeoTz2ROpX89quSvWBIGQl4BxlX1Lvy31myw1vPN0
+w/1Wqozirz53nIsVN/q+jV4zgx4fu/KWqKMFYwtb+BkGWBueCh5jRJ9YvEqMpUl+
+LX4YgKGm7q4LQaf3DdRaWc5/99iIzMsdwGt/nbpZ0eyl1gwnwkU4+06RTE1156Li
+AnZcGYkwxCS8DKdy7qeU9n915io+A9hJucwXjvHOOo0S
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/utils/certificates/.cvsignore b/utils/certificates/.cvsignore
new file mode 100644
index 000000000..455c618bb
--- /dev/null
+++ b/utils/certificates/.cvsignore
@@ -0,0 +1,4 @@
+*.dump
+*.der
+*.cer
+*.crt
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem
new file mode 100644
index 000000000..738637b08
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEMV64bDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0wNTEwMjAxMzQ3NDNaFw0yNTEwMjAxMzQ3NDNaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALftPhYN
+t4rE+JnU/XOPICbOBLvfo6iA7nuq7zf4DzsAWBdsZEdFJQfaK331ihG3IpQnlQ2i
+YtDim289265f0J4OkPFpKeFU27CsfozVaNUm6UR/uzwA8ncxFc3iZLRMRNLru/Al
+VG053ULVDQMVx2iwwbBSAYO9pGiGbk1iMmuZaSErMdb9v0KRUyZM7yABiyDlM3cz
+UQX5vLWV0uWqxdGoHwNva5u3ynP9UxPTZWHZOHE6+14rMzpobs6Ww2RR8BgF96rh
+4rRAZEl8BXhwiQq4STvUXkfvdpWH4lzsGcDDtrB6Nt3KvVNvsKz+b07Dk+Xzt+EH
+NTf3Byk2HlvX+scCAwEAAaOCATswggE3MB0GA1UdDgQWBBQ4k8292HPEIzMV4bE7
+qWoNI8wQxzAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBABJ1+Ap3rNlxZ0FW0aIgdzktbNHlvXWNxFdYIBbM
+OKjmbOos0Y4O60eKPu259XmMItCUmtbzF3oKYXq6ybARUT2Lm+JsseMF5VgikSlU
+BJALqpKVjwAds81OtmnIQe2LSu4xcTSavpsL4f52cUAu/maMhtSgN9mq5roYptq9
+DnSSDZrX4uYiMPl//rBaNDBflhJ727j8xo9CCohF3yQUoQm7coUgbRMzyO64yMIO
+3fhb+Vuc7sNwrMOz3VJN14C3JMoGgXy0c57IP/kD5zGRvljKEvrRC2I147+fPeLS
+DueRMS6lblvRKiZgmGAg7YaKOkOaEmVDMQ+fTo2Po7hI5wc=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem
new file mode 100644
index 000000000..d28784467
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEaItIgTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0wNjEyMjExMDM0MDBaFw0yNjEyMjExMDM0MDBaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAwMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6KnP5R
+8ppq9TtPu3mAs3AFxdWhzK5ks+BixGR6mpzyXG64Bjl4xzBXeBIVtlBZXYvIAJ5s
+eCTEEsnZc9eKNJeFLdmXQ/siRrTeonyxoS4aL1mVEQebLUz2gN9J6j1ewly+OvGk
+jEYouGCzA+fARzLeRIrhuhBI0kUChbH7VM8FngJsbT4xKB3EJ6Wttma25VSimkAr
+SPS6dzUDRS1OFCWtAtHJW6YjBnA4wgR8WfpXsnjeNpwEEB+JciWu1VAueLNI+Kis
+RiferCfsgWRvHkR6RQf04h+FlhnYHJnf1ktqcEi1oYAjLsbYOAwqyoU1Pev9cS28
+EA6FTJcxjuHhH9ECAwEAAaOCATswggE3MB0GA1UdDgQWBBRDMlr1UAQGVIkwzamm
+fceAZ7l4ATAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBAIZAaYGzf9AYv6DqoUNx6wdpayhCeX75/IHuFQ/d
+gLzat9Vd6qNKdAByskpOjpE0KRauEzD/BhTtkEJDazPSmVP1QxAPjqGaD+JjqhS/
+Q6aY+1PSDi2zRIDA66V2yFJDcUBTtShbdTg144YSkVSY5UCKhQrsdg8yAbs7saAB
+LHzVebTXffjmkTk5GZk26d/AZQRjfssta1N/TWhWTfuZtwYvjZmgDPeCfr6AOPLr
+pVJz+ntzUKGpQ+5mwDJXMZ0qeiFIgXUlU0D+lfuajc/x9rgix9cM+o7amgDlRi1T
+55Uu2vzUQ9jLUaISFaTTMag+quBDhx8BDVu+igLp5hvBtxQ=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem
new file mode 100644
index 000000000..14e070330
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEH7fYljANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0wNzA0MTMxNjQ0MjRaFw0yNzA0MTMxNjQ0MjRaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAwMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWdPAuH
+z/p1tIwB1QXlPD/PjedZ4uBZdwPH5tI3Uve0TzbR/mO5clx/loWn7nZ5cHkH1nhB
+R67JEFY0a9GithPfITh0XRxPcisLBE/SoqZ90KHFaS+N6SwOpdCP0GlUg1OesKCF
+79Z6fXrkTZsVpPqdawdZK+oUsDO9z9U6xqV7bwsS75Y+QiHsm6UTgAkSNQnuFMP3
+NqQyDi/BaWaYRGQ6K8pM7Y7e1h21z/+5X7LncZXU8hgpYpu2zQPg96IkYboVUKL4
+00snaPcOvfagsBUGlBltNfz7geaSuWTCdwEiwlkCYZqCtbkAj5FiStajrzP72BfT
+2fshIv+5eF7Qp5ECAwEAAaOCATswggE3MB0GA1UdDgQWBBTGyypNtylL6RFyT1BB
+MQtMQvibsjAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBAGN1bkh4J90DGcOPP2BlwE6ejJ0iDKf1zF+7CLu5
+WS5K4dvuzsWUoQ5eplUt1LrIlorLr46mLokZD0RTG8t49Rcw4AvxMgWk7oYk69q2
+0MGwXwgZ5OQypHaPwslmddLcX+RyEvjrdGpQx3E/87ZrQP8OKnmqI3pBlB8QwCGL
+SV9AERaGDpzIHoObLlUjgHuD6aFekPfeIu1xbN25oZCWmqFVIhkKxWE1Xu+qqHIA
+dnCFhoIWH3ie9OsJh/iDRaANYYGyplIibDx1FJA8fqiBiBBKUlPoJvbqmZs4meMd
+OoeOuCvQ7op28UtaoV6H6BSYmN5dOgW7r1lX2Re0nd84NGE=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem
new file mode 100644
index 000000000..9a94f1d11
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEDhD4wDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0wNzEyMDMxMzA3NTVaFw0yNzEyMDMxMzA3NTVaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAwNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3UBmDk
+jJzzJ+WCgrq4tILtE9KJPMGHwvCsbJOlo7eHiEb8JQzGK1prkPQ3dowFRXPnqONP
+WUa36/J3R32xgvuZHqAdliZCt8IUb9qYhDenuXo1SSqJ8LWp30QIJ0vnkaQ2TCkO
+bveZZR3hK2OZKRTkFaV/iy2RH+Qs4JAe3diD8mlIu2gXAXnKJSkrzW6gbMzrlTOi
+RCuGcatpy7Hfmodbz/0Trbuwtc3dyJZ3Ko1z9bz2Oirjh93RrmYjbtL0HhkAjMOR
+83GLrzwUddSqmxtXXX8j5i+/gmE3AO71swOIESdGugxaKUzJ1jTqWKMZcx0E6BFI
+lDIfKk0fJlSxHfECAwEAAaOCATswggE3MB0GA1UdDgQWBBSIs8E/YQXRBCKfWsDr
+SZVkrNRzvTAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBAFtqClQNBLOzcGZUpsBqlz3frzM45iiBpxosG1Re
+IgoAgtIBEtl609TG51tmpm294KqpfKZVO+xNzovm8k/heGb0jmYf+q1ggrk2qT4v
+Qy2jgE0jbP/P8WWq8NHC13uMcBUGPaka7yofEDDwz7TcduQyJVfG2pd1vflnzP0+
+iiJpfCk3CAQQnb+B7zsOp7jHNwpvHP+FhNwZaikaa0OdR/ML9da1sOOW3oJSTEjW
+SMLuhaZHtcVgitvtOVvCI/aq47rNJku3xQ7c/s8FHnFzQQ+Q4TExbP20SrqQIlL/
+9sFAb7/nKYNauusakiF3pfvMrJOJigNfJyIcWaGfyyQtVVI=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem
new file mode 100644
index 000000000..d7376ac19
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEVuRoqzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0wOTEyMTExMDM4NDJaFw0yOTEyMTExMDM4NDJaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL79zMCO
+bjkg7gCWEuyGO49CisF/QrGoz9adW1FBuSW8U9IOlvWXNsvoasC1mhrsfkRRojuU
+mWifxxxcVfOI9v1SbRfJ+i6lG21IcVe6ywLJdDliT+3vzvrb/2hU/XjCCMDWb/Pw
+aZslV5iL4QEiKxvRIiWMYHW0MkkL7mzRBDVN/Vz3ZiL5Lpq7awiKuX9OXpS2a1wf
+qSGAlm2TxjU884q9Ky85JJugn0Q/C3dc8aaFPKLHlRs6rIvN1l0LwB1b5EWPzTPJ
+d9EhRPFJOAbJS66nSgX06Fl7eWB71ow6w/25otLQCbpy6OrF8wBVMtPMHqFb1c32
+PaaNzpCBnIU7vaMCAwEAAaOCATswggE3MB0GA1UdDgQWBBS7z3zBhCExZtq1vlOo
+cBTd00jYzDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBAHomNJtmFNtRJI2+s6ZwdzCTHXXIcR/T+N/lfPbE
+hIUG4Kg+3uQMP7zBi22m3I3Kk9SXsjLqV5mnsQUGMGlF7jw5W5Q+d6NSJz4taw9D
+2DsiUxE/i5vrjWiUaWxv2Eckd4MUexe5Qz8YSh4FPqLB8FZnAlgx2kfdzRIUjkMq
+EgFK8ZRSUjXdczvsud68YPVMIZTxK0L8POGJ6RYiDrjTelprfZ4pKKZ79XwxwAIo
+pG6emUEf+doRT0KoHoCHr9vvWCWKhojqlQ6jflPZcEsNBMbq5KHVN77vOU58OKx1
+56v3EaqrZenVFt8+n6h2NzhOmg2quQXIr0V9jEg8GAMehDs=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem
new file mode 100644
index 000000000..f23eef034
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEfGoY6jANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xMjA3MTcwOTI0NTJaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAwODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJaIJu6
+r/betrMgWJ/JZ5j8ytoAA9RWq0cw7+W0e5L2kDLJMM288wYT+iEbfwx6sWSLAl7q
+okXYDtTB9MFNhQ5ZWFLslFXbYigtXJxwANcSdPISTF1Czn6LLi1fu1EHddwCXFC8
+xaX0iGgQ9pZklvAy2ijK9BPHquWisisEiWZNRT9dCVylzOR3+p2YOC3ZrRmg7Bj+
+DkC7dltTTO6dPR+LNOFe01pJlpZdF4YHcu4EC10gRu0quZz1LtDZWFKezK7rg5Rj
+LSAJbKOsGXjl6hQXMtADEX9Vlz1vItD21OYCNRsu6VdipiL0bl0aAio4BV3GMyjk
+0gHnQwCk9k/YPU8CAwEAAaOCATswggE3MB0GA1UdDgQWBBRMS01kiQjkW/5aENNj
+h6aIrsHPeDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBALMiDyQ9WKH/eTI84Mk8KYk+TXXEwf+fhgeCvxOQ
+G0FTSmOpJaNIzxWXr/gDbY3dO0ODjWRKYvhimZUuV+ckMA+wZX2C6o8g5njpWIOH
+pSAa+W35ijArh0Zt3MASJ46avd+fnQGTdzT0hK46gx6n2KixLvaZsR3JtuwUFYlQ
+wzmz/UsbBNEoPiR8p5E0Zf5GEGiTqkmBVYyS6XA34axpMMRHy0wI7AGs0gVihwUM
+rr0iWOu+GAcrm11lcYzqJvuEkfenAF62ufA2Ktv+Ut2xiRC0jUIp73CeplAJsqBr
+camV3pJn3qYPI5c1njMRYnoRFWQbrOR5ADWDQLFQPYRrJmg=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem
new file mode 100644
index 000000000..89fb7c6b1
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEJCe5vDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xMzAxMTgxNDE4NTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDzzG8C
+6MBIZQEQJzEGlkSoFfYx7UFnbAXOP35eXkDfs79tmXh/Kpvo+LgDXAPVwiJgcphS
+MNTOhAes1kA/cuGk2/BpUE5W+owIB6cEUm6sHjea5VnrS7rZ205lKzsU5ThJel53
+aLzgv/r4AMYfHyJid1xSbheQor7PmgcqWPag8wQrUnn+mVe8rcPJclQotmsV1SY/
+AMUorEdxbeaTgZkP8jvCjywzty2Jtfju75BTtg0jBDEIHWVuqOwWx879nvWpBho8
+khOU1FPZrHc5fVm0w7ryWCZvZVWUacMAeYfVqDOOEPxUzZMDA8NwB9bh5sY/Nrz7
+oeSUr7Ps2aJAf/kCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU7D+NTMEqvoigGQZOimK3
+AY+i41kwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAJ1qznUH6nCB
+1akxmhMYWBEjQsqHdy+lwYYMNHl98s9AnHWMXzpGcGUJg695D9hQrw4kHpjn9a1L
+yxTA4NPz3W3k5gk4Jtp20yJeClGXEIcf86WsJwyC1gDGQfV2k+vdzlhpfCJLVq1i
+Ec0I/AlwOJBgRvLmldPuYAqtDTE0drffAkhaMoEr5d+X5cC1iAsvpPw0dL+AqqFh
+3+YVDtrjdmhcHtopQfzM4/voZr9F+t+WBdg+NIfZHJZud/ZX+4FrNco91wDueryU
+Az7W27Cet2fUk9zv/GYMRVrS8lO7K76Leawt4fNtLDBVQLlj+3RYyU5cK8aj8yAe
+KboVHBoSukQ=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem
new file mode 100644
index 000000000..af1a70340
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIEW1RJ0TANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xMzAxMTgxNDMyNDBaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANs3+XqT
+S/vs4eR8quyXIgPFixBg75cWbSjl7yXHylta8sLrmog5xtMdtjtUZIE6ko34PQ0r
+b2nLnviHzmKsVGcEgVqB5DYR4p1/WcuQXY+POaWeWnHUVI8wErvjfuCBkkofL5lE
+wD+HaznTRE9ZMFpmRGGbC5oVsGSd1OGefjeaIK3DMZFQle5YQgbFh5CccQ8nTOHK
+cPqcgEI/ncAZMecGMZFmXvgxn24tQ+PCutuBvmY1BYt76US5MnKr9rKpcBtmygRY
+xTMWmEETr3lTlElvEzDuMmj+cjrbweMZldS1r3Vf+hCGrDidcQidu3BY5v+ZifUL
+Db0ekQBo2NVFUTcCAwEAAaOCATswggE3MB0GA1UdDgQWBBR1aP8m830RJoVntoZO
+xyoIyBiJHjAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBAMuw0E9SWAmRoMyYeH4QfA0Eu2DHHsAVvpTWICqN
+YCWCnDku3PEUJpAS02Iu4MN2EUjywgIgccYjawfiI1xQ+qKJWVVXo1rScfRn3g4a
+LyfBzZDo/ka7dK1azNDI2ieRrh6pPvIgYAriipX6kVTNV2tTpQVF+OoeXOvqMyIY
+sIpwZCIwSTvgwMIQblik9IQt+rxh3fqESlAZ9NztFnA+ftTS1YeeQR/OjLxUtUX0
+lbKHtjIuvokyEAj1C+TMASt2CMsRuSf5U0nVA4Ekci+XzCIhvPnB2860TMvq+hzy
+ANAzLSZsSZOo8KYY9ZgBdksLpPPrOYTFSMXO+oom5xh5r/Q=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem
new file mode 100644
index 000000000..10c6fe9de
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnzCCA4egAwIBAgIESa1p+zANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xMzA4MjcxMzU4NTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAISatv1/
+C6U9+bRoGnFIRJP99ETyRdBaZZbjMzomJ0+n6VsyZKU8HshD1D56e7td3nOqMixg
+ygaBK3Fq6jgR4nEDafH8bXvhY+6nLYzqgWub8htqAjOxyw9AVSJaeByr1Xo9OZJX
+06exrdSikAW6ANcn9khpEpl3kUB/z4qY+tDgabIYQokVvEZ1KCYXbAKTQaV1j2CJ
+DYExo82lQJepEATiVpXlM71UCxpdpeudiWKYRWY7oV5EpyOcMzolYVfQ6c/2EDhj
+6CxlYALKzu7xgNLXfhUCJWPjCK7NDr86n5s1tKHmJUdbHyqnes8h5p/7MVAn+BuA
+auk5MR7GY5TfkwECAwEAAaOCATswggE3MB0GA1UdDgQWBBSP/UeIDiOaOjog3hPt
+8QHogqnSHTAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADBYBgNV
+HSABAf8ETjBMMEoGC2CGSAGG+EUBBy8BMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93
+d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDCBlwYDVR0jBIGP
+MIGMgBRW65FEhWPWcrOu1EWWC/eUDlRCpqFxpG8wbTELMAkGA1UEBhMCREUxEDAO
+BgNVBAgTB0JhdmFyaWExITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2llcyBB
+RzEMMAoGA1UECxMDQUlNMRswGQYDVQQDExJJRlggVFBNIEVLIFJvb3QgQ0GCAQMw
+DQYJKoZIhvcNAQEFBQADggEBAJWePIX29bPvG9qnOWWGOuIsUhChgOzaLA/LkJEQ
+HnRMPUU8hO9RGMuFW0QN62eSKel/H0M1ty3XtjMMxRg7DqJiRN7FgPkEN6gCX9TZ
+lyNyxz8gNULrhQ5fB3oorQd0Miwo4zJ+GjW3tmCkfPzoXz8h6gRlIRtY+6mvaVw1
+ad0QgF3Dp6R1yY1jmCHqG0w26PU97G6Lk6l+y9cJzmgVxVgmYdRXQvsb0HVn0Vg7
+CYcq9L+VXwRmLH5YkehVS5r+VBXYCMiTCOLZ4GAtYkSQIUqZZk4lgM2uBXBdqqyo
+0JAQaJMmyFG7GkB1SItEl3RGdLIX4pdbwRcRecB+TOE/dWM=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem b/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem
new file mode 100644
index 000000000..fbc00fba7
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEANn6EDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xMzA4MjcxNDAyMjFaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIFJOXEJ
+l01sCFDIpgME7X0gmxuI9DW2lTlNrZ+05kGAAqOUCWbS8EEDyIZZYA7qjipcaXxf
+mJ9i0zoG2hC1AHXzfzzmrQcEE6DhCeFv5lKzk8Ta/FV5zLmRXppw9cBbzg00HWuI
+f0PEM0vY7GopP/q3N/d6RQac0DRdPVNOhNApApw3omfAzC2Nzj4sdvIaQPXY1GOI
+Koy7ktgjVoUmZ1Po8FHni2geh4EKWyHvcZZiqCCN/ZTFWhJqES454Ncy1zxZkJX6
+/1K7wOjFs9zZBNBd4A1cURLz33t2YCq+XcD4+JtViJokxU7boSNK5Ji+mwLLXIBI
+0dyQIQcFuvwOKDcCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUoMnewI/TmotZxGvL6H/Z
+lIxV+XAwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAMvISZvt0QDC
+8OW67Lcn6FKjl95hm/MdhNX3QwkRaSYFCpVDW8dk622SFrwlzKoMAnNSlpwf7MOl
+9n5Fkd4gSlyMOdBIwtd53mAOVRCRIhHgrrfmi76saLsaNQci3kjnCDYL4U68o1dQ
+41zlCko8vb7EO5/2fBKG/DS1gzGW1y3ctEpYNn38TunrDYgkUksNKaSZtmrfXNeI
+ZavtFtxRQo5v5VNUqOkyfvn4dB/og+xFnqOCpi7FLNAfG/1DnLhvheHk5Ii51oKs
+iOIcij0vGiyKbozlNvHl+0xe7UOT1s1U6YdzWz6YmzyCEjOkz720TenG99l89UZX
+71FyouYrMhw=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IFX_TPM_EK_Root_CA.pem b/utils/certificates/IFX_TPM_EK_Root_CA.pem
new file mode 100644
index 000000000..4fe98e716
--- /dev/null
+++ b/utils/certificates/IFX_TPM_EK_Root_CA.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUDCCAzigAwIBAgIQRyQE4N8hgD99IM2HSOq5WjANBgkqhkiG9w0BAQUFADCB
+ljELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTswOQYDVQQL
+EzJWZXJpU2lnbiBUcnVzdGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eTExMC8GA1UEAxMoVmVyaVNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBNb2R1bGUg
+Um9vdCBDQTAeFw0wNTEwMjUwMDAwMDBaFw0zMDEwMjQyMzU5NTlaMG0xCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIEwdCYXZhcmlhMSEwHwYDVQQKExhJbmZpbmVvbiBUZWNo
+bm9sb2dpZXMgQUcxDDAKBgNVBAsTA0FJTTEbMBkGA1UEAxMSSUZYIFRQTSBFSyBS
+b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yZqFFg0PLDo
+cW7Fyis2Xe5vERxnJ+KlEMUOQnrw5At9f0/ggovDM8uCVW71T6e24T6HH6kUQZCt
+yddtsaf0tebmA3TxjiuBzBAtT6qyns35+sXuL6uZaLnjGKXDv+uByOzpmBXUSwq1
+tdSTPQ0wWWQ6v/qwKofZdxAaPCTIBw61G08rkUT42a1hPESmVFrmc5hcnn4AQmJE
+cjcOhClwIKE9OQw8TzI+7ncgCZlY3FZFKqHp7NRNnaihpmKbHvn5wXIUnKuvS4iZ
+HqSbzGBuZ0ogqJ22ruDJi+JWYUWBmgI1JO85CPJ1Q58t0ME3hM3oWeqV6adWUcIc
+IpclkYQWlwIDAQABo4HBMIG+MBIGA1UdEwEB/wQIMAYBAf8CAQEwWAYDVR0gAQH/
+BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LnZl
+cmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwDgYDVR0PAQH/BAQDAgIE
+MB0GA1UdDgQWBBRW65FEhWPWcrOu1EWWC/eUDlRCpjAfBgNVHSMEGDAWgBQPFPXj
+IIhEFsomv40fzjcV6kVvBjANBgkqhkiG9w0BAQUFAAOCAQEAWKL5zsV8p/TZk3mt
+9m9NAqXWBDVHBnDgBE+Qphf25s+3s098vkWVLTddH3PtddF3MEYC4W8+dn4tyFe9
+mQ+96q8dwJdNabwBokrZy2beL71CXt/4jYNN0j/N9uYO4vIDBFDKRMWCtUO217+w
+xQTSOv5+mpgFw7UML/QpgpdmZy2i+eZPxDo8dzT+YJXC5vsHVSooA3rWDDzvnoLC
+cmDDiT3pG6AdjAN61MeeHHmoJavV8Tvdoa3g14Sn1lL+TQ1xaznyh520sX0dXPTp
+GqZbDzqEMiVbG7vFECqINE96/rwppJlWK91F1MZikGXr7FeF5C0JutGLb0gaYOmv
+Yau4DQ==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem b/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem
new file mode 100644
index 000000000..bfc572631
--- /dev/null
+++ b/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEZmv8sDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNzA4MjExMzM0MzhaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSA0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOhEJeRA
+L+2FCGv1Gp58ZomkW57YaxYF8tX75eV3H37eBg65bsr9fivzLI93zOnQhVP8rFqA
+MxWWvkm3mPGtbVgCCdQU6KpPBb9y4d5EnJXC5TQ6eqOj/h40Dv98PGNxuuxIXf5N
+iYkTs2C7qe0ZvxMFMbC+Zh7LpU7X6seE4tzNFS67xYNNTMen/K/QwEgWNxzRxO9+
+Dwi0ybzX0yFnLF6mX17+p2D7mk9QlLso1pyaK7eLTo3boletX1Hy43E7SrXZDOhW
+WIfKL7to2/szblRPZza1LcPD6q9HfqzTsnq4pGxIji61Hm4lLYb7272GBMp8i9LM
+dZG5zbvvM4ujyKUCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUm8NagruRQWj2xTVYfo1w
+iLz1jlYwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAJqCjlFEJD3u
+7ZeAOZoYz6nU7EHV2CbMpUSFUUZ1j0npIBDIfnOCJFj5xnysdN1GnruhHPqHyTPp
+wcUNeXgpGh02/peR1Pt5nPz87RBgdkzApPEDZAONmsBPhZGW20jIojJYeOsIWT2r
+9nWSc8TaNLC9c+lo5P2oZT4aRB1SKdk4HPd2ZJLOFL1ziEIuNVwtJ1vjQVB3OaBi
+PSIu56xopxEKsuEJzoGwFvDWxhVM3jN9qM1vyOYuU11kMr0zyFwW1dv8evKkNvZ/
+f5WCfvnusaV8KgsxOxwiP9zHcqQ5pMj6ZZX/AB6w7R81HQ4TKh7dgenkzDuJRUbA
+xH34CWV0uvo=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem b/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem
new file mode 100644
index 000000000..a23fd098c
--- /dev/null
+++ b/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEFLjKeTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNTA1MTkwODQwNDdaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtaHXlX
+JprVsWAKov/mD3JPCnD9pKnoI1ODtdgOfVNk7IHHHuqeX4GezJ062wzT4HXfbwLu
+kZ34+fyUbWgaq/Ig3MYpLwfF/V/0S+XOiFpJiIYK8Vr7404Cw5Inu0gkGUbN8+1F
+JXC2jjtvVA5CbzqHjcA+KRNc9PnTyhguSCFMcTxpVLAemIlOX5uvDnAF3yfJG7HI
+QtyUm+E757DxRX2MKe+/BALh5IgPyBDS38b2t7G9c5gA6jH7XVMd/7zEtWogHhWE
+7lNXqlgJFxYGkDDT8toy3qiOusagHz0yTnFS2R4Hv9BGItdnM/MxzFNN2AnIvz4H
+hkuOtutced3o+y0CAwEAAaOBwTCBvjAdBgNVHQ4EFgQUl+XRzYsEl8BLRlWoacjz
+DvqJOI0wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBABKmY19oBOwZ
+fJPhhjTGmxJsUM2mYAb7HvmLPp7iE0iGjqgzMRl6xCCpd77kO+m9sr4OFf2JygCS
+wO0F+ZaBWJOFtlHhyHGyjvspP3tbpGqCO+HO+JAICjtD78MzJZBMbpDRBsccKe1I
+WvBkP2h5QHBmaw6ACTbFBOrPv/1VQiP2nLF5QzHfyHAVIzemxLVlhptk/Fnr8gR6
+ronVPD7EYTdc4SgIxQaKuktrrnXZ2O6XALLUkW3WjOLetCR1HdoBpBiHfgxYNg6b
+zHFZ7HdLTWnzVAHia/BhIfFlucNNo6DrHk4yKVOy5/yIXgI3pjR+HlRXz9WEtTiu
+dQh/7jQ9tss=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem b/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem
new file mode 100644
index 000000000..74fdcb6db
--- /dev/null
+++ b/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSDCCAs2gAwIBAgIEAxHqozAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh
+MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ
+R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND
+IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjM5WhcNMzUwODI3MTIzMjM5WjCBgzELMAkG
+A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG
+A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH
+QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDExMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEEFSwmnoHF+cFvvzNGm8WrWz7Dja7KFVsiSYeZzE9Svn9AduLqbfC
+hhlUF/JntiuWgn5LK6Z3ITHPEg9DgCa/3KOCATgwggE0MFcGCCsGAQUFBwEBBEsw
+STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj
+Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFJF3PLhoJOHBlUnt
+isEz3ManNpuFMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG
+A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj
+Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB
+FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF
+Z4EFCAEwCgYIKoZIzj0EAwMDaQAwZgIxAPjxzTlhPxleoQE9IGaEXWP5w4OjC+Zw
+2aaSk+f46h8O4FZK3Csf1XzIoa0tLG4O3wIxALssqv1PeM0rotzWRTjTF4cJ9GfX
+TvSHONnkZyiiOxMJGgjPmW6fRZshWROK7eU7uw==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem b/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem
new file mode 100644
index 000000000..ea8c357b0
--- /dev/null
+++ b/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIEXYw6ZDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE
+RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP
+UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg
+UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODU3WhcNMzUwODI3MTIyODU3WjCBgzEL
+MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa
+MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q
+VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAue1NnPP7ZWDRj1of4h/vyabVX9ZLHiwuBIZkheDk
+NF4jsn+uR8xud3RXZrNd6lga6kmJPBwwa60HNc4bJ1XuFVy6Ch2V6yYNqzrIHgTB
+zfc5GqfjVXir47tRws2Em01lv+hLPcx0wdJLw1WVadwjPjKDVauNMTaWcZbQryXn
+ZQkDTlNJqMEwCdYrnSxpNtgvmM/OqvdgQyGTV+N1A1uHGTqMyaRVzuq9BGyLfLrd
+bCgum4OUTlwmhVkRXCoo4loa6Mx3qlP4WsPLe0pnGnBNXzUO2Y+F2Ye2S45R58ox
+keP2fznHY0z/7FDAJSYZSmfnjGwuNGANhoqzkjmAvfDOXwIDAQABo4IBODCCATQw
+VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u
+LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E
+FgQUXCkgdCF5vHBNsdjFTDTKlEBWF8owDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv
+bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g
+BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS
+uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAYeUbnJWPImxO
+yGYdc9kPj9xGd59U0Y4bypm3z2YW4tPLr2c5MP8Tte0Cpq3AD+V9MlWQW3VRhcv8
+ATEcKyWoOEBSPzNcSMDekjwAnS4mAOEdlJ5rG+bbixH5116QYUCkJvdVYIb3sZTy
+02hj2Z3zofmz/9CSCuKqeQdoF4l/3olR8k46Pd/Z9DUZSCxW26WYzviYORzAusoi
+H9qGgO7NLkFeYBlKFrkplOWlNTpM1psfAYhIuhhnIGarcp+59owc99n/f3VS6mQn
+789KMaVPJYqOC2/t1R5P/hgwoDxbjoRmy74f+nUmMdp7lF55GsN/APQ71LgqDg8V
+LuVVuaFSW5kb8DWDjG/z5fNR46/TBI2VFAAabuYmfC2y9n4CYRNdSHH8FnDOGdxl
+ll6VJi3x84ywPxNf3m9ok8j+lmoiGm82YUlZbAnjFIoNtNvFIh5NoPzf6/LHEKYD
+zOaK3TimuJESzPuxjTumUj06rceOokczl2oVvGzvHqWYAWU8gJQa1aY3LkQ0fK5q
++Vc/+uenilJEXEQZX2Y5Px8dLDcr9rPiMuxY76sEcg+PFvJLg9QIhKkgzt74v8Ih
+aeDhrhAwKgDKcWAohYA/WQluxQommKp0N0s/Oi6yICpV73l41ea7kKzrjMu40IUS
+befqsgmXOcuz+HHnTsINAd1EK+kMoFI=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem
new file mode 100644
index 000000000..fa0a28071
--- /dev/null
+++ b/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIQc3HALwPpy5ENrJ49S+Yo0TANBgkqhkiG9w0BAQUFADCB
+ljELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTswOQYDVQQL
+EzJWZXJpU2lnbiBUcnVzdGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eTExMC8GA1UEAxMoVmVyaVNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBNb2R1bGUg
+Um9vdCBDQTAeFw0wNTEwMjUwMDAwMDBaFw00NTEwMjQyMzU5NTlaMIGWMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xOzA5BgNVBAsTMlZlcmlT
+aWduIFRydXN0ZWQgQ29tcHV0aW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTEw
+LwYDVQQDEyhWZXJpU2lnbiBUcnVzdGVkIFBsYXRmb3JtIE1vZHVsZSBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VBrQOh7Y1WHczxt1IGn
+rlBKKr0K6OZXVllr6F5vuF0lneajCRpxZJUne7v7/apxesr59LrQcDbOktlrGXXz
+OXjKBaXZBkKOO8ROIE2Ae6rslOMynlPHWP4HKdogZe3LPPViuC14uhgz5iXJ8pFf
+UQdKxCdKWTzICg0B+l46pp42Fxr83eR72O9kSzEqijkaYdoDx06yxWALguUGzS7H
+5sycnu2tAGDGFrmsQoh8mK4FUi5vce8JuWuhirCXZzmP/fV4tYndw+HJS/D7XuWk
+BWcbm0clLTbmYZ7Ae1rl1XTP5pd8Q3cHGB6R0HcXyACyE4Vjp/g0J3HJjHd3L6Tr
+wwIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4E
+FgQUDxT14yCIRBbKJr+NH843FepFbwYwDQYJKoZIhvcNAQEFBQADggEBAH6Ujdhq
+L8b38+swPJ2Jowu7UxcgzRWr2ayLqx8MwQkN1giSLsxcj6sHseMwqHLz2fCFfK2W
+Si5ZeyIWlB1TOJtwdpcmafFNPs0hOWWyl3D4uY2kfiQFu+GdpRtM7T+lsgDLlXvz
+t6nW2TscwGRKZA34hhvtE7294JJ56DlIcdSm3CY9MBvJ+pF2LyOC1NddHDf8ywKE
+XA9CXVmu3dpvwE+s7flQPS2E+y5EaWkXtKso2JTaHMS3PSwSJRhmknf/QtEkPZfb
+jzbhZZxVu48EZKOJL8lXzqm4hgpf7kX+WrVsCAny6AJkNn1xsQfvT0Y5OaVNH2RF
+j4ORjyt4A5du3H4=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem
new file mode 100644
index 000000000..50544dda9
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G
+A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo
+VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv
+b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG
+EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL
+DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU
+TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2
+GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe
+Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud
+DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T
+AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk
+MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+
++O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem
new file mode 100644
index 000000000..2a7e2e238
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEcWsKzTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNTA1MTkwODQ0NTVaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSAyOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1CQ3B3
+aJCs4znGLX+q6EO7LHZdJ2hcBEHSeDYakpBitMlcxXITyGTpHLuSsRUfF6NGpOdU
+xmbyo+B+qf+5yA/lTZR59zRYxkv3sMpOOIId0xjoLW/jh5A8pzyj5Z20jv47PHyJ
+WZvoe7XkOab1hDpBLUoyHxVJVUSLccoLX9pHXIahyZnd56AaoWQ25l8LBIdMDbOX
+BUa9gGFXBYxVdqXACyvOcXPIh/OI3E1SZ8aPpcR/zuPYSRBxzXdC1DFiyyhfW6Xg
+2qDpEP3OVmxbv3s3AdUWYAkDRBlf1yeEVr2YSDgvxfzq6/k6LsiMVyJyNRlpLpDS
+P4acNNixr0mdQScCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU9T5PR14NPG4rPlbjroq7
+lTEiYX8wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAE32RSaqKXQY
+09Oqvl0RnpmnqXd4X7opdam1XxbohB7tsC1hjsvZ0zSXZ68MJUhqaoEZRAShS9xp
+JZ04yiaYB6cqMPa/APlR1+CW/Ff7FroRRaxF4Jia4EBVooWb18uR4YBZkCyJNBkn
+ch0YltTMKpBga6+n8nJUuS7idTyw38cts+gPZIs8jS6+J4/3Bkq25V1OmbQvjwcA
+6xZ7Y5PPGPUCWhIS2C1syRGjOG8xVEjRwC8KwbQ9tiH+LjbWsyJHC7rltt7bp4L6
+YNmtpBF3sdtUopVbw1d3zXi/nJydqpXJJhgp6gsj1lFqE98oBwamuAUq6SlW7o1r
+MCA/Va9Mn6E=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem
new file mode 100644
index 000000000..7b2b1684c
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEHZiMxTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNzA4MjExMzM2MTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSA0OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALC9fdSh
+l+2uEu3rXJijH1evABQsqY7Z1BLhoejD0fgbwVKTbuaxJZy0mocPNYp9ygyY2Gbf
+Mycn5viX7crF6hQuwr4vC7gUpy1Zht6tCtIOzvpJKWbBykT++wUzwxF4PNSNP0An
+uZa2cD0RCiV9S9Aybwno+SgCCmuVPeT7jx3L7D6qYUL2Bow4tMjkHoVESWWgTf5k
+zC6hwJ43TP0fTU2nbzG1cFeueagDqOlvX9FYkgko688f8P7nWrzkSt6ecVYSLMSh
+GkuqDd9z+SauWHQ7ST2MS8ijkwGAQbVD2LIj0pTeHU/o7I9NToRkbRtreN6t005Q
+fMz0ct4cqe0EVbsCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUNlIAjh+4xZmFrcYyF7aE
+enUu/uAwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAKAhZdWFtAWb
+oevoXcOWoQaODTIFRVa3nGw/tFX6oYzBZXMqqHNMHDaffhUgP9za/I3YlDGLqaeg
+WKbCN2N+SlshleLTDX5I2kuvUFmYVq9Jk6QLSNwBufeDW3GYf9erTCm7CZ5JeeKU
+EzQkSnMEz+FbOjOZ+OqDs5w1dk/zvN/qzbLJJUnuSnx/2hl7JfpXQ3j/oTo4ryWl
+8IxqbjS1qy8ukaPJG5zQu+xaWSOr1zfkq5ZSY/oWG3IadKc2vStEjUCq+un/LcMH
+yuSAZQIDCR190SBTQE4tC+eIaXl6FK+EPJAB76Mos7e6ErV/F6sSf1j5J40SLTUf
+K2owrzyHFkk=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem
new file mode 100644
index 000000000..31b3fb233
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEC/Gs7zANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNzA4MjExMzM4MjFaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSA1MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWs4L3V
+UiRqEu9B/aIcIU19FA9tnhyFG4mYTUBt4ho4FfeYbE3uAzxpNo819VlzId/pt7FD
+v46Da3vs+ut29keREQovnS1HpOxZhWVh8j67Kr3BFVSzd9OZRyCDMe435cRHwP/3
+W0LXkpADFwaF/4O7/i2vzK04HK0Wb2vwIZFIixrQGVwavn/7YFeh5NQm8OU51XLE
+n7GIXhHAyUXV4RpKcHhbDPuw67obUqkvulswEHe1M/hsqtPaY5cWeIl+Jjv9/kp2
+Ikl6eDclp7yHXc13Xvh2vqfrfeC2Bz3SPWLX4h9qptyC5td0tONfCMbzE9wk7D+C
+eeM9b6W9kRE+f1MCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUKneg40LLxscu4/r8Owp7
+zqfJzk4wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAGhDSonPnyer
+gyjkb0D/mejWOyOWAlM2YCktqx99hxWg8m/aIMRBP/xlVkd1GR4pp3TdP//EE4JQ
+Swwk4A81K+HY/WRflX8R5+SdaskKAXWqIwmXILVuxgXJCnAkWAoX3ZK+eneWSZ9i
+pGp0n33b2lyNh110IitPpgip73Amj7Jp5oRfN7SxeAxLYgxnjjvsnWOd+OZ+/K2A
+GX+rGzlGZ36RvaiGUY4cJyHSdoQh3sGm8xjqTf2pddoWydoxmgifzG+01jLRi5Uh
+Gbyq7M+wuG7aFlZuPMN4tBltBZAqxk9o4Vsf5uT/wjdWjWP+V62lutDM8lFdq3Tq
+egGHxNUN5IY=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem
new file mode 100644
index 000000000..810bc9b0b
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEQx49BDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNzA4MjExMzQwMThaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSA1NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7G1JeF
+Hb1FbO/L//24maD8vTYhdN8rJ6rukZ0tPuX/UZUcWMatsbfYeIIfSf2faX0Qk/Bp
+XoBFa3rRlnMJa1RFf4p9PH8p0/O0su/GFyNkAp4RtwXfU0zniY2avTo60ttP45ei
+n3k+V+mN3Qp/Z6Cv8tIrUCeMomnUfFBj//xolnaeBJTJqB9N9EspMP/ZKqWYzF3z
+9fuHDaaPHJ51PbMqsPnC2TpFL2WoqAIZH5eduVi9UgHKI0uZG1K48RmmLwvjEyoi
+B69Elg9Gxb8pjMwDFONCkUCSKPvLDUSFbVGfX063STp20f6QH4IDwy/Ewon/Ti6m
+hwBNdsdvzuLV3gECAwEAAaOBwTCBvjAdBgNVHQ4EFgQUQEBgcCitE0/Fb7t7mvkO
+hb3iGd4wDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBACttyUx8sgLo
+/NJGDs8yjVFzMdGSqFWeKbJux2TrKJ21yQ1kwT80JInmV0tPlEkPBhk76gN/UdhW
+LgEa8NUa4Lfb4kHreSeeJUQYJ6yxwRWQK6L7XoWRoyT4ziLS2lvJrVTOfxLq+n43
+5UCnN0WuMsCmE4VRaIGTNe0qBljvl4V3sLc/9XB7q+WoccRRC58L9x+6YaEekQ1b
+ZV4UAaEozlRtqyhgaJ5DnTVxcoyyk/3r4Dut2Cw9xdbpxPLnByfkVcXjBzDgYyLo
+ytjIjpT81ddKoZdH5S1qTMo3lyx2zVB4TsbWpv4+Q8qHeU0L1qMfjJi0I0PTf5j0
++tm+htxY9/Y=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem
new file mode 100644
index 000000000..44fb62ff1
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEaKPtQzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNzA4MjExMzQzMzNaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSA2MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJC1kYiE
+VaHloKcYnzxDUlU+Wwk7AVaoZd0nCK+EH4Khbtf5OhjqJ7W37TSBjG63eCMcQRWV
+YuPAwQj9i5CnLO4/Q1pU8TZA6LQfdsBuGeE8UYBjvgR8k2NpPPLQUuQJVLN0hC9C
+ZtRYjSjgGroG1HDq8HR6f95NU/PwUWuh0T8hT5J0Fv6JJ9qfOImC/FAychOFd2Dh
+uoSkJ61Uu2NtSuywYQ42+cSMtJbOzc1TWnyJxQ1//nsDhbRs01TZX6v6WPNxW7ng
+HzsDJWAfM8UejWV0aXkFR2SGkqKj4HbdcOUO4PiY8TmQsfx3rRD6eZeVm++Ozost
+CSG43qzrMrIDJkkCAwEAAaOBwTCBvjAdBgNVHQ4EFgQU2xsj2J2JM3VhLPVRaj10
+FJw/6ZwwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBANKMf/BNsisc
+97BN12tShgS3MiHsJDB1vIM5NLZ32laCv4hkGy18L70BipXvAcvJXxf0CqE25rOi
+Un2sLBO+NIWtF2k/JodLZbhzp0PgZ/9ftchAAjkJUK7vsXH9ADM60+O8lh1N64XH
+K+i0ZRR3jNND0/Q/JhJZiPeQNLAZlue6KydWGR+dkuicJWDAs0D0V48bxs9mG+Lj
++nn4VvfQYi1Kz2F42v5b5yX3Rihyja7ZXyoy+1sNCfUDviVJ/IK1tWOhpDS8GL7k
+CyQC09drpnzWHiT8qRyUu7GzFFStod4XWlAtpBwNGZ/eeVKaitU+u+OpHkSC0UTC
+09GGE7xes1c=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem
new file mode 100644
index 000000000..463f83836
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJDCCAwygAwIBAgIEH9B9WDANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHQmF2YXJpYTEhMB8GA1UEChMYSW5maW5lb24gVGVjaG5vbG9n
+aWVzIEFHMQwwCgYDVQQLEwNBSU0xGzAZBgNVBAMTEklGWCBUUE0gRUsgUm9vdCBD
+QTAeFw0xNzA4MjExMzQ0MTlaFw0zMDEwMTgyMzU5NTlaMHcxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZTYXhvbnkxITAfBgNVBAoTGEluZmluZW9uIFRlY2hub2xvZ2ll
+cyBBRzEMMAoGA1UECxMDQUlNMSYwJAYDVQQDEx1JRlggVFBNIEVLIEludGVybWVk
+aWF0ZSBDQSA2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkHRgiW
+Vjfv9aSAZ1+5jqsOBr+02Ki2X0fCZL71YSNiz90P2vud+iSeVBTSjDGrHLd3DlGa
+MYxe1DPF3PVk0QNMXVledT52wOuGp5s+6uoSX+4W/zU3efC4zEJvvGz9qiwwDO4W
+H6FgjTvVE+Rrn2pbrzW8n2lIvHnJLVGzHiSZfayQrmS0rAHrrbJSFvts1x/Al4GL
+ky7RyCgqJw+KxDNZ16x4k0Gv9PhboKyUc+h/Hn+2w5RcAlKTZukLCfujg6KRUJek
+v51ekPQzRf8mw4z5x2Bd5nmxNNWJ+4CGoG+/N+mP/n2gaYMZdadQzn6l+/WtIKhr
+6QWnAYye++AKbEMCAwEAAaOBwTCBvjAdBgNVHQ4EFgQUomzurJX6M2cyGdDCp3Y3
+EC+1P/IwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwWAYDVR0g
+AQH/BE4wTDBKBgtghkgBhvhFAQcvATA7MDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3
+LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwHwYDVR0jBBgwFoAU
+VuuRRIVj1nKzrtRFlgv3lA5UQqYwDQYJKoZIhvcNAQEFBQADggEBAEVQDi0bnfgY
+GaCMLvCnwhtqgc/rCSk2VYGlZ2QS8q+MmnegR9Lb3vZAsDT8c2TgvrnK1pHrFbsx
+vZ9xloJkUt+aCIZ/8PR+wFZrsX0P7mLT9HgJDrCciN4b/giDto9IQ5WBtp/Fr3oM
+Wg91QZdONHDtR/X7UYZMm6Ev6vQAdnZkSHnZApR+0yKoBJYININZfI9ePZ+s5Bll
+meTVjyKtCG8LgcGDDq8Vaodl36VQya5TEkT3e6rLvl9XyhxG4R3xzNEK/0x5Rh4C
+ZQLB4V09fbciSfsXpOflmO5rF7kDBIJyLhwWONtnsW8m3hGI0qhwb0MoLQ/OW4CA
+7wYXq7TEzK4=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem b/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem
new file mode 100644
index 000000000..939d7bede
--- /dev/null
+++ b/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh
+MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ
+R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB
+IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD
+VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD
+VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH
+QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn
+25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr
+R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS
+JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT
+ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl
+8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2
+7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1
+bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d
+cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS
+ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu
+81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV
+HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN
+UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M
+BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y
+rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ
+gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y
+np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2
+DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr
+la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf
+Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR
+pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv
+JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM
+6sJa8iBpdRjZrBp5sJBI
+-----END CERTIFICATE-----
diff --git a/utils/certificates/InfineonECCChain010.pem b/utils/certificates/InfineonECCChain010.pem
new file mode 100644
index 000000000..cd9b1c418
--- /dev/null
+++ b/utils/certificates/InfineonECCChain010.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAs2gAwIBAgIES+VajjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh
+MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ
+R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND
+IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjEzWhcNMzUwODI3MTIzMjEzWjCBgzELMAkG
+A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG
+A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH
+QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEmNM2OAm+Z8nWW8uHW1r2td77f6n1J6nQt8tT4PG6nx/PInVVpo5z
+CB0wlYJhZT/bwWM5fgaYBe/KsruY7tUea6OCATgwggE0MFcGCCsGAQUFBwEBBEsw
+STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj
+Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFB/N+47OQIZ12WPl
+5RCNVcmE3Xl6MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG
+A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj
+Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB
+FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF
+Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwQm072iAm/wOXnhC0Zn632aUqJZESMNfy
+/iA9jmpWqfiDq3mpIni+nYz8FJ0E5qM2AjEAtFT6U066B4jGvuK2uMDcP8IHxSle
+pjHLOVkOV0MoZ6CkK4enQu8p0qn1PqNOqSGT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G
+A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo
+VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv
+b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG
+EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL
+DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU
+TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2
+GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe
+Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud
+DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T
+AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk
+MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+
++O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem b/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem
new file mode 100644
index 000000000..352d0d82f
--- /dev/null
+++ b/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAs2gAwIBAgIES+VajjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh
+MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ
+R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND
+IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjEzWhcNMzUwODI3MTIzMjEzWjCBgzELMAkG
+A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG
+A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH
+QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEmNM2OAm+Z8nWW8uHW1r2td77f6n1J6nQt8tT4PG6nx/PInVVpo5z
+CB0wlYJhZT/bwWM5fgaYBe/KsruY7tUea6OCATgwggE0MFcGCCsGAQUFBwEBBEsw
+STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj
+Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFB/N+47OQIZ12WPl
+5RCNVcmE3Xl6MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG
+A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj
+Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB
+FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF
+Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwQm072iAm/wOXnhC0Zn632aUqJZESMNfy
+/iA9jmpWqfiDq3mpIni+nYz8FJ0E5qM2AjEAtFT6U066B4jGvuK2uMDcP8IHxSle
+pjHLOVkOV0MoZ6CkK4enQu8p0qn1PqNOqSGT
+-----END CERTIFICATE-----
diff --git a/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem b/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem
new file mode 100644
index 000000000..7d563c844
--- /dev/null
+++ b/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIEJl+qTzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE
+RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP
+UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg
+UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODIyWhcNMzUwODI3MTIyODIyWjCBgzEL
+MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa
+MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q
+VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAwEtScKQB4zjh2Ci7OOxmnIhSVCncEZYYc9daievb
+XPn8fsWp39O9RG+27tGWQgTrxtNnm12dOEVUWCG2azr3o1DREr/ESOHQ8/3kXhY2
+86DmGZS4M02rya7uv+DWcKuZi9KR3NmbFHfqp2zp9S9xjUaugDVQYqsFJ2EYC89J
+7obFHcfw0KYiUili1NDGzcYnnTSKhKPTsVloTezq6HgqeZArkOX/O1NIZX9RRpAb
+DnJ8GgVLqZ4gCkbFTbA9FY1S5fQsTTU3nv7HB7LkAsY+BPNbOjY4nq8nLc3LP4x1
+wj7iisx9Icn/fIgFldYFDHy09hlOQntWM94hLXIT0nc/1QIDAQABo4IBODCCATQw
+VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u
+LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E
+FgQU2KP1VghaaMiqXV/gebzG6cbTd2QwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv
+bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g
+BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS
+uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAo2BsBPPBEiXO
+/fp4Lj00Dz+nb4g0SZLC0zIp0xvzM/ibGZufYb854+kq9RY1SeFz7It+DVOgdoCh
+GdFc6CXHqZdZoFpFkQY7I31OPkzy65uQnIzsRLce+Ct4Lts5+I0XHDpxtGOCLaWo
+Ms1bTleWljsxgmw3CWY9V14tIF5dEEmnUgjgbDo7Ai5nLahgfqNU4XfXK9zSRX+R
+V0IiYDVFDQqfzJ4GroB4ttYthzr1x1e+vJd4Bh9ErF3v9L8cCthKytOwu65npYBG
+UGH+aWRoaX/3pROjXEZFhFHfNETFc+gVXesIfYeJJQPygudADNYfVtAsDF4qx3JT
+UUlgmzC3z7YivGGBD1Uoj2b7x1DCCy0x0v8ibXbgd7nT0g6a0lZGt4i4gvbUUbEm
+463Vr8Bb1XgA5bsbevUdR8SmuIY0PiS7qioQs4cRGagOSVG0MlKtDD9E/jZ5PUZI
+RpTduKG/lLwH0HHeNgKmDt/pTQWa4/sUgp/KHqg1E82J7sCu4vB/Bk1pTybe4GV/
+YDSc1NGABsWRzZnrIHrIVsXYM5rQzV9+/+BxRmhEqUVUGNzsFYW/RRieNWyojYG6
+v54K9BtAELt1tWXBDE/2Np/RFZQNeEFh2pkLxRNOXytuVoXwII7QNr4TDef2PmE+
+thsvOkC60E8ZEsKZ8GU3Q32lT5CExWI=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/InfineonRSAChain010.pem b/utils/certificates/InfineonRSAChain010.pem
new file mode 100644
index 000000000..426183fcc
--- /dev/null
+++ b/utils/certificates/InfineonRSAChain010.pem
@@ -0,0 +1,66 @@
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIEJl+qTzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE
+RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP
+UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg
+UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODIyWhcNMzUwODI3MTIyODIyWjCBgzEL
+MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa
+MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q
+VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAwEtScKQB4zjh2Ci7OOxmnIhSVCncEZYYc9daievb
+XPn8fsWp39O9RG+27tGWQgTrxtNnm12dOEVUWCG2azr3o1DREr/ESOHQ8/3kXhY2
+86DmGZS4M02rya7uv+DWcKuZi9KR3NmbFHfqp2zp9S9xjUaugDVQYqsFJ2EYC89J
+7obFHcfw0KYiUili1NDGzcYnnTSKhKPTsVloTezq6HgqeZArkOX/O1NIZX9RRpAb
+DnJ8GgVLqZ4gCkbFTbA9FY1S5fQsTTU3nv7HB7LkAsY+BPNbOjY4nq8nLc3LP4x1
+wj7iisx9Icn/fIgFldYFDHy09hlOQntWM94hLXIT0nc/1QIDAQABo4IBODCCATQw
+VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u
+LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E
+FgQU2KP1VghaaMiqXV/gebzG6cbTd2QwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB
+/wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv
+bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g
+BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS
+uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAo2BsBPPBEiXO
+/fp4Lj00Dz+nb4g0SZLC0zIp0xvzM/ibGZufYb854+kq9RY1SeFz7It+DVOgdoCh
+GdFc6CXHqZdZoFpFkQY7I31OPkzy65uQnIzsRLce+Ct4Lts5+I0XHDpxtGOCLaWo
+Ms1bTleWljsxgmw3CWY9V14tIF5dEEmnUgjgbDo7Ai5nLahgfqNU4XfXK9zSRX+R
+V0IiYDVFDQqfzJ4GroB4ttYthzr1x1e+vJd4Bh9ErF3v9L8cCthKytOwu65npYBG
+UGH+aWRoaX/3pROjXEZFhFHfNETFc+gVXesIfYeJJQPygudADNYfVtAsDF4qx3JT
+UUlgmzC3z7YivGGBD1Uoj2b7x1DCCy0x0v8ibXbgd7nT0g6a0lZGt4i4gvbUUbEm
+463Vr8Bb1XgA5bsbevUdR8SmuIY0PiS7qioQs4cRGagOSVG0MlKtDD9E/jZ5PUZI
+RpTduKG/lLwH0HHeNgKmDt/pTQWa4/sUgp/KHqg1E82J7sCu4vB/Bk1pTybe4GV/
+YDSc1NGABsWRzZnrIHrIVsXYM5rQzV9+/+BxRmhEqUVUGNzsFYW/RRieNWyojYG6
+v54K9BtAELt1tWXBDE/2Np/RFZQNeEFh2pkLxRNOXytuVoXwII7QNr4TDef2PmE+
+thsvOkC60E8ZEsKZ8GU3Q32lT5CExWI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh
+MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ
+R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB
+IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD
+VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD
+VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH
+QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn
+25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr
+R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS
+JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT
+ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl
+8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2
+7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1
+bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d
+cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS
+ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu
+81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV
+HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN
+UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M
+BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y
+rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ
+gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y
+np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2
+DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr
+la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf
+Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR
+pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv
+JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM
+6sJa8iBpdRjZrBp5sJBI
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IntelEKIntermediate.pem b/utils/certificates/IntelEKIntermediate.pem
new file mode 100644
index 000000000..fea2f4f82
--- /dev/null
+++ b/utils/certificates/IntelEKIntermediate.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvjCCA2SgAwIBAgIUbOv9CbWie5MIiWFjQaGYw+NfG50wCgYIKoZIzj0EAwIw
+gYcxCzAJBgNVBAYMAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xh
+cmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMSEwHwYDVQQLDBhUUE0gRUsg
+cm9vdCBjZXJ0IHNpZ25pbmcxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTUw
+MzI0MDAwMDAwWhcNNDkxMjMxMjM1OTU5WjCBlTELMAkGA1UEBgwCVVMxCzAJBgNV
+BAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29y
+cG9yYXRpb24xLzAtBgNVBAsMJlRQTSBFSyBpbnRlcm1lZGlhdGUgZm9yIFNQVEhf
+RVBJRF9QUk9EMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAEryzECW6qpKxLE8m3YQwVO+oiea9EkzNEVxDAA/IOaq+u1MMY
+W1POaBQFO17J57eFLmTfC3pCtaBnB9mWsjFhzqOCAZwwggGYMB8GA1UdIwQYMBaA
+FOhSBcJP2NLVpSFHFrbODHtbuncPMB0GA1UdDgQWBBRec8iao+kCsnK58HQffYcw
+4+xySjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjATBgNVHSUB
+Af8ECTAHBgVngQUIATBwBgNVHSABAf8EZjBkMGIGCiqGSIb4TQEFAgEwVDBSBggr
+BgEFBQcCARZGaHR0cDovL3VwZ3JhZGVzLmludGVsLmNvbS9jb250ZW50L0NSTC9l
+a2NlcnQvRUtjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjBcBggrBgEFBQcBAQRQME4w
+TAYIKwYBBQUHMAKGQGh0dHA6Ly91cGdyYWRlcy5pbnRlbC5jb20vY29udGVudC9D
+UkwvZWtjZXJ0L0VLUm9vdFB1YmxpY0tleS5jZXIwTQYDVR0fBEYwRDBCoECgPoY8
+aHR0cDovL3VwZ3JhZGVzLmludGVsLmNvbS9jb250ZW50L0NSTC9la2NlcnQvRUtf
+UGxhdGZvcm0uY3JsMAoGCCqGSM49BAMCA0gAMEUCIEwoRGZXyGrOi5c5XQ0sogO0
+7nKarDdxCHJjJmfB2j98AiEAzEpP1ysDBAD6k97Y0XVrqn4srCNv6132mRKeSw16
+wMk=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/IntelEKRootCA.pem b/utils/certificates/IntelEKRootCA.pem
new file mode 100644
index 000000000..d30b958bc
--- /dev/null
+++ b/utils/certificates/IntelEKRootCA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdzCCAh6gAwIBAgIUB+dPf7a3IyJGO923z34oQLRP7pwwCgYIKoZIzj0EAwIw
+gYcxCzAJBgNVBAYMAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xh
+cmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMSEwHwYDVQQLDBhUUE0gRUsg
+cm9vdCBjZXJ0IHNpZ25pbmcxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTQw
+MTE1MDAwMDAwWhcNNDkxMjMxMjM1OTU5WjCBhzELMAkGA1UEBgwCVVMxCzAJBgNV
+BAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29y
+cG9yYXRpb24xITAfBgNVBAsMGFRQTSBFSyByb290IGNlcnQgc2lnbmluZzEWMBQG
+A1UEAwwNd3d3LmludGVsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJR9
+gVEsjUrMb+E/dl19ywJsKZDnghmwVyG16dAfQ0Pftp1bjhtPEGEguvbLGRRopKWH
+VscAOlTFnvCHq+6/9/SjZjBkMB8GA1UdIwQYMBaAFOhSBcJP2NLVpSFHFrbODHtb
+uncPMB0GA1UdDgQWBBToUgXCT9jS1aUhRxa2zgx7W7p3DzASBgNVHRMBAf8ECDAG
+AQH/AgEBMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAgNHADBEAiAldFScWQ6L
+PQgW/YT+2GILcATEA2TgzASaCrG+AzL6FgIgLH8ABRzm028hRYR/JZVGkHiomzYX
+VILmTjHwSL7uZBU=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NationZEkMfrCA001.crt b/utils/certificates/NationZEkMfrCA001.crt
new file mode 100644
index 000000000..c7b7e8d95
--- /dev/null
+++ b/utils/certificates/NationZEkMfrCA001.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNDCCArmgAwIBAgICEAAwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf
+BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u
+eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3
+MDUxMzAwMDAwMFoXDTM3MDUxMzAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV
+BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU
+UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB
+IDAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABA8ri4sMjK5RoF9LOA8eZs9ZHKJ1
+dXT/w28Vtwe6yBA4Op5w0n0o3+9NPPKJfsw1YDoeKZ9kwvpxTVM7kBtpKOw6NRRq
+bUAkzAfYqIwpHPPhN25JSOXhl3bn36dSCfUCfqOCASEwggEdMEsGCCsGAQUFBwEB
+BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv
+b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFAIsvu1ddwYPKDPp1TdrqLwwjNm6
+MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS
+b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud
+IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G
+A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2kA
+MGYCMQC3Z7rH2wyIAhKM/2TopTbWUzrTTlwyjHw1ShOcovNEMgevVM/+AV1SAGSL
++n3LengCMQCYnzH/Wk4o4+0lOrnUDLNT4L7N6d3IIFGs0XARk1S/RCBoyGSlHUP3
+7JhNd0voDIc=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NationZEkMfrCA002.crt b/utils/certificates/NationZEkMfrCA002.crt
new file mode 100644
index 000000000..d9b577939
--- /dev/null
+++ b/utils/certificates/NationZEkMfrCA002.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCArmgAwIBAgICEAEwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf
+BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u
+eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3
+MDUxNDAwMDAwMFoXDTM3MDUxNDAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV
+BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU
+UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB
+IDAwMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABLq7H/y6uXdkXZWYlGAHJGjaPsS6
+cnLxp+oMnOQhr/wuTviTiCWA7gFaPOeEg5JSC944VG54M+JS0jKnlM38CMPWBKQQ
+nNEaWWMkJbhI/DychOqZ9bHVN0DmsrBWeSzFdKOCASEwggEdMEsGCCsGAQUFBwEB
+BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv
+b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFAPRzeQ46j2zTZQxgcHNUX1ogGLv
+MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS
+b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud
+IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G
+A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2gA
+MGUCMFWbhtvZOP+xqrxC2N5ArgiBBfheFTWM5rectLY50LQJpOMaiVSFs72PUrhz
+IFX6ewIxAPL7H/hDyflrnB1kUrcbMaRxjuV8xP6h6bT6hrz5x4Y+nORKkxbz2KLU
+G3zS/IDHOQ==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NationZEkMfrCA003.crt b/utils/certificates/NationZEkMfrCA003.crt
new file mode 100644
index 000000000..ef95ed69e
--- /dev/null
+++ b/utils/certificates/NationZEkMfrCA003.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCArmgAwIBAgICEAIwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf
+BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u
+eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3
+MDUxNTAwMDAwMFoXDTM3MDUxNTAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV
+BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU
+UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB
+IDAwMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCtznQzLxTR4YGov53b3NXkjNBcb
+iWeC7XsukpYkm61dxCw+bsP+jm1soaN9/WDcodzN8hlBFVYWwL79K+S5w9Xojnik
+rrnadWfCJ/LwmY1esyjQEmSbCXiukCZGfB8Nq6OCASEwggEdMEsGCCsGAQUFBwEB
+BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv
+b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFOuy9OMS5lKcTtDNtoIoWArlID1F
+MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS
+b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud
+IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G
+A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2gA
+MGUCMBFkhoH7ATgC8Z9QAsWJ6YZzI9wsXMcLjytBY1Ae9gWkFQEnfrx43gd+/pRl
+2Mpy5AIxANhHc4NyRsFsZ828jOUthQIH0A8rckSDwNkoGWGVAuny/S9Gww6k5EM4
+EwQq9W0Syw==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NationZEkRootCA.crt b/utils/certificates/NationZEkRootCA.crt
new file mode 100644
index 000000000..36cdff86b
--- /dev/null
+++ b/utils/certificates/NationZEkRootCA.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICRDCCAcqgAwIBAgIBATAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJDTjEhMB8G
+A1UECgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256
+IFRQTSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwHhcNMTcw
+NTEyMDAwMDAwWhcNNDcwNTEzMDAwMDAwWjBrMQswCQYDVQQGEwJDTjEhMB8GA1UE
+CgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256IFRQ
+TSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATvuDTN8TNvp3A9fSjWpDARLmvz7ItQrDq/mmuzvzInwQfs
+YKUUJza4MXB3yS0PH1jjv1YMvaIBIalAgc+kahScQUy6W2fy6hd36pazmc/vQfG3
+Gdhw56gGwRHx4rn4TuqjQjBAMB0GA1UdDgQWBBQ6vP8I314BDCtkB4vHzpUG9Aj9
+5DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo
+ADBlAjApzqSmd4cCMKC7slJ4NE/7zweXZx89JzSEnEWGcq78jbbXCw6yM+R4nCNX
+phflI9QCMQCeFOAvyR+DQvThfGFINABej+1zeDVIjuZHat3FHVyV0UQVClPgMlZu
+TntipXwGOVY=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NuvotonTPMRootCA0100.pem b/utils/certificates/NuvotonTPMRootCA0100.pem
new file mode 100644
index 000000000..5e3a4a1ef
--- /dev/null
+++ b/utils/certificates/NuvotonTPMRootCA0100.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCDCCAa2gAwIBAgIJAKSOwvBmtTZjMAoGCCqGSM49BAMCMFUxUzAfBgNVBAMT
+GE51dm90b24gVFBNIFJvb3QgQ0EgMDEwMDAlBgNVBAoTHk51dm90b24gVGVjaG5v
+bG9neSBDb3Jwb3JhdGlvbjAJBgNVBAYTAlRXMB4XDTE1MDQyMDA3NDIwM1oXDTM1
+MDQxNjA3NDIwM1owVTFTMB8GA1UEAxMYTnV2b3RvbiBUUE0gUm9vdCBDQSAwMTAw
+MCUGA1UEChMeTnV2b3RvbiBUZWNobm9sb2d5IENvcnBvcmF0aW9uMAkGA1UEBhMC
+VFcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRh5Aw2OaeLSXA3llLU6KcpZ+7
+kX9dOTXrQ5fRlhdO//IbMA4DotivYL2y9rgWOIPB8hwlA50RDxlzJPKlD6o5o2Yw
+ZDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU
+SC1WgM6Cj0gKjk9fZUgdajmRtGIwHwYDVR0jBBgwFoAUSC1WgM6Cj0gKjk9fZUgd
+ajmRtGIwCgYIKoZIzj0EAwIDSQAwRgIhAPqfjnMuNRbMdpLN7GjxtAhPqLLuh/CD
+TgU12LegjOpOAiEApW30TPJ2uhasTeMvdbtxKCc45sGrM+YYE4UxxiYZxqY=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NuvotonTPMRootCA1110.pem b/utils/certificates/NuvotonTPMRootCA1110.pem
new file mode 100644
index 000000000..96cecd948
--- /dev/null
+++ b/utils/certificates/NuvotonTPMRootCA1110.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIIEDiqn2SaqGMwCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY
+TnV2b3RvbiBUUE0gUm9vdCBDQSAxMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s
+b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUwNTExMDg0MzMzWhcNMzUw
+NTA3MDg0MzMzWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDExMTAw
+JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU
+VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDVkEOpuyhuviaDH6xQj3faaV2Z4
+FvXSdwUkTiB1JjPDgv1PU0SFYtEE1W9VmI1GcOn5FAUi2/QM36DPhmPTd+qjZjBk
+MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQV
+kdS26vmNAQSGS2kDpI3QAmB30zAfBgNVHSMEGDAWgBQVkdS26vmNAQSGS2kDpI3Q
+AmB30zAKBggqhkjOPQQDAgNIADBFAiEAlfxysfHDcxYDed5dmRbvHPKHLEEq9Y9P
+wAxoKqH7Q5kCIGfsxiLr2j9nJ9jELwXz0/VWN9PhUNdM3qmsx2JEne6p
+-----END CERTIFICATE-----
diff --git a/utils/certificates/NuvotonTPMRootCA2110.pem b/utils/certificates/NuvotonTPMRootCA2110.pem
new file mode 100644
index 000000000..6381f752b
--- /dev/null
+++ b/utils/certificates/NuvotonTPMRootCA2110.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIIP5MvnZk8FrswCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY
+TnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s
+b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUxMDE5MDQzMjAwWhcNMzUx
+MDE1MDQzMjAwWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDIxMTAw
+JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU
+VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPv9uK2BNm8/nmIyNsc2/aKHV0WR
+ptzge3jKAIgUMosQIokl4LE3iopXWD3Hruxjf9vkLMDJrTeK3hWh2ySS4ySjZjBk
+MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSf
+u3mqD1JieL7RUJKacXHpajW+9zAfBgNVHSMEGDAWgBSfu3mqD1JieL7RUJKacXHp
+ajW+9zAKBggqhkjOPQQDAgNIADBFAiEA/jiywhOKpiMOUnTfDmXsXfDFokhKVNTX
+B6Xtqm7J8L4CICjT3/Y+rrSnf8zrBXqWeHDh8Wi41+w2ppq6Ev9orZFI
+-----END CERTIFICATE-----
diff --git a/utils/certificates/cacert.pem b/utils/certificates/cacert.pem
new file mode 100644
index 000000000..b752ba545
--- /dev/null
+++ b/utils/certificates/cacert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlKgAwIBAgIJALbpb8xivmmsMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoM
+A0lCTTEOMAwGA1UEAwwFRUsgQ0EwHhcNMTYwNTIzMTkwNjExWhcNMjYwMjIwMTkw
+NjExWjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0
+b3duMQwwCgYDVQQKDANJQk0xDjAMBgNVBAMMBUVLIENBMIIBIzANBgkqhkiG9w0B
+AQEFAAOCARAAMIIBCwKCAQICsUzdWU1yjZNL5QeJU/emaKBbOuHvZqdCvApjGM+T
+31XO1s52BkxRtOjULxd+xiK0xogdxDwwsnh/o/YR9zmj7aDVFz068WCEBvjKkClf
+KOk+1VpdAFzni+NNYMNESNul3ZWwEzpfBmghI7zJQrUBh1rn27PC9OtfTFhONzRT
+XPq5K2vScvU3Wz0papT4+hEmsd8YyhMYJr00cjV2bDzphZ7wg9YNNpUMJZ4yipYy
+4XLG+HVPb9DyERFQNpDooA/ZhCZVT8auDbdSvYyrO9q+Uxz30UeqXK3YnDCyk00k
+JCBWmf3TobjWMKwZO3gUIRMrBuJ7UsEtkkh8+jLaJ7Qcl68CAwEAAaNQME4wHQYD
+VR0OBBYEFMSPNuKcE6FeRlRc+DKJeakTyaDpMB8GA1UdIwQYMBaAFMSPNuKcE6Fe
+RlRc+DKJeakTyaDpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEDAAFr
+xBCzqiAkYNofYGNidpGrkiP2T3xj/hUx57HjVVoWNlVDBGsxbnoB+WlBqzApJLZC
+/XZs/zuvS4bnMiSUEw2v8v3/sAqkzMJN7VOg0US1etNjPSrlBmSeun/6HX0C+5M2
+wQ836P6Y49PePvJO6zGdxJ9SlZ8jKNgtQgQKyUSViSEj0N09CndQJMnOPYIYhc+T
+/9/HPaNMymHu7Hep0/NgASoLnm8LzP+nzmR286L4DeZ47hKBHMbnTeNNlodEjh92
+AyI4yaGKjujRjPokTHWUWjFt6t1VXn1cc6Sdpj2YVeFCjkjB9NmDV+Msv9h4UAqy
+K0wEax/1fsWqDeoom5I1NA==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/cacertecc.pem b/utils/certificates/cacertecc.pem
new file mode 100644
index 000000000..a47eb31c2
--- /dev/null
+++ b/utils/certificates/cacertecc.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAYmgAwIBAgIJALX8+MVL3dXPMAoGCCqGSM49BAMCME4xCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lC
+TTERMA8GA1UEAwwIRUsgRUMgQ0EwHhcNMTcwMTEzMjAzOTE2WhcNMjcwMTExMjAz
+OTE2WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0
+b3duMQwwCgYDVQQKDANJQk0xETAPBgNVBAMMCEVLIEVDIENBMFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEahnfxuCQ+NsMcDIe8GZxIiFSX65CXICk6zc3NLRPbPvq
+ToRdIanaP14TT6eu76FkNDzbtsY6PSMgVNTeAAnfGqNQME4wHQYDVR0OBBYEFAFk
+p5Lu8Z+laxVYak8/WHhLsG+lMB8GA1UdIwQYMBaAFAFkp5Lu8Z+laxVYak8/WHhL
+sG+lMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ9GClH24Y9NPpKdh
+3HTwudrjYPYyjK8o5HQ9c8Xc9ecCIQD0NgIj1iUvkEzgNoXS7UP1RD0MpKdzywqM
+5RyP15ckRA==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/gstpmroot.pem b/utils/certificates/gstpmroot.pem
new file mode 100644
index 000000000..b40c5e963
--- /dev/null
+++ b/utils/certificates/gstpmroot.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgILBAAAAAABIBkJGa4wDQYJKoZIhvcNAQELBQAwgYcxOzA5
+BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT
+aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwMzE4MTAw
+MDAwWhcNNDkwMzE4MTAwMDAwWjCBhzE7MDkGA1UECxMyR2xvYmFsU2lnbiBUcnVz
+dGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEzARBgNVBAoTCkds
+b2JhbFNpZ24xMzAxBgNVBAMTKkdsb2JhbFNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBN
+b2R1bGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPi3
+Gi0wHyTT7dq24caFAp31gXFDvALRGJrMiP+TunIYPacYD8eBVSNEiVoCUcVfYxzl
+/DPTxmRyGXgQM8CVh9THrxDTW7N2PSAoZ7fvlmjTiBL/IQ7m1F+9wGI/FuaMTphz
+w6lBda7HFlIYKTbM/vz24axCHLzJ8Xir2L889D9MMIerBRqouVsDGauH+TIOdw4o
+IGKhorqfsDro57JHwViMWlbB1Ogad7PBX5X/e9GDNdZTdo4c0bZnKO+dEtzEgKCh
+JmQ53Mxa9y4xPMGRRnjLsyxuM99vkkYXy7rnxctSo7GtGIJJVabNuXZ0peaY9ku0
+CUgKAsQndLkTHz8bIh0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFB4jY/CFtfYlTu0awFC+ZXzH1BV6MA0GCSqGSIb3
+DQEBCwUAA4IBAQCVb7lI4d49u7EtCX03/rUCCiaZ64NMxxqRmcSVdUx6yRrbl8NN
+FNr6ym2kTvwe1+JkTCiDxKzJsOR/jcPczAFiYpFbZQYLA6RK0bzbL9RGcaw5LLhY
+o/flqsu3N2/HNesWbekoxLosP6NLGEOnpj1B+R3y7HCQq/08U5l3Ete6TRKTAavc
+0mty+uCFtLXf+tirl7xSaIGD0LwcYNdzLEB9g4je6FQSWL0QOXb+zR755QYupZAw
+G1PnOgYWfqWowKcQQexFPrKGlzh0ncITV/nBEi++fnnZ7TFiwaKwe+WussrROV1S
+DDF29dmoMcbSFDL+DgSMabVT6Qr6Ze1rbmSh
+-----END CERTIFICATE-----
diff --git a/utils/certificates/rootcerts.txt b/utils/certificates/rootcerts.txt
new file mode 100644
index 000000000..fd5c4fdfe
--- /dev/null
+++ b/utils/certificates/rootcerts.txt
@@ -0,0 +1,49 @@
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonECCChain010.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonRSAChain010.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NuvotonTPMRootCA0100.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NuvotonTPMRootCA1110.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NuvotonTPMRootCA2110.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/cacert.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/cacertecc.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/gstpmroot.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmeccint01.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmeccroot01.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint01.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint02.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint03.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint04.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint05.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekroot.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/tpmeccroot.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IntelEKIntermediate.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IntelEKRootCA.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkMfrCA001.crt
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkMfrCA002.crt
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkMfrCA003.crt
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkRootCA.crt
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Root_CA.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem
+/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem
diff --git a/utils/certificates/rootcerts.windows.txt b/utils/certificates/rootcerts.windows.txt
new file mode 100644
index 000000000..03161808f
--- /dev/null
+++ b/utils/certificates/rootcerts.windows.txt
@@ -0,0 +1,49 @@
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/InfineonECCChain010.pem
+c:/users/ibm_admin/tpm2/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem
+c:/users/ibm_admin/tpm2/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem
+c:/users/ibm_admin/tpm2/utils/certificates/InfineonRSAChain010.pem
+c:/users/ibm_admin/tpm2/utils/certificates/NuvotonTPMRootCA0100.pem
+c:/users/ibm_admin/tpm2/utils/certificates/NuvotonTPMRootCA1110.pem
+c:/users/ibm_admin/tpm2/utils/certificates/NuvotonTPMRootCA2110.pem
+c:/users/ibm_admin/tpm2/utils/certificates/cacert.pem
+c:/users/ibm_admin/tpm2/utils/certificates/cacertecc.pem
+c:/users/ibm_admin/tpm2/utils/certificates/gstpmroot.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmeccint01.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmeccroot01.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint01.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint02.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint03.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint04.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekint05.pem
+c:/users/ibm_admin/tpm2/utils/certificates/stmtpmekroot.pem
+c:/users/ibm_admin/tpm2/utils/certificates/tpmeccroot.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IntelEKIntermediate.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IntelEKRootCA.pem
+c:/users/ibm_admin/tpm2/utils/certificates/NationZEkMfrCA001.crt
+c:/users/ibm_admin/tpm2/utils/certificates/NationZEkMfrCA002.crt
+c:/users/ibm_admin/tpm2/utils/certificates/NationZEkMfrCA003.crt
+c:/users/ibm_admin/tpm2/utils/certificates/NationZEkRootCA.crt
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Root_CA.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM1.2_VRSN_root_certificate-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_01.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_02.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_03.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_04.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_05.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_08.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_17.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_18.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_20.pem
+c:/users/ibm_admin/tpm2/utils/certificates/IFX_TPM_EK_Intermediate_CA_21.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-Infineon_TPM_EK_Intermediate_CA25-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA29-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-IFX_TPM_EK_Intermediate_CA_48-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_49-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_53-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_54-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_62-C-v01_00-EN.pem
+c:/users/ibm_admin/tpm2/utils/certificates/Infineon-TPM_EK_Intermediate_CA_63-C-v01_00-EN.pem
diff --git a/utils/certificates/stmtpmeccint01.pem b/utils/certificates/stmtpmeccint01.pem
new file mode 100644
index 000000000..21767a51d
--- /dev/null
+++ b/utils/certificates/stmtpmeccint01.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZTCCAeugAwIBAgIEQAAAATAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJDSDEe
+MBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR8wHQYDVQQDExZTVE0gVFBN
+IEVDQyBSb290IENBIDAxMB4XDTE1MTAxNDE1MzQ0MFoXDTM1MTIzMTIzNTk1OVow
+VjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBOVjEn
+MCUGA1UEAxMeU1RNIFRQTSBFQ0MgSW50ZXJtZWRpYXRlIENBIDAxMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEvUVh5iXWQ0kYwUoy7bqWMVkRG5abfGOsV2SLLRNx
+i7nmfa3q1sxh9KVRCDjhvElQb8B+DIG1L9m65NR+9AAjRqOBrjCBqzAdBgNVHQ4E
+FgQUfrg2zvvfimNx/3Mz+brXFGFslsswHwYDVR0jBBgwFoAUIJJWPAtDqAVyUwMp
+BxwH4OvsAwQwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0
+dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCAgQw
+EgYDVR0TAQH/BAgwBgEB/wIBADAKBggqhkjOPQQDAwNoADBlAjEApGAqByxXaxnZ
+gVkFeRywQ7Z/kZlRSVPJqU5aytBCrFLk5sNAb+pu69HKNuWlAMW7AjBza9+mibY2
+i82zFtTQqkjo0pDVAyF3iX1ejqGDEW/PinHJTmNC76R34flkucEhX+U=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmeccroot01.pem b/utils/certificates/stmtpmeccroot01.pem
new file mode 100644
index 000000000..532bbcb55
--- /dev/null
+++ b/utils/certificates/stmtpmeccroot01.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAk+gAwIBAgIORyzLp/OdsAvb9r+66LowCgYIKoZIzj0EAwMwgYsxOzA5
+BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT
+aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE1MTAy
+ODAwMDAwMFoXDTM4MDExOTAzMTQwN1owTjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoT
+FVNUTWljcm9lbGVjdHJvbmljcyBOVjEfMB0GA1UEAxMWU1RNIFRQTSBFQ0MgUm9v
+dCBDQSAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABG7/OLXMiprQQHwNnkpT6aqG
+zOGLcbbAgUtyjlXOZtuv0GB0ttJ6fwMwgFtt8RKlko8Bwn89/BoZOUcI4ne8ddRS
+oqE6StnU3I13qqjalToq3Rnz61Omn6NErK1pxUe3j6OBtTCBsjAOBgNVHQ8BAf8E
+BAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUIJJWPAtDqAVyUwMp
+BxwH4OvsAwQwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3MAMwTAYDVR0g
+BEUwQzBBBgkrBgEEAaAyAVowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv
+YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDZwAwZAIwWnuUAzwy
+vHUhHehymKTZ2QcPUwHX0LdcVTac4ohyEL3zcuv/dM0BN62kFxHgBOhWAjAIxt9i
+50yAxy0Z/MeV2NTXqKpLwdhWNuzOSFZnzRKsh9MxY3zj8nebDNlHTDGSMR0=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmekint01.pem b/utils/certificates/stmtpmekint01.pem
new file mode 100644
index 000000000..75c2380cd
--- /dev/null
+++ b/utils/certificates/stmtpmekint01.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIEQAAAATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD
+SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g
+VFBNIEVLIFJvb3QgQ0EwHhcNMDkwNzI4MDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV
+MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw
+JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJQYnWO8iw955vWqakWNr3YyazQnNzqV97+l
+Qa+wUKMVY+lsyhAyOyXO31j4+clvsj6+JhNEwQtcnpkSc+TX60eZvLhgZPUgRVuK
+B9w4GUVyg/db593QUmP8K41Is8E+l32CQdcVh9go0toqf/oS/za1TDFHEHLlB4dC
+joKkfr3/hkGA9XJaoUopO2ELt4Otop12aw1BknoiTh1+YbzrZtAlIwK2TX99GW3S
+IjaCi+fLoXyK2Fmx8vKnr9JfNL888xK9BQfhZzKmbKm/eLD1e1CFRs1B3z2gd3ax
+pW5j1OIkSBMOIUeip5+7xvYo2gor5mxatB+rzSvrWup9AwIcymMCAwEAAaOBrjCB
+qzAdBgNVHQ4EFgQU88kVdKbnc/8TvwxrrXp7Zc8ceCAwHwYDVR0jBBgwFoAUb+bF
+bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B
+Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA
+x4vL9XKio0c8mmtKCC0TFYEwCbH4ZCoOjyzpVcQFN7YNARFA62pqFVFq2nIeoAl1
+cCxy62kEPfUmYtu4j7MozXaCNMCZUdj9Upkgnhe46nMUpff/zNN0+x/uN9exKoaT
+8ofwdSdFCeCAcrz1FeiaH5+IxNAPtASQditvE2O5WJxD6awGyCUMMy+931bX8Iba
+KjBrW3iuy7//JRXp9/ZDoSNo/7fN3ogSkeK1a8c0wseyhK/ubGjjojZCcDCASD6q
+FlkYFt2MQq5IaRMt0n1PPKL66ZQCAqo8lAnnXklvTx+fyYcwZ5waOTIUN6kV/3Bs
+ewZ7cb+IDxqwZbQhxSWqnQ==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmekint02.pem b/utils/certificates/stmtpmekint02.pem
new file mode 100644
index 000000000..60ceac215
--- /dev/null
+++ b/utils/certificates/stmtpmekint02.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIEQAAABTANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD
+SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g
+VFBNIEVLIFJvb3QgQ0EwHhcNMTEwMTIxMDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV
+MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw
+JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJO3ihn/uHgV3HrlPZpv8+1+xg9ccLf3pVXJ
+oT5n8PHHixN6ZRBmf/Ng85/ODZzxnotC64WD8GHMLyQ0Cna3MJF+MGJZ5R5JkuJR
+B4CtgTPwcTVZIsCuup0aDWnPzYqHwvfaiD2FD0aaxCnTKIjWU9OztTD2I61xW2LK
+EY4Vde+W3C7WZgS5TpqkbhJzy2NJj6oSMDKklfI3X8jVf7bngMcCR3X3NcIo349I
+Dt1r1GfwB+oWrhogZVnMFJKAoSYP8aQrLDVl7SQOAgTXz2IDD6bo1jga/8Kb72dD
+h8D2qrkqWh7Hwdas3jqqbb9uiq6O2dJJY86FjffjXPo3jGlFjTsCAwEAAaOBrjCB
+qzAdBgNVHQ4EFgQUVx+Aa0fM55v6NZR87Yi40QBa4J4wHwYDVR0jBBgwFoAUb+bF
+bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B
+Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA
+vmfL0ySkdZKRQGL1ifx3iIDx59qq0ICApIoDcrx4ibMG9wZ6MjhIVs9yXh/N/IAP
+/uz96XZ4PR+Ljm9IfrVVsNxegHkmZxOhYJo567tna3hAWrj/onlXE8FgvxV3fwDq
+AREaGXLyQhgRXUsepfsikguF+GdFoI/5vF5go8JrJpmXrLkiDnE2GyOQ0Bj6EdFC
+bVXc7n+iYtdIoEq/H7sRX6Jz+i44EEg/pXebCeS29awwas/kQtfA/+LLl3AHfUVQ
+b/FyjA+MnZVPhgg4MvXwy0ZHu3yuBX/Is6WS6cAlIQBpDFnLh2ZWAIIJ7pPxucM2
+SA76Pwf+QZIYDwybBwlppQ==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmekint03.pem b/utils/certificates/stmtpmekint03.pem
new file mode 100644
index 000000000..c2849529f
--- /dev/null
+++ b/utils/certificates/stmtpmekint03.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIEQAAAAzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD
+SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g
+VFBNIEVLIFJvb3QgQ0EwHhcNMTIwNjIzMDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV
+MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw
+JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKUVK0+9LHDAyaDdkZ9I3c3itcDJmIz/OwTs
+2ET2zAA1bE4BtSRj3rUXnzas8MBtRXQyfDdXIpL80PJywtRep/IujY0YqmI1TCee
+A76SIPDDgi0W3h6hwTC1mvxW4I8i8ZAqB/iB6+o3A7rapZTsvfj9FwkhG6Fnafc+
+dvNI4nVdu6L5TBhp73HnJvVvjs6YfzRcYi6LXCpUZtQQk8DcKYLmID2W9Tm1QjR6
+COh/xuJIo0bWGlBfUq3X92ilID1wuGi27JLveoOk5tHh0lkBhwV1XYEhdUifroPE
+qylX9pqZk5SseiQ6XBzYX5K4ZIqODSMWX92G+tBpkL/Rb7MpM3kCAwEAAaOBrjCB
+qzAdBgNVHQ4EFgQUAFamENU9GzttvRQJSy3Ofh91btAwHwYDVR0jBBgwFoAUb+bF
+bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B
+Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA
+5xoP4zJRAs6TDRYIwZBOFmUDkyFHDcgLZP+gAA7o8UgpNDlSIm4gSGwGxGdxwIqW
+rSkt8Sd5W0WLBeL31GrgacK5tgQ6hRA40GJgWXlafjCWJW4gUKosdU+hyY/FuStj
+QmIlPwbVr8YV/01fhFAbcQOkmj248w64kavh2/36NsEX1uv/k4HFUqaY2j6/ahli
+mIjO5BE29FC8u/UHu3iKgj42LbLlZ4HbJZhwJrAkRYamnrGDEvr7O5hCNcSBRhKc
+GMMrx7PpPwBZ/jpYTHZ+qS+hjM5a5DRdr/rwsTygeg1Zi+UKt7scgkyKAnMVn0Y4
+Fp9CalunK6GC0OVOIWX55A==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmekint04.pem b/utils/certificates/stmtpmekint04.pem
new file mode 100644
index 000000000..596e62d49
--- /dev/null
+++ b/utils/certificates/stmtpmekint04.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIEQAAABDANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD
+SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g
+VFBNIEVLIFJvb3QgQ0EwHhcNMTUwMjA2MDAwMDAwWhcNMzkxMjMxMDAwMDAwWjBV
+MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw
+JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMJbZogFS+eKFqDq6zbqCSmU7UbjG/NFVuiC
+l9xQQeiZ+Xz0cuDDZhOVK2htH3XzjYVuWm2go8dFkWOEADs75LYrU2sTt9WlyZBf
+uocI0GohEY+KhMaLpZZJGMqr+wIgLKNXgcc7vB7uS+yvmjjjOM17Rxise1yVlN6H
+IQYMpL55HWzAMs5JS0an6IEdHbc8/2mCZdBtZZTxLq4eER4e4Nt7YqkRHc/nZ1aY
+utP3aiGIzyPjYFshKlooyvjVv3rutJORSBm4aNKEQUhLWBTnr/eaAj8ey4Bas/Gk
+2xKI8kBVxlLm2DruJ1rRFAhfNRH+U6SGC4Av3zx0cYbzc80DjMMCAwEAAaOBrjCB
+qzAdBgNVHQ4EFgQUzyPllSbkRsP+TxPraG9iTXBTBfIwHwYDVR0jBBgwFoAUb+bF
+bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B
+Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA
+kEwaAL2giuQ+oPLbGAelCXD/SX6TeyfngynUeAazK53iLZVu8tcUISOiivFrWVIm
+aHGvUl07ofoJ+WKU8qFCx6Hb5C6qVMdcc5fVYCDSwHP+cOWlK6v463qfIa3vrPzL
+Fa7kM/bXhKO59yJ0208iulKkJEJxgyHLzKq9lxLl9Vvkcx1X8zg4OTX3YmXJeZwe
+qPro14qItt5bMfMVkeB8cwmlPNQdKwAsjbpoaWAIPZxsbBeyX7xVVbsnH9eU3d/7
+2Bdjk211qOvpISuhEUp2NBVOHlz5OX/a7PWyqGvFQj0Ajy6yLw7mqtDbx7/v2Cbv
+Fc10VHsSBkm/NGj/j9GRng==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmekint05.pem b/utils/certificates/stmtpmekint05.pem
new file mode 100644
index 000000000..f90f18245
--- /dev/null
+++ b/utils/certificates/stmtpmekint05.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIEQAAABjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD
+SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g
+VFBNIEVLIFJvb3QgQ0EwHhcNMTUxMDEwMDAwMDAwWhcNMzUxMjMxMDAwMDAwWjBV
+MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw
+JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALVW5ScoSiCyneCNrPfMobJiouF4syrDrCax
+nTycQfJS4CsZwcaFEaZqKvuqwfNEk/L7dX4mc2e7wRQphYjtrXblzCAUcgSaMtae
+Pjqb6tHOSEDScU3++NHGcJZfnb5UJErab6eNrc7DPTuqfx1C2OX212SRs+mBb0mr
+v6GU1EsPiJGl+joegKA8sJk0BwL4g4LlxNKCRU5EL2/hoxKbhLi//BG9drWZejOY
+aRBlWloF50vhwqnRsReSEWwO2HN7G0RPdVPbu6u2Ay+Qb3+/jAxHDIm5KKa7+tQd
+/Ck9Jicmldm+cT5b6lgy0eLWBVzvVjuqSuYoVLuc2mDEAmAWga0CAwEAAaOBrjCB
+qzAdBgNVHQ4EFgQUGtuZSrWL5XoMybkA54UeGkPAhmAwHwYDVR0jBBgwFoAUb+bF
+bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B
+Af8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA
+5pMimBvsGIBd92cEZszwvsKPiWugfPyFz8Dvybio7TTZA2L1K7n3xGwspDBti4lh
+aP2ZTw+F+A2GYqBIy77pnA72tEEIZHuW1WhDxDb48w+XGwf5f0r2FiheShySkyyk
+i+mFz6YoTIZMeEbWhH4UnmPnQ6RPgGEg+hBvCUnEvEVK4pssK01SgH/6SUwqEGbV
+XewmPLe1fSIVmZDUB9ojEthJ9kTW8+WhlRGO3f1juWX7BXu/YI3d56wLGQ3STUGO
+bNDkSXjvyVkbU04pHIC2QihLAmwxBE4SlQUaBwXyNhdTQLzNq12u2P3Sj1A5OFZc
+tPKVAYvTlfvwtFDqv978+Q==
+-----END CERTIFICATE-----
diff --git a/utils/certificates/stmtpmekroot.pem b/utils/certificates/stmtpmekroot.pem
new file mode 100644
index 000000000..81b747bd0
--- /dev/null
+++ b/utils/certificates/stmtpmekroot.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDDCCAvSgAwIBAgILBAAAAAABIsFs834wDQYJKoZIhvcNAQELBQAwgYcxOzA5
+BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT
+aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwNzI4MTIw
+MDAwWhcNMzkxMjMxMjM1OTU5WjBKMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RN
+aWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0gVFBNIEVLIFJvb3QgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxBLG5wcB9J0MsiJMreoWQ
+l21bBN12SSGZPJ3HoPjzcrzAz6SPy+TrFmZ6eUVspsFL/23wdPprqTUtDHi+C2pw
+k/3dF3/Rb2t/yHgiPlbCshYpi5f/rJ7nzbQ1ca2LzX3saBe53VfNQQV0zd5uM0DT
+SrmAKU1RIAj2WlZFWXoN4NWTyRtqT5suPHa2y8FlCWMZKlS0FiY4pfM20b5YQ+EL
+4zqb9zN53u/TdYZegrfSlc30Nl9G13Mgi+8rtPFKwsxx05EBbhVroH7aKVI1djsf
+E1MVrUzw62PHik3xlzznXML8OjY//xKeiCWcsApuGCaIAf7TsTRi2l8DNB3rCr1X
+AgMBAAGjgbQwgbEwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+HQYDVR0OBBYEFG/mxWwHt2yLCoGSg1zLQR72jtEnMEsGA1UdIAREMEIwQAYJKwYB
+BAGgMgFaMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQv
+cmVwb3NpdG9yeS8wHwYDVR0jBBgwFoAUHiNj8IW19iVO7RrAUL5lfMfUFXowDQYJ
+KoZIhvcNAQELBQADggEBAFrKpwFmRh7BGdpPZWc1Y6wIbdTAF6T+q1KwDJcyAjgJ
+qThFp3xTAt3tvyVrCRf7T/YARYE24DNa0iFaXsIXeQASDYHJjAZ6LQTslYBeRYLb
+C9v8ZE2ocKSCiC8ALYlJWk39Wob0H1Lk6l2zcUo3oKczGiAcRrlmwV496wvGyted
+2RBcLZro7yhOOGr9KMabV14fNl0lG+31J1nWI2hgTqh53GXg1QH2YpggD3b7UbVm
+c6GZaX37N3z15XfQafuAfHt10kYCNdePzC9tOwirHIsO8lrxoNlzOSxX8SqQGbBI
++kWoe5+SY3gdOGGDQKIdw3W1poMN8bQ5x7XFcgVMwVU=
+-----END CERTIFICATE-----
diff --git a/utils/certificates/tpmeccroot.pem b/utils/certificates/tpmeccroot.pem
new file mode 100644
index 000000000..13be323e7
--- /dev/null
+++ b/utils/certificates/tpmeccroot.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAjqgAwIBAgIORdycjBUV21nQRkudeekwCgYIKoZIzj0EAwMwgYsxOzA5
+BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT
+aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE0MTEy
+NjAwMDAwMFoXDTM4MDExOTAzMTQwN1owgYsxOzA5BgNVBAsTMkdsb2JhbFNpZ24g
+VHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQK
+EwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxTaWduIFRydXN0ZWQgUGxhdGZv
+cm0gTW9kdWxlIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENTps
+86FDUD+bep3kd1U5pnita316zBktOVNWxZQ+Ymua0oaR66ItzHrl19zYSGbW6ar0
+1V91kktxWDJ6UFl3MyH3yXKsCHS2O5vxMlfmdRp8tpebMorHtIWf9u1+ctNFo2Mw
+YTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUYT78
+EZkKf7CpW5CgJl4pYUe3MAMwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3
+MAMwCgYIKoZIzj0EAwMDZwAwZAIwd02iAb5aN/pQGWdTJ7/lgMhFCuOLGtQ+ocdV
+/xmoxdIWLtggAuq9fFDfsu/vzeJ7AjAGhdk03AjHpLl0dAp7aCI8D8qupwyYTBaL
+rSJCZDMHhvNhETbbLu8uEPKt/U6/mGM=
+-----END CERTIFICATE-----
diff --git a/utils/certify.c b/utils/certify.c
new file mode 100644
index 000000000..2486df15c
--- /dev/null
+++ b/utils/certify.c
@@ -0,0 +1,409 @@
+/********************************************************************************/
+/*										*/
+/*			    Certify						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Certify_In 			in;
+    Certify_Out 		out;
+    TPMI_DH_OBJECT		objectHandle = 0;
+    TPMI_DH_OBJECT		signHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*keyPassword = NULL; 
+    const char			*objectPassword = NULL; 
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*qualifyingDataFilename = NULL;
+    TPM_ALG_ID			sigAlg = TPM_ALG_RSA;
+    TPMS_ATTEST 		tpmsAttest;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		objectPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    sigAlg = TPM_ALG_RSA;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    sigAlg = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    sigAlg = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-qd") == 0) {
+	    i++;
+	    if (i < argc) {
+		qualifyingDataFilename = argv[i];
+	    }
+	    else {
+		printf("-qd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (objectHandle == 0) {
+	printf("Missing object handle parameter -ho\n");
+	printUsage();
+    }
+    if (signHandle == 0) {
+	printf("Missing sign handle parameter -hk\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform certifying */
+	in.objectHandle = objectHandle;
+	in.signHandle = signHandle;
+	if (sigAlg == TPM_ALG_RSA) {
+	    /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	    in.inScheme.scheme = TPM_ALG_RSASSA;	
+	    /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	    /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else if (sigAlg == TPM_ALG_ECDSA) {
+	    in.inScheme.scheme = TPM_ALG_ECDSA;	
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+	else {	/* HMAC */
+	    in.inScheme.scheme = TPM_ALG_HMAC;	
+	    in.inScheme.details.hmac.hashAlg = halg;
+	}
+    }
+    /* data supplied by the caller */
+    if (rc == 0) {
+	if (qualifyingDataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.qualifyingData.b,
+				 sizeof(in.qualifyingData.t.buffer),
+				 qualifyingDataFilename);
+	}
+	else {
+	    in.qualifyingData.t.size = 0;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Certify,
+			 sessionHandle0, objectPassword, sessionAttributes0,
+			 sessionHandle1, keyPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.certifyInfo.t.attestationData;
+	uint32_t tmpSize = out.certifyInfo.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    /* For an attestation command using the ECDAA scheme, both the qualifiedSigner and extraData
+       fields in the attestation block (a TPMS_ATTEST) are set to be the Empty Buffer */
+    if ((rc == 0) && (in.inScheme.scheme != ALG_ECDAA_VALUE)) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b);
+	if (!match) {
+	    printf("certify: failed, extraData != qualifyingData\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData,
+				      out.certifyInfo.t.size,
+				      attestInfoFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("certify: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("certify: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("certify\n");
+    printf("\n");
+    printf("Runs TPM2_Certify\n");
+    printf("\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t[-pwdo\tpassword for object (default empty)]\n");
+    printf("\t-hk\tcertifying key handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n");
+    printf("\t[-qd\tqualifying data file name]\n");
+    printf("\t[-os\tsignature file name (default do not save)]\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/certifycreation.c b/utils/certifycreation.c
new file mode 100644
index 000000000..01248cf3e
--- /dev/null
+++ b/utils/certifycreation.c
@@ -0,0 +1,453 @@
+/********************************************************************************/
+/*										*/
+/*			    CertifyCreation					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    CertifyCreation_In 		in;
+    CertifyCreation_Out 	out;
+    TPMI_DH_OBJECT		objectHandle = 0;
+    TPMI_DH_OBJECT		signHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*keyPassword = NULL; 
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*qualifyingDataFilename = NULL;
+    const char			*ticketFilename = NULL;
+    const char			*creationHashFilename = NULL;
+    unsigned char 		*buffer = NULL;
+    size_t 			length;
+    int				useRsa = 1;
+    TPMS_ATTEST 		tpmsAttest;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    useRsa = 1;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    useRsa = 0;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-qd") == 0) {
+	    i++;
+	    if (i < argc) {
+		qualifyingDataFilename = argv[i];
+	    }
+	    else {
+		printf("-qd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ch") == 0) {
+	    i++;
+	    if (i < argc) {
+		creationHashFilename = argv[i];
+	    }
+	    else {
+		printf("-ch option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (objectHandle == 0) {
+	printf("Missing object handle parameter -ho\n");
+	printUsage();
+    }
+    if (signHandle == 0) {
+	printf("Missing sign handle parameter -hk\n");
+	printUsage();
+    }
+    if (ticketFilename == NULL) {
+	printf("Missing ticket parameter -tk\n");
+	printUsage();
+    }
+    if (creationHashFilename == NULL) {
+	printf("Missing creation hash file parameter -ch\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform certifying */
+	in.objectHandle = objectHandle;
+	in.signHandle = signHandle;
+	if (useRsa) {
+	    /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	    in.inScheme.scheme = TPM_ALG_RSASSA;	
+	    /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	    /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else {	/* ecc */
+	    in.inScheme.scheme = TPM_ALG_ECDSA;	
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+    }
+    /* qualifyingData supplied by the caller */
+    if (rc == 0) {
+	if (qualifyingDataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.qualifyingData.b,
+				 sizeof(in.qualifyingData.t.buffer),
+				 qualifyingDataFilename);
+	}
+	else {
+	    in.qualifyingData.t.size = 0;
+	}
+    }
+    /* creationTicket */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.creationTicket,
+				    (UnmarshalFunction_t)TSS_TPMT_TK_CREATION_Unmarshalu,
+				    ticketFilename);
+    }
+    /* creationHash */
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,	/* freed @1 */
+				     &length,
+				     creationHashFilename);
+    }
+    if (rc == 0) {
+	if (length > sizeof(TPMU_HA)) {
+	    printf("Size of creationHash %lu greater than hash size %lu\n",
+		   (unsigned long)length, (unsigned long)sizeof(TPMU_HA));
+	    rc = 1;	
+	}
+    }
+    if (rc == 0) {
+	in.creationHash.t.size = (uint16_t)length;
+	memcpy(in.creationHash.t.buffer, buffer, length);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_CertifyCreation,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.certifyInfo.t.attestationData;
+	uint32_t tmpSize = out.certifyInfo.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+    }
+    if (rc == 0) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b);
+	if (!match) {
+	    printf("certifycreation: failed, extraData != qualifyingData\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.creationHash.b, &tpmsAttest.attested.creation.creationHash.b);
+	if (!match) {
+	    printf("certifycreation: failed, in creationHash != out creationHash\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData,
+				      out.certifyInfo.t.size,
+				      attestInfoFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("certifycreation: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("certifycreation: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("certifycreation\n");
+    printf("\n");
+    printf("Runs TPM2_CertifyCreation\n");
+    printf("\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t-hk\tcertifying key handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc) (default rsa)]\n");
+    printf("\t[-qd\tqualifying data file name]\n");
+    printf("\t-tk\tinput ticket file name\n");
+    printf("\t-ch\tinput creation hash file name\n");
+    printf("\t[-os\tsignature file name] (default do not save)\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/certifyx509.c b/utils/certifyx509.c
new file mode 100644
index 000000000..a813a478e
--- /dev/null
+++ b/utils/certifyx509.c
@@ -0,0 +1,1497 @@
+/********************************************************************************/
+/*										*/
+/*			    CertifyX509						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* CertifyX509 exercises the TPM2_CertifyX509 command.  It:
+
+   - Creates a partialCertificate parameter
+   - Runs the TPM2_CertifyX509 command
+   - Reconstructs the X509 certificate from the addedToCertificate and signature outputs
+*/
+
+/* mbedtls does not support this utility */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "cryptoutils.h"
+
+#ifndef TPM_TSS_MBEDTLS
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssfile.h>
+
+/* NOTE: This is currently openssl only. */
+#include <ekutils.h>
+
+static void printUsage(void);
+
+TPM_RC createPartialCertificate(X509 *x509Certificate,
+				uint8_t *partialCertificateDer,
+				uint16_t *partialCertificateDerLength,
+				size_t partialCertificateDerSize,
+				const char *keyUsage,
+				uint32_t tpmaObject,
+				int addTpmaObject,
+				int subeqiss);
+TPM_RC convertCertToPartialCert(uint16_t *partialCertificateDerLength,
+				uint8_t *partialCertificateDer,
+				uint16_t certificateDerLength,
+				uint8_t *certificateDer);
+TPM_RC reformCertificate(X509 *x509Certificate,
+			 int useRsa,
+			 TPM2B_MAX_BUFFER *addedToCertificate,
+			 TPMT_SIGNATURE *tSignature);
+TPM_RC addSerialNumber(X509 		*x509Certificate,
+		       unsigned char *tmpAddedToCert,
+		       uint16_t *tmpAddedToCertIndex);
+TPM_RC addPubKeyRsa(X509 		*x509Certificate,
+		    unsigned char 	*tmpAddedToCert,
+		    uint16_t 		*tmpAddedToCertIndex);
+TPM_RC addSignatureRsa(X509 		*x509Certificate,
+		       TPMT_SIGNATURE 	*tSignature);
+TPM_RC addSignatureEcc(X509 		*x509Certificate,
+		       TPMT_SIGNATURE 	*signature);
+TPM_RC addPubKeyEcc(X509 		*x509Certificate,
+		    unsigned char 	*tmpAddedToCert,
+		    uint16_t 		*tmpAddedToCertIndex);
+TPM_RC addCertExtensionTpmaOid(X509 *x509Certificate,
+			       uint32_t tpmaObject);
+
+TPM_RC getDataLength(uint8_t type,
+		     uint16_t *wrapperLength,
+		     uint16_t *dataLength,
+		     uint16_t *certificateDerIndex,
+		     uint8_t *certificateDer);
+
+TPM_RC skipSequence(uint16_t *certificateDerIndex, uint8_t *certificateDer);
+TPM_RC skipBitString(uint16_t *dataLength,
+		     uint16_t *certificateDerIndex, uint8_t *certificateDer);
+
+TPM_RC copyType(uint8_t type,
+		uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer,
+		uint16_t *certificateDerIndex, uint8_t *certificateDer);
+
+TPM_RC getInteger(uint16_t *integerLength, unsigned char *integerStream,
+		  uint16_t *certificateDerIndex, unsigned char *certificateDer);
+TPM_RC prependSequence(uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer);
+
+int verbose = FALSE;
+
+/* FIXME
+   length checks
+*/
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    CertifyX509_In 		in;
+    CertifyX509_Out 		out;
+    TPMI_DH_OBJECT		objectHandle = 0;
+    TPMI_DH_OBJECT		signHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    unsigned int 		bit = 0;
+    int 			testBit = FALSE;
+    const char			*keyPassword = NULL; 
+    const char			*objectPassword = NULL; 
+    const char			*outPartialCertificateFilename = NULL;
+    const char			*outCertificateFilename = NULL;
+    const char			*addedToCertificateFilename = NULL;
+    const char			*tbsDigestFilename = NULL;
+    const char			*signatureFilename = NULL;
+
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    int				useRsa = 1;
+    int				subeqiss = FALSE;	/* TRUE: subject = issuer */
+    const char 			*keyUsage = "critical,digitalSignature,keyCertSign,cRLSign";
+    uint32_t			tpmaObject = 0;
+    int				addTpmaObject = FALSE;
+    X509 			*x509Certificate = NULL;
+    unsigned char 		*x509Der = NULL;
+    uint32_t 			x509DerLength = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		objectPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    useRsa = 1;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    useRsa = 0;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ku") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyUsage = argv[i];
+	    }
+	    else {
+		printf("-ku option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-iob") == 0) {
+	    i++;
+	    if (i < argc) {
+		addTpmaObject = TRUE;
+		sscanf(argv[i], "%x", &tpmaObject);
+	    }
+	    else {
+		printf("-iob option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sub") == 0) {
+	    subeqiss = TRUE;
+	}
+	else if (strcmp(argv[i],"-opc") == 0) {
+	    i++;
+	    if (i < argc) {
+		outPartialCertificateFilename = argv[i];
+	    }
+	    else {
+		printf("-opc option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ocert") == 0) {
+	    i++;
+	    if (i < argc) {
+		outCertificateFilename = argv[i];
+	    }
+	    else {
+		printf("-ocert option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		addedToCertificateFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-otbs") == 0) {
+	    i++;
+	    if (i < argc) {
+		tbsDigestFilename = argv[i];
+	    }
+	    else {
+		printf("-otbs option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    verbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (objectHandle == 0) {
+	printf("Missing object handle parameter -ho\n");
+	printUsage();
+    }
+    if (signHandle == 0) {
+	printf("Missing sign handle parameter -hk\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of the object to be certified */
+	in.objectHandle = objectHandle;
+	/* Handle of key that will perform certifying */
+	in.signHandle = signHandle;
+	if (useRsa) {
+	    /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	    in.inScheme.scheme = TPM_ALG_RSASSA;	
+	    /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	    /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else {	/* ecc */
+	    in.inScheme.scheme = TPM_ALG_ECDSA;	
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+	in.reserved.t.size = 0;
+    }
+    /* initialize a new, empty X509 structure.  It will first be used to form the partialCertificate
+       command parameter, and then be used to reform the certificate from the response
+       parameters. */
+    if (rc == 0) {
+	x509Certificate = X509_new();				/* freed @1 */
+	if (x509Certificate == NULL) {
+	    printf("main: Error in X509_new\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* form partial certificate */
+    if (rc == 0) {
+	rc = createPartialCertificate(x509Certificate,
+				      in.partialCertificate.t.buffer,
+				      &in.partialCertificate.b.size,
+				      sizeof(in.partialCertificate.t.buffer),
+				      keyUsage,
+				      tpmaObject,
+				      addTpmaObject,
+				      subeqiss);
+    }
+    if ((rc == 0) && (testBit)) {
+	unsigned int bitInByte = bit % 8;
+	unsigned int byteInDer = bit / 8;
+	if (byteInDer <= in.partialCertificate.b.size) {
+	    if (verbose) {
+		printf("main: Testing byte %u bit %u\n", byteInDer, bitInByte);
+		printf("main: Byte was %02x\n", in.partialCertificate.t.buffer[byteInDer]);
+	    }		
+	    in.partialCertificate.t.buffer[byteInDer] ^= (1 << bitInByte);
+	    if (verbose) printf("main: Byte is %02x\n", in.partialCertificate.t.buffer[byteInDer]);
+	}
+	else {
+	    printf("Bad -bit parameter, byte %u, DER length %u\n",
+		   byteInDer, in.partialCertificate.b.size);
+	    rc = TSS_RC_BAD_PROPERTY;
+	}
+    }
+    /* for debug, or stop here for sample of how to create the partialCertificate parameter */
+    if (rc == 0) {
+	if (outPartialCertificateFilename != NULL) {
+	    rc = TSS_File_WriteBinaryFile(in.partialCertificate.b.buffer,
+					  in.partialCertificate.b.size,
+					  outPartialCertificateFilename);
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_CertifyX509,
+			 sessionHandle0, objectPassword, sessionAttributes0,
+			 sessionHandle1, keyPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc != 0) {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("certifyx509: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    /* write response parameters for debug */
+    if ((rc == 0) && (addedToCertificateFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.addedToCertificate.t.buffer,
+				      out.addedToCertificate.t.size,
+				      addedToCertificateFilename);
+    }
+    if ((rc == 0) && (tbsDigestFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.tbsDigest.t.buffer,
+				      out.tbsDigest.t.size,
+				      tbsDigestFilename);
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }
+    if (rc == 0) {
+	if (verbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+    }
+    /* reform the signed certificate from the original input plus the response parameters */
+    if (rc == 0) {
+	rc = reformCertificate(x509Certificate,
+			       useRsa,
+			       &out.addedToCertificate,
+			       &out.signature);
+    }
+    if (rc == 0) {
+	if (verbose) X509_print_fp(stdout, x509Certificate);	/* for debug */
+	rc = convertX509ToDer(&x509DerLength,
+			      &x509Der,				/* freed @2 */
+			      x509Certificate);
+    }
+    if ((rc == 0) && (outCertificateFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(x509Der, x509DerLength,
+				      outCertificateFilename);
+    }
+    if (x509Certificate != NULL) {
+	X509_free(x509Certificate);			/* @1 */
+    }
+    free(x509Der);					/* @2 */		
+    return rc;
+}
+
+/* example of a 20 year validity */
+#define CERT_DURATION (60 * 60 * 24 * ((365 * 20) + 5))		/* +5 for leap years */
+
+/* in this test, the issuer and subject are the same, making a self signed certificate.  This is
+   simply so that openssl can be used to verify the certificate signature.
+ */
+
+char *issuerEntries[] = {
+    "US"			,
+    "NY"			,
+    "Yorktown"			,
+    "IBM"			,
+    NULL			,
+    "CA"			,
+    NULL	
+};
+
+char *subjectEntries[] = {
+    "US"			,
+    "NY"			,
+    "Yorktown"			,
+    "IBM"			,
+    NULL			,
+    "Subject"			,
+    NULL	
+};
+
+/* createPartialCertificate() forms the partialCertificate DER.  It starts with an empty X509
+   structure and adds the needed parameters.  Then (in a total hack), converts the X509 structure to
+   DER, parses the DER field by field, and outputs just the fields required for the
+   partialCertificate parameter.
+
+   subeqiss FALSE: subject name is independent of issuer name
+   subeqiss TRUE:  subject name is the same as the issuer name
+*/
+
+TPM_RC createPartialCertificate(X509 *x509Certificate,			/* input / output */
+				uint8_t *partialCertificateDer,		/* output */
+				uint16_t *partialCertificateDerLength,
+				size_t partialCertificateDerSize,
+				const char *keyUsage,
+				uint32_t tpmaObject,
+				int addTpmaObject,
+				int subeqiss)				/* subject variation */
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    ASN1_TIME	*arc;			/* return code */
+
+    X509_NAME 	*x509IssuerName = NULL;	/* composite issuer name, key/value pairs */
+    X509_NAME 	*x509SubjectName = NULL;/* composite subject name, key/value pairs */
+    size_t	issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *);
+    size_t	subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *);
+  
+    uint32_t 	certificateDerLength = 0;
+    uint8_t 	*certificateDer = NULL;
+
+    partialCertificateDerSize = partialCertificateDerSize;	/* FIXME needs size check */
+
+    /* add certificate version X509 v3 */
+    if (rc == 0) {
+	irc = X509_set_version(x509Certificate, 2L);	/* value 2 == v3 */
+	if (irc != 1) {
+	    printf("createPartialCertificate: Error in X509_set_version\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add issuer */
+    if (rc == 0) {
+	if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n",
+				(unsigned long)issuerEntriesSize);
+	rc = createX509Name(&x509IssuerName,
+			    issuerEntriesSize,
+			    issuerEntries);
+    }
+    if (rc == 0) {
+	irc = X509_set_issuer_name(x509Certificate, x509IssuerName);
+	if (irc != 1) {
+	    printf("createPartialCertificate: Error setting issuer\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add validity */
+    if (rc == 0) {
+	/* can't fail, just returns a structure member */
+	ASN1_TIME *notBefore = X509_get_notBefore(x509Certificate);
+	arc = X509_gmtime_adj(notBefore ,0L);			/* set to today */
+	if (arc == NULL) {
+	    printf("createPartialCertificate: Error setting notBefore time\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	/* can't fail, just returns a structure member */
+	ASN1_TIME *notAfter = X509_get_notAfter(x509Certificate);
+	arc = X509_gmtime_adj(notAfter, CERT_DURATION);		/* set to duration */
+	if (arc == NULL) {
+	    printf("createPartialCertificate: Error setting notAfter time\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add subject */
+    if (rc == 0) {
+	/* normal case */
+	if (!subeqiss) {
+	    if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n",
+				(unsigned long)subjectEntriesSize);
+	    rc = createX509Name(&x509SubjectName,
+				subjectEntriesSize,
+				subjectEntries);
+	}
+	/* special case, self signed CA, make the subject the same as the issuer */
+	else {
+	    if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n",
+				(unsigned long)issuerEntriesSize);
+	    rc = createX509Name(&x509SubjectName,
+				issuerEntriesSize,
+				issuerEntries);
+	}
+    }
+    if (rc == 0) {
+	irc = X509_set_subject_name(x509Certificate, x509SubjectName);
+	if (irc != 1) {
+	    printf("createPartialCertificate: Error setting subject\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add some certificate extensions, requires corresponding bits in subject key */
+    if (rc == 0) {
+	if (verbose) printf("createPartialCertificate: Adding extensions\n");
+	rc = addCertExtension(x509Certificate,
+			      NID_key_usage, keyUsage);
+    }
+    /* optional TPMA_OBJECT extension */
+    /* From TCG OID registry tcg-tpmaObject 2.23.133.10.1.1.1  */
+    if (rc == 0) {
+	if (addTpmaObject) {
+	    rc = addCertExtensionTpmaOid(x509Certificate, tpmaObject);
+	}
+    }
+    /* convertX509ToDer() serializes the openSSL X509 structure to a DER certificate stream */
+    if (rc == 0) {
+	rc = convertX509ToDer(&certificateDerLength,
+			      &certificateDer,		/* freed @4 */
+			      x509Certificate);		/* input */
+    }
+    /* for debug.  The structure is incomplete and so will trace with errors */
+    if (rc == 0) {
+	if (verbose) printf("createPartialCertificate: Trace preliminary certificate\n");
+	if (verbose) X509_print_fp(stdout, x509Certificate);
+    }
+#if 1
+    /* for debug.  Use dumpasn1 to view the incomplete certificate */
+    if (rc == 0) {
+	rc = TSS_File_WriteBinaryFile(certificateDer, certificateDerLength , "tmpx509i.bin");
+    }
+#endif
+    /* extract the partialCertificate DER from the X509 DER */
+    if (rc == 0) {
+	rc = convertCertToPartialCert(partialCertificateDerLength,
+				      partialCertificateDer,	/* output partial */
+				      certificateDerLength,
+				      certificateDer);		/* input X509 */
+    }
+    free(certificateDer);	/* @4 */
+    return rc;
+}
+
+/* addCertExtension() adds the tpmaObject extension oid to the X509 certificate
+
+ */ 
+
+TPM_RC addCertExtensionTpmaOid(X509 *x509Certificate, uint32_t tpmaObject)
+{
+    TPM_RC 		rc = 0;
+    X509_EXTENSION 	*extension = NULL;	/* freed @1 */
+
+
+    uint8_t tpmaObjectOid[] = {0x06, 0x07, 0x67, 0x81, 0x05, 0x0A, 0x01, 0x01, 0x01};
+    const uint8_t *tmpOidPtr;
+
+    /* BIT STRING 0x03 length 5 no padding 0, 4 dummy bytes of TPMA_OBJECT */
+    uint8_t tpmaObjectData[] = {0x03, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00};
+    ASN1_OBJECT *object = NULL;
+    ASN1_OCTET_STRING *osData = NULL; 
+    uint8_t *tmpOdPtr;
+    uint32_t tpmaObjectNbo = htonl(tpmaObject);
+
+    if (rc == 0) {
+	tmpOidPtr = tpmaObjectOid; 
+	object = d2i_ASN1_OBJECT(NULL, &tmpOidPtr, sizeof(tpmaObjectOid));	/* freed @2 */
+	if (object ==  NULL) {
+	    printf("d2i_ASN1_OBJECT failed\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	osData = ASN1_OCTET_STRING_new();	/* freed @3 */
+	if (osData == NULL) {
+	    printf("d2i_ASN1_OCTET_STRING failed\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	tmpOdPtr = tpmaObjectData;
+	memcpy(tmpOdPtr + 3, &tpmaObjectNbo, sizeof(uint32_t));
+	ASN1_OCTET_STRING_set(osData, tmpOdPtr, sizeof (tpmaObjectData));
+    }
+    if (rc == 0) {
+	extension = X509_EXTENSION_create_by_OBJ(NULL,		/* freed @1 */
+						 object,
+						 0,			/* int crit */
+						 osData);
+	if (extension == NULL) {
+	    printf("X509_EXTENSION_create_by_OBJ failed\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	int irc = X509_add_ext(x509Certificate,	/* the certificate */
+			       extension,		/* the extension to add */
+			       -1);			/* location - append */
+	if (irc != 1) {
+	    printf("addCertExtension: Error adding oid to extension\n");
+	}
+    }
+    if (extension != NULL) {
+	X509_EXTENSION_free(extension);	/* @1 */
+    }
+    if (object != NULL) {
+	ASN1_OBJECT_free(object);		/* @2 */
+    }
+    if (osData != NULL) {
+	ASN1_OCTET_STRING_free(osData);	/* @3 */
+    }
+    return rc;
+}
+
+
+/* convertCertToPartialCert() extracts the partialCertificate DER from the X509 DER
+
+   It assumes that the input is well formed and has exactly the fields required.
+*/
+
+TPM_RC convertCertToPartialCert(uint16_t *partialCertificateDerLength,
+				  uint8_t *partialCertificateDer,
+				  uint16_t certificateDerLength,
+				  uint8_t *certificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint16_t 	certificateDerIndex = 0;	/* index into the DER input */
+    
+    
+    certificateDerLength = certificateDerLength; 	/* FIXME for future error checking */
+    *partialCertificateDerLength = 0;			/* updates on each call */
+    
+    /* skip the outer SEQUENCE wrapper */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Skip outer SEQUENCE wrapper\n");
+	rc = skipSequence(&certificateDerIndex, certificateDer);
+    }
+    /* skip the inner SEQUENCE wrapper, will be back filled with the total length */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Skip inner SEQUENCE wrapper\n");
+	rc = skipSequence(&certificateDerIndex, certificateDer);
+    }
+    /* skip the a3 wrapping the version */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Skip a3 version wrapper\n");
+	rc = copyType(0xa0, NULL, NULL, 		/* NULL says to skip */
+		      &certificateDerIndex, certificateDer);
+    }
+    /* skip the integer (version) */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Skip version\n");
+	rc = copyType(0x02, NULL, NULL, 		/* NULL says to skip */
+		      &certificateDerIndex, certificateDer);
+    }
+    /* skip the sequence (serial number) */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Skip serial number\n");
+	rc = copyType(0x30, NULL, NULL, 		/* NULL says to skip */
+		      &certificateDerIndex, certificateDer);
+    }
+    /* copy the next SEQUENCE, issuer */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Copy issuer\n");
+	rc = copyType(0x30, partialCertificateDerLength, partialCertificateDer,
+		      &certificateDerIndex, certificateDer);
+    }
+    /* copy the next SEQUENCE, validity */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Copy validity\n");
+	rc = copyType(0x30, partialCertificateDerLength, partialCertificateDer,
+		      &certificateDerIndex, certificateDer);
+    }
+    /* copy the next SEQUENCE, subject */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Copy subject\n");
+	rc = copyType(0x30, partialCertificateDerLength, partialCertificateDer,
+		      &certificateDerIndex, certificateDer);
+    }
+    /* skip the SEQUENCE (public key) */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Skip public key\n");
+	rc = copyType(0x30, NULL, NULL, 		/* NULL says to skip */
+		      &certificateDerIndex, certificateDer);
+    }
+    /* copy the a3 and encapsulating sequence */
+    if (rc == 0) {
+	if (verbose) printf("convertCertToPartialCert: Copy a3 extensions\n");
+	rc = copyType(0xa3, partialCertificateDerLength, partialCertificateDer,
+		      &certificateDerIndex, certificateDer);
+    }
+    /* shift and back fill the sequence length */
+    if (rc == 0) {
+	rc = prependSequence(partialCertificateDerLength, partialCertificateDer);
+    }
+    return rc;
+}
+
+/* reformCertificate() starts with the X509 certificate used as the input partialCertificate
+   parameter plus a few fields like the version.  It adds the output addedToCertificate and
+   signature values to reform the X509 certificate that the TPM signed.
+*/
+
+TPM_RC reformCertificate(X509 *x509Certificate,
+			 int useRsa,
+			 TPM2B_MAX_BUFFER *addedToCertificate,
+			 TPMT_SIGNATURE *tSignature)
+{
+    TPM_RC 		rc = 0;
+    unsigned char 	*tmpAddedToCert = NULL;
+    /* size_t 		tmpAddedToCertLength = 0; FIXME better to sanity check length */
+
+    /* the index increments, so this function must parse the addedToCertificate in its order */
+    uint16_t 		tmpAddedToCertIndex = 0;
+
+    tmpAddedToCert = addedToCertificate->t.buffer;
+    /* tmpAddedToCertLength = addedToCertificate->t.size; */
+
+    /* add serial number */
+    if (rc == 0) {
+	rc = addSerialNumber(x509Certificate,
+			     tmpAddedToCert,
+			     &tmpAddedToCertIndex);
+    }
+    if (useRsa) {
+	/* add public key algorithm and public key */
+	if (rc == 0) {
+	    rc = addPubKeyRsa(x509Certificate,
+			      tmpAddedToCert,
+			      &tmpAddedToCertIndex);
+	}
+	/* add certificate signature */
+	if (rc == 0) {
+	    rc = addSignatureRsa(x509Certificate, tSignature);
+	}
+    }
+    else {
+	/* add public key  */
+	if (rc == 0) {
+	    rc = addPubKeyEcc(x509Certificate,
+			      tmpAddedToCert,
+			      &tmpAddedToCertIndex);
+	}
+	/* add certificate signature */
+	if (rc == 0) {
+	    rc = addSignatureEcc(x509Certificate, tSignature);
+	}
+    }
+    return rc;
+}
+
+/* addSerialNumber() is the first call from reforming the certificate. tmpAddedToCertIndex will be
+   0.
+
+   After the call, tmpAddedToCertIndex will point after the serial number.
+*/
+
+TPM_RC addSerialNumber(X509 		*x509Certificate,
+			 unsigned char 	*tmpAddedToCert,
+			 uint16_t 	*tmpAddedToCertIndex)
+{
+    TPM_RC 		rc = 0;
+    ASN1_INTEGER 	*x509Serial;		/* certificate serial number in ASN1 */
+    BIGNUM 		*x509SerialBN;		/* certificate serial number as a BIGNUM */
+    unsigned char 	x509SerialBin[1048]; 	/* certificate serial number in binary */
+    uint16_t 		integerLength = 0;
+
+    /* FIXME check the size */
+
+    x509SerialBN = NULL;
+
+    /* skip outer sequence */
+    if (rc == 0) {
+	rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip version */
+    if (rc == 0) {
+	rc = copyType(0xa0, NULL, NULL, 		/* NULL says to skip */
+		      tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* get integer serial number from addedToCertificate */
+    if (rc == 0) {
+	rc = getInteger(&integerLength, x509SerialBin,
+			tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* convert the integer stream to a BIGNUM */
+    if (rc == 0) {
+	x509SerialBN = BN_bin2bn(x509SerialBin, integerLength, x509SerialBN); 	/* freed @1 */
+	if (x509SerialBN == NULL) {
+	    printf("addSerialNumber: Error in serial number BN_bin2bn\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add it into the final certificate */
+    if (rc == 0) {
+	/* get the serial number structure member, can't fail */
+	x509Serial = X509_get_serialNumber(x509Certificate);
+	/* convert the BIGNUM to ASN1 and add to X509 certificate */
+	x509Serial = BN_to_ASN1_INTEGER(x509SerialBN, x509Serial);
+	if (x509Serial == NULL) {
+	    printf("addSerialNumber: Error setting certificate serial number\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (x509SerialBN != NULL) BN_clear_free(x509SerialBN );		/* @1 */
+    return rc;
+}
+
+/* addPubKeyRsa() adds the public key to the certificate. tmpAddedToCertIndex must point to the
+   public key.
+ */
+
+TPM_RC addPubKeyRsa(X509 		*x509Certificate,
+		    unsigned char 	*tmpAddedToCert,
+		    uint16_t 		*tmpAddedToCertIndex)
+{
+    TPM_RC 			rc = 0;
+    TPM2B_PUBLIC_KEY_RSA 	tpm2bRsa;
+    uint16_t 			dataLength;
+
+    /* skip the SEQUENCE with the Signature Algorithm object identifier */
+    if (rc == 0) {
+	rc = copyType(0x30, NULL, NULL, 		/* NULL says to skip */
+		      tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the SEQUENCE wrapper for the Subject Public Key Info */
+    if (rc == 0) {
+	rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the SEQUENCE Public Key Algorithm */
+    if (rc == 0) {
+	rc = copyType(0x30, NULL, NULL, 		/* NULL says to skip */
+		      tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the BIT STRING intoduction to the public key */
+    if (rc == 0) {
+	rc = skipBitString(&dataLength, tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the SEQUENCE wrapper for the public key */
+    if (rc == 0) {
+	rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* get the integer public modulus FIXME missing length check */
+    if (rc == 0) {
+	rc = getInteger(&tpm2bRsa.t.size, tpm2bRsa.t.buffer,
+			tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    if (rc == 0) {
+	rc = addCertKeyRsa(x509Certificate,
+			   &tpm2bRsa);	/* certified public key */
+    }
+    /* skip the INTEGER public exponent - should not matter since it's the last item */
+    /* FIXME test for 010001 */
+    if (rc == 0) {
+	uint16_t dummy;
+	rc = getInteger(&dummy, NULL,
+			tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    return rc;
+}
+
+/* addPubKeyEcc() adds the public key to the certificate. tmpAddedToCertIndex must point to the
+   public key.
+*/
+
+
+TPM_RC addPubKeyEcc(X509 		*x509Certificate,
+		    unsigned char 	*tmpAddedToCert,
+		    uint16_t 		*tmpAddedToCertIndex)
+{
+    TPM_RC 		rc = 0;
+    uint16_t 		dataLength;
+    TPMS_ECC_POINT 	tpmsEccPoint;
+
+    /* skip the SEQUENCE with the Signature Algorithm object identifier ecdsaWithSHA256 */
+    if (rc == 0) {
+	rc = copyType(0x30, NULL, NULL, 		/* NULL says to skip */
+		      tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the SEQUENCE wrapper for the Subject Public Key Info */
+    if (rc == 0) {
+	rc = skipSequence(tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the SEQUENCE Public Key Algorithm */
+    if (rc == 0) {
+	rc = copyType(0x30, NULL, NULL, 		/* NULL says to skip */
+		      tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* skip the BIT STRING intoduction to the public key */
+    if (rc == 0) {
+	rc = skipBitString(&dataLength, tmpAddedToCertIndex, tmpAddedToCert);
+    }
+    /* the next bytes are the 04, x and y */
+    if (rc == 0) {
+
+	/* FIXME check that dataLength is 65 */
+
+	*tmpAddedToCertIndex += 1;	/* skip the 0x04 compression byte */
+
+	tpmsEccPoint.x.t.size = 32;	
+	memcpy(tpmsEccPoint.x.t.buffer, tmpAddedToCert +  *tmpAddedToCertIndex, 32);	
+	*tmpAddedToCertIndex += 32;
+
+	tpmsEccPoint.y.t.size = 32;	
+	memcpy(tpmsEccPoint.y.t.buffer, tmpAddedToCert +  *tmpAddedToCertIndex, 32);	
+	*tmpAddedToCertIndex += 32;
+
+	rc = addCertKeyEcc(x509Certificate, &tpmsEccPoint);
+    }
+    return rc;
+}
+
+/* addSignatureRsa() copies the TPMT_SIGNATURE output of the TPM2_CertifyX509 command to the X509
+   certificate.
+ */
+
+TPM_RC addSignatureRsa(X509 		*x509Certificate,
+		       TPMT_SIGNATURE 	*tSignature)
+{
+    TPM_RC 		rc = 0;
+    int 		irc;
+    X509_ALGOR 		*signatureAlgorithm = NULL;
+    X509_ALGOR 		*certSignatureAlgorithm = NULL;
+    ASN1_BIT_STRING 	*asn1Signature = NULL;
+    
+    /* FIXME check sign length */
+    
+    if (rc == 0) {
+	certSignatureAlgorithm = (X509_ALGOR *)X509_get0_tbs_sigalg(x509Certificate);
+	X509_get0_signature((OSSLCONST ASN1_BIT_STRING**)&asn1Signature,
+			    (OSSLCONST X509_ALGOR **)&signatureAlgorithm,
+			    x509Certificate);
+    }
+    /* set the algorithm in the top level structure */
+    if (rc == 0) {
+	X509_ALGOR_set0(signatureAlgorithm,
+			OBJ_nid2obj(NID_sha256WithRSAEncryption), V_ASN1_NULL, NULL);
+    }
+    /* set the algorithm in the to be signed structure */
+    if (rc == 0) {
+	X509_ALGOR_set0(certSignatureAlgorithm,
+			OBJ_nid2obj(NID_sha256WithRSAEncryption), V_ASN1_NULL, NULL);
+    }
+    /* ASN1_BIT_STRING x509Certificate->signature contains a BIT STRING with the RSA signature */
+    if (rc == 0) {
+	irc = ASN1_BIT_STRING_set(asn1Signature,
+				  tSignature->signature.rsassa.sig.t.buffer,
+				  tSignature->signature.rsassa.sig.t.size);
+	asn1Signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	asn1Signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+	if (irc == 0) {
+	    printf("addSignatureRsa: Error in ASN1_BIT_STRING_set for signature\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    return rc;
+}
+
+/* addSignatureEcc() copies the TPMT_SIGNATURE output of the TPM2_CertifyX509 command to the X509
+   certificate.
+*/
+
+TPM_RC addSignatureEcc(X509 		*x509Certificate,
+		       TPMT_SIGNATURE 	*tSignature)
+{
+    TPM_RC 		rc = 0;
+    int 		irc;
+    X509_ALGOR 		*signatureAlgorithm = NULL;
+    X509_ALGOR 		*certSignatureAlgorithm = NULL;
+    ASN1_BIT_STRING 	*asn1Signature = NULL;
+    BIGNUM 		*rSig = NULL;
+    BIGNUM 		*sSig = NULL;
+    ECDSA_SIG 		*ecdsaSig = NULL;
+    unsigned char 	*ecdsaSigBin = NULL;
+    int 		ecdsaSigBinLength;
+
+    /* FIXME check sign length */
+    
+    if (rc == 0) {
+	certSignatureAlgorithm = (X509_ALGOR *)X509_get0_tbs_sigalg(x509Certificate);
+	X509_get0_signature((OSSLCONST ASN1_BIT_STRING**)&asn1Signature,
+			    (OSSLCONST X509_ALGOR **)&signatureAlgorithm,
+			    x509Certificate);
+    }
+    /* set the algorithm in the top level structure */
+    if (rc == 0) {
+	X509_ALGOR_set0(signatureAlgorithm,
+			OBJ_nid2obj(NID_ecdsa_with_SHA256), V_ASN1_UNDEF, NULL);
+    }
+    /* set the algorithm in the to be signed structure */
+    if (rc == 0) {
+	X509_ALGOR_set0(certSignatureAlgorithm,
+			OBJ_nid2obj(NID_ecdsa_with_SHA256), V_ASN1_UNDEF, NULL);
+    }
+    /* ASN1_BIT_STRING x509Certificate->signature contains a sequence with two INTEGER, R and S */
+    /* construct DER and then ASN1_BIT_STRING_set into X509 */
+    if (rc == 0) {
+	rSig = BN_new();
+	if (rSig == NULL) {
+	    printf("addSignatureEcc: BN_new() failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	sSig = BN_new();
+	if (sSig == NULL) {
+	    printf("addSignatureEcc: BN_new() failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+        rSig = BN_bin2bn(tSignature->signature.ecdsa.signatureR.b.buffer,
+			 tSignature->signature.ecdsa.signatureR.b.size, rSig);
+        if (rSig == NULL) {
+            printf("addSignatureEcc: Error in BN_bin2bn\n");
+            rc = TSS_RC_BIGNUM;
+        }
+    }
+    if (rc == 0) {
+        sSig = BN_bin2bn(tSignature->signature.ecdsa.signatureS.b.buffer,
+			 tSignature->signature.ecdsa.signatureS.b.size, sSig);
+        if (sSig == NULL) {
+            printf("addSignatureEcc: Error in BN_bin2bn\n");
+            rc = TSS_RC_BIGNUM;
+        }
+    }
+    if (rc == 0) {
+	ecdsaSig = ECDSA_SIG_new();		/* freed @1 */
+	if (ecdsaSig == NULL) {
+	    printf("addSignatureEcc: ECDSA_SIG_new() failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	irc = ECDSA_SIG_set0(ecdsaSig, rSig, sSig);
+	if (irc != 1) {
+	    printf("addSignatureEcc: Error in ECDSA_SIG_set0\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* serialize the signature to DER */
+    if (rc == 0) {
+	ecdsaSigBinLength = i2d_ECDSA_SIG(ecdsaSig, &ecdsaSigBin);	/* freed @2 */
+	if (ecdsaSigBinLength < 0) {
+	    printf("addSignatureEcc: Error in signature serialization i2d_ECDSA_SIG()\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add the DER signature to the certificate */
+    if (rc == 0) {
+	irc = ASN1_BIT_STRING_set(asn1Signature,
+				  ecdsaSigBin,
+				  ecdsaSigBinLength);
+	asn1Signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	asn1Signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+	if (irc == 0) {
+	    printf("addSignatureEcc: Error in ASN1_BIT_STRING_set for signature\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* freed by ECDSA_SIG_free */
+    if (ecdsaSig == NULL) {
+	BN_free(rSig);
+	BN_free(sSig);
+    }
+    ECDSA_SIG_free(ecdsaSig);		/* @1 */
+    OPENSSL_free(ecdsaSigBin);		/* @2 */
+    return rc;
+}
+
+/* getDataLength() checks the type, gets the length of the wrapper and following data */
+
+TPM_RC getDataLength(uint8_t type,			/* expected type */
+		       uint16_t *wrapperLength,		/* wrapper */
+		       uint16_t *dataLength,		/* data */
+		       uint16_t *certificateDerIndex,
+		       uint8_t *certificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint32_t	i = 0;
+    uint16_t	lengthLength = 0;	/* number of length bytes */
+
+    /* validate the wrapper type */
+    if (rc == 0) {
+	if (certificateDer[*certificateDerIndex] != type) {
+	    printf("getDataLength: index %u expect %02x actual %02x\n",
+		   *certificateDerIndex, type, certificateDer[*certificateDerIndex]);
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* get the length */
+    if (rc == 0) {
+	/* long form length starts with the 'length of the length' */
+	if ((certificateDer[*certificateDerIndex + 1] & 0x80)) {
+	    lengthLength = certificateDer[*certificateDerIndex + 1] & 0x7f;
+	    if (lengthLength <= sizeof(*dataLength)) {
+
+		*dataLength = 0;
+		for (i = 0 ; i < lengthLength ; i++) {
+		    *dataLength <<= (i * 8);
+		    *dataLength += certificateDer[*certificateDerIndex + 2 + i];
+		}
+	    }
+	    else {
+		printf("getDataLength: lengthLength %u too large for uint16_t\n", lengthLength);
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	/* short form length is in byte following type */
+	else {
+	    *dataLength = certificateDer[*certificateDerIndex + 1] & 0x7f;
+	}
+    }
+    if (rc == 0) {
+	*wrapperLength = 2 + lengthLength;
+	if (verbose) printf("getDataLength: wrapperLength %u dataLength %u\n",
+			    *wrapperLength, *dataLength);
+    }
+    return rc;
+}
+
+/* skipSequence() moves the certificateDerIndex past the SEQUENCE and its length.  I.e., it just
+   skips the wrapper, not the contents
+*/
+
+TPM_RC skipSequence(uint16_t *certificateDerIndex, uint8_t *certificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint16_t 	wrapperLength;
+    uint16_t 	dataLength;
+
+    if (rc == 0) {
+	rc = getDataLength(0x30,		/* variable length SEQUENCE */
+			   &wrapperLength,
+			   &dataLength,
+			   certificateDerIndex, certificateDer);
+    }
+    if (rc == 0) {
+	*certificateDerIndex += wrapperLength;
+    }
+    return rc;
+}
+
+/* skipBitString() moves the certificateDerIndex past the BIT STRING, its length, and its padding,
+   not the contents
+*/
+
+TPM_RC skipBitString(uint16_t *dataLength,
+		     uint16_t *certificateDerIndex, uint8_t *certificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint16_t 	wrapperLength;
+
+    if (rc == 0) {
+	rc = getDataLength(0x03,		/* BIT STRING */
+			   &wrapperLength,  
+			   dataLength,
+			   certificateDerIndex, certificateDer);
+    }
+    if (rc == 0) {
+	*certificateDerIndex += wrapperLength;
+	*certificateDerIndex += 1;	/* BIT STRING padding */
+    }
+    return rc;
+}
+
+/* copyType() copies the type at certificateDerIndex to partialCertificateDer.
+
+   certificateDerIndex and partialCertificateDerLength are updated
+*/
+
+TPM_RC copyType(uint8_t type,			/* expected type */
+		  uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer,
+		  uint16_t *certificateDerIndex, uint8_t *certificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint16_t 	wrapperLength = 0;
+    uint16_t 	dataLength = 0;
+
+    if (rc == 0) {
+	rc = getDataLength(type,
+			   &wrapperLength,  
+			   &dataLength,
+			   certificateDerIndex, certificateDer);
+    }
+    if (rc == 0) {
+	if (partialCertificateDer != NULL) {
+	    memcpy(partialCertificateDer + *partialCertificateDerLength,
+		   &(certificateDer[*certificateDerIndex]),
+		   wrapperLength + dataLength);
+	    *partialCertificateDerLength += wrapperLength + dataLength;
+	}
+	*certificateDerIndex += wrapperLength + dataLength;
+    }
+    return rc;
+}
+
+/* getInteger() copies the INTEGER data (not including the wrapper) to integerStream.
+
+   certificateDerIndex is updated.
+*/
+
+TPM_RC getInteger(uint16_t *integerDataLength, unsigned char *integerStream,
+		    uint16_t *certificateDerIndex, unsigned char *certificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint16_t 	wrapperLength = 0;
+
+    if (rc == 0) {
+	rc = getDataLength(0x02,		/* INTEGER */
+			   &wrapperLength,  
+			   integerDataLength,
+			   certificateDerIndex, certificateDer);
+    }
+    if (rc == 0) {
+	if (integerStream != NULL) {
+	    memcpy(integerStream,
+		   certificateDer + *certificateDerIndex + wrapperLength,
+		   *integerDataLength);
+	}
+	*certificateDerIndex += wrapperLength + *integerDataLength;
+    }
+    return rc;
+}
+
+/* prependSequence() shifts the DER down and back fills the SEQUENCE and length */
+
+TPM_RC prependSequence(uint16_t *partialCertificateDerLength, uint8_t *partialCertificateDer)
+{
+    TPM_RC 	rc = 0;
+    uint16_t	prefixLength;
+    uint16_t	lengthLength = 0;
+    uint16_t	i = 0;
+
+    if (verbose) printf("prependSequence: total length %u %04x\n",
+			*partialCertificateDerLength, *partialCertificateDerLength);
+    /* calculate the number of prepended bytes */
+    if (rc == 0) {
+	/* long form length when greater than 7f */
+	if ((*partialCertificateDerLength) > 0x7f) {
+	    lengthLength = (*partialCertificateDerLength / 0x100) + 1;	/* +1 to round up */
+	    prefixLength = 2 + lengthLength;	/* SEQUENCE + length of length + length bytes */
+	}
+	/* short form length when up to 7f */
+	else {
+	    prefixLength = 2;	/* SEQUENCE + length byte */
+	}
+    }
+    /* shift the partialCertificateDer down by prefix length */
+    if (rc == 0) {
+	memmove(partialCertificateDer + prefixLength,
+		partialCertificateDer,
+		*partialCertificateDerLength);
+    }
+    /* construct the prefix */
+    if (rc == 0) {
+	partialCertificateDer[0] = 0x30; 	/* SEQUENCE */
+	/* long form length */
+	if (lengthLength > 0) {
+	    partialCertificateDer[1] = 0x80 + lengthLength; 	/* byte 1 bit 7 set for long form */
+	    for (i = 0 ; i < lengthLength ; i++) {		/* start at byte 2 */
+		partialCertificateDer[2 + i] =			/* add length bytes */
+		    (*partialCertificateDerLength >> ((lengthLength - i - 1) * 8)) & 0xff;
+	    }
+	}
+	/* short form length */
+	else {
+	    /* just length for short form, cast safe bacause of above test */
+	    partialCertificateDer[1] = (uint8_t)*partialCertificateDerLength;
+	}
+	*partialCertificateDerLength += prefixLength;	/* adjust the total length of the DER */
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("certifyx509\n");
+    printf("\n");
+    printf("Runs TPM2_Certifyx509\n");
+    printf("\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t[-pwdo\tpassword for object (default empty)]\n");
+    printf("\t-hk\tcertifying key handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc) (default rsa)]\n");
+
+    printf("\t[-ku\tX509 key usage - string - comma separated, no spaces]\n");
+    printf("\t[-iob\tTPMA_OBJECT - 4 byte hex]\n");
+    printf("\t\te.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default)\n");
+    printf("\t\te.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly\n");
+    printf("\t\te.g. fixedTPM: critical,nonRepudiation\n");
+    printf("\t\te.g. parent (restrict decrypt): critical,keyEncipherment\n");
+    
+    printf("\t[-bit\tbit in partialCertificate to toggle]\n");
+    printf("\t[-sub\tsubject same as issuer for self signed (root) certificate]\n");
+    printf("\t[-opc\tpartial certificate file name (default do not save)]\n");
+    printf("\t[-oa\taddedToCertificate file name (default do not save)]\n");
+    printf("\t[-otbs\tsigned tbsDigest file name (default do not save)]\n");
+    printf("\t[-os\tsignature file name (default do not save)]\n");
+    printf("\t[-ocert\t reconstructed certificate file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
+
+#endif	/* TPM_TSS_MBEDTLS */
+
+#ifdef TPM_TSS_MBEDTLS
+
+int verbose;
+
+int main(int argc, char *argv[])
+{
+    argc = argc;
+    argv = argv;
+    printf("certifyx509 not supported with mbedtls yet\n");
+    return 0;
+}
+
+#endif	/* TPM_TSS_MBEDTLS */
diff --git a/utils/changeeps.c b/utils/changeeps.c
new file mode 100644
index 000000000..157ec6045
--- /dev/null
+++ b/utils/changeeps.c
@@ -0,0 +1,216 @@
+/********************************************************************************/
+/*										*/
+/*			    ChangeEPS 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ChangeEPS_In 		in;
+    const char			*authPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	in.authHandle = TPM_RH_PLATFORM;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ChangeEPS,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("changeeps: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("changeeps: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("changeeps\n");
+    printf("\n");
+    printf("Runs TPM2_ChangeEPS\n");
+    printf("\n");
+    printf("\t-pwda\tauthorization password (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/changepps.c b/utils/changepps.c
new file mode 100644
index 000000000..8de39ff2d
--- /dev/null
+++ b/utils/changepps.c
@@ -0,0 +1,216 @@
+/********************************************************************************/
+/*										*/
+/*			    ChangePPS 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ChangePPS_In 		in;
+    const char			*authPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+ 
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	in.authHandle = TPM_RH_PLATFORM;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ChangePPS,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("changepps: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("changepps: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("changepps\n");
+    printf("\n");
+    printf("Runs TPM2_ChangePPS\n");
+    printf("\n");
+    printf("\t-pwda\tauthorization password (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/clear.c b/utils/clear.c
new file mode 100644
index 000000000..ae9ce258e
--- /dev/null
+++ b/utils/clear.c
@@ -0,0 +1,238 @@
+/********************************************************************************/
+/*										*/
+/*			    Clear 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Clear_In 			in;
+    char 			authHandleChar = 0;
+    const char			*authPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		authHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (authHandleChar == 'l') {
+	    in.authHandle = TPM_RH_LOCKOUT;
+	}
+	else if (authHandleChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Clear,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}	
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("clear: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("clear: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("clear\n");
+    printf("\n");
+    printf("Runs TPM2_Clear\n");
+    printf("\n");
+    printf("\t-hi\tauthhandle hierarchy (l, p)\n");
+    printf("\t\tl lockout, p platform\n");
+    printf("\t-pwda\tauthorization password (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/clearcontrol.c b/utils/clearcontrol.c
new file mode 100644
index 000000000..9e2ad6952
--- /dev/null
+++ b/utils/clearcontrol.c
@@ -0,0 +1,258 @@
+/********************************************************************************/
+/*										*/
+/*			    ClearControl 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ClearControl_In 		in;
+    char 			authHandleChar = 0;
+    const char			*authPassword = NULL; 
+    int				state = 1;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		authHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-state") == 0) {
+	    i++;
+	    if (i < argc) {
+		state = atoi(argv[i]);
+	    }
+	    else {
+		printf("-state option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (authHandleChar == 'l') {
+	    in.auth = TPM_RH_LOCKOUT;
+	}
+	else if (authHandleChar == 'p') {
+	    in.auth = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (state != 0) {
+	    in.disable = YES;
+	}
+	else {
+	    in.disable = NO;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ClearControl,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("clearcontrol: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("clearcontrol: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("clearcontrol\n");
+    printf("\n");
+    printf("Runs TPM2_ClearControl\n");
+    printf("\n");
+    printf("\t-hi\tauthhandle hierarchy (l, p)\n");
+    printf("\t\tl lockout, p platform\n");
+    printf("\t-pwda\tauthorization password (default empty)\n");
+    printf("\t-state\t0 to disable, 1 to enable (default enable)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/clockrateadjust.c b/utils/clockrateadjust.c
new file mode 100644
index 000000000..7edf41ce2
--- /dev/null
+++ b/utils/clockrateadjust.c
@@ -0,0 +1,260 @@
+/********************************************************************************/
+/*										*/
+/*			   ClockRateAdjust					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ClockRateAdjust_In 		in;
+    char 			hierarchyChar = 'p';
+    TPMI_RH_HIERARCHY		authHandle = TPM_RH_PLATFORM;
+    const char			*parentPassword = NULL; 
+    TPM_CLOCK_ADJUST 		rateAdjust = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-adj") == 0) {
+	    i++;
+	    if (i < argc) {
+		int tmp;	/* sscanf with char is not portable */
+		sscanf(argv[i],"%d", &tmp);
+		rateAdjust = tmp;
+	    }
+	    else {
+		printf("Missing parameter for -adj\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.rateAdjust = rateAdjust;
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY authHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'o') {
+	    authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Bad parameter %c for -hi\n", hierarchyChar);
+	    printUsage();
+	}
+	in.auth = authHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ClockRateAdjust,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("clockrateadjust: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("clockrateadjust: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("clockrateadjust\n");
+    printf("\n");
+    printf("Runs TPM2_ClockRateAdjust\n");
+    printf("\n");
+    printf("\t[-hi\thierarchy auth (p, o) (default p)]\n"); 
+    printf("\t[-pwdp\thierarchy password (default empty)]\n");
+    printf("\t[-adj\trate adjust (default 0)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/clockset.c b/utils/clockset.c
new file mode 100644
index 000000000..cc6b15b76
--- /dev/null
+++ b/utils/clockset.c
@@ -0,0 +1,310 @@
+/********************************************************************************/
+/*										*/
+/*			   ClockSet						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ClockSet_In 		in;
+    char 			hierarchyChar = 'p';
+    TPMI_RH_HIERARCHY		authHandle = TPM_RH_PLATFORM;
+    const char			*parentPassword = NULL; 
+    uint64_t			newClock = 0;
+    unsigned int		addSec = 0;
+    const char			*clockFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-clock") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%"SCNu64, &newClock);
+	    }
+	    else {
+		printf("Missing parameter for -clock\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-addsec") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &addSec);
+	    }
+	    else {
+		printf("Missing parameter for -addsec\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-iclock") == 0) {
+	    i++;
+	    if (i < argc) {
+		clockFilename = argv[i];
+	    }
+	    else {
+		printf("-iclock option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((newClock == 0) && (clockFilename == NULL)) {
+	printf("Missing -clock or -iclock\n");
+	printUsage();
+    }
+    if ((newClock != 0) && (clockFilename != NULL)) {
+	printf("Cannot have both -clock and -iclock\n");
+	printUsage();
+    }
+    if ((rc == 0) && (newClock != 0)) {
+	in.newTime = newClock;
+    }
+    if ((rc == 0) && (clockFilename != NULL)) {
+	unsigned char *data = NULL;
+	size_t length;
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&data, &length, clockFilename);	/* freed @1 */
+	}
+	if (rc == 0) {
+	    if (length != sizeof(in.newTime)) {
+		printf("Clock file %s length %lu should be %lu\n",
+		       clockFilename, (unsigned long)length, (unsigned long)sizeof(in.newTime));
+	    }
+	}
+	if (rc == 0) {
+	    memcpy((uint8_t *)&in.newTime, data, length);
+	}
+	free(data);	/* @1 */
+    }	
+    /* Table 50 - TPMI_RH_HIERARCHY authHandle */
+    if (rc == 0) {
+	in.newTime += (addSec * 1000);	/* new clock is in msec */
+	if (tssUtilsVerbose) printf("clockset: New clock %"PRIu64"\n", in.newTime);
+	if (hierarchyChar == 'o') {
+	    authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Bad parameter %c for -hi\n", hierarchyChar);
+	    printUsage();
+	}
+	in.auth = authHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ClockSet,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("clockset: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("clockset: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("clockset\n");
+    printf("\n");
+    printf("Runs TPM2_ClockSet\n");
+    printf("\n");
+    printf("\t-clock\t\tnew clock\n");
+    printf("\t-iclock\t\tnew clock file name\n");
+    printf("\t[-addsec\tseconds to add to new clock]\n");
+    printf("\t-hi\t\thierarchy (o, p) (default platform)\n");
+    printf("\t\to owner, p platform\n");
+    printf("\t-pwdp\t\tpassword for hierarchy (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2]\t session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/commit.c b/utils/commit.c
new file mode 100644
index 000000000..8a0562816
--- /dev/null
+++ b/utils/commit.c
@@ -0,0 +1,395 @@
+/********************************************************************************/
+/*										*/
+/*			    Commit						*/
+/*	     		Written by Bill Martin 					*/
+/*                 Green Hills Integrity Software Services 			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include "objecttemplates.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 			rc = 0;
+    int 			i;    /* argc iterator */
+    TSS_CONTEXT 		*tssContext = NULL;
+    Commit_In   		in;
+    Commit_Out   		out;
+    TPMI_DH_OBJECT      	signHandle = 0;
+    TPMA_OBJECT         	objectAttributes;
+    const char          	*s2Filename = NULL;
+    const char          	*y2Filename = NULL;
+    const char 			*dataFilename = NULL;
+    const char       		*Kfilename = NULL;
+    const char          	*Lfilename = NULL;
+    const char          	*Efilename = NULL;
+    const char                  *counterFilename = NULL;
+    const char          	*keyPassword = NULL;
+    TPMI_SH_AUTH_SESSION        sessionHandle0 = TPM_RS_PW;
+    unsigned int                sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION        sessionHandle1 = TPM_RH_NULL;
+    unsigned int                sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION        sessionHandle2 = TPM_RH_NULL;
+    unsigned int                sessionAttributes2 = 0;
+ 
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    objectAttributes.val = 0;
+    objectAttributes.val |= TPMA_OBJECT_NODA;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+        if (strcmp(argv[i], "-hk") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &signHandle);
+            }
+            else {
+                printf("Missing parameter for -hk\n");
+                printUsage();
+            }
+        }
+	else if (strcmp(argv[i], "-pt")  == 0) {
+	    i++;
+	    if (i < argc) {
+		dataFilename = argv[i];
+	    } else {
+		printf("-pt option needs a value\n");
+		printUsage();
+	    }
+	}
+        // for inSensitive data s2 see stirrandom.c
+        // I think this is gX put in array form
+        else if (strcmp(argv[i],"-s2") == 0) {
+            i++;
+            if (i < argc) {
+                s2Filename = argv[i];
+            }
+            else {
+                printf("-s2 option needs a value\n");
+                printUsage();
+            }
+        }
+        // for inSensitive data y2 see stirrandom.c
+        // I think this is gX put in array form
+        else if (strcmp(argv[i],"-y2") == 0) {
+            i++;
+            if (i < argc) {
+                y2Filename = argv[i];
+            }
+            else {
+                printf("-y2 option needs a value\n");
+                printUsage();
+            }
+        }
+	else if (strcmp(argv[i], "-Kf")  == 0) {
+	    i++;
+	    if (i < argc) {
+		Kfilename = argv[i];
+	    } else {
+		printf("-Kf option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-Lf")  == 0) {
+	    i++;
+	    if (i < argc) {
+                Lfilename = argv[i];
+	    } else {
+		printf("-Lf option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-Ef")  == 0) {
+	    i++;
+	    if (i < argc) {
+		Efilename = argv[i];
+	    } else {
+		printf("-Ef option needs a value\n");
+		printUsage();
+	    }
+	}
+        else if (strcmp(argv[i], "-cf")  == 0) {
+	    i++;
+	    if (i < argc) {
+		counterFilename = argv[i];
+	    } else {
+		printf("-cf option needs a value\n");
+		printUsage();
+	    }
+	}
+        else if (strcmp(argv[i],"-pwdk") == 0) {
+            i++;
+            if (i < argc) {
+                keyPassword = argv[i];
+            }
+            else {
+                printf("-pwdk option needs a value\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-se0") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionHandle0);
+            }
+            else {
+                printf("Missing parameter for -se0\n");
+                printUsage();
+            }
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionAttributes0);
+                if (sessionAttributes0 > 0xff) {
+                    printf("Out of range session attributes for -se0\n");
+                    printUsage();
+                }
+            }
+            else {
+                printf("Missing parameter for -se0\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-se1") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionHandle1);
+            }
+            else {
+                printf("Missing parameter for -se1\n");
+                printUsage();
+            }
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionAttributes1);
+                if (sessionAttributes1 > 0xff) {
+                    printf("Out of range session attributes for -se1\n");
+                    printUsage();
+                }
+            }
+            else {
+                printf("Missing parameter for -se1\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-se2") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionHandle2);
+            }
+            else {
+                printf("Missing parameter for -se2\n");
+                printUsage();
+            }
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionAttributes2);
+                if (sessionAttributes2 > 0xff) {
+                    printf("Out of range session attributes for -se2\n");
+                    printUsage();
+                }
+            }
+            else {
+                printf("Missing parameter for -se2\n");
+                printUsage();
+            }
+        }
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (signHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform signing */
+	in.signHandle = signHandle;
+    }
+    /* set P1 */
+    if (rc == 0) {
+	if (dataFilename != NULL) {
+	    rc = TSS_File_ReadStructure(&in.P1,
+					(UnmarshalFunction_t)TSS_TPM2B_ECC_POINT_Unmarshalu,
+					dataFilename);
+	}
+	else {
+	    in.P1.point.x.t.size = 0;
+	    in.P1.point.y.t.size = 0;
+	}
+    }
+    /* set S2 */
+    if (rc == 0) {
+	if (s2Filename != NULL) {
+	    rc = TSS_File_Read2B(&in.s2.b,
+				 sizeof(in.s2.t.buffer),
+				 s2Filename);
+	}
+	else {
+	    in.s2.t.size = 0;
+	}
+    }
+    /* set y2 */
+    if (rc == 0) {
+	if (y2Filename != NULL) {
+	    rc = TSS_File_Read2B(&in.y2.b,
+				 sizeof(in.y2.t.buffer),
+				 y2Filename);
+	}
+	else {
+	    in.y2.t.size = 0;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Commit,
+                         sessionHandle0, keyPassword, sessionAttributes0,
+                         sessionHandle1, NULL, sessionAttributes1,
+                         sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (Kfilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.K,
+				     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal,
+				     Kfilename);
+
+
+    }
+    if ((rc == 0) && (Lfilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.L,
+				     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal,
+				     Lfilename);
+
+
+    }
+    if ((rc == 0) && (Efilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.E,
+				     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal,
+				     Efilename);
+
+
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("counter is %d\n", out.counter);
+        if (counterFilename != NULL)  {
+	    rc = TSS_File_WriteStructure(&out.counter,
+					 (MarshalFunction_t)TSS_UINT16_Marshal,
+					 counterFilename);
+        }
+    } 
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("commit: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("commit: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("commit\n");
+    printf("\n");
+    printf("Runs TPM2_Commit\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t[-pt\tpoint input file name (default empty)]\n");
+    printf("\t[-s2\ts2 input file name (default empty)]\n");
+    printf("\t[-y2\ty2 input file name (default empty)]\n");
+    printf("\t[-Kf\tK output data file name (default do not save)]\n");
+    printf("\t[-Lf\toutput data file name (default do not save)]\n");
+    printf("\t[-Ef\toutput data file name (default do not save)]\n");
+    printf("\t[-cf\toutput counter file name (default do not save)]\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1); 
+}
+
+
+
diff --git a/utils/contextload.c b/utils/contextload.c
new file mode 100644
index 000000000..315953b93
--- /dev/null
+++ b/utils/contextload.c
@@ -0,0 +1,146 @@
+/********************************************************************************/
+/*										*/
+/*			   ContextLoad 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ContextLoad_In 		in;
+    ContextLoad_Out		out;
+    const char			*contextFilename = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		contextFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (contextFilename == NULL) {
+	printf("Missing context file parameter -if\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.context,
+				    (UnmarshalFunction_t)TSS_TPMS_CONTEXT_Unmarshalu,
+				    contextFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ContextLoad,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.loadedHandle);
+	if (tssUtilsVerbose) printf("contextload: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("contextload: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("contextload\n");
+    printf("\n");
+    printf("Runs TPM2_ContextLoad\n");
+    printf("\n");
+    printf("\t-if\tcontext file name\n");
+    exit(1);	
+}
diff --git a/utils/contextsave.c b/utils/contextsave.c
new file mode 100644
index 000000000..d33b48283
--- /dev/null
+++ b/utils/contextsave.c
@@ -0,0 +1,162 @@
+/********************************************************************************/
+/*										*/
+/*			   ContextSave 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ContextSave_In 		in;
+    ContextSave_Out 		out;
+    TPMI_DH_CONTEXT		saveHandle = 0;
+    const char			*contextFilename = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &saveHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		contextFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (saveHandle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.saveHandle = saveHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ContextSave,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the context */
+    if ((rc == 0) && (contextFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.context,
+				     (MarshalFunction_t)TSS_TPMS_CONTEXT_Marshal,
+				     contextFilename );
+    }
+    if (rc == 0) {
+	printf("TPMS_CONTEXT.savedHandle %08x\n", out.context.savedHandle);
+	if (tssUtilsVerbose) printf("contextsave: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("contextsave: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("contextsave\n");
+    printf("\n");
+    printf("Runs TPM2_ContextSave\n");
+    printf("\n");
+    printf("\t-ha\thandle\n");
+    printf("\t[-of\tcontext file name (default do not save)]\n");
+    exit(1);	
+}
diff --git a/utils/create.c b/utils/create.c
new file mode 100644
index 000000000..f4fcd6bcb
--- /dev/null
+++ b/utils/create.c
@@ -0,0 +1,702 @@
+/********************************************************************************/
+/*										*/
+/*			    Create 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+
+#include "objecttemplates.h"
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Create_In 			in;
+    Create_Out 			out;
+    TPMI_DH_OBJECT		parentHandle = 0;
+    TPMA_OBJECT			addObjectAttributes;
+    TPMA_OBJECT			deleteObjectAttributes;
+    int				keyType = 0;
+    uint32_t 			keyTypeSpecified = 0;
+    int				rev116 = FALSE;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    TPMI_ECC_CURVE		curveID = TPM_ECC_NONE;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    const char			*policyFilename = NULL;
+    const char			*publicKeyFilename = NULL;
+    const char			*privateKeyFilename = NULL;
+    const char			*pemFilename = NULL;
+    const char			*ticketFilename = NULL;
+    const char			*creationHashFilename = NULL;
+    const char 			*dataFilename = NULL;
+    const char			*keyPassword = NULL; 
+    const char			*parentPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    addObjectAttributes.val = 0;
+    addObjectAttributes.val |= TPMA_OBJECT_NODA;
+    deleteObjectAttributes.val = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-bl") == 0) {
+	    keyType = TYPE_BL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-den") == 0) {
+	    keyType = TYPE_DEN;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-deo") == 0) {
+	    keyType = TYPE_DEO;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-des") == 0) {
+	    keyType = TYPE_DES;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-st") == 0) {
+	    keyType = TYPE_ST;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-si") == 0) {
+	    keyType = TYPE_SI;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dau") == 0) {
+	    keyType = TYPE_DAA;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dar") == 0) {
+	    keyType = TYPE_DAAR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-sir") == 0) {
+	    keyType = TYPE_SIR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-kh") == 0) {
+	    keyType = TYPE_KH;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-khr") == 0) {
+	    keyType = TYPE_KHR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dp") == 0) {
+	    keyType = TYPE_DP;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-gp") == 0) {
+	    keyType = TYPE_GP;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-116") == 0) {
+	    rev116 = TRUE;
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"bnp256") == 0) {
+		    curveID = TPM_ECC_BN_P256;
+		}
+		else if (strcmp(argv[i],"nistp256") == 0) {
+		    curveID = TPM_ECC_NIST_P256;
+		}
+		else if (strcmp(argv[i],"nistp384") == 0) {
+		    curveID = TPM_ECC_NIST_P384;
+		}
+		else {
+		    printf("Bad parameter %s for -ecc\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-ecc option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-kt") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i], "f") == 0) {
+		    addObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+   		}
+		else if (strcmp(argv[i], "p") == 0) {
+		    addObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+		}
+		else if (strcmp(argv[i], "nf") == 0) {
+		    deleteObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+		}
+		else if (strcmp(argv[i], "np")  == 0) {
+		    deleteObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+		}
+		else if (strcmp(argv[i], "ed")  == 0) {
+		    addObjectAttributes.val |= TPMA_OBJECT_ENCRYPTEDDUPLICATION;
+		}
+		else {
+		    printf("Bad parameter %s for -kt\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -kt\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-uwa") == 0) {
+	    deleteObjectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	}
+	else if (strcmp(argv[i], "-da") == 0) {
+	    addObjectAttributes.val &= ~TPMA_OBJECT_NODA;
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opr") == 0) {
+	    i++;
+	    if (i < argc) {
+		privateKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemFilename = argv[i];
+	    }
+	    else {
+		printf("-opem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ch") == 0) {
+	    i++;
+	    if (i < argc) {
+		creationHashFilename = argv[i];
+	    }
+	    else {
+		printf("-ch option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pol") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyFilename = argv[i];
+	    }
+	    else {
+		printf("-pol option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		deleteObjectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+		dataFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (parentHandle == 0) {
+	printf("Missing handle parameter -hp\n");
+	printUsage();
+    }
+    if (keyTypeSpecified != 1) {
+	printf("Missing or too many key attributes\n");
+	printUsage();
+    }
+    switch (keyType) {
+      case TYPE_BL:
+	if (dataFilename == NULL) {
+	    printf("-bl needs -if (sealed data object needs data to seal)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_DAA:
+      case TYPE_DAAR:
+	if (algPublic != TPM_ALG_ECC) {
+	    printf("-dau and -dar need -ecc\n");
+ 	    printUsage();
+	}
+	if (dataFilename != NULL) {
+	    printf("asymmetric key cannot have -if (sensitive data)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_ST:
+      case TYPE_DEN:
+      case TYPE_DEO:
+      case TYPE_SI:
+      case TYPE_SIR:
+      case TYPE_GP:
+	if (dataFilename != NULL) {
+	    printf("asymmetric key cannot have -if (sensitive data)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_DES:
+      case TYPE_KH:
+      case TYPE_KHR:
+      case TYPE_DP:
+	/* inSensitive optional for symmetric keys */
+	break;
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+    }
+    /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE inSensitive */
+    if (rc == 0) {
+	/* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure <IN>sensitive  */
+	/* Table 75 - Definition of Types for TPM2B_AUTH userAuth */
+	if (keyPassword == NULL) {
+	    in.inSensitive.sensitive.userAuth.t.size = 0;
+	}
+	else {
+	    rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b,
+				      keyPassword,
+				      sizeof(in.inSensitive.sensitive.userAuth.t.buffer));
+	}
+    }
+    if (rc == 0) {
+	/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */
+	if (dataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b,
+				 sizeof(in.inSensitive.sensitive.data.t.buffer),
+				 dataFilename);
+	}
+	else {
+	    in.inSensitive.sensitive.data.t.size = 0;
+	}
+    }
+    /* TPM2B_PUBLIC */
+    if (rc == 0) {
+	switch (keyType) {
+	  case TYPE_BL:
+	    rc = blPublicTemplate(&in.inPublic.publicArea,
+				  addObjectAttributes, deleteObjectAttributes,
+				  nalg,
+				  policyFilename);
+	    break;
+	  case TYPE_ST:
+	  case TYPE_DAA:
+	  case TYPE_DAAR:
+	  case TYPE_DEN:
+	  case TYPE_DEO:
+	  case TYPE_SI:
+	  case TYPE_SIR:
+	  case TYPE_GP:
+	    rc = asymPublicTemplate(&in.inPublic.publicArea,
+				    addObjectAttributes, deleteObjectAttributes,
+				    keyType, algPublic, curveID, nalg, halg,
+				    policyFilename);
+	    break;
+	  case TYPE_DES:
+	    rc = symmetricCipherTemplate(&in.inPublic.publicArea,
+					 addObjectAttributes, deleteObjectAttributes,
+					 nalg, rev116,
+					 policyFilename);
+	    break;
+	  case TYPE_KH:
+	  case TYPE_KHR:
+	    rc = keyedHashPublicTemplate(&in.inPublic.publicArea,
+					 addObjectAttributes, deleteObjectAttributes,
+					 keyType, nalg, halg,
+					 policyFilename);
+	    break;
+	  case TYPE_DP:
+	    rc = derivationParentPublicTemplate(&in.inPublic.publicArea,
+						addObjectAttributes, deleteObjectAttributes,
+						nalg, halg,
+						policyFilename);
+	} 
+    }
+    if (rc == 0) {
+	/* TPM2B_DATA outsideInfo */
+	in.outsideInfo.t.size = 0;
+	/* Table 102 - TPML_PCR_SELECTION creationPCR */
+	in.creationPCR.count = 0;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Create,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /*
+      validate the creation data
+    */
+    {
+	uint16_t	written = 0;
+	uint8_t		*buffer = NULL;		/* for the free */
+	uint32_t 	sizeInBytes;
+	TPMT_HA		digest;
+
+	/* get the digest size from the Name algorithm */
+	if (rc == 0) {
+	    sizeInBytes = TSS_GetDigestSize(nalg);
+	    if (out.creationHash.b.size != sizeInBytes) {
+		printf("create: failed, "
+		       "creationData size %u incompatible with name algorithm %04x\n",
+		       out.creationHash.b.size, nalg);
+		rc = EXIT_FAILURE;
+	    }
+	}
+	/* re-marshal the output structure */
+	if (rc == 0) {
+	    rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				       &written,
+				       &out.creationData.creationData,
+				       (MarshalFunction_t)TSS_TPMS_CREATION_DATA_Marshal);
+	}
+	/* recalculate the creationHash from creationData */
+	if (rc == 0) {
+	    digest.hashAlg = nalg;			/* Name digest algorithm */
+	    rc = TSS_Hash_Generate(&digest,	
+				   written, buffer,
+				   0, NULL);
+	}
+	/* compare the digest to creation hash */
+	if (rc == 0) {
+	    int irc;
+	    irc = memcmp((uint8_t *)&digest.digest, &out.creationHash.b.buffer, sizeInBytes);
+	    if (irc != 0) {
+		printf("create: failed, creationData hash does not match creationHash\n");
+		rc = EXIT_FAILURE;
+	    }
+	}
+	free(buffer);	/* @1 */
+    }
+    /* save the private key */
+    if ((rc == 0) && (privateKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPrivate,
+				     (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal,
+				     privateKeyFilename);
+    }
+    /* save the public key */
+    if ((rc == 0) && (publicKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPublic,
+				     (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal,
+				     publicKeyFilename);
+    }
+    /* save the optional PEM public key */
+    if ((rc == 0) && (pemFilename != NULL)) {
+	rc = convertPublicToPEM(&out.outPublic,
+				pemFilename);
+    }
+    /* save the optional creation ticket */
+    if ((rc == 0) && (ticketFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.creationTicket,
+				     (MarshalFunction_t)TSS_TPMT_TK_CREATION_Marshal,
+				     ticketFilename);
+    }
+    /* save the optional creation hash */
+    if ((rc == 0) && (creationHashFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.creationHash.b.buffer,
+				      out.creationHash.b.size,
+				      creationHashFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("create: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("create: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("create\n");
+    printf("\n");
+    printf("Runs TPM2_Create\n");
+    printf("\n");
+    printf("\t-hp parent handle\n");
+    printf("\n");
+    printUsageTemplate();
+    printf("\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-pwdp\tpassword for parent key (default empty)]\n");
+    printf("\n");
+    printf("\t[-opu\tpublic key file name (default do not save)]\n");
+    printf("\t[-opr\tprivate key file name (default do not save)]\n");
+    printf("\t[-opem\tpublic key PEM format file name (default do not save)]\n");
+    printf("\t[-tk\toutput ticket file name (default do not save)]\n");
+    printf("\t[-ch\toutput creation hash file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/createek.c b/utils/createek.c
new file mode 100644
index 000000000..d15aa8f09
--- /dev/null
+++ b/utils/createek.c
@@ -0,0 +1,294 @@
+/********************************************************************************/
+/*										*/
+/*			     IWG EK Index Parsing				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This demo application shows the EK createprimary process.
+
+   It reads the EK template at 01c00004 (RSA) 01c0000c (EC)
+
+   It reads the EK nonce at 01c00003 (RSA) 01c0000b (EC)
+
+   It constructs an EK createprimary input and runs the command
+
+   It reads the EK certificate at 01c00002 (RSA) 01c0000a (EC) 
+
+   It compares the public key from the createprimary to that of the certificate.
+
+   If validates the EK certificate against the TPM vendor root CA certificate.
+
+   To validate certificate against the root, it must be in a file in PEM format.  The root typically
+   comes from the TPM vendor in DER (binary) format.  Convert using openssl, approximately:
+
+   > openssl x509 -inform der -outform pem -in certificate.der -out certificate.pem
+
+   This is a one time operation.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include "ekutils.h"
+
+/* local function prototypes */
+
+static void printUsage(void);
+
+/* possible utility commands */
+
+#define EKTemplateType		1
+#define EKNonceType		2
+#define EKCertType		3
+#define CreateprimaryType	4
+
+#define AlgRSA			1
+#define AlgEC			2
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    unsigned int		ui;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    int				inputType = 0;
+    const char 			*listFilename = NULL;
+    unsigned int		inputCount = 0;
+    unsigned int		algType = 0;
+    /* initialized to suppress false gcc -O3 warning */
+    TPMI_RH_NV_INDEX		ekCertIndex = 0;
+    TPMI_RH_NV_INDEX		ekNonceIndex = 0;
+    TPMI_RH_NV_INDEX		ekTemplateIndex = 0;
+    TPMT_PUBLIC 		tpmtPublic;
+    char			*rootFilename[MAX_ROOTS];
+    unsigned int		rootFileCount = 0;
+    unsigned char 		*nonce = NULL; 		/* freed @1 */
+    uint16_t 			nonceSize;
+    void 			*ekCertificate = NULL;
+    uint8_t 			*modulusBin = NULL;
+    int				modulusBytes;
+    unsigned int 		noFlush = 0;		/* default flush after validation */
+    TPM_HANDLE 			keyHandle;		/* primary key handle */
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* for free */
+    for (i = 0 ; i < MAX_ROOTS ; i++) {
+	rootFilename[i] = NULL;
+    }
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-te") == 0) {
+	    inputType = EKTemplateType;
+	    inputCount++;
+	}
+	else if (strcmp(argv[i],"-no") == 0) {
+	    inputType = EKNonceType;
+	    inputCount++;
+	}
+	else if (strcmp(argv[i],"-ce") == 0) {
+	    inputType = EKCertType;
+	    inputCount++;
+	}
+	else if (strcmp(argv[i],"-cp") == 0) {
+	    inputType = CreateprimaryType;
+	    inputCount++;
+	}
+	else if (strcmp(argv[i],"-root") == 0) {
+	    i++;
+	    if (i < argc) {
+		listFilename = argv[i];
+	    }
+	    else {
+		printf("-root option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-alg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    algType = AlgRSA;
+		    ekCertIndex = EK_CERT_RSA_INDEX;
+		    ekNonceIndex = EK_NONCE_RSA_INDEX;
+		    ekTemplateIndex = EK_TEMPLATE_RSA_INDEX;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    algType = AlgEC;
+		    ekCertIndex = EK_CERT_EC_INDEX;
+		    ekNonceIndex = EK_NONCE_EC_INDEX;
+		    ekTemplateIndex = EK_TEMPLATE_EC_INDEX;
+		}
+		else {
+		    printf("Bad parameter %s for -alg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-alg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-noflush") == 0) {
+	    noFlush = 1;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+ 	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (inputCount > 1) {
+	printf("Only one of -te, -no, -ce can be specified\n");
+	printUsage();
+    }
+    if ((inputCount == 0) && (listFilename == NULL)) {
+	printf("Nothing to do\n");
+	printUsage();
+    }
+    if (algType == 0) {
+	printf("-alg must be specified\n");
+	printUsage();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	switch (inputType) {
+	  case EKTemplateType:
+	    rc = processEKTemplate(tssContext, &tpmtPublic, ekTemplateIndex, TRUE);
+	    if (rc != 0) {
+		printf("No EK template\n");
+	    }
+	    break;
+	  case EKNonceType:
+	    rc = processEKNonce(tssContext, &nonce, &nonceSize, ekNonceIndex, TRUE);
+	    if (rc != 0) {
+		printf("No EK nonce\n");
+	    }
+	    break;
+	  case EKCertType:
+	    rc = processEKCertificate(tssContext,
+				      &ekCertificate,			/* freed @2 */
+				      &modulusBin, &modulusBytes,	/* freed @3 */
+				      ekCertIndex,
+				      TRUE);		/* print the EK certificate */
+	    break;
+	  case CreateprimaryType:
+	    rc = processPrimary(tssContext, &keyHandle,
+				ekCertIndex, ekNonceIndex, ekTemplateIndex,
+				noFlush, TRUE);
+	    break;
+	}
+    }
+    if (listFilename != NULL) {
+	if (rc == 0) {
+	    rc = getRootCertificateFilenames(rootFilename,	/* freed @4 */
+					     &rootFileCount,
+					     listFilename,
+					     tssUtilsVerbose);
+	}
+	if (rc == 0) {
+	    rc = processRoot(tssContext,
+			     ekCertIndex,
+			     (const char **)rootFilename,
+			     rootFileCount,
+			     TRUE); 
+	}
+    }
+    if ((rc == 0) && noFlush && (inputType == CreateprimaryType)) {
+	printf("Primary key Handle %08x\n", keyHandle);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    free(nonce);			/* @1 */
+    x509FreeStructure(ekCertificate);  	/* @2 */
+    free(modulusBin);			/* @3 */
+    for (ui = 0 ; ui < rootFileCount ; ui++) {
+	free(rootFilename[ui]);		/* @4 */
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createek\n");
+    printf("\n");
+    printf("Parses and prints the various EK NV indexes specified by the IWG\n");
+    printf("Creates a primary key based on the EK NV indexes\n");
+    printf("\n");
+    printf("\t-te\tprint EK Template \n");
+    printf("\t-no\tprint EK nonce \n");
+    printf("\t-ce\tprint EK certificate \n");
+    printf("\t-cp\tCreatePrimary using the EK template and EK nonce.\n");
+    printf("\t\tValidate the EK against the EK certificate\n");
+    printf("\t[-noflush\tDo not flush the primary key after validation]\n");
+    printf("\t[-root\tfilename - validate EK certificate against the root]\n");
+    printf("\t\tfilename contains a list of PEM format CA root certificate\n"
+	   "\t\tfilenames, one per line.\n");
+    printf("\t\tThe list may contain up to %u certificates.\n", MAX_ROOTS);
+    printf("\t-alg (rsa or ecc) \n");
+    exit(1);	
+}
diff --git a/utils/createekcert.c b/utils/createekcert.c
new file mode 100644
index 000000000..7985d5973
--- /dev/null
+++ b/utils/createekcert.c
@@ -0,0 +1,488 @@
+/********************************************************************************/
+/*										*/
+/*		TPM 2.0 Attestation - Client EK and EK certificate  		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This program provisions an EK certificate.  It is required only for a SW TPM, which does not, of
+   course, come with a certificate.
+
+   NOTE This is a one time operation unless the EPS is changed, typically through the TSS regression
+   test.  I suggest saving the NVChip file.
+
+   Steps implemented:
+
+   Create a primary key using the default IWG template
+   
+   Create a certificate using the CA key cakey.pem
+
+   Create NV Index if not already provisioned.
+
+   Write the certificate to NV.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscrypto.h>
+#include "ekutils.h"
+
+/* local function prototypes */
+
+static void printUsage(void);
+
+static TPM_RC defineEKCertIndex(TSS_CONTEXT *tssContext,
+				uint32_t certLength,	
+				TPMI_RH_NV_INDEX nvIndex,
+				const char *platformPassword);
+static TPM_RC storeEkCertificate(TSS_CONTEXT *tssContext,
+				 uint32_t certLength,
+				 unsigned char *certificate,	
+				 TPMI_RH_NV_INDEX nvIndex,
+				 const char *platformPassword);
+
+int vverbose = 0;
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    int 		rc = 0;
+    int			i;    /* argc iterator */
+    TSS_CONTEXT 	*tssContext = NULL;
+    int			noFlush = FALSE;
+    const char		*certificateFilename = NULL;
+    TPMI_RH_NV_INDEX	ekCertIndex = EK_CERT_RSA_INDEX;
+    /* the CA for endorsement key certificates */
+    const char 		*caKeyFileName = NULL;
+    const char 		*caKeyPassword = "";
+    const char		*platformPassword = NULL; 
+    TPMT_PUBLIC 	tpmtPublicOut;		/* primary key public part */
+    char 		*x509CertString = NULL;
+    char 		*pemCertString = NULL;
+    uint32_t 		certLength;
+    unsigned char 	*certificate = NULL;
+
+    /* FIXME may be better from command line or config file */
+    char *subjectEntries[] = {
+	"US",		/* 0 country */
+	"NY",		/* 1 state */
+	"Yorktown",	/* 2 locality*/
+	"IBM",		/* 3 organization */
+	NULL,		/* 4 organization unit */
+	"IBM SW TPM",	/* 5 common name */
+	NULL		/* 6 email */
+    };
+    /* FIXME should come from root certificate, cacert.pem, cacertec.pem */
+    char *rootIssuerEntriesRsa[] = {
+	"US"			,
+	"NY"			,
+	"Yorktown"		,
+	"IBM"			,
+	NULL			,
+	"EK CA"			,
+	NULL	
+    };
+    char *rootIssuerEntriesEc[] = {
+	"US"			,
+	"NY"			,
+	"Yorktown"		,
+	"IBM"			,
+	NULL			,
+	"EK EC CA"		,
+	NULL	
+    };
+    /* default RSA */
+    char 		**issuerEntries = rootIssuerEntriesRsa;
+    size_t		issuerEntriesSize = sizeof(rootIssuerEntriesRsa)/sizeof(char *);
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-noflush") == 0) {
+	    noFlush = TRUE;
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		certificateFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-alg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    ekCertIndex = EK_CERT_RSA_INDEX;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    ekCertIndex = EK_CERT_EC_INDEX;
+		}
+		else {
+		    printf("Bad parameter %s for -alg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-alg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-caalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    issuerEntries = rootIssuerEntriesRsa;
+		    issuerEntriesSize = sizeof(rootIssuerEntriesRsa)/sizeof(char *);
+		}
+		else if (strcmp(argv[i],"ec") == 0) {
+		    issuerEntries = rootIssuerEntriesEc;
+		    issuerEntriesSize = sizeof(rootIssuerEntriesEc)/sizeof(char *);
+		}
+		else {
+		    printf("Bad parameter %s for -caalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-alg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-cakey") == 0) {
+	    i++;
+	    if (i < argc) {
+		caKeyFileName = argv[i];
+	    }
+	    else {
+		printf("ERROR: Missing parameter for -cakey\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-capwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		caKeyPassword = argv[i];
+	    }
+	    else {
+		printf("ERROR: Missing parameter for -capwd\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		platformPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = 1;
+	}
+	else if (strcmp(argv[i],"-vv") == 0) {
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");	/* trace entire TSS */
+	    tssUtilsVerbose = 1;
+	    vverbose = 1;
+	}
+	else {
+ 	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (caKeyFileName == NULL) {
+	printf("ERROR: Missing -cakey\n");
+	printUsage();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* create a primary EK using the default IWG template */
+    if (rc == 0) {
+	TPM_HANDLE keyHandle;
+	rc = processCreatePrimary(tssContext,
+				  &keyHandle,
+				  ekCertIndex,		/* RSA or EC */
+				  NULL, 0,		/* EK nonce, can be NULL */
+				  NULL,			/* template */
+				  &tpmtPublicOut,	/* primary key */
+				  noFlush,
+				  tssUtilsVerbose);		/* print errors */
+    }
+    /* create the EK certificate from the EK public key, using the above issuer and subject */
+    if (rc == 0) {
+	rc = createCertificate(&x509CertString,			/* freed @3 */
+			       &pemCertString,			/* freed @2 */
+			       &certLength,
+			       &certificate,			/* output, freed @1 */
+			       &tpmtPublicOut,			/* public key to be certified */
+			       caKeyFileName,			/* CA signing key */
+			       issuerEntriesSize,
+			       issuerEntries,			/* certificate issuer */
+			       sizeof(subjectEntries)/sizeof(char *),
+			       subjectEntries,			/* certificate subject */
+			       caKeyPassword);			/* CA signing key password */
+    }
+    /* If the NV index is not defined, define it */
+    if (rc == 0) {
+	rc = defineEKCertIndex(tssContext,
+			       certLength,	
+			       ekCertIndex,
+			       platformPassword);
+    }
+    /* store the EK certificate in NV */
+    if (rc == 0) {
+	rc = storeEkCertificate(tssContext,
+				certLength, certificate,	
+				ekCertIndex,
+				platformPassword);
+    }
+    /* optionally store the certificate in DER format */
+    if ((rc == 0) && (certificateFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(certificate, certLength, certificateFilename);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    free(certificate);			/* @1 */
+    free(pemCertString);		/* @2 */
+    free(x509CertString);		/* @3 */
+    return rc;
+}
+
+/* defineEKCertIndex() defines the EK certificate index if it is not already defined */
+
+static TPM_RC defineEKCertIndex(TSS_CONTEXT *tssContext,
+				uint32_t certLength,	
+				TPMI_RH_NV_INDEX nvIndex,
+				const char *platformPassword)
+{
+    TPM_RC 		rc = 0;
+    NV_ReadPublic_In 	nvReadPublicIn;
+    NV_ReadPublic_Out	nvReadPublicOut;
+    NV_DefineSpace_In 	nvDefineSpaceIn;
+    
+    /* read metadata to make sure the index is there, the size is sufficient, and get the Name */
+    if (tssUtilsVerbose) printf("defineEKCertIndex: certificate length %u\n", certLength);
+    if (rc == 0) {
+	nvReadPublicIn.nvIndex = nvIndex;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&nvReadPublicOut,
+			 (COMMAND_PARAMETERS *)&nvReadPublicIn,
+			 NULL,
+			 TPM_CC_NV_ReadPublic,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    /* if already defined, check the size */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("defineEKCertIndex: defined data size %u\n",
+			    nvReadPublicOut.nvPublic.nvPublic.dataSize);
+	if (nvReadPublicOut.nvPublic.nvPublic.dataSize < certLength) {
+	    printf("defineEKCertIndex: data size %u insufficient for certificate %u\n",
+		   nvReadPublicOut.nvPublic.nvPublic.dataSize, certLength);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    else if ((rc & 0xff) == TPM_RC_HANDLE) {
+	rc = 0;		/* not an error yet, define the index for the EK certificate */
+	nvDefineSpaceIn.authHandle = TPM_RH_PLATFORM;
+	nvDefineSpaceIn.auth.b.size = 0;					/* empty auth */
+	nvDefineSpaceIn.publicInfo.nvPublic.authPolicy.t.size = 0;		/* empty policy */
+	nvDefineSpaceIn.publicInfo.nvPublic.nvIndex = nvIndex;	/* handle of the data area */
+	nvDefineSpaceIn.publicInfo.nvPublic.nameAlg = TPM_ALG_SHA256; 	/* name hash algorithm */
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val = 0;
+	/* PC Client specification */
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val |= TPMA_NVA_ORDINARY;
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val |= TPMA_NVA_PLATFORMCREATE;
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val |= TPMA_NVA_AUTHREAD;
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val |= TPMA_NVA_NO_DA;
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val |= TPMA_NVA_PPWRITE;
+	/* required for Microsoft Windows certification test */
+	nvDefineSpaceIn.publicInfo.nvPublic.attributes.val |= TPMA_NVA_OWNERREAD; 
+	if (certLength < 1000) {
+	    nvDefineSpaceIn.publicInfo.nvPublic.dataSize = 1000;		/* minimum size */
+	}
+	else {
+	    nvDefineSpaceIn.publicInfo.nvPublic.dataSize = certLength;
+	}
+	/* call TSS to execute the command */
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     NULL,
+			     (COMMAND_PARAMETERS *)&nvDefineSpaceIn,
+			     NULL,
+			     TPM_CC_NV_DefineSpace,
+			     TPM_RS_PW, platformPassword, 0,
+			     TPM_RH_NULL, NULL, 0);
+	}
+    }
+    if (rc != 0) {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("defineEKCertIndex: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	printf("ERROR: defineEKCertIndex: requires certificate min length %u at index %08x\n",
+	       certLength, nvIndex);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* storeEkCertificate() writes the EK certificate at the specified NV index.  It does not define the
+   NV index.  */
+
+static TPM_RC storeEkCertificate(TSS_CONTEXT *tssContext,
+				 uint32_t certLength,
+				 unsigned char *certificate,	
+				 TPMI_RH_NV_INDEX nvIndex,
+				 const char *platformPassword)
+{
+    TPM_RC 		rc = 0;
+    NV_Write_In 	nvWriteIn;
+    uint32_t 		nvBufferMax;		/* max write in one chunk */
+    uint16_t 		bytesWritten;		/* bytes written so far */
+    int			done = FALSE;
+
+    if (rc == 0) {
+	rc = readNvBufferMax(tssContext,
+			     &nvBufferMax);
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("storeEkCertificate: writing %u bytes to %08x\n",
+			    certLength, nvIndex);
+	nvWriteIn.authHandle = TPM_RH_PLATFORM;  
+	nvWriteIn.nvIndex = nvIndex;
+	nvWriteIn.offset = 0;
+	bytesWritten = 0;	/* bytes written so far */
+    }
+    while ((rc == 0) && !done) {
+	uint16_t writeBytes;		/* bytes to write in this pass */
+	if (rc == 0) {
+	    nvWriteIn.offset = bytesWritten;
+	    if ((uint32_t)(certLength - bytesWritten) < nvBufferMax) {
+		writeBytes = certLength - bytesWritten;	/* last chunk */
+	    }
+	    else {
+		writeBytes = nvBufferMax;	/* next chunk */
+	    }
+	    rc = TSS_TPM2B_Create(&nvWriteIn.data.b, certificate + bytesWritten, writeBytes,
+				  sizeof(nvWriteIn.data.t.buffer));
+	}
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     NULL,
+			     (COMMAND_PARAMETERS *)&nvWriteIn,
+			     NULL,
+			     TPM_CC_NV_Write,
+			     TPM_RS_PW, platformPassword, 0,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    bytesWritten += writeBytes;
+	    if (bytesWritten == certLength) {
+		done = TRUE;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("storeEkCertificate: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("storeEkCertificate: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	if (rc == TSS_RC_FILE_OPEN) {
+	    printf("Possible cause: missing nvreadpublic before nvwrite\n");
+	}
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createekcert\n");
+    printf("\n");
+    printf("Provisions an EK certificate, using the default IWG template\n");
+    printf("E.g.,\n");
+    printf("\n");
+    printf("Usage: createekcert -alg rsa -cakey cakey.pem    -capwd rrrr -v\n");
+    printf("or:    createekcert -alg ecc -cakey cakeyecc.pem -capwd rrrr -caalg ec -v\n");
+    printf("\n");
+    printf("\t[-pwdp\t\tplatform hierarchy password (default empty)]\n");
+    printf("\t-cakey\t\tCA PEM key file name\n");
+    printf("\t[-capwd\t\tCA PEM key password (default empty)]\n");
+    printf("\t[-caalg\t\tCA key algorithm (rsa or ec) (default rsa)]\n");
+    printf("\t[-alg\t\t(rsa or ecc certificate) (default rsa)]\n");
+    printf("\t[-noflush\tdo not flush the primary key]\n");
+    printf("\t[-of\t\tDER certificate output file name]\n");
+    printf("\n");
+    printf("Currently:\n");
+    printf("\n");
+    printf("\tCertificate issuer, subject, and validity are hard coded.\n");
+    exit(1);	
+}
diff --git a/utils/createloaded.c b/utils/createloaded.c
new file mode 100644
index 000000000..232c16cae
--- /dev/null
+++ b/utils/createloaded.c
@@ -0,0 +1,620 @@
+/********************************************************************************/
+/*										*/
+/*			    Create Loaded					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+#include "objecttemplates.h"
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    CreateLoaded_In 		in;
+    CreateLoaded_Out		out;
+    TPMT_PUBLIC			publicArea;
+    TPMI_DH_OBJECT		parentHandle = 0;
+    TPMA_OBJECT			addObjectAttributes;
+    TPMA_OBJECT			deleteObjectAttributes;
+    int 			derived = FALSE;	/* parent is derivation parent */
+    int				keyType = 0;
+    uint32_t 			keyTypeSpecified = 0;
+    int				rev116 = FALSE;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    TPMI_ECC_CURVE		curveID = TPM_ECC_NONE;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    const char			*policyFilename = NULL;
+    const char			*publicKeyFilename = NULL;
+    const char			*privateKeyFilename = NULL;
+    const char			*pemFilename = NULL;
+    const char 			*dataFilename = NULL;
+    const char			*keyPassword = NULL; 
+    const char			*parentPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    addObjectAttributes.val = 0;
+    addObjectAttributes.val |= TPMA_OBJECT_NODA;
+    deleteObjectAttributes.val = 0;
+ 	
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-bl") == 0) {
+	    keyType = TYPE_BL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-den") == 0) {
+	    keyType = TYPE_DEN;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-deo") == 0) {
+	    keyType = TYPE_DEO;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-des") == 0) {
+	    keyType = TYPE_DES;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-st") == 0) {
+	    keyType = TYPE_ST;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-si") == 0) {
+	    keyType = TYPE_SI;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-sir") == 0) {
+	    keyType = TYPE_SIR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-kh") == 0) {
+	    keyType = TYPE_KH;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-khr") == 0) {
+	    keyType = TYPE_KHR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dp") == 0) {
+	    keyType = TYPE_DP;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-gp") == 0) {
+	    keyType = TYPE_GP;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-116") == 0) {
+	    rev116 = TRUE;
+	}
+	else if (strcmp(argv[i], "-der") == 0) {
+	    derived = TRUE;
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"bnp256") == 0) {
+		    curveID = TPM_ECC_BN_P256;
+		}
+		else if (strcmp(argv[i],"nistp256") == 0) {
+		    curveID = TPM_ECC_NIST_P256;
+		}
+		else if (strcmp(argv[i],"nistp384") == 0) {
+		    curveID = TPM_ECC_NIST_P384;
+		}
+		else {
+		    printf("Bad parameter %s for -ecc\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-ecc option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-kt") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (i < argc) {
+		    if (strcmp(argv[i], "f") == 0) {
+			addObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+		    }
+		    else if (strcmp(argv[i], "p") == 0) {
+			addObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+		    }
+		    else if (strcmp(argv[i], "nf") == 0) {
+			deleteObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+		    }
+		    else if (strcmp(argv[i], "np")  == 0) {
+			deleteObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+		    }
+		    else if (strcmp(argv[i], "ed")  == 0) {
+			addObjectAttributes.val |= TPMA_OBJECT_ENCRYPTEDDUPLICATION;
+		    }
+		    else {
+			printf("Bad parameter %c for -kt\n", argv[i][0]);
+			printUsage();
+		    }
+		}
+	    }
+	    else {
+		printf("Missing parameter for -kt\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-uwa") == 0) {
+	    deleteObjectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	}
+	else if (strcmp(argv[i], "-da") == 0) {
+	    addObjectAttributes.val &= ~TPMA_OBJECT_NODA;
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opr") == 0) {
+	    i++;
+	    if (i < argc) {
+		privateKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemFilename = argv[i];
+	    }
+	    else {
+		printf("-opem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pol") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyFilename = argv[i];
+	    }
+	    else {
+		printf("-pol option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (parentHandle == 0) {
+	printf("Missing handle parameter -hp\n");
+	printUsage();
+    }
+    if (keyTypeSpecified != 1) {
+	printf("Missing key attributes\n");
+	printUsage();
+    }
+    switch (keyType) {
+      case TYPE_BL:
+	if (dataFilename == NULL) {
+	    printf("-bl needs -if (sealed data object needs data to seal)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_ST:
+      case TYPE_DEN:
+      case TYPE_DEO:
+      case TYPE_SI:
+      case TYPE_SIR:
+      case TYPE_GP:
+	if (dataFilename != NULL) {
+	    printf("asymmetric key cannot have -if (sensitive data)\n");
+	    printUsage();
+	}
+      case TYPE_DES:
+      case TYPE_KH:
+      case TYPE_KHR:
+      case TYPE_DP:
+	/* inSensitive optional for symmetric keys */
+	break;
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+    }
+    /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE inSensitive */
+    if (rc == 0) {
+	/* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure <IN>sensitive  */
+	/* Table 75 - Definition of Types for TPM2B_AUTH userAuth */
+	if (keyPassword == NULL) {
+	    in.inSensitive.sensitive.userAuth.t.size = 0;
+	}
+	else {
+	    rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b,
+				      keyPassword,
+				      sizeof(in.inSensitive.sensitive.userAuth.t.buffer));
+	}
+    }
+    if (rc == 0) {
+	/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */
+	if (dataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b,
+				 sizeof(in.inSensitive.sensitive.data.t.buffer),
+				 dataFilename);
+	}
+	else {
+	    in.inSensitive.sensitive.data.t.size = 0;
+	}
+    }
+    /* TPM2B_PUBLIC */
+    if (rc == 0) {
+	switch (keyType) {
+	  case TYPE_BL:
+	    rc = blPublicTemplate(&publicArea,
+				  addObjectAttributes, deleteObjectAttributes,
+				  nalg,
+				  policyFilename);
+	    break;
+	  case TYPE_ST:
+	  case TYPE_DEN:
+	  case TYPE_DEO:
+	  case TYPE_SI:
+	  case TYPE_SIR:
+	  case TYPE_GP:
+	    rc = asymPublicTemplate(&publicArea,
+				    addObjectAttributes, deleteObjectAttributes,
+				    keyType, algPublic, curveID, nalg, halg,
+				    policyFilename);
+	    break;
+	  case TYPE_DES:
+	    rc = symmetricCipherTemplate(&publicArea,
+					 addObjectAttributes, deleteObjectAttributes,
+					 nalg, rev116,
+					 policyFilename);
+	    break;
+	  case TYPE_KH:
+	  case TYPE_KHR:
+	    rc = keyedHashPublicTemplate(&publicArea,
+					 addObjectAttributes, deleteObjectAttributes,
+					 keyType, nalg, halg,
+					 policyFilename);
+	    break;
+	  case TYPE_DP:
+	    rc = derivationParentPublicTemplate(&publicArea,
+						addObjectAttributes, deleteObjectAttributes,
+						nalg, halg,
+						policyFilename);
+	} 
+    }
+    /* marshal the TPMT_PUBLIC into the TPM2B_TEMPLATE */
+    if (rc == 0) {
+	uint16_t written = 0;
+	uint32_t size = sizeof(in.inPublic.t.buffer);
+	uint8_t *buffer = in.inPublic.t.buffer;
+	if (!derived) {		/* not derivation parent */
+	    rc = TSS_TPMT_PUBLIC_Marshalu(&publicArea, &written, &buffer, &size);
+	}
+	else {			/* derivation parent */
+	    /* The API changed from rev 142 to 146.  This is the 146 API.  It is unlikely that any
+	       138 HW TPM will implement the 142 errata, but care must be taken to use a current SW
+	       TPM. */
+	    /* derived key has TPMS_CONTEXT parameter */
+	    publicArea.unique.derive.label.t.size = 0;
+	    publicArea.unique.derive.context.t.size = 0;
+	    /* sensitiveDataOrigin has to be CLEAR in a derived object */	
+	    publicArea.objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	    rc = TSS_TPMT_PUBLIC_D_Marshalu(&publicArea, &written, &buffer, &size);
+	}
+	in.inPublic.t.size = written;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_CreateLoaded,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the private key */
+    if ((rc == 0) && (privateKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPrivate,
+				     (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal,
+				     privateKeyFilename);
+    }
+    /* save the public key */
+    if ((rc == 0) && (publicKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPublic,
+				     (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal,
+				     publicKeyFilename);
+    }
+    /* save the optional PEM public key */
+    if ((rc == 0) && (pemFilename != NULL)) {
+	rc = convertPublicToPEM(&out.outPublic,
+				pemFilename);
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.objectHandle);
+	if (tssUtilsVerbose) printf("createloaded: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("createloaded: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createloaded\n");
+    printf("\n");
+    printf("Runs TPM2_CreateLoaded\n");
+    printf("\n");
+    printf("\t-hp parent handle (can be hierarchy)\n");
+    printf("\t\t40000001 Owner\n");
+    printf("\t\t4000000c Platform\n");
+    printf("\t\t4000000b Endorsement\n");
+    printf("\n");
+    printUsageTemplate();
+    printf("\n");
+    printf("\t[-der\tobject's parent is a derivation parent]\n");
+    printf("\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-pwdp\tpassword for parent key (default empty)]\n");
+    printf("\n");
+    printf("\t[-opu\tpublic key file name (default do not save)]\n");
+    printf("\t[-opr\tprivate key file name (default do not save)]\n");
+    printf("\t[-opem\tpublic key PEM format file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/createprimary.c b/utils/createprimary.c
new file mode 100644
index 000000000..c2f2eaffb
--- /dev/null
+++ b/utils/createprimary.c
@@ -0,0 +1,791 @@
+/********************************************************************************/
+/*										*/
+/*			    Create Primary	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+
+#include "objecttemplates.h"
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    CreatePrimary_In 		in;
+    CreatePrimary_Out 		out;
+    char 			hierarchyChar = 'n';
+    TPMI_RH_HIERARCHY		primaryHandle = TPM_RH_NULL;
+    TPMA_OBJECT			addObjectAttributes;
+    TPMA_OBJECT			deleteObjectAttributes;
+    int				keyType = TYPE_ST;
+    uint32_t 			keyTypeSpecified = 0;
+    int				rev116 = FALSE;
+    const char 			*uniqueFilename = NULL;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    TPMI_ECC_CURVE		curveID = TPM_ECC_NONE;
+    const char			*policyFilename = NULL;
+    const char			*publicKeyFilename = NULL;
+    const char			*pemFilename = NULL;
+    const char			*ticketFilename = NULL;
+    const char			*creationHashFilename = NULL;
+    const char 			*dataFilename = NULL;
+    const char			*keyPassword = NULL; 
+    const char			*parentPassword = NULL; 
+    const char			*parentPasswordFilename = NULL; 
+    const char			*parentPasswordPtr = NULL; 
+    uint8_t			*parentPasswordBuffer = NULL;		/* for the free */
+    size_t 			parentPasswordLength = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    addObjectAttributes.val = 0;
+    addObjectAttributes.val |= TPMA_OBJECT_NODA;
+    addObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+    addObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+    deleteObjectAttributes.val = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-bl") == 0) {
+	    keyType = TYPE_BL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-den") == 0) {
+	    keyType = TYPE_DEN;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-deo") == 0) {
+	    keyType = TYPE_DEO;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-des") == 0) {
+	    keyType = TYPE_DES;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-st") == 0) {
+	    keyType = TYPE_ST;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-si") == 0) {
+	    keyType = TYPE_SI;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-sir") == 0) {
+	    keyType = TYPE_SIR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dau") == 0) {
+	    keyType = TYPE_DAA;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dar") == 0) {
+	    keyType = TYPE_DAAR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-kh") == 0) {
+	    keyType = TYPE_KH;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-khr") == 0) {
+	    keyType = TYPE_KHR;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-dp") == 0) {
+	    keyType = TYPE_DP;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-gp") == 0) {
+	    keyType = TYPE_GP;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-116") == 0) {
+	    rev116 = TRUE;
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"bnp256") == 0) {
+		    curveID = TPM_ECC_BN_P256;
+		}
+		else if (strcmp(argv[i],"nistp256") == 0) {
+		    curveID = TPM_ECC_NIST_P256;
+		}
+		else if (strcmp(argv[i],"nistp384") == 0) {
+		    curveID = TPM_ECC_NIST_P384;
+		}
+		else {
+		    printf("Bad parameter %s for -ecc\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-ecc option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-kt") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i], "f") == 0) {
+		    addObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+   		}
+		else if (strcmp(argv[i], "p") == 0) {
+		    addObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+		}
+		else if (strcmp(argv[i], "nf") == 0) {
+		    deleteObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+		}
+		else if (strcmp(argv[i], "np")  == 0) {
+		    deleteObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+		}
+		else if (strcmp(argv[i], "ed")  == 0) {
+		    addObjectAttributes.val |= TPMA_OBJECT_ENCRYPTEDDUPLICATION;
+		}
+		else {
+		    printf("Bad parameter %s for -kt\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -kt\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-uwa") == 0) {
+	    deleteObjectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	}
+	else if (strcmp(argv[i], "-da") == 0) {
+	    addObjectAttributes.val &= ~TPMA_OBJECT_NODA;
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdpi") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPasswordFilename = argv[i];
+	    }
+	    else {
+		printf("-pwdpi option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-iu") == 0) {
+	    i++;
+	    if (i < argc) {
+		uniqueFilename = argv[i];
+	    }
+	    else {
+		printf("-iu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemFilename = argv[i];
+	    }
+	    else {
+		printf("-opem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ch") == 0) {
+	    i++;
+	    if (i < argc) {
+		creationHashFilename = argv[i];
+	    }
+	    else {
+		printf("-ch option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pol") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyFilename = argv[i];
+	    }
+	    else {
+		printf("-pol option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyTypeSpecified > 1) {
+	printf("Too many key attributes\n");
+	printUsage();
+    }
+    switch (keyType) {
+      case TYPE_BL:
+	if (dataFilename == NULL) {
+	    printf("-bl needs -if (sealed data object needs data to seal)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_DAA:
+      case TYPE_DAAR:
+	if (algPublic != TPM_ALG_ECC) {
+	    printf("-dau and -dar need -ecc\n");
+ 	    printUsage();
+	}
+	if (dataFilename != NULL) {
+	    printf("asymmetric key cannot have -if (sensitive data)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_ST:
+      case TYPE_DEN:
+      case TYPE_DEO:
+      case TYPE_SI:
+      case TYPE_SIR:
+      case TYPE_GP:
+	if (dataFilename != NULL) {
+	    printf("asymmetric key cannot have -if (sensitive data)\n");
+	    printUsage();
+	}
+	break;
+      case TYPE_DES:
+      case TYPE_KH:
+      case TYPE_KHR:
+      case TYPE_DP:
+	/* inSensitive optional for symmetric keys */
+	break;
+    }
+    if (rc == 0) {
+	if ((parentPassword != NULL) && (parentPasswordFilename != NULL)) {
+	    printf("Cannot specify both -pwdp and -pwdpi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	/* command auth from string */
+	if (parentPassword != NULL) {
+	    parentPasswordPtr = parentPassword; 
+	}
+	/* command parent from file */
+	else if (parentPasswordFilename != NULL) {
+	    if (rc == 0) {
+		/* must be freed by caller */
+		rc = TSS_File_ReadBinaryFile(&parentPasswordBuffer,	/* freed @1 */
+					     &parentPasswordLength,
+					     parentPasswordFilename);
+	    }
+	    if (rc == 0) {
+		if (parentPasswordLength > sizeof(TPMU_HA)) {
+		    printf("Password too long %u\n", (unsigned int)parentPasswordLength);
+		    rc = TSS_RC_INSUFFICIENT_BUFFER;
+		}
+	    }
+	    if (rc == 0) {
+		parentPasswordPtr = (const char *)parentPasswordBuffer;
+	    }
+	}
+	/* no command parent specified */
+	else {
+	    parentPasswordPtr = NULL;
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'e') {
+	    primaryHandle = TPM_RH_ENDORSEMENT;
+	}
+	else if (hierarchyChar == 'o') {
+	    primaryHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    primaryHandle = TPM_RH_PLATFORM;
+	}
+	else if (hierarchyChar == 'n') {
+	    primaryHandle = TPM_RH_NULL;
+	}
+	else {
+	    printf("Bad parameter %c for -hi\n", hierarchyChar);
+	    printUsage();
+	}
+	in.primaryHandle = primaryHandle;
+    }
+    /* Table 134 - TPM2B_SENSITIVE_CREATE inSensitive */
+    if (rc == 0) {
+	/* Table 133 - TPMS_SENSITIVE_CREATE */
+	{
+	    if (keyPassword == NULL) {
+		in.inSensitive.sensitive.userAuth.t.size = 0;
+	    }
+	    else {
+		rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b,
+					  keyPassword,
+					  sizeof(in.inSensitive.sensitive.userAuth.t.buffer));
+	    }
+	}
+    }
+    if (rc == 0) {
+	/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */
+	if (dataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b,
+				 sizeof(in.inSensitive.sensitive.data.t.buffer),
+				 dataFilename);
+	}
+	else {
+	    in.inSensitive.sensitive.data.t.size = 0;
+	}
+    }
+    /* Table 185 - TPM2B_PUBLIC	inPublic */
+    if (rc == 0) {
+	switch (keyType) {
+	  case TYPE_BL:
+	    rc = blPublicTemplate(&in.inPublic.publicArea,
+				  addObjectAttributes, deleteObjectAttributes,
+				  nalg,
+				  policyFilename);
+	    break;
+	  case TYPE_ST:
+	  case TYPE_DAA:
+	  case TYPE_DAAR:
+	  case TYPE_DEN:
+	  case TYPE_DEO:
+	  case TYPE_SI:
+	  case TYPE_SIR:
+	  case TYPE_GP:
+	    rc = asymPublicTemplate(&in.inPublic.publicArea,
+				    addObjectAttributes, deleteObjectAttributes,
+				    keyType, algPublic, curveID, nalg, halg,
+				    policyFilename);
+	    break;
+	  case TYPE_DES:
+	    rc = symmetricCipherTemplate(&in.inPublic.publicArea,
+					 addObjectAttributes, deleteObjectAttributes,
+					 nalg, rev116,
+					 policyFilename);
+	    break;
+	  case TYPE_KH:
+	  case TYPE_KHR:
+	    rc = keyedHashPublicTemplate(&in.inPublic.publicArea,
+					 addObjectAttributes, deleteObjectAttributes,
+					 keyType, nalg, halg,
+					 policyFilename);
+	    break;
+	  case TYPE_DP:
+	    rc = derivationParentPublicTemplate(&in.inPublic.publicArea,
+						addObjectAttributes, deleteObjectAttributes,
+						nalg, halg,
+						policyFilename);
+	    break;
+	}
+    }
+    /* Table 177 - TPMU_PUBLIC_ID unique */
+    /* Table 158 - TPM2B_PUBLIC_KEY_RSA rsa */
+    if (rc == 0) {
+	if (uniqueFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.inPublic.publicArea.unique.rsa.b,
+				 sizeof(in.inPublic.publicArea.unique.rsa.t.buffer),
+				 uniqueFilename);
+	}
+	else {
+	    in.inPublic.publicArea.unique.rsa.t.size = 0;
+	}
+    }
+    /* TPM2B_DATA outsideInfo */
+    if (rc == 0) {
+	in.outsideInfo.t.size = 0;
+    }
+    /* Table 102 - TPML_PCR_SELECTION */
+    /* TPML_PCR_SELECTION	creationPCR */
+    if (rc == 0) {
+	in.creationPCR.count = 0;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_CreatePrimary,
+			 sessionHandle0, parentPasswordPtr, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /*
+      validate the creation data
+    */
+    {
+	uint16_t	written = 0;
+	uint8_t		*buffer = NULL;		/* for the free */
+	uint32_t 	sizeInBytes;
+	TPMT_HA		digest;
+
+	/* get the digest size from the Name algorithm */
+	if (rc == 0) {
+	    sizeInBytes = TSS_GetDigestSize(nalg);
+	    if (out.creationHash.b.size != sizeInBytes) {
+		printf("createprimary: failed, "
+		       "creationData size %u incompatible with name algorithm %04x\n",
+		       out.creationHash.b.size, nalg);
+		rc = EXIT_FAILURE;
+	    }
+	}
+	/* re-marshal the output structure */
+	if (rc == 0) {
+	    rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				       &written,
+				       &out.creationData.creationData,
+				       (MarshalFunction_t)TSS_TPMS_CREATION_DATA_Marshal);
+	}
+	/* recalculate the creationHash from creationData */
+	if (rc == 0) {
+	    digest.hashAlg = nalg;			/* Name digest algorithm */
+	    rc = TSS_Hash_Generate(&digest,	
+				   written, buffer,
+				   0, NULL);
+	}
+	/* compare the digest to creation hash */
+	if (rc == 0) {
+	    int irc;
+	    irc = memcmp((uint8_t *)&digest.digest, &out.creationHash.b.buffer, sizeInBytes);
+	    if (irc != 0) {
+		printf("createprimary: failed, creationData hash does not match creationHash\n");
+		rc = EXIT_FAILURE;
+	    }
+	}
+	free(buffer);	/* @1 */
+    }
+    /* save the public key */
+    if ((rc == 0) && (publicKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPublic,
+				     (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal,
+				     publicKeyFilename);
+    }
+    /* save the optional PEM public key */
+    if ((rc == 0) && (pemFilename != NULL)) {
+	rc = convertPublicToPEM(&out.outPublic,
+				pemFilename);
+    }
+    /* save the optional creation ticket */
+    if ((rc == 0) && (ticketFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.creationTicket,
+				     (MarshalFunction_t)TSS_TPMT_TK_CREATION_Marshal,
+				     ticketFilename);
+    }
+    /* save the optional creation hash */
+    if ((rc == 0) && (creationHashFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.creationHash.b.buffer,
+				      out.creationHash.b.size,
+				      creationHashFilename);
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.objectHandle);
+	if (algPublic == TPM_ALG_RSA) {
+	    if (tssUtilsVerbose) TSS_PrintAll("createprimary: public modulus",
+				      out.outPublic.publicArea.unique.rsa.t.buffer,
+				      out.outPublic.publicArea.unique.rsa.t.size);
+	}
+	else if (algPublic == TPM_ALG_ECC) {
+	    if (tssUtilsVerbose) TSS_PrintAll("createprimary: public point X",
+				      out.outPublic.publicArea.unique.ecc.x.t.buffer,
+				      out.outPublic.publicArea.unique.ecc.x.t.size);
+	    if (tssUtilsVerbose) TSS_PrintAll("createprimary: public point Y",
+				      out.outPublic.publicArea.unique.ecc.y.t.buffer,
+				      out.outPublic.publicArea.unique.ecc.y.t.size);
+	}
+	if (tssUtilsVerbose) printf("createprimary: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("createprimary: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(parentPasswordBuffer);		/* @1 */
+    parentPasswordBuffer = NULL;
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createprimary creates a primary storage key\n");
+    printf("\n");
+    printf("Runs TPM2_CreatePrimary\n");
+    printf("\n");
+    printf("\t[-hi\t\thierarchy (e, o, p, n) (default null)]\n");
+    printf("\t[-pwdp\t\tpassword for hierarchy (default empty)]\n");
+    printf("\t[-pwdpi\t\tpassword file name for hierarchy (default empty)]\n");
+    printf("\t[-pwdk\t\tpassword for key (default empty)]\n");
+    printf("\t[-iu\t\tinPublic unique field file (default none)]\n");
+    printf("\t[-opu\t\tpublic key file name (default do not save)]\n");
+    printf("\t[-opem\t\tpublic key PEM format file name (default do not save)]\n");
+    printf("\t[-tk\t\toutput ticket file name]\n");
+    printf("\t[-ch\t\toutput creation hash file name]\n");
+    printf("\n");
+    printUsageTemplate();
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c
new file mode 100644
index 000000000..3b15ae170
--- /dev/null
+++ b/utils/cryptoutils.c
@@ -0,0 +1,2069 @@
+/********************************************************************************/
+/*										*/
+/*			OpenSSL Crypto Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* These functions are worthwhile sample code that probably (judgment call) do not belong in the TSS
+   library.
+
+   They abstract out crypto library functions.
+
+   They show how to convert public or private EC or RSA among PEM format <-> EVP format <-> EC_KEY
+   or RSA format <-> binary arrays <-> TPM format TPM2B_PRIVATE, TPM2B_SENSITIVE, TPM2B_PUBLIC
+   usable for loadexternal or import.
+
+   There are functions to convert public keys from TPM <-> RSA, ECC <-> PEM, and to verify a TPM
+   signature using a PEM format public key.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <limits.h>
+
+#ifndef TPM_TSS_NORSA
+#include <openssl/rsa.h>
+#endif /* TPM_TSS_NORSA */
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
+#ifndef TPM_TSS_NOECC
+#include <openssl/ec.h>
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#include <ibmtss/tssfile.h>
+#endif
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/Implementation.h>
+
+#include "objecttemplates.h"
+#include "cryptoutils.h"
+
+/* verbose tracing flag shared by command line utilities */
+
+int tssUtilsVerbose;
+
+/* openssl compatibility functions, during the transition from 1.0.1, 1.0.2, 1.1.0, 1.1.1.  Some
+   structures were made opaque, with gettters and setters.  Some parameters were made const.  Some
+   function names changed. */
+
+/* Some functions add const to parameters as of openssl 1.1.0 */
+
+/* These functions are only required for OpenSSL 1.0.  OpenSSL 1.1 has them, and the structures are
+   opaque. */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+	return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL) {
+	*pr = sig->r;
+    }
+    if (ps != NULL) {
+	*ps = sig->s;
+    }
+    return;
+}
+
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+{
+    return x->cert_info->signature;
+}
+
+void RSA_get0_key(const RSA *rsaKey,
+		  const BIGNUM **n,
+		  const BIGNUM **e,
+		  const BIGNUM **d)
+{
+    if (n != NULL) {
+	*n = rsaKey->n;
+    }
+    if (e != NULL) {
+	*e = rsaKey->e;
+    }
+    if (d != NULL) {
+	*d = rsaKey->d;
+    }
+    return;
+}
+
+void RSA_get0_factors(const RSA *rsaKey,
+		      const BIGNUM **p,
+		      const BIGNUM **q)
+{
+    if (p != NULL) {
+	*p = rsaKey->p;
+    }
+    if (q != NULL) {
+	*q = rsaKey->q;
+    }
+    return;
+}
+
+#endif	/* pre openssl 1.1 */
+
+/* These functions are only required for OpenSSL 1.0.1 OpenSSL 1.0.2 has them, and the structures
+   are opaque.   In 1.1.0, the parameters became const.  */
+
+#if OPENSSL_VERSION_NUMBER < 0x10002000
+
+void X509_get0_signature(OSSLCONST ASN1_BIT_STRING **psig,
+                         OSSLCONST X509_ALGOR **palg, const X509 *x)
+{
+    *psig = x->signature;
+    *palg = x->sig_alg;
+    return;
+}
+
+#endif	/* pre openssl 1.0.2 */
+
+#ifndef TPM_TSS_NOFILE
+
+/* getCryptoLibrary() returns a string indicating the underlying crypto library.
+
+   It can be used for programs that must account for library differences.
+*/
+
+void getCryptoLibrary(const char **name)
+{
+    *name = "openssl";
+    return;
+}
+    
+/* convertPemToEvpPrivKey() converts a PEM key file to an openssl EVP_PKEY key pair */
+
+TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey,		/* freed by caller */
+			      const char *pemKeyFilename,
+			      const char *password)
+{
+    TPM_RC 	rc = 0;
+    FILE 	*pemKeyFile = NULL;
+
+    if (rc == 0) {
+	rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); 	/* closed @2 */
+    }
+    if (rc == 0) {
+	*evpPkey = PEM_read_PrivateKey(pemKeyFile, NULL, NULL, (void *)password);
+	if (*evpPkey == NULL) {
+	    printf("convertPemToEvpPrivKey: Error reading key file %s\n", pemKeyFilename);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (pemKeyFile != NULL) {
+	fclose(pemKeyFile);			/* @2 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOFILE */
+
+#ifndef TPM_TSS_NOFILE
+
+/* convertPemToEvpPubKey() converts a PEM public key file to an openssl EVP_PKEY public key */
+
+TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey,		/* freed by caller */
+			     const char *pemKeyFilename)
+{
+    TPM_RC 	rc = 0;
+    FILE 	*pemKeyFile = NULL;
+
+    if (rc == 0) {
+	rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); 	/* closed @2 */
+    }
+    if (rc == 0) {
+	*evpPkey = PEM_read_PUBKEY(pemKeyFile, NULL, NULL, NULL);
+	if (*evpPkey == NULL) {
+	    printf("convertPemToEvpPubKey: Error reading key file %s\n", pemKeyFilename);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (pemKeyFile != NULL) {
+	fclose(pemKeyFile);			/* @2 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOFILE */
+
+#ifndef TPM_TSS_NOFILE
+
+/* convertPemToRsaPrivKey() converts a PEM format keypair file to a library specific RSA key
+   token.
+
+   The return is void because the structure is opaque to the caller.  This accomodates other crypto
+   libraries.
+
+   rsaKey is an RSA structure 
+*/
+
+TPM_RC convertPemToRsaPrivKey(void **rsaKey,		/* freed by caller */
+			      const char *pemKeyFilename,
+			      const char *password)
+{
+    TPM_RC 	rc = 0;
+    FILE 	*pemKeyFile = NULL;
+
+    if (rc == 0) {
+	rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); 	/* closed @1 */
+    }
+    if (rc == 0) {
+	*rsaKey = (void *)PEM_read_RSAPrivateKey(pemKeyFile, NULL, NULL, (void *)password);
+	if (*rsaKey == NULL) {
+	    printf("convertPemToRsaPrivKey: Error in OpenSSL PEM_read_RSAPrivateKey()\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (pemKeyFile != NULL) {
+	fclose(pemKeyFile);			/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOFILE */
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEvpPkeyToEckey retrieves the EC_KEY key token from the EVP_PKEY */
+
+TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey,		/* freed by caller */
+			     EVP_PKEY *evpPkey)
+{
+    TPM_RC 	rc = 0;
+    
+    if (rc == 0) {
+	*ecKey = EVP_PKEY_get1_EC_KEY(evpPkey);
+	if (*ecKey == NULL) {
+	    printf("convertEvpPkeyToEckey: Error extracting EC key from EVP_PKEY\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertEvpPkeyToRsakey() retrieves the RSA key token from the EVP_PKEY */
+
+TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey,		/* freed by caller */
+			      EVP_PKEY *evpPkey)
+{
+    TPM_RC 	rc = 0;
+    
+    if (rc == 0) {
+	*rsaKey = EVP_PKEY_get1_RSA(evpPkey);
+	if (*rsaKey == NULL) {
+	    printf("convertEvpPkeyToRsakey: EVP_PKEY_get1_RSA failed\n");  
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEcKeyToPrivateKeyBin() converts an OpenSSL EC_KEY to a binary array
+
+   FIXME  Only supports NIST P256 curve.
+*/
+
+TPM_RC convertEcKeyToPrivateKeyBin(int 		*privateKeyBytes,
+				   uint8_t 	**privateKeyBin,	/* freed by caller */
+				   const EC_KEY *ecKey)
+{
+    TPM_RC 		rc = 0;
+    const EC_GROUP 	*ecGroup = NULL;
+    int			nid;
+    const BIGNUM 	*privateKeyBn = NULL;
+    int 		bnBytes;
+    
+    /* get the group from the key */
+    if (rc == 0) {   
+	ecGroup = EC_KEY_get0_group(ecKey);
+	if (ecGroup == NULL) {
+	    printf("convertEcKeyToPrivateKeyBin: Error extracting EC group from EC key\n");
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    /* and then the curve from the group */
+    if (rc == 0) {
+	nid = EC_GROUP_get_curve_name(ecGroup);
+	/* map NID to size of private key */
+	switch (nid) {
+	  case NID_X9_62_prime256v1:
+	    *privateKeyBytes = 32;
+	    break;
+	  default:
+	    printf("convertEcKeyToPrivateKeyBin: Error, curve NID %u not supported\n", nid);
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    /* get the ECC private key as a BIGNUM from the EC_KEY */
+    if (rc == 0) {
+	privateKeyBn = EC_KEY_get0_private_key(ecKey);
+    }
+    /* sanity check the BN size against the curve */
+    if (rc == 0) {
+	bnBytes = BN_num_bytes(privateKeyBn);
+	if (bnBytes > *privateKeyBytes) {
+	    printf("convertEcKeyToPrivateKeyBin: Error, private key %d bytes too large for curve\n",
+		   bnBytes);
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    /* allocate a buffer for the private key array  based on the curve */
+    if (rc == 0) {
+	rc = TSS_Malloc(privateKeyBin, *privateKeyBytes);
+    }
+    /* convert the private key bignum to binary */
+    if (rc == 0) {
+	/* TPM rev 116 required the ECC private key to be zero padded in the duplicate parameter of
+	   import */
+	memset(*privateKeyBin, 0, *privateKeyBytes - bnBytes);
+	BN_bn2bin(privateKeyBn, (*privateKeyBin) + (*privateKeyBytes - bnBytes));
+	if (tssUtilsVerbose) TSS_PrintAll("convertEcKeyToPrivateKeyBin:", *privateKeyBin, *privateKeyBytes);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertRsaKeyToPrivateKeyBin() converts an OpenSSL RSA key token private prime p to a binary
+   array */
+
+TPM_RC convertRsaKeyToPrivateKeyBin(int 	*privateKeyBytes,
+				    uint8_t 	**privateKeyBin,	/* freed by caller */
+				    const RSA	*rsaKey)
+{
+    TPM_RC 		rc = 0;
+    const BIGNUM 	*p = NULL;
+    const BIGNUM 	*q;
+
+    /* get the private primes */
+    if (rc == 0) {
+	rc = getRsaKeyParts(NULL, NULL, NULL, &p, &q, rsaKey);
+    }
+    /* allocate a buffer for the private key array */
+    if (rc == 0) {
+	*privateKeyBytes = BN_num_bytes(p);
+	rc = TSS_Malloc(privateKeyBin, *privateKeyBytes);
+    }
+    /* convert the private key bignum to binary */
+    if (rc == 0) {
+	BN_bn2bin(p, *privateKeyBin);
+    }    
+    return rc;
+}
+
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEcKeyToPublicKeyBin() converts an OpenSSL EC_KEY public key token to a binary array */
+
+TPM_RC convertEcKeyToPublicKeyBin(int 		*modulusBytes,
+				  uint8_t 	**modulusBin,	/* freed by caller */
+				  const EC_KEY 	*ecKey)
+{
+    TPM_RC 		rc = 0;
+    const EC_POINT 	*ecPoint = NULL;
+    const EC_GROUP 	*ecGroup = NULL;
+
+    if (rc == 0) {
+	ecPoint = EC_KEY_get0_public_key(ecKey);
+	if (ecPoint == NULL) {
+	    printf("convertEcKeyToPublicKeyBin: Error extracting EC point from EC public key\n");
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    if (rc == 0) {   
+	ecGroup = EC_KEY_get0_group(ecKey);
+	if (ecGroup == NULL) {
+	    printf("convertEcKeyToPublicKeyBin: Error extracting EC group from EC public key\n");
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    /* get the public modulus */
+    if (rc == 0) {   
+	*modulusBytes = EC_POINT_point2oct(ecGroup, ecPoint,
+					   POINT_CONVERSION_UNCOMPRESSED,
+					   NULL, 0, NULL);
+    }
+    if (rc == 0) {   
+	rc = TSS_Malloc(modulusBin, *modulusBytes);
+    }
+    if (rc == 0) {
+	EC_POINT_point2oct(ecGroup, ecPoint,
+			   POINT_CONVERSION_UNCOMPRESSED,
+			   *modulusBin, *modulusBytes, NULL);
+	if (tssUtilsVerbose) TSS_PrintAll("convertEcKeyToPublicKeyBin:", *modulusBin, *modulusBytes);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertRsaKeyToPublicKeyBin() converts from an openssl RSA key token to a public modulus */
+
+TPM_RC convertRsaKeyToPublicKeyBin(int 		*modulusBytes,
+				   uint8_t 	**modulusBin,	/* freed by caller */
+				   void 	*rsaKey)
+{
+    TPM_RC 		rc = 0;
+    const BIGNUM 	*n = NULL;
+    const BIGNUM 	*e;
+    const BIGNUM 	*d;
+
+    /* get the public modulus from the RSA key token */
+    if (rc == 0) {
+	rc = getRsaKeyParts(&n, &e, &d, NULL, NULL, rsaKey);
+    }
+    if (rc == 0) {
+	*modulusBytes = BN_num_bytes(n);
+    }
+    if (rc == 0) {   
+	rc = TSS_Malloc(modulusBin, *modulusBytes);
+    }
+    if (rc == 0) {
+	BN_bn2bin(n, *modulusBin);
+    }
+    return rc;
+}
+
+#ifdef TPM_TPM20
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEcPrivateKeyBinToPrivate() converts an EC 'privateKeyBin' to either a
+   TPM2B_PRIVATE or a TPM2B_SENSITIVE
+
+*/
+
+TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+				       TPM2B_SENSITIVE 	*objectSensitive,
+				       int 		privateKeyBytes,
+				       uint8_t 		*privateKeyBin,
+				       const char 	*password)
+{
+    TPM_RC 		rc = 0;
+    TPMT_SENSITIVE	tSensitive;
+    TPM2B_SENSITIVE	bSensitive;
+
+    if (rc == 0) {
+	if (((objectPrivate == NULL) && (objectSensitive == NULL)) ||
+	    ((objectPrivate != NULL) && (objectSensitive != NULL))) {
+	    printf("convertEcPrivateKeyBinToPrivate: Only one result supported\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    /* In some cases, the sensitive data is not encrypted and the integrity value is not present.
+       When an integrity value is not needed, it is not present and it is not represented by an
+       Empty Buffer.
+
+       In this case, the TPM2B_PRIVATE will just be a marshaled TPM2B_SENSITIVE, which is a
+       marshaled TPMT_SENSITIVE */	
+
+    /* construct TPMT_SENSITIVE	*/
+    if (rc == 0) {
+	/* This shall be the same as the type parameter of the associated public area. */
+	tSensitive.sensitiveType = TPM_ALG_ECC;
+	tSensitive.seedValue.b.size = 0;
+	/* key password converted to TPM2B */
+	rc = TSS_TPM2B_StringCopy(&tSensitive.authValue.b, password,
+				  sizeof(tSensitive.authValue.t.buffer));
+    }
+    if (rc == 0) {
+	if (privateKeyBytes > 32) {	/* hard code NISTP256 */
+	    printf("convertEcPrivateKeyBinToPrivate: Error, private key size %u not 32\n",
+		   privateKeyBytes);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	tSensitive.sensitive.ecc.t.size = privateKeyBytes;
+	memcpy(tSensitive.sensitive.ecc.t.buffer, privateKeyBin, privateKeyBytes);
+    }
+    /* FIXME common code for EC and RSA */
+    /* marshal the TPMT_SENSITIVE into a TPM2B_SENSITIVE */	
+    if (rc == 0) {
+	if (objectPrivate != NULL) {
+	    uint32_t size = sizeof(bSensitive.t.sensitiveArea);	/* max size */
+	    uint8_t *buffer = bSensitive.b.buffer;		/* pointer that can move */
+	    bSensitive.t.size = 0;				/* required before marshaling */
+	    rc = TSS_TPMT_SENSITIVE_Marshalu(&tSensitive,
+					    &bSensitive.b.size,	/* marshaled size */
+					    &buffer,		/* marshal here */
+					    &size);		/* max size */
+	}
+	else {	/* return TPM2B_SENSITIVE */
+	    objectSensitive->t.sensitiveArea = tSensitive;
+	}	
+    }
+    /* marshal the TPM2B_SENSITIVE (as a TPM2B_PRIVATE, see above) into a TPM2B_PRIVATE */
+    if (rc == 0) {
+	if (objectPrivate != NULL) {
+	    uint32_t size = sizeof(objectPrivate->t.buffer);	/* max size */
+	    uint8_t *buffer = objectPrivate->t.buffer;		/* pointer that can move */
+	    objectPrivate->t.size = 0;				/* required before marshaling */
+	    rc = TSS_TPM2B_PRIVATE_Marshalu((TPM2B_PRIVATE *)&bSensitive,
+					   &objectPrivate->t.size,	/* marshaled size */
+					   &buffer,		/* marshal here */
+					   &size);		/* max size */
+	}
+    }
+    return rc;
+}
+
+#endif 	/* TPM_TSS_NOECC */
+#endif 	/* TPM_TPM20 */
+
+#ifdef TPM_TPM20
+
+/* convertRsaPrivateKeyBinToPrivate() converts an RSA prime 'privateKeyBin' to either a
+   TPM2B_PRIVATE or a TPM2B_SENSITIVE
+
+*/
+
+TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+					TPM2B_SENSITIVE *objectSensitive,
+					int 		privateKeyBytes,
+					uint8_t 	*privateKeyBin,
+					const char 	*password)
+{
+    TPM_RC 		rc = 0;
+    TPMT_SENSITIVE	tSensitive;
+    TPM2B_SENSITIVE	bSensitive;
+
+    if (rc == 0) {
+	if (((objectPrivate == NULL) && (objectSensitive == NULL)) ||
+	    ((objectPrivate != NULL) && (objectSensitive != NULL))) {
+	    printf("convertRsaPrivateKeyBinToPrivate: Only one result supported\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    /* In some cases, the sensitive data is not encrypted and the integrity value is not present.
+       When an integrity value is not needed, it is not present and it is not represented by an
+       Empty Buffer.
+
+       In this case, the TPM2B_PRIVATE will just be a marshaled TPM2B_SENSITIVE, which is a
+       marshaled TPMT_SENSITIVE */	
+
+    /* construct TPMT_SENSITIVE	*/
+    if (rc == 0) {
+	/* This shall be the same as the type parameter of the associated public area. */
+	tSensitive.sensitiveType = TPM_ALG_RSA;
+	/* generate a seed for storage keys */
+	tSensitive.seedValue.b.size = 32; 	/* FIXME hard coded seed length */
+	rc = TSS_RandBytes(tSensitive.seedValue.b.buffer, tSensitive.seedValue.b.size);
+    }
+    /* key password converted to TPM2B */
+    if (rc == 0) {
+	rc = TSS_TPM2B_StringCopy(&tSensitive.authValue.b, password,
+				  sizeof(tSensitive.authValue.t.buffer));
+    }
+    if (rc == 0) {
+	if ((size_t)privateKeyBytes > sizeof(tSensitive.sensitive.rsa.t.buffer)) {
+	    printf("convertRsaPrivateKeyBinToPrivate: "
+		   "Error, private key modulus %d greater than %lu\n",
+		   privateKeyBytes, (unsigned long)sizeof(tSensitive.sensitive.rsa.t.buffer));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	tSensitive.sensitive.rsa.t.size = privateKeyBytes;
+	memcpy(tSensitive.sensitive.rsa.t.buffer, privateKeyBin, privateKeyBytes);
+    }
+    /* FIXME common code for EC and RSA */
+    /* marshal the TPMT_SENSITIVE into a TPM2B_SENSITIVE */	
+    if (rc == 0) {
+	if (objectPrivate != NULL) {
+	    uint32_t size = sizeof(bSensitive.t.sensitiveArea);	/* max size */
+	    uint8_t *buffer = bSensitive.b.buffer;		/* pointer that can move */
+	    bSensitive.t.size = 0;				/* required before marshaling */
+	    rc = TSS_TPMT_SENSITIVE_Marshalu(&tSensitive,
+					    &bSensitive.b.size,	/* marshaled size */
+					    &buffer,		/* marshal here */
+					    &size);		/* max size */
+	}
+	else {	/* return TPM2B_SENSITIVE */
+	    objectSensitive->t.sensitiveArea = tSensitive;
+	}	
+    }
+    /* marshal the TPM2B_SENSITIVE (as a TPM2B_PRIVATE, see above) into a TPM2B_PRIVATE */
+    if (rc == 0) {
+	if (objectPrivate != NULL) {
+	    uint32_t size = sizeof(objectPrivate->t.buffer);	/* max size */
+	    uint8_t *buffer = objectPrivate->t.buffer;		/* pointer that can move */
+	    objectPrivate->t.size = 0;				/* required before marshaling */
+	    rc = TSS_TPM2B_PRIVATE_Marshalu((TPM2B_PRIVATE *)&bSensitive,
+					   &objectPrivate->t.size,	/* marshaled size */
+					   &buffer,		/* marshal here */
+					   &size);		/* max size */
+	}
+    }
+    return rc;
+}
+
+#endif /* TPM_TPM20 */
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEcPublicKeyBinToPublic() converts an EC modulus and other parameters to a TPM2B_PUBLIC
+
+   FIXME  Only supports NIST P256 curve.
+*/
+
+TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC 		*objectPublic,
+				     int			keyType,
+				     TPMI_ALG_SIG_SCHEME 	scheme,
+				     TPMI_ALG_HASH 		nalg,
+				     TPMI_ALG_HASH		halg,
+				     TPMI_ECC_CURVE 		curveID,
+				     int 			modulusBytes,
+				     uint8_t 			*modulusBin)
+{
+    TPM_RC 		rc = 0;
+
+    scheme = scheme;	/* scheme parameter not supported yet */
+    if (rc == 0) {
+	if (modulusBytes != 65) {	/* 1 for compression + 32 + 32 */
+	    printf("convertEcPublicKeyBinToPublic: public modulus expected 65 bytes, actual %u\n",
+		   modulusBytes);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	/* Table 184 - Definition of TPMT_PUBLIC Structure */
+	objectPublic->publicArea.type = TPM_ALG_ECC;
+	objectPublic->publicArea.nameAlg = nalg;
+	objectPublic->publicArea.objectAttributes.val = TPMA_OBJECT_NODA;
+	objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	switch (keyType) {
+	  case TYPE_SI:
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN;
+	    objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
+	    objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA;
+	    break;
+	  case TYPE_ST:		/* for public part only */
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	    objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES;
+	    objectPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = 128;
+	    objectPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB;
+	    objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+	    break;
+	  case TYPE_DEN:	/* for public and private part */
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    objectPublic->publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	    objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
+	    objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDH;
+	    break;
+	}
+	objectPublic->publicArea.authPolicy.t.size = 0;
+	/* Table 152 - Definition of TPMU_ASYM_SCHEME Union */
+	objectPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg;
+	objectPublic->publicArea.parameters.eccDetail.curveID = curveID;	
+	objectPublic->publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+	objectPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = halg;
+
+	objectPublic->publicArea.unique.ecc.x.t.size = 32;	
+	memcpy(objectPublic->publicArea.unique.ecc.x.t.buffer, modulusBin +1, 32);	
+
+	objectPublic->publicArea.unique.ecc.y.t.size = 32;	
+	memcpy(objectPublic->publicArea.unique.ecc.y.t.buffer, modulusBin +33, 32);	
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertRsaPublicKeyBinToPublic() converts a public modulus to a TPM2B_PUBLIC structure. */
+
+TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC 		*objectPublic,
+				      int			keyType,
+				      TPMI_ALG_SIG_SCHEME 	scheme,
+				      TPMI_ALG_HASH 		nalg,
+				      TPMI_ALG_HASH		halg,
+				      int 			modulusBytes,
+				      uint8_t 			*modulusBin)
+{
+    TPM_RC 		rc = 0;
+
+    if (rc == 0) {
+	if ((size_t)modulusBytes > sizeof(objectPublic->publicArea.unique.rsa.t.buffer)) {
+	    printf("convertRsaPublicKeyBinToPublic: Error, "
+		   "public key modulus %d greater than %lu\n", modulusBytes,
+		   (unsigned long)sizeof(objectPublic->publicArea.unique.rsa.t.buffer));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	/* Table 184 - Definition of TPMT_PUBLIC Structure */
+	objectPublic->publicArea.type = TPM_ALG_RSA;
+	objectPublic->publicArea.nameAlg = nalg;
+	objectPublic->publicArea.objectAttributes.val = TPMA_OBJECT_NODA;
+	objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	switch (keyType) {
+	  case TYPE_SI:
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN;
+	    objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
+	    break;
+	  case TYPE_ST:		/* for public part only */
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	    objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
+	    objectPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
+	    objectPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
+	    break;
+	  case TYPE_DEN:	/* for public and private part */
+	    objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    objectPublic->publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	    objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
+	    break;
+	}
+	objectPublic->publicArea.authPolicy.t.size = 0;
+	/* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+	objectPublic->publicArea.parameters.rsaDetail.scheme.scheme = scheme;
+	objectPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg;
+	objectPublic->publicArea.parameters.rsaDetail.keyBits = modulusBytes * 8;	
+	objectPublic->publicArea.parameters.rsaDetail.exponent = 0;
+
+	objectPublic->publicArea.unique.rsa.t.size = modulusBytes;
+	memcpy(objectPublic->publicArea.unique.rsa.t.buffer, modulusBin, modulusBytes);
+    }
+    return rc;
+}
+
+#ifdef TPM_TPM20
+#ifndef TPM_TSS_NOECC
+
+/* convertEcKeyToPrivate() converts an openssl EC_KEY to token to either a TPM2B_PRIVATE or
+   TPM2B_SENSITIVE
+*/
+
+TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+			     TPM2B_SENSITIVE 	*objectSensitive,
+			     EC_KEY 		*ecKey,
+			     const char 	*password)
+{
+    TPM_RC 	rc = 0;
+    int 	privateKeyBytes;
+    uint8_t 	*privateKeyBin = NULL;
+    
+    /* convert an openssl EC_KEY token to a binary array */
+    if (rc == 0) {
+	rc = convertEcKeyToPrivateKeyBin(&privateKeyBytes,
+					 &privateKeyBin,	/* freed @1 */
+					 ecKey);
+    }
+    if (rc == 0) {
+	rc = convertEcPrivateKeyBinToPrivate(objectPrivate,
+					     objectSensitive,
+					     privateKeyBytes,
+					     privateKeyBin,
+					     password);
+    }
+    free(privateKeyBin);		/* @1 */
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertRsaKeyToPrivate() converts an openssl RSA key token to either a TPM2B_PRIVATE or
+   TPM2B_SENSITIVE
+*/
+
+TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+			      TPM2B_SENSITIVE 	*objectSensitive,
+			      RSA 		*rsaKey,
+			      const char 	*password)
+{
+    TPM_RC 	rc = 0;
+    int 	privateKeyBytes;
+    uint8_t 	*privateKeyBin = NULL;
+
+    /* convert an openssl RSA key token private prime p to a binary array */
+    if (rc == 0) {
+	rc = convertRsaKeyToPrivateKeyBin(&privateKeyBytes,
+					  &privateKeyBin,	/* freed @1 */
+					  rsaKey);
+    }
+    /* convert an RSA prime 'privateKeyBin' to either a TPM2B_PRIVATE or a TPM2B_SENSITIVE */
+    if (rc == 0) {
+	rc = convertRsaPrivateKeyBinToPrivate(objectPrivate,
+					      objectSensitive,
+					      privateKeyBytes,
+					      privateKeyBin,
+					      password);
+    }
+    free(privateKeyBin);		/* @1 */
+    return rc;
+}
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEcKeyToPublic() converts an EC_KEY to a TPM2B_PUBLIC */
+
+TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC 		*objectPublic,
+			    int				keyType,
+			    TPMI_ALG_SIG_SCHEME 	scheme,
+			    TPMI_ALG_HASH 		nalg,
+			    TPMI_ALG_HASH		halg,
+			    EC_KEY 			*ecKey)
+{
+    TPM_RC 		rc = 0;
+    int 		modulusBytes;
+    uint8_t 		*modulusBin = NULL;
+    TPMI_ECC_CURVE	curveID;
+    
+    if (rc == 0) {
+	rc = convertEcKeyToPublicKeyBin(&modulusBytes,
+					&modulusBin,		/* freed @1 */
+					ecKey);
+    }
+    if (rc == 0) {
+	rc = getEcCurve(&curveID, ecKey);
+    }
+    if (rc == 0) {
+	rc = convertEcPublicKeyBinToPublic(objectPublic,
+					   keyType,
+					   scheme,
+					   nalg,
+					   halg,
+					   curveID,
+					   modulusBytes,
+					   modulusBin);
+    }
+    free(modulusBin);		/* @1 */
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertRsaKeyToPublic() converts from an openssl RSA key token to a TPM2B_PUBLIC */
+
+TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC 		*objectPublic,
+			     int			keyType,
+			     TPMI_ALG_SIG_SCHEME 	scheme,
+			     TPMI_ALG_HASH 		nalg,
+			     TPMI_ALG_HASH		halg,
+			     void 			*rsaKey)
+{
+    TPM_RC 		rc = 0;
+    int 		modulusBytes;
+    uint8_t 		*modulusBin = NULL;
+    
+    /* openssl RSA key token to a public modulus */
+    if (rc == 0) {
+	rc = convertRsaKeyToPublicKeyBin(&modulusBytes,
+					 &modulusBin,		/* freed @1 */
+					 rsaKey);
+    }
+    /* public modulus to TPM2B_PUBLIC */
+    if (rc == 0) {
+	rc = convertRsaPublicKeyBinToPublic(objectPublic,
+					    keyType,
+					    scheme,
+					    nalg,
+					    halg,
+					    modulusBytes,
+					    modulusBin);
+    }
+    free(modulusBin);		/* @1 */
+    return rc;
+}
+
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+#ifndef TPM_TSS_NOECC
+
+/* convertEcPemToKeyPair() converts a PEM file to a TPM2B_PUBLIC and TPM2B_PRIVATE */
+
+TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+			     TPM2B_PRIVATE 		*objectPrivate,
+			     int			keyType,
+			     TPMI_ALG_SIG_SCHEME 	scheme,
+			     TPMI_ALG_HASH 		nalg,
+			     TPMI_ALG_HASH		halg,
+			     const char 		*pemKeyFilename,
+			     const char 		*password)
+{
+    TPM_RC 	rc = 0;
+    EVP_PKEY 	*evpPkey = NULL;
+    EC_KEY 	*ecKey = NULL;
+
+    /* convert a PEM file to an openssl EVP_PKEY */
+    if (rc == 0) {
+	rc = convertPemToEvpPrivKey(&evpPkey,		/* freed @1 */
+				    pemKeyFilename,
+				    password);
+    }
+    if (rc == 0) {
+	rc = convertEvpPkeyToEckey(&ecKey,		/* freed @2 */
+				   evpPkey);
+    }
+    if (rc == 0) {
+	rc = convertEcKeyToPrivate(objectPrivate,	/* TPM2B_PRIVATE */
+				   NULL,		/* TPM2B_SENSITIVE */
+				   ecKey,
+				   password);
+    }
+    if (rc == 0) {
+	rc = convertEcKeyToPublic(objectPublic,
+				  keyType,
+				  scheme,
+				  nalg,
+				  halg,
+				  ecKey);
+    }
+    EC_KEY_free(ecKey);   		/* @2 */
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+#endif
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+#ifndef TPM_TSS_NOECC
+
+/* convertEcPemToPublic() converts an ECC P256 signing public key in PEM format to a
+   TPM2B_PUBLIC */
+
+TPM_RC convertEcPemToPublic(TPM2B_PUBLIC 	*objectPublic,
+			    int			keyType,
+			    TPMI_ALG_SIG_SCHEME scheme,
+			    TPMI_ALG_HASH 	nalg,
+			    TPMI_ALG_HASH	halg,
+			    const char		*pemKeyFilename)
+{
+    TPM_RC	rc = 0;
+    EVP_PKEY  	*evpPkey = NULL;
+    EC_KEY 	*ecKey = NULL;
+
+    if (rc == 0) {
+	rc = convertPemToEvpPubKey(&evpPkey,		/* freed @1 */
+				   pemKeyFilename);
+    }
+    if (rc == 0) {
+	rc = convertEvpPkeyToEckey(&ecKey,		/* freed @2 */
+				   evpPkey);
+    }
+    if (rc == 0) {
+	rc = convertEcKeyToPublic(objectPublic,
+				  keyType,
+				  scheme,
+				  nalg,
+				  halg,
+				  ecKey);
+    }
+    if (ecKey != NULL) {
+	EC_KEY_free(ecKey);   		/* @2 */
+    }
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+#endif
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+
+/* convertRsaPemToKeyPair() converts an RSA PEM file to a TPM2B_PUBLIC and TPM2B_PRIVATE */
+
+TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+			      TPM2B_PRIVATE 		*objectPrivate,
+			      int			keyType,
+			      TPMI_ALG_SIG_SCHEME 	scheme,
+			      TPMI_ALG_HASH 		nalg,
+			      TPMI_ALG_HASH		halg,
+			      const char 		*pemKeyFilename,
+			      const char 		*password)
+{
+    TPM_RC 	rc = 0;
+    EVP_PKEY 	*evpPkey = NULL;
+    RSA		*rsaKey = NULL;
+    
+    if (rc == 0) {
+	rc = convertPemToEvpPrivKey(&evpPkey,		/* freed @1 */
+				    pemKeyFilename,
+				    password);
+    }
+    if (rc == 0) {
+	rc = convertEvpPkeyToRsakey(&rsaKey,		/* freed @2 */
+				    evpPkey);
+    }
+    if (rc == 0) {
+	rc = convertRsaKeyToPrivate(objectPrivate,	/* TPM2B_PRIVATE */
+				    NULL,		/* TPM2B_SENSITIVE */
+				    rsaKey,
+				    password);
+    }
+    if (rc == 0) {
+	rc = convertRsaKeyToPublic(objectPublic,
+				   keyType,
+				   scheme,
+				   nalg,
+				   halg,
+				   rsaKey);
+    }
+    TSS_RsaFree(rsaKey);		/* @2 */
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+#ifndef TPM_TSS_NOECC
+
+/* convertEcDerToKeyPair() converts an EC keypair stored in DER to a TPM2B_PUBLIC and
+   TPM2B_SENSITIVE.  Useful for LoadExternal.
+
+*/
+
+TPM_RC convertEcDerToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+			     TPM2B_SENSITIVE 		*objectSensitive,
+			     int			keyType,
+			     TPMI_ALG_SIG_SCHEME 	scheme,
+			     TPMI_ALG_HASH 		nalg,
+			     TPMI_ALG_HASH		halg,
+			     const char			*derKeyFilename,
+			     const char 		*password)
+{
+    TPM_RC		rc = 0;
+    EC_KEY		*ecKey = NULL;
+    unsigned char	*derBuffer = NULL;
+    size_t		derSize;
+
+    /* read the DER file */
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&derBuffer,     	/* freed @1 */
+				     &derSize,
+				     derKeyFilename); 
+    }    
+    if (rc == 0) {
+	const unsigned char *tmpPtr = derBuffer;	/* because pointer moves */
+	ecKey = d2i_ECPrivateKey(NULL, &tmpPtr, derSize);	/* freed @2 */
+	if (ecKey == NULL) {
+	    printf("convertEcDerToKeyPair: could not convert key to EC_KEY\n");
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    if (rc == 0) {
+	rc = convertEcKeyToPrivate(NULL,		/* TPM2B_PRIVATE */
+				   objectSensitive,	/* TPM2B_SENSITIVE */
+				   ecKey,
+				   password);
+    }	
+    if (rc == 0) {
+	rc = convertEcKeyToPublic(objectPublic,
+				  keyType,
+				  scheme,
+				  nalg,
+				  halg,
+				  ecKey);
+    }
+    free(derBuffer);		/* @1 */
+    if (ecKey != NULL) {
+	EC_KEY_free(ecKey);		/* @2 */
+    }
+    return rc;
+}
+
+/* convertEcDerToPublic() converts an EC public key stored in DER to a TPM2B_PUBLIC.  Useful to
+   calculate a Name.
+
+*/
+
+TPM_RC convertEcDerToPublic(TPM2B_PUBLIC 		*objectPublic,
+			    int				keyType,
+			    TPMI_ALG_SIG_SCHEME 	scheme,
+			    TPMI_ALG_HASH 		nalg,
+			    TPMI_ALG_HASH		halg,
+			    const char			*derKeyFilename)
+{
+    TPM_RC		rc = 0;
+    EVP_PKEY 		*evpPkey = NULL;
+    EC_KEY		*ecKey = NULL;
+    unsigned char	*derBuffer = NULL;
+    size_t		derSize;
+
+    /* read the DER file */
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&derBuffer,     	/* freed @1 */
+				     &derSize,
+				     derKeyFilename); 
+    }    
+    if (rc == 0) {
+	const unsigned char *tmpPtr = derBuffer;	/* because pointer moves */
+	evpPkey = d2i_PUBKEY(NULL, &tmpPtr, derSize);	/* freed @2 */
+	if (evpPkey == NULL) {
+	    printf("convertEcDerToPublic: could not convert key to EVP_PKEY\n");
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    if (rc == 0) {
+	rc = convertEvpPkeyToEckey(&ecKey,		/* freed @3 */
+				   evpPkey);
+    }
+    if (rc == 0) {
+	rc = convertEcKeyToPublic(objectPublic,
+				  keyType,
+				  scheme,
+				  nalg,
+				  halg,
+				  ecKey);
+    }
+    free(derBuffer);			/* @1 */
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    if (ecKey != NULL) {
+	EC_KEY_free(ecKey);		/* @2 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+#endif
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+
+/* convertRsaDerToKeyPair() converts an RSA keypair stored in DER to a TPM2B_PUBLIC and
+   TPM2B_SENSITIVE.  Useful for LoadExternal.
+
+*/
+
+TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+			      TPM2B_SENSITIVE 		*objectSensitive,
+			      int			keyType,
+			      TPMI_ALG_SIG_SCHEME 	scheme,
+			      TPMI_ALG_HASH 		nalg,
+			      TPMI_ALG_HASH		halg,
+			      const char		*derKeyFilename,
+			      const char 		*password)
+{
+    TPM_RC		rc = 0;
+    RSA 		*rsaKey = NULL;
+    unsigned char	*derBuffer = NULL;
+    size_t		derSize;
+
+    /* read the DER file */
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&derBuffer,     	/* freed @1 */
+				     &derSize,
+				     derKeyFilename); 
+    }    
+    if (rc == 0) {
+	const unsigned char *tmpPtr = derBuffer;	/* because pointer moves */
+	rsaKey = d2i_RSAPrivateKey(NULL, &tmpPtr, derSize);	/* freed @2 */
+	if (rsaKey == NULL) {
+	    printf("convertRsaDerToKeyPair: could not convert key to RSA\n");
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    if (rc == 0) {
+	rc = convertRsaKeyToPrivate(NULL,		/* TPM2B_PRIVATE */
+				    objectSensitive,	/* TPM2B_SENSITIVE */
+				    rsaKey,
+				    password);	
+    }	
+    if (rc == 0) {
+	rc = convertRsaKeyToPublic(objectPublic,
+				   keyType,
+				   scheme,
+				   nalg,
+				   halg,
+				   rsaKey);
+    }
+    free(derBuffer);			/* @1 */
+    TSS_RsaFree(rsaKey);		/* @2 */
+    return rc;
+}
+
+/* convertRsaDerToPublic() converts an RSA public key stored in DER to a TPM2B_PUBLIC.  Useful to
+   calculate a Name.
+
+*/
+
+TPM_RC convertRsaDerToPublic(TPM2B_PUBLIC 		*objectPublic,
+			     int			keyType,
+			     TPMI_ALG_SIG_SCHEME 	scheme,
+			     TPMI_ALG_HASH 		nalg,
+			     TPMI_ALG_HASH		halg,
+			     const char			*derKeyFilename)
+{
+    TPM_RC		rc = 0;
+    RSA 		*rsaKey = NULL;
+    unsigned char	*derBuffer = NULL;
+    size_t		derSize;
+
+    /* read the DER file */
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&derBuffer,     	/* freed @1 */
+				     &derSize,
+				     derKeyFilename); 
+    }    
+    if (rc == 0) {
+	const unsigned char *tmpPtr = derBuffer;	/* because pointer moves */
+	rsaKey = d2i_RSA_PUBKEY(NULL, &tmpPtr, derSize);	/* freed @2 */
+	if (rsaKey == NULL) {
+	    printf("convertRsaDerToPublic: could not convert key to RSA\n");
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    if (rc == 0) {
+	rc = convertRsaKeyToPublic(objectPublic,
+				   keyType,
+				   scheme,
+				   nalg,
+				   halg,
+				   rsaKey);
+    }
+    free(derBuffer);			/* @1 */
+    TSS_RsaFree(rsaKey);		/* @2 */
+    return rc;
+}
+
+#endif
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+
+/* convertRsaPemToPublic() converts an RSA public key in PEM format to a TPM2B_PUBLIC */
+
+TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC 		*objectPublic,
+			     int			keyType,
+			     TPMI_ALG_SIG_SCHEME 	scheme,
+			     TPMI_ALG_HASH 		nalg,
+			     TPMI_ALG_HASH		halg,
+			     const char 		*pemKeyFilename)
+{
+    TPM_RC	rc = 0;
+    EVP_PKEY 	*evpPkey = NULL;
+    RSA		*rsaKey = NULL;
+
+    if (rc == 0) {
+	rc = convertPemToEvpPubKey(&evpPkey,		/* freed @1 */
+				   pemKeyFilename);
+    }
+    if (rc == 0) {
+	rc = convertEvpPkeyToRsakey(&rsaKey,		/* freed @2 */
+				    evpPkey);
+    }
+    if (rc == 0) {
+	rc = convertRsaKeyToPublic(objectPublic,
+				   keyType,
+				   scheme,
+				   nalg,
+				   halg,
+				   rsaKey);
+    }
+    RSA_free(rsaKey);			/* @2 */ 
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif
+#endif
+
+/* getRsaKeyParts() gets the RSA key parts from an OpenSSL RSA key token.
+
+   If n is not NULL, returns n, e, and d.  If p is not NULL, returns p and q.
+*/
+
+TPM_RC getRsaKeyParts(const BIGNUM **n,
+		     const BIGNUM **e,
+		     const BIGNUM **d,
+		     const BIGNUM **p,
+		     const BIGNUM **q,
+		     const RSA *rsaKey)
+{
+    TPM_RC  	rc = 0;
+    if (n != NULL) {
+	RSA_get0_key(rsaKey, n, e, d);
+    }
+    if (p != NULL) {
+	RSA_get0_factors(rsaKey, p, q);
+    }
+    return rc;
+}
+
+/* returns the type (EVP_PKEY_RSA or EVP_PKEY_EC) of the EVP_PKEY.
+
+ */
+
+int getRsaPubkeyAlgorithm(EVP_PKEY *pkey)
+{
+    int 			pkeyType;	/* RSA or EC */
+    pkeyType = EVP_PKEY_base_id(pkey);
+    return pkeyType;
+}
+
+#ifndef TPM_TSS_NOFILE
+
+/* convertPublicToPEM() saves a PEM format public key from a TPM2B_PUBLIC
+   
+*/
+
+TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public,
+			  const char *pemFilename)
+{
+    TPM_RC 	rc = 0;
+    EVP_PKEY 	*evpPubkey = NULL;          	/* OpenSSL public key, EVP format */
+
+    /* convert TPM2B_PUBLIC to EVP_PKEY */
+    if (rc == 0) {
+	switch (public->publicArea.type) {
+#ifndef TPM_TSS_NORSA
+	  case TPM_ALG_RSA:
+	    rc = convertRsaPublicToEvpPubKey(&evpPubkey,	/* freed @1 */
+					     &public->publicArea.unique.rsa);
+	    break;
+#endif /* TPM_TSS_NORSA */
+#ifndef TPM_TSS_NOECC
+	  case TPM_ALG_ECC:
+	    rc = convertEcPublicToEvpPubKey(&evpPubkey,		/* freed @1 */
+					    &public->publicArea.unique.ecc);
+	    break;
+#endif	/* TPM_TSS_NOECC */
+	  default:
+	    printf("convertPublicToPEM: Unknown publicArea.type %04hx unsupported\n",
+		   public->publicArea.type);
+	    rc = TSS_RC_NOT_IMPLEMENTED;
+	    break;
+	}
+    }
+    /* write the openssl structure in PEM format */
+    if (rc == 0) {
+	rc = convertEvpPubkeyToPem(evpPubkey,
+				   pemFilename);
+
+    }
+    if (evpPubkey != NULL) {
+	EVP_PKEY_free(evpPubkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NOFILE */
+
+#ifndef TPM_TSS_NORSA
+
+/* convertRsaPublicToEvpPubKey() converts an RSA TPM2B_PUBLIC to a EVP_PKEY.
+
+*/
+
+TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey,	/* freed by caller */
+				   const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa)
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    RSA		*rsaPubKey = NULL;
+    
+    if (rc == 0) {
+	*evpPubkey = EVP_PKEY_new();
+	if (*evpPubkey == NULL) {
+	    printf("convertRsaPublicToEvpPubKey: EVP_PKEY failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* TPM to RSA token */
+    if (rc == 0) {
+	/* public exponent */
+	unsigned char earr[3] = {0x01, 0x00, 0x01};
+	rc = TSS_RSAGeneratePublicTokenI
+	     ((void **)&rsaPubKey,			/* freed as part of EVP_PKEY  */
+	      tpm2bRsa->t.buffer,  		/* public modulus */
+	      tpm2bRsa->t.size,
+	      earr,      			/* public exponent */
+	      sizeof(earr));
+    }
+    /* RSA token to EVP */
+    if (rc == 0) {
+	irc  = EVP_PKEY_assign_RSA(*evpPubkey, rsaPubKey);
+	if (irc == 0) {
+	    TSS_RsaFree(rsaPubKey);	/* because not assigned tp EVP_PKEY */
+	    printf("convertRsaPublicToEvpPubKey: EVP_PKEY_assign_RSA failed\n");
+	    rc = TSS_RC_RSA_KEY_CONVERT;
+	}
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+
+#ifndef TPM_TSS_NOECC
+
+/* convertEcPublicToEvpPubKey() converts an EC TPMS_ECC_POINT to an EVP_PKEY.
+ */
+
+TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey,		/* freed by caller */
+				  const TPMS_ECC_POINT *tpmsEccPoint)
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    EC_GROUP 	*ecGroup = NULL;
+    EC_KEY 	*ecKey = NULL;
+    BIGNUM 	*x = NULL;		/* freed @2 */
+    BIGNUM 	*y = NULL;		/* freed @3 */
+    
+    if (rc == 0) {
+	ecKey = EC_KEY_new();		/* freed @1 */
+	if (ecKey == NULL) {
+	    printf("convertEcPublicToEvpPubKey: Error creating EC_KEY\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	ecGroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);	/* freed @4 */
+	if (ecGroup == NULL) {
+	    printf("convertEcPublicToEvpPubKey: Error in EC_GROUP_new_by_curve_name\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	/* returns void */
+	EC_GROUP_set_asn1_flag(ecGroup, OPENSSL_EC_NAMED_CURVE);
+    }
+    /* assign curve to EC_KEY */
+    if (rc == 0) {
+	irc = EC_KEY_set_group(ecKey, ecGroup);
+	if (irc != 1) {
+	    printf("convertEcPublicToEvpPubKey: Error in EC_KEY_set_group\n");
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    if (rc == 0) {
+	rc = convertBin2Bn(&x,				/* freed @2 */
+			   tpmsEccPoint->x.t.buffer,
+			   tpmsEccPoint->x.t.size);	
+    }
+    if (rc == 0) {
+	rc = convertBin2Bn(&y,				/* freed @3 */
+			   tpmsEccPoint->y.t.buffer,
+			   tpmsEccPoint->y.t.size);
+    }
+    if (rc == 0) {
+	irc = EC_KEY_set_public_key_affine_coordinates(ecKey, x, y);
+	if (irc != 1) {
+	    printf("convertEcPublicToEvpPubKey: "
+		   "Error converting public key from X Y to EC_KEY format\n");
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    if (rc == 0) {
+	*evpPubkey = EVP_PKEY_new();		/* freed by caller */
+	if (*evpPubkey == NULL) {
+	    printf("convertEcPublicToEvpPubKey: EVP_PKEY failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	irc = EVP_PKEY_set1_EC_KEY(*evpPubkey, ecKey);
+	if (irc != 1) {
+	    printf("convertEcPublicToEvpPubKey: "
+		   "Error converting public key from EC to EVP format\n");
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    if (ecGroup != NULL) {
+	EC_GROUP_free(ecGroup);	/* @4 */
+    }
+    if (ecKey != NULL) {
+	EC_KEY_free(ecKey);	/* @1 */
+    }
+    if (x != NULL) {
+	BN_free(x);		/* @2 */
+    }
+    if (y != NULL) {
+	BN_free(y);		/* @3 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+#ifndef TPM_TSS_NOFILE
+
+TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey,
+			     const char *pemFilename)
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    FILE 	*pemFile = NULL; 
+    
+    if (rc == 0) {
+	pemFile = fopen(pemFilename, "wb");	/* close @1 */
+	if (pemFile == NULL) {
+	    printf("convertEvpPubkeyToPem: Unable to open PEM file %s for write\n", pemFilename);
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    if (rc == 0) {
+	irc = PEM_write_PUBKEY(pemFile, evpPubkey);
+	if (irc == 0) {
+	    printf("convertEvpPubkeyToPem: Unable to write PEM file %s\n", pemFilename);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    if (pemFile != NULL) {
+	fclose(pemFile);			/* @1 */
+    }
+    return rc;
+}
+
+#endif
+#ifndef TPM_TSS_NOFILE
+
+/* verifySignatureFromPem() verifies the signature 'tSignature' against the digest 'message' using
+   the public key in the PEM format file 'pemFilename'.
+
+*/
+
+TPM_RC verifySignatureFromPem(unsigned char *message,
+			      unsigned int messageSize,
+			      TPMT_SIGNATURE *tSignature,
+			      TPMI_ALG_HASH halg,
+			      const char *pemFilename)
+{
+    TPM_RC 		rc = 0;
+    EVP_PKEY 		*evpPkey = NULL;        /* OpenSSL public key, EVP format */
+    
+    /* read the public key from PEM format */
+    if (rc == 0) {
+	rc = convertPemToEvpPubKey(&evpPkey,		/* freed @1*/
+				   pemFilename);
+    }
+    /* RSA or EC */
+    if (rc == 0) {
+	switch(tSignature->sigAlg) {
+#ifndef TPM_TSS_NORSA
+	  case TPM_ALG_RSASSA:
+	  case TPM_ALG_RSAPSS:
+	    rc = verifyRSASignatureFromEvpPubKey(message,
+						 messageSize,
+						 tSignature,
+						 halg,
+						 evpPkey);
+	    break;
+#endif /* TPM_TSS_NORSA */
+#ifndef TPM_TSS_NOECC
+	  case TPM_ALG_ECDSA:
+	    rc = verifyEcSignatureFromEvpPubKey(message,
+						messageSize,
+						tSignature,
+						evpPkey);
+	    break;
+#endif	/* TPM_TSS_NOECC */
+	  default:
+	    printf("verifySignatureFromPem: Unknown signature algorithm %04x\n", tSignature->sigAlg);
+	    rc = TSS_RC_BAD_SIGNATURE_ALGORITHM;
+	}
+    }
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif
+
+/* verifyRSASignatureFromEvpPubKey() verifies the signature 'tSignature' against the digest
+   'message' using the RSA public key in evpPkey.
+
+*/
+
+TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message,
+				       unsigned int messageSize,
+				       TPMT_SIGNATURE *tSignature,
+				       TPMI_ALG_HASH halg,
+				       EVP_PKEY *evpPkey)
+{
+    TPM_RC 		rc = 0;
+    RSA 		*rsaPubKey = NULL;	/* OpenSSL public key, RSA format */
+    
+    /* construct the RSA key token */
+    if (rc == 0) {
+	rsaPubKey = EVP_PKEY_get1_RSA(evpPkey);	/* freed @1 */
+	if (rsaPubKey == NULL) {
+	    printf("verifyRSASignatureFromEvpPubKey: EVP_PKEY_get1_RSA failed\n");
+	    rc = TSS_RC_RSA_KEY_CONVERT;
+	}
+    }
+    if (rc == 0) {
+	rc = verifyRSASignatureFromRSA(message,
+				       messageSize,
+				       tSignature,
+				       halg,
+				       rsaPubKey);
+    }
+    TSS_RsaFree(rsaPubKey);          	/* @1 */
+    return rc;
+}
+
+/* signRSAFromRSA() signs digest to signature, using th4 RSA key rsaKey. */
+
+TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength,
+		      size_t signatureSize,
+		      const uint8_t *digest, size_t digestLength,
+		      TPMI_ALG_HASH hashAlg,
+		      void *rsaKey)
+{
+    TPM_RC 		rc = 0;
+    int			irc;
+    int			nid;			/* openssl hash algorithm */
+    
+    /* map the hash algorithm to the openssl NID */
+    if (rc == 0) {
+	switch (hashAlg) {
+	  case TPM_ALG_SHA1:
+	    nid = NID_sha1;
+	    break;
+	  case TPM_ALG_SHA256:
+	    nid = NID_sha256;
+	    break;
+	  case TPM_ALG_SHA384:
+	    nid = NID_sha384;
+	    break;
+	  case TPM_ALG_SHA512:
+	    nid = NID_sha512;
+	    break;
+	  default:
+	    printf("signRSAFromRSA: Error, hash algorithm %04hx unsupported\n", hashAlg);
+	    rc = TSS_RC_BAD_HASH_ALGORITHM;
+	}
+    }
+    /* validate that the length of the resulting signature will fit in the
+       signature array */
+    if (rc == 0) {
+	unsigned int keySize = RSA_size(rsaKey);
+	if (keySize > signatureSize) {
+	    printf("signRSAFromRSA: Error, private key length %u > signature buffer %u\n",
+		   keySize, (unsigned int)signatureSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	unsigned int siglen;
+	irc = RSA_sign(nid,
+		       digest, digestLength,
+		       signature, &siglen,
+		       rsaKey);
+	*signatureLength = siglen;
+	if (irc != 1) {
+	    printf("signRSAFromRSA: Error in OpenSSL RSA_sign()\n");
+	    rc = TSS_RC_RSA_SIGNATURE;
+	}
+    }
+    return rc;
+}
+
+/* verifyRSASignatureFromRSA() verifies the signature 'tSignature' against the digest 'message'
+   using the RSA public key in the OpenSSL RSA format.
+
+   Supports RSASSA and RSAPSS schemes.
+*/
+
+TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
+				 unsigned int messageSize,
+				 TPMT_SIGNATURE *tSignature,
+				 TPMI_ALG_HASH halg,
+				 void *rsaPubKey)
+{
+    TPM_RC 		rc = 0;
+    int			irc;
+    int 		nid = 0;	/* initialized these two to suppress false gcc -O3
+					   warnings */
+    const EVP_MD 	*md = NULL;
+    /* map from hash algorithm to openssl nid */
+    if (rc == 0) {
+	switch (halg) {
+	  case TPM_ALG_SHA1:
+	    nid = NID_sha1;
+	    md = EVP_sha1();
+	    break;
+	  case TPM_ALG_SHA256:
+	    nid = NID_sha256;
+	    md = EVP_sha256();
+	    break;
+	  case TPM_ALG_SHA384:
+	    nid = NID_sha384;
+	    md = EVP_sha384();
+	    break;
+	  case TPM_ALG_SHA512:
+	    nid = NID_sha512;
+	    md = EVP_sha512();
+	    break;
+	  default:
+	    printf("verifyRSASignatureFromRSA: Unknown hash algorithm %04x\n", halg);
+	    rc = TSS_RC_BAD_HASH_ALGORITHM;
+	}
+    }
+    /* verify the signature */
+    if (tSignature->sigAlg == TPM_ALG_RSASSA) {
+	if (rc == 0) {
+	    irc = RSA_verify(nid,
+			     message, messageSize,
+			     tSignature->signature.rsassa.sig.t.buffer,
+			     tSignature->signature.rsassa.sig.t.size,
+			     rsaPubKey);
+	    if (irc != 1) {
+		printf("verifyRSASignatureFromRSA: Bad signature\n");
+		rc = TSS_RC_RSA_SIGNATURE;
+	    }
+	}
+    }
+    else if (tSignature->sigAlg == TPM_ALG_RSAPSS) {
+	uint8_t decryptedSig[sizeof(tSignature->signature.rsapss.sig.t.buffer)];
+	if (rc == 0) {
+	    irc = RSA_public_decrypt(tSignature->signature.rsapss.sig.t.size,
+				     tSignature->signature.rsapss.sig.t.buffer,
+				     decryptedSig,
+				     rsaPubKey,
+				     RSA_NO_PADDING);
+	    if (irc == -1) {
+		printf("verifyRSASignatureFromRSA: RSAPSS Bad signature\n");
+		rc = TSS_RC_RSA_SIGNATURE;
+	    }
+	}
+	if (rc == 0) {
+	    irc = RSA_verify_PKCS1_PSS(rsaPubKey,
+				       message,
+				       md,
+				       decryptedSig,
+				       -2); /* salt length recovered from signature*/
+	    if (irc != 1) {
+		printf("verifyRSASignatureFromRSA: RSAPSS Bad signature\n");
+		rc = TSS_RC_RSA_SIGNATURE;
+	    }
+	}
+    }
+    else {
+	printf("verifyRSASignatureFromRSA: Bad signature scheme %04x\n",
+	       tSignature->sigAlg);
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOECC
+
+/* verifyEcSignatureFromEvpPubKey() verifies the signature 'tSignature' against the digest 'message'
+   using the EC public key in evpPkey.
+
+*/
+
+TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message,
+				      unsigned int messageSize,
+				      TPMT_SIGNATURE *tSignature,
+				      EVP_PKEY *evpPkey)
+{
+    TPM_RC 		rc = 0;
+    int			irc;
+    EC_KEY 		*ecKey = NULL;
+    BIGNUM 		*r = NULL;
+    BIGNUM 		*s = NULL;
+    ECDSA_SIG 		*ecdsaSig = NULL;
+
+    /* construct the EC key token */
+    if (rc == 0) {
+	ecKey = EVP_PKEY_get1_EC_KEY(evpPkey);	/* freed @1 */
+	if (ecKey == NULL) {
+	    printf("verifyEcSignatureFromEvpPubKey: EVP_PKEY_get1_EC_KEY failed\n");  
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    /* construct the ECDSA_SIG signature token */
+    if (rc == 0) {
+	rc = convertBin2Bn(&r,			/* freed @2 */
+			   tSignature->signature.ecdsa.signatureR.t.buffer,
+			   tSignature->signature.ecdsa.signatureR.t.size);
+    }	
+    if (rc == 0) {
+	rc = convertBin2Bn(&s,			/* freed @2 */
+			   tSignature->signature.ecdsa.signatureS.t.buffer,
+			   tSignature->signature.ecdsa.signatureS.t.size);
+    }
+    /* ECDSA_SIG_new() allocates an empty ECDSA_SIG structure.  */
+    if (rc == 0) {
+	ecdsaSig = ECDSA_SIG_new(); 		/* freed @2 */
+	if (ecdsaSig == NULL) {
+	    printf("verifyEcSignatureFromEvpPubKey: Error creating ECDSA_SIG_new\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	int irc = ECDSA_SIG_set0(ecdsaSig, r, s);	
+	if (irc != 1) {
+            printf("verifyEcSignatureFromEvpPubKey: Error in ECDSA_SIG_set0()\n");
+            rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    /* verify the signature */
+    if (rc == 0) {
+	irc = ECDSA_do_verify(message, messageSize, 
+			      ecdsaSig, ecKey);
+	if (irc != 1) {		/* quote signature did not verify */
+	    printf("verifyEcSignatureFromEvpPubKey: Bad signature\n");
+	    rc = TSS_RC_EC_SIGNATURE;
+	}
+    }
+    if (ecKey != NULL) {
+	EC_KEY_free(ecKey);		/* @1 */
+    }
+    /* if the ECDSA_SIG was allocated correctly, r and s are implicitly freed */
+    if (ecdsaSig != NULL) {
+	ECDSA_SIG_free(ecdsaSig);	/* @2 */
+    }
+    /* if not, explicitly free */
+    else {
+	if (r != NULL) BN_free(r);	/* @2 */
+	if (s != NULL) BN_free(s);	/* @2 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+#ifndef TPM_TSS_NOFILE
+
+/* verifySignatureFromHmacKey() verifies the signature (MAC) against the digest 'message'
+   using the HMAC key in raw binary format.
+*/
+
+TPM_RC verifySignatureFromHmacKey(unsigned char *message,
+				  unsigned int messageSize,
+				  TPMT_SIGNATURE *tSignature,
+				  TPMI_ALG_HASH halg,
+				  const char *hmacKeyFilename)
+{
+    TPM_RC 		rc = 0;
+    TPM2B_KEY 		hmacKey;
+    uint32_t 		sizeInBytes;
+    
+    /* read the HMAC key */
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&hmacKey.b,
+			     sizeof(hmacKey.t.buffer),
+			     hmacKeyFilename);
+    }
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(halg);
+	rc = TSS_HMAC_Verify(&tSignature->signature.hmac,
+			     &hmacKey,		/* input HMAC key */
+			     sizeInBytes,
+			     messageSize, message,
+			     0, NULL);
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NOFILE */
+
+/* convertRsaBinToTSignature() converts an RSA binary signature to a TPMT_SIGNATURE */
+
+TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature,
+				 TPMI_ALG_HASH halg,
+				 uint8_t *signatureBin,
+				 size_t signatureBinLen)
+{
+    TPM_RC rc = 0;
+
+    tSignature->sigAlg = TPM_ALG_RSASSA;
+    tSignature->signature.rsassa.hash = halg;
+    tSignature->signature.rsassa.sig.t.size = (uint16_t)signatureBinLen;
+    memcpy(&tSignature->signature.rsassa.sig.t.buffer, signatureBin, signatureBinLen);
+    return rc;
+}
+
+#ifdef TPM_TPM20
+#ifndef TPM_TSS_NOECC
+
+/* convertEcBinToTSignature() converts an EC binary signature to a TPMT_SIGNATURE */
+
+TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE *tSignature,
+				TPMI_ALG_HASH halg,
+				const uint8_t *signatureBin,
+				size_t signatureBinLen)
+{
+    TPM_RC rc = 0;
+    ECDSA_SIG 		*ecSig = NULL;
+    int 		rBytes;
+    int 		sBytes;
+    const BIGNUM 	*pr = NULL;
+    const BIGNUM 	*ps = NULL;
+    
+    if (rc == 0) {
+	tSignature->sigAlg = TPM_ALG_ECDSA;
+	tSignature->signature.ecdsa.hash = halg;
+    }
+    /* convert DER to ECDSA_SIG */
+    if (rc == 0) {
+	ecSig = d2i_ECDSA_SIG(NULL, &signatureBin, signatureBinLen);	/* freed @1 */
+	if (ecSig == NULL) {
+	    printf("convertEcBinToTSignature: could not convert signature to ECDSA_SIG\n");
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    /* check that the signature size agrees with the currently hard coded P256 curve */
+    if (rc == 0) {
+	ECDSA_SIG_get0(ecSig, &pr, &ps);
+	rBytes = BN_num_bytes(pr);
+	sBytes = BN_num_bytes(ps);
+	if ((rBytes > 32) ||
+	    (sBytes > 32)) {
+	    printf("convertEcBinToTSignature: signature rBytes %u or sBytes %u greater than 32\n",
+		   rBytes, sBytes);
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    /* extract the raw signature bytes from the openssl structure BIGNUMs */
+    if (rc == 0) {
+	tSignature->signature.ecdsa.signatureR.t.size = rBytes;
+	tSignature->signature.ecdsa.signatureS.t.size = sBytes;
+
+	BN_bn2bin(pr, (unsigned char *)&tSignature->signature.ecdsa.signatureR.t.buffer);
+	BN_bn2bin(ps, (unsigned char *)&tSignature->signature.ecdsa.signatureS.t.buffer);
+	if (tssUtilsVerbose) {
+	    TSS_PrintAll("convertEcBinToTSignature: signature R",
+			 tSignature->signature.ecdsa.signatureR.t.buffer,
+			 tSignature->signature.ecdsa.signatureR.t.size);		
+	    TSS_PrintAll("convertEcBinToTSignature: signature S",
+			 tSignature->signature.ecdsa.signatureS.t.buffer,
+			 tSignature->signature.ecdsa.signatureS.t.size);		
+	}
+    }
+    if (ecSig != NULL) {
+	ECDSA_SIG_free(ecSig);		/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+#ifndef TPM_TSS_NOECC
+
+/* getEcCurve() gets the TCG algorithm ID curve associated with the openssl EC_KEY */
+
+TPM_RC getEcCurve(TPMI_ECC_CURVE *curveID,
+		  const EC_KEY *ecKey)
+{
+    TPM_RC 		rc = 0;
+    const EC_GROUP 	*ecGroup;
+    int			nid;
+    
+    if (rc == 0) {
+	ecGroup = EC_KEY_get0_group(ecKey);
+	nid = EC_GROUP_get_curve_name(ecGroup);	/* openssl NID */
+	/* NID to TCG curve ID */
+	switch (nid) {
+	  case NID_X9_62_prime256v1:
+	    *curveID = TPM_ECC_NIST_P256;
+	    break;
+	  default:
+	    printf("getEcCurve: Error, curve NID %u not supported \n", nid);
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+#endif
+
+/* convertBin2Bn() wraps the openSSL function in an error handler
+
+   Converts a char array to bignum
+*/
+
+TPM_RC convertBin2Bn(BIGNUM **bn,			/* freed by caller */
+		     const unsigned char *bin,
+		     unsigned int bytes)
+{
+    TPM_RC rc = 0;
+
+    /* BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+    
+       BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM
+       and places it in ret. If ret is NULL, a new BIGNUM is created.
+
+       BN_bin2bn() returns the BIGNUM, NULL on error.
+    */
+    if (rc == 0) {
+        *bn = BN_bin2bn(bin, bytes, *bn);
+        if (*bn == NULL) {
+            printf("convertBin2Bn: Error in BN_bin2bn\n");
+            rc = TSS_RC_BIGNUM;
+        }
+    }
+    return rc;
+}
+
diff --git a/utils/cryptoutils.h b/utils/cryptoutils.h
new file mode 100644
index 000000000..a7b851b14
--- /dev/null
+++ b/utils/cryptoutils.h
@@ -0,0 +1,333 @@
+/********************************************************************************/
+/*										*/
+/*			Sample Crypto Utilities					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef CRYPTUTILS_H
+#define CRYPTUTILS_H
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <winsock2.h>
+#include <windows.h>
+#endif
+
+/* TPM_TSS_NO_OPENSSL is a legacy macro.  cryptoutils was exposing several OpenSSL specific
+   functions.  They are not available for other crypto libraries.  For OpenSSL, they are available
+   but deprecated.  */
+
+#ifndef TPM_TSS_NO_OPENSSL
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#endif	/* TPM_TSS_NO_OPENSSL */
+
+#ifdef TPM_TSS_MBEDTLS
+#include <mbedtls/pk.h>
+#endif	/* TPM_TSS_MBEDTLS */
+
+#include <ibmtss/tss.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /*
+      crypto library independent functions
+    */
+
+    void getCryptoLibrary(const char **name);
+    
+    TPM_RC convertPemToRsaPrivKey(void **rsaKey,
+				  const char *pemKeyFilename,
+				  const char *password);
+    TPM_RC convertRsaKeyToPublicKeyBin(int 	*modulusBytes,
+				       uint8_t 	**modulusBin,
+				       void	*rsaKey);
+    TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC 		*objectPublic,
+				 int			keyType,
+				 TPMI_ALG_SIG_SCHEME 	scheme,
+				 TPMI_ALG_HASH 		nalg,
+				 TPMI_ALG_HASH		halg,
+				 void			*rsaKey);
+    TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+				  TPM2B_PRIVATE 	*objectPrivate,
+				  int			keyType,
+				  TPMI_ALG_SIG_SCHEME 	scheme,
+				  TPMI_ALG_HASH 	nalg,
+				  TPMI_ALG_HASH		halg,
+				  const char 		*pemKeyFilename,
+				  const char 		*password);
+    TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+				  TPM2B_SENSITIVE 	*objectSensitive,
+				  int			keyType,
+				  TPMI_ALG_SIG_SCHEME 	scheme,
+				  TPMI_ALG_HASH 	nalg,
+				  TPMI_ALG_HASH		halg,
+				  const char		*derKeyFilename,
+				  const char 		*password);
+    TPM_RC convertRsaDerToPublic(TPM2B_PUBLIC 		*objectPublic,
+				 int			keyType,
+				 TPMI_ALG_SIG_SCHEME 	scheme,
+				 TPMI_ALG_HASH 		nalg,
+				 TPMI_ALG_HASH		halg,
+				 const char		*derKeyFilename);
+    TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC 		*objectPublic,
+				 int			keyType,
+				 TPMI_ALG_SIG_SCHEME 	scheme,
+				 TPMI_ALG_HASH 		nalg,
+				 TPMI_ALG_HASH		halg,
+				 const char 		*pemKeyFilename);
+    TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+					    TPM2B_SENSITIVE 	*objectSensitive,
+					    int 		privateKeyBytes,
+					    uint8_t 		*privateKeyBin,
+					    const char 		*password);
+    TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC 		*objectPublic,
+					  int			keyType,
+					  TPMI_ALG_SIG_SCHEME 	scheme,
+					  TPMI_ALG_HASH 	nalg,
+					  TPMI_ALG_HASH		halg,
+					  int 			modulusBytes,
+					  uint8_t 		*modulusBin);
+    TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public,
+			      const char *pemFilename);
+
+    TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength,
+			  size_t signatureSize,
+			  const uint8_t *digest, size_t digestLength,
+			  TPMI_ALG_HASH hashAlg,
+			  void *rsaKey);
+    TPM_RC verifySignatureFromPem(unsigned char *message,
+				  unsigned int messageSize,
+				  TPMT_SIGNATURE *tSignature,
+				  TPMI_ALG_HASH halg,
+				  const char *pemFilename);
+    TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
+				     unsigned int messageSize,
+				     TPMT_SIGNATURE *tSignature,
+				     TPMI_ALG_HASH halg,
+				     void *rsaPubKey);
+    TPM_RC verifySignatureFromHmacKey(unsigned char *message,
+				      unsigned int messageSize,
+				      TPMT_SIGNATURE *tSignature,
+				      TPMI_ALG_HASH halg,
+				      const char *hmacKeyFilename);
+
+    TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature,
+				     TPMI_ALG_HASH halg,
+				     uint8_t *signatureBin,
+				     size_t signatureBinLen);
+
+    /* Some OpenSSL builds do not include ECC */
+
+#ifndef TPM_TSS_NOECC
+
+    TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+				 TPM2B_PRIVATE 		*objectPrivate,
+				 int			keyType,
+				 TPMI_ALG_SIG_SCHEME 	scheme,
+				 TPMI_ALG_HASH 		nalg,
+				 TPMI_ALG_HASH		halg,
+				 const char 		*pemKeyFilename,
+				 const char 		*password);
+    TPM_RC convertEcPemToPublic(TPM2B_PUBLIC 		*objectPublic,
+				int			keyType,
+				TPMI_ALG_SIG_SCHEME 	scheme,
+				TPMI_ALG_HASH 		nalg,
+				TPMI_ALG_HASH		halg,
+				const char		*pemKeyFilename);
+    TPM_RC convertEcDerToKeyPair(TPM2B_PUBLIC 		*objectPublic,
+				 TPM2B_SENSITIVE 	*objectSensitive,
+				 int			keyType,
+				 TPMI_ALG_SIG_SCHEME 	scheme,
+				 TPMI_ALG_HASH 		nalg,
+				 TPMI_ALG_HASH		halg,
+				 const char		*derKeyFilename,
+				 const char 		*password);
+    TPM_RC convertEcDerToPublic(TPM2B_PUBLIC 		*objectPublic,
+				int			keyType,
+				TPMI_ALG_SIG_SCHEME 	scheme,
+				TPMI_ALG_HASH 		nalg,
+				TPMI_ALG_HASH		halg,
+				const char		*derKeyFilename);
+    TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+					   TPM2B_SENSITIVE 	*objectSensitive,
+					   int 			privateKeyBytes,
+					   uint8_t 		*privateKeyBin,
+					   const char 		*password);
+    TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE 	*tSignature,
+				    TPMI_ALG_HASH 	halg,
+				    const uint8_t 	*signatureBin,
+				    size_t 		signatureBinLen);
+    
+#endif	/* TPM_TSS_NOECC */
+    
+    /*
+      OpenSSL specific functions
+
+      These are not intended for general use.
+    */
+   
+#ifndef TPM_TSS_NO_OPENSSL
+
+/* Some functions add const to parameters as of openssl 1.1.0 */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define OSSLCONST
+#else
+#define OSSLCONST const
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+    int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+    void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+    const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+    void RSA_get0_key(const RSA *rsaKey,
+		      const BIGNUM **n,
+		      const BIGNUM **e,
+		      const BIGNUM **d);
+    void RSA_get0_factors(const RSA *rsaKey,
+			  const BIGNUM **p,
+			  const BIGNUM **q);
+#endif	/* pre openssl 1.1 */
+
+#if OPENSSL_VERSION_NUMBER < 0x10002000
+    void X509_get0_signature(OSSLCONST ASN1_BIT_STRING **psig,
+			     OSSLCONST X509_ALGOR **palg, const X509 *x);
+#endif	/* pre openssl 1.0.2 */
+
+    TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey,
+				  const char *pemKeyFilename,
+				  const char *password);
+    TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey,
+				 const char *pemKeyFilename);
+    TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey,
+				 const char *pemFilename);
+    TPM_RC convertBin2Bn(BIGNUM **bn,
+			 const unsigned char *bin,
+			 unsigned int bytes);
+    
+    TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey,
+				  EVP_PKEY *evpPkey);
+    TPM_RC convertRsaKeyToPrivateKeyBin(int 	*privateKeyBytes,
+					uint8_t 	**privateKeyBin,
+					const RSA	 *rsaKey);
+    TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE 	*objectPrivate,
+				  TPM2B_SENSITIVE 	*objectSensitive,
+				  RSA 			*rsaKey,
+				  const char 		*password);
+    TPM_RC getRsaKeyParts(const BIGNUM **n,
+			  const BIGNUM **e,
+			  const BIGNUM **d,
+			  const BIGNUM **p,
+			  const BIGNUM **q,
+			  const RSA *rsaKey);
+    int getRsaPubkeyAlgorithm(EVP_PKEY *pkey);
+    TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey,
+				       const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa);
+    TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message,
+					   unsigned int messageSize,
+					   TPMT_SIGNATURE *tSignature,
+					   TPMI_ALG_HASH halg,
+					   EVP_PKEY *evpPkey);
+
+#ifndef TPM_TSS_NOECC
+    TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey,
+				 EVP_PKEY *evpPkey);
+    TPM_RC convertEcKeyToPrivateKeyBin(int 		*privateKeyBytes,
+				       uint8_t 		**privateKeyBin,
+				       const EC_KEY 	*ecKey);
+    TPM_RC convertEcKeyToPublicKeyBin(int 		*modulusBytes,
+				      uint8_t 		**modulusBin,
+				      const EC_KEY 	*ecKey);
+    TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC 		*objectPublic,
+					 int			keyType,
+					 TPMI_ALG_SIG_SCHEME 	scheme,
+					 TPMI_ALG_HASH 		nalg,
+					 TPMI_ALG_HASH		halg,
+					 TPMI_ECC_CURVE 	curveID,
+					 int 			modulusBytes,
+					 uint8_t 		*modulusBin);
+    TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE 		*objectPrivate,
+				 TPM2B_SENSITIVE 	*objectSensitive,
+				 EC_KEY 		*ecKey,
+				 const char 		*password);
+    TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC 		*objectPublic,
+				int			keyType,
+				TPMI_ALG_SIG_SCHEME 	scheme,
+				TPMI_ALG_HASH 		nalg,
+				TPMI_ALG_HASH		halg,
+				EC_KEY 			*ecKey);
+    TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey,	
+				      const TPMS_ECC_POINT *tpmsEccPoint);
+    TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message,
+					  unsigned int messageSize,
+					  TPMT_SIGNATURE *tSignature,
+					  EVP_PKEY *evpPkey);
+    TPM_RC getEcCurve(TPMI_ECC_CURVE *curveID,
+		      const EC_KEY *ecKey);
+    
+#endif /* TPM_TSS_NOECC */
+#endif /* TPM_TSS_NO_OPENSSL */
+
+    /*
+      mbedtls specific functions
+
+      These are not intended for general use, but are used by ekutils.c
+    */
+
+#ifdef TPM_TSS_MBEDTLS
+    
+    TPM_RC convertPkToRsaKey(mbedtls_rsa_context **rsaCtx,
+			     mbedtls_pk_context *pkCtx);
+    TPM_RC convertPkToEckey(mbedtls_ecp_keypair **ecCtx,
+			    mbedtls_pk_context	*pkCtx);
+    TPM_RC convertEcKeyToPublicKeyXYBin(size_t			*xBytes,
+					uint8_t 		**xBin,
+					size_t			*yBytes,
+					uint8_t 		**yBin,
+					mbedtls_ecp_keypair 	*ecKp);
+
+#endif	/* TPM_TSS_MBEDTLS */
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/dictionaryattacklockreset.c b/utils/dictionaryattacklockreset.c
new file mode 100644
index 000000000..897c6f544
--- /dev/null
+++ b/utils/dictionaryattacklockreset.c
@@ -0,0 +1,216 @@
+/********************************************************************************/
+/*										*/
+/*			    DictionaryAttackLockReset 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC				rc = 0;
+    int					i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    DictionaryAttackLockReset_In 	in;
+    const char				*password = NULL; 
+    TPMI_SH_AUTH_SESSION    		sessionHandle0 = TPM_RS_PW;
+    unsigned int			sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    		sessionHandle1 = TPM_RH_NULL;
+    unsigned int			sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    		sessionHandle2 = TPM_RH_NULL;
+    unsigned int			sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		password = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.lockHandle = TPM_RH_LOCKOUT;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_DictionaryAttackLockReset,
+			 sessionHandle0, password, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("dictionaryattacklockreset: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("dictionaryattacklockreset: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("dictionaryattacklockreset\n");
+    printf("\n");
+    printf("Runs TPM2_DictionaryAttackLockReset\n");
+    printf("\n");
+    printf("\t[-pwd\tlockout auth password (default empty)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/dictionaryattackparameters.c b/utils/dictionaryattackparameters.c
new file mode 100644
index 000000000..e359eb65c
--- /dev/null
+++ b/utils/dictionaryattackparameters.c
@@ -0,0 +1,255 @@
+/********************************************************************************/
+/*										*/
+/*			    DictionaryAttackParameters 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC				rc = 0;
+    int					i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    DictionaryAttackParameters_In 	in;
+    const char				*password = NULL;
+    uint32_t				newMaxTries = 1;
+    uint32_t				newRecoveryTime = 10;
+    uint32_t				lockoutRecovery = 1;
+    TPMI_SH_AUTH_SESSION    		sessionHandle0 = TPM_RS_PW;
+    unsigned int			sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    		sessionHandle1 = TPM_RH_NULL;
+    unsigned int			sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    		sessionHandle2 = TPM_RH_NULL;
+    unsigned int			sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		password = argv[i];
+	    }
+	    else {
+		printf("-pwd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nmt") == 0) {
+	    i++;
+	    if (i < argc) {
+		newMaxTries = atoi(argv[i]);
+	    }
+	    else {
+		printf("-nmt option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nrt") == 0) {
+	    i++;
+	    if (i < argc) {
+		newRecoveryTime = atoi(argv[i]);
+	    }
+	    else {
+		printf("-nrt option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-lr") == 0) {
+	    i++;
+	    if (i < argc) {
+		lockoutRecovery = atoi(argv[i]);
+	    }
+	    else {
+		printf("-lr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.lockHandle = TPM_RH_LOCKOUT;
+	in.newMaxTries = newMaxTries ;
+	in.newRecoveryTime = newRecoveryTime;
+	in.lockoutRecovery = lockoutRecovery;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_DictionaryAttackParameters,
+			 sessionHandle0, password, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("dictionaryattackparameters: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("dictionaryattackparameters: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("dictionaryattackparameters\n");
+    printf("\n");
+    printf("Runs TPM2_DictionaryAttackParameters\n");
+    printf("\n");
+    printf("\t[-pwd\tlockout auth password (default empty)]\n");
+    printf("\t[-nmt\tnew max tries (default 1 try)]\n");
+    printf("\t[-nrt\tnew recovery time (default 10 seconds)]\n");
+    printf("\t[-lr\tlockout recovery (default 1 second)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/duplicate.c b/utils/duplicate.c
new file mode 100644
index 000000000..87b33a4ca
--- /dev/null
+++ b/utils/duplicate.c
@@ -0,0 +1,353 @@
+/********************************************************************************/
+/*										*/
+/*			   Duplicate		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Duplicate_In 		in;
+    Duplicate_Out 		out;
+    TPMI_DH_OBJECT		objectHandle = 0;
+    TPMI_DH_OBJECT		newParentHandle = TPM_RH_NULL;
+    const char 			*encryptionKeyInFilename = NULL;
+    const char 			*encryptionKeyOutFilename = NULL;
+    const char			*duplicateFilename = NULL;
+    const char			*outSymSeedFilename = NULL;
+    const char			*objectPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */
+    in.symmetricAlg.algorithm = TPM_ALG_NULL;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		objectPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &newParentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ik") == 0) {
+	    i++;
+	    if (i < argc) {
+		encryptionKeyInFilename = argv[i];
+	    }
+	    else {
+		printf("-ik option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"aes") == 0) {
+		    in.symmetricAlg.algorithm = TPM_ALG_AES;
+		    in.symmetricAlg.keyBits.aes = 128;
+		    in.symmetricAlg.mode.aes = TPM_ALG_CFB;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oek") == 0) {
+	    i++;
+	    if (i < argc) {
+		encryptionKeyOutFilename = argv[i];
+	    }
+	    else {
+		printf("-oek option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-od") == 0) {
+	    i++;
+	    if (i < argc) {
+		duplicateFilename = argv[i];
+	    }
+	    else {
+		printf("-od option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oss") == 0) {
+	    i++;
+	    if (i < argc) {
+		outSymSeedFilename = argv[i];
+	    }
+	    else {
+		printf("-oss option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (objectHandle == 0) {
+	printf("Missing or bad object handle parameter -ho\n");
+	printUsage();
+    }
+    if ((in.symmetricAlg.algorithm == TPM_ALG_NULL) &&
+	(encryptionKeyInFilename != NULL)) {
+	printf("-ik needs -salg\n");
+	printUsage();
+    }
+    if ((in.symmetricAlg.algorithm != TPM_ALG_NULL) &&
+	(encryptionKeyInFilename == NULL)) {
+	printf("-salg needs -ik\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.objectHandle = objectHandle;
+	in.newParentHandle = newParentHandle;
+    }
+    /* optional symmetric encryption key */
+    if (encryptionKeyInFilename != NULL) {
+	rc = TSS_File_Read2B(&in.encryptionKeyIn.b,
+			     sizeof(in.encryptionKeyIn.t.buffer),
+			     encryptionKeyInFilename);
+    }
+    else {
+	in.encryptionKeyIn.t.size = 0;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Duplicate,
+			 sessionHandle0, objectPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (encryptionKeyOutFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.encryptionKeyOut.t.buffer,
+				      out.encryptionKeyOut.t.size,
+				      encryptionKeyOutFilename);
+    }
+    if ((rc == 0) && (duplicateFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.duplicate.t.buffer,
+				      out.duplicate.t.size,
+				      duplicateFilename);
+    }
+    if ((rc == 0) && (outSymSeedFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.outSymSeed.t.secret,
+				      out.outSymSeed.t.size,
+				      outSymSeedFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("duplicate: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("duplicate: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("duplicate\n");
+    printf("\n");
+    printf("Runs TPM2_Duplicate\n");
+    printf("\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t[-pwdo\tpassword for object (default empty)]\n");
+    printf("\t[-hp\tnew parent handle (default TPM_RH_NULL)]\n");
+    printf("\t[-ik\tencryption key in file name]\n");
+    printf("\t[-salg\tsymmetric algorithm (aes)(default none)]\n");
+    printf("\n");
+    printf("\t[-oek\tencryption key out file name (default do not save)]\n");
+    printf("\t[-od\tduplicate private area file name (default do not save)]\n");
+    printf("\t[-oss\tsymmetric seed file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/eccparameters.c b/utils/eccparameters.c
new file mode 100644
index 000000000..2c264f723
--- /dev/null
+++ b/utils/eccparameters.c
@@ -0,0 +1,172 @@
+/********************************************************************************/
+/*										*/
+/*			   ECC_Parameters					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ECC_Parameters_In 		in;
+    ECC_Parameters_Out 		out;
+    const char 			*datafilename = NULL;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    in.curveID = TPM_ECC_NONE;
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-cv") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"bnp256") == 0) {
+		    in.curveID = TPM_ECC_BN_P256;
+		}
+		else if (strcmp(argv[i],"nistp256") == 0) {
+		    in.curveID = TPM_ECC_NIST_P256;
+		}
+		else if (strcmp(argv[i],"nistp384") == 0) {
+		    in.curveID = TPM_ECC_NIST_P384;
+		}
+		else {
+		    printf("Bad parameter %s for -cv\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-cv option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i], "-of")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (in.curveID == TPM_ECC_NONE) {
+	printf("Missing or bad parameter for -cv\n");
+	printUsage();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ECC_Parameters,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (datafilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.parameters,
+				     (MarshalFunction_t)TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal,
+				     datafilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("eccparameters: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("eccparameters: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("eccparameters\n");
+    printf("\n");
+    printf("Runs TPM2_ECC_Parameters\n");
+    printf("\n");
+    printf("\t-cv\tcurve ID\n");
+    printf("\t\tbnp256\n");
+    printf("\t\tnistp256\n");
+    printf("\t\tnistp384\n");
+    printf("\t[-of data file, ECC parameters (default do not save)]\n");
+    exit(1);	
+}
diff --git a/utils/ecephemeral.c b/utils/ecephemeral.c
new file mode 100644
index 000000000..bd1e61d9b
--- /dev/null
+++ b/utils/ecephemeral.c
@@ -0,0 +1,195 @@
+/********************************************************************************/
+/*										*/
+/*			    EC_Ephemeral					*/
+/*	     		Written by Bill Martin 					*/
+/*                 Green Hills Integrity Software Services 			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+/* 
+
+
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 			rc = 0;
+    int 			i;    /* argc iterator */
+    TSS_CONTEXT 		*tssContext = NULL;
+    EC_Ephemeral_In 		in;
+    EC_Ephemeral_Out            out;
+    TPMI_ECC_CURVE              curveID = TPM_ECC_NONE;
+    const char                  *QFilename = NULL;
+    const char                  *counterFilename = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i], "-ecc") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"bnp256") == 0) {
+		    curveID = TPM_ECC_BN_P256;
+		}
+		else if (strcmp(argv[i],"nistp256") == 0) {
+		    curveID = TPM_ECC_NIST_P256;
+		}
+		else if (strcmp(argv[i],"nistp384") == 0) {
+		    curveID = TPM_ECC_NIST_P384;
+		}
+		else {
+		    printf("Bad parameter %s for -ecc\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-ecc option needs a value\n");
+		printUsage();
+	    }
+	}
+        else if (strcmp(argv[i], "-oq") == 0) {
+            i++;
+            if (i < argc) {
+                QFilename = argv[i];
+            } else {
+                printf("-oq option needs a value\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i], "-cf")  == 0) {
+	    i++;
+	    if (i < argc) {
+		counterFilename = argv[i];
+	    } else {
+		printf("-cf option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (curveID == TPM_ECC_NONE) {
+	printf("Missing curve ID -ecc\n");
+	printUsage();
+    }
+    if (rc == 0) {
+        in.curveID = curveID;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+                         (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_EC_Ephemeral,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	} 
+    }
+    if ((rc == 0) && (QFilename != NULL)) {
+        rc = TSS_File_WriteStructure(&out.Q,
+                                     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal,
+				     QFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("counter is %d\n", out.counter);
+	if (counterFilename != NULL)  {
+	    rc = TSS_File_WriteStructure(&out.counter,
+					 (MarshalFunction_t)TSS_UINT16_Marshal,
+					 counterFilename);
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("ecephemeral: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("ecephemeral: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("ecephmeral\n");
+    printf("\n");
+    printf("Runs TPM2_EC_Ephemeral\n");
+    printf("\n");
+    printf("\t-ecc\tcurve\n");
+    printf("\t\tbnp256\n");
+    printf("\t\tnistp256\n");
+    printf("\t\tnistp384\n");
+    printf("\t[-oq\toutput Q ephemeral public key file name (default do not save)]\n");
+    printf("\t[-cf\toutput counter file name (default do not save)]\n");
+    exit(1); 
+}
diff --git a/utils/ekutils.c b/utils/ekutils.c
new file mode 100644
index 000000000..4e3fcbc4b
--- /dev/null
+++ b/utils/ekutils.c
@@ -0,0 +1,2314 @@
+/********************************************************************************/
+/*										*/
+/*			EK Index Parsing Utilities (and more)			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* These functions are worthwhile sample code that probably (judgment call) do not belong in the
+   TSS library.
+
+   They started as code to manipulate EKs, EK templates, and EK certificates.
+
+   Other useful X509 certificate crypto functions are migrating here.  Much of it is OpenSSL
+   specific, but it also provides examples of how to port from OpenSSL 1.0 to 1.1.
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <limits.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include "cryptoutils.h"
+#include "ekutils.h"
+
+/* windows apparently uses _MAX_PATH in stdlib.h */
+#ifndef PATH_MAX
+#ifdef _MAX_PATH
+#define PATH_MAX _MAX_PATH
+#else
+/* Debian/Hurd does not define MAX_PATH */
+#define PATH_MAX 4096
+#endif
+#endif
+
+/* The print flag is set by the caller, depending on whether it wants information displayed.
+
+   tssUtilsVerbose is a global, used for verbose debug print
+
+   Errors are always printed.
+*/
+
+extern int tssUtilsVerbose;
+
+#ifdef TPM_TPM20
+
+/* readNvBufferMax() determines the maximum NV read/write block size.  The limit is typically set by
+   the TPM property TPM_PT_NV_BUFFER_MAX.  However, it's possible that a value could be larger than
+   the TSS side structure MAX_NV_BUFFER_SIZE.
+*/
+
+TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext,
+		       uint32_t *nvBufferMax)
+{
+    TPM_RC			rc = 0;
+    GetCapability_In 		in;
+    GetCapability_Out		out;
+
+    in.capability = TPM_CAP_TPM_PROPERTIES;
+    in.property = TPM_PT_NV_BUFFER_MAX;
+    in.propertyCount = 1;	/* ask for one property */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_GetCapability,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    /* sanity check that the property name is correct (demo of how to parse the structure) */
+    if (rc == 0) {
+	if ((out.capabilityData.data.tpmProperties.count > 0) &&
+	    (out.capabilityData.data.tpmProperties.tpmProperty[0].property ==
+	     TPM_PT_NV_BUFFER_MAX)) {
+	    *nvBufferMax = out.capabilityData.data.tpmProperties.tpmProperty[0].value;
+	}
+	else {
+	    if (tssUtilsVerbose) printf("readNvBufferMax: wrong property returned: %08x\n",
+		   out.capabilityData.data.tpmProperties.tpmProperty[0].property);
+	    /* hard code a value for a back level HW TPM that does not implement
+	       TPM_PT_NV_BUFFER_MAX yet */
+	    *nvBufferMax = 512;
+	}
+	if (tssUtilsVerbose) printf("readNvBufferMax: TPM max read/write: %u\n", *nvBufferMax);
+	/* in addition, the maximum TSS side structure MAX_NV_BUFFER_SIZE is accounted for.  The TSS
+	   value is typically larger than the TPM value. */
+	if (*nvBufferMax > MAX_NV_BUFFER_SIZE) {
+	    *nvBufferMax = MAX_NV_BUFFER_SIZE;
+	}
+	if (tssUtilsVerbose) printf("readNvBufferMax: combined max read/write: %u\n", *nvBufferMax);
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("getcapability: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* getIndexSize() uses TPM2_NV_ReadPublic() to return the NV index size */
+
+TPM_RC getIndexSize(TSS_CONTEXT *tssContext,
+		    uint16_t *dataSize,
+		    TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC			rc = 0;
+    NV_ReadPublic_In 		in;
+    NV_ReadPublic_Out		out;
+    
+    if (rc == 0) {
+	/* if (tssUtilsVerbose) printf("getIndexSize: index %08x\n", nvIndex); */
+	in.nvIndex = nvIndex;
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_ReadPublic,
+			 TPM_RH_NULL, NULL, 0);
+	/* only print if verbose, since EK nonce and template index may not exist */
+	if ((rc != 0) && tssUtilsVerbose) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("nvreadpublic: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	}
+    }
+    if (rc == 0) {
+	/* if (tssUtilsVerbose) printf("getIndexSize: size %u\n", out.nvPublic.t.nvPublic.dataSize); */
+	*dataSize = out.nvPublic.nvPublic.dataSize;
+    }
+    return rc;
+}
+
+/* getIndexData() uses TPM2_NV_Read() to return the NV index contents.
+
+   It assumes index authorization with an empty password
+*/
+
+TPM_RC getIndexData(TSS_CONTEXT *tssContext,
+		    unsigned char **readBuffer,		/* freed by caller */
+		    TPMI_RH_NV_INDEX nvIndex,
+		    uint16_t readDataSize)		/* total size to read */
+{
+    TPM_RC			rc = 0;
+    int				done = FALSE;
+    uint32_t 			nvBufferMax;
+    uint16_t 			bytesRead;			/* bytes read so far */
+    NV_Read_In 			in;
+    NV_Read_Out			out;
+    
+    /* data may have to be read in chunks.  Read the TPM_PT_NV_BUFFER_MAX, the chunk size */
+    if (rc == 0) {
+	rc = readNvBufferMax(tssContext,
+			     &nvBufferMax);
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("getIndexData: index %08x\n", nvIndex);
+	in.authHandle = nvIndex;	/* index authorization */
+	in.nvIndex = nvIndex;
+	in.offset = 0;			/* start at beginning */
+	bytesRead = 0;			/* bytes read so far */
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(readBuffer, readDataSize);
+    }
+    /* call TSS to execute the command */
+    while ((rc == 0) && !done) {
+	if (rc == 0) {
+	    /* read a chunk */
+	    in.offset = bytesRead;
+	    if ((uint32_t)(readDataSize - bytesRead) < nvBufferMax) {
+		in.size = readDataSize - bytesRead;	/* last chunk */
+	    }
+	    else {
+		in.size = nvBufferMax;		/* next chunk */
+	    }
+	}
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_NV_Read,
+			     TPM_RS_PW, NULL, 0,
+			     TPM_RH_NULL, NULL, 0);
+	    if (rc != 0) {
+		const char *msg;
+		const char *submsg;
+		const char *num;
+		printf("nvread: failed, rc %08x\n", rc);
+		TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+		printf("%s%s%s\n", msg, submsg, num);
+	    }
+	}
+ 	/* copy the results to the read buffer */
+	if (rc == 0) {
+	    memcpy(*readBuffer + bytesRead, out.data.b.buffer, out.data.b.size);
+	    bytesRead += out.data.b.size;
+	    if (bytesRead == readDataSize) {
+		done = TRUE;
+	    }
+	}
+    }
+    return rc;
+}
+
+/* getIndexContents() uses TPM2_NV_ReadPublic() to get the NV index size, then uses TPM2_NV_Read()
+   to read the entire contents.
+
+*/
+
+TPM_RC getIndexContents(TSS_CONTEXT *tssContext,
+			unsigned char **readBuffer,		/* freed by caller */
+			uint16_t *readBufferSize,		/* total size read */
+			TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC			rc = 0;
+
+    /* first read the public index size */
+    if (rc == 0) {
+	rc = getIndexSize(tssContext, readBufferSize, nvIndex);
+    }
+    /* read the entire index */
+    if (rc == 0) {
+	rc = getIndexData(tssContext,
+			  readBuffer,			/* freed by caller */
+			  nvIndex,
+			  *readBufferSize);		/* total size to read */
+    }
+    return rc;
+}
+
+/* IWG (TCG Infrastructure Work Group) default EK primary key policy */
+
+static const unsigned char iwgPolicy[] = {
+    0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24,
+    0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA
+};
+
+/* RSA EK primary key IWG default template */
+
+void getRsaTemplate(TPMT_PUBLIC *tpmtPublic)
+{
+    tpmtPublic->type = TPM_ALG_RSA;
+    tpmtPublic->nameAlg = TPM_ALG_SHA256;
+    tpmtPublic->objectAttributes.val = TPMA_OBJECT_FIXEDTPM |
+				       TPMA_OBJECT_FIXEDPARENT |
+				       TPMA_OBJECT_SENSITIVEDATAORIGIN |
+				       TPMA_OBJECT_ADMINWITHPOLICY |
+				       TPMA_OBJECT_RESTRICTED |
+				       TPMA_OBJECT_DECRYPT;
+    tpmtPublic->authPolicy.t.size = 32;
+    memcpy(&tpmtPublic->authPolicy.t.buffer, iwgPolicy, 32);
+    tpmtPublic->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
+    tpmtPublic->parameters.rsaDetail.symmetric.keyBits.aes = 128;
+    tpmtPublic->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
+    tpmtPublic->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
+    tpmtPublic->parameters.rsaDetail.scheme.details.anySig.hashAlg = 0;
+    tpmtPublic->parameters.rsaDetail.keyBits = 2048;
+    tpmtPublic->parameters.rsaDetail.exponent = 0;
+    tpmtPublic->unique.rsa.t.size = 256;
+    memset(&tpmtPublic->unique.rsa.t.buffer, 0, 256);
+    return;
+}
+
+/* ECC EK primary key IWG default template */
+
+void getEccTemplate(TPMT_PUBLIC *tpmtPublic)
+{
+    tpmtPublic->type = TPM_ALG_ECC;
+    tpmtPublic->nameAlg = TPM_ALG_SHA256;
+    tpmtPublic->objectAttributes.val = TPMA_OBJECT_FIXEDTPM |
+				       TPMA_OBJECT_FIXEDPARENT |
+				       TPMA_OBJECT_SENSITIVEDATAORIGIN |
+				       TPMA_OBJECT_ADMINWITHPOLICY |
+				       TPMA_OBJECT_RESTRICTED |
+				       TPMA_OBJECT_DECRYPT;
+    tpmtPublic->authPolicy.t.size = sizeof(iwgPolicy);
+    memcpy(tpmtPublic->authPolicy.t.buffer, iwgPolicy, sizeof(iwgPolicy));
+    tpmtPublic->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES;
+    tpmtPublic->parameters.eccDetail.symmetric.keyBits.aes = 128;
+    tpmtPublic->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB;
+    tpmtPublic->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+    tpmtPublic->parameters.eccDetail.scheme.details.anySig.hashAlg = 0;
+    tpmtPublic->parameters.eccDetail.curveID = TPM_ECC_NIST_P256;
+    tpmtPublic->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+    tpmtPublic->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0;
+    tpmtPublic->unique.ecc.x.t.size = 32;	
+    memset(&tpmtPublic->unique.ecc.x.t.buffer, 0, 32);	
+    tpmtPublic->unique.ecc.y.t.size = 32;	
+    memset(&tpmtPublic->unique.ecc.y.t.buffer, 0, 32);	
+    return;
+}
+
+/* getIndexX509Certificate() reads the X509 certificate from the nvIndex and converts the DER
+   (binary) to OpenSSL X509 format
+
+*/
+
+TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext,
+			       void **certificate,		/* freed by caller */
+			       TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC			rc = 0;
+    unsigned char 		*certData = NULL; 		/* freed @1 */
+    uint16_t 			certSize;
+
+    /* read the certificate from NV to a DER stream */
+    if (rc == 0) {
+	rc = getIndexContents(tssContext,
+			      &certData,
+			      &certSize,
+			      nvIndex);
+    }
+    /* unmarshal the DER stream to an OpenSSL X509 structure */
+    if (rc == 0) {
+	unsigned char 		*tmpData = NULL; 
+	tmpData = certData;			/* tmp pointer because d2i moves the pointer */
+	*certificate = d2i_X509(NULL,			/* freed by caller */
+				 (const unsigned char **)&tmpData, certSize);
+	if (*certificate == NULL) {
+	    printf("getIndexX509Certificate: Could not parse X509 certificate\n");
+	    rc = TPM_RC_INTEGRITY;
+	}
+    }
+    free(certData);			/* @1 */
+    return rc;
+}
+
+#endif	/* TPM20 */
+
+#ifndef TPM_TSS_NOFILE
+#ifndef TPM_TSS_NORSA
+
+/* getPubkeyFromDerCertFile() gets an OpenSSL RSA public key token from a DER format X509
+   certificate stored in a file.
+
+   Returns both the OpenSSL X509 certificate token and RSA public key token.
+*/
+
+uint32_t getPubkeyFromDerCertFile(RSA  **rsaPkey,
+				  X509 **x509,
+				  const char *derCertificateFileName)
+{
+    uint32_t rc = 0;
+    FILE *fp = NULL;
+
+    /* open the file */
+    if (rc == 0) {
+	fp = fopen(derCertificateFileName, "rb");
+	if (fp == NULL) {
+	    printf("getPubkeyFromDerCertFile: Error opening %s\n", derCertificateFileName);
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    /* read the file and convert the X509 DER to OpenSSL format */
+    if (rc == 0) {
+	*x509 = d2i_X509_fp(fp, NULL);
+	if (*x509 == NULL) {
+	    printf("getPubkeyFromDerCertFile: Error converting %s\n", derCertificateFileName);
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* extract the OpenSSL format public key from the X509 token */
+    if (rc == 0) {
+	rc = getPubKeyFromX509Cert(rsaPkey, *x509);
+    }
+    /* for debug, print the X509 certificate */
+    if (rc == 0) {
+	if (tssUtilsVerbose) X509_print_fp(stdout, *x509);
+    }
+    if (fp != NULL) {
+	fclose(fp);
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+#endif /* TPM_TSS_NOFILE */
+
+#ifndef TPM_TSS_NORSA
+
+/* getPubKeyFromX509Cert() gets an OpenSSL RSA public key token from an OpenSSL X509 certificate
+   token. */
+
+uint32_t getPubKeyFromX509Cert(RSA  **rsaPkey,
+			       X509 *x509)
+{
+    uint32_t rc = 0;
+    EVP_PKEY *evpPkey = NULL;
+
+    if (rc == 0) {
+	evpPkey = X509_get_pubkey(x509);	/* freed @1 */
+	if (evpPkey == NULL) {
+	    printf("getPubKeyFromX509Cert: X509_get_pubkey failed\n");  
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	*rsaPkey = EVP_PKEY_get1_RSA(evpPkey);
+	if (*rsaPkey == NULL) {
+	    printf("getPubKeyFromX509Cert: EVP_PKEY_get1_RSA failed\n");  
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+#endif /* TPM_TSS_NORSA */
+
+#ifndef TPM_TSS_NOFILE
+
+/* getRootCertificateFilenames() reads listFilename, which is a list of filenames.  The intent is
+   that the filenames are a list of EK TPM vendor root certificates in PEM format.
+
+   It accepts up to MAX_ROOTS filenames, which is a #define.
+
+*/
+
+TPM_RC getRootCertificateFilenames(char *rootFilename[],
+				   unsigned int *rootFileCount,
+				   const char *listFilename,
+				   int print)
+{
+    TPM_RC		rc = 0;
+    int			done = 0;
+    FILE		*listFile = NULL;		/* closed @1 */
+
+    *rootFileCount = 0;
+
+    if (rc == 0) {
+	listFile = fopen(listFilename, "rb");		/* closed @1 */
+	if (listFile == NULL) {
+	    printf("getRootCertificateFilenames: Error opening list file %s\n",
+		   listFilename);  
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    while ((rc == 0) && !done && (*rootFileCount < MAX_ROOTS)) {
+	size_t rootFilenameLength;
+	if (rc == 0) {
+	    rootFilename[*rootFileCount] = malloc(PATH_MAX);
+	    if (rootFilename[*rootFileCount] == NULL) {
+		printf("getRootCertificateFilenames: Error allocating memory\n");
+		rc = TSS_RC_OUT_OF_MEMORY;
+	    }
+	}
+	if (rc == 0) {
+	    char *tmpptr = fgets(rootFilename[*rootFileCount], PATH_MAX-1, listFile);
+	    if (tmpptr == NULL) {	/* end of file */
+		free(rootFilename[*rootFileCount]);	/* free malloced but unused entry */
+		done = 1;
+	    }
+	}
+	if ((rc == 0) && !done) {
+	    rootFilenameLength = strlen(rootFilename[*rootFileCount]);
+	    if (rootFilename[*rootFileCount][rootFilenameLength-1] != '\n') {
+		printf("getRootCertificateFilenames: filename %s too long\n",
+		       rootFilename[*rootFileCount]);
+		rc = TSS_RC_OUT_OF_MEMORY;
+		free(rootFilename[*rootFileCount]);	/* free malloced but bad entry */
+		done = 1;
+	    }
+	}
+	if ((rc == 0) && !done) {
+	    rootFilename[*rootFileCount][rootFilenameLength-1] = '\0';	/* remove newline */
+	    if (print) printf("getRootCertificateFilenames: Root file name %u\n%s\n",
+			      *rootFileCount, rootFilename[*rootFileCount]);
+	    (*rootFileCount)++;
+	}
+    }
+    if (listFile != NULL) {
+	fclose(listFile);		/* @1 */
+    }
+    return rc;
+}
+
+#endif
+
+#ifndef TPM_TSS_NOFILE
+
+/* getCaStore() creates an OpenSSL X509_STORE, populated by the root certificates in the
+   rootFilename array.  Depending on the vendor, some certificates may be intermediate certificates.
+   OpenSSL handles this internally by walking the chain back to the root.
+
+   The caCert array is returned because it must be freed after the caStore is freed
+
+   NOTE:  There is no TPM interaction.
+*/ 
+
+TPM_RC getCaStore(X509_STORE **caStore,		/* freed by caller */
+		  X509 	*caCert[],		/* freed by caller */
+		  const char *rootFilename[],
+		  unsigned int rootFileCount)
+{
+    TPM_RC			rc = 0;
+    FILE 			*caCertFile = NULL;		/* closed @1 */
+    unsigned int 		i;
+
+    if (rc == 0) {
+	*caStore  = X509_STORE_new();
+	if (*caStore == NULL) {
+	    printf("getCaStore: X509_store_new failed\n");  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    for (i = 0 ; (i < rootFileCount) && (rc == 0) ; i++) {
+	/* read a root certificate from the file */
+	caCertFile = fopen(rootFilename[i], "rb");	/* closed @1 */
+	if (caCertFile == NULL) {
+	    printf("getCaStore: Error opening CA root certificate file %s\n",
+		   rootFilename[i]);  
+	    rc = TSS_RC_FILE_OPEN;
+	}
+	/* convert the root certificate from PEM to X509 */
+	if (rc == 0) {
+	    caCert[i] = PEM_read_X509(caCertFile, NULL, NULL, NULL);	/* freed by caller */
+	    if (caCert[i] == NULL) {
+		printf("getCaStore: Error reading CA root certificate file %s\n",
+		       rootFilename[i]);  
+		rc = TSS_RC_FILE_READ;
+	    } 
+	}
+	if ((rc == 0) && tssUtilsVerbose) {
+	    X509_NAME *x509Name;
+	    char *subject = NULL;
+	    x509Name = X509_get_subject_name(caCert[i]);
+	    subject = X509_NAME_oneline(x509Name, NULL, 0);
+	    printf("getCaStore: subject %u: %s\n", i, subject);
+	    OPENSSL_free(subject);
+	}
+
+	/* add the CA X509 certificate to the certificate store */
+	if (rc == 0) {
+	    X509_STORE_add_cert(*caStore, caCert[i]);    
+	}
+	if (caCertFile != NULL) {
+	    fclose(caCertFile);		/* @1 */
+	    caCertFile = NULL;
+	}
+    }
+    return rc;
+}
+
+#endif
+
+#ifndef TPM_TSS_NOFILE
+
+/* verifyCertificate() verifies a certificate (typically an EK certificate against the root CA
+   certificate (typically the TPM vendor CA certificate chain)
+
+   The 'rootFileCount' root certificates are stored in the files whose paths are in the array
+   'rootFilename'
+
+*/
+
+TPM_RC verifyCertificate(void *x509Certificate,
+			 const char *rootFilename[],
+			 unsigned int rootFileCount,
+			 int print)
+{
+    TPM_RC			rc = 0;
+    unsigned int		i;
+    X509_STORE 			*caStore = NULL;	/* freed @1 */
+    X509 			*caCert[MAX_ROOTS];	/* freed @2 */
+    X509_STORE_CTX 		*verifyCtx = NULL;	/* freed @3 */
+
+    for (i = 0 ; i < rootFileCount ; i++) {
+	caCert[i] = NULL;    				/* for free @2 */
+    }
+    /* get the root CA certificate chain */
+    if (rc == 0) {
+	rc = getCaStore(&caStore,			/* freed @1 */
+			caCert,				/* freed @2 */
+			rootFilename,
+			rootFileCount);
+    }
+    /* create the certificate verify context */
+    if (rc == 0) {
+	verifyCtx = X509_STORE_CTX_new();		/* freed @3 */
+	if (verifyCtx == NULL) {
+	    printf("verifyCertificate: X509_STORE_CTX_new failed\n");  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* add the root certificate store and EK certificate to be verified to the verify context */
+    if (rc == 0) {
+	int irc = X509_STORE_CTX_init(verifyCtx,
+				      caStore,		/* trusted certificates */
+				      x509Certificate,	/* end entity certificate */
+				      NULL);		/* untrusted (intermediate) certificates */
+	if (irc != 1) {
+	    printf("verifyCertificate: "
+		   "Error in X509_STORE_CTX_init initializing verify context\n");  
+	    rc = TSS_RC_RSA_SIGNATURE;
+	}	    
+    }
+    /* walk the certificate chain */
+    if (rc == 0) {
+	int irc = X509_verify_cert(verifyCtx);
+	if (irc != 1) {
+	    printf("verifyCertificate: Error in X509_verify_cert verifying certificate\n");  
+	    rc = TSS_RC_RSA_SIGNATURE;
+	}
+	else {
+	    if (print) printf("EK certificate verified against the root\n");
+	}
+    }
+    if (caStore != NULL) {
+	X509_STORE_free(caStore);	/* @1 */
+    }
+    for (i = 0 ; i < rootFileCount ; i++) {
+	X509_free(caCert[i]);	   	/* @2 */
+    }
+    if (verifyCtx != NULL) {
+	X509_STORE_CTX_free(verifyCtx);	/* @3 */
+    }
+    return rc;
+}
+
+/* verifyKeyUsage() validates the key usage for an EK.
+
+   If the EK has the decrypt attribute set, the keyEncipherment bit MUST be set for an RSA EK
+   certificate; the keyAgreement bit MUST be set for an ECC EK certificate.
+*/
+
+TPM_RC verifyKeyUsage(X509 *ekX509Certificate,		/* X509 certificate */
+		      int pkeyType,			/* RSA or ECC */
+		      int print)
+{
+    TPM_RC		rc = 0;
+    ASN1_BIT_STRING 	*keyUsage = NULL;
+    uint8_t 		bitmap;
+    int 		keyAgreement;		/* boolean flags */
+    int 		keyEncipherment;
+    
+    if (rc == 0) {
+	keyUsage = X509_get_ext_d2i(ekX509Certificate, NID_key_usage,	/* freed @1 */
+				    NULL, NULL);
+	if (keyUsage == NULL) {
+	    printf("verifyKeyUsage: Cannot find key usage\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	if (keyUsage->length == 0) {
+	    printf("verifyKeyUsage: Key usage length 0 bytes\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	bitmap = keyUsage->data[0];
+	keyEncipherment = bitmap & (1<<5);		/* bit 2 little endian */
+	keyAgreement = bitmap & (1<<3);			/* bit 4 little endian */
+	if (keyEncipherment) {		/* bit 2 little endian */
+	    if (print) printf("verifyKeyUsage: Key Encipherment\n");
+	}
+	if (keyAgreement) {		/* bit 4 little endian */
+	    if (print) printf("verifyKeyUsage: Key Agreement\n");
+	}
+	if (pkeyType == EVP_PKEY_RSA) {
+	    if (!keyEncipherment) {
+		printf("ERROR: verifyKeyUsage: RSA Key usage %02x not Key Encipherment\n",
+		       bitmap);
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	else if (pkeyType ==  EVP_PKEY_EC) {
+	    /* ECC should be key agreement, but some HW TPMs use key encipherment */
+	    if (!keyEncipherment && !keyAgreement) {
+		printf("ERROR: verifyKeyUsage: ECC Key usage %02x not "
+		       "Key agreement or key encipherment\n",
+		       bitmap);
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	else {
+	    printf("ERROR: verifyKeyUsage: Public key is not RSA or ECC\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (keyUsage != NULL) {
+	ASN1_BIT_STRING_free(keyUsage);		/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOFILE */
+
+#ifdef TPM_TPM20
+
+/* processEKNonce()reads the EK nonce from NV and returns the contents and size */
+   
+TPM_RC processEKNonce(TSS_CONTEXT *tssContext,
+		      unsigned char **nonce, 	/* freed by caller */
+		      uint16_t *nonceSize,
+		      TPMI_RH_NV_INDEX ekNonceIndex,
+		      int print)
+{
+    TPM_RC			rc = 0;
+
+    if (rc == 0) { 
+	rc = getIndexContents(tssContext,
+			      nonce,
+			      nonceSize,
+			      ekNonceIndex);
+    }
+    /* optional tracing */
+    if (rc == 0) {
+	if (print) TSS_PrintAll("EK Nonce: ", *nonce, *nonceSize);
+    }
+    return rc;
+}
+
+/* processEKTemplate() reads the EK template from NV and returns the unmarshaled TPMT_PUBLIC */
+
+TPM_RC processEKTemplate(TSS_CONTEXT *tssContext,
+			 TPMT_PUBLIC *tpmtPublic,
+			 TPMI_RH_NV_INDEX ekTemplateIndex,
+			 int print)
+{
+    TPM_RC			rc = 0;
+    uint16_t 			dataSize;
+    unsigned char 		*data = NULL; 		/* freed @1 */
+    uint32_t 			tmpDataSize;
+    unsigned char 		*tmpData = NULL; 
+
+    if (rc == 0) {
+	rc = getIndexContents(tssContext,
+			      &data,
+			      &dataSize,
+			      ekTemplateIndex);
+    }
+    /* unmarshal the data stream */
+    if (rc == 0) {
+	tmpData = data;		/* temps because unmarshal moves the pointers */
+	tmpDataSize = dataSize;
+	rc = TSS_TPMT_PUBLIC_Unmarshalu(tpmtPublic, &tmpData, &tmpDataSize, YES);
+    }
+    /* optional tracing */
+    if (rc == 0) {
+	if (print) TSS_TPMT_PUBLIC_Print(tpmtPublic, 0);
+    }
+    free(data);   			/* @1 */
+    return rc;
+}
+
+/* processEKCertificate() reads the EK certificate from NV and returns an X509 certificate
+   structure.  It also extracts and returns the public modulus.
+
+   The return is void because the structure is opaque to the caller.  This accomodates other crypto
+   libraries.
+
+   ekCertificate is an X509 structure.
+*/
+    
+TPM_RC processEKCertificate(TSS_CONTEXT *tssContext,
+			    void **ekCertificate,	/* freed by caller */
+			    uint8_t **modulusBin,	/* freed by caller */
+			    int *modulusBytes,
+			    TPMI_RH_NV_INDEX ekCertIndex,
+			    int print)
+{
+    TPM_RC			rc = 0;
+
+    /* read the EK X509 certificate from NV and convert the DER (binary) to OpenSSL X509 format */
+    if (rc == 0) {
+	rc = getIndexX509Certificate(tssContext,
+				     ekCertificate,	/* freed by caller */
+				     ekCertIndex);
+	if (rc != 0) {
+	    printf("No EK certificate\n");
+	}
+    }
+    /* extract the public modulus from the X509 structure */
+    if (rc == 0) {
+	rc = convertCertificatePubKey(modulusBin,	/* freed by caller */
+				      modulusBytes,
+				      *ekCertificate,
+				      ekCertIndex,
+				      print);
+    }
+    return rc;
+}
+
+#endif	/* TPM20 */
+
+/* convertX509ToDer() serializes the openSSL X509 structure to a DER certificate
+
+ */
+
+TPM_RC convertX509ToDer(uint32_t *certLength,
+			unsigned char **certificate,	/* output, freed by caller */
+			X509 *x509Certificate)		/* input */
+{
+    TPM_RC 		rc = 0;		/* general return code */
+    int			irc;
+
+    /* sanity check for memory leak */
+    if (rc == 0) {
+	if (*certificate != NULL) {
+	    printf("ERROR: convertX509ToDer: Error, certificate not NULL at entry\n");
+	    rc = TSS_RC_X509_ERROR;
+	}	
+    }
+    if (rc == 0) {
+	irc = i2d_X509(x509Certificate, NULL);
+	if (irc < 0) {
+	    printf("ERROR: convertX509ToDer: Error in certificate serialization i2d_X509()\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+	else {
+	    *certLength = irc; 
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(certificate, *certLength);
+    }
+    /* convert the X509 structure to binary (internal to DER format) */
+    if (rc == 0) {
+	unsigned char *tmpptr = *certificate;
+	if (tssUtilsVerbose) printf("convertX509ToDer: Serializing certificate\n");
+	irc = i2d_X509(x509Certificate, &tmpptr);
+	if (irc < 0) {
+	    printf("ERROR: convertX509ToDer: Error in certificate serialization i2d_X509()\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOECC
+
+/* convertX509ToEc extracts the public key from an X509 structure to an openssl EC_KEY structure
+
+ */
+
+TPM_RC convertX509ToEc(EC_KEY **ecKey,	/* freed by caller */
+		       X509 *x509)
+{
+    TPM_RC rc = 0;
+    EVP_PKEY *evpPkey = NULL;
+
+    if (tssUtilsVerbose) printf("convertX509ToEc: Entry\n\n");
+    if (rc == 0) {
+	evpPkey = X509_get_pubkey(x509);	/* freed @1 */
+	if (evpPkey == NULL) {
+	    printf("ERROR: convertX509ToEc: X509_get_pubkey failed\n");  
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    if (rc == 0) {
+	*ecKey = EVP_PKEY_get1_EC_KEY(evpPkey);
+	if (*ecKey == NULL) {
+	    printf("ERROR: convertX509ToEc: EVP_PKEY_get1_EC_KEY failed\n");  
+	    rc = TSS_RC_EC_KEY_CONVERT;
+	}
+    }
+    if (evpPkey != NULL) {
+	EVP_PKEY_free(evpPkey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* convertCertificatePubKey() returns the public modulus from an openssl X509 certificate
+   structure.  ekCertIndex determines whether the algorithm is RSA or ECC.
+
+   If print is true, prints the EK certificate
+
+   The return is void because the structure is opaque to the caller.  This accomodates other crypto
+   libraries.
+
+   ekCertificate is an X509 structure.
+*/
+
+TPM_RC convertCertificatePubKey(uint8_t **modulusBin,	/* freed by caller */
+				int *modulusBytes,
+				void *ekCertificate,
+				TPMI_RH_NV_INDEX ekCertIndex,
+				int print)
+{
+    TPM_RC			rc = 0;
+    EVP_PKEY 			*pkey = NULL;
+    int 			pkeyType;	/* RSA or EC */
+    
+    /* use openssl to print the X509 certificate */
+#ifndef TPM_TSS_NOFILE		/* stdout is a file descriptor */
+    if (rc == 0) {
+	if (print) X509_print_fp(stdout, ekCertificate);
+    }
+#endif
+    /* extract the public key */
+    if (rc == 0) {
+	pkey = X509_get_pubkey(ekCertificate);		/* freed @2 */
+	if (pkey == NULL) {
+#ifndef TPM_TSS_NORSA
+	    if (tssUtilsVerbose) printf("convertCertificatePubKey: "
+				"Could not extract public key from X509 certificate, "
+				"may be TPM 1.2\n");
+	    /* if the conversion failed, this may be a TPM 1.2 certificate with a non-standard TCG
+	       algorithm.  Try a different method to get the public modulus. */
+	    rc = convertCertificatePubKey12(modulusBin,	/* freed by caller */
+					    modulusBytes,
+					    ekCertificate);
+#else	    
+	    printf("convertCertificatePubKey12: Could not extract X509_PUBKEY public key "
+		   "from X509 certificate\n");
+	    rc =  TPM_RC_INTEGRITY;
+#endif /* TPM_TSS_NORSA */
+
+	}
+	else {
+	    if (rc == 0) {
+		pkeyType = getRsaPubkeyAlgorithm(pkey);
+	    }
+	    switch (ekCertIndex) {
+#ifndef TPM_TSS_NORSA
+	      case EK_CERT_RSA_INDEX:
+		  {
+		      RSA *rsaKey = NULL;
+		      /* check that the public key algorithm matches the ekCertIndex algorithm */
+		      if (rc == 0) {
+			  if (pkeyType != EVP_PKEY_RSA) {
+			      printf("convertCertificatePubKey: "
+				     "Public key from X509 certificate is not RSA\n");
+			      rc = TPM_RC_INTEGRITY;
+			  }
+		      }
+		      /* convert the public key to OpenSSL structure */
+		      if (rc == 0) {
+			  rsaKey = EVP_PKEY_get1_RSA(pkey);		/* freed @3 */
+			  if (rsaKey == NULL) {
+			      printf("convertCertificatePubKey: Could not extract RSA public key "
+				     "from X509 certificate\n");
+			      rc = TPM_RC_INTEGRITY;
+			  }
+		      }
+		      if (rc == 0) {
+			  rc = convertRsaKeyToPublicKeyBin(modulusBytes,
+							   modulusBin,	/* freed by caller */
+							   rsaKey);
+		      }
+		      if (rc == 0) {
+			  if (print) TSS_PrintAll("Certificate public key:",
+						  *modulusBin, *modulusBytes);
+		      }    
+		      RSA_free(rsaKey);   		/* @3 */
+		  }
+		  break;
+#endif /* TPM_TSS_NORSA */
+#ifndef TPM_TSS_NOECC
+	      case EK_CERT_EC_INDEX:
+		  {
+		      EC_KEY *ecKey = NULL;
+		      /* check that the public key algorithm matches the ekCertIndex algorithm */
+		      if (rc == 0) {
+			  if (pkeyType != EVP_PKEY_EC) {
+			      printf("convertCertificatePubKey: "
+				     "Public key from X509 certificate is not EC\n");
+			      rc = TPM_RC_INTEGRITY;
+			  }
+		      }
+		      /* convert the public key to OpenSSL structure */
+		      if (rc == 0) {
+			  ecKey = EVP_PKEY_get1_EC_KEY(pkey);		/* freed @3 */
+			  if (ecKey == NULL) {
+			      printf("convertCertificatePubKey: Could not extract EC public key "
+				     "from X509 certificate\n");
+			      rc = TPM_RC_INTEGRITY;
+			  }
+		      }
+		      if (rc == 0) {
+			  rc = convertEcKeyToPublicKeyBin(modulusBytes,
+							  modulusBin,	/* freed by caller */
+							  ecKey);
+		      }
+		      if (rc == 0) {
+			  if (print) TSS_PrintAll("Certificate public key:",
+						  *modulusBin, *modulusBytes);
+		      }
+		      EC_KEY_free(ecKey);   		/* @3 */
+		  }
+		  break;
+#endif	/* TPM_TSS_NOECC */
+	      default:
+		printf("convertCertificatePubKey: "
+		       "ekCertIndex %08x (asymmetric algorithm) not supported\n", ekCertIndex);
+		rc = TPM_RC_INTEGRITY;
+		break;
+	    }
+	}
+	EVP_PKEY_free(pkey);   		/* @2 */
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NORSA
+
+TPM_RC convertCertificatePubKey12(uint8_t **modulusBin,	/* freed by caller */
+				  int *modulusBytes,
+				  X509 *ekCertificate)
+{
+    TPM_RC		rc = 0;
+    int			irc;
+    X509_PUBKEY 	*pubkey = NULL;
+    ASN1_OBJECT 	*ppkalg = NULL;			/* ignore OID */
+    const unsigned char *pk = NULL;			/* do not free */
+    int 		ppklen;
+    X509_ALGOR 		*palg = NULL;			/* algorithm identifier for public key */
+    RSA 		*rsaKey = NULL;
+
+    /* get internal pointer to the public key in the certificate */
+    if (rc == 0) {
+	pubkey = X509_get_X509_PUBKEY(ekCertificate);	/* do not free */
+	if (pubkey == NULL) {
+	    printf("convertCertificatePubKey12: Could not extract X509_PUBKEY public key "
+		   "from X509 certificate\n");
+	    rc = TPM_RC_INTEGRITY;
+	}
+    }
+    /* get the public key parameters, as a byte stream pk */
+    if (rc == 0) {
+	irc = X509_PUBKEY_get0_param(&ppkalg,
+				     &pk, &ppklen,	/* internal, don't free */
+				     &palg, pubkey);
+	if (irc != 1) {
+	    printf("convertCertificatePubKey12: Could not extract public key parameters "
+		   "from X509 certificate\n");
+	    rc = TPM_RC_INTEGRITY;
+	}
+    }
+    if (rc == 0) {
+	const unsigned char *tmppk = pk;	/* because d2i moves the pointer */
+	rsaKey = d2i_RSAPublicKey(NULL, &tmppk, ppklen);	/* freed @1 */
+	if (rsaKey == NULL) {
+	    printf("convertCertificatePubKey12: Could not convert to RSA structure\n");
+	    rc = TPM_RC_INTEGRITY;
+	}
+    }
+    if (rc == 0) {
+	rc = convertRsaKeyToPublicKeyBin(modulusBytes,
+					 modulusBin,	/* freed by caller */
+					 rsaKey);
+	TSS_PrintAll("convertCertificatePubKey12", *modulusBin, *modulusBytes);
+    }
+    if (rsaKey != NULL) {
+	RSA_free(rsaKey);		/* @1 */
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+
+#ifndef TPM_TSS_NOFILE		/* stdout is a file descriptor */
+
+TPM_RC convertX509PemToDer(uint32_t *certLength,
+			    unsigned char **certificate,	/* output, freed by caller */
+			    const char *pemCertificateFilename)
+{
+    TPM_RC rc = 0;
+    X509 	*x509Certificate = NULL;
+
+    if (rc == 0) {
+	rc = convertPemToX509(&x509Certificate,		/* freed @1 */
+			      pemCertificateFilename);
+    }
+    if (rc == 0) {
+	rc = convertX509ToDer(certLength,
+			      certificate,		/* output, freed by caller */
+			      x509Certificate);		/* input */
+    }
+    if (x509Certificate != NULL) {
+	X509_free(x509Certificate);	/* @1 */
+    }
+    return rc;
+}
+
+#endif
+
+#ifndef TPM_TSS_NOFILE
+
+/* convertPemToX509() reads a PEM file and converts it to an OpenSSL X509 structure
+
+ */
+
+uint32_t convertPemToX509(X509 **x509,				/* freed by caller */
+			  const char *pemCertificateFilename)
+{
+    uint32_t 	rc = 0;
+    int		irc;
+    FILE 	*pemCertificateFile = NULL;
+
+    if (tssUtilsVerbose) printf("convertPemToX509: Reading PEM certificate file %s\n",
+			pemCertificateFilename);
+    if (rc == 0) {
+	pemCertificateFile = fopen(pemCertificateFilename, "r");
+	if (pemCertificateFile == NULL) {
+	    printf("convertPemToX509: Cannot open PEM file %s\n", pemCertificateFilename);
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    /* convert the platform certificate from PEM to DER */
+    if (rc == 0) {
+	*x509 = PEM_read_X509(pemCertificateFile , NULL, NULL, NULL);	/* freed @1 */
+	if (*x509 == NULL) {
+	    printf("convertPemToX509: Cannot parse PEM certificate file %s\n",
+		   pemCertificateFilename);
+	    rc = TSS_RC_FILE_READ;
+	}
+    }
+    /* for debug */
+    if ((rc == 0) && tssUtilsVerbose) {
+	irc = X509_print_fp(stdout, *x509);
+	if (irc != 1) {
+	    printf("ERROR: convertPemToX509: Error in certificate print X509_print_fp()\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (pemCertificateFile != NULL) {
+	fclose(pemCertificateFile);		/* @1 */
+    }
+    return rc;
+}
+
+#endif
+
+/* convertDerToX509() converts a DER stream to an OpenSSL X509 structure
+
+   The return is void because the structure is opaque to the caller.  This accomodates other crypto
+   libraries.
+*/
+
+uint32_t convertDerToX509(void **x509Certificate,			/* freed by caller */
+			  uint16_t readLength,
+			  const unsigned char *readBuffer)
+{
+    uint32_t 	rc = 0;
+    *x509Certificate = d2i_X509(NULL,					/* freed by caller */
+				&readBuffer, readLength);
+    if (*x509Certificate == NULL) {
+	printf("convertDerToX509: Could not parse X509 certificate\n");
+	rc = TSS_RC_X509_ERROR;
+    }
+    return rc;
+}
+
+/* x509FreeStructure() is the library specific free structure.
+
+   The parameter is void because the structure is opaque to the caller.  This accomodates other
+   crypto libraries.
+*/
+
+void x509FreeStructure(void *x509)
+{
+    if (x509 != NULL) {
+	X509_free(x509);
+    }
+    return;
+}
+
+/* x509PrintStructure() prints the structure to stdout
+
+   The parameter is void because the structure is opaque to the caller.  This accomodates other
+   crypto libraries.
+*/
+
+void x509PrintStructure(void *x509)
+{
+    X509_print_fp(stdout, x509);
+    return;
+}
+
+/* convertPemMemToX509() converts an in-memory PEM format X509 certificate to an openssl X509
+   structure.
+
+*/
+
+uint32_t convertPemMemToX509(X509 **x509,		/* freed by caller */
+			     const char *pemCertificate)
+{
+    uint32_t rc = 0;
+    BIO *bio = NULL;
+    int pemLength;
+    int writeLen = 0;
+
+    if (tssUtilsVerbose) printf("convertPemMemToX509: pemCertificate\n%s\n", pemCertificate);  
+    /* create a BIO that uses an in-memory buffer */
+    if (rc == 0) {
+	bio = BIO_new(BIO_s_mem());		/* freed @1 */
+	if (bio == NULL) {
+	    printf("convertPemMemToX509: BIO_new failed\n");  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* write the PEM from memory to BIO */
+    if (rc == 0) {
+	pemLength = strlen(pemCertificate);
+	writeLen = BIO_write(bio, pemCertificate, pemLength);
+	if (writeLen != pemLength) {
+	    printf("convertPemMemToX509: BIO_write failed\n");  
+	    rc = TPM_RC_INTEGRITY;
+	}
+    }
+    /* convert the properly formatted PEM to X509 structure */
+    if (rc == 0) {
+	*x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+	if (*x509 == NULL) {
+	    printf("convertPemMemToX509: PEM_read_bio_X509 failed\n");
+	    rc = TPM_RC_INTEGRITY;
+	}
+    }
+    /* for debug */
+#ifndef TPM_TSS_NOFILE		/* stdout is a file descriptor */
+    if (rc == 0) {
+	if (tssUtilsVerbose) X509_print_fp(stdout, *x509);
+    }
+#endif
+    if (bio != NULL) {
+	BIO_free(bio);			/* @1 */
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOFILE
+
+/* convertX509ToPem() writes an OpenSSL X509 structure to a PEM format file
+
+   The return is void because the structure is opaque to the caller.  This accomodates other crypto
+   libraries.
+ 
+   For OpenSSL, the type is X509*
+*/
+
+TPM_RC convertX509ToPem(const char *pemFilename,
+			void *x509)
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    FILE 	*pemFile = NULL;
+
+    if (tssUtilsVerbose) printf("convertX509ToPem: Writing PEM certificate file %s\n",
+			pemFilename);
+    if (rc == 0) {
+	pemFile = fopen(pemFilename, "w");	/* close @1 */
+	if (pemFile == NULL) {
+	    printf("convertX509ToPem: Cannot open PEM file %s\n", pemFilename);
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    if (rc == 0) {
+	irc = PEM_write_X509(pemFile, x509);
+	if (irc == 0) {
+	    printf("convertX509ToPem: Unable to write PEM file %s\n", pemFilename);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    if (pemFile != NULL) {
+	fclose(pemFile);	/* @1 */
+    }
+    return rc;
+}
+
+#endif
+
+/* convertX509ToPemMem() converts an OpenSSL X509 structure to PEM format in memory */
+
+TPM_RC convertX509ToPemMem(char **pemString,	/* freed by caller */
+			   X509 *x509)
+{
+    TPM_RC 		rc = 0;		/* general return code */
+    int			irc;
+    char 		*data = NULL;
+    long 		length;
+    
+    /* create a BIO that uses an in-memory buffer */
+    BIO *bio = NULL;
+    if (rc == 0) {
+	bio = BIO_new(BIO_s_mem());		/* freed @1 */
+	if (bio == NULL) {
+	    printf("convertX509ToPemMem: BIO_new failed\n");  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* convert X509 to PEM and write the PEM to memory */
+    if (rc == 0) {
+	irc = PEM_write_bio_X509(bio, x509);
+	if (irc != 1) {
+	    printf("convertX509ToPemMem: PEM_write_bio_X509 failed\n");
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    if (rc == 0) {
+	length = BIO_get_mem_data(bio, &data);
+	*pemString = malloc(length+1);
+	if (*pemString == NULL) {
+	    printf("ERROR: convertX509ToPemMem: Cannot malloc %lu\n", length);  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+	else {
+	    (*pemString)[length] = '\0';
+	}
+    }
+    if (rc == 0) {
+	irc = BIO_read(bio, *pemString, length);
+ 	if (irc <= 0) {
+	    printf("ERROR: convertX509ToPemMem: BIO_read failed\n");
+	    rc = TSS_RC_FILE_READ;
+	}
+    }
+    if (bio != NULL) {
+	BIO_free(bio);			/* @1 */
+    }
+    return rc;
+}
+
+/* convertX509ToString() converts an OpenSSL X509 structure to a human readable string */
+
+TPM_RC convertX509ToString(char **x509String,	/* freed by caller */
+			     X509 *x509)
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    char 	*data = NULL;
+    long 	length;
+
+    /* create a BIO that uses an in-memory buffer */
+    BIO *bio = NULL;
+    if (rc == 0) {
+	bio = BIO_new(BIO_s_mem());		/* freed @1 */
+	if (bio == NULL) {
+	    printf("convertX509ToString: BIO_new failed\n");  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* write the string to memory */
+    if (rc == 0) {
+	irc = X509_print(bio, x509);
+	if (irc != 1) {
+	    printf("convertX509ToString X509_print failed\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	length = BIO_get_mem_data(bio, &data);
+	*x509String = malloc(length+1);
+	if (*x509String == NULL) {
+	    printf("convertX509ToString: Cannot malloc %lu\n", length);  
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+	else {
+	    (*x509String)[length] = '\0';
+	}
+    }
+    if (rc == 0) {
+	irc = BIO_read(bio, *x509String, length);
+ 	if (irc <= 0) {
+	    printf("convertX509ToString BIO_read failed\n");
+	    rc = TSS_RC_FILE_READ;
+	}
+    }
+    if (bio != NULL) {
+	BIO_free(bio);			/* @1 */
+    }
+    return rc;
+}
+
+/*
+  Certificate Creation
+*/
+
+/* These are the names inserted into the certificates.  If changed, the entries also change.  At run
+   time, the mapping from key to nid is done once and used repeatedly.  */
+    
+CertificateName certificateName[] = {
+    { "countryName",			NID_undef},	/* 0 */
+    { "stateOrProvinceName",		NID_undef},	/* 1 */
+    { "localityName",			NID_undef},	/* 2 */
+    { "organizationName",		NID_undef},	/* 3 */
+    { "organizationalUnitName",		NID_undef},	/* 4 */
+    { "commonName",			NID_undef},	/* 5 */
+    { "emailAddress",			NID_undef},	/* 6 */
+};
+
+TPM_RC calculateNid(void)
+{
+    TPM_RC rc = 0;
+    size_t 	i;
+
+    for (i=0 ; (i < sizeof(certificateName)/sizeof(CertificateName)) && (rc == 0) ; i++) {
+	certificateName[i].nid = OBJ_txt2nid(certificateName[i].key);	/* look up the NID for the
+									   field */
+	if (certificateName[i].nid == NID_undef) {
+	    printf("calculateNid: Error finding nid for %s\n", certificateName[i].key);
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    return rc;
+}
+
+/* createCertificate() constructs a certificate from the issuer and subject.  The public key to be
+   certified is tpmtPublic.
+
+   It signs the certificate using the CA key in caKeyFileName protected by the password
+   caKeyPassword.  The CA signing key algorithm caKeyAlg is RSA or ECC.
+
+   The certificate is returned as a DER encoded array 'certificate', a PEM string, and a formatted
+   string.
+
+*/
+
+TPM_RC createCertificate(char **x509CertString,		/* freed by caller */
+			 char **pemCertString,		/* freed by caller */
+			 uint32_t *certLength,		/* output, certificate length */
+			 unsigned char **certificate,	/* output, freed by caller */
+			 TPMT_PUBLIC *tpmtPublic,	/* key to be certified */	
+			 const char *caKeyFileName,
+			 size_t issuerEntriesSize,
+			 char **issuerEntries,
+			 size_t subjectEntriesSize,
+			 char **subjectEntries,
+			 const char *caKeyPassword)
+{
+    TPM_RC 		rc = 0;
+    X509 		*x509Certificate = NULL;
+    uint16_t 		publicKeyLength;
+    const unsigned char *publicKey = NULL;
+    
+    /* allocate memory for the X509 structure */
+    if (rc == 0) {
+	x509Certificate = X509_new();		/* freed @2 */
+	if (x509Certificate == NULL) {
+	    printf("createCertificate: Error in X509_new\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* hash unique field to create serial number */
+    if (rc == 0) {
+	if (tpmtPublic->type == TPM_ALG_RSA) {
+	    publicKeyLength = tpmtPublic->unique.rsa.t.size;
+	    publicKey = tpmtPublic->unique.rsa.t.buffer;
+	}
+	else if (tpmtPublic->type == TPM_ALG_ECC) {
+	    publicKeyLength = tpmtPublic->unique.ecc.x.t.size;
+	    publicKey = tpmtPublic->unique.ecc.x.t.buffer;
+	}
+	else {
+	    printf("createCertificate: public key algorithm %04x not supported\n",
+		   tpmtPublic->type);
+	    rc = TSS_RC_BAD_SIGNATURE_ALGORITHM;
+	}
+    }    
+    /* fill in basic X509 information - version, serial, validity, issuer, subject */
+    if (rc == 0) {
+	rc = startCertificate(x509Certificate,
+			      publicKeyLength, publicKey,
+			      issuerEntriesSize, issuerEntries,
+			      subjectEntriesSize, subjectEntries);
+    }
+    /* If the EK has the decrypt attribute set, the keyEncipherment bit MUST be set for an RSA EK
+       certificate; the keyAgreement bit MUST be set for an ECC EK certificate. */
+    if (rc == 0) {
+	if (tpmtPublic->type == TPM_ALG_RSA) {
+	    rc = addCertExtension(x509Certificate, NID_key_usage, "critical,keyEncipherment");
+	}
+	if (tpmtPublic->type == TPM_ALG_ECC) {
+	    rc = addCertExtension(x509Certificate, NID_key_usage, "critical,keyAgreement");
+	}
+    }
+    /* add the TPM public key to be certified */
+    if (rc == 0) {
+	switch (tpmtPublic->type) {
+#ifndef TPM_TSS_NORSA
+	  case TPM_ALG_RSA:
+	    rc = addCertKeyRsa(x509Certificate, &tpmtPublic->unique.rsa);
+	    break;
+#endif /* TPM_TSS_NORSA */
+#ifndef TPM_TSS_NOECC
+	  case TPM_ALG_ECC:
+	    rc = addCertKeyEcc(x509Certificate, &tpmtPublic->unique.ecc);
+	    break;
+#endif	/* TPM_TSS_NOECC */
+	  default:
+	    printf("createCertificate: public key algorithm %04x not supported\n",
+		   tpmtPublic->type);
+	    rc = TSS_RC_BAD_SIGNATURE_ALGORITHM;
+	}
+    }
+    /* sign the certificate with the root CA key */
+    if (rc == 0) {
+	rc = addCertSignatureRoot(x509Certificate, caKeyFileName, caKeyPassword);
+    }
+    if (rc == 0) {
+	rc = convertX509ToDer(certLength, certificate,	/* freed by caller */
+			      x509Certificate);		/* in */
+    }
+    if (rc == 0) {
+	rc = convertX509ToPemMem(pemCertString,		/* freed by caller */
+				 x509Certificate);
+    }
+    if (rc == 0) {
+	rc = convertX509ToString(x509CertString,	/* freed by caller */
+				 x509Certificate);
+    }
+    X509_free(x509Certificate);		/* @2 */
+    return rc;
+}
+
+/* Certificate duration period is hard coded to 20 years */
+
+#define CERT_DURATION (60 * 60 * 24 * ((365 * 20) + 2))		/* +2 for leap years */
+
+/* startCertificate() fills in basic X509 information, such as:
+   version
+   serial number
+   issuer
+   validity
+   subject
+*/
+
+TPM_RC startCertificate(X509 *x509Certificate,	/* X509 certificate to be generated */
+			uint16_t keyLength,
+			const unsigned char *keyBuffer,	/* key to be certified */
+			size_t issuerEntriesSize,
+			char **issuerEntries,		/* certificate issuer */
+			size_t subjectEntriesSize,
+			char **subjectEntries)		/* certificate subject */
+{
+    TPM_RC 		rc = 0;			/* general return code */
+    int			irc;			/* integer return code */
+    ASN1_TIME 		*arc;			/* return code */
+    ASN1_INTEGER 	*x509Serial;		/* certificate serial number in ASN1 */
+    BIGNUM 		*x509SerialBN;		/* certificate serial number as a BIGNUM */
+    unsigned char 	x509Serialbin[SHA1_DIGEST_SIZE]; /* certificate serial number in binary */
+    X509_NAME 		*x509IssuerName;	/* composite issuer name, key/value pairs */
+    X509_NAME 		*x509SubjectName;	/* composite subject name, key/value pairs */
+
+    x509IssuerName = NULL;	/* freed @1 */
+    x509SubjectName = NULL;	/* freed @2 */
+    x509SerialBN = NULL;	/* freed @3 */ 
+
+    /* add certificate version X509 v3 */
+    if (rc == 0) {
+	irc = X509_set_version(x509Certificate, 2L);	/* value 2 == v3 */
+	if (irc != 1) {
+	    printf("startCertificate: Error in X509_set_version\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /*
+      add certificate serial number
+    */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startCertificate: Adding certificate serial number\n");
+	/* to create a unique serial number, hash the key to be certified */
+	SHA1(keyBuffer, keyLength, x509Serialbin);
+	/* convert the SHA1 digest to a BIGNUM */
+	x509SerialBN = BN_bin2bn(x509Serialbin, SHA1_DIGEST_SIZE, x509SerialBN);
+	if (x509SerialBN == NULL) {
+	    printf("startCertificate: Error in serial number BN_bin2bn\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	/* get the serial number structure member, can't fail */
+	x509Serial = X509_get_serialNumber(x509Certificate);
+	/* convert the BIGNUM to ASN1 and add to X509 certificate */
+	x509Serial = BN_to_ASN1_INTEGER(x509SerialBN, x509Serial);
+	if (x509Serial == NULL) {
+	    printf("startCertificate: Error setting certificate serial number\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add issuer */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startCertificate: Adding certificate issuer\n");
+	rc = createX509Name(&x509IssuerName,
+			    issuerEntriesSize,
+			    issuerEntries);
+    }
+    if (rc == 0) {
+	irc = X509_set_issuer_name(x509Certificate, x509IssuerName);
+	if (irc != 1) {
+	    printf("startCertificate: Error setting certificate issuer\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add validity */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startCertificate: Adding certificate validity\n");
+    }
+    if (rc == 0) {
+	/* can't fail, just returns a structure member */
+	ASN1_TIME *notBefore = X509_get_notBefore(x509Certificate);
+	arc = X509_gmtime_adj(notBefore ,0L);			/* set to today */
+	if (arc == NULL) {
+	    printf("startCertificate: Error setting notBefore time\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	/* can't fail, just returns a structure member */
+	ASN1_TIME *notAfter = X509_get_notAfter(x509Certificate);
+	arc = X509_gmtime_adj(notAfter, CERT_DURATION);		/* set to duration */
+	if (arc == NULL) {
+	    printf("startCertificate: Error setting notAfter time\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* add subject */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startCertificate: Adding certificate subject\n");
+	rc = createX509Name(&x509SubjectName,
+			    subjectEntriesSize,
+			    subjectEntries);
+    }
+    if (rc == 0) {
+	irc = X509_set_subject_name(x509Certificate, x509SubjectName);
+	if (irc != 1) {
+	    printf("startCertificate: Error setting certificate subject\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* cleanup */
+    X509_NAME_free(x509IssuerName);		/* @1 */
+    X509_NAME_free(x509SubjectName);		/* @2 */
+    BN_free(x509SerialBN);			/* @3 */
+    return rc;
+}
+
+/* createX509Name() create an X509 name (issuer or subject) from a pointer to issuer or subject
+   entries
+
+*/
+
+TPM_RC createX509Name(X509_NAME **x509Name,
+		      size_t entriesSize,
+		      char **entries)
+{
+    TPM_RC 		rc = 0;		/* general return code */
+    int			irc;		/* integer return code */
+    size_t  		i;
+    X509_NAME_ENTRY 	*nameEntry;		/* single field of the name */
+
+    nameEntry = NULL;
+
+    /* Precalculate the openssl nids, into global table */
+    if (rc == 0) {
+	rc = calculateNid();
+    }
+    if (rc == 0) {
+	*x509Name = X509_NAME_new();
+	if (*x509Name == NULL) {
+	    printf("createX509Name: Error in X509_NAME_new()\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    for (i=0 ; (i < entriesSize) && (rc == 0) ; i++) {
+	if ((rc == 0) && (entries[i] != NULL)) {
+	    nameEntry =
+		X509_NAME_ENTRY_create_by_NID(NULL,		/* caller creates object */
+					      certificateName[i].nid,
+					      MBSTRING_ASC,	/* character encoding */
+					      (unsigned char *)entries[i],	/* to add */
+					      -1);		/* length, -1 is C string */
+
+	    if (nameEntry == NULL) {
+		printf("createX509Name: Error creating entry for %s\n",
+		       certificateName[i].key);
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	if ((rc == 0) && (entries[i] != NULL)) {
+	    irc = X509_NAME_add_entry(*x509Name,	/* add to issuer */
+				      nameEntry,	/* add the entry */
+				      -1,		/* location - append */	
+				      0);		/* set - not multivalued */
+	    if (irc != 1) {
+		printf("createX509Name: Error adding entry for %s\n",
+		       certificateName[i].key);
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	X509_NAME_ENTRY_free(nameEntry);	/* callee checks for NULL */
+	nameEntry = NULL;
+    }
+    return rc;
+}
+
+/* addCertExtension() adds the extension type 'nid' to the X509 certificate
+
+ */ 
+
+TPM_RC addCertExtension(X509 *x509Certificate, int nid, const char *value)
+{
+    TPM_RC 		rc = 0;
+    X509_EXTENSION 	*extension = NULL;	/* freed @1 */
+
+    if (rc == 0) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	/* the cast is required for the older openssl 1.0 API */
+	extension = X509V3_EXT_conf_nid(NULL, NULL,	/* freed @1 */
+					nid, (char *)value);
+#else
+	extension = X509V3_EXT_conf_nid(NULL, NULL,	/* freed @1 */
+					nid, value);
+#endif
+	if (extension == NULL) {
+	    printf("addCertExtension: Error creating nid %i extension %s\n",
+		   nid, value);
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    if (rc == 0) {
+	int irc = X509_add_ext(x509Certificate,		/* the certificate */
+			       extension,		/* the extension to add */
+			       -1);			/* location - append */
+	if (irc != 1) {
+	    printf("addCertExtension: Error adding nid %i extension %s\n",
+		   nid, value);
+	}
+    }
+    if (extension != NULL) {
+	X509_EXTENSION_free(extension);		/* @1 */
+    }
+    return rc;
+}
+ 
+#ifndef TPM_TSS_NORSA
+
+/* addCertKeyRsa() adds the TPM RSA public key (the key to be certified) to the openssl X509
+   certificate
+
+*/
+
+TPM_RC addCertKeyRsa(X509 *x509Certificate,
+		     const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa)	/* key to be certified */
+{
+    TPM_RC 		rc = 0;		/* general return code */
+    int			irc;		/* integer return code */
+    EVP_PKEY 		*evpPubkey = NULL;	/* EVP format public key to be certified */
+
+    if (tssUtilsVerbose) printf("addCertKeyRsa: add public key to certificate\n");
+    /* convert from TPM key data format to openSSL RSA type */
+    if (rc == 0) {
+	rc = convertRsaPublicToEvpPubKey(&evpPubkey,	/* freed @1 */
+					 tpm2bRsa);
+    }
+    /* add the public key to the certificate */
+    if (rc == 0) {
+	irc = X509_set_pubkey(x509Certificate, evpPubkey);
+	if (irc != 1) {
+	    printf("addCertKeyRsa: Error adding public key to certificate\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* cleanup */
+    if (evpPubkey != NULL) {
+	EVP_PKEY_free(evpPubkey);	/* @1 */
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+
+#ifndef TPM_TSS_NOECC
+
+/* addCertKeyEcc() adds the TPM ECC public key (the key to be certified) to the openssl X509
+   certificate
+
+*/
+
+TPM_RC addCertKeyEcc(X509 *x509Certificate,
+		     const TPMS_ECC_POINT *tpmsEccPoint)
+{
+    TPM_RC 		rc = 0;			/* general return code */
+    int			irc;
+    EVP_PKEY 		*evpPubkey = NULL;	/* EVP format public key to be certified */
+
+    /* convert EC TPMS_ECC_POINT to an EVP_PKEY */
+    if (rc == 0) {
+	rc = convertEcPublicToEvpPubKey(&evpPubkey,		/* freed @1 */
+					tpmsEccPoint);
+    }
+    /* add the public key to the certificate */
+    if (rc == 0) {
+	irc = X509_set_pubkey(x509Certificate, evpPubkey);
+	if (irc != 1) {
+	    printf("addCertKeyEcc: Error adding public key to certificate\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* cleanup */
+    if (evpPubkey != NULL) {
+	EVP_PKEY_free(evpPubkey);	/* @1 */
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+/* addCertSignatureRoot() uses the openSSL root key to sign the X509 certificate.
+
+   As a sanity check, it verifies the certificate.
+*/
+
+TPM_RC addCertSignatureRoot(X509 *x509Certificate,	/* certificate to be signed */
+			    const char *caKeyFileName,	/* openSSL root CA key password */
+			    const char *caKeyPassword)
+{
+    TPM_RC 		rc = 0;		/* general return code */
+    int			irc;		/* integer return code */
+    FILE 		*fp = NULL;
+    /* signing key */
+    const EVP_MD	*digest = NULL;		/* signature digest algorithm */
+    EVP_PKEY 		*evpSignkey;		/* EVP format */
+
+    evpSignkey = NULL;		/* freed @1 */
+
+    /* open the CA signing key file */
+    if (rc == 0) {
+	fp = fopen(caKeyFileName,"r");
+	if (fp == NULL) {
+	    printf("addCertSignatureRoot: Error, Cannot open %s\n", caKeyFileName);
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    /* convert the CA signing key from PEM to EVP_PKEY format */
+    if (rc == 0) {
+	evpSignkey = PEM_read_PrivateKey(fp, NULL, NULL, (void *)caKeyPassword);	
+	if (evpSignkey == NULL) {
+	    printf("addCertSignatureRoot: Error calling PEM_read_PrivateKey() from %s\n",
+		   caKeyFileName);
+	    rc = TSS_RC_FILE_READ;
+	}
+    }
+    /* close the CA signing key file */
+    if (fp != NULL) { 
+	fclose(fp);
+    }
+    /* set the certificate signature digest algorithm */
+    if (rc == 0) {
+	digest = EVP_sha256();	/* no error return */
+    }
+    /* sign the certificate with the root CA signing key */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("addCertSignatureRoot: Signing the certificate\n");
+	irc = X509_sign(x509Certificate, evpSignkey, digest);
+	if (irc == 0) {	/* returns signature size, 0 on error */
+	    printf("addCertSignature: Error signing certificate\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* verify the signature */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("addCertSignatureRoot: Verifying the certificate\n");
+	irc = X509_verify(x509Certificate, evpSignkey);
+	if (irc != 1) {
+	    printf("addCertSignatureRoot: Error verifying certificate\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+    }
+    /* cleanup */
+    if (evpSignkey != NULL) {
+	EVP_PKEY_free(evpSignkey);	/* @1 */
+    }
+    return rc;
+}
+
+#ifdef TPM_TPM20
+
+/* processRoot() validates the certificate at ekCertIndex against the root CA certificates at
+   rootFilename.
+ */
+
+#ifndef TPM_TSS_NOFILE
+
+TPM_RC processRoot(TSS_CONTEXT *tssContext,
+		   TPMI_RH_NV_INDEX ekCertIndex,
+		   const char *rootFilename[],
+		   unsigned int rootFileCount,
+		   int print)
+{
+    TPM_RC	rc = 0;
+    void	*ekCertificate = NULL;		/* freed @1 */
+
+    /* read the EK X509 certificate from NV */
+    if (rc == 0) {
+	rc = getIndexX509Certificate(tssContext,
+				     &ekCertificate,	/* freed @1 */
+				     ekCertIndex);
+	if (rc != 0) {
+	    printf("processRoot: No EK certificate\n");  
+	}
+    }
+    if (rc == 0) {
+	rc = verifyCertificate(ekCertificate,
+			       rootFilename,
+			       rootFileCount,
+			       print);
+	if (rc != 0) {
+	    printf("processRoot: EK certificate did not verify\n");
+	}
+    }
+    if (ekCertificate != NULL) {
+	X509_free(ekCertificate);   	/* @1 */
+    }
+    return rc;
+}
+
+#endif
+
+/* processCreatePrimary() combines the EK nonce and EK template from NV to form the
+   createprimary input.  It creates the primary key.
+
+   ekCertIndex determines whether an RSA or ECC key is created.
+   
+   If nonce is NULL, the default IWG templates are used.  If nonce is non-NULL, the nonce and
+   tpmtPublicIn are used.
+
+   After returning the TPMT_PUBLIC, flushes the primary key unless noFlush is TRUE.  If noFlush is
+   FALSE, returns the loaded handle, else returns TPM_RH_NULL.
+*/
+
+TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext,
+			    TPM_HANDLE *keyHandle,		/* primary key handle */
+			    TPMI_RH_NV_INDEX ekCertIndex,
+			    unsigned char *nonce,
+			    uint16_t nonceSize,
+			    TPMT_PUBLIC *tpmtPublicIn,		/* template */
+			    TPMT_PUBLIC *tpmtPublicOut,		/* primary key */
+			    unsigned int noFlush,	/* TRUE - don't flush the primary key */
+			    int print)
+{
+    TPM_RC			rc = 0;
+    CreatePrimary_In 		inCreatePrimary;
+    CreatePrimary_Out 		outCreatePrimary;
+
+    /* sanity check nonce size (should never happen on HW TPM) */
+    if ((rc == 0) && (nonce != NULL)) {
+	if (ekCertIndex == EK_CERT_RSA_INDEX) {			/* RSA primary key */
+	    if (nonceSize > 256) {
+		printf("processCreatePrimary: RSA NV nonce size %u > 256\n", nonceSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	else {							/* EC primary key */
+	    if (nonceSize > 32) {
+		printf("processCreatePrimary: EC NV nonce size %u > 32\n", nonceSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }    
+    /* set up the createprimary in parameters */
+    if (rc == 0) {
+	inCreatePrimary.primaryHandle = TPM_RH_ENDORSEMENT;
+	inCreatePrimary.inSensitive.sensitive.userAuth.t.size = 0;
+	inCreatePrimary.inSensitive.sensitive.data.t.size = 0;
+	/* creation data */
+	inCreatePrimary.outsideInfo.t.size = 0;
+	inCreatePrimary.creationPCR.count = 0;
+    }
+    /* construct the template from the NV template and nonce */
+    if ((rc == 0) && (nonce != NULL)) {
+	inCreatePrimary.inPublic.publicArea = *tpmtPublicIn;
+	if (ekCertIndex == EK_CERT_RSA_INDEX) {			/* RSA primary key */
+	    /* unique field is 256 bytes */
+	    inCreatePrimary.inPublic.publicArea.unique.rsa.t.size = 256;
+	    /* first part is nonce */
+	    memcpy(inCreatePrimary.inPublic.publicArea.unique.rsa.t.buffer, nonce, nonceSize);
+	    /* padded with zeros */
+	    memset(inCreatePrimary.inPublic.publicArea.unique.rsa.t.buffer + nonceSize, 0,
+		   256 - nonceSize);
+	}
+	else {							/* EC primary key */
+	    /* unique field is X and Y points */
+	    /* X gets nonce and pad */
+	    inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.size = 32;
+	    memcpy(inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.buffer, nonce, nonceSize);
+	    memset(inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.buffer + nonceSize, 0,
+		   32 - nonceSize);
+	    /* Y gets zeros */
+	    inCreatePrimary.inPublic.publicArea.unique.ecc.y.t.size = 32;
+	    memset(inCreatePrimary.inPublic.publicArea.unique.ecc.y.t.buffer, 0, 32);
+	}
+    }
+    /* construct the template from the default IWG template */
+    if ((rc == 0) && (nonce == NULL)) {
+	if (ekCertIndex == EK_CERT_RSA_INDEX) {			/* RSA primary key */
+	    getRsaTemplate(&inCreatePrimary.inPublic.publicArea);
+	}
+	else {							/* EC primary key */
+	    getEccTemplate(&inCreatePrimary.inPublic.publicArea);
+	}
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&outCreatePrimary,
+			 (COMMAND_PARAMETERS *)&inCreatePrimary,
+			 NULL,
+			 TPM_CC_CreatePrimary,
+			 TPM_RS_PW, NULL, 0,
+			 TPM_RH_NULL, NULL, 0);
+	if (rc != 0) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("createprimary: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	}
+    }
+    /* return the primary key */
+    if (rc == 0) {
+	*tpmtPublicOut = outCreatePrimary.outPublic.publicArea;
+    }
+    /* flush the primary key */
+    if (rc == 0) {
+	if (!noFlush) {		/* flush the primary key */
+	    FlushContext_In 		inFlushContext;
+	    *keyHandle = TPM_RH_NULL;	    
+	    inFlushContext.flushHandle = outCreatePrimary.objectHandle;
+	    rc = TSS_Execute(tssContext,
+			     NULL, 
+			     (COMMAND_PARAMETERS *)&inFlushContext,
+			     NULL,
+			     TPM_CC_FlushContext,
+			     TPM_RH_NULL, NULL, 0);
+	    if (rc != 0) {
+		const char *msg;
+		const char *submsg;
+		const char *num;
+		printf("flushcontext: failed, rc %08x\n", rc);
+		TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+		printf("%s%s%s\n", msg, submsg, num);
+	    }
+	}
+	else {	/* not flushed, return the handle */
+	    *keyHandle = outCreatePrimary.objectHandle;
+	}
+    }	    
+    /* trace the public key */
+    if (rc == 0) {
+	if (ekCertIndex == EK_CERT_RSA_INDEX) {
+	    if (print) TSS_PrintAll("createprimary: RSA public key",
+				    outCreatePrimary.outPublic.publicArea.unique.rsa.t.buffer,
+				    outCreatePrimary.outPublic.publicArea.unique.rsa.t.size);
+	}
+	else {
+	    if (print) TSS_PrintAll("createprimary: ECC public key x",
+				    outCreatePrimary.outPublic.publicArea.unique.ecc.x.t.buffer,
+				    outCreatePrimary.outPublic.publicArea.unique.ecc.x.t.size);
+	    if (print) TSS_PrintAll("createprimary: ECC public key y",
+				    outCreatePrimary.outPublic.publicArea.unique.ecc.y.t.buffer,
+				    outCreatePrimary.outPublic.publicArea.unique.ecc.y.t.size);
+	}
+    }
+    return rc;
+}
+
+/* processValidatePrimary() compares the public key in the EK certificate to the public key output
+   of createprimary.  */
+
+TPM_RC processValidatePrimary(uint8_t *publicKeyBin,		/* from certificate */
+			      int publicKeyBytes,
+			      TPMT_PUBLIC *tpmtPublic,		/* primary key */
+			      TPMI_RH_NV_INDEX ekCertIndex,
+			      int print)
+{
+    TPM_RC			rc = 0;
+
+    print = print;
+    /* compare the X509 certificate public key to the createprimary public key */
+    switch (ekCertIndex) {
+#ifndef TPM_TSS_NORSA
+      case EK_CERT_RSA_INDEX:
+	  {
+	      int irc;
+	      /* RSA just has a public modulus */
+	      if (rc == 0) {
+		  if (tpmtPublic->unique.rsa.t.size != publicKeyBytes) {
+		      printf("processValidatePrimary: "
+			     "X509 certificate key length %u does not match output of createprimary %u\n",
+			     publicKeyBytes,
+			     tpmtPublic->unique.rsa.t.size);
+		      rc = TPM_RC_INTEGRITY;
+		  }
+	      }
+	      if (rc == 0) {
+		  irc = memcmp(publicKeyBin,
+			       tpmtPublic->unique.rsa.t.buffer,
+			       publicKeyBytes);
+		  if (irc != 0) {
+		      printf("processValidatePrimary: "
+			     "Public key from X509 certificate does not match output of createprimary\n");
+		      rc = TPM_RC_INTEGRITY;
+		  }
+	      }
+	  }
+	  break;
+#endif /* TPM_TSS_NORSA */
+#ifndef TPM_TSS_NOECC
+      case EK_CERT_EC_INDEX:
+	  {
+	      int irc;
+	      /* ECC has X and Y points */
+	      /* compression algorithm is the extra byte at the beginning of the certificate */
+	      if (rc == 0) {
+		  if (tpmtPublic->unique.ecc.x.t.size +
+		      tpmtPublic->unique.ecc.y.t.size + 1
+		      != publicKeyBytes) {
+		      printf("processValidatePrimary: "
+			     "X509 certificate key length %u does not match "
+			     "output of createprimary x %u +y %u\n",
+			     publicKeyBytes,
+			     tpmtPublic->unique.ecc.x.t.size,
+			     tpmtPublic->unique.ecc.y.t.size);
+		      rc = TPM_RC_INTEGRITY;
+		  }
+	      }
+	      /* check X */
+	      if (rc == 0) {
+		  irc = memcmp(publicKeyBin +1,
+			       tpmtPublic->unique.ecc.x.t.buffer,
+			       tpmtPublic->unique.ecc.x.t.size);
+		  if (irc != 0) {
+		      printf("processValidatePrimary: "
+			     "Public key X from X509 certificate does not match "
+			     "output of createprimary\n");
+		      rc = TPM_RC_INTEGRITY;
+		  }
+	      }
+	      /* check Y */
+	      if (rc == 0) {
+		  irc = memcmp(publicKeyBin + 1 + tpmtPublic->unique.ecc.x.t.size,
+			       tpmtPublic->unique.ecc.y.t.buffer,
+			       tpmtPublic->unique.ecc.y.t.size);
+		  if (irc != 0) {
+		      printf("processValidatePrimary: "
+			     "Public key Y from X509 certificate does not match "
+			     "output of createprimary\n");
+		      rc = TPM_RC_INTEGRITY;
+		  }
+	      }	
+	  }
+	  break;
+#endif /* TPM_TSS_NOECC */
+      default:
+	printf("processValidatePrimary: "
+	       "ekCertIndex %08x (asymmetric algorithm) not supported\n", ekCertIndex);
+	rc = TPM_RC_INTEGRITY;
+	break;
+    }
+    if (rc == 0) {
+	if (print) printf("processValidatePrimary: "
+			  "Public key from X509 certificate matches output of createprimary\n");
+    }
+    return rc;
+}
+
+/* processPrimary() reads the EK nonce and EK template from NV.  It combines them to form the
+   createprimary input.  It creates the primary key.
+
+   It reads the EK certificate from NV.  It extracts the public key.
+
+   Finally, it compares the public key in the certificate to the public key output of createprimary.
+*/
+
+TPM_RC processPrimary(TSS_CONTEXT *tssContext,
+		      TPM_HANDLE *keyHandle,		/* primary key handle */
+		      TPMI_RH_NV_INDEX ekCertIndex,
+		      TPMI_RH_NV_INDEX ekNonceIndex, 
+		      TPMI_RH_NV_INDEX ekTemplateIndex,
+		      unsigned int noFlush,		/* TRUE - don't flush the primary key */
+		      int print)
+{
+    TPM_RC			rc = 0;
+    void 			*ekCertificate = NULL;
+    unsigned char 		*nonce = NULL;
+    uint16_t 			nonceSize;
+    TPMT_PUBLIC 		tpmtPublicIn;		/* template */
+    TPMT_PUBLIC 		tpmtPublicOut;		/* primary key */
+    uint8_t 			*publicKeyBin = NULL;	/* from certificate */
+    int				publicKeyBytes;
+    int 			validate = FALSE;	/* validate the certificate */
+
+    /* get the EK nonce */
+    if (rc == 0) {
+	rc = processEKNonce(tssContext, &nonce, &nonceSize, ekNonceIndex, print); /* freed @1 */
+	if ((rc & 0xff) == TPM_RC_HANDLE) {
+	    if (print) printf("processPrimary: EK nonce not found, use default template\n");
+	    rc = 0;
+	}
+    }
+    if (rc == 0) {
+	/* if the nonce was found, get the EK template */
+	if (nonce != NULL) {
+	    rc = processEKTemplate(tssContext, &tpmtPublicIn, ekTemplateIndex, print);
+	}
+    }
+    /* create the primary key */
+    if (rc == 0) {
+	rc = processCreatePrimary(tssContext,
+				  keyHandle,
+				  ekCertIndex,
+				  nonce, nonceSize,		/* EK nonce, can be NULL */
+				  &tpmtPublicIn,		/* template */
+				  &tpmtPublicOut,		/* primary key */
+				  noFlush,
+				  print);
+    }
+    /* validate against the certificate if the algorithm is compiled in */
+    if (rc == 0) {
+#ifndef TPM_TSS_NORSA
+	if (ekCertIndex == EK_CERT_RSA_INDEX) {
+	    validate = TRUE;
+	}
+#endif /* TPM_TSS_NORSA */
+#ifndef TPM_TSS_NOECC
+	if (ekCertIndex == EK_CERT_EC_INDEX) {
+	    validate = TRUE;
+	}
+#endif	/* TPM_TSS_NOECC */
+    }
+    /* get the EK certificate */
+    if ((rc == 0) && validate) {
+	rc = processEKCertificate(tssContext,
+				  &ekCertificate,			/* freed @2 */
+				  &publicKeyBin, &publicKeyBytes,	/* freed @3 */
+				  ekCertIndex,
+				  print);
+    }
+    /* compare the public key in the EK certificate to the public key output */
+    if ((rc == 0) && validate) {
+	rc = processValidatePrimary(publicKeyBin,	/* certificate */
+				    publicKeyBytes,
+				    &tpmtPublicOut,	/* primary key */
+				    ekCertIndex,
+				    print);
+    }
+    if ((rc == 0) && validate) {
+	if (print) printf("Public key from X509 certificate matches output of createprimary\n");
+    } 
+    free(nonce);			/* @1 */
+    if (ekCertificate != NULL) {
+	X509_free(ekCertificate);   	/* @2 */
+    }
+    free(publicKeyBin);			/* @3 */
+    return rc;
+}
+
+#endif	/* TPM20 */
+
diff --git a/utils/ekutils.h b/utils/ekutils.h
new file mode 100644
index 000000000..bffde5371
--- /dev/null
+++ b/utils/ekutils.h
@@ -0,0 +1,258 @@
+/********************************************************************************/
+/*										*/
+/*			IWG EK Index Parsing Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef EKUTILS_H
+#define EKUTILS_H
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#ifndef TPM_TSS_NO_OPENSSL
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#endif	/* TPM_TSS_NO_OPENSSL */
+
+#include <ibmtss/tss.h>
+
+/* legacy TCG IWG NV indexes */
+
+#define EK_CERT_RSA_INDEX 	0x01c00002
+#define EK_NONCE_RSA_INDEX 	0x01c00003 
+#define EK_TEMPLATE_RSA_INDEX 	0x01c00004
+
+#define EK_CERT_EC_INDEX 	0x01c0000a
+#define EK_NONCE_EC_INDEX 	0x01c0000b
+#define EK_TEMPLATE_EC_INDEX 	0x01c0000c
+
+#define MAX_ROOTS		100	/* 100 should be more than enough */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /*
+      crypto library independent functions
+    */
+    
+    TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext,
+			   uint32_t *nvBufferMax);
+    TPM_RC getIndexSize(TSS_CONTEXT *tssContext,
+			uint16_t *dataSize,
+			TPMI_RH_NV_INDEX nvIndex);
+    TPM_RC getIndexData(TSS_CONTEXT *tssContext,
+			unsigned char **buffer,
+			TPMI_RH_NV_INDEX nvIndex,
+			uint16_t dataSize);
+    TPM_RC getIndexContents(TSS_CONTEXT *tssContext,
+			    unsigned char **buffer,
+			    uint16_t *bufferSize,
+			    TPMI_RH_NV_INDEX nvIndex);
+    void getRsaTemplate(TPMT_PUBLIC *tpmtPublic);
+    void getEccTemplate(TPMT_PUBLIC *tpmtPublic);
+    TPM_RC getRootCertificateFilenames(char *rootFilename[],
+				       unsigned int *rootFileCount,
+				       const char *listFilename,
+				       int print);
+    TPM_RC processEKNonce(TSS_CONTEXT *tssContext,
+			  unsigned char **nonce,
+			  uint16_t *nonceSize,
+			  TPMI_RH_NV_INDEX ekNonceIndex,
+			  int print);
+    TPM_RC processEKTemplate(TSS_CONTEXT *tssContext,
+			     TPMT_PUBLIC *tpmtPublic,
+			     TPMI_RH_NV_INDEX ekTemplateIndex,
+			     int print);
+    TPM_RC convertDerToX509(void **x509Certificate,
+			    uint16_t readLength,
+			    const unsigned char *readBuffer);
+    TPM_RC convertX509PemToDer(uint32_t *certLength,
+				unsigned char **certificate,
+				const char *pemCertificateFilename);
+    TPM_RC convertX509ToPem(const char *pemFilename,
+			    void *x509);
+    void x509FreeStructure(void *x509);
+    void x509PrintStructure(void *x509);
+    TPM_RC processEKCertificate(TSS_CONTEXT *tssContext,
+				void **ekCertificate,
+				uint8_t **modulusBin,
+				int *modulusBytes,
+				TPMI_RH_NV_INDEX ekCertIndex,
+				int print);
+    TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext,
+				   void **certificate,
+				   TPMI_RH_NV_INDEX nvIndex);
+    TPM_RC convertCertificatePubKey(uint8_t **modulusBin,
+				    int *modulusBytes,
+				    void *ekCertificate,
+				    TPMI_RH_NV_INDEX ekCertIndex,
+				    int print);
+    TPM_RC createCertificate(char **x509CertString,
+			     char **pemCertString,
+			     uint32_t *certLength,
+			     unsigned char **certificate,
+			     TPMT_PUBLIC *tpmtPublic,	
+			     const char *caKeyFileName,
+			     size_t issuerEntriesSize,
+			     char **issuerEntries,
+			     size_t subjectEntriesSize,
+			     char **subjectEntries,
+			     const char *caKeyPassword);
+    TPM_RC processRoot(TSS_CONTEXT *tssContext,
+		       TPMI_RH_NV_INDEX ekCertIndex,
+		       const char *rootFilename[],
+		       unsigned int rootFileCount,
+		       int print);
+    TPM_RC verifyCertificate(void *x509Certificate,
+			     const char *rootFilename[],
+			     unsigned int rootFileCount,
+			     int print);
+    TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext,
+				TPM_HANDLE *keyHandle,
+				TPMI_RH_NV_INDEX ekCertIndex,
+				unsigned char *nonce,
+				uint16_t nonceSize,
+				TPMT_PUBLIC *tpmtPublicIn,
+				TPMT_PUBLIC *tpmtPublicOut,
+				unsigned int noFlush,
+				int print);
+    TPM_RC processValidatePrimary(uint8_t *publicKeyBin,
+				  int publicKeyBytes,
+				  TPMT_PUBLIC *tpmtPublic,
+				  TPMI_RH_NV_INDEX ekCertIndex,
+				  int print);
+    TPM_RC processPrimary(TSS_CONTEXT *tssContext,
+			  TPM_HANDLE *keyHandle,
+			  TPMI_RH_NV_INDEX ekCertIndex,
+			  TPMI_RH_NV_INDEX ekNonceIndex, 
+			  TPMI_RH_NV_INDEX ekTemplateIndex,
+			  unsigned int noFlush,
+			  int print);
+
+    /*
+      deprecated OpenSSL specific functions
+    */
+   
+#ifndef TPM_TSS_NO_OPENSSL
+
+
+    uint32_t getPubkeyFromDerCertFile(RSA  **rsaPkey,
+				      X509 **x509,
+				      const char *derCertificateFileName);
+    uint32_t getPubKeyFromX509Cert(RSA  **rsaPkey,
+				   X509 *x509);
+    TPM_RC getCaStore(X509_STORE **caStore,
+		      X509 *caCert[],
+		      const char *rootFilename[],
+		      unsigned int rootFileCount);
+    TPM_RC verifyKeyUsage(X509 *ekX509Certificate,
+			  int pkeyType,
+			  int print);
+    TPM_RC convertX509ToDer(uint32_t *certLength,
+			    unsigned char **certificate,
+			    X509 *x509Certificate);
+#ifndef TPM_TSS_NOECC
+    TPM_RC convertX509ToEc(EC_KEY **ecKey,
+			   X509 *x509);
+#endif	/* TPM_TSS_NOECC */
+    TPM_RC convertX509ToDer(uint32_t *certLength,
+			    unsigned char **certificate,
+			    X509 *x509Certificate);
+    TPM_RC convertPemToX509(X509 **x509,
+			    const char *pemCertificateFilename);
+    TPM_RC convertPemMemToX509(X509 **x509,
+			       const char *pemCertificate);
+    TPM_RC convertX509ToPemMem(char **pemString,
+			       X509 *x509);
+    TPM_RC convertX509ToString(char **x509String,
+			       X509 *x509);
+    TPM_RC convertCertificatePubKey12(uint8_t **modulusBin,
+				      int *modulusBytes,
+				      X509 *ekCertificate);
+
+    /* certificate key to nid mapping array */
+
+    TPM_RC startCertificate(X509 *x509Certificate,
+			    uint16_t keyLength,
+			    const unsigned char *keyBuffer,
+			    size_t issuerEntriesSize,
+			    char **issuerEntries,
+			    size_t subjectEntriesSize,
+			    char **subjectEntries);
+
+    typedef struct tdCertificateName
+    {
+	const char *key;
+	int nid;
+    } CertificateName;
+
+    TPM_RC calculateNid(void);
+    TPM_RC createX509Name(X509_NAME **x509Name,
+			  size_t entriesSize,
+			  char **entries);
+    TPM_RC addCertExtension(X509 *x509Certificate, int nid, const char *value);
+    TPM_RC addCertKeyRsa(X509 *x509Certificate,
+			 const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa);
+#ifndef TPM_TSS_NOECC
+    TPM_RC addCertKeyEcc(X509 *x509Certificate,
+			 const TPMS_ECC_POINT *tpmsEccPoint);
+#endif	/* TPM_TSS_NOECC */
+    TPM_RC addCertSignatureRoot(X509 *x509Certificate,
+				const char *caKeyFileName,
+				const char *caKeyPassword);
+    TPM_RC TSS_RSAGetKey(const BIGNUM **n,
+			 const BIGNUM **e,
+			 const BIGNUM **d,
+			 const BIGNUM **p,
+			 const BIGNUM **q,
+			 const RSA *rsaKey);
+
+    int TSS_Pubkey_GetAlgorithm(EVP_PKEY *pkey);
+
+
+#endif /* TPM_TSS_NO_OPENSSL */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/encryptdecrypt.c b/utils/encryptdecrypt.c
new file mode 100644
index 000000000..cd958a3b0
--- /dev/null
+++ b/utils/encryptdecrypt.c
@@ -0,0 +1,363 @@
+/********************************************************************************/
+/*										*/
+/*			   EncryptDecrypt					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+
+static void printDecrypt(EncryptDecrypt_Out *out);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    EncryptDecrypt_In 		in;
+    EncryptDecrypt_Out 		out;
+    EncryptDecrypt2_In 		in2;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    const char			*inFilename = NULL;
+    const char			*outFilename = NULL;
+    TPMI_YES_NO			decrypt = NO;
+    int				two = FALSE;
+    const char			*keyPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    uint16_t			written;
+    size_t			length;
+    uint8_t			*buffer = NULL;		/* for the free */
+    uint8_t			*buffer1 = NULL;	/* for marshaling */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-d") == 0) {
+	    decrypt = YES;
+	}
+ 	else if (strcmp(argv[i],"-2") == 0) {
+	    two = TRUE;
+	}
+ 	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (inFilename == NULL) {
+	printf("Missing encrypted message -if\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     inFilename);
+    }
+    if (rc == 0) {
+	if (length > sizeof(in.inData.t.buffer)) {
+	    printf("Input data too long %u\n", (uint32_t)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	if (!two) {	/* use TPM_CC_EncryptDecrypt */
+	    /* the symmetric key used for the operation */
+	    in.keyHandle = keyHandle;
+	    /* if YES, then the operation is decryption; if NO, the operation is encryption */
+	    in.decrypt = decrypt;
+	    /* symmetric mode */
+	    in.mode = TPM_ALG_NULL;
+	    /* an initial value as required by the algorithm */
+	    in.ivIn.t.size = MAX_SYM_BLOCK_SIZE;
+	    memset(in.ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE);
+	    /* the data to be encrypted/decrypted */
+	    in.inData.t.size = (uint16_t)length;
+	    if (length > 0) {	/* if length is 0, buffer is NULL */
+		memcpy(in.inData.t.buffer, buffer, length);
+	    }
+	}
+	else {
+	    /* the symmetric key used for the operation */
+	    in2.keyHandle = keyHandle;
+	    /* if YES, then the operation is decryption; if NO, the operation is encryption */
+	    in2.decrypt = decrypt;
+	    /* symmetric mode */
+	    in2.mode = TPM_ALG_NULL;
+	    /* an initial value as required by the algorithm */
+	    in2.ivIn.t.size = MAX_SYM_BLOCK_SIZE;
+	    memset(in2.ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE);
+	    /* the data to be encrypted/decrypted */
+	    in2.inData.t.size = (uint16_t)length;
+	    if (length > 0) {	/* if length is 0, buffer is NULL */
+		memcpy(in2.inData.t.buffer, buffer, length);
+	    }
+	}
+    }
+    free (buffer);	/* @1 */
+    buffer = NULL;
+
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	if (!two) {	/* use TPM_CC_EncryptDecrypt */
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_EncryptDecrypt,
+			     sessionHandle0, keyPassword, sessionAttributes0,
+			     sessionHandle1, NULL, sessionAttributes1,
+			     sessionHandle2, NULL, sessionAttributes2,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	else {	/* use TPM_CC_EncryptDecrypt2 */
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in2,
+			     NULL,
+			     TPM_CC_EncryptDecrypt2,
+			     sessionHandle0, keyPassword, sessionAttributes0,
+			     sessionHandle1, NULL, sessionAttributes1,
+			     sessionHandle2, NULL, sessionAttributes2,
+			     TPM_RH_NULL, NULL, 0);
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (outFilename != NULL)) {
+	written = 0;
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&out.outData, &written, NULL, NULL);
+    }
+    if ((rc == 0) && (outFilename != NULL)) {
+	buffer = realloc(buffer, written);	/* freed @2 */
+	buffer1 = buffer;
+	written = 0;
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&out.outData, &written, &buffer1, NULL);
+    }    
+    if ((rc == 0) && (outFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t),
+				      written - sizeof(uint16_t),
+				      outFilename);
+    }    
+    free(buffer);	/* @2 */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printDecrypt(&out);
+	if (tssUtilsVerbose) printf("encryptdecrypt: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("encryptdecrypt: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printDecrypt(EncryptDecrypt_Out *out)
+{
+    TSS_PrintAll("outData", out->outData.t.buffer, out->outData.t.size);
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("encryptdecrypt\n");
+    printf("\n");
+    printf("Runs TPM2_EncryptDecrypt\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t-pwdk\tpassword for key (default empty)\n");
+    printf("\t-d\tdecrypt (default encrypt)\n");
+    printf("\t-if\tinput file name\n");
+    printf("\t[-of\toutput file name (default do not save)]\n");
+    printf("\t[-2\tuse TPM2_EncryptDecrypt2]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/eventextend.c b/utils/eventextend.c
new file mode 100644
index 000000000..31b49d167
--- /dev/null
+++ b/utils/eventextend.c
@@ -0,0 +1,390 @@
+/********************************************************************************/
+/*										*/
+/*		      Extend an EVENT measurement file into PCRs		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* eventextend is test/demo code.  It parses a TPM2 event log file and extends the measurements into
+   TPM PCRs or simulated PCRs.  This simulates the actions that would be performed by BIOS /
+   firmware in a hardware platform.  */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+
+#include "eventlib.h"
+
+/* local prototypes */
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int 			i = 0;
+    TSS_CONTEXT			*tssContext = NULL;
+    const char 			*infilename = NULL;
+    FILE 			*infile = NULL;
+    int				tpm = FALSE;	/* extend into TPM */
+    int				sim = FALSE;	/* extend into simulated PCRs */
+    int				nospec = FALSE;	/* event log does not start with spec file */
+    int				noSpace = FALSE;
+    uint32_t 			bankNum = 0;	/* PCR hash bank */
+    unsigned int 		pcrNum = 0;	/* PCR number iterator */
+    TPMI_DH_PCR 		pcrMax = 7;
+    TPMT_HA 			simPcrs[HASH_COUNT][IMPLEMENTATION_PCR];
+    TPMT_HA 			bootAggregates[HASH_COUNT];
+    TCG_PCR_EVENT2 		event2;			/* TPM 2.0 event log entry */
+    TCG_PCR_EVENT 		event;			/* TPM 1.2 event log entry */
+    TCG_EfiSpecIDEvent 		specIdEvent;
+    unsigned int 		lineNum;
+    int 			endOfFile = FALSE;
+	
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; i<argc ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		infilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+		exit(2);
+	    }
+	}
+	else if (strcmp(argv[i],"-tpm") == 0) {
+	    tpm = TRUE;
+	}
+	else if (strcmp(argv[i],"-nospec") == 0) {
+	    nospec = TRUE;
+	}
+	else if (strcmp(argv[i],"-sim") == 0) {
+	    sim = TRUE;
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-pcrmax") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrMax);
+	    }
+	    else {
+		printf("Missing parameter for -pcrmax");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (infilename == NULL) {
+	printf("Missing -if argument\n");
+	printUsage();
+    }
+    if (!tpm && !sim) {
+	printf("-tpm or -sim must be specified\n");
+	printUsage();
+    }
+    if (sim && nospec) {
+	printf("-sim incompatible with -nospec\n");
+	printUsage();
+    }
+    /*
+    ** read the event log file
+    */
+    infile = fopen(infilename,"rb");
+    if (infile == NULL) {
+	printf("Unable to open input file '%s'\n", infilename);
+	exit(-4);
+    }
+    /* the first event is a TPM 1.2 format event */
+    /* read an event line */
+    if ((rc == 0) && !nospec) {
+	rc = TSS_EVENT_Line_Read(&event, &endOfFile, infile);
+    }
+    /* debug tracing */
+    if ((rc == 0) && !nospec && !endOfFile && tssUtilsVerbose) {
+	printf("\neventextend: line 0\n");
+	TSS_EVENT_Line_Trace(&event);
+    }
+    /* parse the event, populates the TCG_EfiSpecIDEvent structure */
+    if ((rc == 0) && !nospec && !endOfFile) {
+	rc = TSS_SpecIdEvent_Unmarshal(&specIdEvent,
+				       event.eventDataSize, event.event);
+    }
+    /* range check numberOfAlgorithms before the trace */
+    if ((rc == 0) && !nospec && !endOfFile) {
+	if (specIdEvent.numberOfAlgorithms > HASH_COUNT) {
+	    printf("specIdEvent.numberOfAlgorithms %u greater than %u\n",
+		   specIdEvent.numberOfAlgorithms, HASH_COUNT);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+    /* trace the specIdEvent event */
+    if ((rc == 0) && !nospec && !endOfFile && tssUtilsVerbose) {
+	TSS_SpecIdEvent_Trace(&specIdEvent);
+    }
+    /* Start a TSS context */
+    if ((rc == 0) && tpm) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* initialize simulated PCRs */
+    if ((rc == 0) && sim) {
+	if (specIdEvent.numberOfAlgorithms > HASH_COUNT) {
+	    printf("specIdEvent.numberOfAlgorithms %u greater than %u\n",
+		   specIdEvent.numberOfAlgorithms, HASH_COUNT);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+    /* simulated BIOS PCRs start at zero at boot */
+    if ((rc == 0) && sim) {
+	for (bankNum = 0 ; bankNum < specIdEvent.numberOfAlgorithms ; bankNum++) {
+	    bootAggregates[bankNum].hashAlg = specIdEvent.digestSizes[bankNum].algorithmId;
+	    for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) {
+		/* initialize each algorithm ID based on the specIdEvent */
+		simPcrs[bankNum][pcrNum].hashAlg = specIdEvent.digestSizes[bankNum].algorithmId;
+		memset(&simPcrs[bankNum][pcrNum].digest.tssmax, 0, sizeof(TPMU_HA));
+	    }
+	}
+    }
+    /* scan each measurement 'line' in the binary */
+    for (lineNum = 1 ; (rc == 0) && !endOfFile ; lineNum++) {
+
+	/* read a TPM 2.0 hash agile event line */
+	if (rc == 0) {
+	    rc = TSS_EVENT2_Line_Read(&event2, &endOfFile, infile);
+	}
+	/* debug tracing */
+	if ((rc == 0) && !endOfFile && tssUtilsVerbose) {
+	    printf("\neventextend: line %u\n", lineNum);
+	    TSS_EVENT2_Line_Trace(&event2);
+	}
+	/* don't extend no action events */
+	if ((rc == 0) && !endOfFile) {
+	    if (event2.eventType == EV_NO_ACTION) {
+		continue;
+	    }
+	}
+	if ((rc == 0) && !endOfFile && tpm) {	/* extend TPM */
+	    PCR_Extend_In 		in;
+	    PCR_Read_In 		pcrReadIn;
+	    PCR_Read_Out 		pcrReadOut;
+
+	    if (rc == 0) {
+		in.pcrHandle = event2.pcrIndex;
+		in.digests = event2.digests;
+		rc = TSS_Execute(tssContext,
+				 NULL, 
+				 (COMMAND_PARAMETERS *)&in,
+				 NULL,
+				 TPM_CC_PCR_Extend,
+				 TPM_RS_PW, NULL, 0,
+				 TPM_RH_NULL, NULL, 0);
+	    }
+	    /* for debug, read back and trace the PCR value after the extend */
+	    if ((rc == 0) && tssUtilsVerbose) {
+		pcrReadIn.pcrSelectionIn.count = 1;
+		pcrReadIn.pcrSelectionIn.pcrSelections[0].hash =
+		    event2.digests.digests[0].hashAlg;
+		pcrReadIn.pcrSelectionIn.pcrSelections[0].sizeofSelect = 3;
+		pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[0] = 0;
+		pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[1] = 0;
+		pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[2] = 0;
+		pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[event2.pcrIndex / 8] =
+		    1 << (event2.pcrIndex % 8);
+
+		rc = TSS_Execute(tssContext,
+				 (RESPONSE_PARAMETERS *)&pcrReadOut,
+				 (COMMAND_PARAMETERS *)&pcrReadIn,
+				 NULL,
+				 TPM_CC_PCR_Read,
+				 TPM_RH_NULL, NULL, 0);
+	    }
+	    if ((rc == 0) && tssUtilsVerbose) {
+		TSS_PrintAll("PCR digest",
+			     pcrReadOut.pcrValues.digests[0].t.buffer,
+			     pcrReadOut.pcrValues.digests[0].t.size);
+	    }
+	}
+	if ((rc == 0) && !endOfFile && sim) {	/* extend simulated PCRs */
+	    rc = TSS_EVENT2_PCR_Extend(simPcrs, &event2);
+	}
+    }
+    {
+	if (tpm) {
+	    TPM_RC rc1 = TSS_Delete(tssContext);
+	    if (rc == 0) {
+		rc = rc1;
+	    }
+	}
+    }
+    if ((rc == 0) && sim) {
+	for (bankNum = 0 ; (rc == 0) && (bankNum < specIdEvent.numberOfAlgorithms) ; bankNum++) {
+	    /* trace the virtual PCRs */
+	    if (rc == 0) {
+	        char pcrString[9];	/* PCR number */
+
+		printf("\n");
+		TSS_TPM_ALG_ID_Print("algorithmId", specIdEvent.digestSizes[bankNum].algorithmId, 0);
+		for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) {
+		    sprintf(pcrString, "PCR %02u:", pcrNum);
+		    if (!noSpace) {
+			/* TSS_PrintAllLogLevel() with a log level of LOGLEVEL_INFO to print the byte
+			   array on one line with no length */
+			TSS_PrintAllLogLevel(LOGLEVEL_INFO, pcrString, 1,
+					     simPcrs[bankNum][pcrNum].digest.tssmax,
+					     specIdEvent.digestSizes[bankNum].digestSize);
+		    }
+		    else {	/* print with no spaces */
+			uint32_t bp;
+			printf("PCR %02u: ", pcrNum);
+			for (bp = 0 ; bp < specIdEvent.digestSizes[bankNum].digestSize ; bp++) {
+			    printf("%02x", simPcrs[bankNum][pcrNum].digest.tssmax[bp]);
+			}
+			printf("\n");
+		    }
+		}
+	    }
+	    /* calculate the boot aggregate, hash of PCR 0-7 */
+	    if (rc == 0) {
+		int length[IMPLEMENTATION_PCR];
+		size_t j;
+		for (j = 0 ; j < IMPLEMENTATION_PCR ; j++) {
+		    if (j <= pcrMax) {	/* include PCRs up to here */
+			length[j] = specIdEvent.digestSizes[bankNum].digestSize;
+		    }
+		    else {
+			length[j] = 0;	/* exclude PCRs after to here */
+		    }
+		}
+		rc = TSS_Hash_Generate(&bootAggregates[bankNum],
+				       length[0], &simPcrs[bankNum][0].digest.tssmax,
+				       length[1], &simPcrs[bankNum][1].digest.tssmax,
+				       length[2], &simPcrs[bankNum][2].digest.tssmax,
+				       length[3], &simPcrs[bankNum][3].digest.tssmax,
+				       length[4], &simPcrs[bankNum][4].digest.tssmax,
+				       length[5], &simPcrs[bankNum][5].digest.tssmax,
+				       length[6], &simPcrs[bankNum][6].digest.tssmax,
+				       length[7], &simPcrs[bankNum][7].digest.tssmax,
+				       length[8], &simPcrs[bankNum][8].digest.tssmax,
+				       length[9], &simPcrs[bankNum][9].digest.tssmax,
+				       length[10], &simPcrs[bankNum][10].digest.tssmax,
+				       length[11], &simPcrs[bankNum][11].digest.tssmax,
+				       length[12], &simPcrs[bankNum][12].digest.tssmax,
+				       length[13], &simPcrs[bankNum][13].digest.tssmax,
+				       length[14], &simPcrs[bankNum][14].digest.tssmax,
+				       length[15], &simPcrs[bankNum][15].digest.tssmax,
+				       length[16], &simPcrs[bankNum][16].digest.tssmax,
+				       length[17], &simPcrs[bankNum][17].digest.tssmax,
+				       length[18], &simPcrs[bankNum][18].digest.tssmax,
+				       length[19], &simPcrs[bankNum][19].digest.tssmax,
+				       length[20], &simPcrs[bankNum][20].digest.tssmax,
+				       length[21], &simPcrs[bankNum][21].digest.tssmax,
+				       length[22], &simPcrs[bankNum][22].digest.tssmax,
+				       length[23], &simPcrs[bankNum][23].digest.tssmax,
+				       0, NULL);
+	    }
+	    /* trace the boot aggregate */
+	    if (rc == 0) {
+		if (!noSpace) {
+		    TSS_PrintAllLogLevel(LOGLEVEL_INFO, "\nboot aggregate:", 1,
+					 bootAggregates[bankNum].digest.tssmax,
+					 specIdEvent.digestSizes[bankNum].digestSize);
+		}
+		else {	/* print with no spaces */
+		    uint32_t bp;
+		    printf("\nboot aggregate: ");
+		    for (bp = 0 ; bp < specIdEvent.digestSizes[bankNum].digestSize ; bp++) {
+			printf("%02x", bootAggregates[bankNum].digest.tssmax[bp]);
+		    }
+		    printf("\n");
+		}
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("eventextend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("eventextend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    if (infile != NULL) {
+	fclose(infile);
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("Usage: eventextend -if <measurement file> [-v]\n");
+    printf("\n");
+    printf("Extends a measurement file (binary) into a TPM or simulated PCRs\n");
+    printf("\n");
+    printf("\t-if\tfile containing the data to be extended\n");
+    printf("\t[-nospec\tfile does not contain spec ID header (useful for incremental test)]\n");
+    printf("\t[-tpm\textend TPM PCRs]\n");
+    printf("\t[-sim\tcalculate simulated PCRs and boot aggregate]\n");
+    printf("\t[-pcrmax\twith -sim, sets the highest PCR number to be used to calculate the\n"
+	   "\t\tboot aggregate (default 7)]\n");
+    printf("\t[-ns\tno space, no text, no newlines]\n");
+    printf("\n");
+   exit(-1);
+}
+
diff --git a/utils/eventlib.c b/utils/eventlib.c
new file mode 100644
index 000000000..081d4d8d2
--- /dev/null
+++ b/utils/eventlib.c
@@ -0,0 +1,1089 @@
+/********************************************************************************/
+/*										*/
+/*		     	TPM2 Measurement Log Common Routines			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tssprint.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+
+#include "eventlib.h"
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+static uint16_t Uint16_Convert(uint16_t in);
+#endif
+static uint32_t Uint32_Convert(uint32_t in);
+#endif /* TPM_TSS_NOFILE */
+static TPM_RC UINT16LE_Unmarshal(uint16_t *target, BYTE **buffer, uint32_t *size);
+static TPM_RC UINT32LE_Unmarshal(uint32_t *target, BYTE **buffer, uint32_t *size);
+
+static void TSS_EVENT_EventType_Trace(uint32_t eventType);
+static TPM_RC TSS_SpecIdEventAlgorithmSize_Unmarshal(TCG_EfiSpecIdEventAlgorithmSize *algSize,
+						     uint8_t **buffer,
+						     uint32_t *size);
+static void TSS_SpecIdEventAlgorithmSize_Trace(TCG_EfiSpecIdEventAlgorithmSize *algSize);
+static TPM_RC TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(TPML_DIGEST_VALUES *target,
+						   BYTE **buffer,
+						   uint32_t *size);
+static TPM_RC TSS_TPMT_HA_LE_Unmarshalu(TPMT_HA *target, BYTE **buffer,
+					uint32_t *size, BOOL allowNull);
+static TPM_RC TSS_TPMI_ALG_HASH_LE_Unmarshalu(TPMI_ALG_HASH *target,
+					      BYTE **buffer, uint32_t *size,
+					      BOOL allowNull);
+static TPM_RC TSS_TPM_ALG_ID_LE_Unmarshalu(TPM_ALG_ID *target,
+					   BYTE **buffer, uint32_t *size);
+static TPM_RC TSS_TPMT_HA_LE_Marshalu(const TPMT_HA *source, uint16_t *written,
+				      BYTE **buffer, uint32_t *size);
+static TPM_RC TSS_TPML_DIGEST_VALUES_LE_Marshalu(const TPML_DIGEST_VALUES *source,
+						 uint16_t *written, BYTE **buffer,
+						 uint32_t *size);
+
+/* TSS_EVENT_Line_Read() reads a TPM 1.2 SHA-1 event line from a binary file inFile.
+
+ */
+
+#ifndef TPM_TSS_NOFILE
+int TSS_EVENT_Line_Read(TCG_PCR_EVENT *event,
+			int *endOfFile,
+			FILE *inFile)
+{
+    int rc = 0;
+    size_t readSize;
+    *endOfFile = FALSE;
+
+    /* read the PCR index */
+    if (rc == 0) {
+	readSize = fread(&(event->pcrIndex),
+			 sizeof(((TCG_PCR_EVENT *)NULL)->pcrIndex), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("TSS_EVENT_Line_Read: Error, could not read pcrIndex, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->pcrIndex = Uint32_Convert(event->pcrIndex);
+    }
+    /* read the event type */
+    if (!*endOfFile && (rc == 0)) {
+	readSize = fread(&(event->eventType),
+			 sizeof(((TCG_PCR_EVENT *)NULL)->eventType), 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT_Line_Read: Error, could not read eventType, returned %lu\n",
+		   (unsigned long) readSize);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->eventType = Uint32_Convert(event->eventType);
+    }
+    /* read the digest */
+    if (!*endOfFile && (rc == 0)) {
+	readSize = fread(&(event->digest),
+			 sizeof(((TCG_PCR_EVENT *)NULL)->digest), 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT_Line_Read: Error, could not read digest, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* read the event data size */
+    if (!*endOfFile && (rc == 0)) {
+	readSize = fread(&(event->eventDataSize),
+			 sizeof(((TCG_PCR_EVENT *)NULL)->eventDataSize), 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT_Line_Read: Error, could not read event data size, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->eventDataSize = Uint32_Convert(event->eventDataSize);
+    }
+    /* bounds check the event data length */
+    if (!*endOfFile && (rc == 0)) {
+	if (event->eventDataSize > sizeof(((TCG_PCR_EVENT *)NULL)->event)) {
+	    printf("TSS_EVENT_Line_Read: Error, event data length too big: %u\n",
+		   event->eventDataSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* read the event */
+    if (!*endOfFile && (rc == 0)) {
+	memset(event->event , 0, sizeof(((TCG_PCR_EVENT *)NULL)->event));
+	readSize = fread(&(event->event),
+			 event->eventDataSize, 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT_Line_Read: Error, could not read event, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NOFILE */
+
+/* TSS_EVENT_Line_Marshal() marshals a TCG_PCR_EVENT structure */
+
+TPM_RC TSS_EVENT_Line_Marshal(TCG_PCR_EVENT *source,
+			      uint16_t *written, uint8_t **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->eventType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->digest, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->eventDataSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->event, source->eventDataSize, written, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_EVENT_Line_Unmarshal() unmarshals a TCG_PCR_EVENT2 structure
+
+ */
+
+TPM_RC TSS_EVENT_Line_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->pcrIndex, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->eventType, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)target->digest, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->eventDataSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->eventDataSize > sizeof(target->event)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventDataSize, buffer, size);
+    }
+    return rc;
+}
+
+/*
+ * TSS_EVENT_Line_LE_Unmarshal() Unmarshal LE buffer into a target TCG_PCR_EVENT
+*/
+TPM_RC TSS_EVENT_Line_LE_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&target->pcrIndex, buffer, size);
+    }
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&target->eventType, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)target->digest, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&target->eventDataSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->eventDataSize > sizeof(target->event)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventDataSize, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_EVENT_PCR_Extend() extends PCR digest with the digest from the TCG_PCR_EVENT event log
+   entry.
+*/
+
+TPM_RC TSS_EVENT_PCR_Extend(TPMT_HA pcrs[IMPLEMENTATION_PCR],
+			    TCG_PCR_EVENT *event)
+{
+    TPM_RC 		rc = 0;
+    
+    /* validate PCR number */
+    if (rc == 0) {
+	if (event->pcrIndex >= IMPLEMENTATION_PCR) {
+	    printf("ERROR: TSS_EVENT_PCR_Extend: PCR number %u out of range\n", event->pcrIndex);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+    /* process each event hash algorithm */
+    if (rc == 0) {
+	pcrs[event->pcrIndex].hashAlg = TPM_ALG_SHA1;	/* should already be initialized */
+	if (rc == 0) {
+	    rc = TSS_Hash_Generate(&pcrs[event->pcrIndex],
+				   SHA1_DIGEST_SIZE, (uint8_t *)&pcrs[event->pcrIndex].digest,
+				   SHA1_DIGEST_SIZE, &event->digest,
+				   0, NULL);
+	}
+    }
+    return rc;
+}
+
+void TSS_EVENT_Line_Trace(TCG_PCR_EVENT *event)
+{
+    printf("TSS_EVENT_Line_Trace: PCR index %u\n", event->pcrIndex);
+    TSS_EVENT_EventType_Trace(event->eventType);
+    TSS_PrintAll("TSS_EVENT_Line_Trace: PCR",
+		 event->digest, sizeof(((TCG_PCR_EVENT *)NULL)->digest));
+    TSS_PrintAll("TSS_EVENT_Line_Trace: event",
+		 event->event, event->eventDataSize);
+    if (event->eventType == EV_IPL) {	/* this event appears to be printable strings */
+	printf(" %.*s\n", event->eventDataSize, event->event);
+    }
+    return;
+}
+
+/* TSS_SpecIdEvent_Unmarshal() unmarshals the TCG_EfiSpecIDEvent structure.
+
+   The size and buffer are not moved, since this is the only structure in the event.
+*/
+
+TPM_RC TSS_SpecIdEvent_Unmarshal(TCG_EfiSpecIDEvent *specIdEvent,
+				 uint32_t eventSize,
+				 uint8_t *event)
+{
+    TPM_RC	rc = 0;
+    uint32_t	size = eventSize;	/* copy, because size and buffer are not moved */
+    uint8_t	*buffer = event;
+    uint32_t 	i;
+
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(specIdEvent->signature, sizeof(specIdEvent->signature),
+			     &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&(specIdEvent->platformClass), &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&(specIdEvent->specVersionMinor), &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&(specIdEvent->specVersionMajor), &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&(specIdEvent->specErrata), &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&(specIdEvent->uintnSize), &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&(specIdEvent->numberOfAlgorithms), &buffer, &size);
+    }
+    for (i = 0 ; (rc == 0) && (i < specIdEvent->numberOfAlgorithms) ; i++) {
+	rc = TSS_SpecIdEventAlgorithmSize_Unmarshal(&(specIdEvent->digestSizes[i]),
+						    &buffer, &size);
+    }	    
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&(specIdEvent->vendorInfoSize), &buffer, &size);
+    }
+#if 0	/* NOTE: Can never fail because vendorInfoSize is uint8_t and vendorInfo is 0xff bytes */
+    if (rc == 0) {
+	if (specIdEvent->vendorInfoSize > sizeof(specIdEvent->vendorInfo)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+#endif
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(specIdEvent->vendorInfo, specIdEvent->vendorInfoSize,
+			     &buffer, &size);
+    }
+    return rc;
+}
+
+/* TSS_SpecIdEventAlgorithmSize_Unmarshal() unmarshals the TCG_EfiSpecIdEventAlgorithmSize
+   structure */
+
+static TPM_RC TSS_SpecIdEventAlgorithmSize_Unmarshal(TCG_EfiSpecIdEventAlgorithmSize *algSize,
+						     uint8_t **buffer,
+						     uint32_t *size)
+{
+    TPM_RC	rc = 0;
+
+    if (rc == 0) {
+	rc = UINT16LE_Unmarshal(&(algSize->algorithmId), buffer, size);
+    }
+    if (rc == 0) {
+	rc = UINT16LE_Unmarshal(&(algSize->digestSize), buffer, size);
+    } 
+    if (rc == 0) {
+	uint16_t mappedDigestSize = TSS_GetDigestSize(algSize->algorithmId);
+	if (mappedDigestSize != 0) {
+	    if (mappedDigestSize != algSize->digestSize) {
+		printf("TSS_SpecIdEventAlgorithmSize_Unmarshal: "
+		       "Error, inconsistent digest size, algorithm %04x size %u\n",
+		       algSize->algorithmId, algSize->digestSize);
+		rc = TSS_RC_BAD_PROPERTY_VALUE;
+	    }
+	}
+    }
+    return rc;
+}
+
+void TSS_SpecIdEvent_Trace(TCG_EfiSpecIDEvent *specIdEvent)
+{
+    uint32_t 	i;
+
+    /* normal case */
+    if (specIdEvent->signature[15] == '\0')  {
+	printf("TSS_SpecIdEvent_Trace: signature: %s\n", specIdEvent->signature);
+    }
+    /* error case */
+    else {
+	TSS_PrintAll("TSS_SpecIdEvent_Trace: signature",
+		     specIdEvent->signature, sizeof(specIdEvent->signature));
+    }
+    printf("TSS_SpecIdEvent_Trace: platformClass %08x\n", specIdEvent->platformClass);
+    printf("TSS_SpecIdEvent_Trace: specVersionMinor %02x\n", specIdEvent->specVersionMinor);
+    printf("TSS_SpecIdEvent_Trace: specVersionMajor %02x\n", specIdEvent->specVersionMajor);
+    printf("TSS_SpecIdEvent_Trace: specErrata %02x\n", specIdEvent->specErrata);
+    printf("TSS_SpecIdEvent_Trace: uintnSize %02x\n", specIdEvent->uintnSize);
+    printf("TSS_SpecIdEvent_Trace: numberOfAlgorithms %u\n", specIdEvent->numberOfAlgorithms);
+    for (i = 0 ; (i < specIdEvent->numberOfAlgorithms) ; i++) {
+	TSS_SpecIdEventAlgorithmSize_Trace(&(specIdEvent->digestSizes[i]));
+    }
+    /* try for a printable string */
+    if (specIdEvent->vendorInfo[specIdEvent->vendorInfoSize-1] == '\0')  {
+	printf("TSS_SpecIdEvent_Trace: vendorInfo: %s\n", specIdEvent->vendorInfo);
+    }
+    /* if not, trace the bytes */
+    else {
+	TSS_PrintAll("TSS_SpecIdEvent_Trace: vendorInfo",
+		     specIdEvent->vendorInfo, specIdEvent->vendorInfoSize);
+    }
+    return;
+}
+
+static void TSS_SpecIdEventAlgorithmSize_Trace(TCG_EfiSpecIdEventAlgorithmSize *algSize)
+{
+    printf("TSS_SpecIdEventAlgorithmSize_Trace: algorithmId %04x\n", algSize->algorithmId);
+    printf("TSS_SpecIdEventAlgorithmSize_Trace: digestSize %u\n", algSize->digestSize);
+    return;
+}
+
+#ifdef TPM_TPM20
+#ifndef TPM_TSS_NOFILE
+
+/* TSS_EVENT2_Line_Read() reads a TPM2 event line from a binary file inFile.
+
+*/
+
+int TSS_EVENT2_Line_Read(TCG_PCR_EVENT2 *event,
+			 int *endOfFile,
+			 FILE *inFile)
+{
+    int rc = 0;
+    size_t readSize;
+    uint32_t maxCount; 
+    uint32_t count;
+
+    *endOfFile = FALSE;
+    /* read the PCR index */
+    if (rc == 0) {
+	readSize = fread(&(event->pcrIndex),
+			 sizeof(((TCG_PCR_EVENT2 *)NULL)->pcrIndex), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("TSS_EVENT2_Line_Read: Error, could not read pcrIndex, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->pcrIndex = Uint32_Convert(event->pcrIndex);
+    }
+    /* read the event type */
+    if (!*endOfFile && (rc == 0)) {
+	readSize = fread(&(event->eventType),
+			 sizeof(((TCG_PCR_EVENT2 *)NULL)->eventType), 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT2_Line_Read: Error, could not read eventType, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->eventType = Uint32_Convert(event->eventType);
+    }
+    /* read the TPML_DIGEST_VALUES count */
+    if (!*endOfFile && (rc == 0)) {
+	maxCount = sizeof((TPML_DIGEST_VALUES *)NULL)->digests / sizeof(TPMT_HA);
+	readSize = fread(&(event->digests.count),
+			 sizeof(((TPML_DIGEST_VALUES *)NULL)->count), 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT2_Line_Read: Error, could not read digest count, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->digests.count = Uint32_Convert(event->digests.count);
+    }
+    /* range check the digest count */
+    if (!*endOfFile && (rc == 0)) {
+	if (event->digests.count > maxCount) {
+	    printf("TSS_EVENT2_Line_Read: Error, digest count %u is greater than structure %u\n",
+		   event->digests.count, maxCount);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else if (event->digests.count == 0) {
+	    printf("TSS_EVENT2_Line_Read: Error, digest count is zero\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* read all the TPMT_HA, loop through all the digest algorithms */
+    for (count = 0 ; !*endOfFile && (count < event->digests.count) ; count++) {
+	uint16_t digestSize;
+	/* read the digest algorithm */
+	if (rc == 0) {
+	    readSize = fread(&(event->digests.digests[count].hashAlg),
+			     sizeof((TPMT_HA *)NULL)->hashAlg, 1, inFile);
+	    if (readSize != 1) {
+		printf("TSS_EVENT2_Line_Read: "
+		       "Error, could not read digest algorithm, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	/* do the endian conversion of the hash algorithm from stream to uint16_t */
+	if (rc == 0) {
+	    event->digests.digests[count].hashAlg =
+		Uint16_Convert(event->digests.digests[count].hashAlg);
+	}
+	/* map from the digest algorithm to the digest length */
+	if (rc == 0) {
+	    digestSize = TSS_GetDigestSize(event->digests.digests[count].hashAlg);
+	    if (digestSize == 0) {
+		printf("TSS_EVENT2_Line_Read: Error, unknown digest algorithm %04x*\n",
+		       event->digests.digests[count].hashAlg);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	/* read the digest */
+	if (rc == 0) {
+	    readSize = fread((uint8_t *)&(event->digests.digests[count].digest),
+			     digestSize, 1, inFile);
+	    if (readSize != 1) {
+		printf("TSS_EVENT2_Line_Read: Error, could not read digest, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* read the event size */
+    if (!*endOfFile && (rc == 0)) {
+	readSize = fread(&(event->eventSize),
+			 sizeof(((TCG_PCR_EVENT2 *)NULL)->eventSize), 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT2_Line_Read: Error, could not read event size, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* do the endian conversion from stream to uint32_t */
+    if (!*endOfFile && (rc == 0)) {
+	event->eventSize = Uint32_Convert(event->eventSize);
+    }
+    /* bounds check the event size */
+    if (!*endOfFile && (rc == 0)) {
+	if (event->eventSize > sizeof(((TCG_PCR_EVENT2 *)NULL)->event)) {
+	    printf("TSS_EVENT2_Line_Read: Error, event size too big: %u\n",
+		   event->eventSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* read the event */
+    if (!*endOfFile && (event->eventSize > 0) && (rc == 0)) {
+	memset(event->event , 0, sizeof(((TCG_PCR_EVENT2 *)NULL)->event));
+	readSize = fread(&(event->event),
+			 event->eventSize, 1, inFile);
+	if (readSize != 1) {
+	    printf("TSS_EVENT2_Line_Read: Error, could not read event, returned %lu\n",
+		   (unsigned long)readSize);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    return rc;
+}
+#endif /* TPM_TSS_NOFILE */
+
+/* TSS_EVENT2_Line_Marshal() marshals a TCG_PCR_EVENT2 structure */
+
+TPM_RC TSS_EVENT2_Line_Marshal(TCG_PCR_EVENT2 *source,
+			       uint16_t *written, uint8_t **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->eventType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_DIGEST_VALUES_Marshalu(&source->digests, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->eventSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu((uint8_t *)source->event, source->eventSize, written, buffer, size);
+    }
+    return rc;
+}
+
+/*
+ * TSS_EVENT2_Line_LE_Marshal() Marshals a TSS_EVENT2 structure from HBO into LE
+ * and saves to buffer.
+ */
+TPM_RC TSS_EVENT2_Line_LE_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written,
+				  uint8_t **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32LE_Marshal(&source->pcrIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32LE_Marshal(&source->eventType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_DIGEST_VALUES_LE_Marshalu(&source->digests, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32LE_Marshal(&source->eventSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu((uint8_t *)source->event, source->eventSize, written, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_EVENT2_Line_Unmarshal() unmarshals a TCG_PCR_EVENT2 structure */
+
+
+TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->pcrIndex, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->eventType, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->digests, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->eventSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->eventSize > sizeof(target->event)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventSize, buffer, size);
+    }
+    return rc;
+}
+
+/*
+ * TSS_EVENT2_Line_LE_Unmarshal() Unmarshals an LE eventlog buffer and save to
+ * the target TCG_PCR_EVENT2
+ */
+TPM_RC TSS_EVENT2_Line_LE_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&target->pcrIndex, buffer, size);
+    }
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&target->eventType, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(&target->digests, buffer, size);
+    }
+    if (rc == 0) {
+	rc = UINT32LE_Unmarshal(&target->eventSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->eventSize > sizeof(target->event)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)target->event, target->eventSize, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_EVENT2_PCR_Extend() extends PCR digests with the digest from the TCG_PCR_EVENT2 event log
+   entry.
+*/
+
+TPM_RC TSS_EVENT2_PCR_Extend(TPMT_HA pcrs[HASH_COUNT][IMPLEMENTATION_PCR],
+			     TCG_PCR_EVENT2 *event2)
+{
+    TPM_RC 		rc = 0;
+    uint32_t 		i;		/* iterator though hash algorithms */
+    uint32_t 		bankNum = 0;	/* iterator though PCR hash banks */
+    
+    /* validate PCR number */
+    if (rc == 0) {
+	if (event2->pcrIndex >= IMPLEMENTATION_PCR) {
+	    printf("ERROR: TSS_EVENT2_PCR_Extend: PCR number %u out of range\n", event2->pcrIndex);
+	    rc = 1;
+	}
+    }
+    /* validate event count */
+    if (rc == 0) {
+	uint32_t maxCount = sizeof(((TPML_DIGEST_VALUES *)NULL)->digests) / sizeof(TPMT_HA);
+	if (event2->digests.count > maxCount) {
+	    printf("ERROR: TSS_EVENT2_PCR_Extend: PCR count %u out of range, max %u\n",
+		   event2->digests.count, maxCount);
+	    rc = 1;
+	}	    
+    }
+    /* process each event hash algorithm */
+    for (i = 0; (rc == 0) && (i < event2->digests.count) ; i++) {
+	/* find the matching PCR bank */
+	for (bankNum = 0 ; (rc == 0) && (bankNum < event2->digests.count) ; bankNum++) {
+	    if (pcrs[bankNum][0].hashAlg == event2->digests.digests[i].hashAlg) {
+
+		uint16_t digestSize;
+		if (rc == 0) {
+		    digestSize = TSS_GetDigestSize(event2->digests.digests[i].hashAlg);
+		    if (digestSize == 0) {
+			printf("ERROR: TSS_EVENT2_PCR_Extend: hash algorithm %04hx unknown\n",
+			       event2->digests.digests[i].hashAlg);
+			rc = 1;
+		    }
+		}
+		if (rc == 0) {
+		    rc = TSS_Hash_Generate(&pcrs[bankNum][event2->pcrIndex],
+					   digestSize,
+					   (uint8_t *)&pcrs[bankNum][event2->pcrIndex].digest,
+					   digestSize,
+					   &event2->digests.digests[i].digest,
+					   0, NULL);
+		}
+	    }
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TPM20 */
+
+#ifndef TPM_TSS_NOFILE
+#ifdef TPM_TPM20
+
+/* Uint16_Convert() converts a little endian uint16_t (from an input stream) to host byte order
+ */
+
+static uint16_t Uint16_Convert(uint16_t in)
+{
+    uint16_t out = 0;
+    unsigned char *inb = (unsigned char *)∈
+    
+    /* little endian input */
+    out = (inb[0] <<  0) |
+	  (inb[1] <<  8);
+    return out;
+}
+
+#endif
+
+/* Uint32_Convert() converts a little endian uint32_t (from an input stream) to host byte order
+ */
+
+static uint32_t Uint32_Convert(uint32_t in)
+{
+    uint32_t out = 0;
+    unsigned char *inb = (unsigned char *)∈
+    
+    /* little endian input */
+    out = (inb[0] <<  0) |
+	  (inb[1] <<  8) |
+	  (inb[2] << 16) |
+	  (inb[3] << 24);
+    return out;
+}
+#endif /* TPM_TSS_NOFILE */
+
+/* UINT16LE_Unmarshal() unmarshals a little endian 2-byte array from buffer into a HBO uint16_t */
+
+static TPM_RC
+UINT16LE_Unmarshal(uint16_t *target, BYTE **buffer, uint32_t *size)
+{
+    if (*size < sizeof(uint16_t)) {
+	return TPM_RC_INSUFFICIENT;
+    }
+    *target = ((uint16_t)((*buffer)[0]) <<  0) |
+	      ((uint16_t)((*buffer)[1]) <<  8);
+    *buffer += sizeof(uint16_t);
+    *size -= sizeof(uint16_t);
+    return TPM_RC_SUCCESS;
+}
+
+/* UINT32LE_Unmarshal() unmarshals a little endian 4-byte array from buffer into a HBO uint32_t */
+
+static TPM_RC
+UINT32LE_Unmarshal(uint32_t *target, BYTE **buffer, uint32_t *size)
+{
+    if (*size < sizeof(uint32_t)) {
+	return TPM_RC_INSUFFICIENT;
+    }
+    *target = ((uint32_t)((*buffer)[0]) <<  0) |
+	      ((uint32_t)((*buffer)[1]) <<  8) |
+	      ((uint32_t)((*buffer)[2]) << 16) |
+	      ((uint32_t)((*buffer)[3]) << 24);
+    *buffer += sizeof(uint32_t);
+    *size -= sizeof(uint32_t);
+    return TPM_RC_SUCCESS;
+}
+
+
+void TSS_EVENT2_Line_Trace(TCG_PCR_EVENT2 *event)
+{
+    uint32_t count;
+    uint16_t digestSize;
+    printf("TSS_EVENT2_Line_Trace: PCR index %u\n", event->pcrIndex);
+    TSS_EVENT_EventType_Trace(event->eventType);
+    printf("TSS_EVENT2_Line_Trace: digest count %u\n", event->digests.count);
+    for (count = 0 ; count < event->digests.count ; count++) {
+	printf("TSS_EVENT2_Line_Trace: digest %u algorithm %04x\n",
+	       count, event->digests.digests[count].hashAlg);
+	digestSize = TSS_GetDigestSize(event->digests.digests[count].hashAlg);
+	TSS_PrintAll("TSS_EVENT2_Line_Trace: PCR",
+		     (uint8_t *)&event->digests.digests[count].digest, digestSize);
+    }
+    TSS_PrintAll("TSS_EVENT2_Line_Trace: event",
+		 event->event, event->eventSize);
+    return;
+}
+
+/* tables to map eventType to text */
+
+typedef struct {
+    uint32_t eventType;
+    const char *text;
+} EVENT_TYPE_TABLE;
+
+const EVENT_TYPE_TABLE eventTypeTable [] = {
+    {EV_PREBOOT_CERT, "EV_PREBOOT_CERT"},
+    {EV_POST_CODE, "EV_POST_CODE"},
+    {EV_UNUSED, "EV_UNUSED"},
+    {EV_NO_ACTION, "EV_NO_ACTION"},
+    {EV_SEPARATOR, "EV_SEPARATOR"},
+    {EV_ACTION, "EV_ACTION"},
+    {EV_EVENT_TAG, "EV_EVENT_TAG"},
+    {EV_S_CRTM_CONTENTS, "EV_S_CRTM_CONTENTS"},
+    {EV_S_CRTM_VERSION, "EV_S_CRTM_VERSION"},
+    {EV_CPU_MICROCODE, "EV_CPU_MICROCODE"},
+    {EV_PLATFORM_CONFIG_FLAGS, "EV_PLATFORM_CONFIG_FLAGS"},
+    {EV_TABLE_OF_DEVICES, "EV_TABLE_OF_DEVICES"},
+    {EV_COMPACT_HASH, "EV_COMPACT_HASH"},
+    {EV_IPL, "EV_IPL"},
+    {EV_IPL_PARTITION_DATA, "EV_IPL_PARTITION_DATA"},
+    {EV_NONHOST_CODE, "EV_NONHOST_CODE"},
+    {EV_NONHOST_CONFIG, "EV_NONHOST_CONFIG"},
+    {EV_NONHOST_INFO, "EV_NONHOST_INFO"},
+    {EV_OMIT_BOOT_DEVICE_EVENTS, "EV_OMIT_BOOT_DEVICE_EVENTS"},
+    {EV_EFI_EVENT_BASE, "EV_EFI_EVENT_BASE"},
+    {EV_EFI_VARIABLE_DRIVER_CONFIG, "EV_EFI_VARIABLE_DRIVER_CONFIG"},
+    {EV_EFI_VARIABLE_BOOT, "EV_EFI_VARIABLE_BOOT"},
+    {EV_EFI_BOOT_SERVICES_APPLICATION, "EV_EFI_BOOT_SERVICES_APPLICATION"},
+    {EV_EFI_BOOT_SERVICES_DRIVER, "EV_EFI_BOOT_SERVICES_DRIVER"},
+    {EV_EFI_RUNTIME_SERVICES_DRIVER, "EV_EFI_RUNTIME_SERVICES_DRIVER"},
+    {EV_EFI_GPT_EVENT, "EV_EFI_GPT_EVENT"},
+    {EV_EFI_ACTION, "EV_EFI_ACTION"},
+    {EV_EFI_PLATFORM_FIRMWARE_BLOB, "EV_EFI_PLATFORM_FIRMWARE_BLOB"},
+    {EV_EFI_HANDOFF_TABLES, "EV_EFI_HANDOFF_TABLES"},
+    {EV_EFI_HCRTM_EVENT, "EV_EFI_HCRTM_EVENT"},
+    {EV_EFI_VARIABLE_AUTHORITY, "EV_EFI_VARIABLE_AUTHORITY"}
+};
+
+static void TSS_EVENT_EventType_Trace(uint32_t eventType)
+{
+    size_t i;
+
+    for (i = 0 ; i < sizeof(eventTypeTable) / sizeof(EVENT_TYPE_TABLE) ; i++) {
+	if (eventTypeTable[i].eventType == eventType) {
+	    printf("TSS_EVENT_EventType_Trace: %08x %s\n",
+		   eventTypeTable[i].eventType, eventTypeTable[i].text);
+	    return;
+	}
+    }
+    printf("TSS_EVENT_EventType_Trace: %08x Unknown\n", eventType);
+    return;
+}
+
+const char *TSS_EVENT_EventTypeToString(uint32_t eventType)
+{
+    const char *crc = NULL;
+    size_t i;
+
+    for (i = 0 ; i < sizeof(eventTypeTable) / sizeof(EVENT_TYPE_TABLE) ; i++) {
+	if (eventTypeTable[i].eventType == eventType) {
+	    crc = eventTypeTable[i].text;
+	}
+    }
+    if (crc == NULL) {
+	crc = "Unknown event type";
+    }
+    return crc;
+}
+
+/*
+ * TSS_TPML_DIGEST_VALUES_LE_Unmarshalu() Unmarshals TPML_DIGEST_VALUES struct
+ * from a LE buffer into HBO data structure. This is similar to
+ * TSS_TPML_DIGEST_VALUES_Unmarshalu but it unrmarshals TPML_DIGEST_VALUES's
+ * count  and the digests array members from LE instead of HBO.
+ */
+
+static TPM_RC
+TSS_TPML_DIGEST_VALUES_LE_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t i;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = UINT32LE_Unmarshal(&target->count, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (target->count > HASH_COUNT) {
+	    rc = TPM_RC_SIZE;
+	}
+    }
+    for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
+	rc = TSS_TPMT_HA_LE_Unmarshalu(&target->digests[i], buffer, size, NO);
+    }
+    return rc;
+}
+
+/*
+ * TSS_TPMT_HA_LE_Unmarshalu() Unmarshals a TPMT_HA data from LE to HBO. This is
+ * similar to TSS_TPMT_HA_Unmarshalu but differs specificaly for unmarshalling
+ * hashAlg member from LE instead of from HBO.
+ */
+static TPM_RC
+TSS_TPMT_HA_LE_Unmarshalu(TPMT_HA *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_ALG_HASH_LE_Unmarshalu(&target->hashAlg, buffer, size, allowNull);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMU_HA_Unmarshalu(&target->digest, buffer, size, target->hashAlg);
+    }
+    return rc;
+}
+
+/*
+ * TSS_TPMI_ALG_HASH_LE_Unmarshalu() Unmarshals TPMI_ALG_HASH from a LE buffer
+ * into HBO data structure. This is similar to TSS_TPMI_ALG_HASH_Unmarshalu but
+ * unmarshals TPMI_ALG_HASH from LE instead of HBO.
+ */
+static TPM_RC
+TSS_TPMI_ALG_HASH_LE_Unmarshalu(TPMI_ALG_HASH *target, BYTE **buffer, uint32_t *size, BOOL allowNull)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    allowNull = allowNull;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_ALG_ID_LE_Unmarshalu(target, buffer, size);
+    }
+    return rc;
+}
+
+/*
+ * TSS_TPM_ALG_ID_LE_Unmarshalu() Unrmarshals TPM_ALG_ID from LE buffer. This is
+ * simlar to TSS_TPM_ALG_ID_Unmarshalu but unmarshals from LE instead of HBO.
+ */
+static TPM_RC
+TSS_TPM_ALG_ID_LE_Unmarshalu(TPM_ALG_ID *target, BYTE **buffer,
+                                 uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = UINT16LE_Unmarshal(target, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_TPML_DIGEST_VALUES_LE_Marshalu() Similar to TSS_TPML_DIGEST_VALUES_Marshalu
+ * for TSS EVENT2 this marshals count to buffer in LE endianess.
+ */
+static TPM_RC
+TSS_TPML_DIGEST_VALUES_LE_Marshalu(const TPML_DIGEST_VALUES *source,
+                                       uint16_t *written, BYTE **buffer,
+                                       uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+
+    if (rc == 0) {
+	rc = TSS_UINT32LE_Marshal(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMT_HA_LE_Marshalu(&source->digests[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* TSS_TPMT_HA_LE_Marshalu() Similar to TSS_TPMT_HA_Marshalu for TSS EVENT2,
+ * this saves hashAlg attr as little endian into buffer.
+ */
+static TPM_RC
+TSS_TPMT_HA_LE_Marshalu(const TPMT_HA *source, uint16_t *written,
+                            BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+		rc = TSS_UINT16LE_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+		rc = TSS_TPMU_HA_Marshalu(&source->digest, written, buffer, size,
+                                  source->hashAlg);
+    }
+    return rc;
+}
+
+/*
+ * TSS_UINT32LE_Marshal() Marshals uint32_t from HBO into LE in the given buffer.
+ */
+TPM_RC
+TSS_UINT32LE_Marshal(const UINT32 *source, uint16_t *written, BYTE **buffer,
+                 uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {
+        if ((size == NULL) || (*size >= sizeof(uint32_t))) {
+            (*buffer)[0] = (BYTE)((*source >> 0) &  0xff);
+            (*buffer)[1] = (BYTE)((*source >> 8) & 0xff);
+            (*buffer)[2] = (BYTE)((*source >> 16) & 0xff);
+            (*buffer)[3] = (BYTE)((*source >> 24) & 0xff);
+
+            *buffer += sizeof(uint32_t);
+            if (size != NULL) {
+                *size -= sizeof(uint32_t);
+            }
+        }
+        else {
+            rc = TSS_RC_INSUFFICIENT_BUFFER;
+        }
+    }
+    *written += sizeof(uint32_t);
+    return rc;
+}
+
+/*
+ * UINT16LE_Marshal() Marshals uint16_t from HBO into LE in the given buffer.
+ */
+
+TPM_RC
+TSS_UINT16LE_Marshalu(const UINT16 *source, uint16_t *written, BYTE **buffer,
+                      uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {
+        if ((size == NULL) || (*size >= sizeof(uint16_t))) {
+	    (*buffer)[0] = (BYTE)((*source >> 0) & 0xff);
+	    (*buffer)[1] = (BYTE)((*source >> 8) & 0xff);
+
+            *buffer += sizeof(uint16_t);
+
+            if (size != NULL) {
+                *size -= sizeof(uint16_t);
+            }
+        }
+        else {
+            rc = TSS_RC_INSUFFICIENT_BUFFER;
+        }
+    }
+    *written += sizeof(uint16_t);
+    return rc;
+}
diff --git a/utils/eventlib.h b/utils/eventlib.h
new file mode 100644
index 000000000..a60dba4e7
--- /dev/null
+++ b/utils/eventlib.h
@@ -0,0 +1,211 @@
+/********************************************************************************/
+/*										*/
+/*		     	TPM2 Measurement Log Common Routines			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: eventlib.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016, 2017.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef EVENTLIB_H
+#define EVENTLIB_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/TPM_Types.h>
+
+#define TCG_EVENT_LEN_MAX	0x10000
+
+#define EV_PREBOOT_CERT	  			0x00
+#define EV_POST_CODE				0x01
+#define	EV_UNUSED				0x02
+#define EV_NO_ACTION				0x03
+#define EV_SEPARATOR				0x04
+#define EV_ACTION				0x05
+#define EV_EVENT_TAG				0x06
+#define EV_S_CRTM_CONTENTS			0x07
+#define EV_S_CRTM_VERSION			0x08
+#define EV_CPU_MICROCODE			0x09
+#define EV_PLATFORM_CONFIG_FLAGS		0x0A
+#define EV_TABLE_OF_DEVICES			0x0B
+#define EV_COMPACT_HASH				0x0C
+#define EV_IPL					0x0D
+#define EV_IPL_PARTITION_DATA			0x0E
+#define EV_NONHOST_CODE				0x0F
+#define EV_NONHOST_CONFIG			0x10
+#define EV_NONHOST_INFO				0x11
+#define EV_OMIT_BOOT_DEVICE_EVENTS		0x12
+#define EV_EFI_EVENT_BASE			0x80000000
+#define EV_EFI_VARIABLE_DRIVER_CONFIG		0x80000001
+#define EV_EFI_VARIABLE_BOOT			0x80000002
+#define EV_EFI_BOOT_SERVICES_APPLICATION	0x80000003
+#define EV_EFI_BOOT_SERVICES_DRIVER		0x80000004
+#define EV_EFI_RUNTIME_SERVICES_DRIVER		0x80000005
+#define EV_EFI_GPT_EVENT			0x80000006
+#define EV_EFI_ACTION				0x80000007
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB		0x80000008
+#define EV_EFI_HANDOFF_TABLES			0x80000009
+#define EV_EFI_HCRTM_EVENT			0x80000010 
+#define EV_EFI_VARIABLE_AUTHORITY		0x800000E0
+
+/* PCR 0-7 are the BIOS / UEFI / firmware / pre-OS PCRs, set to 10 because a Lenovo TPM 1.2 firmware
+   extends PCR 0-9 */
+#define TPM_BIOS_PCR	10
+
+/* TCG_PCR_EVENT is the TPM 1.2 SHA-1 event log entry format.  It is defined in the TCG PC Client
+   Specific Implementation Specification for Conventional BIOS, where it is called
+   TCG_PCClientPCREventStruc.  In the PFP, it's called TCG_PCClientPCREvent.
+
+   I renamed it to be consistent with the TPM 2.0 naming.
+ */
+
+typedef struct tdTCG_PCR_EVENT {
+    uint32_t pcrIndex;
+    uint32_t eventType;	
+    uint8_t digest[SHA1_DIGEST_SIZE];
+    uint32_t eventDataSize;
+    uint8_t event[TCG_EVENT_LEN_MAX];				
+} TCG_PCR_EVENT;
+
+/* TCG_PCR_EVENT2 is the TPM 2.0 hash agile event log entry format.  It is defined in the PFP - TCG
+   PC Client Platform Firmware Profile Specification.
+
+ */
+
+typedef struct tdTCG_PCR_EVENT2 {
+    uint32_t 		pcrIndex;
+    uint32_t 		eventType;
+    TPML_DIGEST_VALUES	digests;
+    uint32_t 		eventSize; 
+    uint8_t 		event[TCG_EVENT_LEN_MAX];				
+} TCG_PCR_EVENT2;
+
+/* TCG_EfiSpecIdEventAlgorithmSize is a hash agile mapping of algorithmId to digestSize. It is part
+   of the first event log entry.  It permits a parser to unmarshal an event log that contains hash
+   algorithms that are unknown to the parser.  */
+		
+typedef struct tdTCG_EfiSpecIdEventAlgorithmSize {
+    uint16_t      algorithmId;
+    uint16_t      digestSize;
+} TCG_EfiSpecIdEventAlgorithmSize;
+
+/* TCG_EfiSpecIDEvent is the event field of the first TCG_PCR_EVENT entry in a hash agile TPM 2.0
+   format log.
+
+   NOTE: If vendorInfo is ever changed to less than 0xff, unmarshal needs a range check on
+   vendorInfoSize.
+*/
+
+typedef struct tdTCG_EfiSpecIdEvent {
+    uint8_t					signature[16];  
+    uint32_t					platformClass;
+    uint8_t					specVersionMinor;
+    uint8_t					specVersionMajor;
+    uint8_t					specErrata;
+    uint8_t					uintnSize;
+    uint32_t					numberOfAlgorithms;
+    TCG_EfiSpecIdEventAlgorithmSize		digestSizes[HASH_COUNT];
+    uint8_t					vendorInfoSize;
+    uint8_t 					vendorInfo[0xff]; 
+} TCG_EfiSpecIDEvent;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef TPM_TSS_NOFILE
+    int TSS_EVENT_Line_Read(TCG_PCR_EVENT *event,
+			    int *endOfFile,
+			    FILE *inFile);
+
+#endif /* TPM_TSS_NOFILE */
+    TPM_RC TSS_EVENT_Line_Marshal(TCG_PCR_EVENT *source,
+				  uint16_t *written, uint8_t **buffer, uint32_t *size);
+    
+    TPM_RC TSS_EVENT_Line_Unmarshal(TCG_PCR_EVENT *event, BYTE **buffer, uint32_t *size);
+
+    TPM_RC TSS_EVENT_Line_LE_Unmarshal(TCG_PCR_EVENT *target, BYTE **buffer, uint32_t *size);
+
+    TPM_RC TSS_EVENT_PCR_Extend(TPMT_HA pcrs[IMPLEMENTATION_PCR],
+				TCG_PCR_EVENT *event);
+    
+    void TSS_EVENT_Line_Trace(TCG_PCR_EVENT *event);
+
+#ifndef TPM_TSS_NOFILE
+    int TSS_EVENT2_Line_Read(TCG_PCR_EVENT2 *event2,
+			     int *endOfFile,
+			     FILE *inFile);
+
+#endif /* TPM_TSS_NOFILE */
+    TPM_RC TSS_EVENT2_Line_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written,
+				   uint8_t **buffer, uint32_t *size);
+
+    TPM_RC TSS_EVENT2_Line_LE_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written,
+				   uint8_t **buffer, uint32_t *size);
+
+
+    TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size);
+
+    TPM_RC TSS_EVENT2_Line_LE_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, uint32_t *size);
+
+
+
+    TPM_RC TSS_EVENT2_PCR_Extend(TPMT_HA pcrs[HASH_COUNT][IMPLEMENTATION_PCR],
+				 TCG_PCR_EVENT2 *event2);
+
+    void TSS_EVENT2_Line_Trace(TCG_PCR_EVENT2 *event);
+
+    TPM_RC TSS_SpecIdEvent_Unmarshal(TCG_EfiSpecIDEvent *specIdEvent,
+				     uint32_t eventSize,
+				     uint8_t *event);
+
+    void TSS_SpecIdEvent_Trace(TCG_EfiSpecIDEvent *specIdEvent);
+
+    const char *TSS_EVENT_EventTypeToString(uint32_t eventType);
+
+    TPM_RC TSS_UINT32LE_Marshal(const UINT32 *source, uint16_t *written,
+                                BYTE **buffer, uint32_t *size);
+
+    TPM_RC TSS_UINT16LE_Marshalu(const UINT16 *source, uint16_t *written,
+                                 BYTE **buffer, uint32_t *size);
+
+    uint32_t get_digest_size(TPMI_ALG_HASH alg);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/eventsequencecomplete.c b/utils/eventsequencecomplete.c
new file mode 100644
index 000000000..a78bb9682
--- /dev/null
+++ b/utils/eventsequencecomplete.c
@@ -0,0 +1,399 @@
+/********************************************************************************/
+/*										*/
+/*			    EventSequenceComplete				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    EventSequenceComplete_In 	in;
+    EventSequenceComplete_Out	out;
+    TPMI_DH_PCR 		pcrHandle = TPM_RH_NULL;
+    TPMI_DH_OBJECT		sequenceHandle = 0;
+    const char			*inFilename = NULL;
+    const char			*outFilename1 = NULL;	/* for sha1 */
+    const char			*outFilename2 = NULL;	/* for sha256 */
+    const char			*outFilename3 = NULL;	/* for sha384 */
+    const char			*outFilename5 = NULL;	/* for sha512 */
+    int				process1 = FALSE;	/* these catch the case */
+    int				process2 = FALSE;	/* where an output file was */
+    int				process3 = FALSE;	/* specified but the TPM did */
+    int				process5 = FALSE;	/* not return the algorithm */
+    const char			*sequencePassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sequenceHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwds") == 0) {
+	    i++;
+	    if (i < argc) {
+		sequencePassword = argv[i];
+	    }
+	    else {
+		printf("-pwds option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of1")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename1 = argv[i];
+		process1 = TRUE;
+	    } else {
+		printf("-of1 option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of2")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename2 = argv[i];
+		process2 = TRUE;
+	    } else {
+		printf("-of2 option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of3")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename3 = argv[i];
+		process3 = TRUE;
+	    } else {
+		printf("-of3 option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of5")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename5 = argv[i];
+		process5 = TRUE;
+	    } else {
+		printf("-of5 option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (sequenceHandle == 0) {
+	printf("Missing sequence handle parameter -hs\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (inFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.buffer.b,
+				 sizeof(in.buffer.t.buffer),
+				 inFilename);
+	}
+	else {
+	    in.buffer.b.size = 0;
+	}
+    }
+    if (rc == 0) {
+	in.pcrHandle = pcrHandle;
+	in.sequenceHandle = sequenceHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_EventSequenceComplete,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, sequencePassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint32_t c;
+	printf("eventsequencecomplete: success\n");
+	/* Table 100 - Definition of TPML_DIGEST_VALUES Structure */
+	/* Table 71 - Definition of TPMT_HA Structure <IN/OUT> digests[] */
+	/* Table 70 - Definition of TPMU_HA Union <IN/OUT, S> digests */
+	printf("eventsequencecomplete: count %u\n", out.results.count);
+
+	for (c = 0 ;  c < out.results.count ;c++) {
+	    switch (out.results.digests[c].hashAlg) {
+	      case TPM_ALG_SHA1:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-1\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.results.digests[c].digest.sha1,
+					  SHA1_DIGEST_SIZE);
+		if (outFilename1 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha1,
+						  SHA1_DIGEST_SIZE,
+						  outFilename1); 
+		    process1 = FALSE;
+		}
+		break;
+	      case TPM_ALG_SHA256:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-256\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.results.digests[c].digest.sha256,
+					  SHA256_DIGEST_SIZE);
+		if (outFilename2 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha256,
+						  SHA256_DIGEST_SIZE,
+						  outFilename2); 
+		    process2 = FALSE;
+		}
+		break;
+	      case TPM_ALG_SHA384:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-384\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.results.digests[c].digest.sha384,
+					  SHA384_DIGEST_SIZE);
+		if (outFilename3 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha384,
+						  SHA384_DIGEST_SIZE,
+						  outFilename3); 
+		    process3 = FALSE;
+		}
+		break;
+	      case TPM_ALG_SHA512:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-512\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.results.digests[c].digest.sha512,
+					  SHA512_DIGEST_SIZE);
+		if (outFilename5 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha512,
+						  SHA512_DIGEST_SIZE,
+						  outFilename5); 
+		    process5 = FALSE;
+		}
+		break;
+	      default:
+		printf("Hash algorithm %04x unknown\n", out.results.digests[c].hashAlg);
+		break;
+	    }
+	}
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("eventsequencecomplete: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    if (rc == 0) {
+	if (process1) {
+	    printf("-of1 specified but TPM did not return SHA-1\n");
+	    rc = EXIT_FAILURE;
+	}
+	if (process2) {
+	    printf("-of2 specified but TPM did not return SHA-256\n");
+	    rc = EXIT_FAILURE;
+	}
+	if (process3) {
+	    printf("-of3 specified but TPM did not return SHA-384\n");
+	    rc = EXIT_FAILURE;
+	}
+	if (process5) {
+	    printf("-of5 specified but TPM did not return SHA-512\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("eventsequencecomplete\n");
+    printf("\n");
+    printf("Runs TPM2_EventSequenceComplete\n");
+    printf("\n");
+    printf("\t[-ha\tpcr handle (default NULL)]\n");
+    printf("\t-hs\tsequence handle\n");
+    printf("\t[-pwds\tpassword for sequence (default empty)]\n");
+    printf("\t[-if\tinput file to be added (default no data)]\n");
+    printf("\t[-of1\tsha1 output digest file (default do not save)]\n");
+    printf("\t[-of2\tsha256 output digest file (default do not save)]\n");
+    printf("\t[-of3\tsha384 output digest file (default do not save)]\n");
+    printf("\t[-of5\tsha512 output digest file (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/evictcontrol.c b/utils/evictcontrol.c
new file mode 100644
index 000000000..fb43f9a29
--- /dev/null
+++ b/utils/evictcontrol.c
@@ -0,0 +1,279 @@
+/********************************************************************************/
+/*										*/
+/*			   EvictControl		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    TPMI_DH_OBJECT		objectHandle = 0;
+    TPMI_DH_PERSISTENT		persistentHandle = 0;
+    EvictControl_In 		in;
+    char 			authHandleChar = 0;
+    const char			*authPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		authHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &persistentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (objectHandle == 0) {
+	printf("Missing handle parameter -ho\n");
+	printUsage();
+    }
+    if (persistentHandle == 0) {
+	printf("Missing handle parameter -hp\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (authHandleChar == 'o') {
+	    in.auth = TPM_RH_OWNER;
+	}
+	else if (authHandleChar == 'p') {
+	    in.auth = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.objectHandle = objectHandle;
+	in.persistentHandle = persistentHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_EvictControl,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("evictcontrol: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("evictcontrol: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("evictcontrol\n");
+    printf("\n");
+    printf("Runs TPM2_EvictControl\n");
+    printf("\n");
+    printf("\t-hi\tauthhandle hierarchy (o, p)\n");
+    printf("\t\to owner, p platform\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t\tif transient: make persistent, if persistent: flush\n");
+    printf("\t-hp\tpersistent handle\n");
+    printf("\t\towner    81000000 to 817FFFFF\n");
+    printf("\t\tplatform 81800000 to 81FFFFFF\n");
+    printf("\t-pwda\tauthorization password (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/flushcontext.c b/utils/flushcontext.c
new file mode 100644
index 000000000..bede6b745
--- /dev/null
+++ b/utils/flushcontext.c
@@ -0,0 +1,143 @@
+/********************************************************************************/
+/*										*/
+/*			    Flush Context	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    uint32_t 			handle = 0;
+    FlushContext_In 		in;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&handle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (handle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.flushHandle = handle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_FlushContext,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("flushcontext: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("flushcontext: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("flushcontext\n");
+    printf("\n");
+    printf("Runs TPM2_FlushContext\n");
+    printf("\n");
+    printf("\t-ha\thandle\n");
+    exit(1);	
+}
diff --git a/utils/getcapability.c b/utils/getcapability.c
new file mode 100644
index 000000000..c915b5365
--- /dev/null
+++ b/utils/getcapability.c
@@ -0,0 +1,819 @@
+/********************************************************************************/
+/*										*/
+/*			    Get Capability	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(TPM_CAP capability);
+static TPM_RC printResponse(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    		/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    TPM_CAP			capability = TPM_CAP_LAST + 1;	/* invalid */
+    uint32_t			property = 0;			/* default, start at first one */
+    uint32_t			propertyCount = 64;		/* default, return 64 values */
+    GetCapability_In 		in;
+    GetCapability_Out		out;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-cap") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &capability);
+	    }
+	    else {
+		printf("Missing parameter for -cap\n");
+		printUsage(capability);
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-pr") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &property);
+	    }
+	    else {
+		printf("Missing parameter for -pr\n");
+		printUsage(capability);
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-pc") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &propertyCount);
+	    }
+	    else {
+		printf("Missing parameter for -pc\n");
+		printUsage(capability);
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage(capability);
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage(capability);
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage(capability);
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage(capability);
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage(capability);
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage(capability);
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage(capability);
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage(capability);
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage(capability);
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage(capability);
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage(capability);
+	}
+    }
+    if (capability > TPM_CAP_LAST) {
+	printf("Missing or illegal parameter -cap\n");
+	printUsage(capability);
+    }
+    if (rc == 0) {
+	in.capability = capability;
+	in.property = property;
+	in.propertyCount = propertyCount;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_GetCapability,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (out.moreData > 0) {
+	    printf("moreData: %u\n", out.moreData);
+	}
+	rc = printResponse(&out.capabilityData, property);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("getcapability: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("getcapability: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+typedef void (* USAGE_FUNCTION)(void);
+typedef TPM_RC (* RESPONSE_FUNCTION)(TPMS_CAPABILITY_DATA *out, uint32_t property);
+
+typedef struct {
+    TPM_CAP capability;
+    USAGE_FUNCTION usageFunction;
+    RESPONSE_FUNCTION responseFunction;
+} CAPABILITY_TABLE;
+
+static void usageCapability(void);
+static void usageAlgs(void);
+static void usageHandles(void);
+static void usageCommands(void);
+static void usagePpCommands(void);
+static void usageAuditCommands(void);
+static void usagePcrs(void);
+static void usageTpmProperties(void);
+static void usagePcrProperties(void);
+static void usageEccCurves(void);
+static void usageAuthPolicies(void);
+
+static TPM_RC responseCapability(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseAlgs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseHandles(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responsePpCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseAuditCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responsePcrs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseTpmProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responsePcrProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseEccCurves(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+static TPM_RC responseAuthPolicies(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property);
+
+static const CAPABILITY_TABLE capabilityTable [] = {
+    {TPM_CAP_LAST + 1, usageCapability, responseCapability}, 
+    {TPM_CAP_ALGS, usageAlgs, responseAlgs} ,                 
+    {TPM_CAP_HANDLES, usageHandles, responseHandles} ,             
+    {TPM_CAP_COMMANDS, usageCommands, responseCommands} ,            
+    {TPM_CAP_PP_COMMANDS, usagePpCommands, responsePpCommands} ,         
+    {TPM_CAP_AUDIT_COMMANDS, usageAuditCommands, responseAuditCommands},      
+    {TPM_CAP_PCRS, usagePcrs, responsePcrs} ,                
+    {TPM_CAP_TPM_PROPERTIES, usageTpmProperties, responseTpmProperties},      
+    {TPM_CAP_PCR_PROPERTIES, usagePcrProperties, responsePcrProperties},      
+    {TPM_CAP_ECC_CURVES, usageEccCurves, responseEccCurves},          
+    {TPM_CAP_AUTH_POLICIES, usageAuthPolicies, responseAuthPolicies}          
+};
+
+static TPM_RC printResponse(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    size_t 	i;
+
+    /* call the response function in the capability table */
+    for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) {
+	if (capabilityTable[i].capability == capabilityData->capability) {
+	    rc = capabilityTable[i].responseFunction(capabilityData, property);
+	}
+    }
+    return rc;
+}
+
+static TPM_RC responseCapability(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC			rc = 0;
+    property = property;
+    printf("Cannot parse illegal response capability %08x\n", capabilityData->capability);
+    rc = TPM_RC_VALUE;
+    return rc;
+}
+
+static TPM_RC responseAlgs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_ALG_PROPERTY *algorithms = (TPML_ALG_PROPERTY *)&(capabilityData->data);
+    property = property;
+
+    printf("%u algorithms \n", algorithms->count);
+    for (count = 0 ; count < algorithms->count ; count++) {
+	TPMS_ALG_PROPERTY *algProperties = &(algorithms->algProperties[count]);
+	TSS_TPM_ALG_ID_Print("", algProperties->alg, 2);
+	TSS_TPM_TPMA_ALGORITHM_Print(algProperties->algProperties, 4);
+    }
+    return rc;
+}
+
+static TPM_RC responseHandles(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_HANDLE	*handles = (TPML_HANDLE *)&(capabilityData->data);
+    property = property;
+
+    printf("%u handles\n", handles->count);
+    for (count = 0 ; count < handles->count ; count++) {
+	printf("\t%08x\n", handles->handle[count]);
+    }
+    return rc;
+}
+
+static TPM_RC responseCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_CCA	*command = (TPML_CCA *)&(capabilityData->data);
+    property = property;
+
+    printf("%u commands\n", command->count);
+    for (count = 0 ; count < command->count ; count++) {
+	printf("\tcommand Attributes %08x\n", command->commandAttributes[count].val);
+    }
+    return rc;
+}
+
+static TPM_RC responsePpCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_CC	*command = (TPML_CC *)&(capabilityData->data);
+    property = property;
+
+    printf("%u commands\n", command->count);
+    for (count = 0 ; count < command->count ; count++) {
+	printf("\tPP command %08x\n", command->commandCodes[count]);
+    }
+    return rc;
+}
+
+static TPM_RC responseAuditCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_CC	*command = (TPML_CC *)&(capabilityData->data);
+    property = property;
+
+    printf("%u commands\n", command->count);
+    for (count = 0 ; count < command->count ; count++) {
+	printf("\tAudit command %08x\n", command->commandCodes[count]);
+    }
+    return rc;
+}
+
+static TPM_RC responsePcrs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_PCR_SELECTION *pcrSelection = (TPML_PCR_SELECTION *)&(capabilityData->data);
+    property = property;
+
+    printf("%u PCR selections\n", pcrSelection->count);
+    for (count = 0 ; count < pcrSelection->count ; count++) {
+	TSS_TPMS_PCR_SELECTION_Print(&pcrSelection->pcrSelections[count], 2);
+    }
+    return rc;
+}
+
+typedef struct {
+    TPM_PT pt;
+    const char *ptText;
+} PT_TABLE;
+
+static PT_TABLE ptTable [] = {
+    {(PT_FIXED + 0),"TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY)"},
+    {(PT_FIXED + 1), "TPM_PT_LEVEL - the level of the specification"},
+    {(PT_FIXED + 2), "TPM_PT_REVISION - the specification Revision times 100"},
+    {(PT_FIXED + 3), "TPM_PT_DAY_OF_YEAR - the specification day of year using TCG calendar"},
+    {(PT_FIXED + 4), "TPM_PT_YEAR - the specification year using the CE"},
+    {(PT_FIXED + 5), "TPM_PT_MANUFACTURER - the vendor ID unique to each TPM manufacturer "},
+    {(PT_FIXED + 6), "TPM_PT_VENDOR_STRING_1 - the first four characters of the vendor ID string"},
+    {(PT_FIXED + 7), "TPM_PT_VENDOR_STRING_2 - the second four characters of the vendor ID string "},
+    {(PT_FIXED + 8), "TPM_PT_VENDOR_STRING_3 - the third four characters of the vendor ID string "},
+    {(PT_FIXED + 9), "TPM_PT_VENDOR_STRING_4 - the fourth four characters of the vendor ID sting "},
+    {(PT_FIXED + 10), "TPM_PT_VENDOR_TPM_TYPE - vendor-defined value indicating the TPM model "},
+    {(PT_FIXED + 11), "TPM_PT_FIRMWARE_VERSION_1 - the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware"},
+    {(PT_FIXED + 12), "TPM_PT_FIRMWARE_VERSION_2 - the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware"},
+    {(PT_FIXED + 13), "TPM_PT_INPUT_BUFFER - the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)"},
+    {(PT_FIXED + 14), "TPM_PT_HR_TRANSIENT_MIN - the minimum number of transient objects that can be held in TPM RAM"},
+    {(PT_FIXED + 15), "TPM_PT_HR_PERSISTENT_MIN - the minimum number of persistent objects that can be held in TPM NV memory"},
+    {(PT_FIXED + 16), "TPM_PT_HR_LOADED_MIN - the minimum number of authorization sessions that can be held in TPM RAM"},
+    {(PT_FIXED + 17), "TPM_PT_ACTIVE_SESSIONS_MAX - the number of authorization sessions that may be active at a time"},
+    {(PT_FIXED + 18), "TPM_PT_PCR_COUNT - the number of PCR implemented"},
+    {(PT_FIXED + 19), "TPM_PT_PCR_SELECT_MIN - the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect"},
+    {(PT_FIXED + 20), "TPM_PT_CONTEXT_GAP_MAX - the maximum allowed difference (unsigned) between the contextID values of two saved session contexts"},
+    {(PT_FIXED + 22), "TPM_PT_NV_COUNTERS_MAX - the maximum number of NV Indexes that are allowed to have the TPMA_NV_COUNTER attribute SET"},
+    {(PT_FIXED + 23), "TPM_PT_NV_INDEX_MAX - the maximum size of an NV Index data area"},
+    {(PT_FIXED + 24), "TPM_PT_MEMORY - a TPMA_MEMORY indicating the memory management method for the TPM"},
+    {(PT_FIXED + 25), "TPM_PT_CLOCK_UPDATE - interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV"},
+    {(PT_FIXED + 26), "TPM_PT_CONTEXT_HASH - the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead()"},
+    {(PT_FIXED + 27), "TPM_PT_CONTEXT_SYM - TPM_ALG_ID, the algorithm used for encryption of saved contexts"},
+    {(PT_FIXED + 28), "TPM_PT_CONTEXT_SYM_SIZE - TPM_KEY_BITS, the size of the key used for encryption of saved contexts"},
+    {(PT_FIXED + 29), "TPM_PT_ORDERLY_COUNT - the modulus - 1 of the count for NV update of an orderly counter"},
+    {(PT_FIXED + 30), "TPM_PT_MAX_COMMAND_SIZE - the maximum value for commandSize in a command"},
+    {(PT_FIXED + 31), "TPM_PT_MAX_RESPONSE_SIZE - the maximum value for responseSize in a response"},
+    {(PT_FIXED + 32), "TPM_PT_MAX_DIGEST - the maximum size of a digest that can be produced by the TPM"},
+    {(PT_FIXED + 33), "TPM_PT_MAX_OBJECT_CONTEXT - the maximum size of an object context that will be returned by TPM2_ContextSave"},
+    {(PT_FIXED + 34), "TPM_PT_MAX_SESSION_CONTEXT - the maximum size of a session context that will be returned by TPM2_ContextSave"},
+    {(PT_FIXED + 35), "TPM_PT_PS_FAMILY_INDICATOR - platform-specific family (a TPM_PS value)(see Table 24)"},
+    {(PT_FIXED + 36), "TPM_PT_PS_LEVEL - the level of the platform-specific specification"},
+    {(PT_FIXED + 37), "TPM_PT_PS_REVISION - the specification Revision times 100 for the platform-specific specification"},
+    {(PT_FIXED + 38), "TPM_PT_PS_DAY_OF_YEAR - the platform-specific specification day of year using TCG calendar"},
+    {(PT_FIXED + 39), "TPM_PT_PS_YEAR - the platform-specific specification year using the CE"},
+    {(PT_FIXED + 40), "TPM_PT_SPLIT_MAX - the number of split signing operations supported by the TPM"},
+    {(PT_FIXED + 41), "TPM_PT_TOTAL_COMMANDS - total number of commands implemented in the TPM"},
+    {(PT_FIXED + 42), "TPM_PT_LIBRARY_COMMANDS - number of commands from the TPM library that are implemented"},
+    {(PT_FIXED + 43), "TPM_PT_VENDOR_COMMANDS - number of vendor commands that are implemented"},
+    {(PT_FIXED + 44), "TPM_PT_NV_BUFFER_MAX - the maximum data size in one NV write command"},
+    {(PT_FIXED + 45) ,"TPM_PT_MODES - a TPMA_MODES value, indicating that the TPM is designed for these modes"},
+    {(PT_FIXED + 46) ,"TPM_PT_MAX_CAP_BUFFER - the maximum size of a TPMS_CAPABILITY_DATA structure returned in TPM2_GetCapability"},
+    {(PT_VAR + 0), "TPM_PT_PERMANENT - TPMA_PERMANENT "},
+    {(PT_VAR + 1), "TPM_PT_STARTUP_CLEAR - TPMA_STARTUP_CLEAR "},
+    {(PT_VAR + 2), "TPM_PT_HR_NV_INDEX - the number of NV Indexes currently defined "},
+    {(PT_VAR + 3), "TPM_PT_HR_LOADED - the number of authorization sessions currently loaded into TPM RAM"},
+    {(PT_VAR + 4), "TPM_PT_HR_LOADED_AVAIL - the number of additional authorization sessions, of any type, that could be loaded into TPM RAM"},
+    {(PT_VAR + 5), "TPM_PT_HR_ACTIVE - the number of active authorization sessions currently being tracked by the TPM"},
+    {(PT_VAR + 6), "TPM_PT_HR_ACTIVE_AVAIL - the number of additional authorization sessions, of any type, that could be created"},
+    {(PT_VAR + 7), "TPM_PT_HR_TRANSIENT_AVAIL - estimate of the number of additional transient objects that could be loaded into TPM RAM"},
+    {(PT_VAR + 8), "TPM_PT_HR_PERSISTENT - the number of persistent objects currently loaded into TPM NV memory"},
+    {(PT_VAR + 9), "TPM_PT_HR_PERSISTENT_AVAIL - the number of additional persistent objects that could be loaded into NV memory"},
+    {(PT_VAR + 10), "TPM_PT_NV_COUNTERS - the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET"},
+    {(PT_VAR + 11), "TPM_PT_NV_COUNTERS_AVAIL - the number of additional NV Indexes that can be defined with their TPMA_NV_COUNTER and TPMA_NV_ORDERLY attribute SET"},
+    {(PT_VAR + 12), "TPM_PT_ALGORITHM_SET - code that limits the algorithms that may be used with the TPM"},
+    {(PT_VAR + 13), "TPM_PT_LOADED_CURVES - the number of loaded ECC curves "},
+    {(PT_VAR + 14), "TPM_PT_LOCKOUT_COUNTER - the current value of the lockout counter (failedTries) "},
+    {(PT_VAR + 15), "TPM_PT_MAX_AUTH_FAIL - the number of authorization failures before DA lockout is invoked"},
+    {(PT_VAR + 16), "TPM_PT_LOCKOUT_INTERVAL - the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented"},
+    {(PT_VAR + 17), "TPM_PT_LOCKOUT_RECOVERY - the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again"},
+    {(PT_VAR + 18), "TPM_PT_NV_WRITE_RECOVERY - number of milliseconds before the TPM will accept another command that will modify NV"},
+    {(PT_VAR + 19), "TPM_PT_AUDIT_COUNTER_0 - the high-order 32 bits of the command audit counter "},
+    {(PT_VAR + 20), "TPM_PT_AUDIT_COUNTER_1 - the low-order 32 bits of the command audit counter"},
+};
+
+static char get8(uint32_t value32, size_t offset);
+static uint16_t get16(uint32_t value32, size_t offset);
+
+/* get8() gets a char from a uint32_t at offset */
+
+static char get8(uint32_t value32, size_t offset)
+{
+    char value8 = (uint8_t)((value32 >> ((3 - offset) * 8)) & 0xff);
+    return value8;
+}
+
+/* get16() gets a uint16_t from a uint32_t at offset */
+
+static uint16_t get16(uint32_t value32, size_t offset)
+{
+    uint16_t value16 = (uint16_t)((value32 >> ((1 - offset) * 16)) & 0xffff);
+    return value16;
+}
+
+static TPM_RC responseTpmProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC		rc = 0;
+    uint32_t		count;
+    TPML_TAGGED_TPM_PROPERTY *tpmProperties = (TPML_TAGGED_TPM_PROPERTY *)&(capabilityData->data);
+    property = property;
+
+    printf("%u properties\n", tpmProperties->count);
+    for (count = 0 ; count < tpmProperties->count ; count++) {
+	TPMS_TAGGED_PROPERTY *tpmProperty = &(tpmProperties->tpmProperty[count]);
+	const char *ptText = NULL;
+	size_t i;
+	for  (i = 0 ; i < (sizeof(ptTable) / sizeof(PT_TABLE)) ; i++) {
+	    if (tpmProperty->property == ptTable[i].pt) {
+		ptText = ptTable[i].ptText;
+		break;
+	    }
+	}
+	if (ptText == NULL) {
+	    ptText = "PT unknown";
+	}
+	printf("TPM_PT %08x value %08x %s\n", tpmProperty->property, tpmProperty->value, ptText);
+	switch (tpmProperty->property) {
+	    char c;
+	  case TPM_PT_FAMILY_INDICATOR:
+	    printf("\tTPM ");
+	    for (i = 0 ; i < sizeof(uint32_t) ; i++) {
+		c = get8(tpmProperty->value, i);
+		printf("%c", c);
+	    }
+	    printf("\n");
+	    break;
+	  case TPM_PT_REVISION:
+	    printf("\trev %u\n", tpmProperty->value);
+	    break;
+	  case TPM_PT_DAY_OF_YEAR:
+	  case TPM_PT_YEAR:
+	  case TPM_PT_INPUT_BUFFER:
+	  case TPM_PT_ACTIVE_SESSIONS_MAX:
+	  case TPM_PT_PCR_COUNT:
+	  case TPM_PT_NV_INDEX_MAX:
+	  case TPM_PT_CLOCK_UPDATE:
+	  case TPM_PT_CONTEXT_SYM_SIZE:
+	  case TPM_PT_MAX_COMMAND_SIZE:
+	  case TPM_PT_MAX_RESPONSE_SIZE:
+	  case TPM_PT_MAX_DIGEST:
+	  case TPM_PT_MAX_OBJECT_CONTEXT:
+	  case TPM_PT_MAX_SESSION_CONTEXT:
+	  case TPM_PT_PS_DAY_OF_YEAR:
+	  case TPM_PT_PS_YEAR:
+	  case TPM_PT_SPLIT_MAX:
+	  case TPM_PT_TOTAL_COMMANDS:
+	  case TPM_PT_LIBRARY_COMMANDS:
+	  case TPM_PT_VENDOR_COMMANDS:
+	  case TPM_PT_NV_BUFFER_MAX:
+	  case TPM_PT_MAX_CAP_BUFFER:
+	    
+	  case TPM_PT_HR_ACTIVE_AVAIL:
+	  case TPM_PT_HR_PERSISTENT_AVAIL:
+	  case TPM_PT_NV_COUNTERS_AVAIL:
+ 	    printf("\t%u\n", tpmProperty->value);
+	    break;
+	  case TPM_PT_MANUFACTURER:
+	  case TPM_PT_VENDOR_STRING_1:
+	  case TPM_PT_VENDOR_STRING_2:
+	  case TPM_PT_VENDOR_STRING_3:
+	  case TPM_PT_VENDOR_STRING_4:
+	    printf("\t");
+	    for (i = 0 ; i < sizeof(uint32_t) ; i++) {
+		c = get8(tpmProperty->value, i);
+		printf("%c", c);
+	    }
+	    printf("\n");
+	    break;
+	  case TPM_PT_FIRMWARE_VERSION_1:
+	  case TPM_PT_FIRMWARE_VERSION_2:
+	    printf("\t%u.%u\n", get16(tpmProperty->value, 0), get16(tpmProperty->value, 1));
+	    break;
+	  case TPM_PT_PS_REVISION:
+	    printf("\t%u.%u.%u.%u\n",
+		   get8(tpmProperty->value, 0), get8(tpmProperty->value, 1),
+		   get8(tpmProperty->value, 2), get8(tpmProperty->value, 3));
+	    break;
+	  case TPM_PT_CONTEXT_HASH:
+	  case TPM_PT_CONTEXT_SYM:
+	    TSS_TPM_ALG_ID_Print("algorithm", tpmProperty->value, 4);
+	    break;
+	  case TPM_PT_MEMORY:
+	      {
+		  TPMA_MEMORY tmp;
+		  tmp.val = tpmProperty->value;
+		  TSS_TPMA_MEMORY_Print(tmp, 4);
+	      }
+	      break;
+	  case TPM_PT_MODES :
+	      {
+		  TPMA_MODES tmp;
+		  tmp.val = tpmProperty->value;
+		  TSS_TPMA_MODES_Print(tmp, 4);
+	      }
+	      break;
+	  case TPM_PT_PERMANENT:
+	      {
+		  TPMA_PERMANENT tmp;
+		  tmp.val = tpmProperty->value;
+		  TSS_TPMA_PERMANENT_Print(tmp, 4);
+	      }
+	      break;
+	  case TPM_PT_STARTUP_CLEAR:
+	      {
+		  TPMA_STARTUP_CLEAR tmp;
+		  tmp.val = tpmProperty->value;
+		  TSS_TPMA_STARTUP_CLEAR_Print(tmp, 4);
+	      }
+	      break; 
+	}
+    }
+    return rc;
+}
+
+typedef struct {
+    TPM_PT_PCR ptPcr;
+    const char *ptPcrText;
+} PT_PCR_TABLE;
+
+static PT_PCR_TABLE ptPcrTable [] = {
+    {TPM_PT_PCR_SAVE, "TPM_PT_PCR_SAVE - PCR is saved and restored by TPM_SU_STATE"},
+    {TPM_PT_PCR_EXTEND_L0, "TPM_PT_PCR_EXTEND_L0 - PCR may be extended from locality 0"},
+    {TPM_PT_PCR_RESET_L0, "TPM_PT_PCR_RESET_L0 - PCR may be reset by TPM2_PCR_Reset() from locality 0"},
+    {TPM_PT_PCR_EXTEND_L1, "TPM_PT_PCR_EXTEND_L1 - PCR may be extended from locality 1"},
+    {TPM_PT_PCR_RESET_L1, "TPM_PT_PCR_RESET_L1 - PCR may be reset by TPM2_PCR_Reset() from locality 1"},
+    {TPM_PT_PCR_EXTEND_L2, "TPM_PT_PCR_EXTEND_L2 - PCR may be extended from locality 2"},
+    {TPM_PT_PCR_RESET_L2, "TPM_PT_PCR_RESET_L2 - PCR may be reset by TPM2_PCR_Reset() from locality 2"},
+    {TPM_PT_PCR_EXTEND_L3, "TPM_PT_PCR_EXTEND_L3 - PCR may be extended from locality 3"},
+    {TPM_PT_PCR_RESET_L3, "TPM_PT_PCR_RESET_L3 - PCR may be reset by TPM2_PCR_Reset() from locality 3"},
+    {TPM_PT_PCR_EXTEND_L4, "TPM_PT_PCR_EXTEND_L4 - PCR may be extended from locality 4"},
+    {TPM_PT_PCR_RESET_L4, "TPM_PT_PCR_RESET_L4 - PCR may be reset by TPM2_PCR_Reset() from locality 4"},
+    {TPM_PT_PCR_NO_INCREMENT, "TPM_PT_PCR_NO_INCREMENT - modifications to this PCR (reset or Extend) will not increment the pcrUpdateCounter"},
+    {TPM_PT_PCR_RESET_L4, "TPM_PT_PCR_RESET_L4 - PCR may be reset by TPM2_PCR_Reset() from locality 4"},
+    {TPM_PT_PCR_DRTM_RESET, "TPM_PT_PCR_DRTM_RESET - PCR is reset by a DRTM event"},
+    {TPM_PT_PCR_POLICY, "TPM_PT_PCR_POLICY - PCR is controlled by policy"},
+    {TPM_PT_PCR_AUTH, "TPM_PT_PCR_AUTH - PCR is controlled by an authorization value"}
+};
+
+static TPM_RC responsePcrProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC		rc = 0;
+    uint32_t		count;
+    TPML_TAGGED_PCR_PROPERTY *pcrProperties = (TPML_TAGGED_PCR_PROPERTY *)&(capabilityData->data);
+    property = property; 
+
+    printf("%u properties\n", pcrProperties->count);
+    for (count = 0 ; count < pcrProperties->count ; count++) {
+	
+
+	TPMS_TAGGED_PCR_SELECT *pcrProperty = &(pcrProperties->pcrProperty[count]);
+	const char *ptPcrText = NULL;
+	size_t i;
+	for  (i = 0 ; i < (sizeof(ptPcrTable) / sizeof(PT_PCR_TABLE)) ; i++) {
+	    if (pcrProperty->tag == ptPcrTable[i].ptPcr) {	/* the property identifier */
+		ptPcrText = ptPcrTable[i].ptPcrText;
+		break;
+	    }
+	}
+	if (ptPcrText == NULL) {
+	    ptPcrText = "PT unknown";
+	}
+	printf("TPM_PT_PCR %08x %s\n", pcrProperty->tag, ptPcrText);
+	for (i = 0 ; i < pcrProperty->sizeofSelect ; i++) {	/* the size in octets of the
+								   pcrSelect array */
+	    printf("PCR %u-%u  \tpcrSelect\t%02x\n",
+		   (unsigned int)i*8, (unsigned int)(i*8) + 7,
+		   pcrProperty->pcrSelect[i]); 
+	}
+    }
+    return rc;
+}
+
+static TPM_RC responseEccCurves(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_ECC_CURVE *eccCurves = (TPML_ECC_CURVE *)&(capabilityData->data);
+    TPM_ECC_CURVE curve;
+    property = property;
+
+    printf("%u curves\n", eccCurves->count);
+    for (count = 0 ; count < eccCurves->count ; count++) {
+	curve = eccCurves->eccCurves[count];
+	TSS_TPM_ECC_CURVE_Print("", curve, 4);
+    }
+    return rc;
+}
+
+static TPM_RC responseAuthPolicies(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property)
+{
+    TPM_RC	rc = 0;
+    uint32_t	count;
+    TPML_TAGGED_POLICY *authPolicies = (TPML_TAGGED_POLICY *)&(capabilityData->data);
+    property = property;
+
+    printf("%u authPolicies\n", authPolicies->count);
+    for (count = 0 ; count < authPolicies->count ; count++) {
+	TSS_TPMS_TAGGED_POLICY_Print(&authPolicies->policies[count], 4);
+    }
+    return rc;
+}
+
+static void printUsage(TPM_CAP capability)
+{
+    size_t i;
+    
+    printf("\n");
+    printf("getcapability\n");
+    printf("\n");
+    printf("Runs TPM2_GetCapability\n");
+    printf("\n");
+    printf("\t-cap\tcapability\n");
+    printf("\t-pr\tproperty (defaults to 0)\n");
+    printf("\t-pc\tpropertyCount (defaults to 64)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t\t01\tcontinue\n");
+    printf("\t\t80\tcommand audit\n");
+    printf("\n");
+   
+    /* call the usage function in the capability table */
+    for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) {
+	if (capabilityTable[i].capability == capability) {
+	    capabilityTable[i].usageFunction();
+	    exit(1);
+	}
+    }
+    printf("unknown -cap %08x\n", capability);
+    usageCapability();
+    exit(1);
+}
+
+static void usageCapability(void)
+{
+    printf("\t-cap\tvalues\n"
+	   "\n"
+	   "\t\tTPM_CAP_ALGS                0\n"
+	   "\t\tTPM_CAP_HANDLES             1\n"
+	   "\t\tTPM_CAP_COMMANDS            2\n"
+	   "\t\tTPM_CAP_PP_COMMANDS         3\n"
+	   "\t\tTPM_CAP_AUDIT_COMMANDS      4\n"
+	   "\t\tTPM_CAP_PCRS                5\n"
+	   "\t\tTPM_CAP_TPM_PROPERTIES      6\n"
+	   "\t\tTPM_CAP_PCR_PROPERTIES      7\n"
+	   "\t\tTPM_CAP_ECC_CURVES          8\n"
+	   "\t\tTPM_CAP_AUTH_POLICIES       9\n"
+	   );
+    return;
+}
+
+static void usageAlgs(void)
+{
+    printf("TPM_CAP_ALGS -pr not used\n");
+    return;
+}
+
+static void usageHandles(void)
+{
+    printf("TPM_CAP_HANDLES -pr values\n"
+	   "\n"
+	   "TPM_HT_PCR                  00000000\n"
+	   "TPM_HT_NV_INDEX             01000000\n"
+	   "TPM_HT_LOADED_SESSION       02000000\n"
+	   "TPM_HT_SAVED_SESSION        03000000\n"
+	   "TPM_HT_PERMANENT            40000000\n"
+	   "TPM_HT_TRANSIENT            80000000\n"
+	   "TPM_HT_PERSISTENT           81000000\n"
+	   );
+    return;
+}
+
+static void usageCommands(void)
+{
+    printf("TPM_CAP_COMMANDS -pr is first command\n");
+    return;
+}
+
+;
+static void usagePpCommands(void)
+{
+    printf("TPM_CAP_PP_COMMANDS -pr is first command\n");
+    return;
+}
+
+static void usageAuditCommands(void)
+{
+    printf("TPM_CAP_AUDIT_COMMANDS -pr is first command\n");
+    return;
+}
+
+static void usagePcrs(void)
+{
+    printf("TPM_CAP_PCRS -pr is not used\n");
+    return;
+}
+
+static void usageTpmProperties(void)
+{
+    printf("TPM_CAP_TPM_PROPERTIES -pr is first property\n");
+    printf("\tPT_FIXED starts at %08x\n", PT_FIXED);	
+    printf("\tPT_VAR starts at %08x\n", PT_VAR);	
+    return;
+}
+
+static void usagePcrProperties(void)
+{
+    printf("TPM_CAP_PCR_PROPERTIES -pr is the first property\n");
+    return;
+}
+
+static void usageEccCurves(void)
+{
+    printf("TPM_CAP_ECC_CURVES -pr is the first curve\n");
+    return;
+}
+
+static void usageAuthPolicies(void)
+{
+    printf("TPM_CAP_AUTH_POLICIES -pr is the first handle in range 40000000\n");
+    return;
+}
diff --git a/utils/getcommandauditdigest.c b/utils/getcommandauditdigest.c
new file mode 100644
index 000000000..4cfc3b36d
--- /dev/null
+++ b/utils/getcommandauditdigest.c
@@ -0,0 +1,393 @@
+/********************************************************************************/
+/*										*/
+/*			    GetCommandAuditDigest				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    GetCommandAuditDigest_In 	in;
+    GetCommandAuditDigest_Out 	out;
+    const char			*privacyAdminPassword = NULL; 
+    TPMI_DH_OBJECT		signHandle = 0;
+    const char			*signPassword = NULL; 
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*qualifyingDataFilename = NULL;
+    TPM_ALG_ID			sigAlg = TPM_ALG_RSA;
+    TPMS_ATTEST 		tpmsAttest;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwde") == 0) {
+	    i++;
+	    if (i < argc) {
+		privacyAdminPassword = argv[i];
+	    }
+	    else {
+		printf("-pwde option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		signPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    sigAlg = TPM_ALG_RSA;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    sigAlg = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    sigAlg = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-qd") == 0) {
+	    i++;
+	    if (i < argc) {
+		qualifyingDataFilename = argv[i];
+	    }
+	    else {
+		printf("-qd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+   if (signHandle == 0) {
+	printf("Missing sign handle parameter -hk\n");
+	printUsage();
+    }
+   if (rc == 0) {
+       /* Handle of key that authorized the audit */
+       in.privacyHandle = TPM_RH_ENDORSEMENT;
+       in.signHandle = signHandle;
+       if (sigAlg == TPM_ALG_RSA) {
+	   /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	   in.inScheme.scheme = TPM_ALG_RSASSA;	
+	   /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	   /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	   /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	   in.inScheme.details.rsassa.hashAlg = halg;
+       }
+       else if (sigAlg == TPM_ALG_ECDSA) {
+	   in.inScheme.scheme = TPM_ALG_ECDSA;	
+	   in.inScheme.details.ecdsa.hashAlg = halg;
+       }
+       else {	/* HMAC */
+	   in.inScheme.scheme = TPM_ALG_HMAC;	
+	   in.inScheme.details.hmac.hashAlg = halg;
+       }
+    }
+    /* data supplied by the caller */
+    if (rc == 0) {
+	if (qualifyingDataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.qualifyingData.b,
+				 sizeof(in.qualifyingData.t.buffer),
+				 qualifyingDataFilename);
+	}
+	else {
+	    in.qualifyingData.t.size = 0;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_GetCommandAuditDigest,
+			 sessionHandle0, privacyAdminPassword, sessionAttributes0,
+			 sessionHandle1, signPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.auditInfo.t.attestationData;
+	uint32_t tmpSize = out.auditInfo.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    if (rc == 0) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b);
+	if (!match) {
+	    printf("getcommandauditdigest: failed, extraData != qualifyingData\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+	
+
+    }
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.auditInfo.t.attestationData,
+				      out.auditInfo.t.size,
+				      attestInfoFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("getcommandauditdigest: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("getcommandauditdigest: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("getcommandauditdigest\n");
+    printf("\n");
+    printf("Runs TPM2_GetCommandAuditDigest\n");
+    printf("\n");
+    printf("\t[-pwde\tendorsement hierarchy password (default empty)]\n");
+    printf("\t-hk\tsigning key handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n");
+    printf("\t[-qd\tqualifying data file name]\n");
+    printf("\t[-os\tsignature file name (default do not save)]\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/getcryptolibrary.c b/utils/getcryptolibrary.c
new file mode 100644
index 000000000..502a48a30
--- /dev/null
+++ b/utils/getcryptolibrary.c
@@ -0,0 +1,60 @@
+/********************************************************************************/
+/*										*/
+/*		    Get Crypto Library Name	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "cryptoutils.h"
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC		rc = 0;
+    const char 		*name = NULL;
+
+    argc = argc;
+    argv = argv;
+    
+    getCryptoLibrary(&name);
+    printf("%s\n", name);
+    return rc;
+}
+
diff --git a/utils/getrandom.c b/utils/getrandom.c
new file mode 100644
index 000000000..c6c3f31a6
--- /dev/null
+++ b/utils/getrandom.c
@@ -0,0 +1,295 @@
+/********************************************************************************/
+/*										*/
+/*			   GetRandom						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    GetRandom_In 		in;
+    GetRandom_Out 		out;
+    uint32_t			bytesRequested = 0;
+    uint32_t 			bytesCopied;
+    const char 			*outFilename = NULL;
+    unsigned char 		*randomBuffer = NULL;
+    int				noZeros = FALSE;
+    int				noSpace = FALSE;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-by") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &bytesRequested);
+	    }
+	    else {
+		printf("Missing parameter for -by\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-nz") == 0) {
+	    noZeros = TRUE;
+	}
+ 	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((bytesRequested == 0) ||
+	(bytesRequested > 0xffff)) {
+	printf("Missing or bad parameter -by\n");
+	printUsage();
+    }
+    /* allocate a buffer for the bytes requested, add 1 for optional nul terminator */
+    if (rc == 0) {
+	rc = TSS_Malloc(&randomBuffer, bytesRequested + 1);	/* freed @1 */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* This is somewhat optimized, but if a zero byte is obtained in the last pass, an extra pass is
+       needed.  The trade-off is that, in general, asking for more random numbers than needed may slow
+       down the TPM.  In any case, needing non-zero values for random auth should not happen very
+       often.
+     */
+    for (bytesCopied = 0 ; (rc == 0) && (bytesCopied < bytesRequested) ; ) {
+	/* Request whatever is left */
+	if (rc == 0) {
+	    in.bytesRequested = bytesRequested - bytesCopied;
+	}
+	/* call TSS to execute the command */
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out, 
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_GetRandom,
+			     sessionHandle0, NULL, sessionAttributes0,
+			     sessionHandle1, NULL, sessionAttributes1,
+			     sessionHandle2, NULL, sessionAttributes2,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    size_t br;
+	    if (tssUtilsVerbose) TSS_PrintAll("randomBytes in pass",
+				      out.randomBytes.t.buffer, out.randomBytes.t.size);
+	    /* copy as many bytes as were received or until bytes requested */
+	    for (br = 0 ; (br < out.randomBytes.t.size) && (bytesCopied < bytesRequested) ; br++) {
+
+		if (!noZeros || (out.randomBytes.t.buffer[br] != 0)) {
+		    randomBuffer[bytesCopied] = out.randomBytes.t.buffer[br];
+		    bytesCopied++;
+		}
+	    }
+	}
+	if (rc == 0) {
+	    if (noZeros) {
+		randomBuffer[bytesCopied] = 0x00;
+	    }
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (outFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(randomBuffer, bytesRequested + (noZeros ? 1 : 0),
+				      outFilename);
+    }
+    if (rc == 0) {
+	/* machine readable format */
+	if (noSpace) {
+	    uint32_t bp;
+	    for (bp = 0 ; bp < bytesRequested ; bp++) {
+		printf("%02x", randomBuffer[bp]);
+	    }
+	    printf("\n");
+	}
+	/* human readable format */
+	else {
+	    TSS_PrintAll("randomBytes", randomBuffer, bytesRequested);
+	}
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("getrandom: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(randomBuffer);		/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("getrandom\n");
+    printf("\n");
+    printf("Runs TPM2_GetRandom\n");
+    printf("\n");
+    printf("\t-by\tbytes requested\n");
+    printf("\t[-of\toutput file, with -nz, appends nul terminator (default do not save)]\n");
+    printf("\t[-nz\tget random number with no zero bytes (for authorization value)]\n");
+    printf("\t[-ns\tno space, no text, no newlines]\n");
+    printf("\t\tjust a string of hexascii suitable for a symmetric key\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/getsessionauditdigest.c b/utils/getsessionauditdigest.c
new file mode 100644
index 000000000..96bd0f9a2
--- /dev/null
+++ b/utils/getsessionauditdigest.c
@@ -0,0 +1,389 @@
+/********************************************************************************/
+/*										*/
+/*			    GetSessionAuditDigest				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    GetSessionAuditDigest_In 	in;
+    GetSessionAuditDigest_Out 	out;
+    const char			*privacyAdminPassword = NULL; 
+    TPMI_DH_OBJECT		signHandle = TPM_RH_NULL;
+    const char			*signPassword = NULL; 
+    TPMI_SH_HMAC		sessionHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*qualifyingDataFilename = NULL;
+    TPMS_ATTEST 		tpmsAttest;
+    const char			*sessionDigestFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwde") == 0) {
+	    i++;
+	    if (i < argc) {
+		privacyAdminPassword = argv[i];
+	    }
+	    else {
+		printf("-pwde option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		signPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&sessionHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hs\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-od") == 0) {
+	    i++;
+	    if (i < argc) {
+		sessionDigestFilename = argv[i];
+	    }
+	    else {
+		printf("-od option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-qd") == 0) {
+	    i++;
+	    if (i < argc) {
+		qualifyingDataFilename = argv[i];
+	    }
+	    else {
+		printf("-qd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (sessionHandle == 0) {
+	printf("Missing session handle parameter -hs\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of key that authorizes the audit */
+	in.privacyAdminHandle = TPM_RH_ENDORSEMENT;
+	in.signHandle = signHandle;
+	in.sessionHandle = sessionHandle;
+	/* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	in.inScheme.scheme = TPM_ALG_RSASSA;	
+	/* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	/* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	in.inScheme.details.rsassa.hashAlg = halg;
+    }
+    /* data supplied by the caller */
+    if (rc == 0) {
+	if (qualifyingDataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.qualifyingData.b,
+				 sizeof(in.qualifyingData.t.buffer),
+				 qualifyingDataFilename);
+	}
+	else {
+	    in.qualifyingData.t.size = 0;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_GetSessionAuditDigest,
+			 sessionHandle0, privacyAdminPassword, sessionAttributes0,
+			 sessionHandle1, signPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.auditInfo.t.attestationData;
+	uint32_t tmpSize = out.auditInfo.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    if (rc == 0) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b);
+	if (!match) {
+	    printf("getsessionauditdigest: failed, extraData != qualifyingData\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+	
+
+    }
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.auditInfo.t.attestationData,
+				      out.auditInfo.t.size,
+				      attestInfoFilename);
+    }
+    if ((rc == 0) && (sessionDigestFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.sessionAudit.sessionDigest.t.buffer,	
+				      tpmsAttest.attested.sessionAudit.sessionDigest.t.size,
+				      sessionDigestFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("getsessionauditdigest: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("getsessionauditdigest: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("getsessionauditdigest\n");
+    printf("\n");
+    printf("Runs TPM2_GetSessionAuditDigest\n");
+    printf("\n");
+    printf("\t[-pwde\tendorsement hierarchy password (default empty)]\n");
+    printf("\t[-hk\tsigning key handle]\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t-hs\taudit session handle\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-qd\tqualifying data file name]\n");
+    printf("\t[-os\tsignature file name (default do not save)]\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\t[-od\tsession digest file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/gettestresult.c b/utils/gettestresult.c
new file mode 100644
index 000000000..de1284575
--- /dev/null
+++ b/utils/gettestresult.c
@@ -0,0 +1,206 @@
+/********************************************************************************/
+/*										*/
+/*			   GetTestResult					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+/* #include <ibmtss/Unmarshal_fp.h> */
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    GetTestResult_Out 		out;
+    const char 			*msg;
+    const char 			*submsg;
+    const char 			*num;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 NULL,
+			 NULL,
+			 TPM_CC_GetTestResult,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	TSS_ResponseCode_toString(&msg, &submsg, &num, out.testResult);
+	printf("testResult %s%s%s\n", msg, submsg, num);
+	
+	if (tssUtilsVerbose) TSS_PrintAll("outData",
+				  out.outData.t.buffer, out.outData.t.size);
+    }
+    else {
+	printf("gettestresult: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("gettestresult\n");
+    printf("\n");
+    printf("Runs TPM2_GetTestResult\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/gettime.c b/utils/gettime.c
new file mode 100644
index 000000000..aa54d8bd9
--- /dev/null
+++ b/utils/gettime.c
@@ -0,0 +1,393 @@
+/********************************************************************************/
+/*										*/
+/*			    GetTime						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    GetTime_In 			in;
+    GetTime_Out 		out;
+    TPMI_DH_OBJECT		signHandle = 0;
+    const char			*keyPassword = NULL; 
+    const char			*endorsementPassword = NULL; 
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*qualifyingDataFilename = NULL;
+    TPM_ALG_ID			sigAlg = TPM_ALG_RSA;
+    TPMS_ATTEST 		tpmsAttest;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+ 
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwde") == 0) {
+	    i++;
+	    if (i < argc) {
+		endorsementPassword = argv[i];
+	    }
+	    else {
+		printf("-pwde option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    sigAlg = TPM_ALG_RSA;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    sigAlg = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    sigAlg = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-qd") == 0) {
+	    i++;
+	    if (i < argc) {
+		qualifyingDataFilename = argv[i];
+	    }
+	    else {
+		printf("-qd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (signHandle == 0) {
+	printf("Missing sign handle parameter -hs\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* handle of the privacy administrator */
+	in.privacyAdminHandle = TPM_RH_ENDORSEMENT;
+	/* Handle of key that will perform signing */
+	in.signHandle = signHandle;
+	if (sigAlg == TPM_ALG_RSA) {
+	    /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	    in.inScheme.scheme = TPM_ALG_RSASSA;	
+	    /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	    /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else if (sigAlg == TPM_ALG_ECDSA) {
+	    in.inScheme.scheme = TPM_ALG_ECDSA;	
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+	else {	/* HMAC */
+	    in.inScheme.scheme = TPM_ALG_HMAC;	
+	    in.inScheme.details.hmac.hashAlg = halg;
+	}
+    }
+    /* data supplied by the caller */
+    if (rc == 0) {
+	if (qualifyingDataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.qualifyingData.b,
+				 sizeof(in.qualifyingData.t.buffer),
+				 qualifyingDataFilename);
+	}
+	else {
+	    in.qualifyingData.t.size = 0;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_GetTime,
+			 sessionHandle0, endorsementPassword, sessionAttributes0,
+			 sessionHandle1, keyPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.timeInfo.t.attestationData;
+	uint32_t tmpSize = out.timeInfo.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    if (rc == 0) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b);
+	if (!match) {
+	    printf("quote: failed, extraData != qualifyingData\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }    
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.timeInfo.t.attestationData,
+				      out.timeInfo.t.size,
+				      attestInfoFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("gettime: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("gettime: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("gettime\n");
+    printf("\n");
+    printf("Runs TPM2_GetTime\n");
+    printf("\n");
+    printf("\t-hk\tsigning key handle\n");
+    printf("\t[-pwdk\tpassword for signing key (default empty)]\n");
+    printf("\t[-pwde\tpassword for endorsement hierarchy (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n");
+    printf("\t[-qd\tqualifying data file name]\n");
+    printf("\t[-os\tsignature file name  (default do not save)]\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/hash.c b/utils/hash.c
new file mode 100644
index 000000000..4f5c42a59
--- /dev/null
+++ b/utils/hash.c
@@ -0,0 +1,310 @@
+/********************************************************************************/
+/*										*/
+/*			    Hash						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+static void printHash(Hash_Out *out);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Hash_In 			in;
+    Hash_Out 			out;
+    char 			hierarchyChar = 'n';
+    TPMI_RH_HIERARCHY		hierarchy = TPM_RH_NULL;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*inFilename = NULL;
+    const char 			*inString = NULL;
+    const char			*hashFilename = NULL;
+    const char			*ticketFilename = NULL;
+    int				noSpace = FALSE;
+ 
+    size_t 			length = 0;
+    uint8_t			*buffer = NULL;	/* for the free */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		inString = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-oh") == 0) {
+	    i++;
+	    if (i < argc) {
+		hashFilename = argv[i];
+	    }
+	    else {
+		printf("-oh option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((inFilename == NULL) && (inString == NULL)) {
+	printf("Input file -if or input string -ic must be specified\n");
+	printUsage();
+    }
+    if ((inFilename != NULL) && (inString != NULL)) {
+	printf("Input file -if and input string -ic cannot both be specified\n");
+	printUsage();
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'e') {
+	    hierarchy = TPM_RH_ENDORSEMENT;
+	}
+	else if (hierarchyChar == 'o') {
+	    hierarchy = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    hierarchy = TPM_RH_PLATFORM;
+	}
+	else if (hierarchyChar == 'n') {
+	    hierarchy = TPM_RH_NULL;
+	}
+	else {
+	    printf("Bad parameter %c for -hi\n", hierarchyChar);
+	    printUsage();
+	}
+ 	in.hierarchy = hierarchy;
+    }
+    if (inFilename != NULL) {
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+					 &length,
+					 inFilename);
+	}
+	if (rc == 0) {
+	    if (length > sizeof(in.data.t.buffer)) {
+		printf("Input data too long %lu\n", (unsigned long)length);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	if (rc == 0) {
+	    /* data to be hashed */
+	    in.data.t.size = (uint16_t)length;	/* cast safe, range tested above */
+	    memcpy(in.data.t.buffer, buffer, length);
+	}
+    }
+    if (inString != NULL) {
+	if (rc == 0) {
+	    length = strlen(inString);
+	    if (length > sizeof(in.data.t.buffer)) {
+		printf("Input data too long %lu\n", (unsigned long)length);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    } 
+	}
+	if (rc == 0) {
+	    /* data to be hashed */
+	    in.data.t.size = (uint16_t)length;	/* cast safe, range tested above */
+	    memcpy(in.data.t.buffer, inString, length);
+	}
+    }
+    if (rc == 0) {
+	in.hashAlg = halg;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Hash,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (hashFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.outHash.t.buffer,
+				      out.outHash.t.size,
+				      hashFilename); 
+    }
+    if ((rc == 0) && (ticketFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.validation,
+				     (MarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Marshal,
+				     ticketFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printHash(&out);
+	if (noSpace) {
+	    uint32_t bp;
+	    for (bp = 0 ; bp < out.outHash.t.size ; bp++) {
+		printf("%02x", out.outHash.t.buffer[bp]);
+	    }
+	    printf("\n");
+	}
+	if (tssUtilsVerbose) printf("hash: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("hash: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+static void printHash(Hash_Out *out)
+{
+    TSS_PrintAll("Hash", out->outHash.t.buffer, out->outHash.t.size);
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("hash\n");
+    printf("\n");
+    printf("Runs TPM2_Hash\n");
+    printf("\n");
+    printf("\t[-hi\thierarchy (e, o, p, n) (default null)]\n");
+    printf("\t\te endorsement, o owner, p platform, n null\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t-if\tinput file to be hashed\n");
+    printf("\t-ic\tdata string to be hashed\n");
+    printf("\t[-ns\tno space, no text, no newlines]\n");
+    printf("\t[-oh\thash file name (default do not save)]\n");
+    printf("\t[-tk\tticket file name (default do not save)]\n");
+    exit(1);	
+}
diff --git a/utils/hashsequencestart.c b/utils/hashsequencestart.c
new file mode 100644
index 000000000..d54fadd4e
--- /dev/null
+++ b/utils/hashsequencestart.c
@@ -0,0 +1,253 @@
+/********************************************************************************/
+/*										*/
+/*			    HashSequenceStart					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    HashSequenceStart_In 	in;
+    HashSequenceStart_Out	out;
+    const char			*authPassword = NULL; 
+    TPMI_ALG_HASH		hashAlg = TPM_ALG_SHA256;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    hashAlg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    hashAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    hashAlg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    hashAlg = TPM_ALG_SHA512;
+		}
+		else if (strcmp(argv[i],"null") == 0) {
+		    hashAlg = TPM_ALG_NULL;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	/* auth value for sequence */
+	rc = TSS_TPM2B_StringCopy(&in.auth.b, authPassword, sizeof(in.auth.t.buffer));
+    }
+    if (rc == 0) {
+	in.hashAlg = hashAlg;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_HashSequenceStart,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("hashsequencestart: handle %08x\n", out.sequenceHandle);
+	if (tssUtilsVerbose) printf("hashsequencestart: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("hashsequencestart: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("hashsequencestart\n");
+    printf("\n");
+    printf("Runs TPM2_HashSequenceStart\n");
+    printf("\n");
+    printf("\t[-pwda\tpassword for sequence (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512, null) (default sha256)]\n");
+    printf("\t\tnull is an event sequence\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/hierarchychangeauth.c b/utils/hierarchychangeauth.c
new file mode 100644
index 000000000..c184cc483
--- /dev/null
+++ b/utils/hierarchychangeauth.c
@@ -0,0 +1,358 @@
+/********************************************************************************/
+/*										*/
+/*			    HierarchyChangeAuth	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    HierarchyChangeAuth_In 	in;
+    char 			hierarchyChar = 0;
+    const char			*newPassword = NULL; 
+    const char			*newPasswordFilename = NULL;
+    const char			*authPassword = NULL; 
+    const char			*authPasswordFilename = NULL;
+    /* authPasswordPtr is used as the command auth value.  It is either the supplied authPassword
+       string, the password read from the authPasswordFilename file, or NULL */
+    const char			*authPasswordPtr = NULL; 
+    uint8_t			*authPasswordBuffer = NULL;		/* for the free */
+    size_t 			authPasswordLength = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		newPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdni") == 0) {
+	    i++;
+	    if (i < argc) {
+		newPasswordFilename = argv[i];
+	    }
+	    else {
+		printf("pwdni -option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdai") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPasswordFilename = argv[i];
+	    }
+	    else {
+		printf("-pwdai option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'l') {
+	    in.authHandle = TPM_RH_LOCKOUT;
+	}
+	else if (hierarchyChar == 'e') {
+	    in.authHandle = TPM_RH_ENDORSEMENT;
+	}
+	else if (hierarchyChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if ((newPassword != NULL) && (newPasswordFilename != NULL)) {
+	    printf("Cannot specify both -pwdn and -pwdni\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if ((authPassword != NULL) && (authPasswordFilename != NULL)) {
+	    printf("Cannot specify both -pwda and -pwdai\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	/* new auth from string */
+	if (newPassword != NULL) {
+	    /* convert password string to TPM2B */
+	    rc = TSS_TPM2B_StringCopy(&in.newAuth.b,
+				      newPassword, sizeof(in.newAuth.t.buffer));
+	}
+	/* new auth from file */
+	else if (newPasswordFilename != NULL) {
+	    uint8_t			*buffer = NULL;		/* for the free */
+	    size_t 			length = 0;
+	    /* read new auth value from the file */
+	    if (rc == 0) {
+		rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+					     &length,
+					     newPasswordFilename);
+	    }
+	    /* convert password file string to TPM2B */
+	    if (rc == 0) {
+		rc = TSS_TPM2B_StringCopy(&in.newAuth.b,
+					  (const char *)buffer, sizeof(in.newAuth.t.buffer));
+	    }
+	    free(buffer);	/* @1 */
+	    buffer = NULL;
+	}
+	/* no new auth specified */
+	else {
+	    in.newAuth.t.size = 0;
+	}
+    }
+    if (rc == 0) {
+	/* command auth from string */
+	if (authPassword != NULL) {
+	    authPasswordPtr = authPassword; 
+	}
+	/* command auth from file */
+	else if (authPasswordFilename != NULL) {
+	    if (rc == 0) {
+		/* must be freed by caller */
+		rc = TSS_File_ReadBinaryFile(&authPasswordBuffer,
+					     &authPasswordLength,
+					     authPasswordFilename);
+	    }
+	    if (rc == 0) {
+		if (authPasswordLength > sizeof(TPMU_HA)) {
+		    printf("Password too long %u\n", (unsigned int)authPasswordLength);
+		    rc = TSS_RC_INSUFFICIENT_BUFFER;
+		}
+	    }
+	    if (rc == 0) {
+		authPasswordPtr = (const char *)authPasswordBuffer;
+	    }
+	}
+	/* no command auth specified */
+	else {
+	    authPasswordPtr = NULL;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_HierarchyChangeAuth,
+			 sessionHandle0, authPasswordPtr, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("hierarchychangeauth: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("hierarchychangeauth: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(authPasswordBuffer);
+    authPasswordBuffer = NULL;
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("hierarchychangeauth\n");
+    printf("\n");
+    printf("Runs TPM2_HierarchyChangeAuth\n");
+    printf("\n");
+    printf("\t-hi\thierarchy (l, e, o, p)\n");
+    printf("\t\tl lockout, e endorsement, o owner, p platform\n");
+    printf("\t-pwdn\tnew authorization password (default empty)\n");
+    printf("\t-pwdni\tnew authorization password file name (default empty)\n");
+    printf("\t-pwda\tauthorization password (default empty)\n");
+    printf("\t-pwdai\tauthorization password file name (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/hierarchycontrol.c b/utils/hierarchycontrol.c
new file mode 100644
index 000000000..662e97934
--- /dev/null
+++ b/utils/hierarchycontrol.c
@@ -0,0 +1,291 @@
+/********************************************************************************/
+/*										*/
+/*			    HierarchyControl	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    HierarchyControl_In 	in;
+    char 			authHandleChar = 0;
+    char 			enableHandleChar = 0;
+    int				state = 1;
+    const char			*authPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		authHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-he") == 0) {
+	    i++;
+	    if (i < argc) {
+		enableHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -he\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-state") == 0) {
+	    i++;
+	    if (i < argc) {
+		state = atoi(argv[i]);
+	    }
+	    else {
+		printf("-state option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (authHandleChar == 'e') {
+	    in.authHandle = TPM_RH_ENDORSEMENT;
+	}
+	else if (authHandleChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (authHandleChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (enableHandleChar == 'e') {
+	    in.enable = TPM_RH_ENDORSEMENT;
+	}
+	else if (enableHandleChar == 'o') {
+	    in.enable = TPM_RH_OWNER;
+	}
+	else if (enableHandleChar == 'p') {
+	    in.enable = TPM_RH_PLATFORM;
+	}
+	else if (enableHandleChar == 'n') {
+	    in.enable = TPM_RH_PLATFORM_NV;
+	}
+	else {
+	    printf("Missing or illegal -he\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (state != 0) {
+	    in.state = YES;
+	}
+	else {
+	    in.state = NO;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_HierarchyControl,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("hierarchycontrol: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("hierarchycontrol: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("hierarchycontrol\n");
+    printf("\n");
+    printf("Runs TPM2_HierarchyControl\n");
+    printf("\n");
+    printf("\t-hi\tauthhandle hierarchy (e, o, p)\n");
+    printf("\t-he\tenable hierarchy (e, o, p, n)\n");
+    printf("\t\te\tendorsement, o owner, p platform, n null\n");
+    printf("\t[-pwda\tauthorization password (default empty)]\n");
+    printf("\t[-state\t(0 to disable, 1 to enable) (default enable)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/hmac.c b/utils/hmac.c
new file mode 100644
index 000000000..be63e1b0a
--- /dev/null
+++ b/utils/hmac.c
@@ -0,0 +1,356 @@
+/********************************************************************************/
+/*										*/
+/*			    Hmac						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+static void printHmac(HMAC_Out *out);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    HMAC_In 			in;
+    HMAC_Out 			out;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    const char			*inFilename = NULL;
+    const char 			*inString = NULL;
+    const char			*hmacFilename = NULL;
+    const char			*keyPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    size_t 			length = 0;
+    uint8_t			*buffer = NULL;	/* for the free */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		inString = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		hmacFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if ((inFilename == NULL) && (inString == NULL)) {
+	printf("Input file -if or input string -ic must be specified\n");
+	printUsage();
+    }
+    if ((inFilename != NULL) && (inString != NULL)) {
+	printf("Input file -if and input string -ic cannot both be specified\n");
+	printUsage();
+    }
+    if (inFilename != NULL) {
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+					 &length,
+					 inFilename);
+	}
+	if (rc == 0) {
+	    if (length > sizeof(in.buffer.t.buffer)) {
+		printf("Input data too long %lu\n", (unsigned long)length);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	if (rc == 0) {
+	    /* data to be HMACed */
+	    in.buffer.t.size = (uint16_t)length;	/* cast safe, range tested above */
+	    memcpy(in.buffer.t.buffer, buffer, length);
+	}
+    }
+    if (inString != NULL) {
+	if (rc == 0) {
+	    length = strlen(inString);
+	    if (length > sizeof(in.buffer.t.buffer)) {
+		printf("Input data too long %lu\n", (unsigned long)length);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    } 
+	}
+	if (rc == 0) {
+	    /* data to be hashed */
+	    in.buffer.t.size =(uint16_t) length;	/* cast safe, range tested above */
+	    memcpy(in.buffer.t.buffer, inString, length);
+	}
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform hmac */
+	in.handle = keyHandle;
+	/* use key's hash algorithm */
+	in.hashAlg = halg;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_HMAC,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (hmacFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.outHMAC.t.buffer,
+				      out.outHMAC.t.size,
+				      hmacFilename); 
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printHmac(&out);
+	if (tssUtilsVerbose) printf("hmac: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("hmac: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+static void printHmac(HMAC_Out *out)
+{
+    TSS_PrintAll("HMAC", out->outHMAC.t.buffer, out->outHMAC.t.size);
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("hmac\n");
+    printf("\n");
+    printf("Runs TPM2_HMAC\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t-if\tinput file to be HMACed\n");
+    printf("\t-ic\tdata string to be HMACed\n");
+    printf("\t[-os\thmac file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/hmacstart.c b/utils/hmacstart.c
new file mode 100644
index 000000000..3fdd0f9fa
--- /dev/null
+++ b/utils/hmacstart.c
@@ -0,0 +1,278 @@
+/********************************************************************************/
+/*										*/
+/*			    HmacStart						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    HMAC_Start_In 		in;
+    HMAC_Start_Out 		out;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    const char			*keyPassword = NULL; 
+    const char			*authPassword = NULL; 
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform hmac */
+	in.handle = keyHandle;
+	/* auth value for sequence */
+	rc = TSS_TPM2B_StringCopy(&in.auth.b, authPassword, sizeof(in.auth.t.buffer));
+    }
+    if (rc == 0) {
+	in.hashAlg = halg;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_HMAC_Start,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("hmacstart: handle %08x\n", out.sequenceHandle);
+	if (tssUtilsVerbose) printf("hmacstart: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("hmacstart: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("hmacstart\n");
+    printf("\n");
+    printf("Runs TPM2_Hmac_Start\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t-pwdk\tpassword for key (default empty)\n");
+    printf("\t-pwda\tpassword for sequence (default empty)\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/ibmtss/ActivateCredential_fp.h b/utils/ibmtss/ActivateCredential_fp.h
new file mode 100644
index 000000000..e2b6083cb
--- /dev/null
+++ b/utils/ibmtss/ActivateCredential_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ActivateCredential_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef ACTIVATECREDENTIAL_FP_H
+#define ACTIVATECREDENTIAL_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		activateHandle;
+    TPMI_DH_OBJECT		keyHandle;
+    TPM2B_ID_OBJECT		credentialBlob;
+    TPM2B_ENCRYPTED_SECRET	secret;
+} ActivateCredential_In;
+
+#define RC_ActivateCredential_activateHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_ActivateCredential_keyHandle 	(TPM_RC_H + TPM_RC_2)
+#define RC_ActivateCredential_credentialBlob	(TPM_RC_P + TPM_RC_1)
+#define RC_ActivateCredential_secret 		(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_DIGEST		certInfo;
+} ActivateCredential_Out;
+
+TPM_RC
+TPM2_ActivateCredential(
+			ActivateCredential_In   *in,            // IN: input parameter list
+			ActivateCredential_Out  *out            // OUT: output parameter list
+			);
+#endif
diff --git a/utils/ibmtss/ActivateIdentity_fp.h b/utils/ibmtss/ActivateIdentity_fp.h
new file mode 100644
index 000000000..84b97b62e
--- /dev/null
+++ b/utils/ibmtss/ActivateIdentity_fp.h
@@ -0,0 +1,64 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 ActivateIdentity				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: ActivateIdentity_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef ACTIVATEIDENTITY_FP_H
+#define ACTIVATEIDENTITY_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_KEY_HANDLE idKeyHandle;
+    UINT32 blobSize;
+    BYTE blob[MAX_RSA_KEY_BYTES];
+} ActivateIdentity_In;  
+
+typedef struct {
+    TPM_SYMMETRIC_KEY symmetricKey;
+} ActivateIdentity_Out;  
+
+TPM_RC
+TPM2_ActivateIdentity(
+		  ActivateIdentity_In *in,            // IN: input parameter buffer
+		  ActivateIdentity_Out *out           // OUT: output parameter buffer
+		  );
+
+#endif
diff --git a/utils/ibmtss/BaseTypes.h b/utils/ibmtss/BaseTypes.h
new file mode 100644
index 000000000..c87663c6b
--- /dev/null
+++ b/utils/ibmtss/BaseTypes.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: BaseTypes.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2016					*/
+/*										*/
+/********************************************************************************/
+
+/* 5.2	BaseTypes.h */
+
+#ifndef BASETYPES_H
+#define BASETYPES_H
+
+#include <stdint.h>
+
+/* NULL definition */
+
+#ifndef         NULL
+#define         NULL        (0)
+#endif
+typedef  uint8_t            UINT8;
+typedef  uint8_t            BYTE;
+typedef  int8_t             INT8;
+typedef  int                BOOL;
+typedef  uint16_t           UINT16;
+typedef  int16_t            INT16;
+typedef  uint32_t           UINT32;
+typedef  int32_t            INT32;
+typedef  uint64_t           UINT64;
+typedef  int64_t            INT64;
+
+#endif
diff --git a/utils/ibmtss/CertifyCreation_fp.h b/utils/ibmtss/CertifyCreation_fp.h
new file mode 100644
index 000000000..98c336b95
--- /dev/null
+++ b/utils/ibmtss/CertifyCreation_fp.h
@@ -0,0 +1,95 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: CertifyCreation_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CERTIFYCREATION_FP_H
+#define CERTIFYCREATION_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	signHandle;
+    TPMI_DH_OBJECT	objectHandle;
+    TPM2B_DATA		qualifyingData;
+    TPM2B_DIGEST	creationHash;
+    TPMT_SIG_SCHEME	inScheme;
+    TPMT_TK_CREATION	creationTicket;
+} CertifyCreation_In;
+
+#define RC_CertifyCreation_signHandle 		(TPM_RC_H + TPM_RC_1)
+#define RC_CertifyCreation_objectHandle		(TPM_RC_H + TPM_RC_2)
+#define RC_CertifyCreation_qualifyingData	(TPM_RC_P + TPM_RC_1)
+#define RC_CertifyCreation_creationHash		(TPM_RC_P + TPM_RC_2)
+#define RC_CertifyCreation_inScheme 		(TPM_RC_P + TPM_RC_3)
+#define RC_CertifyCreation_creationTicket 	(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM2B_ATTEST	certifyInfo;
+    TPMT_SIGNATURE	signature;
+} CertifyCreation_Out;
+
+TPM_RC
+TPM2_CertifyCreation(
+		     CertifyCreation_In      *in,            // IN: input parameter list
+		     CertifyCreation_Out     *out            // OUT: output parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/CertifyX509_fp.h b/utils/ibmtss/CertifyX509_fp.h
new file mode 100644
index 000000000..1fb36fe7f
--- /dev/null
+++ b/utils/ibmtss/CertifyX509_fp.h
@@ -0,0 +1,91 @@
+/********************************************************************************/
+/*										*/
+/*		TPM2_CertifyX509 Command Header	     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2019					*/
+/*										*/
+/********************************************************************************/
+
+#ifndef CERTIFYX509_FP_H
+#define CERTIFYX509_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	objectHandle;
+    TPMI_DH_OBJECT	signHandle;
+    TPM2B_DATA		reserved;
+    TPMT_SIG_SCHEME	inScheme;
+    TPM2B_MAX_BUFFER	partialCertificate;
+} CertifyX509_In;
+
+#define RC_CertifyX509_objectHandle		(TPM_RC_H + TPM_RC_1)
+#define RC_CertifyX509_signHandle 		(TPM_RC_H + TPM_RC_2)
+#define RC_CertifyX509_reserved			(TPM_RC_P + TPM_RC_1)
+#define RC_CertifyX509_inScheme 		(TPM_RC_P + TPM_RC_2)
+#define RC_CertifyX509_partialCertificate	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_MAX_BUFFER 	addedToCertificate;
+    TPM2B_DIGEST	tbsDigest;
+    TPMT_SIGNATURE	signature;
+} CertifyX509_Out;
+
+TPM_RC
+TPM2_CertifyX509(
+		 CertifyX509_In      *in,            // IN: input parameter list
+		 CertifyX509_Out     *out            // OUT: output parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/Certify_fp.h b/utils/ibmtss/Certify_fp.h
new file mode 100644
index 000000000..dc186e4eb
--- /dev/null
+++ b/utils/ibmtss/Certify_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Certify_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CERTIFY_FP_H
+#define CERTIFY_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	objectHandle;
+    TPMI_DH_OBJECT	signHandle;
+    TPM2B_DATA		qualifyingData;
+    TPMT_SIG_SCHEME	inScheme;
+} Certify_In;
+
+#define RC_Certify_objectHandle		(TPM_RC_H + TPM_RC_1)
+#define RC_Certify_signHandle 		(TPM_RC_H + TPM_RC_2)
+#define RC_Certify_qualifyingData	(TPM_RC_P + TPM_RC_1)
+#define RC_Certify_inScheme 		(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_ATTEST	certifyInfo;
+    TPMT_SIGNATURE	signature;
+} Certify_Out;
+
+
+
+TPM_RC
+TPM2_Certify(
+	     Certify_In      *in,            // IN: input parameter list
+	     Certify_Out     *out            // OUT: output parameter list
+	     );
+
+
+#endif
diff --git a/utils/ibmtss/ChangeEPS_fp.h b/utils/ibmtss/ChangeEPS_fp.h
new file mode 100644
index 000000000..085473021
--- /dev/null
+++ b/utils/ibmtss/ChangeEPS_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ChangeEPS_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CHANGEEPS_FP_H
+#define CHANGEEPS_FP_H
+
+typedef struct {
+    TPMI_RH_PLATFORM	authHandle;
+} ChangeEPS_In;
+
+#define RC_ChangeEPS_authHandle	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_ChangeEPS(
+	       ChangeEPS_In    *in             // IN: input parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/ChangePPS_fp.h b/utils/ibmtss/ChangePPS_fp.h
new file mode 100644
index 000000000..566cfe748
--- /dev/null
+++ b/utils/ibmtss/ChangePPS_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ChangePPS_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CHANGEPPS_FP_H
+#define CHANGEPPS_FP_H
+
+typedef struct {
+    TPMI_RH_PLATFORM	authHandle;
+} ChangePPS_In;
+
+#define RC_ChangePPS_authHandle	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_ChangePPS(
+	       ChangePPS_In    *in             // IN: input parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/ClearControl_fp.h b/utils/ibmtss/ClearControl_fp.h
new file mode 100644
index 000000000..4ecd727e6
--- /dev/null
+++ b/utils/ibmtss/ClearControl_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ClearControl_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CLEARCONTROL_FP_H
+#define CLEARCONTROL_FP_H
+
+typedef struct {
+    TPMI_RH_CLEAR	auth;
+    TPMI_YES_NO		disable;
+} ClearControl_In;
+
+#define RC_ClearControl_auth	(TPM_RC_H + TPM_RC_1)
+#define RC_ClearControl_disable	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_ClearControl(
+		  ClearControl_In     *in             // IN: input parameter list
+		  );
+#endif
diff --git a/utils/ibmtss/Clear_fp.h b/utils/ibmtss/Clear_fp.h
new file mode 100644
index 000000000..f12e6bc8e
--- /dev/null
+++ b/utils/ibmtss/Clear_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Clear_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CLEAR_FP_H
+#define CLEAR_FP_H
+
+typedef struct {
+    TPMI_RH_CLEAR	authHandle;
+} Clear_In;
+
+#define RC_Clear_authHandle	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_Clear(
+	   Clear_In        *in             // IN: input parameter list
+	   );
+
+#endif
diff --git a/utils/ibmtss/ClockRateAdjust_fp.h b/utils/ibmtss/ClockRateAdjust_fp.h
new file mode 100644
index 000000000..e66d153ae
--- /dev/null
+++ b/utils/ibmtss/ClockRateAdjust_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ClockRateAdjust_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CLOCKRATEADJUST_FP_H
+#define CLOCKRATEADJUST_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	auth;
+    TPM_CLOCK_ADJUST	rateAdjust;
+} ClockRateAdjust_In;
+
+#define RC_ClockRateAdjust_auth		(TPM_RC_H + TPM_RC_1)
+#define RC_ClockRateAdjust_rateAdjust	(TPM_RC_P + TPM_RC_1)
+
+
+TPM_RC
+TPM2_ClockRateAdjust(
+		     ClockRateAdjust_In  *in             // IN: input parameter list
+		     );
+
+#endif
diff --git a/utils/ibmtss/ClockSet_fp.h b/utils/ibmtss/ClockSet_fp.h
new file mode 100644
index 000000000..c62ea974f
--- /dev/null
+++ b/utils/ibmtss/ClockSet_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ClockSet_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CLOCKSET_FP_H
+#define CLOCKSET_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	auth;
+    UINT64		newTime;
+} ClockSet_In;
+
+#define RC_ClockSet_auth	(TPM_RC_H + TPM_RC_1)
+#define RC_ClockSet_newTime	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_ClockSet(
+	      ClockSet_In     *in             // IN: input parameter list
+	      );
+
+
+#endif
diff --git a/utils/ibmtss/Commit_fp.h b/utils/ibmtss/Commit_fp.h
new file mode 100644
index 000000000..653dd53e0
--- /dev/null
+++ b/utils/ibmtss/Commit_fp.h
@@ -0,0 +1,94 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Commit_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef COMMIT_FP_H
+#define COMMIT_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		signHandle;
+    TPM2B_ECC_POINT		P1;
+    TPM2B_SENSITIVE_DATA	s2;
+    TPM2B_ECC_PARAMETER		y2;
+} Commit_In;
+
+#define RC_Commit_signHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_Commit_P1 		(TPM_RC_P + TPM_RC_1)
+#define RC_Commit_s2 		(TPM_RC_P + TPM_RC_2)
+#define RC_Commit_y2 		(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_ECC_POINT	K;
+    TPM2B_ECC_POINT	L;
+    TPM2B_ECC_POINT	E;
+    UINT16		counter;
+} Commit_Out;
+
+TPM_RC
+TPM2_Commit(
+	    Commit_In       *in,            // IN: input parameter list
+	    Commit_Out      *out            // OUT: output parameter list
+	    );
+
+
+
+#endif
diff --git a/utils/ibmtss/ContextLoad_fp.h b/utils/ibmtss/ContextLoad_fp.h
new file mode 100644
index 000000000..5742f7f3f
--- /dev/null
+++ b/utils/ibmtss/ContextLoad_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ContextLoad_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CONTEXTLOAD_FP_H
+#define CONTEXTLOAD_FP_H
+
+typedef struct {
+    TPMS_CONTEXT	context;
+} ContextLoad_In;
+
+#define RC_ContextLoad_context 	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPMI_DH_CONTEXT	loadedHandle;
+} ContextLoad_Out;
+
+TPM_RC
+TPM2_ContextLoad(
+		 ContextLoad_In      *in,            // IN: input parameter list
+		 ContextLoad_Out     *out            // OUT: output parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/ContextSave_fp.h b/utils/ibmtss/ContextSave_fp.h
new file mode 100644
index 000000000..bfb17119e
--- /dev/null
+++ b/utils/ibmtss/ContextSave_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ContextSave_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CONTEXTSAVE_FP_H
+#define CONTEXTSAVE_FP_H
+
+typedef struct {
+    TPMI_DH_CONTEXT	saveHandle;
+} ContextSave_In;
+
+#define RC_ContextSave_saveHandle	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPMS_CONTEXT	context;
+} ContextSave_Out;
+
+TPM_RC
+TPM2_ContextSave(
+		 ContextSave_In      *in,            // IN: input parameter list
+		 ContextSave_Out     *out            // OUT: output parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/CreateEndorsementKeyPair_fp.h b/utils/ibmtss/CreateEndorsementKeyPair_fp.h
new file mode 100644
index 000000000..a183ba028
--- /dev/null
+++ b/utils/ibmtss/CreateEndorsementKeyPair_fp.h
@@ -0,0 +1,64 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 CreateEndorsementKeyPair			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*      $Id: CreateEndorsementKeyPair_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef CREATEENDORSEMENTKEYPAIR_FP_H
+#define CREATEENDORSEMENTKEYPAIR_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_NONCE antiReplay;
+    TPM_KEY_PARMS keyInfo;
+} CreateEndorsementKeyPair_In;  
+
+typedef struct {
+    TPM_PUBKEY pubEndorsementKey;
+    TPM_DIGEST checksum;
+} CreateEndorsementKeyPair_Out;  
+
+TPM_RC
+TPM2_CreateEndorsementKeyPair(
+			      CreateEndorsementKeyPair_In *in,            // IN: input parameter buffer
+			      CreateEndorsementKeyPair_Out *out           // OUT: output parameter buffer
+			      );
+
+#endif
diff --git a/utils/ibmtss/CreateLoaded_fp.h b/utils/ibmtss/CreateLoaded_fp.h
new file mode 100644
index 000000000..a6792c155
--- /dev/null
+++ b/utils/ibmtss/CreateLoaded_fp.h
@@ -0,0 +1,90 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: CreateLoaded_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+#ifndef CREATELOADED_FP_H
+#define CREATELOADED_FP_H
+
+/* rev 136 */
+
+typedef struct {
+    TPMI_DH_PARENT		parentHandle;
+    TPM2B_SENSITIVE_CREATE	inSensitive;
+    TPM2B_TEMPLATE		inPublic;
+} CreateLoaded_In;
+
+#define RC_CreateLoaded_parentHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_CreateLoaded_inSensitive 	(TPM_RC_P + TPM_RC_1)
+#define RC_CreateLoaded_inPublic 	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM_HANDLE		objectHandle;
+    TPM2B_PRIVATE	outPrivate;
+    TPM2B_PUBLIC	outPublic;
+    TPM2B_NAME		name;
+} CreateLoaded_Out;
+
+TPM_RC
+TPM2_CreateLoaded(
+		  CreateLoaded_In       *in,            // IN: input parameter list
+		  CreateLoaded_Out      *out            // OUT: output parameter list
+		  );
+
+#endif
diff --git a/utils/ibmtss/CreatePrimary_fp.h b/utils/ibmtss/CreatePrimary_fp.h
new file mode 100644
index 000000000..958293b10
--- /dev/null
+++ b/utils/ibmtss/CreatePrimary_fp.h
@@ -0,0 +1,96 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: CreatePrimary_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef CREATEPRIMARY_FP_H
+#define CREATEPRIMARY_FP_H
+
+typedef struct {
+    TPMI_RH_HIERARCHY		primaryHandle;
+    TPM2B_SENSITIVE_CREATE	inSensitive;
+    TPM2B_PUBLIC		inPublic;
+    TPM2B_DATA			outsideInfo;
+    TPML_PCR_SELECTION		creationPCR;
+} CreatePrimary_In;
+
+#define RC_CreatePrimary_primaryHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_CreatePrimary_inSensitive 	(TPM_RC_P + TPM_RC_1)
+#define RC_CreatePrimary_inPublic 	(TPM_RC_P + TPM_RC_2)
+#define RC_CreatePrimary_outsideInfo	(TPM_RC_P + TPM_RC_3)
+#define RC_CreatePrimary_creationPCR	(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM_HANDLE		objectHandle;
+    TPM2B_PUBLIC	outPublic;
+    TPM2B_CREATION_DATA	creationData;
+    TPM2B_DIGEST	creationHash;
+    TPMT_TK_CREATION	creationTicket;
+    TPM2B_NAME		name;
+} CreatePrimary_Out;
+
+TPM_RC
+TPM2_CreatePrimary(
+		   CreatePrimary_In    *in,            // IN: input parameter list
+		   CreatePrimary_Out   *out            // OUT: output parameter list
+		   );
+
+#endif
diff --git a/utils/ibmtss/CreateWrapKey_fp.h b/utils/ibmtss/CreateWrapKey_fp.h
new file mode 100644
index 000000000..a078d22d3
--- /dev/null
+++ b/utils/ibmtss/CreateWrapKey_fp.h
@@ -0,0 +1,65 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 CreateWrapKey				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: CreateWrapKey_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef CREATEWRAPKEY_FP_H
+#define CREATEWRAPKEY_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_KEY_HANDLE parentHandle;
+    TPM_ENCAUTH dataUsageAuth;
+    TPM_ENCAUTH dataMigrationAuth;
+    TPM_KEY12 keyInfo;    
+} CreateWrapKey_In;  
+
+typedef struct {
+    TPM_KEY12 wrappedKey;
+} CreateWrapKey_Out;  
+
+TPM_RC
+TPM2_CreateWrapKey(
+		   CreateWrapKey_In *in,            // IN: input parameter buffer
+		   CreateWrapKey_Out *out           // OUT: output parameter buffer
+		  );
+
+#endif
diff --git a/utils/ibmtss/Create_fp.h b/utils/ibmtss/Create_fp.h
new file mode 100644
index 000000000..95eca6159
--- /dev/null
+++ b/utils/ibmtss/Create_fp.h
@@ -0,0 +1,96 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Create_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 137 */
+
+#ifndef CREATE_FP_H
+#define CREATE_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		parentHandle;
+    TPM2B_SENSITIVE_CREATE	inSensitive;
+    TPM2B_PUBLIC		inPublic;
+    TPM2B_DATA			outsideInfo;
+    TPML_PCR_SELECTION		creationPCR;
+} Create_In;     
+
+#define RC_Create_parentHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_Create_inSensitive 	(TPM_RC_P + TPM_RC_1)
+#define RC_Create_inPublic 	(TPM_RC_P + TPM_RC_2)
+#define RC_Create_outsideInfo	(TPM_RC_P + TPM_RC_3)
+#define RC_Create_creationPCR	(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM2B_PRIVATE	outPrivate;
+    TPM2B_PUBLIC	outPublic;
+    TPM2B_CREATION_DATA	creationData;
+    TPM2B_DIGEST	creationHash;
+    TPMT_TK_CREATION	creationTicket;
+} Create_Out;
+
+TPM_RC
+TPM2_Create(
+	    Create_In       *in,            // IN: input parameter list
+	    Create_Out      *out            // OUT: output parameter list
+	    );
+
+
+#endif
diff --git a/utils/ibmtss/DictionaryAttackLockReset_fp.h b/utils/ibmtss/DictionaryAttackLockReset_fp.h
new file mode 100644
index 000000000..6ef8ea2bf
--- /dev/null
+++ b/utils/ibmtss/DictionaryAttackLockReset_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: DictionaryAttackLockReset_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef DICTIONARYATTACKLOCKRESET_FP_H
+#define DICTIONARYATTACKLOCKRESET_FP_H
+
+typedef struct {
+    TPMI_RH_LOCKOUT	lockHandle;
+} DictionaryAttackLockReset_In;
+
+#define RC_DictionaryAttackLockReset_lockHandle	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_DictionaryAttackLockReset(
+			       DictionaryAttackLockReset_In    *in             // IN: input parameter list
+			       );
+
+
+#endif
diff --git a/utils/ibmtss/DictionaryAttackParameters_fp.h b/utils/ibmtss/DictionaryAttackParameters_fp.h
new file mode 100644
index 000000000..86903c323
--- /dev/null
+++ b/utils/ibmtss/DictionaryAttackParameters_fp.h
@@ -0,0 +1,86 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*   $Id: DictionaryAttackParameters_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef DICTIONARYATTACKPARAMETERS_FP_H
+#define DICTIONARYATTACKPARAMETERS_FP_H
+
+
+typedef struct {
+    TPMI_RH_LOCKOUT	lockHandle;
+    UINT32		newMaxTries;
+    UINT32		newRecoveryTime;
+    UINT32		lockoutRecovery;
+} DictionaryAttackParameters_In;
+
+#define RC_DictionaryAttackParameters_lockHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_DictionaryAttackParameters_newMaxTries	(TPM_RC_P + TPM_RC_1)
+#define RC_DictionaryAttackParameters_newRecoveryTime	(TPM_RC_P + TPM_RC_2)
+#define RC_DictionaryAttackParameters_lockoutRecovery	(TPM_RC_P + TPM_RC_3)
+
+TPM_RC
+TPM2_DictionaryAttackParameters(
+				DictionaryAttackParameters_In   *in             // IN: input parameter list
+				);
+
+
+#endif
diff --git a/utils/ibmtss/Duplicate_fp.h b/utils/ibmtss/Duplicate_fp.h
new file mode 100644
index 000000000..97693be53
--- /dev/null
+++ b/utils/ibmtss/Duplicate_fp.h
@@ -0,0 +1,91 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Duplicate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef DUPLICATE_FP_H
+#define DUPLICATE_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		objectHandle;
+    TPMI_DH_OBJECT		newParentHandle;
+    TPM2B_DATA			encryptionKeyIn;
+    TPMT_SYM_DEF_OBJECT		symmetricAlg;
+} Duplicate_In;
+
+typedef struct {
+    TPM2B_DATA			encryptionKeyOut;
+    TPM2B_PRIVATE		duplicate;
+    TPM2B_ENCRYPTED_SECRET	outSymSeed;
+} Duplicate_Out;
+
+#define RC_Duplicate_objectHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_Duplicate_newParentHandle 	(TPM_RC_H + TPM_RC_2)
+#define RC_Duplicate_encryptionKeyIn 	(TPM_RC_P + TPM_RC_1)
+#define RC_Duplicate_symmetricAlg 	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_Duplicate(
+	       Duplicate_In    *in,            // IN: input parameter list
+	       Duplicate_Out   *out            // OUT: output parameter list
+	       );
+
+#endif
diff --git a/utils/ibmtss/ECC_Parameters_fp.h b/utils/ibmtss/ECC_Parameters_fp.h
new file mode 100644
index 000000000..18bc2a391
--- /dev/null
+++ b/utils/ibmtss/ECC_Parameters_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ECC_Parameters_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef ECC_PARAMETERS_FP_H
+#define ECC_PARAMETERS_FP_H
+
+typedef struct {
+    TPMI_ECC_CURVE	curveID;
+} ECC_Parameters_In;
+
+#define RC_ECC_Parameters_curveID 	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPMS_ALGORITHM_DETAIL_ECC	parameters;
+} ECC_Parameters_Out;
+
+TPM_RC
+TPM2_ECC_Parameters(
+		    ECC_Parameters_In   *in,            // IN: input parameter list
+		    ECC_Parameters_Out  *out            // OUT: output parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/ECDH_KeyGen_fp.h b/utils/ibmtss/ECDH_KeyGen_fp.h
new file mode 100644
index 000000000..9ff523f14
--- /dev/null
+++ b/utils/ibmtss/ECDH_KeyGen_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ECDH_KeyGen_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef ECDH_KEYGEN_FP_H
+#define ECDH_KEYGEN_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	keyHandle;
+} ECDH_KeyGen_In;
+
+#define RC_ECDH_KeyGen_keyHandle 	(TPM_RC_H + TPM_RC_1)
+
+typedef struct {
+    TPM2B_ECC_POINT	zPoint;
+    TPM2B_ECC_POINT	pubPoint;
+} ECDH_KeyGen_Out;
+
+TPM_RC
+TPM2_ECDH_KeyGen(
+		 ECDH_KeyGen_In      *in,            // IN: input parameter list
+		 ECDH_KeyGen_Out     *out            // OUT: output parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/ECDH_ZGen_fp.h b/utils/ibmtss/ECDH_ZGen_fp.h
new file mode 100644
index 000000000..f93fe15dc
--- /dev/null
+++ b/utils/ibmtss/ECDH_ZGen_fp.h
@@ -0,0 +1,86 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ECDH_ZGen_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef ECDH_ZGEN_FP_H
+#define ECDH_ZGEN_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	keyHandle;
+    TPM2B_ECC_POINT	inPoint;
+} ECDH_ZGen_In;
+
+#define RC_ECDH_ZGen_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_ECDH_ZGen_inPoint 	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM2B_ECC_POINT	outPoint;
+} ECDH_ZGen_Out;
+
+TPM_RC
+TPM2_ECDH_ZGen(
+	       ECDH_ZGen_In    *in,            // IN: input parameter list
+	       ECDH_ZGen_Out   *out            // OUT: output parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/EC_Ephemeral_fp.h b/utils/ibmtss/EC_Ephemeral_fp.h
new file mode 100644
index 000000000..679762324
--- /dev/null
+++ b/utils/ibmtss/EC_Ephemeral_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: EC_Ephemeral_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef EC_EPHEMERAL_FP_H
+#define EC_EPHEMERAL_FP_H
+
+typedef struct {
+    TPMI_ECC_CURVE	curveID;
+} EC_Ephemeral_In;
+
+#define RC_EC_Ephemeral_curveID	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM2B_ECC_POINT	Q;
+    UINT16		counter;
+} EC_Ephemeral_Out;
+
+TPM_RC
+TPM2_EC_Ephemeral(
+		  EC_Ephemeral_In     *in,            // IN: input parameter list
+		  EC_Ephemeral_Out    *out            // OUT: output parameter list
+		  );
+
+#endif
diff --git a/utils/ibmtss/EncryptDecrypt2_fp.h b/utils/ibmtss/EncryptDecrypt2_fp.h
new file mode 100644
index 000000000..cff3a6445
--- /dev/null
+++ b/utils/ibmtss/EncryptDecrypt2_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: EncryptDecrypt2_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015, 2016				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 146*/
+
+#ifndef ENCRYPTDECRYPT2_FP_H
+#define ENCRYPTDECRYPT2_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		keyHandle;
+    TPM2B_MAX_BUFFER		inData;
+    TPMI_YES_NO			decrypt;
+    TPMI_ALG_CIPHER_MODE	mode;
+    TPM2B_IV			ivIn;
+} EncryptDecrypt2_In;
+
+#define RC_EncryptDecrypt2_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_EncryptDecrypt2_inData 	(TPM_RC_P + TPM_RC_1)
+#define RC_EncryptDecrypt2_decrypt	(TPM_RC_P + TPM_RC_2)
+#define RC_EncryptDecrypt2_mode		(TPM_RC_P + TPM_RC_3)
+#define RC_EncryptDecrypt2_ivIn		(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM2B_MAX_BUFFER	outData;
+    TPM2B_IV		ivOut;
+} EncryptDecrypt2_Out;
+
+TPM_RC
+TPM2_EncryptDecrypt2(
+		     EncryptDecrypt2_In   *in,            // IN: input parameter list
+		     EncryptDecrypt2_Out  *out            // OUT: output parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/EncryptDecrypt_fp.h b/utils/ibmtss/EncryptDecrypt_fp.h
new file mode 100644
index 000000000..57b0872f1
--- /dev/null
+++ b/utils/ibmtss/EncryptDecrypt_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: EncryptDecrypt_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 146 */
+
+#ifndef ENCRYPTDECRYPT_FP_H
+#define ENCRYPTDECRYPT_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		keyHandle;
+    TPMI_YES_NO			decrypt;
+    TPMI_ALG_CIPHER_MODE	mode;
+    TPM2B_IV			ivIn;
+    TPM2B_MAX_BUFFER		inData;
+} EncryptDecrypt_In;
+
+#define RC_EncryptDecrypt_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_EncryptDecrypt_decrypt	(TPM_RC_P + TPM_RC_1)
+#define RC_EncryptDecrypt_mode 		(TPM_RC_P + TPM_RC_2)
+#define RC_EncryptDecrypt_ivIn 		(TPM_RC_P + TPM_RC_3)
+#define RC_EncryptDecrypt_inData 	(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM2B_MAX_BUFFER	outData;
+    TPM2B_IV		ivOut;
+} EncryptDecrypt_Out;
+
+TPM_RC
+TPM2_EncryptDecrypt(
+		    EncryptDecrypt_In   *in,            // IN: input parameter list
+		    EncryptDecrypt_Out  *out            // OUT: output parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/EventSequenceComplete_fp.h b/utils/ibmtss/EventSequenceComplete_fp.h
new file mode 100644
index 000000000..e58837e5d
--- /dev/null
+++ b/utils/ibmtss/EventSequenceComplete_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: EventSequenceComplete_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef EVENTSEQUENCECOMPLETE_FP_H
+#define EVENTSEQUENCECOMPLETE_FP_H
+
+typedef struct {
+    TPMI_DH_PCR		pcrHandle;
+    TPMI_DH_OBJECT	sequenceHandle;
+    TPM2B_MAX_BUFFER	buffer;
+} EventSequenceComplete_In;
+
+#define RC_EventSequenceComplete_pcrHandle		(TPM_RC_H + TPM_RC_1)
+#define RC_EventSequenceComplete_sequenceHandle 	(TPM_RC_H + TPM_RC_2)
+#define RC_EventSequenceComplete_buffer			(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPML_DIGEST_VALUES	results;
+} EventSequenceComplete_Out;
+
+TPM_RC
+TPM2_EventSequenceComplete(
+			   EventSequenceComplete_In    *in,            // IN: input parameter list
+			   EventSequenceComplete_Out   *out            // OUT: output parameter list
+			   );
+
+
+#endif
diff --git a/utils/ibmtss/EvictControl_fp.h b/utils/ibmtss/EvictControl_fp.h
new file mode 100644
index 000000000..1b31c4992
--- /dev/null
+++ b/utils/ibmtss/EvictControl_fp.h
@@ -0,0 +1,82 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: EvictControl_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef EVICTCONTROL_FP_H
+#define EVICTCONTROL_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	auth;
+    TPMI_DH_OBJECT	objectHandle;
+    TPMI_DH_PERSISTENT	persistentHandle;
+} EvictControl_In;
+
+#define RC_EvictControl_auth			(TPM_RC_H + TPM_RC_1)
+#define RC_EvictControl_objectHandle 		(TPM_RC_H + TPM_RC_2)
+#define RC_EvictControl_persistentHandle 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_EvictControl(
+		  EvictControl_In     *in             // IN: input parameter list
+		  );
+
+#endif
diff --git a/utils/ibmtss/Extend_fp.h b/utils/ibmtss/Extend_fp.h
new file mode 100644
index 000000000..197e4c802
--- /dev/null
+++ b/utils/ibmtss/Extend_fp.h
@@ -0,0 +1,64 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Extend					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: Extend_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef EXTEND_FP_H
+#define EXTEND_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+
+    TPM_PCRINDEX pcrNum;
+    TPM_DIGEST inDigest;
+} Extend_In;  
+
+typedef struct {
+    TPM_PCRVALUE outDigest;
+} Extend_Out;  
+
+TPM_RC
+TPM2_Extend(
+	    Extend_In *in,            // IN: input parameter buffer
+	    Extend_Out *out           // OUT: output parameter buffer
+	    );
+
+#endif
diff --git a/utils/ibmtss/FlushContext_fp.h b/utils/ibmtss/FlushContext_fp.h
new file mode 100644
index 000000000..97b22e53b
--- /dev/null
+++ b/utils/ibmtss/FlushContext_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: FlushContext_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef FLUSHCONTEXT_FP_H
+#define FLUSHCONTEXT_FP_H
+
+typedef struct {
+    TPMI_DH_CONTEXT	flushHandle;
+} FlushContext_In;
+
+#define RC_FlushContext_flushHandle	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_FlushContext(
+		  FlushContext_In     *in             // IN: input parameter list
+		  );
+
+#endif
diff --git a/utils/ibmtss/FlushSpecific_fp.h b/utils/ibmtss/FlushSpecific_fp.h
new file mode 100644
index 000000000..59b675134
--- /dev/null
+++ b/utils/ibmtss/FlushSpecific_fp.h
@@ -0,0 +1,58 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 FlushSpecific				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: FlushSpecific_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef FLUSHSPECIFIC_FP_H
+#define FLUSHSPECIFIC_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_HANDLE handle;
+    TPM_RESOURCE_TYPE resourceType;
+} FlushSpecific_In;  
+
+TPM_RC
+TPM2_FlushSpecific(
+		   FlushSpecific_In *in            // IN: input parameter buffer
+		   );
+
+#endif
diff --git a/utils/ibmtss/GetCapability12_fp.h b/utils/ibmtss/GetCapability12_fp.h
new file mode 100644
index 000000000..a1c47a053
--- /dev/null
+++ b/utils/ibmtss/GetCapability12_fp.h
@@ -0,0 +1,65 @@
+/********************************************************************************/
+/*										*/
+/*			    Get Capability for TPM 1.2 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef GETCAPABILITY12_FP_H
+#define GETCAPABILITY12_FP_H
+
+typedef struct {
+    TPM_CAPABILITY_AREA	capArea;
+    UINT32		subCapSize;
+    uint8_t		subCap[MAX_RESPONSE_SIZE];
+} GetCapability12_In;
+
+#define RC_GetCapability12_capArea 	(TPM_RC_P + TPM_RC_1)
+#define RC_GetCapability12_subCapSize 	(TPM_RC_P + TPM_RC_2)
+#define RC_GetCapability12_subcap 	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    UINT32 		respSize;
+    uint8_t		resp[MAX_RESPONSE_SIZE];
+} GetCapability12_Out;
+
+
+TPM_RC
+TPM2_GetCapability12(
+		   GetCapability12_In    *in,            // IN: input parameter list
+		   GetCapability12_Out   *out            // OUT: output parameter list
+		   );
+
+
+#endif
diff --git a/utils/ibmtss/GetCapability_fp.h b/utils/ibmtss/GetCapability_fp.h
new file mode 100644
index 000000000..7257613ae
--- /dev/null
+++ b/utils/ibmtss/GetCapability_fp.h
@@ -0,0 +1,90 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: GetCapability_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef GETCAPABILITY_FP_H
+#define GETCAPABILITY_FP_H
+
+typedef struct {
+    TPM_CAP	capability;
+    UINT32	property;
+    UINT32	propertyCount;
+} GetCapability_In;
+
+#define RC_GetCapability_capability	(TPM_RC_P + TPM_RC_1)
+#define RC_GetCapability_property 	(TPM_RC_P + TPM_RC_2)
+#define RC_GetCapability_propertyCount	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPMI_YES_NO			moreData;
+    TPMS_CAPABILITY_DATA	capabilityData;
+} GetCapability_Out;
+
+
+TPM_RC
+TPM2_GetCapability(
+		   GetCapability_In    *in,            // IN: input parameter list
+		   GetCapability_Out   *out            // OUT: output parameter list
+		   );
+
+
+#endif
diff --git a/utils/ibmtss/GetCommandAuditDigest_fp.h b/utils/ibmtss/GetCommandAuditDigest_fp.h
new file mode 100644
index 000000000..71a5f152d
--- /dev/null
+++ b/utils/ibmtss/GetCommandAuditDigest_fp.h
@@ -0,0 +1,91 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: GetCommandAuditDigest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef GETCOMMANDAUDITDIGEST_FP_H
+#define GETCOMMANDAUDITDIGEST_FP_H
+
+typedef struct {
+    TPMI_RH_ENDORSEMENT	privacyHandle;
+    TPMI_DH_OBJECT	signHandle;
+    TPM2B_DATA		qualifyingData;
+    TPMT_SIG_SCHEME	inScheme;
+} GetCommandAuditDigest_In;
+
+#define RC_GetCommandAuditDigest_privacyHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_GetCommandAuditDigest_signHandle 	(TPM_RC_H + TPM_RC_2)
+#define RC_GetCommandAuditDigest_qualifyingData	(TPM_RC_P + TPM_RC_1)
+#define RC_GetCommandAuditDigest_inScheme 	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_ATTEST	auditInfo;
+    TPMT_SIGNATURE	signature;
+} GetCommandAuditDigest_Out;
+
+TPM_RC
+TPM2_GetCommandAuditDigest(
+			   GetCommandAuditDigest_In    *in,            // IN: input parameter list
+			   GetCommandAuditDigest_Out   *out            // OUT: output parameter list
+			   );
+
+
+#endif
diff --git a/utils/ibmtss/GetRandom_fp.h b/utils/ibmtss/GetRandom_fp.h
new file mode 100644
index 000000000..438da95c0
--- /dev/null
+++ b/utils/ibmtss/GetRandom_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: GetRandom_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef GETRANDOM_FP_H
+#define GETRANDOM_FP_H
+
+typedef struct {
+    UINT16	bytesRequested;
+} GetRandom_In;
+
+#define RC_GetRandom_bytesRequested	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM2B_DIGEST	randomBytes;
+} GetRandom_Out;
+
+TPM_RC
+TPM2_GetRandom(
+	       GetRandom_In    *in,            // IN: input parameter list
+	       GetRandom_Out   *out            // OUT: output parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/GetSessionAuditDigest_fp.h b/utils/ibmtss/GetSessionAuditDigest_fp.h
new file mode 100644
index 000000000..b49c8cd68
--- /dev/null
+++ b/utils/ibmtss/GetSessionAuditDigest_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: GetSessionAuditDigest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef GETSESSIONAUDITDIGEST_FP_H
+#define GETSESSIONAUDITDIGEST_FP_H
+
+typedef struct {
+    TPMI_RH_ENDORSEMENT		privacyAdminHandle;
+    TPMI_DH_OBJECT		signHandle;
+    TPMI_SH_HMAC		sessionHandle;
+    TPM2B_DATA			qualifyingData;
+    TPMT_SIG_SCHEME		inScheme;
+} GetSessionAuditDigest_In;
+
+#define RC_GetSessionAuditDigest_privacyAdminHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_GetSessionAuditDigest_signHandle		(TPM_RC_H + TPM_RC_2)
+#define RC_GetSessionAuditDigest_sessionHandle		(TPM_RC_H + TPM_RC_3)
+#define RC_GetSessionAuditDigest_qualifyingData		(TPM_RC_P + TPM_RC_1)
+#define RC_GetSessionAuditDigest_inScheme		(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_ATTEST	auditInfo;
+    TPMT_SIGNATURE	signature;
+} GetSessionAuditDigest_Out;
+
+TPM_RC
+TPM2_GetSessionAuditDigest(
+			   GetSessionAuditDigest_In    *in,            // IN: input parameter list
+			   GetSessionAuditDigest_Out   *out            // OUT: output parameter list
+			   );
+
+
+#endif
diff --git a/utils/ibmtss/GetTestResult_fp.h b/utils/ibmtss/GetTestResult_fp.h
new file mode 100644
index 000000000..4c4c71660
--- /dev/null
+++ b/utils/ibmtss/GetTestResult_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: GetTestResult_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2016				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef GETTESTRESULT_FP_H
+#define GETTESTRESULT_FP_H
+
+typedef struct{
+    TPM2B_MAX_BUFFER	outData;
+    TPM_RC		testResult;
+} GetTestResult_Out;
+
+
+    TPM_RC
+TPM2_GetTestResult(
+		   GetTestResult_Out   *out            // OUT: output parameter list
+		   );
+
+
+#endif
diff --git a/utils/ibmtss/GetTime_fp.h b/utils/ibmtss/GetTime_fp.h
new file mode 100644
index 000000000..75c5e6c1e
--- /dev/null
+++ b/utils/ibmtss/GetTime_fp.h
@@ -0,0 +1,91 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: GetTime_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef GETTIME_FP_H
+#define GETTIME_FP_H
+
+typedef struct {
+    TPMI_RH_ENDORSEMENT	privacyAdminHandle;
+    TPMI_DH_OBJECT	signHandle;
+    TPM2B_DATA		qualifyingData;
+    TPMT_SIG_SCHEME	inScheme;
+} GetTime_In;
+
+#define RC_GetTime_privacyAdminHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_GetTime_signHandle 		(TPM_RC_H + TPM_RC_2)
+#define RC_GetTime_qualifyingData	(TPM_RC_P + TPM_RC_1)
+#define RC_GetTime_inScheme 		(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_ATTEST	timeInfo;
+    TPMT_SIGNATURE	signature;
+} GetTime_Out;
+
+TPM_RC
+TPM2_GetTime(
+	     GetTime_In      *in,            // IN: input parameter list
+	     GetTime_Out     *out            // OUT: output parameter list
+	     );
+
+
+#endif
diff --git a/utils/ibmtss/HMAC_Start_fp.h b/utils/ibmtss/HMAC_Start_fp.h
new file mode 100644
index 000000000..b27b2e574
--- /dev/null
+++ b/utils/ibmtss/HMAC_Start_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: HMAC_Start_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef HMAC_START_FP_H
+#define HMAC_START_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	handle;
+    TPM2B_AUTH		auth;
+    TPMI_ALG_HASH	hashAlg;
+} HMAC_Start_In;
+
+typedef struct {
+    TPMI_DH_OBJECT	sequenceHandle;
+} HMAC_Start_Out;
+
+#define RC_HMAC_Start_handle	(TPM_RC_H + TPM_RC_1)
+#define RC_HMAC_Start_auth	(TPM_RC_P + TPM_RC_1)
+#define RC_HMAC_Start_hashAlg	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_HMAC_Start(
+		HMAC_Start_In   *in,            // IN: input parameter list
+		HMAC_Start_Out  *out            // OUT: output parameter list
+		);
+
+
+#endif
diff --git a/utils/ibmtss/HMAC_fp.h b/utils/ibmtss/HMAC_fp.h
new file mode 100644
index 000000000..aace92290
--- /dev/null
+++ b/utils/ibmtss/HMAC_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: HMAC_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef HMAC_FP_H
+#define HMAC_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	handle;
+    TPM2B_MAX_BUFFER	buffer;
+    TPMI_ALG_HASH	hashAlg;
+} HMAC_In;
+
+#define RC_HMAC_handle 		(TPM_RC_H + TPM_RC_1)
+#define RC_HMAC_buffer		(TPM_RC_P + TPM_RC_1)
+#define RC_HMAC_hashAlg 	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_DIGEST	outHMAC;
+} HMAC_Out;
+
+TPM_RC
+TPM2_HMAC(
+	  HMAC_In         *in,            // IN: input parameter list
+	  HMAC_Out        *out            // OUT: output parameter list
+	  );
+
+
+#endif
diff --git a/utils/ibmtss/HashSequenceStart_fp.h b/utils/ibmtss/HashSequenceStart_fp.h
new file mode 100644
index 000000000..7a5bd1167
--- /dev/null
+++ b/utils/ibmtss/HashSequenceStart_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: HashSequenceStart_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef HASHSEQUENCESTART_FP_H
+#define HASHSEQUENCESTART_FP_H
+
+typedef struct {
+    TPM2B_AUTH		auth;
+    TPMI_ALG_HASH	hashAlg;
+} HashSequenceStart_In;
+
+#define RC_HashSequenceStart_auth	(TPM_RC_P + TPM_RC_1)
+#define RC_HashSequenceStart_hashAlg	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPMI_DH_OBJECT	sequenceHandle;
+} HashSequenceStart_Out;
+
+
+
+TPM_RC
+TPM2_HashSequenceStart(
+		       HashSequenceStart_In    *in,            // IN: input parameter list
+		       HashSequenceStart_Out   *out            // OUT: output parameter list
+		       );
+
+
+#endif
diff --git a/utils/ibmtss/Hash_fp.h b/utils/ibmtss/Hash_fp.h
new file mode 100644
index 000000000..7e3a0093f
--- /dev/null
+++ b/utils/ibmtss/Hash_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Hash_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef HASH_FP_H
+#define HASH_FP_H
+
+typedef struct {
+    TPM2B_MAX_BUFFER	data;
+    TPMI_ALG_HASH	hashAlg;
+    TPMI_RH_HIERARCHY	hierarchy;
+} Hash_In;
+
+#define RC_Hash_data		(TPM_RC_P + TPM_RC_1)
+#define RC_Hash_hashAlg		(TPM_RC_P + TPM_RC_2)
+#define RC_Hash_hierarchy	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_DIGEST	outHash;
+    TPMT_TK_HASHCHECK	validation;
+} Hash_Out;
+
+TPM_RC
+TPM2_Hash(
+	  Hash_In         *in,            // IN: input parameter list
+	  Hash_Out        *out            // OUT: output parameter list
+	  );
+
+
+#endif
diff --git a/utils/ibmtss/HierarchyChangeAuth_fp.h b/utils/ibmtss/HierarchyChangeAuth_fp.h
new file mode 100644
index 000000000..df6278a66
--- /dev/null
+++ b/utils/ibmtss/HierarchyChangeAuth_fp.h
@@ -0,0 +1,80 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: HierarchyChangeAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef HIERARCHYCHANGEAUTH_FP_H
+#define HIERARCHYCHANGEAUTH_FP_H
+
+typedef struct {
+    TPMI_RH_HIERARCHY_AUTH	authHandle;
+    TPM2B_AUTH			newAuth;
+} HierarchyChangeAuth_In;
+
+#define RC_HierarchyChangeAuth_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_HierarchyChangeAuth_newAuth 		(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_HierarchyChangeAuth(
+			 HierarchyChangeAuth_In  *in             // IN: input parameter list
+			 );
+
+#endif
diff --git a/utils/ibmtss/HierarchyControl_fp.h b/utils/ibmtss/HierarchyControl_fp.h
new file mode 100644
index 000000000..e774f6df1
--- /dev/null
+++ b/utils/ibmtss/HierarchyControl_fp.h
@@ -0,0 +1,83 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: HierarchyControl_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef HIERARCHYCONTROL_FP_H
+#define HIERARCHYCONTROL_FP_H
+
+typedef struct {
+    TPMI_RH_HIERARCHY	authHandle;
+    TPMI_RH_ENABLES	enable;
+    TPMI_YES_NO		state;
+} HierarchyControl_In;
+
+#define RC_HierarchyControl_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_HierarchyControl_enable	(TPM_RC_P + TPM_RC_1)
+#define RC_HierarchyControl_state	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_HierarchyControl(
+		      HierarchyControl_In     *in             // IN: input parameter list
+		      );
+
+
+#endif
diff --git a/utils/ibmtss/Implementation.h b/utils/ibmtss/Implementation.h
new file mode 100644
index 000000000..9d63da1d2
--- /dev/null
+++ b/utils/ibmtss/Implementation.h
@@ -0,0 +1,1446 @@
+/********************************************************************************/
+/*										*/
+/*		    TSS Implementation Specific Constants			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+/* #define TPM_TSS_SO_0 to get the libibmtss.so.0 values.  Leave it undefined to get the new
+   libibmtss.so.1 values.
+
+   The new values are required for a TPM with 4 or more hash algorithms.
+*/
+
+// A.2	Implementation.h
+
+#ifndef _IMPLEMENTATION_H_
+#define _IMPLEMENTATION_H_
+
+#include <ibmtss/TpmBuildSwitches.h>
+#include <ibmtss/BaseTypes.h>
+#include <ibmtss/TPMB.h>
+
+/* Constants for TPM_Types.h structures.  Changing these values is likely to break ABI
+   compatiblility.*/
+
+// From Vendor-Specific: Table 4 - Defines for Key Size Constants
+
+#ifdef TPM_TSS_SO_0
+#define  MAX_RSA_KEY_BYTES          256
+#else
+#define  MAX_RSA_KEY_BYTES          512
+#endif
+
+#ifdef TPM_TSS_SO_0
+#define  MAX_ECC_KEY_BYTES     48
+#else
+#define  MAX_ECC_KEY_BYTES     128
+#endif
+
+/* This is the PC Client minimum value, and should be used for applications. */
+#define IMPLEMENTATION_PCR		24
+
+#define MAX_HANDLE_NUM			3	/* the maximum number of handles in the handle
+						   area */
+#define MAX_ACTIVE_SESSIONS		64	/* the number of simultaneously active sessions that
+						   are supported by the TPM implementation */
+#define MAX_SESSION_NUM 		3	/* this is the current maximum value */
+
+#ifdef TPM_TSS_SO_0
+#define PCR_SELECT_MAX			((IMPLEMENTATION_PCR+7)/8)
+#else
+/* increased to 8 to handle up to 64 PCRs */
+#define PCR_SELECT_MAX			8
+#endif
+
+#ifdef TPM_TSS_SO_0
+#define MAX_CONTEXT_SIZE		2048
+#else
+#define MAX_CONTEXT_SIZE		5120
+#endif
+
+#define MAX_DIGEST_BUFFER		2048
+#define MAX_NV_BUFFER_SIZE		2048
+#define MAX_CAP_BUFFER                  2048
+
+#ifdef TPM_TSS_SO_0
+#define MAX_ALG_LIST_SIZE               64	/* number of algorithms that can be in a list */
+#else
+#define MAX_ALG_LIST_SIZE               128	/* number of algorithms that can be in a list */
+#endif
+
+#define MAX_COMMAND_SIZE		4096	/* maximum size of a command */
+#define MAX_RESPONSE_SIZE		4096	/* maximum size of a response */
+
+#ifdef TPM_TSS_SO_0
+#define MAX_SYM_DATA			128		/* this is the maximum number of octets that
+							   may be in a sealed blob. */
+#else
+#define MAX_SYM_DATA			256
+#endif
+
+#ifdef TPM_TSS_SO_0
+/* For the TSS .so.0, the number of digest and PCR banks was originally dependent on the number of
+   supported hash algoriths, using common TPM / TSS code. */
+#define HASH_COUNT 3
+#else
+/* For the TSS .so.1, the number was increased to support a SW TPM with 4 banks (unlikely for a HW
+   TPM) plus future expansion. */
+#define HASH_COUNT 16
+#endif
+
+/* value independent of supported hash algorithms */
+#define LABEL_MAX_BUFFER   48
+#if LABEL_MAX_BUFFER < 32
+#error "The size allowed for the label is not large enough for interoperability."
+#endif
+
+/* hard code maximum independent of the algorithms actually supported */
+#define MAX_SYM_KEY_BYTES 	32
+#define MAX_SYM_BLOCK_SIZE  	16
+
+#define RSA_DEFAULT_PUBLIC_EXPONENT	0x00010001	/* 2^^16 + 1 */
+
+#undef TRUE
+#undef FALSE
+
+// From TPM 2.0 Part 2: Table 4 - Defines for Logic Values
+
+#define  TRUE     1
+#define  FALSE    0
+#define  YES      1
+#define  NO       0
+#define  SET      1
+#define  CLEAR    0
+
+// Change these definitions to turn all algorithms or commands ON or OFF. That is, to turn all
+// algorithms on, set ALG_NO to YES. This is mostly useful as a debug feature.
+
+#define      ALG_YES      YES
+#define      ALG_NO       NO
+#define      CC_YES       YES
+#define      CC_NO        NO
+
+// From Vendor-Specific: Table 2 - Defines for Implemented Algorithms
+
+#ifndef ALG_RSA
+#define  ALG_RSA               ALG_YES
+#endif
+#ifndef ALG_SHA1
+#define  ALG_SHA1              ALG_YES
+#endif
+#define  ALG_HMAC              ALG_YES
+#ifndef ALG_TDES
+#define  ALG_TDES              ALG_YES
+#endif
+#define  ALG_AES               ALG_YES
+#define  ALG_MGF1              ALG_YES
+#define  ALG_XOR               ALG_YES
+#define  ALG_KEYEDHASH         ALG_YES
+#ifndef ALG_SHA256
+#define  ALG_SHA256            ALG_YES
+#endif
+#ifndef ALG_SHA384
+#define  ALG_SHA384            ALG_YES
+#endif
+#ifndef ALG_SHA512
+#define  ALG_SHA512            ALG_YES
+#endif
+#define  ALG_SHA3_256          ALG_NO
+#define  ALG_SHA3_384          ALG_NO
+#define  ALG_SHA3_512          ALG_NO
+#define  ALG_SM3_256           ALG_YES
+#define  ALG_SM4               ALG_NO
+#define  ALG_RSASSA            (ALG_YES*ALG_RSA)
+#define  ALG_RSAES             (ALG_YES*ALG_RSA)
+#define  ALG_RSAPSS            (ALG_YES*ALG_RSA)
+#define  ALG_OAEP              (ALG_YES*ALG_RSA)
+#ifndef ALG_ECC
+#define  ALG_ECC               ALG_YES
+#endif
+#define  ALG_ECDH              (ALG_YES*ALG_ECC)
+#define  ALG_ECDSA             (ALG_YES*ALG_ECC)
+#define  ALG_ECDAA             (ALG_YES*ALG_ECC)
+#define  ALG_SM2               (ALG_YES*ALG_ECC)
+#define  ALG_ECSCHNORR         (ALG_YES*ALG_ECC)
+#define  ALG_ECMQV             (ALG_NO*ALG_ECC)
+#define  ALG_SYMCIPHER         ALG_YES
+#define  ALG_KDF1_SP800_56A    (ALG_YES*ALG_ECC)
+#define  ALG_KDF2              ALG_NO
+#define  ALG_KDF1_SP800_108    ALG_YES
+#define  ALG_CTR               ALG_YES
+#define  ALG_OFB               ALG_YES
+#define  ALG_CBC               ALG_YES
+#define  ALG_CFB               ALG_YES
+#define  ALG_ECB               ALG_YES
+
+// From Vendor-Specific: Table 6 - Defines for Implemented Commands
+
+#define  CC_ActivateCredential            CC_YES
+#define  CC_Certify                       CC_YES
+#define  CC_CertifyCreation               CC_YES
+#define  CC_CertifyX509		          CC_YES
+#define  CC_ChangeEPS                     CC_YES
+#define  CC_ChangePPS                     CC_YES
+#define  CC_Clear                         CC_YES
+#define  CC_ClearControl                  CC_YES
+#define  CC_ClockRateAdjust               CC_YES
+#define  CC_ClockSet                      CC_YES
+#define  CC_Commit                        (CC_YES*ALG_ECC)
+#define  CC_ContextLoad                   CC_YES
+#define  CC_ContextSave                   CC_YES
+#define  CC_Create                        CC_YES
+#define  CC_CreatePrimary                 CC_YES
+#define  CC_DictionaryAttackLockReset     CC_YES
+#define  CC_DictionaryAttackParameters    CC_YES
+#define  CC_Duplicate                     CC_YES
+#define  CC_ECC_Parameters                (CC_YES*ALG_ECC)
+#define  CC_ECDH_KeyGen                   (CC_YES*ALG_ECC)
+#define  CC_ECDH_ZGen                     (CC_YES*ALG_ECC)
+#define  CC_EncryptDecrypt                CC_YES
+#define  CC_EventSequenceComplete         CC_YES
+#define  CC_EvictControl                  CC_YES
+#define  CC_FieldUpgradeData              CC_NO
+#define  CC_FieldUpgradeStart             CC_NO
+#define  CC_FirmwareRead                  CC_NO
+#define  CC_FlushContext                  CC_YES
+#define  CC_GetCapability                 CC_YES
+#define  CC_GetCommandAuditDigest         CC_YES
+#define  CC_GetRandom                     CC_YES
+#define  CC_GetSessionAuditDigest         CC_YES
+#define  CC_GetTestResult                 CC_YES
+#define  CC_GetTime                       CC_YES
+#define  CC_Hash                          CC_YES
+#define  CC_HashSequenceStart             CC_YES
+#define  CC_HierarchyChangeAuth           CC_YES
+#define  CC_HierarchyControl              CC_YES
+#define  CC_HMAC                          CC_YES
+#define  CC_HMAC_Start                    CC_YES
+#define  CC_Import                        CC_YES
+#define  CC_IncrementalSelfTest           CC_YES
+#define  CC_Load                          CC_YES
+#define  CC_LoadExternal                  CC_YES
+#define  CC_MakeCredential                CC_YES
+#define  CC_NV_Certify                    CC_YES
+#define  CC_NV_ChangeAuth                 CC_YES
+#define  CC_NV_DefineSpace                CC_YES
+#define  CC_NV_Extend                     CC_YES
+#define  CC_NV_GlobalWriteLock            CC_YES
+#define  CC_NV_Increment                  CC_YES
+#define  CC_NV_Read                       CC_YES
+#define  CC_NV_ReadLock                   CC_YES
+#define  CC_NV_ReadPublic                 CC_YES
+#define  CC_NV_SetBits                    CC_YES
+#define  CC_NV_UndefineSpace              CC_YES
+#define  CC_NV_UndefineSpaceSpecial       CC_YES
+#define  CC_NV_Write                      CC_YES
+#define  CC_NV_WriteLock                  CC_YES
+#define  CC_ObjectChangeAuth              CC_YES
+#define  CC_PCR_Allocate                  CC_YES
+#define  CC_PCR_Event                     CC_YES
+#define  CC_PCR_Extend                    CC_YES
+#define  CC_PCR_Read                      CC_YES
+#define  CC_PCR_Reset                     CC_YES
+#define  CC_PCR_SetAuthPolicy             CC_YES
+#define  CC_PCR_SetAuthValue              CC_YES
+#define  CC_PolicyAuthorize               CC_YES
+#define  CC_PolicyAuthorizeNV             CC_YES
+#define  CC_PolicyAuthValue               CC_YES
+#define  CC_PolicyCommandCode             CC_YES
+#define  CC_PolicyCounterTimer            CC_YES
+#define  CC_PolicyCpHash                  CC_YES
+#define  CC_PolicyDuplicationSelect       CC_YES
+#define  CC_PolicyGetDigest               CC_YES
+#define  CC_PolicyLocality                CC_YES
+#define  CC_PolicyNameHash                CC_YES
+#define  CC_PolicyNV                      CC_YES
+#define  CC_PolicyOR                      CC_YES
+#define  CC_PolicyPassword                CC_YES
+#define  CC_PolicyPCR                     CC_YES
+#define  CC_PolicyPhysicalPresence        CC_YES
+#define  CC_PolicyRestart                 CC_YES
+#define  CC_PolicySecret                  CC_YES
+#define  CC_PolicySigned                  CC_YES
+#define  CC_PolicyTicket                  CC_YES
+#define  CC_PP_Commands                   CC_YES
+#define  CC_Quote                         CC_YES
+#define  CC_ReadClock                     CC_YES
+#define  CC_ReadPublic                    CC_YES
+#define  CC_Rewrap                        CC_YES
+#define  CC_RSA_Decrypt                   (CC_YES*ALG_RSA)
+#define  CC_RSA_Encrypt                   (CC_YES*ALG_RSA)
+#define  CC_SelfTest                      CC_YES
+#define  CC_SequenceComplete              CC_YES
+#define  CC_SequenceUpdate                CC_YES
+#define  CC_SetAlgorithmSet               CC_YES
+#define  CC_SetCommandCodeAuditStatus     CC_YES
+#define  CC_SetPrimaryPolicy              CC_YES
+#define  CC_Shutdown                      CC_YES
+#define  CC_Sign                          CC_YES
+#define  CC_StartAuthSession              CC_YES
+#define  CC_Startup                       CC_YES
+#define  CC_StirRandom                    CC_YES
+#define  CC_TestParms                     CC_YES
+#define  CC_Unseal                        CC_YES
+#define  CC_VerifySignature               CC_YES
+#define  CC_ZGen_2Phase                   (CC_YES*ALG_ECC)
+#define  CC_EC_Ephemeral                  (CC_YES*ALG_ECC)
+#define  CC_PolicyNvWritten               CC_YES
+#define  CC_PolicyTemplate                CC_YES
+#define  CC_CreateLoaded                  CC_YES
+#define  CC_PolicyAuthorizeNV             CC_YES
+#define  CC_EncryptDecrypt2               CC_YES
+#define  CC_Vendor_TCG_Test               CC_YES
+
+#define  CC_NTC2_PreConfig                CC_YES
+#define  CC_NTC2_LockPreConfig            CC_YES
+#define  CC_NTC2_GetConfig                CC_YES
+
+// From TCG Algorithm Registry: Table 2 - Definition of TPM_ALG_ID Constants
+
+#define  ALG_ERROR_VALUE             0x0000
+#define  TPM_ALG_ERROR               (TPM_ALG_ID)(ALG_ERROR_VALUE)
+#define  ALG_RSA_VALUE               0x0001
+#if defined ALG_RSA && ALG_RSA == YES
+#define  TPM_ALG_RSA                 (TPM_ALG_ID)(ALG_RSA_VALUE)
+#endif
+#define  ALG_TDES_VALUE              0x0003
+#if defined ALG_TDES && ALG_TDES == YES
+#define  TPM_ALG_TDES                (TPM_ALG_ID)(ALG_TDES_VALUE)
+#endif
+#define  ALG_SHA_VALUE               0x0004
+#if defined ALG_SHA && ALG_SHA == YES
+#define  TPM_ALG_SHA                 (TPM_ALG_ID)(ALG_SHA_VALUE)
+#endif
+#define  ALG_SHA1_VALUE              0x0004
+#if defined ALG_SHA1 && ALG_SHA1 == YES
+#define  TPM_ALG_SHA1                (TPM_ALG_ID)(ALG_SHA1_VALUE)
+#endif
+#define  ALG_HMAC_VALUE              0x0005
+#if defined ALG_HMAC && ALG_HMAC == YES
+#define  TPM_ALG_HMAC                (TPM_ALG_ID)(ALG_HMAC_VALUE)
+#endif
+#define  ALG_AES_VALUE               0x0006
+#if defined ALG_AES && ALG_AES == YES
+#define  TPM_ALG_AES                 (TPM_ALG_ID)(ALG_AES_VALUE)
+#endif
+#define  ALG_MGF1_VALUE              0x0007
+#if defined ALG_MGF1 && ALG_MGF1 == YES
+#define  TPM_ALG_MGF1                (TPM_ALG_ID)(ALG_MGF1_VALUE)
+#endif
+#define  ALG_KEYEDHASH_VALUE         0x0008
+#if defined ALG_KEYEDHASH && ALG_KEYEDHASH == YES
+#define  TPM_ALG_KEYEDHASH           (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE)
+#endif
+#define  ALG_XOR_VALUE               0x000A
+#if defined ALG_XOR && ALG_XOR == YES
+#define  TPM_ALG_XOR                 (TPM_ALG_ID)(ALG_XOR_VALUE)
+#endif
+#define  ALG_SHA256_VALUE            0x000B
+#if defined ALG_SHA256 && ALG_SHA256 == YES
+#define  TPM_ALG_SHA256              (TPM_ALG_ID)(ALG_SHA256_VALUE)
+#endif
+#define  ALG_SHA384_VALUE            0x000C
+#if defined ALG_SHA384 && ALG_SHA384 == YES
+#define  TPM_ALG_SHA384              (TPM_ALG_ID)(ALG_SHA384_VALUE)
+#endif
+#define  ALG_SHA512_VALUE            0x000D
+#if defined ALG_SHA512 && ALG_SHA512 == YES
+#define  TPM_ALG_SHA512              (TPM_ALG_ID)(ALG_SHA512_VALUE)
+#endif
+#define  ALG_NULL_VALUE              0x0010
+#define  TPM_ALG_NULL                (TPM_ALG_ID)(ALG_NULL_VALUE)
+#define  ALG_SM3_256_VALUE           0x0012
+#if defined ALG_SM3_256 && ALG_SM3_256 == YES
+#define  TPM_ALG_SM3_256             (TPM_ALG_ID)(ALG_SM3_256_VALUE)
+#endif
+#define  ALG_SM4_VALUE               0x0013
+#if defined ALG_SM4 && ALG_SM4 == YES
+#define  TPM_ALG_SM4                 (TPM_ALG_ID)(ALG_SM4_VALUE)
+#endif
+#define  ALG_RSASSA_VALUE            0x0014
+#if defined ALG_RSASSA && ALG_RSASSA == YES
+#define  TPM_ALG_RSASSA              (TPM_ALG_ID)(ALG_RSASSA_VALUE)
+#endif
+#define  ALG_RSAES_VALUE             0x0015
+#if defined ALG_RSAES && ALG_RSAES == YES
+#define  TPM_ALG_RSAES               (TPM_ALG_ID)(ALG_RSAES_VALUE)
+#endif
+#define  ALG_RSAPSS_VALUE            0x0016
+#if defined ALG_RSAPSS && ALG_RSAPSS == YES
+#define  TPM_ALG_RSAPSS              (TPM_ALG_ID)(ALG_RSAPSS_VALUE)
+#endif
+#define  ALG_OAEP_VALUE              0x0017
+#if defined ALG_OAEP && ALG_OAEP == YES
+#define  TPM_ALG_OAEP                (TPM_ALG_ID)(ALG_OAEP_VALUE)
+#endif
+#define  ALG_ECDSA_VALUE             0x0018
+#if defined ALG_ECDSA && ALG_ECDSA == YES
+#define  TPM_ALG_ECDSA               (TPM_ALG_ID)(ALG_ECDSA_VALUE)
+#endif
+#define  ALG_ECDH_VALUE              0x0019
+#if defined ALG_ECDH && ALG_ECDH == YES
+#define  TPM_ALG_ECDH                (TPM_ALG_ID)(ALG_ECDH_VALUE)
+#endif
+#define  ALG_ECDAA_VALUE             0x001A
+#if defined ALG_ECDAA && ALG_ECDAA == YES
+#define  TPM_ALG_ECDAA               (TPM_ALG_ID)(ALG_ECDAA_VALUE)
+#endif
+#define  ALG_SM2_VALUE               0x001B
+#if defined ALG_SM2 && ALG_SM2 == YES
+#define  TPM_ALG_SM2                 (TPM_ALG_ID)(ALG_SM2_VALUE)
+#endif
+#define  ALG_ECSCHNORR_VALUE         0x001C
+#if defined ALG_ECSCHNORR && ALG_ECSCHNORR == YES
+#define  TPM_ALG_ECSCHNORR           (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE)
+#endif
+#define  ALG_ECMQV_VALUE             0x001D
+#if defined ALG_ECMQV && ALG_ECMQV == YES
+#define  TPM_ALG_ECMQV               (TPM_ALG_ID)(ALG_ECMQV_VALUE)
+#endif
+#define  ALG_KDF1_SP800_56A_VALUE    0x0020
+#if defined ALG_KDF1_SP800_56A && ALG_KDF1_SP800_56A == YES
+#define  TPM_ALG_KDF1_SP800_56A      (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE)
+#endif
+#define  ALG_KDF2_VALUE              0x0021
+#if defined ALG_KDF2 && ALG_KDF2 == YES
+#define  TPM_ALG_KDF2                (TPM_ALG_ID)(ALG_KDF2_VALUE)
+#endif
+#define  ALG_KDF1_SP800_108_VALUE    0x0022
+#if defined ALG_KDF1_SP800_108 && ALG_KDF1_SP800_108 == YES
+#define  TPM_ALG_KDF1_SP800_108      (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE)
+#endif
+#define  ALG_ECC_VALUE               0x0023
+#if defined ALG_ECC && ALG_ECC == YES
+#define  TPM_ALG_ECC                 (TPM_ALG_ID)(ALG_ECC_VALUE)
+#endif
+#define  ALG_SYMCIPHER_VALUE         0x0025
+#if defined ALG_SYMCIPHER && ALG_SYMCIPHER == YES
+#define  TPM_ALG_SYMCIPHER           (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE)
+#endif
+#define  ALG_CAMELLIA_VALUE          0x0026
+#if defined ALG_CAMELLIA && ALG_CAMELLIA == YES
+#define  TPM_ALG_CAMELLIA            (TPM_ALG_ID)(ALG_CAMELLIA_VALUE)
+#endif
+#define  ALG_SHA3_256_VALUE	     0x0027
+#if defined ALG_SHA3_256 && ALG_SHA3_256 == YES
+#define TPM_ALGSHA3_256              (TPM_ALG_ID)(ALG_SHA3_256_VALUE)
+#endif
+#define  ALG_SHA3_384_VALUE	     0x0028
+#if defined ALG_SHA3_384 && ALG_SHA3_384 == YES
+#define TPM_ALGSHA3_384              (TPM_ALG_ID)(ALG_SHA3_384_VALUE)
+#endif
+#define  ALG_SHA3_512_VALUE	     0x0029
+#if defined ALG_SHA3_512 && ALG_SHA3_512 == YES
+#define TPM_ALGSHA3_512              (TPM_ALG_ID)(ALG_SHA3_512_VALUE)
+#endif
+#define  ALG_CMAC_VALUE               0x003f
+#if defined ALG_CMAC && ALG_CMAC == YES
+#define  TPM_ALG_CMAC                 (TPM_ALG_ID)(ALG_CMAC_VALUE)
+#endif
+#define  ALG_CTR_VALUE               0x0040
+#if defined ALG_CTR && ALG_CTR == YES
+#define  TPM_ALG_CTR                 (TPM_ALG_ID)(ALG_CTR_VALUE)
+#endif
+#define  ALG_OFB_VALUE               0x0041
+#if defined ALG_OFB && ALG_OFB == YES
+#define  TPM_ALG_OFB                 (TPM_ALG_ID)(ALG_OFB_VALUE)
+#endif
+#define  ALG_CBC_VALUE               0x0042
+#if defined ALG_CBC && ALG_CBC == YES
+#define  TPM_ALG_CBC                 (TPM_ALG_ID)(ALG_CBC_VALUE)
+#endif
+#define  ALG_CFB_VALUE               0x0043
+#if defined ALG_CFB && ALG_CFB == YES
+#define  TPM_ALG_CFB                 (TPM_ALG_ID)(ALG_CFB_VALUE)
+#endif
+#define  ALG_ECB_VALUE               0x0044
+#if defined ALG_ECB && ALG_ECB == YES
+#define  TPM_ALG_ECB                 (TPM_ALG_ID)(ALG_ECB_VALUE)
+#endif
+
+//     From TCG Algorithm Registry: Table 3 - Definition of TPM_ECC_CURVE Constants
+
+#define  TPM_ECC_NONE         (TPM_ECC_CURVE)(0x0000)
+#define  TPM_ECC_NIST_P192    (TPM_ECC_CURVE)(0x0001)
+#define  TPM_ECC_NIST_P224    (TPM_ECC_CURVE)(0x0002)
+#define  TPM_ECC_NIST_P256    (TPM_ECC_CURVE)(0x0003)
+#define  TPM_ECC_NIST_P384    (TPM_ECC_CURVE)(0x0004)
+#define  TPM_ECC_NIST_P521    (TPM_ECC_CURVE)(0x0005)
+#define  TPM_ECC_BN_P256      (TPM_ECC_CURVE)(0x0010)
+#define  TPM_ECC_BN_P638      (TPM_ECC_CURVE)(0x0011)
+#define  TPM_ECC_SM2_P256     (TPM_ECC_CURVE)(0x0020)
+
+// From TCG Algorithm Registry: Table 12 - Defines for SHA1 Hash Values
+#define  SHA1_DIGEST_SIZE    20
+#define  SHA1_BLOCK_SIZE     64
+#define  SHA1_DER_SIZE       15
+#define  SHA1_DER							\
+    0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14
+
+// From TCG Algorithm Registry: Table 13 - Defines for SHA256 Hash Values
+#define  SHA256_DIGEST_SIZE    32
+#define  SHA256_BLOCK_SIZE     64
+#define  SHA256_DER_SIZE       19
+#define  SHA256_DER							\
+    0x30,0x31,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20
+
+// From TCG Algorithm Registry: Table 14 - Defines for SHA384 Hash Values
+#define  SHA384_DIGEST_SIZE    48
+#define  SHA384_BLOCK_SIZE     128
+#define  SHA384_DER_SIZE       19
+#define  SHA384_DER							\
+    0x30,0x41,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30
+
+// From TCG Algorithm Registry: Table 15 - Defines for SHA512 Hash Values
+#define  SHA512_DIGEST_SIZE    64
+#define  SHA512_BLOCK_SIZE     128
+#define  SHA512_DER_SIZE       19
+#define  SHA512_DER							\
+    0x30,0x51,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40
+
+// From TCG Algorithm Registry: Table 16 - Defines for SM3_256 Hash Values
+#define  SM3_256_DIGEST_SIZE    32
+#define  SM3_256_BLOCK_SIZE     64
+#define  SM3_256_DER_SIZE       18
+#define  SM3_256_DER							\
+    0x30,0x30,0x30,0x0C,0x06,0x08,0x2A,0x81,0x1C,0x81,0x45,0x01,0x83,0x11,0x05,0x00,0x04,0x20
+
+// From TCG Algorithm Registry: Table 17 - Defines for AES Symmetric Cipher Algorithm Constants
+#define  AES_128_BLOCK_SIZE_BYTES    16
+#define  AES_192_BLOCK_SIZE_BYTES    16
+#define  AES_256_BLOCK_SIZE_BYTES    16
+
+// From TCG Algorithm Registry: Table 18 - Defines for SM4 Symmetric Cipher Algorithm Constants
+#define  SM4_128_BLOCK_SIZE_BYTES    16
+
+// From TCG Algorithm Registry: Table 19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants
+#define  CAMELLIA_128_BLOCK_SIZE_BYTES    16
+#define  CAMELLIA_192_BLOCK_SIZE_BYTES    16
+#define  CAMELLIA_256_BLOCK_SIZE_BYTES    16
+
+// From TPM 2.0 Part 2: Table 12 - Definition of TPM_CC Constants
+
+typedef  UINT32             TPM_CC;
+
+#define TPM_CC_FIRST	0x0000011f	/* Compile variable. May decrease based on
+					   implementation. */
+
+#ifndef CC_NV_UndefineSpaceSpecial
+#   define CC_NV_UndefineSpaceSpecial NO
+#endif
+#if CC_NV_UndefineSpaceSpecial == YES
+#define  TPM_CC_NV_UndefineSpaceSpecial       (TPM_CC)(0x0000011f)
+#endif
+#ifndef CC_EvictControl
+#   define CC_EvictControl NO
+#endif
+#if CC_EvictControl == YES
+#define  TPM_CC_EvictControl                  (TPM_CC)(0x00000120)
+#endif
+#ifndef CC_HierarchyControl
+#   define CC_HierarchyControl NO
+#endif
+#if CC_HierarchyControl == YES
+#define  TPM_CC_HierarchyControl              (TPM_CC)(0x00000121)
+#endif
+#ifndef CC_NV_UndefineSpace
+#   define CC_NV_UndefineSpace NO
+#endif
+#if CC_NV_UndefineSpace == YES
+#define  TPM_CC_NV_UndefineSpace              (TPM_CC)(0x00000122)
+#endif
+#ifndef CC_ChangeEPS
+#   define CC_ChangeEPS NO
+#endif
+#if CC_ChangeEPS == YES
+#define  TPM_CC_ChangeEPS                     (TPM_CC)(0x00000124)
+#endif
+#ifndef CC_ChangePPS
+#   define CC_ChangePPS NO
+#endif
+#if CC_ChangePPS == YES
+#define  TPM_CC_ChangePPS                     (TPM_CC)(0x00000125)
+#endif
+#ifndef CC_Clear
+#   define CC_Clear NO
+#endif
+#if CC_Clear == YES
+#define  TPM_CC_Clear                         (TPM_CC)(0x00000126)
+#endif
+#ifndef CC_ClearControl
+#   define CC_ClearControl NO
+#endif
+#if CC_ClearControl == YES
+#define  TPM_CC_ClearControl                  (TPM_CC)(0x00000127)
+#endif
+#ifndef CC_ClockSet
+#   define CC_ClockSet NO
+#endif
+#if CC_ClockSet == YES
+#define  TPM_CC_ClockSet                      (TPM_CC)(0x00000128)
+#endif
+#ifndef CC_HierarchyChangeAuth
+#   define CC_HierarchyChangeAuth NO
+#endif
+#if CC_HierarchyChangeAuth == YES
+#define  TPM_CC_HierarchyChangeAuth           (TPM_CC)(0x00000129)
+#endif
+#ifndef CC_NV_DefineSpace
+#   define CC_NV_DefineSpace NO
+#endif
+#if CC_NV_DefineSpace == YES
+#define  TPM_CC_NV_DefineSpace                (TPM_CC)(0x0000012a)
+#endif
+#ifndef CC_PCR_Allocate
+#   define CC_PCR_Allocate NO
+#endif
+#if CC_PCR_Allocate == YES
+#define  TPM_CC_PCR_Allocate                  (TPM_CC)(0x0000012b)
+#endif
+#ifndef CC_PCR_SetAuthPolicy
+#   define CC_PCR_SetAuthPolicy NO
+#endif
+#if CC_PCR_SetAuthPolicy == YES
+#define  TPM_CC_PCR_SetAuthPolicy             (TPM_CC)(0x0000012c)
+#endif
+#ifndef CC_PP_Commands
+#   define CC_PP_Commands NO
+#endif
+#if CC_PP_Commands == YES
+#define  TPM_CC_PP_Commands                   (TPM_CC)(0x0000012d)
+#endif
+#ifndef CC_SetPrimaryPolicy
+#   define CC_SetPrimaryPolicy NO
+#endif
+#if CC_SetPrimaryPolicy == YES
+#define  TPM_CC_SetPrimaryPolicy              (TPM_CC)(0x0000012e)
+#endif
+#ifndef CC_FieldUpgradeStart
+#   define CC_FieldUpgradeStart NO
+#endif
+#if CC_FieldUpgradeStart == YES
+#define  TPM_CC_FieldUpgradeStart             (TPM_CC)(0x0000012f)
+#endif
+#ifndef CC_ClockRateAdjust
+#   define CC_ClockRateAdjust NO
+#endif
+#if CC_ClockRateAdjust == YES
+#define  TPM_CC_ClockRateAdjust               (TPM_CC)(0x00000130)
+#endif
+#ifndef CC_CreatePrimary
+#   define CC_CreatePrimary NO
+#endif
+#if CC_CreatePrimary == YES
+#define  TPM_CC_CreatePrimary                 (TPM_CC)(0x00000131)
+#endif
+#ifndef CC_NV_GlobalWriteLock
+#   define CC_NV_GlobalWriteLock NO
+#endif
+#if CC_NV_GlobalWriteLock == YES
+#define  TPM_CC_NV_GlobalWriteLock            (TPM_CC)(0x00000132)
+#endif
+#ifndef CC_GetCommandAuditDigest
+#   define CC_GetCommandAuditDigest NO
+#endif
+#if CC_GetCommandAuditDigest == YES
+#define  TPM_CC_GetCommandAuditDigest         (TPM_CC)(0x00000133)
+#endif
+#ifndef CC_NV_Increment
+#   define CC_NV_Increment NO
+#endif
+#if CC_NV_Increment == YES
+#define  TPM_CC_NV_Increment                  (TPM_CC)(0x00000134)
+#endif
+#ifndef CC_NV_SetBits
+#   define CC_NV_SetBits NO
+#endif
+#if CC_NV_SetBits == YES
+#define  TPM_CC_NV_SetBits                    (TPM_CC)(0x00000135)
+#endif
+#ifndef CC_NV_Extend
+#   define CC_NV_Extend NO
+#endif
+#if CC_NV_Extend == YES
+#define  TPM_CC_NV_Extend                     (TPM_CC)(0x00000136)
+#endif
+#ifndef CC_NV_Write
+#   define CC_NV_Write NO
+#endif
+#if CC_NV_Write == YES
+#define  TPM_CC_NV_Write                      (TPM_CC)(0x00000137)
+#endif
+#ifndef CC_NV_WriteLock
+#   define CC_NV_WriteLock NO
+#endif
+#if CC_NV_WriteLock == YES
+#define  TPM_CC_NV_WriteLock                  (TPM_CC)(0x00000138)
+#endif
+#ifndef CC_DictionaryAttackLockReset
+#   define CC_DictionaryAttackLockReset NO
+#endif
+#if CC_DictionaryAttackLockReset == YES
+#define  TPM_CC_DictionaryAttackLockReset     (TPM_CC)(0x00000139)
+#endif
+#ifndef CC_DictionaryAttackParameters
+#   define CC_DictionaryAttackParameters NO
+#endif
+#if CC_DictionaryAttackParameters == YES
+#define  TPM_CC_DictionaryAttackParameters    (TPM_CC)(0x0000013a)
+#endif
+#ifndef CC_NV_ChangeAuth
+#   define CC_NV_ChangeAuth NO
+#endif
+#if CC_NV_ChangeAuth == YES
+#define  TPM_CC_NV_ChangeAuth                 (TPM_CC)(0x0000013b)
+#endif
+#ifndef CC_PCR_Event
+#   define CC_PCR_Event NO
+#endif
+#if CC_PCR_Event == YES
+#define  TPM_CC_PCR_Event                     (TPM_CC)(0x0000013c)
+#endif
+#ifndef CC_PCR_Reset
+#   define CC_PCR_Reset NO
+#endif
+#if CC_PCR_Reset == YES
+#define  TPM_CC_PCR_Reset                     (TPM_CC)(0x0000013d)
+#endif
+#ifndef CC_SequenceComplete
+#   define CC_SequenceComplete NO
+#endif
+#if CC_SequenceComplete == YES
+#define  TPM_CC_SequenceComplete              (TPM_CC)(0x0000013e)
+#endif
+#ifndef CC_SetAlgorithmSet
+#   define CC_SetAlgorithmSet NO
+#endif
+#if CC_SetAlgorithmSet == YES
+#define  TPM_CC_SetAlgorithmSet               (TPM_CC)(0x0000013f)
+#endif
+#ifndef CC_SetCommandCodeAuditStatus
+#   define CC_SetCommandCodeAuditStatus NO
+#endif
+#if CC_SetCommandCodeAuditStatus == YES
+#define  TPM_CC_SetCommandCodeAuditStatus     (TPM_CC)(0x00000140)
+#endif
+#ifndef CC_FieldUpgradeData
+#   define CC_FieldUpgradeData NO
+#endif
+#if CC_FieldUpgradeData == YES
+#define  TPM_CC_FieldUpgradeData              (TPM_CC)(0x00000141)
+#endif
+#ifndef CC_IncrementalSelfTest
+#   define CC_IncrementalSelfTest NO
+#endif
+#if CC_IncrementalSelfTest == YES
+#define  TPM_CC_IncrementalSelfTest           (TPM_CC)(0x00000142)
+#endif
+#ifndef CC_SelfTest
+#   define CC_SelfTest NO
+#endif
+#if CC_SelfTest == YES
+#define  TPM_CC_SelfTest                      (TPM_CC)(0x00000143)
+#endif
+#ifndef CC_Startup
+#   define CC_Startup NO
+#endif
+#if CC_Startup == YES
+#define  TPM_CC_Startup                       (TPM_CC)(0x00000144)
+#endif
+#ifndef CC_Shutdown
+#   define CC_Shutdown NO
+#endif
+#if CC_Shutdown == YES
+#define  TPM_CC_Shutdown                      (TPM_CC)(0x00000145)
+#endif
+#ifndef CC_StirRandom
+#   define CC_StirRandom NO
+#endif
+#if CC_StirRandom == YES
+#define  TPM_CC_StirRandom                    (TPM_CC)(0x00000146)
+#endif
+#ifndef CC_ActivateCredential
+#   define CC_ActivateCredential NO
+#endif
+#if CC_ActivateCredential == YES
+#define  TPM_CC_ActivateCredential            (TPM_CC)(0x00000147)
+#endif
+#ifndef CC_Certify
+#   define CC_Certify NO
+#endif
+#if CC_Certify == YES
+#define  TPM_CC_Certify                       (TPM_CC)(0x00000148)
+#endif
+#ifndef CC_PolicyNV
+#   define CC_PolicyNV NO
+#endif
+#if CC_PolicyNV == YES
+#define  TPM_CC_PolicyNV                      (TPM_CC)(0x00000149)
+#endif
+#ifndef CC_CertifyCreation
+#   define CC_CertifyCreation NO
+#endif
+#if CC_CertifyCreation == YES
+#define  TPM_CC_CertifyCreation               (TPM_CC)(0x0000014a)
+#endif
+#ifndef CC_Duplicate
+#   define CC_Duplicate NO
+#endif
+#if CC_Duplicate == YES
+#define  TPM_CC_Duplicate                     (TPM_CC)(0x0000014b)
+#endif
+#ifndef CC_GetTime
+#   define CC_GetTime NO
+#endif
+#if CC_GetTime == YES
+#define  TPM_CC_GetTime                       (TPM_CC)(0x0000014c)
+#endif
+#ifndef CC_GetSessionAuditDigest
+#   define CC_GetSessionAuditDigest NO
+#endif
+#if CC_GetSessionAuditDigest == YES
+#define  TPM_CC_GetSessionAuditDigest         (TPM_CC)(0x0000014d)
+#endif
+#ifndef CC_NV_Read
+#   define CC_NV_Read NO
+#endif
+#if CC_NV_Read == YES
+#define  TPM_CC_NV_Read                       (TPM_CC)(0x0000014e)
+#endif
+#ifndef CC_NV_ReadLock
+#   define CC_NV_ReadLock NO
+#endif
+#if CC_NV_ReadLock == YES
+#define  TPM_CC_NV_ReadLock                   (TPM_CC)(0x0000014f)
+#endif
+#ifndef CC_ObjectChangeAuth
+#   define CC_ObjectChangeAuth NO
+#endif
+#if CC_ObjectChangeAuth == YES
+#define  TPM_CC_ObjectChangeAuth              (TPM_CC)(0x00000150)
+#endif
+#ifndef CC_PolicySecret
+#   define CC_PolicySecret NO
+#endif
+#if CC_PolicySecret == YES
+#define  TPM_CC_PolicySecret                  (TPM_CC)(0x00000151)
+#endif
+#ifndef CC_Rewrap
+#   define CC_Rewrap NO
+#endif
+#if CC_Rewrap == YES
+#define  TPM_CC_Rewrap                        (TPM_CC)(0x00000152)
+#endif
+#ifndef CC_Create
+#   define CC_Create NO
+#endif
+#if CC_Create == YES
+#define  TPM_CC_Create                        (TPM_CC)(0x00000153)
+#endif
+#ifndef CC_ECDH_ZGen
+#   define CC_ECDH_ZGen NO
+#endif
+#if CC_ECDH_ZGen == YES
+#define  TPM_CC_ECDH_ZGen                     (TPM_CC)(0x00000154)
+#endif
+#ifndef CC_HMAC
+#   define CC_HMAC NO
+#endif
+#if CC_HMAC == YES
+#define  TPM_CC_HMAC                          (TPM_CC)(0x00000155)
+#endif
+#ifndef CC_Import
+#   define CC_Import NO
+#endif
+#if CC_Import == YES
+#define  TPM_CC_Import                        (TPM_CC)(0x00000156)
+#endif
+#ifndef CC_Load
+#   define CC_Load NO
+#endif
+#if CC_Load == YES
+#define  TPM_CC_Load                          (TPM_CC)(0x00000157)
+#endif
+#ifndef CC_Quote
+#   define CC_Quote NO
+#endif
+#if CC_Quote == YES
+#define  TPM_CC_Quote                         (TPM_CC)(0x00000158)
+#endif
+#ifndef CC_RSA_Decrypt
+#   define CC_RSA_Decrypt NO
+#endif
+#if CC_RSA_Decrypt == YES
+#define  TPM_CC_RSA_Decrypt                   (TPM_CC)(0x00000159)
+#endif
+#ifndef CC_HMAC_Start
+#   define CC_HMAC_Start NO
+#endif
+#if CC_HMAC_Start == YES
+#define  TPM_CC_HMAC_Start                    (TPM_CC)(0x0000015b)
+#endif
+#ifndef CC_SequenceUpdate
+#   define CC_SequenceUpdate NO
+#endif
+#if CC_SequenceUpdate == YES
+#define  TPM_CC_SequenceUpdate                (TPM_CC)(0x0000015c)
+#endif
+#ifndef CC_Sign
+#   define CC_Sign NO
+#endif
+#if CC_Sign == YES
+#define  TPM_CC_Sign                          (TPM_CC)(0x0000015d)
+#endif
+#ifndef CC_Unseal
+#   define CC_Unseal NO
+#endif
+#if CC_Unseal == YES
+#define  TPM_CC_Unseal                        (TPM_CC)(0x0000015e)
+#endif
+#ifndef CC_PolicySigned
+#   define CC_PolicySigned NO
+#endif
+#if CC_PolicySigned == YES
+#define  TPM_CC_PolicySigned                  (TPM_CC)(0x00000160)
+#endif
+#ifndef CC_ContextLoad
+#   define CC_ContextLoad NO
+#endif
+#if CC_ContextLoad == YES
+#define  TPM_CC_ContextLoad                   (TPM_CC)(0x00000161)
+#endif
+#ifndef CC_ContextSave
+#   define CC_ContextSave NO
+#endif
+#if CC_ContextSave == YES
+#define  TPM_CC_ContextSave                   (TPM_CC)(0x00000162)
+#endif
+#ifndef CC_ECDH_KeyGen
+#   define CC_ECDH_KeyGen NO
+#endif
+#if CC_ECDH_KeyGen == YES
+#define  TPM_CC_ECDH_KeyGen                   (TPM_CC)(0x00000163)
+#endif
+#ifndef CC_EncryptDecrypt
+#   define CC_EncryptDecrypt NO
+#endif
+#if CC_EncryptDecrypt == YES
+#define  TPM_CC_EncryptDecrypt                (TPM_CC)(0x00000164)
+#endif
+#ifndef CC_FlushContext
+#   define CC_FlushContext NO
+#endif
+#if CC_FlushContext == YES
+#define  TPM_CC_FlushContext                  (TPM_CC)(0x00000165)
+#endif
+#ifndef CC_LoadExternal
+#   define CC_LoadExternal NO
+#endif
+#if CC_LoadExternal == YES
+#define  TPM_CC_LoadExternal                  (TPM_CC)(0x00000167)
+#endif
+#ifndef CC_MakeCredential
+#   define CC_MakeCredential NO
+#endif
+#if CC_MakeCredential == YES
+#define  TPM_CC_MakeCredential                (TPM_CC)(0x00000168)
+#endif
+#ifndef CC_NV_ReadPublic
+#   define CC_NV_ReadPublic NO
+#endif
+#if CC_NV_ReadPublic == YES
+#define  TPM_CC_NV_ReadPublic                 (TPM_CC)(0x00000169)
+#endif
+#ifndef CC_PolicyAuthorize
+#   define CC_PolicyAuthorize NO
+#endif
+#if CC_PolicyAuthorize == YES
+#define  TPM_CC_PolicyAuthorize               (TPM_CC)(0x0000016a)
+#endif
+#ifndef CC_PolicyAuthValue
+#   define CC_PolicyAuthValue NO
+#endif
+#if CC_PolicyAuthValue == YES
+#define  TPM_CC_PolicyAuthValue               (TPM_CC)(0x0000016b)
+#endif
+#ifndef CC_PolicyCommandCode
+#   define CC_PolicyCommandCode NO
+#endif
+#if CC_PolicyCommandCode == YES
+#define  TPM_CC_PolicyCommandCode             (TPM_CC)(0x0000016c)
+#endif
+#ifndef CC_PolicyCounterTimer
+#   define CC_PolicyCounterTimer NO
+#endif
+#if CC_PolicyCounterTimer == YES
+#define  TPM_CC_PolicyCounterTimer            (TPM_CC)(0x0000016d)
+#endif
+#ifndef CC_PolicyCpHash
+#   define CC_PolicyCpHash NO
+#endif
+#if CC_PolicyCpHash == YES
+#define  TPM_CC_PolicyCpHash                  (TPM_CC)(0x0000016e)
+#endif
+#ifndef CC_PolicyLocality
+#   define CC_PolicyLocality NO
+#endif
+#if CC_PolicyLocality == YES
+#define  TPM_CC_PolicyLocality                (TPM_CC)(0x0000016f)
+#endif
+#ifndef CC_PolicyNameHash
+#   define CC_PolicyNameHash NO
+#endif
+#if CC_PolicyNameHash == YES
+#define  TPM_CC_PolicyNameHash                (TPM_CC)(0x00000170)
+#endif
+#ifndef CC_PolicyOR
+#   define CC_PolicyOR NO
+#endif
+#if CC_PolicyOR == YES
+#define  TPM_CC_PolicyOR                      (TPM_CC)(0x00000171)
+#endif
+#ifndef CC_PolicyTicket
+#   define CC_PolicyTicket NO
+#endif
+#if CC_PolicyTicket == YES
+#define  TPM_CC_PolicyTicket                  (TPM_CC)(0x00000172)
+#endif
+#ifndef CC_ReadPublic
+#   define CC_ReadPublic NO
+#endif
+#if CC_ReadPublic == YES
+#define  TPM_CC_ReadPublic                    (TPM_CC)(0x00000173)
+#endif
+#ifndef CC_RSA_Encrypt
+#   define CC_RSA_Encrypt NO
+#endif
+#if CC_RSA_Encrypt == YES
+#define  TPM_CC_RSA_Encrypt                   (TPM_CC)(0x00000174)
+#endif
+#ifndef CC_StartAuthSession
+#   define CC_StartAuthSession NO
+#endif
+#if CC_StartAuthSession == YES
+#define  TPM_CC_StartAuthSession              (TPM_CC)(0x00000176)
+#endif
+#ifndef CC_VerifySignature
+#   define CC_VerifySignature NO
+#endif
+#if CC_VerifySignature == YES
+#define  TPM_CC_VerifySignature               (TPM_CC)(0x00000177)
+#endif
+#ifndef CC_ECC_Parameters
+#   define CC_ECC_Parameters NO
+#endif
+#if CC_ECC_Parameters == YES
+#define  TPM_CC_ECC_Parameters                (TPM_CC)(0x00000178)
+#endif
+#ifndef CC_FirmwareRead
+#   define CC_FirmwareRead NO
+#endif
+#if CC_FirmwareRead == YES
+#define  TPM_CC_FirmwareRead                  (TPM_CC)(0x00000179)
+#endif
+#ifndef CC_GetCapability
+#   define CC_GetCapability NO
+#endif
+#if CC_GetCapability == YES
+#define  TPM_CC_GetCapability                 (TPM_CC)(0x0000017a)
+#endif
+#ifndef CC_GetRandom
+#   define CC_GetRandom NO
+#endif
+#if CC_GetRandom == YES
+#define  TPM_CC_GetRandom                     (TPM_CC)(0x0000017b)
+#endif
+#ifndef CC_GetTestResult
+#   define CC_GetTestResult NO
+#endif
+#if CC_GetTestResult == YES
+#define  TPM_CC_GetTestResult                 (TPM_CC)(0x0000017c)
+#endif
+#ifndef CC_Hash
+#   define CC_Hash NO
+#endif
+#if CC_Hash == YES
+#define  TPM_CC_Hash                          (TPM_CC)(0x0000017d)
+#endif
+#ifndef CC_PCR_Read
+#   define CC_PCR_Read NO
+#endif
+#if CC_PCR_Read == YES
+#define  TPM_CC_PCR_Read                      (TPM_CC)(0x0000017e)
+#endif
+#ifndef CC_PolicyPCR
+#   define CC_PolicyPCR NO
+#endif
+#if CC_PolicyPCR == YES
+#define  TPM_CC_PolicyPCR                     (TPM_CC)(0x0000017f)
+#endif
+#ifndef CC_PolicyRestart
+#   define CC_PolicyRestart NO
+#endif
+#if CC_PolicyRestart == YES
+#define  TPM_CC_PolicyRestart                 (TPM_CC)(0x00000180)
+#endif
+#ifndef CC_ReadClock
+#   define CC_ReadClock NO
+#endif
+#if CC_ReadClock == YES
+#define  TPM_CC_ReadClock                     (TPM_CC)(0x00000181)
+#endif
+#ifndef CC_PCR_Extend
+#   define CC_PCR_Extend NO
+#endif
+#if CC_PCR_Extend == YES
+#define  TPM_CC_PCR_Extend                    (TPM_CC)(0x00000182)
+#endif
+#ifndef CC_PCR_SetAuthValue
+#   define CC_PCR_SetAuthValue NO
+#endif
+#if CC_PCR_SetAuthValue == YES
+#define  TPM_CC_PCR_SetAuthValue              (TPM_CC)(0x00000183)
+#endif
+#ifndef CC_NV_Certify
+#   define CC_NV_Certify NO
+#endif
+#if CC_NV_Certify == YES
+#define  TPM_CC_NV_Certify                    (TPM_CC)(0x00000184)
+#endif
+#ifndef CC_EventSequenceComplete
+#   define CC_EventSequenceComplete NO
+#endif
+#if CC_EventSequenceComplete == YES
+#define  TPM_CC_EventSequenceComplete         (TPM_CC)(0x00000185)
+#endif
+#ifndef CC_HashSequenceStart
+#   define CC_HashSequenceStart NO
+#endif
+#if CC_HashSequenceStart == YES
+#define  TPM_CC_HashSequenceStart             (TPM_CC)(0x00000186)
+#endif
+#ifndef CC_PolicyPhysicalPresence
+#   define CC_PolicyPhysicalPresence NO
+#endif
+#if CC_PolicyPhysicalPresence == YES
+#define  TPM_CC_PolicyPhysicalPresence        (TPM_CC)(0x00000187)
+#endif
+#ifndef CC_PolicyDuplicationSelect
+#   define CC_PolicyDuplicationSelect NO
+#endif
+#if CC_PolicyDuplicationSelect == YES
+#define  TPM_CC_PolicyDuplicationSelect       (TPM_CC)(0x00000188)
+#endif
+#ifndef CC_PolicyGetDigest
+#   define CC_PolicyGetDigest NO
+#endif
+#if CC_PolicyGetDigest == YES
+#define  TPM_CC_PolicyGetDigest               (TPM_CC)(0x00000189)
+#endif
+#ifndef CC_TestParms
+#   define CC_TestParms NO
+#endif
+#if CC_TestParms == YES
+#define  TPM_CC_TestParms                     (TPM_CC)(0x0000018a)
+#endif
+#ifndef CC_Commit
+#   define CC_Commit NO
+#endif
+#if CC_Commit == YES
+#define  TPM_CC_Commit                        (TPM_CC)(0x0000018b)
+#endif
+#ifndef CC_PolicyPassword
+#   define CC_PolicyPassword NO
+#endif
+#if CC_PolicyPassword == YES
+#define  TPM_CC_PolicyPassword                (TPM_CC)(0x0000018c)
+#endif
+#ifndef CC_ZGen_2Phase
+#   define CC_ZGen_2Phase NO
+#endif
+#if CC_ZGen_2Phase == YES
+#define  TPM_CC_ZGen_2Phase                   (TPM_CC)(0x0000018d)
+#endif
+#ifndef CC_EC_Ephemeral
+#   define CC_EC_Ephemeral NO
+#endif
+#if CC_EC_Ephemeral == YES
+#define  TPM_CC_EC_Ephemeral                  (TPM_CC)(0x0000018e)
+#endif
+#ifndef CC_PolicyNvWritten
+#   define CC_PolicyNvWritten NO
+#endif
+#if CC_PolicyNvWritten == YES
+#define  TPM_CC_PolicyNvWritten               (TPM_CC)(0x0000018f)
+#endif
+#ifndef CC_PolicyTemplate
+#   define CC_PolicyTemplate NO
+#endif
+#if CC_PolicyTemplate == YES
+#define  TPM_CC_PolicyTemplate                (TPM_CC)(0x00000190)
+#endif
+#ifndef CC_CreateLoaded
+#   define CC_CreateLoaded NO
+#endif
+#if CC_CreateLoaded == YES
+#define  TPM_CC_CreateLoaded                  (TPM_CC)(0x00000191)
+#endif
+#ifndef CC_PolicyAuthorizeNV
+#   define CC_PolicyAuthorizeNV NO
+#endif
+#if CC_PolicyAuthorizeNV == YES
+#define  TPM_CC_PolicyAuthorizeNV             (TPM_CC)(0x00000192)
+#endif
+#ifndef CC_EncryptDecrypt2
+#   define CC_EncryptDecrypt2 NO
+#endif
+#if CC_EncryptDecrypt2 == YES
+#define  TPM_CC_EncryptDecrypt2               (TPM_CC)(0x00000193)
+#endif
+#define  TPM_CC_AC_GetCapability	      (TPM_CC)(0x00000194)
+#define  TPM_CC_AC_Send			      (TPM_CC)(0x00000195)
+#define  TPM_CC_Policy_AC_SendSelect	      (TPM_CC)(0x00000196)
+#ifndef CC_CertifyX509
+#   define CC_CertifyX509 NO
+#endif
+#if CC_CertifyX509 == YES
+#define  TPM_CC_CertifyX509 		      (TPM_CC)(0x00000197)
+#endif
+
+/* Compile variable. May increase based on implementation. */
+#define  TPM_CC_LAST			      (TPM_CC)(0x00000197)
+
+#ifndef CC_Vendor_TCG_Test
+#   define CC_Vendor_TCG_Test NO
+#endif
+#if CC_Vendor_TCG_Test == YES
+#define  TPM_CC_Vendor_TCG_Test               (TPM_CC)(0x20000000)
+#endif
+
+#ifndef CC_NTC2_PreConfig                
+#   define CC_NTC2_PreConfig NO
+#endif
+#if CC_NTC2_PreConfig == YES
+#define NTC2_CC_PreConfig		      (TPM_CC)(0x20000211)
+#endif
+#ifndef CC_NTC2_LockPreConfig
+#   define CC_NTC2_LockPreConfig NO
+#endif
+#if CC_NTC2_LockPreConfig == YES
+#define  NTC2_CC_LockPreConfig                (TPM_CC)(0x20000212)
+#endif
+#ifndef CC_NTC2_GetConfig
+#   define CC_NTC2_GetConfig NO
+#endif
+#if CC_NTC2_GetConfig == YES
+#define  NTC2_CC_GetConfig                    (TPM_CC)(0x20000213)
+#endif
+
+#ifndef  COMPRESSED_LISTS
+#define ADD_FILL    1
+#else
+#define ADD_FILL   0
+#endif
+
+// Size the array of library commands based on whether or not the array is packed (only defined
+// commands) or dense (having entries for unimplemented commands)
+
+#define LIBRARY_COMMAND_ARRAY_SIZE       (0				\
+					  + (ADD_FILL || CC_NV_UndefineSpaceSpecial)    /* 0x0000011f */ \
+					  + (ADD_FILL || CC_EvictControl)               /* 0x00000120 */ \
+					  + (ADD_FILL || CC_HierarchyControl)           /* 0x00000121 */ \
+					  + (ADD_FILL || CC_NV_UndefineSpace)           /* 0x00000122 */ \
+					  + ADD_FILL                                    /* 0x00000123 */ \
+					  + (ADD_FILL || CC_ChangeEPS)                  /* 0x00000124 */ \
+					  + (ADD_FILL || CC_ChangePPS)                  /* 0x00000125 */ \
+					  + (ADD_FILL || CC_Clear)                      /* 0x00000126 */ \
+					  + (ADD_FILL || CC_ClearControl)               /* 0x00000127 */ \
+					  + (ADD_FILL || CC_ClockSet)                   /* 0x00000128 */ \
+					  + (ADD_FILL || CC_HierarchyChangeAuth)        /* 0x00000129 */ \
+					  + (ADD_FILL || CC_NV_DefineSpace)             /* 0x0000012a */ \
+					  + (ADD_FILL || CC_PCR_Allocate)               /* 0x0000012b */ \
+					  + (ADD_FILL || CC_PCR_SetAuthPolicy)          /* 0x0000012c */ \
+					  + (ADD_FILL || CC_PP_Commands)                /* 0x0000012d */ \
+					  + (ADD_FILL || CC_SetPrimaryPolicy)           /* 0x0000012e */ \
+					  + (ADD_FILL || CC_FieldUpgradeStart)          /* 0x0000012f */ \
+					  + (ADD_FILL || CC_ClockRateAdjust)            /* 0x00000130 */ \
+					  + (ADD_FILL || CC_CreatePrimary)              /* 0x00000131 */ \
+					  + (ADD_FILL || CC_NV_GlobalWriteLock)         /* 0x00000132 */ \
+					  + (ADD_FILL || CC_GetCommandAuditDigest)      /* 0x00000133 */ \
+					  + (ADD_FILL || CC_NV_Increment)               /* 0x00000134 */ \
+					  + (ADD_FILL || CC_NV_SetBits)                 /* 0x00000135 */ \
+					  + (ADD_FILL || CC_NV_Extend)                  /* 0x00000136 */ \
+					  + (ADD_FILL || CC_NV_Write)                   /* 0x00000137 */ \
+					  + (ADD_FILL || CC_NV_WriteLock)               /* 0x00000138 */ \
+					  + (ADD_FILL || CC_DictionaryAttackLockReset)  /* 0x00000139 */ \
+					  + (ADD_FILL || CC_DictionaryAttackParameters) /* 0x0000013a */ \
+					  + (ADD_FILL || CC_NV_ChangeAuth)              /* 0x0000013b */ \
+					  + (ADD_FILL || CC_PCR_Event)                  /* 0x0000013c */ \
+					  + (ADD_FILL || CC_PCR_Reset)                  /* 0x0000013d */ \
+					  + (ADD_FILL || CC_SequenceComplete)           /* 0x0000013e */ \
+					  + (ADD_FILL || CC_SetAlgorithmSet)            /* 0x0000013f */ \
+					  + (ADD_FILL || CC_SetCommandCodeAuditStatus)  /* 0x00000140 */ \
+					  + (ADD_FILL || CC_FieldUpgradeData)           /* 0x00000141 */ \
+					  + (ADD_FILL || CC_IncrementalSelfTest)        /* 0x00000142 */ \
+					  + (ADD_FILL || CC_SelfTest)                   /* 0x00000143 */ \
+					  + (ADD_FILL || CC_Startup)                    /* 0x00000144 */ \
+					  + (ADD_FILL || CC_Shutdown)                   /* 0x00000145 */ \
+					  + (ADD_FILL || CC_StirRandom)                 /* 0x00000146 */ \
+					  + (ADD_FILL || CC_ActivateCredential)         /* 0x00000147 */ \
+					  + (ADD_FILL || CC_Certify)                    /* 0x00000148 */ \
+					  + (ADD_FILL || CC_PolicyNV)                   /* 0x00000149 */ \
+					  + (ADD_FILL || CC_CertifyCreation)            /* 0x0000014a */ \
+					  + (ADD_FILL || CC_Duplicate)                  /* 0x0000014b */ \
+					  + (ADD_FILL || CC_GetTime)                    /* 0x0000014c */ \
+					  + (ADD_FILL || CC_GetSessionAuditDigest)      /* 0x0000014d */ \
+					  + (ADD_FILL || CC_NV_Read)                    /* 0x0000014e */ \
+					  + (ADD_FILL || CC_NV_ReadLock)                /* 0x0000014f */ \
+					  + (ADD_FILL || CC_ObjectChangeAuth)           /* 0x00000150 */ \
+					  + (ADD_FILL || CC_PolicySecret)               /* 0x00000151 */ \
+					  + (ADD_FILL || CC_Rewrap)                     /* 0x00000152 */ \
+					  + (ADD_FILL || CC_Create)                     /* 0x00000153 */ \
+					  + (ADD_FILL || CC_ECDH_ZGen)                  /* 0x00000154 */ \
+					  + (ADD_FILL || CC_HMAC)                       /* 0x00000155 */ \
+					  + (ADD_FILL || CC_Import)                     /* 0x00000156 */ \
+					  + (ADD_FILL || CC_Load)                       /* 0x00000157 */ \
+					  + (ADD_FILL || CC_Quote)                      /* 0x00000158 */ \
+					  + (ADD_FILL || CC_RSA_Decrypt)                /* 0x00000159 */ \
+					  + ADD_FILL                                    /* 0x0000015a */ \
+					  + (ADD_FILL || CC_HMAC_Start)                 /* 0x0000015b */ \
+					  + (ADD_FILL || CC_SequenceUpdate)             /* 0x0000015c */ \
+					  + (ADD_FILL || CC_Sign)                       /* 0x0000015d */ \
+					  + (ADD_FILL || CC_Unseal)                     /* 0x0000015e */ \
+					  + ADD_FILL                                    /* 0x0000015f */ \
+					  + (ADD_FILL || CC_PolicySigned)               /* 0x00000160 */ \
+					  + (ADD_FILL || CC_ContextLoad)                /* 0x00000161 */ \
+					  + (ADD_FILL || CC_ContextSave)                /* 0x00000162 */ \
+					  + (ADD_FILL || CC_ECDH_KeyGen)                /* 0x00000163 */ \
+					  + (ADD_FILL || CC_EncryptDecrypt)             /* 0x00000164 */ \
+					  + (ADD_FILL || CC_FlushContext)               /* 0x00000165 */ \
+					  + ADD_FILL                                    /* 0x00000166 */ \
+					  + (ADD_FILL || CC_LoadExternal)               /* 0x00000167 */ \
+					  + (ADD_FILL || CC_MakeCredential)             /* 0x00000168 */ \
+					  + (ADD_FILL || CC_NV_ReadPublic)              /* 0x00000169 */ \
+					  + (ADD_FILL || CC_PolicyAuthorize)            /* 0x0000016a */ \
+					  + (ADD_FILL || CC_PolicyAuthValue)            /* 0x0000016b */ \
+					  + (ADD_FILL || CC_PolicyCommandCode)          /* 0x0000016c */ \
+					  + (ADD_FILL || CC_PolicyCounterTimer)         /* 0x0000016d */ \
+					  + (ADD_FILL || CC_PolicyCpHash)               /* 0x0000016e */ \
+					  + (ADD_FILL || CC_PolicyLocality)             /* 0x0000016f */ \
+					  + (ADD_FILL || CC_PolicyNameHash)             /* 0x00000170 */ \
+					  + (ADD_FILL || CC_PolicyOR)                   /* 0x00000171 */ \
+					  + (ADD_FILL || CC_PolicyTicket)               /* 0x00000172 */ \
+					  + (ADD_FILL || CC_ReadPublic)                 /* 0x00000173 */ \
+					  + (ADD_FILL || CC_RSA_Encrypt)                /* 0x00000174 */ \
+					  + ADD_FILL                                    /* 0x00000175 */ \
+					  + (ADD_FILL || CC_StartAuthSession)           /* 0x00000176 */ \
+					  + (ADD_FILL || CC_VerifySignature)            /* 0x00000177 */ \
+					  + (ADD_FILL || CC_ECC_Parameters)             /* 0x00000178 */ \
+					  + (ADD_FILL || CC_FirmwareRead)               /* 0x00000179 */ \
+					  + (ADD_FILL || CC_GetCapability)              /* 0x0000017a */ \
+					  + (ADD_FILL || CC_GetRandom)                  /* 0x0000017b */ \
+					  + (ADD_FILL || CC_GetTestResult)              /* 0x0000017c */ \
+					  + (ADD_FILL || CC_Hash)                       /* 0x0000017d */ \
+					  + (ADD_FILL || CC_PCR_Read)                   /* 0x0000017e */ \
+					  + (ADD_FILL || CC_PolicyPCR)                  /* 0x0000017f */ \
+					  + (ADD_FILL || CC_PolicyRestart)              /* 0x00000180 */ \
+					  + (ADD_FILL || CC_ReadClock)                  /* 0x00000181 */ \
+					  + (ADD_FILL || CC_PCR_Extend)                 /* 0x00000182 */ \
+					  + (ADD_FILL || CC_PCR_SetAuthValue)           /* 0x00000183 */ \
+					  + (ADD_FILL || CC_NV_Certify)                 /* 0x00000184 */ \
+					  + (ADD_FILL || CC_EventSequenceComplete)      /* 0x00000185 */ \
+					  + (ADD_FILL || CC_HashSequenceStart)          /* 0x00000186 */ \
+					  + (ADD_FILL || CC_PolicyPhysicalPresence)     /* 0x00000187 */ \
+					  + (ADD_FILL || CC_PolicyDuplicationSelect)    /* 0x00000188 */ \
+					  + (ADD_FILL || CC_PolicyGetDigest)            /* 0x00000189 */ \
+					  + (ADD_FILL || CC_TestParms)                  /* 0x0000018a */ \
+					  + (ADD_FILL || CC_Commit)                     /* 0x0000018b */ \
+					  + (ADD_FILL || CC_PolicyPassword)             /* 0x0000018c */ \
+					  + (ADD_FILL || CC_ZGen_2Phase)                /* 0x0000018d */ \
+					  + (ADD_FILL || CC_EC_Ephemeral)               /* 0x0000018e */ \
+					  + (ADD_FILL || CC_PolicyTemplate)             /* 0x00000190 */ \
+					  + (ADD_FILL || CC_CreateLoaded)               /* 0x00000191 */ \
+					  + (ADD_FILL || CC_PolicyAuthorizeNV)          /* 0x00000192 */ \
+					  + (ADD_FILL || CC_EncryptDecrypt2)            /* 0x00000193 */ \
+					  + (ADD_FILL || CC_PolicyNvWritten)            /* 0x0000018f */ \
+					  + (ADD_FILL || CC_CertifyX509)                /* 0x00000197 */ \
+					  )
+#define VENDOR_COMMAND_ARRAY_SIZE   ( 0				\
+				      + CC_Vendor_TCG_Test	\
+				      + CC_NTC2_PreConfig	\
+				      + CC_NTC2_LockPreConfig	\
+				      + CC_NTC2_GetConfig	\
+				      )
+
+#define COMMAND_COUNT							\
+    (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE)
+    
+// Following typedef is for some old code
+
+#ifndef ALG_CAMELLIA
+#   define ALG_CAMELLIA         NO
+#endif
+
+#ifndef ALG_SM4
+#   define ALG_SM4         NO
+#endif
+
+#ifndef ALG_AES
+#   define ALG_AES         NO
+#endif
+
+#endif  // _IMPLEMENTATION_H_
diff --git a/utils/ibmtss/Import_fp.h b/utils/ibmtss/Import_fp.h
new file mode 100644
index 000000000..ac46b0b29
--- /dev/null
+++ b/utils/ibmtss/Import_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Import_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef IMPORT_FP_H
+#define IMPORT_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		parentHandle;
+    TPM2B_DATA			encryptionKey;
+    TPM2B_PUBLIC		objectPublic;
+    TPM2B_PRIVATE		duplicate;
+    TPM2B_ENCRYPTED_SECRET	inSymSeed;
+    TPMT_SYM_DEF_OBJECT		symmetricAlg;
+} Import_In;
+
+#define RC_Import_parentHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_Import_encryptionKey	(TPM_RC_P + TPM_RC_1)
+#define RC_Import_objectPublic 	(TPM_RC_P + TPM_RC_2)
+#define RC_Import_duplicate 	(TPM_RC_P + TPM_RC_3)
+#define RC_Import_inSymSeed 	(TPM_RC_P + TPM_RC_4)
+#define RC_Import_symmetricAlg	(TPM_RC_P + TPM_RC_5)
+
+typedef struct {
+    TPM2B_PRIVATE	outPrivate;
+} Import_Out;
+
+TPM_RC
+TPM2_Import(
+	    Import_In       *in,            // IN: input parameter list
+	    Import_Out      *out            // OUT: output parameter list
+	    );
+
+#endif
diff --git a/utils/ibmtss/IncrementalSelfTest_fp.h b/utils/ibmtss/IncrementalSelfTest_fp.h
new file mode 100644
index 000000000..93275a4bc
--- /dev/null
+++ b/utils/ibmtss/IncrementalSelfTest_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: IncrementalSelfTest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef INCREMENTALSELFTEST_FP_H
+#define INCREMENTALSELFTEST_FP_H
+
+typedef struct{
+    TPML_ALG	toTest;
+} IncrementalSelfTest_In;
+
+typedef struct{
+    TPML_ALG	toDoList;
+} IncrementalSelfTest_Out;  
+
+#define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_IncrementalSelfTest(
+			 IncrementalSelfTest_In      *in,            // IN: input parameter list
+			 IncrementalSelfTest_Out     *out            // OUT: output parameter list
+			 );
+
+
+#endif
diff --git a/utils/ibmtss/LoadExternal_fp.h b/utils/ibmtss/LoadExternal_fp.h
new file mode 100644
index 000000000..bbf9f8e2d
--- /dev/null
+++ b/utils/ibmtss/LoadExternal_fp.h
@@ -0,0 +1,87 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: LoadExternal_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef LOADEXTERNAL_FP_H
+#define LOADEXTERNAL_FP_H
+
+typedef struct {
+    TPM2B_SENSITIVE	inPrivate;
+    TPM2B_PUBLIC	inPublic;
+    TPMI_RH_HIERARCHY	hierarchy;
+} LoadExternal_In;    
+
+#define RC_LoadExternal_inPrivate	(TPM_RC_P + TPM_RC_1)
+#define RC_LoadExternal_inPublic 	(TPM_RC_P + TPM_RC_2)
+#define RC_LoadExternal_hierarchy 	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM_HANDLE		objectHandle;
+    TPM2B_NAME		name;
+} LoadExternal_Out;
+
+TPM_RC
+TPM2_LoadExternal(
+		  LoadExternal_In     *in,            // IN: input parameter list
+		  LoadExternal_Out    *out            // OUT: output parameter list
+		  );
+#endif
diff --git a/utils/ibmtss/LoadKey2_fp.h b/utils/ibmtss/LoadKey2_fp.h
new file mode 100644
index 000000000..f8f9fad7e
--- /dev/null
+++ b/utils/ibmtss/LoadKey2_fp.h
@@ -0,0 +1,66 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Load Key 2					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: LoadKey2_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef LOADKEY2_FP_H
+#define LOADKEY2_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_KEY_HANDLE parentHandle;
+    TPM_KEY12 inKey;
+} LoadKey2_In;  
+
+#define RC_LoadKey2_parentHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_LoadKey2_inKey	 	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM_KEY_HANDLE	inkeyHandle;
+} LoadKey2_Out;  
+
+TPM_RC
+TPM2_Loadkey2(
+		  LoadKey2_In *in,            // IN: input parameter buffer
+		  LoadKey2_Out *out           // OUT: output parameter buffer
+		  );
+
+#endif
diff --git a/utils/ibmtss/Load_fp.h b/utils/ibmtss/Load_fp.h
new file mode 100644
index 000000000..20a7232e4
--- /dev/null
+++ b/utils/ibmtss/Load_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Load_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef LOAD_FP_H
+#define LOAD_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	parentHandle;
+    TPM2B_PRIVATE	inPrivate;
+    TPM2B_PUBLIC	inPublic;
+} Load_In;
+
+#define RC_Load_parentHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_Load_inPrivate 	(TPM_RC_P + TPM_RC_1)
+#define RC_Load_inPublic	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM_HANDLE	objectHandle;
+    TPM2B_NAME	name;
+} Load_Out;
+
+TPM_RC
+TPM2_Load(
+	  Load_In         *in,            // IN: input parameter list
+	  Load_Out        *out            // OUT: output parameter list
+	  );
+
+#endif
diff --git a/utils/ibmtss/MakeCredential_fp.h b/utils/ibmtss/MakeCredential_fp.h
new file mode 100644
index 000000000..d6e5fb3ac
--- /dev/null
+++ b/utils/ibmtss/MakeCredential_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: MakeCredential_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef MAKECREDENTIAL_FP_H
+#define MAKECREDENTIAL_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	handle;
+    TPM2B_DIGEST	credential;
+    TPM2B_NAME		objectName;
+} MakeCredential_In;
+
+#define RC_MakeCredential_handle 	(TPM_RC_H + TPM_RC_1)
+#define RC_MakeCredential_credential 	(TPM_RC_P + TPM_RC_1)
+#define RC_MakeCredential_objectName	(TPM_RC_P + TPM_RC_2)
+
+
+typedef struct {
+    TPM2B_ID_OBJECT	credentialBlob;
+    TPM2B_ENCRYPTED_SECRET	secret;
+} MakeCredential_Out;
+
+TPM_RC
+TPM2_MakeCredential(
+		    MakeCredential_In   *in,            // IN: input parameter list
+		    MakeCredential_Out  *out            // OUT: output parameter list
+		    );
+
+#endif
diff --git a/utils/ibmtss/MakeIdentity_fp.h b/utils/ibmtss/MakeIdentity_fp.h
new file mode 100644
index 000000000..19dc3d45f
--- /dev/null
+++ b/utils/ibmtss/MakeIdentity_fp.h
@@ -0,0 +1,66 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 MakeIdentity				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: MakeIdentity_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef MAKEIDENTITY_FP_H
+#define MAKEIDENTITY_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_ENCAUTH identityAuth;
+    TPM_CHOSENID_HASH labelPrivCADigest;
+    TPM_KEY12 idKeyParams;
+} MakeIdentity_In;  
+
+typedef struct {
+    TPM_KEY12 idKey;
+    UINT32 identityBindingSize;
+    BYTE identityBinding[MAX_RSA_KEY_BYTES];
+} MakeIdentity_Out;  
+
+TPM_RC
+TPM2_MakeIdentity(
+		  MakeIdentity_In *in,            // IN: input parameter buffer
+		  MakeIdentity_Out *out           // OUT: output parameter buffer
+		  );
+
+#endif
diff --git a/utils/ibmtss/NTC_fp.h b/utils/ibmtss/NTC_fp.h
new file mode 100644
index 000000000..7cf353b53
--- /dev/null
+++ b/utils/ibmtss/NTC_fp.h
@@ -0,0 +1,52 @@
+/********************************************************************************/
+/*										*/
+/*		     	Nuvoton Commands					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NTC_FP_H
+#define NTC_FP_H
+
+typedef struct {
+    NTC2_CFG_STRUCT preConfig;
+} NTC2_PreConfig_In;     
+
+typedef struct {
+    NTC2_CFG_STRUCT preConfig;
+} NTC2_GetConfig_Out;     
+
+#define RC_NTC2_PreConfig_preConfig (TPM_RC_P + TPM_RC_1)
+
+#endif
diff --git a/utils/ibmtss/NV_Certify_fp.h b/utils/ibmtss/NV_Certify_fp.h
new file mode 100644
index 000000000..d5f2913f2
--- /dev/null
+++ b/utils/ibmtss/NV_Certify_fp.h
@@ -0,0 +1,98 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_Certify_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_CERTIFY_FP_H
+#define NV_CERTIFY_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	signHandle;
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPM2B_DATA		qualifyingData;
+    TPMT_SIG_SCHEME	inScheme;
+    UINT16		size;
+    UINT16		offset;
+} NV_Certify_In;
+
+#define RC_NV_Certify_signHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_Certify_authHandle	(TPM_RC_H + TPM_RC_2)
+#define RC_NV_Certify_nvIndex		(TPM_RC_H + TPM_RC_3)
+#define RC_NV_Certify_qualifyingData	(TPM_RC_P + TPM_RC_1)
+#define RC_NV_Certify_inScheme		(TPM_RC_P + TPM_RC_2)
+#define RC_NV_Certify_size		(TPM_RC_P + TPM_RC_3)
+#define RC_NV_Certify_offset		(TPM_RC_P + TPM_RC_4)
+
+
+typedef struct {
+    TPM2B_ATTEST	certifyInfo;
+    TPMT_SIGNATURE	signature;
+} NV_Certify_Out;
+
+TPM_RC
+TPM2_NV_Certify(
+		NV_Certify_In   *in,            // IN: input parameter list
+		NV_Certify_Out  *out            // OUT: output parameter list
+		);
+
+
+#endif
diff --git a/utils/ibmtss/NV_ChangeAuth_fp.h b/utils/ibmtss/NV_ChangeAuth_fp.h
new file mode 100644
index 000000000..ed211bb05
--- /dev/null
+++ b/utils/ibmtss/NV_ChangeAuth_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_ChangeAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_CHANGEAUTH_FP_H
+#define NV_CHANGEAUTH_FP_H
+
+typedef struct {
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPM2B_AUTH		newAuth;
+} NV_ChangeAuth_In;
+
+#define RC_NV_ChangeAuth_nvIndex	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_ChangeAuth_newAuth 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_NV_ChangeAuth(
+		   NV_ChangeAuth_In    *in             // IN: input parameter list
+		   );
+
+
+#endif
diff --git a/utils/ibmtss/NV_DefineSpace12_fp.h b/utils/ibmtss/NV_DefineSpace12_fp.h
new file mode 100644
index 000000000..8d6bc64de
--- /dev/null
+++ b/utils/ibmtss/NV_DefineSpace12_fp.h
@@ -0,0 +1,52 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_DefineSpace				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NVDEFINESPACE12_FP_H
+#define NVDEFINESPACE12_FP_H
+
+typedef struct {
+    TPM_NV_DATA_PUBLIC pubInfo;
+    TPM_ENCAUTH encAuth;
+} NV_DefineSpace12_In;
+
+TPM_RC
+TPM_NV_DefineSpace12(
+	      NV_DefineSpace12_In     *in            // IN: input parameter list
+	      );
+
+#endif
diff --git a/utils/ibmtss/NV_DefineSpace_fp.h b/utils/ibmtss/NV_DefineSpace_fp.h
new file mode 100644
index 000000000..17699311d
--- /dev/null
+++ b/utils/ibmtss/NV_DefineSpace_fp.h
@@ -0,0 +1,83 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_DefineSpace_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_DEFINESPACE_FP_H
+#define NV_DEFINESPACE_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	authHandle;
+    TPM2B_AUTH		auth;
+    TPM2B_NV_PUBLIC	publicInfo;
+} NV_DefineSpace_In;
+
+#define RC_NV_DefineSpace_authHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_DefineSpace_auth 		(TPM_RC_P + TPM_RC_1)
+#define RC_NV_DefineSpace_publicInfo 	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_DefineSpace(
+		    NV_DefineSpace_In   *in             // IN: input parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/NV_Extend_fp.h b/utils/ibmtss/NV_Extend_fp.h
new file mode 100644
index 000000000..7fc9cf2e8
--- /dev/null
+++ b/utils/ibmtss/NV_Extend_fp.h
@@ -0,0 +1,83 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_Extend_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_EXTEND_FP_H
+#define NV_EXTEND_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPM2B_MAX_NV_BUFFER	data;
+} NV_Extend_In;
+
+#define RC_NV_Extend_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_Extend_nvIndex 	(TPM_RC_H + TPM_RC_2)
+#define RC_NV_Extend_data	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_NV_Extend(
+	       NV_Extend_In    *in             // IN: input parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/NV_GlobalWriteLock_fp.h b/utils/ibmtss/NV_GlobalWriteLock_fp.h
new file mode 100644
index 000000000..20b637724
--- /dev/null
+++ b/utils/ibmtss/NV_GlobalWriteLock_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_GlobalWriteLock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_GLOBALWRITELOCK_FP_H
+#define NV_GLOBALWRITELOCK_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	authHandle;
+} NV_GlobalWriteLock_In;
+
+#define RC_NV_GlobalWriteLock_authHandle	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_NV_GlobalWriteLock(
+			NV_GlobalWriteLock_In   *in             // IN: input parameter list
+			);
+
+
+#endif
diff --git a/utils/ibmtss/NV_Increment_fp.h b/utils/ibmtss/NV_Increment_fp.h
new file mode 100644
index 000000000..e6529cfe3
--- /dev/null
+++ b/utils/ibmtss/NV_Increment_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_Increment_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_INCREMENT_FP_H
+#define NV_INCREMENT_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+} NV_Increment_In;;
+
+#define RC_NV_Increment_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_Increment_nvIndex 	(TPM_RC_H + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_Increment(
+		  NV_Increment_In     *in             // IN: input parameter list
+		  );
+
+
+#endif
diff --git a/utils/ibmtss/NV_ReadLock_fp.h b/utils/ibmtss/NV_ReadLock_fp.h
new file mode 100644
index 000000000..9f92915de
--- /dev/null
+++ b/utils/ibmtss/NV_ReadLock_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_ReadLock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_READLOCK_FP_H
+#define NV_READLOCK_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+} NV_ReadLock_In;
+
+#define RC_NV_ReadLock_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_ReadLock_nvIndex 		(TPM_RC_H + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_ReadLock(
+		 NV_ReadLock_In  *in             // IN: input parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/NV_ReadPublic_fp.h b/utils/ibmtss/NV_ReadPublic_fp.h
new file mode 100644
index 000000000..35137e7ea
--- /dev/null
+++ b/utils/ibmtss/NV_ReadPublic_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_ReadPublic_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_READPUBLIC_FP_H
+#define NV_READPUBLIC_FP_H
+
+typedef struct {
+    TPMI_RH_NV_INDEX	nvIndex;
+} NV_ReadPublic_In;
+
+#define RC_NV_ReadPublic_nvIndex	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM2B_NV_PUBLIC	nvPublic;
+    TPM2B_NAME		nvName;
+} NV_ReadPublic_Out;
+
+TPM_RC
+TPM2_NV_ReadPublic(
+		   NV_ReadPublic_In    *in,            // IN: input parameter list
+		   NV_ReadPublic_Out   *out            // OUT: output parameter list
+		   );
+
+
+#endif
diff --git a/utils/ibmtss/NV_ReadValueAuth_fp.h b/utils/ibmtss/NV_ReadValueAuth_fp.h
new file mode 100644
index 000000000..efc4ea186
--- /dev/null
+++ b/utils/ibmtss/NV_ReadValueAuth_fp.h
@@ -0,0 +1,65 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_ReadValueAuth				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: NV_ReadValueAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NVREADVALUEAUTH_FP_H
+#define NVREADVALUEAUTH_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM12_NV_INDEX nvIndex;
+    UINT32 offset;
+    UINT32 dataSize;
+} NV_ReadValueAuth_In;  
+
+typedef struct {
+    UINT32 dataSize;
+    BYTE data[MAX_NV_BUFFER_SIZE];
+} NV_ReadValueAuth_Out;  
+
+TPM_RC
+TPM2_NV_ReadValueAuth(
+		      NV_ReadValueAuth_In *in,            // IN: input parameter buffer
+		      NV_ReadValueAuth_Out *out           // OUT: output parameter buffer
+		      );
+
+#endif
diff --git a/utils/ibmtss/NV_ReadValue_fp.h b/utils/ibmtss/NV_ReadValue_fp.h
new file mode 100644
index 000000000..8546a6fee
--- /dev/null
+++ b/utils/ibmtss/NV_ReadValue_fp.h
@@ -0,0 +1,65 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_ReadValue				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: NV_ReadValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NVREADVALUE_FP_H
+#define NVREADVALUE_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM12_NV_INDEX nvIndex;
+    UINT32 offset;
+    UINT32 dataSize;
+} NV_ReadValue_In;  
+
+typedef struct {
+    UINT32 dataSize;
+    BYTE data[MAX_NV_BUFFER_SIZE];
+} NV_ReadValue_Out;  
+
+TPM_RC
+TPM2_NV_ReadValue(
+		      NV_ReadValue_In *in,            // IN: input parameter buffer
+		      NV_ReadValue_Out *out           // OUT: output parameter buffer
+		      );
+
+#endif
diff --git a/utils/ibmtss/NV_Read_fp.h b/utils/ibmtss/NV_Read_fp.h
new file mode 100644
index 000000000..636fe819a
--- /dev/null
+++ b/utils/ibmtss/NV_Read_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_Read_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_READ_FP_H
+#define NV_READ_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    UINT16		size;
+    UINT16		offset;
+} NV_Read_In;
+
+#define RC_NV_Read_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_Read_nvIndex	(TPM_RC_H + TPM_RC_2)
+#define RC_NV_Read_size 	(TPM_RC_P + TPM_RC_1)
+#define RC_NV_Read_offset 	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPM2B_MAX_NV_BUFFER	data;
+} NV_Read_Out;
+
+TPM_RC
+TPM2_NV_Read(
+	     NV_Read_In      *in,            // IN: input parameter list
+	     NV_Read_Out     *out            // OUT: output parameter list
+	     );
+
+#endif
diff --git a/utils/ibmtss/NV_SetBits_fp.h b/utils/ibmtss/NV_SetBits_fp.h
new file mode 100644
index 000000000..4b1c1a009
--- /dev/null
+++ b/utils/ibmtss/NV_SetBits_fp.h
@@ -0,0 +1,83 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_SetBits_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_SETBITS_FP_H
+#define NV_SETBITS_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    UINT64		bits;
+} NV_SetBits_In;
+
+#define RC_NV_SetBits_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_SetBits_nvIndex 		(TPM_RC_H + TPM_RC_2)
+#define RC_NV_SetBits_bits		(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_NV_SetBits(
+		NV_SetBits_In   *in             // IN: input parameter list
+		);
+
+
+#endif
diff --git a/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h b/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h
new file mode 100644
index 000000000..f58713c83
--- /dev/null
+++ b/utils/ibmtss/NV_UndefineSpaceSpecial_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: NV_UndefineSpaceSpecial_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_UNDEFINESPACESPECIAL_FP_H
+#define NV_UNDEFINESPACESPECIAL_FP_H
+
+typedef struct {
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPMI_RH_PLATFORM	platform;
+} NV_UndefineSpaceSpecial_In;
+
+#define RC_NV_UndefineSpaceSpecial_nvIndex 	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_UndefineSpaceSpecial_platform	(TPM_RC_H + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_UndefineSpaceSpecial(
+			     NV_UndefineSpaceSpecial_In  *in             // IN: input parameter list
+			     );
+
+
+#endif
diff --git a/utils/ibmtss/NV_UndefineSpace_fp.h b/utils/ibmtss/NV_UndefineSpace_fp.h
new file mode 100644
index 000000000..6b9ca92db
--- /dev/null
+++ b/utils/ibmtss/NV_UndefineSpace_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_UndefineSpace_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_UNDEFINESPACE_FP_H
+#define NV_UNDEFINESPACE_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+} NV_UndefineSpace_In;
+
+#define RC_NV_UndefineSpace_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_UndefineSpace_nvIndex 	(TPM_RC_H + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_UndefineSpace(
+		      NV_UndefineSpace_In     *in             // IN: input parameter list
+		      );
+
+
+#endif
diff --git a/utils/ibmtss/NV_WriteLock_fp.h b/utils/ibmtss/NV_WriteLock_fp.h
new file mode 100644
index 000000000..471e1c9b7
--- /dev/null
+++ b/utils/ibmtss/NV_WriteLock_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_WriteLock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_WRITELOCK_FP_H
+#define NV_WRITELOCK_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+} NV_WriteLock_In;
+
+#define RC_NV_WriteLock_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_WriteLock_nvIndex 	(TPM_RC_H + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_WriteLock(
+		  NV_WriteLock_In     *in             // IN: input parameter list
+		  );
+
+
+#endif
diff --git a/utils/ibmtss/NV_WriteValueAuth_fp.h b/utils/ibmtss/NV_WriteValueAuth_fp.h
new file mode 100644
index 000000000..60b4bca5f
--- /dev/null
+++ b/utils/ibmtss/NV_WriteValueAuth_fp.h
@@ -0,0 +1,57 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_WriteValueAuth				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: NV_WriteValueAuth_fp.h 1294 2018-08-09 19:08:34Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NVWRITEVALUEAUTH_FP_H
+#define NVWRITEVALUEAUTH_FP_H
+
+typedef struct {
+    TPM12_NV_INDEX nvIndex;
+    UINT32 offset;
+    UINT32 dataSize;
+    BYTE data[MAX_NV_BUFFER_SIZE];
+} NV_WriteValueAuth_In;
+
+TPM_RC
+TPM_NV_WriteValueAuth(
+		      NV_WriteValueAuth_In     *in            // IN: input parameter list
+		      );
+
+
+
+#endif
diff --git a/utils/ibmtss/NV_WriteValue_fp.h b/utils/ibmtss/NV_WriteValue_fp.h
new file mode 100644
index 000000000..489aa1dc0
--- /dev/null
+++ b/utils/ibmtss/NV_WriteValue_fp.h
@@ -0,0 +1,55 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_WriteValue				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: NV_WriteValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NVWRITEVALUE_FP_H
+#define NVWRITEVALUE_FP_H
+
+typedef struct {
+    TPM12_NV_INDEX nvIndex;
+    UINT32 offset;
+    UINT32 dataSize;
+    BYTE data[MAX_NV_BUFFER_SIZE];
+} NV_WriteValue_In;
+
+TPM_RC
+TPM_NV_WriteValue(
+		  NV_WriteValue_In     *in            // IN: input parameter list
+		  );
+
+#endif
diff --git a/utils/ibmtss/NV_Write_fp.h b/utils/ibmtss/NV_Write_fp.h
new file mode 100644
index 000000000..56b9a9801
--- /dev/null
+++ b/utils/ibmtss/NV_Write_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: NV_Write_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef NV_WRITE_FP_H
+#define NV_WRITE_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPM2B_MAX_NV_BUFFER	data;
+    UINT16		offset;
+} NV_Write_In;
+
+#define RC_NV_Write_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_NV_Write_nvIndex	(TPM_RC_H + TPM_RC_2)
+#define RC_NV_Write_data	(TPM_RC_P + TPM_RC_1)
+#define RC_NV_Write_offset 	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_NV_Write(
+	      NV_Write_In     *in             // IN: input parameter list
+	      );
+
+
+#endif
diff --git a/utils/ibmtss/OIAP_fp.h b/utils/ibmtss/OIAP_fp.h
new file mode 100644
index 000000000..644b6329b
--- /dev/null
+++ b/utils/ibmtss/OIAP_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     							*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: OIAP_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2018					*/
+/*										*/
+/********************************************************************************/
+
+#ifndef OIAP_FP_H
+#define OIAP_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+typedef struct {
+    TPM_AUTHHANDLE	authHandle;
+    TPM_NONCE		nonceEven;
+} OIAP_Out;  
+
+TPM_RC
+TPM2_OIAP(
+		      OIAP_Out    *out            // OUT: output parameter buffer
+		      );
+
+#endif
diff --git a/utils/ibmtss/OSAP_fp.h b/utils/ibmtss/OSAP_fp.h
new file mode 100644
index 000000000..1a6ee4815
--- /dev/null
+++ b/utils/ibmtss/OSAP_fp.h
@@ -0,0 +1,60 @@
+/********************************************************************************/
+/*										*/
+/*			TPM 1.2 OSAP		     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef OSAP_FP_H
+#define OSAP_FP_H
+
+typedef struct {
+    TPM_ENTITY_TYPE 	entityType;
+    UINT32 		entityValue;
+    TPM_NONCE 		nonceOddOSAP;
+} OSAP_In;  
+
+typedef struct {
+    TPM_AUTHHANDLE 	authHandle;
+    TPM_NONCE 		nonceEven;
+    TPM_NONCE 		nonceEvenOSAP;
+} OSAP_Out;  
+
+TPM_RC
+TPM2_OSAP(
+	  OSAP_In	*in,            // IN: input parameter buffer
+	  OSAP_Out    	*out            // OUT: output parameter buffer
+	  );
+
+#endif
diff --git a/utils/ibmtss/ObjectChangeAuth_fp.h b/utils/ibmtss/ObjectChangeAuth_fp.h
new file mode 100644
index 000000000..1987da4b3
--- /dev/null
+++ b/utils/ibmtss/ObjectChangeAuth_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ObjectChangeAuth_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef OBJECTCHANGEAUTH_FP_H
+#define OBJECTCHANGEAUTH_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	objectHandle;
+    TPMI_DH_OBJECT	parentHandle;
+    TPM2B_AUTH		newAuth;
+} ObjectChangeAuth_In;
+
+#define RC_ObjectChangeAuth_objectHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_ObjectChangeAuth_parentHandle 	(TPM_RC_H + TPM_RC_2)
+#define RC_ObjectChangeAuth_newAuth	 	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM2B_PRIVATE	outPrivate;
+} ObjectChangeAuth_Out;
+
+
+TPM_RC
+TPM2_ObjectChangeAuth(
+		      ObjectChangeAuth_In     *in,            // IN: input parameter list
+		      ObjectChangeAuth_Out    *out            // OUT: output parameter list
+		      );
+
+
+#endif
diff --git a/utils/ibmtss/OwnerReadInternalPub_fp.h b/utils/ibmtss/OwnerReadInternalPub_fp.h
new file mode 100644
index 000000000..d1f74cfd1
--- /dev/null
+++ b/utils/ibmtss/OwnerReadInternalPub_fp.h
@@ -0,0 +1,62 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 OwnerReadInternalPub			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*      $Id: OwnerReadInternalPub_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef OWNERREADINTERNALPUB_FP_H
+#define OWNERREADINTERNALPUB_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_KEY_HANDLE keyHandle;
+} OwnerReadInternalPub_In;  
+
+typedef struct {
+    TPM_PUBKEY publicPortion;
+} OwnerReadInternalPub_Out;  
+
+TPM_RC
+TPM2_OwnerReadInternalPub(
+			  OwnerReadInternalPub_In *in,            // IN: input parameter buffer
+			  OwnerReadInternalPub_Out *out           // OUT: output parameter buffer
+	    );
+
+#endif
diff --git a/utils/ibmtss/OwnerSetDisable_fp.h b/utils/ibmtss/OwnerSetDisable_fp.h
new file mode 100644
index 000000000..f257f20aa
--- /dev/null
+++ b/utils/ibmtss/OwnerSetDisable_fp.h
@@ -0,0 +1,50 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              		                                */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*            $Id: OwnerSetDisable_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2018						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef OWNERSETDISABLE_FP_H
+#define OWNERSETDISABLE_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+
+typedef struct {
+    uint8_t disableState; 
+} OwnerSetDisable_In;
+
+
+#endif
diff --git a/utils/ibmtss/PCR_Allocate_fp.h b/utils/ibmtss/PCR_Allocate_fp.h
new file mode 100644
index 000000000..509d7c098
--- /dev/null
+++ b/utils/ibmtss/PCR_Allocate_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_Allocate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_ALLOCATE_FP_H
+#define PCR_ALLOCATE_FP_H
+
+typedef struct {
+    TPMI_RH_PLATFORM	authHandle;
+    TPML_PCR_SELECTION	pcrAllocation;
+} PCR_Allocate_In;
+
+#define RC_PCR_Allocate_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_PCR_Allocate_pcrAllocation	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPMI_YES_NO	allocationSuccess;
+    UINT32	maxPCR;
+    UINT32	sizeNeeded;
+    UINT32	sizeAvailable;
+} PCR_Allocate_Out;
+
+TPM_RC
+TPM2_PCR_Allocate(
+		  PCR_Allocate_In     *in,            // IN: input parameter list
+		  PCR_Allocate_Out    *out            // OUT: output parameter list
+		  );
+
+
+#endif
diff --git a/utils/ibmtss/PCR_Event_fp.h b/utils/ibmtss/PCR_Event_fp.h
new file mode 100644
index 000000000..2ccb82a32
--- /dev/null
+++ b/utils/ibmtss/PCR_Event_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_Event_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_EVENT_FP_H
+#define PCR_EVENT_FP_H
+
+typedef struct {
+    TPMI_DH_PCR		pcrHandle;
+    TPM2B_EVENT		eventData;
+} PCR_Event_In;
+
+#define RC_PCR_Event_pcrHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_PCR_Event_eventData	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPML_DIGEST_VALUES	digests;
+} PCR_Event_Out;
+
+TPM_RC
+TPM2_PCR_Event(
+	       PCR_Event_In    *in,            // IN: input parameter list
+	       PCR_Event_Out   *out            // OUT: output parameter list
+	       );
+
+#endif
diff --git a/utils/ibmtss/PCR_Extend_fp.h b/utils/ibmtss/PCR_Extend_fp.h
new file mode 100644
index 000000000..fc201a8dc
--- /dev/null
+++ b/utils/ibmtss/PCR_Extend_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_Extend_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_EXTEND_FP_H
+#define PCR_EXTEND_FP_H
+
+typedef struct {
+    TPMI_DH_PCR		pcrHandle;
+    TPML_DIGEST_VALUES	digests;
+} PCR_Extend_In;
+
+#define RC_PCR_Extend_pcrHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_PCR_Extend_digests	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PCR_Extend(
+		PCR_Extend_In   *in             // IN: input parameter list
+		);
+
+
+#endif
diff --git a/utils/ibmtss/PCR_Read_fp.h b/utils/ibmtss/PCR_Read_fp.h
new file mode 100644
index 000000000..4c38d3e52
--- /dev/null
+++ b/utils/ibmtss/PCR_Read_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_Read_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_READ_FP_H
+#define PCR_READ_FP_H
+
+typedef struct {
+    TPML_PCR_SELECTION	pcrSelectionIn;
+} PCR_Read_In;
+
+#define RC_PCR_Read_pcrSelectionIn	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    UINT32		pcrUpdateCounter;
+    TPML_PCR_SELECTION	pcrSelectionOut;
+    TPML_DIGEST		pcrValues;
+} PCR_Read_Out;
+
+TPM_RC
+TPM2_PCR_Read(
+	      PCR_Read_In     *in,            // IN: input parameter list
+	      PCR_Read_Out    *out            // OUT: output parameter list
+	      );
+
+#endif
diff --git a/utils/ibmtss/PCR_Reset12_fp.h b/utils/ibmtss/PCR_Reset12_fp.h
new file mode 100644
index 000000000..995a1baef
--- /dev/null
+++ b/utils/ibmtss/PCR_Reset12_fp.h
@@ -0,0 +1,51 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 PCR_Reset					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef PCRRESET12_FP_H
+#define PCRRESET12_FP_H
+
+typedef struct {
+    TPM_PCR_SELECTION pcrSelection;
+} PCR_Reset12_In;
+
+TPM_RC
+TPM_PCR_Reset12(
+		PCR_Reset12_In     *in            // IN: input parameter list
+		);
+
+#endif
diff --git a/utils/ibmtss/PCR_Reset_fp.h b/utils/ibmtss/PCR_Reset_fp.h
new file mode 100644
index 000000000..9825fc93d
--- /dev/null
+++ b/utils/ibmtss/PCR_Reset_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_Reset_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_RESET_FP_H
+#define PCR_RESET_FP_H
+
+typedef struct {
+    TPMI_DH_PCR	pcrHandle;
+} PCR_Reset_In;
+
+#define RC_PCR_Reset__pcrHandle	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_PCR_Reset(
+	       PCR_Reset_In    *in             // IN: input parameter list
+	       );
+
+#endif
diff --git a/utils/ibmtss/PCR_SetAuthPolicy_fp.h b/utils/ibmtss/PCR_SetAuthPolicy_fp.h
new file mode 100644
index 000000000..3146b5b65
--- /dev/null
+++ b/utils/ibmtss/PCR_SetAuthPolicy_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_SetAuthPolicy_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_SETAUTHPOLICY_FP_H
+#define PCR_SETAUTHPOLICY_FP_H
+
+typedef struct {
+    TPMI_RH_PLATFORM	authHandle;
+    TPM2B_DIGEST	authPolicy;
+    TPMI_ALG_HASH	hashAlg;
+    TPMI_DH_PCR		pcrNum;
+} PCR_SetAuthPolicy_In;
+
+#define RC_PCR_SetAuthPolicy_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1)
+#define RC_PCR_SetAuthPolicy_hashAlg	(TPM_RC_P + TPM_RC_2)
+#define RC_PCR_SetAuthPolicy_pcrNum 	(TPM_RC_P + TPM_RC_3)
+
+TPM_RC
+TPM2_PCR_SetAuthPolicy(
+		       PCR_SetAuthPolicy_In    *in             // IN: input parameter list
+		       );
+
+
+#endif
diff --git a/utils/ibmtss/PCR_SetAuthValue_fp.h b/utils/ibmtss/PCR_SetAuthValue_fp.h
new file mode 100644
index 000000000..83515784b
--- /dev/null
+++ b/utils/ibmtss/PCR_SetAuthValue_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PCR_SetAuthValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef PCR_SETAUTHVALUE_FP_H
+#define PCR_SETAUTHVALUE_FP_H
+
+typedef struct {
+    TPMI_DH_PCR		pcrHandle;
+    TPM2B_DIGEST	auth;
+} PCR_SetAuthValue_In;
+
+#define RC_PCR_SetAuthValue_pcrHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_PCR_SetAuthValue_auth	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PCR_SetAuthValue(
+		      PCR_SetAuthValue_In     *in             // IN: input parameter list
+		      );
+
+
+#endif
diff --git a/utils/ibmtss/PP_Commands_fp.h b/utils/ibmtss/PP_Commands_fp.h
new file mode 100644
index 000000000..f042b5a13
--- /dev/null
+++ b/utils/ibmtss/PP_Commands_fp.h
@@ -0,0 +1,80 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PP_Commands_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2016					*/
+/*										*/
+/********************************************************************************/
+
+#ifndef PP_COMMANDS_FP_H
+#define PP_COMMANDS_FP_H
+
+typedef struct {
+    TPMI_RH_PLATFORM	auth;
+    TPML_CC		setList;
+    TPML_CC		clearList;
+} PP_Commands_In;
+
+#define RC_PP_Commands_auth		(TPM_RC_H + TPM_RC_1)
+#define RC_PP_Commands_setList		(TPM_RC_P + TPM_RC_1)
+#define RC_PP_Commands_clearList	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_PP_Commands(
+		 PP_Commands_In  *in             // IN: input parameter list
+		 );
+
+#endif
diff --git a/utils/ibmtss/Parameters.h b/utils/ibmtss/Parameters.h
new file mode 100644
index 000000000..98a04ffcb
--- /dev/null
+++ b/utils/ibmtss/Parameters.h
@@ -0,0 +1,386 @@
+/********************************************************************************/
+/*										*/
+/*			  Command and Response Parameter Structures		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2019				*/
+/*										*/
+/********************************************************************************/
+
+/* TPM and TSS share thses structures */
+
+#ifndef PARAMETERS_H
+#define PARAMETERS_H
+
+#include "TPM_Types.h"
+
+#include "ActivateCredential_fp.h"
+#include "CertifyCreation_fp.h"
+#include "Certify_fp.h"
+#include "CertifyX509_fp.h"
+#include "ChangeEPS_fp.h"
+#include "ChangePPS_fp.h"
+#include "ClearControl_fp.h"
+#include "Clear_fp.h"
+#include "ClockRateAdjust_fp.h"
+#include "ClockSet_fp.h"
+#include "Commit_fp.h"
+#include "ContextLoad_fp.h"
+#include "ContextSave_fp.h"
+#include "CreatePrimary_fp.h"
+#include "Create_fp.h"
+#include "CreateLoaded_fp.h"
+#include "DictionaryAttackLockReset_fp.h"
+#include "DictionaryAttackParameters_fp.h"
+#include "Duplicate_fp.h"
+#include "ECC_Parameters_fp.h"
+#include "ECDH_KeyGen_fp.h"
+#include "ECDH_ZGen_fp.h"
+#include "EC_Ephemeral_fp.h"
+#include "EncryptDecrypt_fp.h"
+#include "EncryptDecrypt2_fp.h"
+#include "EventSequenceComplete_fp.h"
+#include "EvictControl_fp.h"
+#include "FlushContext_fp.h"
+#include "GetCapability_fp.h"
+#include "GetCommandAuditDigest_fp.h"
+#include "GetRandom_fp.h"
+#include "GetSessionAuditDigest_fp.h"
+#include "GetTestResult_fp.h"
+#include "GetTime_fp.h"
+#include "HMAC_Start_fp.h"
+#include "HMAC_fp.h"
+#include "HashSequenceStart_fp.h"
+#include "Hash_fp.h"
+#include "HierarchyChangeAuth_fp.h"
+#include "HierarchyControl_fp.h"
+#include "Import_fp.h"
+#include "IncrementalSelfTest_fp.h"
+#include "LoadExternal_fp.h"
+#include "Load_fp.h"
+#include "MakeCredential_fp.h"
+#include "NV_Certify_fp.h"
+#include "NV_ChangeAuth_fp.h"
+#include "NV_DefineSpace_fp.h"
+#include "NV_Extend_fp.h"
+#include "NV_GlobalWriteLock_fp.h"
+#include "NV_Increment_fp.h"
+#include "NV_ReadLock_fp.h"
+#include "NV_ReadPublic_fp.h"
+#include "NV_Read_fp.h"
+#include "NV_SetBits_fp.h"
+#include "NV_UndefineSpaceSpecial_fp.h"
+#include "NV_UndefineSpace_fp.h"
+#include "NV_WriteLock_fp.h"
+#include "NV_Write_fp.h"
+#include "ObjectChangeAuth_fp.h"
+#include "PCR_Allocate_fp.h"
+#include "PCR_Event_fp.h"
+#include "PCR_Extend_fp.h"
+#include "PCR_Read_fp.h"
+#include "PCR_Reset_fp.h"
+#include "PCR_SetAuthPolicy_fp.h"
+#include "PCR_SetAuthValue_fp.h"
+#include "PP_Commands_fp.h"
+#include "PolicyAuthValue_fp.h"
+#include "PolicyAuthorize_fp.h"
+#include "PolicyCommandCode_fp.h"
+#include "PolicyCounterTimer_fp.h"
+#include "PolicyCpHash_fp.h"
+#include "PolicyDuplicationSelect_fp.h"
+#include "PolicyGetDigest_fp.h"
+#include "PolicyLocality_fp.h"
+#include "PolicyNV_fp.h"
+#include "PolicyAuthorizeNV_fp.h"
+#include "PolicyNvWritten_fp.h"
+#include "PolicyNameHash_fp.h"
+#include "PolicyOR_fp.h"
+#include "PolicyPCR_fp.h"
+#include "PolicyPassword_fp.h"
+#include "PolicyPhysicalPresence_fp.h"
+#include "PolicyRestart_fp.h"
+#include "PolicySecret_fp.h"
+#include "PolicySigned_fp.h"
+#include "PolicyTemplate_fp.h"
+#include "PolicyTicket_fp.h"
+#include "Quote_fp.h"
+#include "RSA_Decrypt_fp.h"
+#include "RSA_Encrypt_fp.h"
+#include "ReadClock_fp.h"
+#include "ReadPublic_fp.h"
+#include "Rewrap_fp.h"
+#include "SelfTest_fp.h"
+#include "SequenceComplete_fp.h"
+#include "SequenceUpdate_fp.h"
+#include "SetAlgorithmSet_fp.h"
+#include "SetCommandCodeAuditStatus_fp.h"
+#include "SetPrimaryPolicy_fp.h"
+#include "Shutdown_fp.h"
+#include "Sign_fp.h"
+#include "StartAuthSession_fp.h"
+#include "Startup_fp.h"
+#include "StirRandom_fp.h"
+#include "TestParms_fp.h"
+#include "Unseal_fp.h"
+#include "VerifySignature_fp.h"
+#include "ZGen_2Phase_fp.h"
+#include "NTC_fp.h"
+
+#include <ibmtss/Parameters12.h>
+
+typedef union {
+    ActivateCredential_In         ActivateCredential;
+    CertifyCreation_In            CertifyCreation;
+    Certify_In                    Certify;
+    ChangeEPS_In                  ChangeEPS;
+    ChangePPS_In                  ChangePPS;
+    ClearControl_In               ClearControl;
+    Clear_In                      Clear;
+    ClockRateAdjust_In            ClockRateAdjust;
+    ClockSet_In                   ClockSet;
+    Commit_In                     Commit;
+    ContextLoad_In                ContextLoad;
+    ContextSave_In                ContextSave;
+    CreatePrimary_In              CreatePrimary;
+    Create_In                     Create;
+    DictionaryAttackLockReset_In  DictionaryAttackLockReset;
+    DictionaryAttackParameters_In DictionaryAttackParameters;
+    Duplicate_In                  Duplicate;
+    ECC_Parameters_In             ECC_Parameters;
+    ECDH_KeyGen_In                ECDH_KeyGen;
+    ECDH_ZGen_In                  ECDH_ZGen;
+    EC_Ephemeral_In               EC_Ephemeral;
+    EncryptDecrypt_In             EncryptDecrypt;
+    EventSequenceComplete_In      EventSequenceComplete;
+    EvictControl_In               EvictControl;
+    FlushContext_In               FlushContext;
+    GetCapability_In              GetCapability;
+    GetCommandAuditDigest_In      GetCommandAuditDigest;
+    GetRandom_In                  GetRandom;
+    GetSessionAuditDigest_In      GetSessionAuditDigest;
+    GetTime_In                    GetTime;
+    HMAC_In                       HMAC;
+    HMAC_Start_In                 HMAC_Start;
+    HashSequenceStart_In          HashSequenceStart;
+    Hash_In                       Hash;
+    HierarchyChangeAuth_In        HierarchyChangeAuth;
+    HierarchyControl_In           HierarchyControl;
+    Import_In                     Import;
+    IncrementalSelfTest_In        IncrementalSelfTest;
+    LoadExternal_In               LoadExternal;
+    Load_In                       Load;
+    MakeCredential_In             MakeCredential;
+    NV_Certify_In                 NV_Certify;
+    NV_ChangeAuth_In              NV_ChangeAuth;
+    NV_DefineSpace_In             NV_DefineSpace;
+    NV_Extend_In                  NV_Extend;
+    NV_GlobalWriteLock_In         NV_GlobalWriteLock;
+    NV_Increment_In               NV_Increment;
+    NV_ReadLock_In                NV_ReadLock;
+    NV_ReadPublic_In              NV_ReadPublic;
+    NV_Read_In                    NV_Read;
+    NV_SetBits_In                 NV_SetBits;
+    NV_UndefineSpaceSpecial_In    NV_UndefineSpaceSpecial;
+    NV_UndefineSpace_In           NV_UndefineSpace;
+    NV_WriteLock_In               NV_WriteLock;
+    NV_Write_In                   NV_Write;
+    ObjectChangeAuth_In           ObjectChangeAuth;
+    PCR_Allocate_In               PCR_Allocate;
+    PCR_Event_In                  PCR_Event;
+    PCR_Extend_In                 PCR_Extend;
+    PCR_Read_In                   PCR_Read;
+    PCR_Reset_In                  PCR_Reset;
+    PCR_SetAuthPolicy_In          PCR_SetAuthPolicy;
+    PCR_SetAuthValue_In           PCR_SetAuthValue;
+    PP_Commands_In                PP_Commands;
+    PolicyAuthValue_In            PolicyAuthValue;
+    PolicyAuthorize_In            PolicyAuthorize;
+    PolicyCommandCode_In          PolicyCommandCode;
+    PolicyCounterTimer_In         PolicyCounterTimer;
+    PolicyCpHash_In               PolicyCpHash;
+    PolicyDuplicationSelect_In    PolicyDuplicationSelect;
+    PolicyGetDigest_In            PolicyGetDigest;
+    PolicyLocality_In             PolicyLocality;
+    PolicyNV_In                   PolicyNV;
+    PolicyAuthorizeNV_In          PolicyAuthorizeNV;
+    PolicyNameHash_In             PolicyNameHash;
+    PolicyOR_In                   PolicyOR;
+    PolicyPCR_In                  PolicyPCR;
+    PolicyPassword_In             PolicyPassword;
+    PolicyPhysicalPresence_In     PolicyPhysicalPresence;
+    PolicyRestart_In              PolicyRestart;
+    PolicySecret_In               PolicySecret;
+    PolicySigned_In               PolicySigned;
+    PolicyTicket_In               PolicyTicket;
+    Quote_In                      Quote;
+    RSA_Decrypt_In                RSA_Decrypt;
+    RSA_Encrypt_In                RSA_Encrypt;
+    ReadPublic_In                 ReadPublic;
+    Rewrap_In                     Rewrap;
+    SelfTest_In                   SelfTest;
+    SequenceComplete_In           SequenceComplete;
+    SequenceUpdate_In             SequenceUpdate;
+    SetAlgorithmSet_In            SetAlgorithmSet;
+    SetCommandCodeAuditStatus_In  SetCommandCodeAuditStatus;
+    SetPrimaryPolicy_In           SetPrimaryPolicy;
+    Shutdown_In                   Shutdown;
+    Sign_In                       Sign;
+    StartAuthSession_In           StartAuthSession;
+    Startup_In                    Startup;
+    StirRandom_In                 StirRandom;
+    TestParms_In                  TestParms;
+    Unseal_In                     Unseal;
+    VerifySignature_In            VerifySignature;
+    ZGen_2Phase_In                ZGen_2Phase;
+
+    ActivateIdentity_In		ActivateIdentity;
+    CreateWrapKey_In		CreateWrapKey;
+    CreateEndorsementKeyPair_In	CreateEndorsementKeyPair;
+    Extend_In			Extend;
+    FlushSpecific_In		FlushSpecific;
+    GetCapability12_In		GetCapability12;
+    MakeIdentity_In		MakeIdentity;
+    NV_DefineSpace12_In		NV_DefineSpace12;
+    NV_ReadValue_In		NV_ReadValue;
+    NV_ReadValueAuth_In		NV_ReadValueAuth;
+    NV_WriteValue_In		NV_WriteValue;
+    NV_WriteValueAuth_In	NV_WriteValueAuth;
+    OSAP_In			OSAP;
+    OwnerReadInternalPub_In	OwnerReadInternalPub;
+    OwnerSetDisable_In		OwnerSetDisable;
+    LoadKey2_In			LoadKey2;
+    PcrRead12_In		PcrRead12;
+    PCR_Reset12_In		PCR_Reset12;
+    Quote2_In			Quote2;
+    ReadPubek_In		ReadPubek;
+    Sign12_In			Sign12;
+    Startup12_In		Startup12;
+    TakeOwnership_In		TakeOwnership;
+} COMMAND_PARAMETERS;
+
+typedef union
+{
+    ActivateCredential_Out         ActivateCredential;
+    CertifyCreation_Out            CertifyCreation;
+    Certify_Out                    Certify;
+    Commit_Out                     Commit;
+    ContextLoad_Out                ContextLoad;
+    ContextSave_Out                ContextSave;
+    CreatePrimary_Out              CreatePrimary;
+    Create_Out                     Create;
+    Duplicate_Out                  Duplicate;
+    ECC_Parameters_Out             ECC_Parameters;
+    ECDH_KeyGen_Out                ECDH_KeyGen;
+    ECDH_ZGen_Out                  ECDH_ZGen;
+    EC_Ephemeral_Out               EC_Ephemeral;
+    EncryptDecrypt_Out             EncryptDecrypt;
+    EventSequenceComplete_Out      EventSequenceComplete;
+    GetCapability_Out              GetCapability;
+    GetCommandAuditDigest_Out      GetCommandAuditDigest;
+    GetRandom_Out                  GetRandom;
+    GetSessionAuditDigest_Out      GetSessionAuditDigest;
+    GetTestResult_Out              GetTestResult;
+    GetTime_Out                    GetTime;
+    HMAC_Out                       HMAC;
+    HMAC_Start_Out                 HMAC_Start;
+    HashSequenceStart_Out          HashSequenceStart;
+    Hash_Out                       Hash;
+    Import_Out                     Import;
+    IncrementalSelfTest_Out        IncrementalSelfTest;
+    LoadExternal_Out               LoadExternal;
+    Load_Out                       Load;
+    MakeCredential_Out             MakeCredential;
+    NV_Certify_Out                 NV_Certify;
+    NV_ReadPublic_Out              NV_ReadPublic;
+    NV_Read_Out                    NV_Read;
+    ObjectChangeAuth_Out           ObjectChangeAuth;
+    PCR_Allocate_Out               PCR_Allocate;
+    PCR_Event_Out                  PCR_Event;
+    PCR_Read_Out                   PCR_Read;
+    PolicyGetDigest_Out            PolicyGetDigest;
+    PolicySecret_Out               PolicySecret;
+    PolicySigned_Out               PolicySigned;
+    Quote_Out                      Quote;
+    RSA_Decrypt_Out                RSA_Decrypt;
+    RSA_Encrypt_Out                RSA_Encrypt;
+    ReadClock_Out                  ReadClock;
+    ReadPublic_Out                 ReadPublic;
+    Rewrap_Out                     Rewrap;
+    SequenceComplete_Out           SequenceComplete;
+    Sign_Out                       Sign;
+    StartAuthSession_Out           StartAuthSession;
+    Unseal_Out                     Unseal;
+    VerifySignature_Out            VerifySignature;
+    ZGen_2Phase_Out                ZGen_2Phase;
+
+    ActivateIdentity_Out		ActivateIdentity;
+    CreateWrapKey_Out			CreateWrapKey;
+    CreateEndorsementKeyPair_Out	CreateEndorsementKeyPair;
+    Extend_Out				Extend;
+    GetCapability12_Out			GetCapability12;
+    MakeIdentity_Out			MakeIdentity;
+    NV_ReadValue_Out			NV_ReadValue;
+    NV_ReadValueAuth_Out		NV_ReadValueAuth;
+    OIAP_Out				OIAP;
+    OSAP_Out				OSAP;
+    OwnerReadInternalPub_Out		OwnerReadInternalPub;
+    LoadKey2_Out			LoadKey2;
+    PcrRead12_Out			PcrRead12;
+    Quote2_Out				Quote2;
+    ReadPubek_Out			ReadPubek;
+    Sign12_Out				Sign12;
+    TakeOwnership_Out			TakeOwnership;
+} RESPONSE_PARAMETERS;
+
+#endif
diff --git a/utils/ibmtss/Parameters12.h b/utils/ibmtss/Parameters12.h
new file mode 100644
index 000000000..90c9fa847
--- /dev/null
+++ b/utils/ibmtss/Parameters12.h
@@ -0,0 +1,68 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: Parameters12.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef PARAMETERS12_H
+#define PARAMETERS12_H
+
+#include <ibmtss/ActivateIdentity_fp.h>
+#include <ibmtss/CreateWrapKey_fp.h>
+#include <ibmtss/CreateEndorsementKeyPair_fp.h>
+#include <ibmtss/Extend_fp.h>
+#include <ibmtss/FlushSpecific_fp.h>
+#include <ibmtss/GetCapability12_fp.h>
+#include <ibmtss/MakeIdentity_fp.h>
+#include <ibmtss/NV_DefineSpace12_fp.h>
+#include <ibmtss/NV_ReadValue_fp.h>
+#include <ibmtss/NV_ReadValueAuth_fp.h>
+#include <ibmtss/NV_WriteValue_fp.h>
+#include <ibmtss/NV_WriteValueAuth_fp.h>
+#include <ibmtss/OIAP_fp.h>
+#include <ibmtss/OSAP_fp.h>
+#include <ibmtss/OwnerReadInternalPub_fp.h>
+#include <ibmtss/OwnerSetDisable_fp.h>
+#include <ibmtss/LoadKey2_fp.h>
+#include <ibmtss/PcrRead12_fp.h>
+#include <ibmtss/PCR_Reset12_fp.h>
+#include <ibmtss/Quote2_fp.h>
+#include <ibmtss/ReadPubek_fp.h>
+#include <ibmtss/Sign12_fp.h>
+#include <ibmtss/Startup12_fp.h>
+#include <ibmtss/TakeOwnership_fp.h>
+
+#endif
diff --git a/utils/ibmtss/PcrRead12_fp.h b/utils/ibmtss/PcrRead12_fp.h
new file mode 100644
index 000000000..dcb22783c
--- /dev/null
+++ b/utils/ibmtss/PcrRead12_fp.h
@@ -0,0 +1,56 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 PcrRead					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef PCRREAD12_FP_H
+#define PCRREAD12_FP_H
+
+typedef struct {
+    TPM_PCRINDEX pcrIndex;
+} PcrRead12_In;
+
+typedef struct {
+    TPM_PCRVALUE outDigest;
+} PcrRead12_Out;
+
+TPM_RC
+TPM_PcrRead12(
+	      PcrRead12_In     *in,            // IN: input parameter list
+	      PcrRead12_Out    *out            // OUT: output parameter list
+	      );
+
+#endif
diff --git a/utils/ibmtss/PolicyAuthValue_fp.h b/utils/ibmtss/PolicyAuthValue_fp.h
new file mode 100644
index 000000000..c09a57bda
--- /dev/null
+++ b/utils/ibmtss/PolicyAuthValue_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyAuthValue_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYAUTHVALUE_FP_H
+#define POLICYAUTHVALUE_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+} PolicyAuthValue_In;
+
+#define RC_PolicyAuthValue_policySession	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyAuthValue(
+		     PolicyAuthValue_In  *in             // IN: input parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyAuthorizeNV_fp.h b/utils/ibmtss/PolicyAuthorizeNV_fp.h
new file mode 100644
index 000000000..9b70b5c6f
--- /dev/null
+++ b/utils/ibmtss/PolicyAuthorizeNV_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     	PolicyAuthorizeNV				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015, 2016				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 136 */
+
+#ifndef POLICYAUTHORIZENV_FP_H
+#define POLICYAUTHORIZENV_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPMI_SH_POLICY	policySession;
+} PolicyAuthorizeNV_In;
+
+#define RC_PolicyAuthorizeNV_authHandle		(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyAuthorizeNV_nvIndex		(TPM_RC_H + TPM_RC_2)
+#define RC_PolicyAuthorizeNV_policySession	(TPM_RC_H + TPM_RC_3)
+
+TPM_RC
+TPM2_PolicyAuthorizeNV(
+		       PolicyAuthorizeNV_In     *in             // IN: input parameter list
+		       );
+
+#endif
diff --git a/utils/ibmtss/PolicyAuthorize_fp.h b/utils/ibmtss/PolicyAuthorize_fp.h
new file mode 100644
index 000000000..da1ddd723
--- /dev/null
+++ b/utils/ibmtss/PolicyAuthorize_fp.h
@@ -0,0 +1,86 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyAuthorize_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYAUTHORIZE_FP_H
+#define POLICYAUTHORIZE_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_DIGEST	approvedPolicy;
+    TPM2B_NONCE		policyRef;
+    TPM2B_NAME		keySign;
+    TPMT_TK_VERIFIED	checkTicket;
+} PolicyAuthorize_In;
+
+#define RC_PolicyAuthorize_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyAuthorize_approvedPolicy 	(TPM_RC_P + TPM_RC_1)
+#define RC_PolicyAuthorize_policyRef		(TPM_RC_P + TPM_RC_2)
+#define RC_PolicyAuthorize_keySign 		(TPM_RC_P + TPM_RC_3)
+#define RC_PolicyAuthorize_checkTicket 		(TPM_RC_P + TPM_RC_4)
+
+TPM_RC
+TPM2_PolicyAuthorize(
+		     PolicyAuthorize_In  *in             // IN: input parameter list
+		     );
+
+#endif
diff --git a/utils/ibmtss/PolicyCommandCode_fp.h b/utils/ibmtss/PolicyCommandCode_fp.h
new file mode 100644
index 000000000..bc74c58a4
--- /dev/null
+++ b/utils/ibmtss/PolicyCommandCode_fp.h
@@ -0,0 +1,80 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyCommandCode_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYCOMMANDCODE_FP_H
+#define POLICYCOMMANDCODE_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM_CC		code;
+} PolicyCommandCode_In;
+
+#define RC_PolicyCommandCode_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyCommandCode_code 		(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyCommandCode(
+		       PolicyCommandCode_In    *in             // IN: input parameter list
+		       );
+
+#endif
diff --git a/utils/ibmtss/PolicyCounterTimer_fp.h b/utils/ibmtss/PolicyCounterTimer_fp.h
new file mode 100644
index 000000000..605de794e
--- /dev/null
+++ b/utils/ibmtss/PolicyCounterTimer_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyCounterTimer_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYCOUNTERTIMER_FP_H
+#define POLICYCOUNTERTIMER_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_OPERAND	operandB;
+    UINT16		offset;
+    TPM_EO		operation;
+} PolicyCounterTimer_In;
+
+#define RC_PolicyCounterTimer_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyCounterTimer_operandB		(TPM_RC_P + TPM_RC_1)
+#define RC_PolicyCounterTimer_offset		(TPM_RC_P + TPM_RC_2)
+#define RC_PolicyCounterTimer_operation		(TPM_RC_P + TPM_RC_3)
+
+TPM_RC
+TPM2_PolicyCounterTimer(
+			PolicyCounterTimer_In   *in             // IN: input parameter list
+			);
+
+
+#endif
diff --git a/utils/ibmtss/PolicyCpHash_fp.h b/utils/ibmtss/PolicyCpHash_fp.h
new file mode 100644
index 000000000..f2395513a
--- /dev/null
+++ b/utils/ibmtss/PolicyCpHash_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyCpHash_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYCPHASH_FP_H
+#define POLICYCPHASH_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_DIGEST	cpHashA;
+} PolicyCpHash_In;
+
+#define RC_PolicyCpHash_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyCpHash_cpHashA 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyCpHash(
+		  PolicyCpHash_In     *in             // IN: input parameter list
+		  );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyDuplicationSelect_fp.h b/utils/ibmtss/PolicyDuplicationSelect_fp.h
new file mode 100644
index 000000000..12a5d3304
--- /dev/null
+++ b/utils/ibmtss/PolicyDuplicationSelect_fp.h
@@ -0,0 +1,85 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: PolicyDuplicationSelect_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYDUPLICATIONSELECT_FP_H
+#define POLICYDUPLICATIONSELECT_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_NAME		objectName;
+    TPM2B_NAME		newParentName;
+    TPMI_YES_NO		includeObject;
+} PolicyDuplicationSelect_In;
+
+#define RC_PolicyDuplicationSelect_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyDuplicationSelect_objectName		(TPM_RC_P + TPM_RC_1)
+#define RC_PolicyDuplicationSelect_newParentName	(TPM_RC_P + TPM_RC_2)
+#define RC_PolicyDuplicationSelect_includeObject	(TPM_RC_P + TPM_RC_3)
+
+TPM_RC
+TPM2_PolicyDuplicationSelect(
+			     PolicyDuplicationSelect_In  *in             // IN: input parameter list
+			     );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyGetDigest_fp.h b/utils/ibmtss/PolicyGetDigest_fp.h
new file mode 100644
index 000000000..0283ee17a
--- /dev/null
+++ b/utils/ibmtss/PolicyGetDigest_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyGetDigest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYGETDIGEST_FP_H
+#define POLICYGETDIGEST_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+} PolicyGetDigest_In;
+
+#define RC_PolicyGetDigest_policySession	(TPM_RC_P + TPM_RC_1)
+
+typedef struct {
+    TPM2B_DIGEST	policyDigest;
+} PolicyGetDigest_Out;
+
+TPM_RC
+TPM2_PolicyGetDigest(
+		     PolicyGetDigest_In      *in,            // IN: input parameter list
+		     PolicyGetDigest_Out     *out            // OUT: output parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyLocality_fp.h b/utils/ibmtss/PolicyLocality_fp.h
new file mode 100644
index 000000000..f41fa654a
--- /dev/null
+++ b/utils/ibmtss/PolicyLocality_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyLocality_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYLOCALITY_FP_H
+#define POLICYLOCALITY_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPMA_LOCALITY	locality;
+} PolicyLocality_In;
+
+#define RC_PolicyLocality_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyLocality_locality 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyLocality(
+		    PolicyLocality_In   *in             // IN: input parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyNV_fp.h b/utils/ibmtss/PolicyNV_fp.h
new file mode 100644
index 000000000..580eefffc
--- /dev/null
+++ b/utils/ibmtss/PolicyNV_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyNV_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYNV_FP_H
+#define POLICYNV_FP_H
+
+typedef struct {
+    TPMI_RH_NV_AUTH	authHandle;
+    TPMI_RH_NV_INDEX	nvIndex;
+    TPMI_SH_POLICY	policySession;
+    TPM2B_OPERAND	operandB;
+    UINT16		offset;
+    TPM_EO		operation;
+} PolicyNV_In;
+
+#define RC_PolicyNV_authHandle		(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyNV_nvIndex		(TPM_RC_H + TPM_RC_2)
+#define RC_PolicyNV_policySession	(TPM_RC_H + TPM_RC_3)
+#define RC_PolicyNV_operandB 		(TPM_RC_P + TPM_RC_1)
+#define RC_PolicyNV_offset 		(TPM_RC_P + TPM_RC_2)
+#define RC_PolicyNV_operation		(TPM_RC_P + TPM_RC_3)
+
+TPM_RC
+TPM2_PolicyNV(
+	      PolicyNV_In     *in             // IN: input parameter list
+	      );
+
+#endif
diff --git a/utils/ibmtss/PolicyNameHash_fp.h b/utils/ibmtss/PolicyNameHash_fp.h
new file mode 100644
index 000000000..39c73ee85
--- /dev/null
+++ b/utils/ibmtss/PolicyNameHash_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyNameHash_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYNAMEHASH_FP_H
+#define POLICYNAMEHASH_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_DIGEST	nameHash;
+} PolicyNameHash_In;
+
+#define RC_PolicyNameHash_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyNameHash_nameHash 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyNameHash(
+		    PolicyNameHash_In   *in             // IN: input parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyNvWritten_fp.h b/utils/ibmtss/PolicyNvWritten_fp.h
new file mode 100644
index 000000000..afe514f8a
--- /dev/null
+++ b/utils/ibmtss/PolicyNvWritten_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyNvWritten_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYNVWRITTEN_FP_H
+#define POLICYNVWRITTEN_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPMI_YES_NO		writtenSet;
+} PolicyNvWritten_In;
+
+#define RC_PolicyNvWritten_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyNvWritten_writtenSet 		(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyNvWritten(
+		     PolicyNvWritten_In  *in             // IN: input parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyOR_fp.h b/utils/ibmtss/PolicyOR_fp.h
new file mode 100644
index 000000000..cc1024a72
--- /dev/null
+++ b/utils/ibmtss/PolicyOR_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyOR_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYOR_FP_H
+#define POLICYOR_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPML_DIGEST		pHashList;
+} PolicyOR_In;
+
+#define RC_PolicyOR_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyOR_pHashList 		(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyOR(
+	      PolicyOR_In     *in             // IN: input parameter list
+	      );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyPCR_fp.h b/utils/ibmtss/PolicyPCR_fp.h
new file mode 100644
index 000000000..6d9f715c6
--- /dev/null
+++ b/utils/ibmtss/PolicyPCR_fp.h
@@ -0,0 +1,82 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyPCR_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYPCR_FP_H
+#define POLICYPCR_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_DIGEST	pcrDigest;
+    TPML_PCR_SELECTION	pcrs;
+} PolicyPCR_In;
+
+#define RC_PolicyPCR_policySession 	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyPCR_pcrDigest		(TPM_RC_P + TPM_RC_1)
+#define RC_PolicyPCR_pcrs		(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_PolicyPCR(
+	       PolicyPCR_In    *in             // IN: input parameter list
+	       );
+
+#endif
diff --git a/utils/ibmtss/PolicyPassword_fp.h b/utils/ibmtss/PolicyPassword_fp.h
new file mode 100644
index 000000000..033578bf1
--- /dev/null
+++ b/utils/ibmtss/PolicyPassword_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyPassword_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYPASSWORD_FP_H
+#define POLICYPASSWORD_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+} PolicyPassword_In;
+
+#define RC_PolicyPassword_policySession	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyPassword(
+		    PolicyPassword_In   *in             // IN: input parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyPhysicalPresence_fp.h b/utils/ibmtss/PolicyPhysicalPresence_fp.h
new file mode 100644
index 000000000..1386259c8
--- /dev/null
+++ b/utils/ibmtss/PolicyPhysicalPresence_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: PolicyPhysicalPresence_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYPHYSICALPRESENCE_FP_H
+#define POLICYPHYSICALPRESENCE_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+} PolicyPhysicalPresence_In;
+
+#define RC_PolicyPhysicalPresence_policySession	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyPhysicalPresence(
+			    PolicyPhysicalPresence_In   *in             // IN: input parameter list
+			    );
+
+#endif
diff --git a/utils/ibmtss/PolicyRestart_fp.h b/utils/ibmtss/PolicyRestart_fp.h
new file mode 100644
index 000000000..615d87fe1
--- /dev/null
+++ b/utils/ibmtss/PolicyRestart_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyRestart_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYRESTART_FP_H
+#define POLICYRESTART_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	sessionHandle;
+} PolicyRestart_In;
+
+#define RC_PolicyRestart_sessionHandle	(TPM_RC_H + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyRestart(
+		   PolicyRestart_In    *in             // IN: input parameter list
+		   );
+
+
+#endif
diff --git a/utils/ibmtss/PolicySecret_fp.h b/utils/ibmtss/PolicySecret_fp.h
new file mode 100644
index 000000000..f90378a6c
--- /dev/null
+++ b/utils/ibmtss/PolicySecret_fp.h
@@ -0,0 +1,95 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicySecret_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 124 */
+
+#ifndef POLICYSECRET_FP_H
+#define POLICYSECRET_FP_H
+
+typedef struct {
+    TPMI_DH_ENTITY	authHandle;
+    TPMI_SH_POLICY	policySession;
+    TPM2B_NONCE		nonceTPM;
+    TPM2B_DIGEST	cpHashA;
+    TPM2B_NONCE		policyRef;
+    INT32		expiration;
+} PolicySecret_In;
+
+#define RC_PolicySecret_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicySecret_policySession	(TPM_RC_H + TPM_RC_2)
+#define RC_PolicySecret_nonceTPM	(TPM_RC_P + TPM_RC_1)
+#define RC_PolicySecret_cpHashA		(TPM_RC_P + TPM_RC_2)
+#define RC_PolicySecret_policyRef	(TPM_RC_P + TPM_RC_3)
+#define RC_PolicySecret_expiration	(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM2B_TIMEOUT	timeout;
+    TPMT_TK_AUTH	policyTicket;
+} PolicySecret_Out;
+
+TPM_RC
+TPM2_PolicySecret(
+		  PolicySecret_In     *in,            // IN: input parameter list
+		  PolicySecret_Out    *out            // OUT: output parameter list
+		  );
+
+
+#endif
diff --git a/utils/ibmtss/PolicySigned_fp.h b/utils/ibmtss/PolicySigned_fp.h
new file mode 100644
index 000000000..d51f7bc6e
--- /dev/null
+++ b/utils/ibmtss/PolicySigned_fp.h
@@ -0,0 +1,96 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicySigned_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYSIGNED_FP_H
+#define POLICYSIGNED_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	authObject;
+    TPMI_SH_POLICY	policySession;
+    TPM2B_NONCE		nonceTPM;
+    TPM2B_DIGEST	cpHashA;
+    TPM2B_NONCE		policyRef;
+    INT32		expiration;
+    TPMT_SIGNATURE	auth;
+} PolicySigned_In;
+
+#define RC_PolicySigned_authObject	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicySigned_policySession	(TPM_RC_H + TPM_RC_2)
+#define RC_PolicySigned_nonceTPM	(TPM_RC_P + TPM_RC_1)
+#define RC_PolicySigned_cpHashA		(TPM_RC_P + TPM_RC_2)
+#define RC_PolicySigned_policyRef	(TPM_RC_P + TPM_RC_3)
+#define RC_PolicySigned_expiration	(TPM_RC_P + TPM_RC_4)
+#define RC_PolicySigned_auth 		(TPM_RC_P + TPM_RC_5)
+
+typedef struct {
+    TPM2B_TIMEOUT	timeout;
+    TPMT_TK_AUTH	policyTicket;
+} PolicySigned_Out;
+
+TPM_RC
+TPM2_PolicySigned(
+		  PolicySigned_In     *in,            // IN: input parameter list
+		  PolicySigned_Out    *out            // OUT: output parameter list
+		  );
+
+#endif
diff --git a/utils/ibmtss/PolicyTemplate_fp.h b/utils/ibmtss/PolicyTemplate_fp.h
new file mode 100644
index 000000000..23e40f44b
--- /dev/null
+++ b/utils/ibmtss/PolicyTemplate_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyTemplate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015, 2016				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYTEMPLATE_FP_H
+#define POLICYTEMPLATE_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_DIGEST	templateHash;
+} PolicyTemplate_In;
+
+#define RC_PolicyTemplate_policySession	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyTemplate_templateHash 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_PolicyTemplate(
+		    PolicyTemplate_In     *in             // IN: input parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/PolicyTicket_fp.h b/utils/ibmtss/PolicyTicket_fp.h
new file mode 100644
index 000000000..7c680a0f6
--- /dev/null
+++ b/utils/ibmtss/PolicyTicket_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: PolicyTicket_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef POLICYTICKET_FP_H
+#define POLICYTICKET_FP_H
+
+typedef struct {
+    TPMI_SH_POLICY	policySession;
+    TPM2B_TIMEOUT	timeout;
+    TPM2B_DIGEST	cpHashA;
+    TPM2B_NONCE		policyRef;
+    TPM2B_NAME		authName;
+    TPMT_TK_AUTH	ticket;
+} PolicyTicket_In;
+
+#define RC_PolicyTicket_policySession 	(TPM_RC_H + TPM_RC_1)
+#define RC_PolicyTicket_timeout 	(TPM_RC_P + TPM_RC_1)
+#define RC_PolicyTicket_cpHashA 	(TPM_RC_P + TPM_RC_2)
+#define RC_PolicyTicket_policyRef	(TPM_RC_P + TPM_RC_3)
+#define RC_PolicyTicket_authName	(TPM_RC_P + TPM_RC_4)
+#define RC_PolicyTicket_ticket 		(TPM_RC_P + TPM_RC_5)
+
+TPM_RC
+TPM2_PolicyTicket(
+		  PolicyTicket_In     *in             // IN: input parameter list
+		  );
+
+
+#endif
diff --git a/utils/ibmtss/Quote2_fp.h b/utils/ibmtss/Quote2_fp.h
new file mode 100644
index 000000000..14e717579
--- /dev/null
+++ b/utils/ibmtss/Quote2_fp.h
@@ -0,0 +1,69 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Quote2					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: Quote2_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef QUOTE2_FP_H
+#define QUOTE2_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_KEY_HANDLE keyHandle;
+    TPM_NONCE externalData;
+    TPM_PCR_SELECTION targetPCR;
+    TPM_BOOL addVersion;
+} Quote2_In;  
+
+typedef struct {
+    TPM_PCR_INFO_SHORT pcrData;
+    UINT32 versionInfoSize;
+    TPM_CAP_VERSION_INFO versionInfo;
+    UINT32 sigSize;
+    BYTE  sig[MAX_RSA_KEY_BYTES];
+} Quote2_Out;  
+
+TPM_RC
+TPM2_Quote2(
+	    Quote2_In *in,            // IN: input parameter buffer
+	    Quote2_Out *out           // OUT: output parameter buffer
+	    );
+
+#endif
diff --git a/utils/ibmtss/Quote_fp.h b/utils/ibmtss/Quote_fp.h
new file mode 100644
index 000000000..75fcaa760
--- /dev/null
+++ b/utils/ibmtss/Quote_fp.h
@@ -0,0 +1,91 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Quote_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef QUOTE_FP_H
+#define QUOTE_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	signHandle;
+    TPM2B_DATA		qualifyingData;
+    TPMT_SIG_SCHEME	inScheme;
+    TPML_PCR_SELECTION	PCRselect;
+} Quote_In;
+
+#define RC_Quote_signHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_Quote_qualifyingData	(TPM_RC_P + TPM_RC_1)
+#define RC_Quote_inScheme	(TPM_RC_P + TPM_RC_2)
+#define RC_Quote_PCRselect	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_ATTEST	quoted;
+    TPMT_SIGNATURE	signature;
+} Quote_Out;
+
+TPM_RC
+TPM2_Quote(
+	   Quote_In        *in,            // IN: input parameter list
+	   Quote_Out       *out            // OUT: output parameter list
+	   );
+
+
+#endif
diff --git a/utils/ibmtss/RSA_Decrypt_fp.h b/utils/ibmtss/RSA_Decrypt_fp.h
new file mode 100644
index 000000000..2c8a41f8e
--- /dev/null
+++ b/utils/ibmtss/RSA_Decrypt_fp.h
@@ -0,0 +1,90 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: RSA_Decrypt_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef RSA_DECRYPT_FP_H
+#define RSA_DECRYPT_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		keyHandle;
+    TPM2B_PUBLIC_KEY_RSA	cipherText; 
+    TPMT_RSA_DECRYPT		inScheme;
+    TPM2B_DATA			label;
+} RSA_Decrypt_In;
+
+#define RC_RSA_Decrypt_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_RSA_Decrypt_cipherText	(TPM_RC_P + TPM_RC_1)
+#define RC_RSA_Decrypt_inScheme 	(TPM_RC_P + TPM_RC_2)
+#define RC_RSA_Decrypt_label 		(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_PUBLIC_KEY_RSA	message;
+} RSA_Decrypt_Out;
+
+TPM_RC
+TPM2_RSA_Decrypt(
+		 RSA_Decrypt_In      *in,            // IN: input parameter list
+		 RSA_Decrypt_Out     *out            // OUT: output parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/RSA_Encrypt_fp.h b/utils/ibmtss/RSA_Encrypt_fp.h
new file mode 100644
index 000000000..d7be59099
--- /dev/null
+++ b/utils/ibmtss/RSA_Encrypt_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: RSA_Encrypt_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef RSA_ENCRYPT_FP_H
+#define RSA_ENCRYPT_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		keyHandle;
+    TPM2B_PUBLIC_KEY_RSA	message;
+    TPMT_RSA_DECRYPT		inScheme;
+    TPM2B_DATA			label;
+} RSA_Encrypt_In;
+
+#define RC_RSA_Encrypt_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_RSA_Encrypt_message		(TPM_RC_P + TPM_RC_1)
+#define RC_RSA_Encrypt_inScheme 	(TPM_RC_P + TPM_RC_2)
+#define RC_RSA_Encrypt_label 		(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_PUBLIC_KEY_RSA	outData;
+} RSA_Encrypt_Out;
+
+TPM_RC
+TPM2_RSA_Encrypt(
+		 RSA_Encrypt_In      *in,            // IN: input parameter list
+		 RSA_Encrypt_Out     *out            // OUT: output parameter list
+		 );
+
+#endif
diff --git a/utils/ibmtss/ReadClock_fp.h b/utils/ibmtss/ReadClock_fp.h
new file mode 100644
index 000000000..b0d7a68f7
--- /dev/null
+++ b/utils/ibmtss/ReadClock_fp.h
@@ -0,0 +1,77 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ReadClock_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef READCLOCK_FP_H
+#define READCLOCK_FP_H
+
+typedef struct {
+    TPMS_TIME_INFO	currentTime;
+} ReadClock_Out;
+
+TPM_RC
+TPM2_ReadClock(
+	       ReadClock_Out   *out            // OUT: output parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/ReadPubek_fp.h b/utils/ibmtss/ReadPubek_fp.h
new file mode 100644
index 000000000..440fbefe9
--- /dev/null
+++ b/utils/ibmtss/ReadPubek_fp.h
@@ -0,0 +1,63 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 ReadPubek					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: ReadPubek_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef READPUBEK_FP_H
+#define READPUBEK_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_NONCE antiReplay;
+} ReadPubek_In;  
+
+typedef struct {
+    TPM_PUBKEY pubEndorsementKey;
+    TPM_DIGEST checksum;
+} ReadPubek_Out;  
+
+TPM_RC
+TPM2_ReadPubek(
+	    ReadPubek_In *in,            // IN: input parameter buffer
+	    ReadPubek_Out *out           // OUT: output parameter buffer
+	    );
+
+#endif
diff --git a/utils/ibmtss/ReadPublic_fp.h b/utils/ibmtss/ReadPublic_fp.h
new file mode 100644
index 000000000..ad3fc2c70
--- /dev/null
+++ b/utils/ibmtss/ReadPublic_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ReadPublic_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef READPUBLIC_FP_H
+#define READPUBLIC_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	objectHandle;
+} ReadPublic_In;
+
+#define RC_ReadPublic_objectHandle	(TPM_RC_H + TPM_RC_1)
+
+typedef struct {
+    TPM2B_PUBLIC	outPublic;
+    TPM2B_NAME		name;
+    TPM2B_NAME		qualifiedName;
+} ReadPublic_Out;
+
+TPM_RC
+TPM2_ReadPublic(
+		ReadPublic_In   *in,            // IN: input parameter list
+		ReadPublic_Out  *out            // OUT: output parameter list
+		);
+#endif
diff --git a/utils/ibmtss/Rewrap_fp.h b/utils/ibmtss/Rewrap_fp.h
new file mode 100644
index 000000000..83b4b627c
--- /dev/null
+++ b/utils/ibmtss/Rewrap_fp.h
@@ -0,0 +1,92 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Rewrap_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef REWRAP_FP_H
+#define REWRAP_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		oldParent;
+    TPMI_DH_OBJECT		newParent;
+    TPM2B_PRIVATE		inDuplicate;
+    TPM2B_NAME			name;
+    TPM2B_ENCRYPTED_SECRET	inSymSeed;
+} Rewrap_In;
+
+#define RC_Rewrap_oldParent 	(TPM_RC_H + TPM_RC_1)
+#define RC_Rewrap_newParent 	(TPM_RC_H + TPM_RC_2)
+#define RC_Rewrap_inDuplicate 	(TPM_RC_P + TPM_RC_1)
+#define RC_Rewrap_name		(TPM_RC_P + TPM_RC_2)
+#define RC_Rewrap_inSymSeed 	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPM2B_PRIVATE		outDuplicate;
+    TPM2B_ENCRYPTED_SECRET	outSymSeed;
+} Rewrap_Out;
+
+TPM_RC
+TPM2_Rewrap(
+	    Rewrap_In       *in,            // IN: input parameter list
+	    Rewrap_Out      *out            // OUT: output parameter list
+	    );
+
+#endif
diff --git a/utils/ibmtss/SelfTest_fp.h b/utils/ibmtss/SelfTest_fp.h
new file mode 100644
index 000000000..33d4c6bdb
--- /dev/null
+++ b/utils/ibmtss/SelfTest_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: SelfTest_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SELFTEST_FP_H
+#define SELFTEST_FP_H
+
+typedef struct{
+    TPMI_YES_NO	fullTest;
+} SelfTest_In;     
+
+#define RC_SelfTest_fullTest 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_SelfTest(
+	      SelfTest_In     *in             // IN: input parameter list
+	      );
+
+#endif
diff --git a/utils/ibmtss/SequenceComplete_fp.h b/utils/ibmtss/SequenceComplete_fp.h
new file mode 100644
index 000000000..9064c96a4
--- /dev/null
+++ b/utils/ibmtss/SequenceComplete_fp.h
@@ -0,0 +1,92 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: SequenceComplete_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SEQUENCECOMPLETE_FP_H
+#define SEQUENCECOMPLETE_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	sequenceHandle;
+    TPM2B_MAX_BUFFER	buffer;
+    TPMI_RH_HIERARCHY	hierarchy;
+} SequenceComplete_In;
+
+#define RC_SequenceComplete_sequenceHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_SequenceComplete_buffer		(TPM_RC_P + TPM_RC_1)
+#define RC_SequenceComplete_hierarchy		(TPM_RC_P + TPM_RC_2)
+
+
+typedef struct {
+    TPM2B_DIGEST	result;
+    TPMT_TK_HASHCHECK	validation;
+} SequenceComplete_Out;
+
+
+
+TPM_RC
+TPM2_SequenceComplete(
+		      SequenceComplete_In     *in,            // IN: input parameter list
+		      SequenceComplete_Out    *out            // OUT: output parameter list
+		      );
+
+
+#endif
diff --git a/utils/ibmtss/SequenceUpdate_fp.h b/utils/ibmtss/SequenceUpdate_fp.h
new file mode 100644
index 000000000..dd094178a
--- /dev/null
+++ b/utils/ibmtss/SequenceUpdate_fp.h
@@ -0,0 +1,82 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: SequenceUpdate_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SEQUENCEUPDATE_FP_H
+#define SEQUENCEUPDATE_FP_H
+
+
+typedef struct {
+    TPMI_DH_OBJECT	sequenceHandle;
+    TPM2B_MAX_BUFFER	buffer;
+} SequenceUpdate_In;
+
+#define RC_SequenceUpdate_sequenceHandle 	(TPM_RC_P + TPM_RC_1)
+#define RC_SequenceUpdate_buffer		(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_SequenceUpdate(
+		    SequenceUpdate_In   *in             // IN: input parameter list
+		    );
+
+
+#endif
diff --git a/utils/ibmtss/SetAlgorithmSet_fp.h b/utils/ibmtss/SetAlgorithmSet_fp.h
new file mode 100644
index 000000000..c352f4d74
--- /dev/null
+++ b/utils/ibmtss/SetAlgorithmSet_fp.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: SetAlgorithmSet_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SETALGORITHMSET_FP_H
+#define SETALGORITHMSET_FP_H
+
+typedef struct {
+    TPMI_RH_PLATFORM	authHandle;
+    UINT32		algorithmSet;
+} SetAlgorithmSet_In;
+
+#define RC_SetAlgorithmSet_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_SetAlgorithmSet_algorithmSet	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_SetAlgorithmSet(
+		     SetAlgorithmSet_In  *in             // IN: input parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/SetCommandCodeAuditStatus_fp.h b/utils/ibmtss/SetCommandCodeAuditStatus_fp.h
new file mode 100644
index 000000000..1ddb50fbb
--- /dev/null
+++ b/utils/ibmtss/SetCommandCodeAuditStatus_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	$Id: SetCommandCodeAuditStatus_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SETCOMMANDCODEAUDITSTATUS_FP_H
+#define SETCOMMANDCODEAUDITSTATUS_FP_H
+
+typedef struct {
+    TPMI_RH_PROVISION	auth;
+    TPMI_ALG_HASH	auditAlg;
+    TPML_CC		setList;
+    TPML_CC		clearList;
+} SetCommandCodeAuditStatus_In;
+
+#define RC_SetCommandCodeAuditStatus_auth	(TPM_RC_H + TPM_RC_1)
+#define RC_SetCommandCodeAuditStatus_auditAlg 	(TPM_RC_P + TPM_RC_1)
+#define RC_SetCommandCodeAuditStatus_setList	(TPM_RC_P + TPM_RC_2)
+#define RC_SetCommandCodeAuditStatus_clearList	(TPM_RC_P + TPM_RC_3)
+
+TPM_RC
+TPM2_SetCommandCodeAuditStatus(
+			       SetCommandCodeAuditStatus_In    *in             // IN: input parameter list
+			       );
+
+#endif
diff --git a/utils/ibmtss/SetPrimaryPolicy_fp.h b/utils/ibmtss/SetPrimaryPolicy_fp.h
new file mode 100644
index 000000000..ea7ce050f
--- /dev/null
+++ b/utils/ibmtss/SetPrimaryPolicy_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*		TPM2_SetPrimaryPolicy Command Header   				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+#ifndef SETPRIMARYPOLICY_FP_H
+#define SETPRIMARYPOLICY_FP_H
+
+typedef struct {
+    TPMI_RH_HIERARCHY_POLICY	authHandle;
+    TPM2B_DIGEST		authPolicy;
+    TPMI_ALG_HASH		hashAlg;
+} SetPrimaryPolicy_In;
+
+#define RC_SetPrimaryPolicy_authHandle	(TPM_RC_H + TPM_RC_1)
+#define RC_SetPrimaryPolicy_authPolicy 	(TPM_RC_P + TPM_RC_1)
+#define RC_SetPrimaryPolicy_hashAlg	(TPM_RC_P + TPM_RC_2)
+
+TPM_RC
+TPM2_SetPrimaryPolicy(
+		      SetPrimaryPolicy_In     *in             // IN: input parameter list
+		      );
+
+#endif
diff --git a/utils/ibmtss/Shutdown_fp.h b/utils/ibmtss/Shutdown_fp.h
new file mode 100644
index 000000000..51c6bc35f
--- /dev/null
+++ b/utils/ibmtss/Shutdown_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Shutdown_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SHUTDOWN_FP_H
+#define SHUTDOWN_FP_H
+
+typedef struct{
+    TPM_SU shutdownType;
+} Shutdown_In;
+
+#define RC_Shutdown_shutdownType  (TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_Shutdown(
+	      Shutdown_In     *in             // IN: input parameter list
+	      );
+
+
+#endif
diff --git a/utils/ibmtss/Sign12_fp.h b/utils/ibmtss/Sign12_fp.h
new file mode 100644
index 000000000..dfaa238bf
--- /dev/null
+++ b/utils/ibmtss/Sign12_fp.h
@@ -0,0 +1,65 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Sign12					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: Sign12_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef SIGN12_FP_H
+#define SIGN12_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_KEY_HANDLE keyHandle;
+    UINT32 areaToSignSize;
+    BYTE areaToSign[MAX_COMMAND_SIZE];
+} Sign12_In;  
+
+typedef struct {
+    UINT32 sigSize;
+    BYTE  sig[MAX_RSA_KEY_BYTES];
+} Sign12_Out;  
+
+TPM_RC
+TPM2_Sign12(
+	    Sign12_In *in,            // IN: input parameter buffer
+	    Sign12_Out *out           // OUT: output parameter buffer
+	    );
+
+#endif
diff --git a/utils/ibmtss/Sign_fp.h b/utils/ibmtss/Sign_fp.h
new file mode 100644
index 000000000..41feb75d3
--- /dev/null
+++ b/utils/ibmtss/Sign_fp.h
@@ -0,0 +1,89 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Sign_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef SIGN_FP_H
+#define SIGN_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	keyHandle;
+    TPM2B_DIGEST	digest;
+    TPMT_SIG_SCHEME	inScheme;
+    TPMT_TK_HASHCHECK	validation;
+} Sign_In;
+
+#define RC_Sign_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_Sign_digest 		(TPM_RC_P + TPM_RC_1)
+#define RC_Sign_inScheme 	(TPM_RC_P + TPM_RC_2)
+#define RC_Sign_validation 	(TPM_RC_P + TPM_RC_3)
+
+typedef struct {
+    TPMT_SIGNATURE	signature;
+} Sign_Out;
+
+TPM_RC
+TPM2_Sign(
+	  Sign_In         *in,            // IN: input parameter list
+	  Sign_Out        *out            // OUT: output parameter list
+	  );
+
+#endif
diff --git a/utils/ibmtss/StartAuthSession_fp.h b/utils/ibmtss/StartAuthSession_fp.h
new file mode 100644
index 000000000..03e8bb02e
--- /dev/null
+++ b/utils/ibmtss/StartAuthSession_fp.h
@@ -0,0 +1,97 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: StartAuthSession_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef STARTAUTHSESSION_FP_H
+#define STARTAUTHSESSION_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		tpmKey;
+    TPMI_DH_ENTITY		bind;
+    TPM2B_NONCE			nonceCaller;
+    TPM2B_ENCRYPTED_SECRET	encryptedSalt;
+    TPM_SE			sessionType;
+    TPMT_SYM_DEF		symmetric;
+    TPMI_ALG_HASH		authHash;
+} StartAuthSession_In;
+
+typedef struct {
+    TPMI_SH_AUTH_SESSION	sessionHandle;
+    TPM2B_NONCE			nonceTPM;
+} StartAuthSession_Out;  
+
+#define RC_StartAuthSession_tpmKey 		(TPM_RC_H + TPM_RC_1)
+#define RC_StartAuthSession_bind 		(TPM_RC_H + TPM_RC_2)
+#define RC_StartAuthSession_nonceCaller 	(TPM_RC_P + TPM_RC_1)
+#define RC_StartAuthSession_encryptedSalt 	(TPM_RC_P + TPM_RC_2)
+#define RC_StartAuthSession_sessionType 	(TPM_RC_P + TPM_RC_3)
+#define RC_StartAuthSession_symmetric 		(TPM_RC_P + TPM_RC_4)
+#define RC_StartAuthSession_authHash 		(TPM_RC_P + TPM_RC_5)
+
+TPM_RC
+TPM2_StartAuthSession(
+		      StartAuthSession_In     *in,            // IN: input parameter buffer
+		      StartAuthSession_Out    *out            // OUT: output parameter buffer
+		      );
+
+
+#endif
diff --git a/utils/ibmtss/Startup12_fp.h b/utils/ibmtss/Startup12_fp.h
new file mode 100644
index 000000000..4247810f9
--- /dev/null
+++ b/utils/ibmtss/Startup12_fp.h
@@ -0,0 +1,50 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              		                                */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*            $Id: Startup12_fp.h 1257 2018-06-27 20:52:08Z kgoldman $         */
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2018						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef STARTUP12_FP_H
+#define STARTUP12_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+
+typedef struct {
+    TPM_STARTUP_TYPE startupType; 
+} Startup12_In;
+
+
+#endif
diff --git a/utils/ibmtss/Startup_fp.h b/utils/ibmtss/Startup_fp.h
new file mode 100644
index 000000000..c5e409fef
--- /dev/null
+++ b/utils/ibmtss/Startup_fp.h
@@ -0,0 +1,84 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Startup_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef STARTUP_FP_H
+#define STARTUP_FP_H
+
+void
+_TPM_Init(
+	  void
+	  );
+
+
+typedef struct {
+    TPM_SU startupType; 
+} Startup_In;
+
+#define RC_Startup_startupType 	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_Startup(
+	     Startup_In      *in             // IN: input parameter list
+	     );
+
+#endif
diff --git a/utils/ibmtss/StirRandom_fp.h b/utils/ibmtss/StirRandom_fp.h
new file mode 100644
index 000000000..bbfc411ae
--- /dev/null
+++ b/utils/ibmtss/StirRandom_fp.h
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: StirRandom_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef STIRRANDOM_FP_H
+#define STIRRANDOM_FP_H
+
+typedef struct {
+    TPM2B_SENSITIVE_DATA	inData;
+} StirRandom_In;
+
+#define RC_StirRandom_inData	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_StirRandom(
+		StirRandom_In   *in             // IN: input parameter list
+		);
+
+#endif
diff --git a/utils/ibmtss/TPMB.h b/utils/ibmtss/TPMB.h
new file mode 100644
index 000000000..ff1539004
--- /dev/null
+++ b/utils/ibmtss/TPMB.h
@@ -0,0 +1,104 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: TPMB.h 1257 2018-06-27 20:52:08Z kgoldman $			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2016					*/
+/*										*/
+/********************************************************************************/
+
+#ifndef TPMB_H
+#define TPMB_H
+
+/* 5.20	TPMB.h */
+/* This file contains extra TPM2B structures */
+#ifndef _TPMB_H
+#define _TPMB_H
+/* TPM2B Types */
+typedef struct {
+    UINT16          size;
+    BYTE            buffer[1];
+} TPM2B, *P2B;
+typedef const TPM2B     *PC2B;
+/* This macro helps avoid having to type in the structure in order to create a new TPM2B type that
+   is used in a function. */
+#define TPM2B_TYPE(name, bytes)			    \
+    typedef union {				    \
+	struct  {					    \
+	    UINT16  size;				    \
+	    BYTE    buffer[(bytes)];			    \
+	} t;						    \
+	TPM2B   b;					    \
+    } TPM2B_##name
+/* This macro defines a TPM2B with a constant character value. This macro sets the size of the
+   string to the size minus the terminating zero byte. This lets the user of the label add their
+   terminating 0. This method is chosen so that existing code that provides a label will continue to
+   work correctly. */
+#define TPM2B_STRING(name, value)		    \
+    static const union {				    \
+	struct  {					    \
+	    UINT16  size;				    \
+	    BYTE    buffer[sizeof(value)];		    \
+	} t;						    \
+	TPM2B   b;					    \
+    } name##_ = {{sizeof(value), {value}}};		    \
+    const TPM2B       *name = &name##_.b
+/* Macro to to instance and initialize a TPM2B value */
+#define TPM2B_INIT(TYPE, name)						\
+    TPM2B_##TYPE    name = {sizeof(name.t.buffer), {0}}
+#define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes)
+#endif
+
+#endif
diff --git a/utils/ibmtss/TPM_Types.h b/utils/ibmtss/TPM_Types.h
new file mode 100644
index 000000000..855a3cd66
--- /dev/null
+++ b/utils/ibmtss/TPM_Types.h
@@ -0,0 +1,2825 @@
+/********************************************************************************/
+/*										*/
+/*			 Headers from Part 2    				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012 - 2019				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 124 */
+
+#ifndef _TPM_TYPES_H
+#define _TPM_TYPES_H
+
+#include <stdint.h>
+
+#include <ibmtss/Implementation.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+  The C bit field is non-portable, but the TPM specification reference implementation uses them.
+
+  These two macros attempt to define the TPM specification bit fields for little and big endian
+  machines.  There is no guarantee that either will work with a specific compiler or tool chain.  If
+  not, the developer must create a custom structure.
+  
+  TPM_BITFIELD_LE - little endian
+  TPM_BITFIELD_BE - big endian
+
+  To access the structures as uint's for marshaling and unmarshaling, each bit field is a union with
+  an integral field called 'val'.
+
+  Yes, I know that this uses anonymous structs, but the alternative yields another level of
+  deferencing, and will likely break more code.  I hope your compiler supports this recent addition
+  to the standard.
+
+  For portable code:
+  
+  If neither macro is defined, this header defines the structures as uint32_t.  It defines constants
+  for the various bits, and can be used as:
+
+  variable & CONSTANT		(test for set)
+  !(variable & CONSTANT)	(test for clear)
+  variable &= CONSTANT		(to set)
+  variable |= ~CONSTANT		(to clear)
+
+  Although the portable structures are all uint32_t, some only use the least significant 8 bits and
+  are marshalled as a uint_8t.
+*/
+
+/* Table 3 - Definition of Base Types */
+/* In BaseTypes.h */
+
+/* Table 4 - Defines for Logic Values */
+// In Table 39 (Yes, NO)
+/* In bool.h (TRUE, FALSE) */
+#define SET	1
+#define CLEAR	0
+
+/* Part 4 5.5	Capabilities.h */
+
+#define    MAX_CAP_DATA         (MAX_CAP_BUFFER-sizeof(TPM_CAP)-sizeof(UINT32))
+#define    MAX_CAP_ALGS         (MAX_CAP_DATA/sizeof(TPMS_ALG_PROPERTY))
+#define    MAX_CAP_HANDLES      (MAX_CAP_DATA/sizeof(TPM_HANDLE))
+#define    MAX_CAP_CC           (MAX_CAP_DATA/sizeof(TPM_CC))
+#define    MAX_TPM_PROPERTIES   (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY))
+#define    MAX_PCR_PROPERTIES   (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PCR_SELECT))
+#define    MAX_ECC_CURVES       (MAX_CAP_DATA/sizeof(TPM_ECC_CURVE))
+#define    MAX_TAGGED_POLICIES  (MAX_CAP_DATA/sizeof(TPMS_TAGGED_POLICY))
+    
+/* Table 5 - Definition of Types for Documentation Clarity */
+
+typedef UINT32	TPM_ALGORITHM_ID; 	/* this is the 1.2 compatible form of the TPM_ALG_ID */
+typedef UINT32	TPM_MODIFIER_INDICATOR;
+typedef UINT32	TPM_AUTHORIZATION_SIZE; /* the authorizationSize parameter in a command */
+typedef UINT32	TPM_PARAMETER_SIZE; 	/* the parameterSizeset parameter in a command */
+typedef UINT16	TPM_KEY_SIZE; 		/* a key size in octets */
+typedef UINT16	TPM_KEY_BITS; 		/* a key size in bits */
+
+/* Table 6 - Definition of (UINT32) TPM_SPEC Constants <> */
+
+typedef UINT32 TPM_SPEC;
+
+#define TPM_SPEC_FAMILY		0x322E3000	/* ASCII "2.0" with null terminator */
+#define TPM_SPEC_LEVEL		00		/* the level number for the specification */
+#define TPM_SPEC_VERSION	124		/* the version number of the spec (01.21 * 100) */
+#define TPM_SPEC_YEAR		2015		/* the year of the version */
+#define TPM_SPEC_DAY_OF_YEAR	191		/* the day of the year */
+
+
+/* Table 7 - Definition of (UINT32) TPM_GENERATED Constants <O> */
+
+typedef UINT32 TPM_GENERATED;
+
+#define TPM_GENERATED_VALUE	0xff544347	/* 0xFF 'TCG' (FF 54 43 47) */
+
+/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> */
+
+typedef UINT16 TPM_ALG_ID;
+
+/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> */
+
+typedef UINT16 TPM_ECC_CURVE;
+
+/* Table 16 - Definition of (UINT32) TPM_RC Constants (Actions) <OUT> */
+
+typedef UINT32 TPM_RC;
+
+#define TPM_RC_SUCCESS		0x000
+#define TPM_RC_BAD_TAG		0x01E			/* defined for compatibility with TPM 1.2 */
+
+#define RC_VER1			0x100			/* set for all format 0 response codes */
+
+#define TPM_RC_INITIALIZE 	(RC_VER1 + 0x000)	/* TPM not initialized by TPM2_Startup or already initialized */
+#define TPM_RC_FAILURE		(RC_VER1 + 0x001)	/* commands not being accepted because of a TPM failure */
+#define TPM_RC_SEQUENCE		(RC_VER1 + 0x003)	/* improper use of a sequence handle */
+#define TPM_RC_PRIVATE		(RC_VER1 + 0x00B)	/* not currently used */
+#define TPM_RC_HMAC		(RC_VER1 + 0x019)	/* not currently used */
+#define TPM_RC_DISABLED		(RC_VER1 + 0x020)	/* the command is disabled */
+#define TPM_RC_EXCLUSIVE	(RC_VER1 + 0x021)	/* command failed because audit sequence required exclusivity */
+#define TPM_RC_AUTH_TYPE	(RC_VER1 + 0x024)	/* authorization handle is not correct for command */
+#define TPM_RC_AUTH_MISSING	(RC_VER1 + 0x025)	/* command requires an authorization session
+							   for handle and it is not present. */
+#define TPM_RC_POLICY		(RC_VER1 + 0x026)	/* policy failure in math Operation or an invalid authPolicy value */
+#define TPM_RC_PCR		(RC_VER1 + 0x027)	/* PCR check fail */
+#define TPM_RC_PCR_CHANGED	(RC_VER1 + 0x028)	/* PCR have changed since checked. */
+#define TPM_RC_UPGRADE		(RC_VER1 + 0x02D)	/* for all commands other than
+							   TPM2_FieldUpgradeData(), this code
+							   indicates that the TPM is in field
+							   upgrade mode */
+#define TPM_RC_TOO_MANY_CONTEXTS (RC_VER1 + 0x02E)	/* context ID counter is at maximum. */
+#define TPM_RC_AUTH_UNAVAILABLE	(RC_VER1 + 0x02F)	/* authValue or authPolicy is not available for selected entity. */
+#define TPM_RC_REBOOT		(RC_VER1 + 0x030)	/* a _TPM_Init and Startup(CLEAR) is
+							   required before the TPM can resume
+							   operation. */
+#define TPM_RC_UNBALANCED	(RC_VER1 + 0x031)	/* the protection algorithms (hash and
+							   symmetric) are not reasonably balanced */
+#define TPM_RC_COMMAND_SIZE	(RC_VER1 + 0x042)	/* command commandSize value is inconsistent
+							   with contents of the command buffer */
+#define TPM_RC_COMMAND_CODE	(RC_VER1 + 0x043)	/* command code not supported */
+#define TPM_RC_AUTHSIZE		(RC_VER1 + 0x044)	/* the value of authorizationSize is out of range */
+#define TPM_RC_AUTH_CONTEXT	(RC_VER1 + 0x045)	/* use of an authorization session with a
+							   context command or another command that
+							   cannot have an authorization session.*/
+#define TPM_RC_NV_RANGE		(RC_VER1 + 0x046)	/* NV offset+size is out of range. */
+#define TPM_RC_NV_SIZE		(RC_VER1 + 0x047)	/* Requested allocation size is larger than allowed. */
+#define TPM_RC_NV_LOCKED	(RC_VER1 + 0x048)	/* NV access locked. */
+#define TPM_RC_NV_AUTHORIZATION	(RC_VER1 + 0x049)	/* NV access authorization fails in command
+							   actions (this failure does not affect
+							   lockout.action) */
+#define TPM_RC_NV_UNINITIALIZED	(RC_VER1 + 0x04A)	/* an NV Index is used before being
+							   initialized or the state saved by
+							   TPM2_Shutdown(STATE) could not be
+							   restored */
+#define TPM_RC_NV_SPACE		(RC_VER1 + 0x04B)	/* insufficient space for NV allocation */
+#define TPM_RC_NV_DEFINED	(RC_VER1 + 0x04C)	/* NV Index or persistent object already defined */
+#define TPM_RC_BAD_CONTEXT	(RC_VER1 + 0x050)	/* context in TPM2_ContextLoad() is not valid */
+#define TPM_RC_CPHASH		(RC_VER1 + 0x051)	/* cpHash value already set or not correct for use */
+#define TPM_RC_PARENT		(RC_VER1 + 0x052)	/* handle for parent is not a valid parent */
+#define TPM_RC_NEEDS_TEST	(RC_VER1 + 0x053)	/* some function needs testing. */
+#define TPM_RC_NO_RESULT	(RC_VER1 + 0x054)	/* returned when an internal function cannot
+							   process a request due to an unspecified
+							   problem. */
+#define TPM_RC_SENSITIVE	(RC_VER1 + 0x055)	/* the sensitive area did not unmarshal correctly after decryption */
+#define RC_MAX_FM0		(RC_VER1 + 0x07F)	/* largest version 1 code that is not a warning */
+
+/* The codes in this group may have a value added to them to indicate the handle, session, or
+   parameter to which they apply. */
+
+#define RC_FMT1			0x080			/* This bit is SET in all format 1 response codes */
+
+#define TPM_RC_ASYMMETRIC	(RC_FMT1 + 0x001)	/* asymmetric algorithm not supported or not correct */
+#define TPM_RC_ATTRIBUTES	(RC_FMT1 + 0x002)	/* inconsistent attributes */
+#define TPM_RC_HASH		(RC_FMT1 + 0x003)	/* hash algorithm not supported or not appropriate */
+#define TPM_RC_VALUE		(RC_FMT1 + 0x004)	/* value is out of range or is not correct for the context */
+#define TPM_RC_HIERARCHY	(RC_FMT1 + 0x005)	/* hierarchy is not enabled or is not correct for the use */
+#define TPM_RC_KEY_SIZE		(RC_FMT1 + 0x007)	/* key size is not supported */
+#define TPM_RC_MGF		(RC_FMT1 + 0x008)	/* mask generation function not supported */
+#define TPM_RC_MODE		(RC_FMT1 + 0x009)	/* mode of operation not supported */
+#define TPM_RC_TYPE		(RC_FMT1 + 0x00A)	/* the type of the value is not appropriate for the use */
+#define TPM_RC_HANDLE		(RC_FMT1 + 0x00B)	/* the handle is not correct for the use */
+#define TPM_RC_KDF		(RC_FMT1 + 0x00C)	/* unsupported key derivation function or
+							   function not appropriate for use */
+#define TPM_RC_RANGE		(RC_FMT1 + 0x00D)	/* value was out of allowed range. */
+#define TPM_RC_AUTH_FAIL	(RC_FMT1 + 0x00E)	/* the authorization HMAC check failed and DA counter incremented */
+#define TPM_RC_NONCE		(RC_FMT1 + 0x00F)	/* invalid nonce size or nonce value mismatch */
+#define TPM_RC_PP		(RC_FMT1 + 0x010)	/* authorization requires assertion of PP */
+#define TPM_RC_SCHEME		(RC_FMT1 + 0x012)	/* unsupported or incompatible scheme */
+#define TPM_RC_SIZE		(RC_FMT1 + 0x015)	/* structure is the wrong size */
+#define TPM_RC_SYMMETRIC	(RC_FMT1 + 0x016)	/* unsupported symmetric algorithm or key
+							   size, or not appropriate for instance */
+#define TPM_RC_TAG		(RC_FMT1 + 0x017)	/* incorrect structure tag */
+#define TPM_RC_SELECTOR		(RC_FMT1 + 0x018)	/* union selector is incorrect */
+#define TPM_RC_INSUFFICIENT	(RC_FMT1 + 0x01A)	/* the TPM was unable to unmarshal a value
+							   because there were not enough octets in
+							   the input buffer */
+#define TPM_RC_SIGNATURE	(RC_FMT1 + 0x01B)	/* the signature is not valid */
+#define TPM_RC_KEY		(RC_FMT1 + 0x01C)	/* key fields are not compatible with the selected use */
+#define TPM_RC_POLICY_FAIL	(RC_FMT1 + 0x01D)	/* a policy check failed */
+#define TPM_RC_INTEGRITY	(RC_FMT1 + 0x01F)	/* integrity check failed */
+#define TPM_RC_TICKET		(RC_FMT1 + 0x020)	/* invalid ticket */
+#define TPM_RC_RESERVED_BITS	(RC_FMT1 + 0x021)	/* reserved bits not set to zero as required */
+#define TPM_RC_BAD_AUTH		(RC_FMT1 + 0x022)	/* authorization failure without DA implications */
+#define TPM_RC_EXPIRED		(RC_FMT1 + 0x023)	/* the policy has expired */
+#define TPM_RC_POLICY_CC	(RC_FMT1 + 0x024) 	/* the commandCode in the policy is not the
+							   commandCode of the command */
+#define TPM_RC_BINDING		(RC_FMT1 + 0x025)	/* public and sensitive portions of an
+							   object are not cryptographically bound */
+#define TPM_RC_CURVE		(RC_FMT1 + 0x026)	/* curve not supported	 */
+#define TPM_RC_ECC_POINT	(RC_FMT1 + 0x027)	/* point is not on the required curve. */
+
+/* aliases for FMT1 commands when parameter number can be added */
+
+#define TPM_RCS_VALUE		TPM_RC_VALUE
+#define TPM_RCS_TYPE 		TPM_RC_TYPE
+#define TPM_RCS_HANDLE 		TPM_RC_HANDLE
+#define TPM_RCS_SIZE		TPM_RC_SIZE
+#define TPM_RCS_ATTRIBUTES	TPM_RC_ATTRIBUTES	
+#define TPM_RCS_NONCE		TPM_RC_NONCE
+#define TPM_RCS_SYMMETRIC	TPM_RC_SYMMETRIC
+#define TPM_RCS_MODE 		TPM_RC_MODE 
+#define TPM_RCS_SCHEME		TPM_RC_SCHEME
+#define TPM_RCS_KEY		TPM_RC_KEY
+#define TPM_RCS_ECC_POINT	TPM_RC_ECC_POINT
+#define TPM_RCS_HASH		TPM_RC_HASH
+#define TPM_RCS_HIERARCHY	TPM_RC_HIERARCHY
+#define TPM_RCS_TICKET		TPM_RC_TICKET
+#define TPM_RCS_RANGE		TPM_RC_RANGE
+#define TPM_RCS_INTEGRITY 	TPM_RC_INTEGRITY 
+#define TPM_RCS_POLICY_CC	TPM_RC_POLICY_CC
+#define TPM_RCS_EXPIRED		TPM_RC_EXPIRED
+
+#define RC_WARN			0x900			/* set for warning response codes */
+
+#define TPM_RC_CONTEXT_GAP	(RC_WARN + 0x001)	/* gap for context ID is too large */
+#define TPM_RC_OBJECT_MEMORY	(RC_WARN + 0x002)	/* out of memory for object contexts */
+#define TPM_RC_SESSION_MEMORY	(RC_WARN + 0x003)	/* out of memory for session contexts */
+#define TPM_RC_MEMORY		(RC_WARN + 0x004)	/* out of shared object/session memory or
+							   need space for internal operations */
+#define TPM_RC_SESSION_HANDLES	(RC_WARN + 0x005)	/* out of session handles - a session must
+							   be flushed before a new session may be
+							   created */
+#define TPM_RC_OBJECT_HANDLES	(RC_WARN + 0x006)	/* out of object handles - the handle space
+							   for objects is depleted and a reboot is
+							   required */
+#define TPM_RC_LOCALITY		(RC_WARN + 0x007)	/* bad locality */
+#define TPM_RC_YIELDED		(RC_WARN + 0x008)	/* the TPM has suspended operation on the
+							   command; forward progress was made and
+							   the command may be retried. */
+#define TPM_RC_CANCELED		(RC_WARN + 0x009)	/* the command was canceled */
+#define TPM_RC_CANCELLED	TPM_RC_CANCELED
+#define TPM_RC_TESTING		(RC_WARN + 0x00A)	/* TPM is performing self-tests */
+#define TPM_RC_REFERENCE_H0	(RC_WARN + 0x010)	/* the 1st handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_H1	(RC_WARN + 0x011)	/* the 2nd handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_H2	(RC_WARN + 0x012)	/* the 3rd handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_H3	(RC_WARN + 0x013)	/* the 4th handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_H4	(RC_WARN + 0x014)	/* the 5th handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_H5	(RC_WARN + 0x015)	/* the 6th handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_H6	(RC_WARN + 0x016)	/* the 7th handle in the handle area
+							   references a transient object or session
+							   that is not loaded */
+#define TPM_RC_REFERENCE_S0	(RC_WARN + 0x018)	/* the 1st authorization session handle
+							   references a session that is not
+							   loaded */
+#define TPM_RC_REFERENCE_S1	(RC_WARN + 0x019)	/* the 2nd authorization session handle
+							   references a session that is not
+							   loaded */
+#define TPM_RC_REFERENCE_S2	(RC_WARN + 0x01A)	/* the 3rd authorization session handle
+							   references a session that is not
+							   loaded */
+#define TPM_RC_REFERENCE_S3	(RC_WARN + 0x01B)	/* the 4th authorization session handle
+							   references a session that is not
+							   loaded */
+#define TPM_RC_REFERENCE_S4	(RC_WARN + 0x01C)	/* the 5th session handle references a
+							   session that is not loaded */
+#define TPM_RC_REFERENCE_S5	(RC_WARN + 0x01D)	/* the 6th session handle references a session that is not loaded */
+#define TPM_RC_REFERENCE_S6	(RC_WARN + 0x01E)	/* the 7th authorization session handle
+							   references a session that is not
+							   loaded */
+#define TPM_RC_NV_RATE		(RC_WARN + 0x020)	/* the TPM is rate-limiting accesses to prevent wearout of NV */
+#define TPM_RC_LOCKOUT		(RC_WARN + 0x021)	/* authorizations for objects subject to DA
+							   protection are not allowed at this time
+							   because the TPM is in DA lockout mode */
+#define TPM_RC_RETRY		(RC_WARN + 0x022)	/* the TPM was not able to start the command */
+#define TPM_RC_NV_UNAVAILABLE	(RC_WARN + 0x023)	/* the command may require writing of NV and
+							   NV is not current accessible */
+#define TPM_RC_NOT_USED		(RC_WARN + 0x07F)	/* this value is reserved and shall not be returned by the TPM */
+
+#define TPM_RC_H		0x000			/* add to a handle-related error */
+#define TPM_RC_P		0x040			/* add to a parameter-related error */
+#define TPM_RC_S		0x800			/* add to a session-related error */
+#define TPM_RC_1		0x100			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_2		0x200			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_3		0x300			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_4		0x400			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_5		0x500			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_6		0x600			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_7		0x700			/* add to a parameter-, handle-, or session-related error */
+#define TPM_RC_8		0x800			/* add to a parameter-related error */
+#define TPM_RC_9		0x900			/* add to a parameter-related error */
+#define TPM_RC_A		0xA00			/* add to a parameter-related error */
+#define TPM_RC_B		0xB00			/* add to a parameter-related error */
+#define TPM_RC_C		0xC00			/* add to a parameter-related error */
+#define TPM_RC_D		0xD00			/* add to a parameter-related error */
+#define TPM_RC_E		0xE00			/* add to a parameter-related error */
+#define TPM_RC_F		0xF00			/* add to a parameter-related error */
+#define TPM_RC_N_MASK		0xF00			/* number mask */
+
+/* Table 17 - Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> */
+
+typedef INT8 TPM_CLOCK_ADJUST;
+
+#define TPM_CLOCK_COARSE_SLOWER		-3	/* Slow the Clock update rate by one coarse adjustment step. */
+#define TPM_CLOCK_MEDIUM_SLOWER		-2	/* Slow the Clock update rate by one medium adjustment step. */
+#define TPM_CLOCK_FINE_SLOWER		-1	/* Slow the Clock update rate by one fine adjustment step. */
+#define TPM_CLOCK_NO_CHANGE		0	/* No change to the Clock update rate. */
+#define TPM_CLOCK_FINE_FASTER		1	/* Speed the Clock update rate by one fine adjustment step. */
+#define TPM_CLOCK_MEDIUM_FASTER		2	/* Speed the Clock update rate by one medium adjustment step. */
+#define TPM_CLOCK_COARSE_FASTER		3	/* Speed the Clock update rate by one coarse adjustment step. */
+
+/* Table 18 - Definition of (UINT16) TPM_EO Constants <IN/OUT> */
+
+typedef UINT16 TPM_EO;
+
+#define TPM_EO_EQ		0x0000	/* A = B */
+#define TPM_EO_NEQ		0x0001	/* A != B */
+#define TPM_EO_SIGNED_GT	0x0002	/* A > B signed	 */
+#define TPM_EO_UNSIGNED_GT	0x0003	/* A > B unsigned	 */
+#define TPM_EO_SIGNED_LT	0x0004	/* A < B signed	 */
+#define TPM_EO_UNSIGNED_LT	0x0005	/* A < B unsigned	 */
+#define TPM_EO_SIGNED_GE	0x0006	/* A = B signed	 */
+#define TPM_EO_UNSIGNED_GE	0x0007	/* A = B unsigned	 */
+#define TPM_EO_SIGNED_LE	0x0008	/* A = B signed	 */
+#define TPM_EO_UNSIGNED_LE	0x0009	/* A = B unsigned	 */
+#define TPM_EO_BITSET		0x000A	/* All bits SET in B are SET in A. ((A&B)=B)	 */
+#define TPM_EO_BITCLEAR		0x000B	/* All bits SET in B are CLEAR in A. ((A&B)=0) */
+
+/* Table 19 - Definition of (UINT16) TPM_ST Constants <IN/OUT, S> */
+
+typedef UINT16 TPM_ST;
+
+#define TPM_ST_RSP_COMMAND		0x00C4	/* tag value for a response */
+#define TPM_ST_NULL			0X8000	/* no structure type specified */
+#define TPM_ST_NO_SESSIONS		0x8001	/* command/response has no attached sessions*/
+#define TPM_ST_SESSIONS			0x8002	/* command/response has one or more attached sessions*/
+#define TPM_ST_ATTEST_NV		0x8014	/* tag for an attestation structure	 */
+#define TPM_ST_ATTEST_COMMAND_AUDIT	0x8015	/* tag for an attestation structure	 */
+#define TPM_ST_ATTEST_SESSION_AUDIT	0x8016	/* tag for an attestation structure	 */
+#define TPM_ST_ATTEST_CERTIFY		0x8017	/* tag for an attestation structure	 */
+#define TPM_ST_ATTEST_QUOTE		0x8018	/* tag for an attestation structure	 */
+#define TPM_ST_ATTEST_TIME		0x8019	/* tag for an attestation structure	 */
+#define TPM_ST_ATTEST_CREATION		0x801A	/* tag for an attestation structure	*/
+#define TPM_ST_ATTEST_NV_DIGEST	        0x801C	/* tag for an attestation structure	*/
+#define TPM_ST_CREATION			0x8021	/* tag for a ticket type	 */
+#define TPM_ST_VERIFIED			0x8022	/* tag for a ticket type	 */
+#define TPM_ST_AUTH_SECRET		0x8023	/* tag for a ticket type	 */
+#define TPM_ST_HASHCHECK		0x8024	/* tag for a ticket type	 */
+#define TPM_ST_AUTH_SIGNED		0x8025	/* tag for a ticket type	 */
+#define TPM_ST_FU_MANIFEST		0x8029	/* tag for a structure describing a Field Upgrade Policy */
+
+/* Table 20 - Definition of (UINT16) TPM_SU Constants <IN> */
+
+typedef UINT16 TPM_SU;
+
+#define TPM_SU_CLEAR	0x0000	/* on TPM2_Startup(), indicates that the TPM should perform TPM Reset or TPM Restart */
+#define TPM_SU_STATE	0x0001	/* on TPM2_Startup(), indicates that the TPM should restore the
+				   state saved by TPM2_Shutdown(TPM_SU_STATE) */
+/* Table 21 - Definition of (UINT8) TPM_SE Constants <IN> */
+
+typedef UINT8 TPM_SE;
+
+#define TPM_SE_HMAC	0x00
+#define TPM_SE_POLICY	0x01
+#define TPM_SE_TRIAL	0x03
+
+/* Table 22 - Definition of (UINT32) TPM_CAP Constants  */
+
+typedef UINT32 TPM_CAP;
+
+#define TPM_CAP_FIRST		0x00000000	/* 		*/
+#define TPM_CAP_ALGS		0x00000000	/* TPM_ALG_ID(1)	TPML_ALG_PROPERTY	*/
+#define TPM_CAP_HANDLES		0x00000001	/* TPM_HANDLE		TPML_HANDLE		*/
+#define TPM_CAP_COMMANDS	0x00000002	/* TPM_CC		TPML_CCA		*/
+#define TPM_CAP_PP_COMMANDS	0x00000003	/* TPM_CC		TPML_CC 		*/
+#define TPM_CAP_AUDIT_COMMANDS	0x00000004	/* TPM_CC		TPML_CC			*/
+#define TPM_CAP_PCRS		0x00000005	/* reserved		TPML_PCR_SELECTION	*/
+#define TPM_CAP_TPM_PROPERTIES	0x00000006	/* TPM_PT		TPML_TAGGED_TPM_PROPERTY	*/
+#define TPM_CAP_PCR_PROPERTIES	0x00000007	/* TPM_PT_PCR		TPML_TAGGED_PCR_PROPERTY	*/
+#define TPM_CAP_ECC_CURVES	0x00000008	/* TPM_ECC_CURVE(1)	TPML_ECC_CURVE		*/
+#define TPM_CAP_AUTH_POLICIES	0x00000009	/* 			TPML_TAGGED_POLICY 	*/
+#define TPM_CAP_LAST		0x00000009	/* */		
+#define TPM_CAP_VENDOR_PROPERTY	0x00000100	/* manufacturer specific	manufacturer-specific values */
+
+/* Table 23 - Definition of (UINT32) TPM_PT Constants <IN/OUT, S> */
+
+typedef UINT32 TPM_PT;
+		
+#define TPM_PT_NONE	0x00000000	/* indicates no property type */
+#define PT_GROUP	0x00000100	/* The number of properties in each group. */
+#define PT_FIXED	(PT_GROUP * 1)	/* the group of fixed properties returned as TPMS_TAGGED_PROPERTY */
+
+/* The values in this group are only changed due to a firmware change in the TPM. */
+
+#define TPM_PT_FAMILY_INDICATOR		(PT_FIXED + 0)	/* a 4-octet character string containing the
+							   TPM Family value (TPM_SPEC_FAMILY) */
+#define TPM_PT_LEVEL			(PT_FIXED + 1)	/* the level of the specification */
+#define TPM_PT_REVISION			(PT_FIXED + 2)	/* the specification Revision times 100 */
+#define TPM_PT_DAY_OF_YEAR		(PT_FIXED + 3)	/* the specification day of year using TCG calendar */
+#define TPM_PT_YEAR			(PT_FIXED + 4)	/* the specification year using the CE */
+#define TPM_PT_MANUFACTURER		(PT_FIXED + 5)	/* the vendor ID unique to each TPM manufacturer	 */
+#define TPM_PT_VENDOR_STRING_1		(PT_FIXED + 6)	/* the first four characters of the vendor ID string */
+#define TPM_PT_VENDOR_STRING_2		(PT_FIXED + 7)	/* the second four characters of the vendor ID string	 */
+#define TPM_PT_VENDOR_STRING_3		(PT_FIXED + 8)	/* the third four characters of the vendor ID string	 */
+#define TPM_PT_VENDOR_STRING_4		(PT_FIXED + 9)	/* the fourth four characters of the vendor ID sting	 */
+#define TPM_PT_VENDOR_TPM_TYPE		(PT_FIXED + 10)	/* vendor-defined value indicating the TPM model	 */
+#define TPM_PT_FIRMWARE_VERSION_1	(PT_FIXED + 11)	/* the most-significant 32 bits of a TPM
+							   vendor-specific value indicating the
+							   version number of the firmware */
+#define TPM_PT_FIRMWARE_VERSION_2	(PT_FIXED + 12)	/* the least-significant 32 bits of a TPM
+							   vendor-specific value indicating the
+							   version number of the firmware */
+#define TPM_PT_INPUT_BUFFER		(PT_FIXED + 13)	/* the maximum size of a parameter
+							   (typically, a TPM2B_MAX_BUFFER) */
+#define TPM_PT_HR_TRANSIENT_MIN		(PT_FIXED + 14)	/* the minimum number of transient objects
+							   that can be held in TPM RAM */
+#define TPM_PT_HR_PERSISTENT_MIN	(PT_FIXED + 15)	/* the minimum number of persistent objects
+							   that can be held in TPM NV memory */
+#define TPM_PT_HR_LOADED_MIN		(PT_FIXED + 16)	/* the minimum number of authorization
+							   sessions that can be held in TPM RAM */
+#define TPM_PT_ACTIVE_SESSIONS_MAX	(PT_FIXED + 17)	/* the number of authorization sessions that
+							   may be active at a time */
+#define TPM_PT_PCR_COUNT		(PT_FIXED + 18)	/* the number of PCR implemented */
+#define TPM_PT_PCR_SELECT_MIN		(PT_FIXED + 19)	/* the minimum number of octets in a
+							   TPMS_PCR_SELECT.sizeOfSelect */
+#define TPM_PT_CONTEXT_GAP_MAX		(PT_FIXED + 20)	/* the maximum allowed difference (unsigned)
+							   between the contextID values of two saved
+							   session contexts */
+#define TPM_PT_NV_COUNTERS_MAX		(PT_FIXED + 22)	/* the maximum number of NV Indexes that are
+							   allowed to have TPM_NV_COUNTER attribute SET */
+#define TPM_PT_NV_INDEX_MAX		(PT_FIXED + 23)	/* the maximum size of an NV Index data area */
+#define TPM_PT_MEMORY			(PT_FIXED + 24)	/* a TPMA_MEMORY indicating the memory
+							   management method for the TPM */
+#define TPM_PT_CLOCK_UPDATE		(PT_FIXED + 25)	/* interval, in milliseconds, between
+							   updates to the copy of
+							   TPMS_CLOCK_INFO.clock in NV */
+#define TPM_PT_CONTEXT_HASH		(PT_FIXED + 26)	/* the algorithm used for the integrity HMAC
+							   on saved contexts and for hashing the
+							   fuData of TPM2_FirmwareRead() */
+#define TPM_PT_CONTEXT_SYM		(PT_FIXED + 27)	/* TPM_ALG_ID, the algorithm used for
+							   encryption of saved contexts */
+#define TPM_PT_CONTEXT_SYM_SIZE		(PT_FIXED + 28)	/* TPM_KEY_BITS, the size of the key used
+							   for encryption of saved contexts */
+#define TPM_PT_ORDERLY_COUNT		(PT_FIXED + 29)	/* the modulus - 1 of the count for NV
+							   update of an orderly counter */
+#define TPM_PT_MAX_COMMAND_SIZE		(PT_FIXED + 30)	/* the maximum value for commandSize in a command */
+#define TPM_PT_MAX_RESPONSE_SIZE	(PT_FIXED + 31)	/* the maximum value for responseSize in a response */
+#define TPM_PT_MAX_DIGEST		(PT_FIXED + 32)	/* the maximum size of a digest that can be
+							   produced by the TPM */
+#define TPM_PT_MAX_OBJECT_CONTEXT	(PT_FIXED + 33)	/* the maximum size of an object context
+							   that will be returned by
+							   TPM2_ContextSave */
+#define TPM_PT_MAX_SESSION_CONTEXT	(PT_FIXED + 34)	/* the maximum size of a session context
+							   that will be returned by
+							   TPM2_ContextSave */
+#define TPM_PT_PS_FAMILY_INDICATOR	(PT_FIXED + 35)	/* platform-specific family (a TPM_PS
+							   value)(see Table 26) */
+#define TPM_PT_PS_LEVEL			(PT_FIXED + 36)	/* the level of the platform-specific specification */
+#define TPM_PT_PS_REVISION		(PT_FIXED + 37)	/* the specification Revision times 100 for
+							   the platform-specific specification */
+#define TPM_PT_PS_DAY_OF_YEAR		(PT_FIXED + 38)	/* the platform-specific specification day
+							   of year using TCG calendar */
+#define TPM_PT_PS_YEAR			(PT_FIXED + 39)	/* the platform-specific specification year
+							   using the CE */
+#define TPM_PT_SPLIT_MAX		(PT_FIXED + 40)	/* the number of split signing operations
+							   supported by the TPM */
+#define TPM_PT_TOTAL_COMMANDS		(PT_FIXED + 41)	/* total number of commands implemented in the TPM */
+#define TPM_PT_LIBRARY_COMMANDS		(PT_FIXED + 42)	/* number of commands from the TPM library
+							   that are implemented */
+#define TPM_PT_VENDOR_COMMANDS		(PT_FIXED + 43)	/* number of vendor commands that are implemented */
+#define TPM_PT_NV_BUFFER_MAX		(PT_FIXED + 44)	/* the maximum data size in one NV write command */
+#define TPM_PT_MODES			(PT_FIXED + 45)	/* a TPMA_MODES value, indicating that the
+							   TPM is designed for these modes. */
+#define TPM_PT_MAX_CAP_BUFFER		(PT_FIXED + 46)	/* the maximum size of a
+							   TPMS_CAPABILITY_DATA structure returned
+							   in TPM2_GetCapability(). */
+#define PT_VAR				(PT_GROUP * 2)	/* the group of variable properties returned
+							   as TPMS_TAGGED_PROPERTY */
+
+/* The properties in this group change because of a Protected Capability other than a firmware
+   update. The values are not necessarily persistent across all power transitions. */
+
+#define TPM_PT_PERMANENT		(PT_VAR + 0)	/* TPMA_PERMANENT */
+#define TPM_PT_STARTUP_CLEAR		(PT_VAR + 1)	/* TPMA_STARTUP_CLEAR */
+#define TPM_PT_HR_NV_INDEX		(PT_VAR + 2)	/* the number of NV Indexes currently defined */
+#define TPM_PT_HR_LOADED		(PT_VAR + 3)	/* the number of authorization sessions
+							   currently loaded into TPM RAM */
+#define TPM_PT_HR_LOADED_AVAIL		(PT_VAR + 4)	/* the number of additional authorization
+							   sessions, of any type, that could be
+							   loaded into TPM RAM */
+#define TPM_PT_HR_ACTIVE		(PT_VAR + 5)	/* the number of active authorization
+							   sessions currently being tracked by the
+							   TPM */
+#define TPM_PT_HR_ACTIVE_AVAIL		(PT_VAR + 6)	/* the number of additional authorization
+							   sessions, of any type, that could be
+							   created */
+#define TPM_PT_HR_TRANSIENT_AVAIL	(PT_VAR + 7)	/* estimate of the number of additional
+							   transient objects that could be loaded
+							   into TPM RAM */
+#define TPM_PT_HR_PERSISTENT		(PT_VAR + 8)	/* the number of persistent objects
+							   currently loaded into TPM NV memory */
+#define TPM_PT_HR_PERSISTENT_AVAIL	(PT_VAR + 9)	/* the number of additional persistent
+							   objects that could be loaded into NV
+							   memory */
+#define TPM_PT_NV_COUNTERS		(PT_VAR + 10)	/* the number of defined NV Indexes that
+							   have the NV TPM_NV_COUNTER attribute SET */
+#define TPM_PT_NV_COUNTERS_AVAIL	(PT_VAR + 11)	/* the number of additional NV Indexes that
+							   can be defined with their TPM_NT of TPM_NV_COUNTER
+							   and the TPM_NV_ORDERLY attribute SET */
+#define TPM_PT_ALGORITHM_SET		(PT_VAR + 12)	/* code that limits the algorithms that may
+							   be used with the TPM */
+#define TPM_PT_LOADED_CURVES		(PT_VAR + 13)	/* the number of loaded ECC curves	 */
+#define TPM_PT_LOCKOUT_COUNTER		(PT_VAR + 14)	/* the current value of the lockout counter (failedTries) */
+#define TPM_PT_MAX_AUTH_FAIL		(PT_VAR + 15)	/* the number of authorization failures
+							   before DA lockout is invoked */
+#define TPM_PT_LOCKOUT_INTERVAL		(PT_VAR + 16)	/* the number of seconds before the value
+							   reported by TPM_PT_LOCKOUT_COUNTER is
+							   decremented */
+#define TPM_PT_LOCKOUT_RECOVERY		(PT_VAR + 17)	/* the number of seconds after a lockoutAuth
+							   failure before use of lockoutAuth may be
+							   attempted again */
+#define TPM_PT_NV_WRITE_RECOVERY	(PT_VAR + 18)	/* number of milliseconds before the TPM
+							   will accept another command that will
+							   modify NV */
+#define TPM_PT_AUDIT_COUNTER_0		(PT_VAR + 19)	/* the high-order 32 bits of the command audit counter	 */
+#define TPM_PT_AUDIT_COUNTER_1		(PT_VAR + 20)	/* the low-order 32 bits of the command audit counter */
+
+/* Table 24 - Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> */
+
+typedef UINT32 TPM_PT_PCR;
+
+#define TPM_PT_PCR_FIRST	0x00000000	/* bottom of the range of TPM_PT_PCR properties */
+#define TPM_PT_PCR_SAVE		0x00000000	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR is saved and restored by TPM_SU_STATE */
+#define TPM_PT_PCR_EXTEND_L0	0x00000001	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be extended from locality 0 */
+#define TPM_PT_PCR_RESET_L0	0x00000002	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be reset by TPM2_PCR_Reset() from
+						   locality 0 */
+#define TPM_PT_PCR_EXTEND_L1	0x00000003	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be extended from locality 1 */
+#define TPM_PT_PCR_RESET_L1	0x00000004	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be reset by TPM2_PCR_Reset() from
+						   locality 1 */
+#define TPM_PT_PCR_EXTEND_L2	0x00000005	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be extended from locality 2 */
+#define TPM_PT_PCR_RESET_L2	0x00000006	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be reset by TPM2_PCR_Reset() from
+						   locality 2 */
+#define TPM_PT_PCR_EXTEND_L3	0x00000007	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be extended from locality 3 */
+#define TPM_PT_PCR_RESET_L3	0x00000008	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be reset by TPM2_PCR_Reset() from
+						   locality 3 */
+#define TPM_PT_PCR_EXTEND_L4	0x00000009	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be extended from locality 4 */
+#define TPM_PT_PCR_RESET_L4	0x0000000A	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be reset by TPM2_PCR_Reset() from
+						   locality 4 */
+#define TPM_PT_PCR_NO_INCREMENT	0x00000011	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   modifications to this PCR (reset or Extend) will
+						   not increment the pcrUpdateCounter */
+#define TPM_PT_PCR_RESET_L4	0x0000000A	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR may be reset by TPM2_PCR_Reset() from
+						   locality 4 */
+#define TPM_PT_PCR_DRTM_RESET	0x00000012	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR is reset by a DRTM event */
+#define TPM_PT_PCR_POLICY	0x00000013	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR is controlled by policy */
+#define TPM_PT_PCR_AUTH		0x00000014	/* a SET bit in the TPMS_PCR_SELECT indicates that
+						   the PCR is controlled by an authorization
+						   value */
+#define TPM_PT_PCR_LAST		0x00000014	/* top of the range of TPM_PT_PCR properties of the
+						   implementation */
+
+/* Table 25 - Definition of (UINT32) TPM_PS Constants <OUT> */
+
+typedef UINT32 TPM_PS;
+
+#define TPM_PS_MAIN		0x00000000	/* not platform specific 	*/
+#define TPM_PS_PC		0x00000001	/* PC Client	*/
+#define TPM_PS_PDA		0x00000002	/* PDA (includes all mobile devices that are not
+						   specifically cell phones) */
+#define TPM_PS_CELL_PHONE	0x00000003	/* Cell Phone 	*/
+#define TPM_PS_SERVER		0x00000004	/* Server WG	*/
+#define TPM_PS_PERIPHERAL	0x00000005	/* Peripheral WG	*/
+#define TPM_PS_TSS		0x00000006	/* TSS WG	*/
+#define TPM_PS_STORAGE		0x00000007	/* Storage WG	*/
+#define TPM_PS_AUTHENTICATION	0x00000008	/* Authentication WG	*/
+#define TPM_PS_EMBEDDED		0x00000009	/* Embedded WG	*/
+#define TPM_PS_HARDCOPY		0x0000000A	/* Hardcopy WG	*/
+#define TPM_PS_INFRASTRUCTURE	0x0000000B	/* Infrastructure WG	*/
+#define TPM_PS_VIRTUALIZATION	0x0000000C	/* Virtualization WG	*/
+#define TPM_PS_TNC		0x0000000D	/* Trusted Network Connect WG	*/
+#define TPM_PS_MULTI_TENANT	0x0000000E	/* Multi-tenant WG	*/
+#define TPM_PS_TC		0x0000000F	/* Technical Committee*/
+
+/* Table 26 - Definition of Types for Handles */
+
+typedef UINT32	TPM_HANDLE;	/* Handles may refer to objects (keys or data blobs), authorization
+				   sessions (HMAC and policy), NV Indexes, permanent TPM locations,
+				   and PCR. */
+
+/* Table 27 - Definition of (UINT8) TPM_HT Constants <S> */
+
+typedef UINT8 TPM_HT;
+
+#define TPM_HT_PCR		0x00	/* PCR - consecutive numbers, starting at 0, that reference the PCR registers */
+#define TPM_HT_NV_INDEX		0x01	/* NV Index - assigned by the caller	 */
+#define TPM_HT_HMAC_SESSION	0x02	/* HMAC Authorization Session - assigned by the TPM when the session is created	 */
+#define TPM_HT_LOADED_SESSION	0x02	/* Loaded Authorization Session - used only in the context of TPM2_GetCapability */
+#define TPM_HT_POLICY_SESSION	0x03	/* Policy Authorization Session - assigned by the TPM when the session is created */
+#define TPM_HT_SAVED_SESSION	0x03	/* Saved Authorization Session - used only in the context of TPM2_GetCapability */
+#define TPM_HT_PERMANENT	0x40	/* Permanent Values - assigned by this specification in Table 27	 */
+#define TPM_HT_TRANSIENT	0x80	/* Transient Objects - assigned by the TPM when an object is
+					   loaded into transient-object memory or when a persistent
+					   object is converted to a transient object */
+#define TPM_HT_PERSISTENT	0x81	/* Persistent Objects - assigned by the TPM when a loaded
+					   transient object is made persistent */
+
+/* Table 28 - Definition of (TPM_HANDLE) TPM_RH Constants <S> */
+
+typedef TPM_HANDLE TPM_RH;
+
+#define TPM_RH_FIRST		0x40000000	/* R		 */
+#define TPM_RH_SRK		0x40000000	/* R	not used1	 */
+#define TPM_RH_OWNER		0x40000001	/* K, A, P handle references the Storage Primary
+						   Seed (SPS), the ownerAuth, and the ownerPolicy */
+#define TPM_RH_REVOKE		0x40000002	/* R	not used1	 */
+#define TPM_RH_TRANSPORT	0x40000003	/* R	not used1	 */
+#define TPM_RH_OPERATOR		0x40000004	/* R	not used1	 */
+#define TPM_RH_ADMIN		0x40000005	/* R	not used1	 */
+#define TPM_RH_EK		0x40000006	/* R	not used1	 */
+#define TPM_RH_NULL		0x40000007	/* K, A, P a handle associated with the null
+						   hierarchy, an EmptyAuth authValue, and an Empty
+						   Policy authPolicy.  */
+#define TPM_RH_UNASSIGNED	0x40000008	/* R value reserved to the TPM to indicate a handle
+						   location that has not been initialized or
+						   assigned */
+#define TPM_RS_PW		0x40000009	/* S authorization value used to indicate a password
+						   authorization session */
+#define TPM_RH_LOCKOUT		0x4000000A	/* A references the authorization associated with
+						   the dictionary attack lockout reset */
+#define TPM_RH_ENDORSEMENT	0x4000000B	/* K, A, P references the Endorsement Primary Seed
+						   (EPS), endorsementAuth, and endorsementPolicy */
+#define TPM_RH_PLATFORM		0x4000000C	/* K, A, P references the Platform Primary Seed
+						   (PPS), platformAuth, and platformPolicy */
+#define TPM_RH_PLATFORM_NV	0x4000000D	/* C	for phEnableNV */
+#define TPM_RH_AUTH_00		0x40000010	/* A Start of a range of authorization values that
+						   are vendor-specific.  A TPM may support any of
+						   the values in this range as are needed for
+						   vendor-specific purposes. Disabled if ehEnable is CLEAR. */
+#define TPM_RH_AUTH_FF		0x4000010F	/* A End of the range of vendor-specific
+						   authorization values. */
+#define TPM_RH_LAST		0x4000010F	/* R	the top of the reserved handle area */
+
+/* Table 29 - Definition of (TPM_HANDLE) TPM_HC Constants <S> */
+
+typedef  TPM_HANDLE         TPM_HC;
+#define HR_HANDLE_MASK		0x00FFFFFF				/* to mask off the HR	 */
+#define HR_RANGE_MASK		0xFF000000				/* to mask off the variable part */
+#define HR_SHIFT		24		
+#define HR_PCR			((TPM_HT_PCR) << HR_SHIFT)		
+#define HR_HMAC_SESSION		(TPM_HT_HMAC_SESSION << HR_SHIFT)		
+#define HR_POLICY_SESSION	(TPM_HT_POLICY_SESSION << HR_SHIFT)		
+#define HR_TRANSIENT		(TPM_HC)((((UINT32)TPM_HT_TRANSIENT) << HR_SHIFT))
+#define HR_PERSISTENT           (TPM_HC)((((UINT32)TPM_HT_PERSISTENT) << HR_SHIFT))
+#define HR_NV_INDEX		(TPM_HT_NV_INDEX << HR_SHIFT)		
+#define HR_PERMANENT		(TPM_HT_PERMANENT << HR_SHIFT)		
+#define PCR_FIRST		(HR_PCR + 0)				/* first PCR */
+#define PCR_LAST		(HR_PCR | HR_HANDLE_MASK)		/* last PCR in range */
+#define HMAC_SESSION_FIRST	(HR_HMAC_SESSION + 0)			/* first HMAC session */
+#define HMAC_SESSION_LAST	(HMAC_SESSION_FIRST | HR_HANDLE_MASK)	/* last HMAC session */
+#define LOADED_SESSION_FIRST  	HMAC_SESSION_FIRST			/* used in GetCapability */
+#define LOADED_SESSION_LAST	HMAC_SESSION_LAST			/* used in GetCapability */
+#define POLICY_SESSION_FIRST	(HR_POLICY_SESSION + 0)			/* first policy session */
+#define POLICY_SESSION_LAST	(POLICY_SESSION_FIRST | HR_HANDLE_MASK)	/* last policy session */
+#define TRANSIENT_FIRST		((UINT32)(HR_TRANSIENT + 0))		/* first transient object */
+#define ACTIVE_SESSION_FIRST	POLICY_SESSION_FIRST			/* used in GetCapability */
+#define ACTIVE_SESSION_LAST	POLICY_SESSION_LAST			/* used in GetCapability */
+#define TRANSIENT_LAST		((UINT32)(TRANSIENT_FIRST | HR_HANDLE_MASK)) /* last transient object */
+#define PERSISTENT_FIRST	((UINT32)(HR_PERSISTENT + 0))			/* first persistent object */
+#define PERSISTENT_LAST		((UINT32)(PERSISTENT_FIRST | HR_HANDLE_MASK))	/* last persistent object */
+#define PLATFORM_PERSISTENT	(PERSISTENT_FIRST + 0x00800000)		/* first platform persistent object */
+#define NV_INDEX_FIRST		(HR_NV_INDEX + 0)			/* first allowed NV Index */
+#define NV_INDEX_LAST		(NV_INDEX_FIRST | HR_HANDLE_MASK)	/* last allowed NV Index */
+#define PERMANENT_FIRST		TPM_RH_FIRST		
+#define PERMANENT_LAST		TPM_RH_LAST
+
+/* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int asymmetric : 1;	/* 0 an asymmetric algorithm with public and private portions */
+	unsigned int symmetric  : 1;	/* 1 a symmetric block cipher */
+	unsigned int hash 	: 1;	/* a hash algorithm */
+ 	unsigned int object	: 1;	/* an algorithm that may be used as an object type */
+	unsigned int Reserved1	: 4; 	/* 7:4 */
+	unsigned int signing	: 1;	/* 8 a signing algorithm */
+	unsigned int encrypting	: 1;	/* 9 an encryption/decryption algorithm */
+	unsigned int method	: 1;	/* 10 a method such as a key derivative function (KDF) */
+	unsigned int Reserved2	: 21;	/* 31:11 */
+    };
+    UINT32 val;
+} TPMA_ALGORITHM;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Reserved2	: 21;	/* 31:11 */
+	unsigned int method	: 1;	/* 10 a method such as a key derivative function (KDF) */
+	unsigned int encrypting	: 1;	/* 9 an encryption/decryption algorithm */
+	unsigned int signing	: 1;	/* 8 a signing algorithm */
+	unsigned int Reserved1	: 4; 	/* 7:4 */
+	unsigned int object	: 1;	/* an algorithm that may be used as an object type */
+	unsigned int hash 	: 1;	/* a hash algorithm */
+	unsigned int symmetric  : 1;	/* 1 a symmetric block cipher */
+	unsigned int asymmetric : 1;	/* 0 an asymmetric algorithm with public and private portions */
+    };
+    UINT32 val;
+} TPMA_ALGORITHM;
+
+#else
+
+typedef struct {
+    UINT32 val;
+} TPMA_ALGORITHM;
+
+#endif
+
+#define TPMA_ALGORITHM_ASYMMETRIC 	0x00000001
+#define TPMA_ALGORITHM_SYMMETRIC 	0x00000002
+#define TPMA_ALGORITHM_HASH		0x00000004
+#define TPMA_ALGORITHM_OBJECT		0x00000008
+#define TPMA_ALGORITHM_RESERVED1	0x000000f0
+#define TPMA_ALGORITHM_SIGNING		0x00000100
+#define TPMA_ALGORITHM_ENCRYPTING	0x00000200
+#define TPMA_ALGORITHM_METHOD		0x00000400
+#define TPMA_ALGORITHM_RESERVED2	0xfffff800
+
+#define TPMA_ALGORITHM_RESERVED ( 	\
+    TPMA_ALGORITHM_RESERVED1 |		\
+    TPMA_ALGORITHM_RESERVED2 )
+
+/* Table 31 - Definition of (UINT32) TPMA_OBJECT Bits */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int Reserved1 		: 1;	/* 0 shall be zero */
+	unsigned int fixedTPM 		: 1;	/* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */
+	unsigned int stClear 		: 1;	/* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */
+	unsigned int Reserved2 		: 1;	/* 3 shall be zero */
+	unsigned int fixedParent 	: 1;	/* 4 The parent of the object may not change. */
+	unsigned int sensitiveDataOrigin : 1;	/* 5 the TPM generated all of the sensitive data other than the authValue. */
+	unsigned int userWithAuth 	: 1;	/* 6 HMAC session or with a password */ 
+	unsigned int adminWithPolicy 	: 1;	/* 7 policy session. */
+	unsigned int Reserved3 		: 2;	/* 9:8	shall be zero */
+	unsigned int noDA 		: 1;	/* 10	The object is not subject to dictionary attack protections. */
+	unsigned int encryptedDuplication : 1;	/* 11 */
+	unsigned int Reserved4 		: 4;	/* 15:12	shall be zero */
+	unsigned int restricted 	: 1;	/* 16	Key usage is restricted to manipulate structures of known format */
+	unsigned int decrypt 		: 1;	/* 17	The private portion of the key may be used to decrypt. */
+	unsigned int sign 		: 1;	/* 18 For a symmetric cipher object, the private
+						   portion of the key may be used to encrypt.  For
+						   other objects, the private portion of the key may
+						   be used to sign. */
+	unsigned int Reserved5		: 13;	/* 31:19 	shall be zero */
+    };
+    UINT32 val;
+} TPMA_OBJECT;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Reserved5		: 13;	/* 31:19 	shall be zero */
+	unsigned int sign 		: 1;	/* 18 For a symmetric cipher object, the private
+						   portion of the key may be used to encrypt.  For
+						   other objects, the private portion of the key may
+						   be used to sign. */
+	unsigned int decrypt 		: 1;	/* 17	The private portion of the key may be used to decrypt. */
+	unsigned int restricted 	: 1;	/* 16	Key usage is restricted to manipulate structures of known format */
+	unsigned int Reserved4 		: 4;	/* 15:12	shall be zero */
+	unsigned int encryptedDuplication : 1;	/* 11 */
+	unsigned int noDA 		: 1;	/* 10	The object is not subject to dictionary attack protections. */
+	unsigned int Reserved3 		: 2;	/* 9:8	shall be zero */
+	unsigned int adminWithPolicy 	: 1;	/* 7 policy session. */
+	unsigned int userWithAuth 	: 1;	/* 6 HMAC session or with a password */ 
+	unsigned int sensitiveDataOrigin : 1;	/* 5 the TPM generated all of the sensitive data other than the authValue. */
+	unsigned int fixedParent 	: 1;	/* 4 The parent of the object may not change. */
+	unsigned int Reserved2 		: 1;	/* 3 shall be zero */
+	unsigned int stClear 		: 1;	/* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */
+	unsigned int fixedTPM 		: 1;	/* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */
+	unsigned int Reserved1 		: 1;	/* 0 shall be zero */
+    };
+    UINT32 val;
+} TPMA_OBJECT;
+
+#else 
+
+typedef struct {
+    UINT32 val;
+} TPMA_OBJECT;
+
+#endif
+
+#define TPMA_OBJECT_RESERVED1			0x00000001
+#define TPMA_OBJECT_FIXEDTPM			0x00000002
+#define TPMA_OBJECT_STCLEAR			0x00000004
+#define TPMA_OBJECT_RESERVED2			0x00000008
+#define TPMA_OBJECT_FIXEDPARENT			0x00000010
+#define TPMA_OBJECT_SENSITIVEDATAORIGIN		0x00000020
+#define TPMA_OBJECT_USERWITHAUTH		0x00000040
+#define TPMA_OBJECT_ADMINWITHPOLICY		0x00000080
+#define TPMA_OBJECT_RESERVED3			0x00000300
+#define TPMA_OBJECT_NODA			0x00000400
+#define TPMA_OBJECT_ENCRYPTEDDUPLICATION	0x00000800
+#define TPMA_OBJECT_RESERVED4			0x0000f000
+#define TPMA_OBJECT_RESTRICTED			0x00010000
+#define TPMA_OBJECT_DECRYPT			0x00020000
+#define TPMA_OBJECT_SIGN			0x00040000
+#define TPMA_OBJECT_RESERVED5			0xfff80000
+
+#define TPMA_OBJECT_RESERVED ( \
+    TPMA_OBJECT_RESERVED1 |    \
+    TPMA_OBJECT_RESERVED2 |    \
+    TPMA_OBJECT_RESERVED3 |    \
+    TPMA_OBJECT_RESERVED4 |    \
+    TPMA_OBJECT_RESERVED5 )			
+
+/* Table 32 - Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int continueSession 	: 1;		/* 0	the session is to remain active after successful completion of the command */
+	unsigned int auditExclusive 	: 1;		/* 1	executed if the session is exclusive at the start of the command */
+	unsigned int auditReset 	: 1;		/* 2	audit digest of the session should be initialized  */
+	unsigned int Reserved 		: 2;		/* 4:3	shall be CLEAR */
+	unsigned int decrypt 		: 1;		/* 5	first parameter in the command is symmetrically encrypted */
+	unsigned int encrypt 		: 1;		/* 6	TPM should use this session to encrypt the first parameter in the response */
+	unsigned int audit 		: 1;		/* 7	session is for audit */
+    };
+    UINT8 val;
+} TPMA_SESSION;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int audit 		: 1;		/* 7	session is for audit */
+	unsigned int encrypt 		: 1;		/* 6	TPM should use this session to encrypt the first parameter in the response */
+	unsigned int decrypt 		: 1;		/* 5	first parameter in the command is symmetrically encrypted */
+	unsigned int Reserved 		: 2;		/* 4:3	shall be CLEAR */
+	unsigned int auditReset 	: 1;		/* 2	audit digest of the session should be initialized  */
+	unsigned int auditExclusive 	: 1;		/* 1	executed if the session is exclusive at the start of the command */
+	unsigned int continueSession 	: 1;		/* 0	the session is to remain active after successful completion of the command */
+    };
+    UINT8 val;
+} TPMA_SESSION;
+
+#else 
+
+typedef struct {
+    UINT8 val;
+} TPMA_SESSION;
+
+#endif
+
+#define TPMA_SESSION_CONTINUESESSION	0x01
+#define TPMA_SESSION_AUDITEXCLUSIVE	0x02
+#define TPMA_SESSION_AUDITRESET		0x04
+#define TPMA_SESSION_DECRYPT		0x20
+#define TPMA_SESSION_ENCRYPT		0x40
+#define TPMA_SESSION_AUDIT		0x80
+
+#define TPMA_SESSION_RESERVED		0x18
+
+/* Table 33 - Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int TPM_LOC_ZERO	: 1;	/* 0 */
+	unsigned int TPM_LOC_ONE	: 1;	/* 1 */
+	unsigned int TPM_LOC_TWO	: 1;	/* 2 */
+	unsigned int TPM_LOC_THREE	: 1;	/* 3 */
+	unsigned int TPM_LOC_FOUR	: 1;	/* 4 */
+	unsigned int Extended		: 3;	/* 7:5 */
+    };
+    UINT8 val;
+} TPMA_LOCALITY;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Extended		: 3;	/* 7:5 */
+	unsigned int TPM_LOC_FOUR	: 1;	/* 4 */
+	unsigned int TPM_LOC_THREE	: 1;	/* 3 */
+	unsigned int TPM_LOC_TWO	: 1;	/* 2 */
+	unsigned int TPM_LOC_ONE	: 1;	/* 1 */
+	unsigned int TPM_LOC_ZERO	: 1;	/* 0 */
+    };
+    UINT8 val;
+} TPMA_LOCALITY;
+
+#else 
+
+typedef struct {
+    UINT8 val;
+} TPMA_LOCALITY;
+
+#endif
+
+#define TPMA_LOCALITY_ZERO		0x01
+#define TPMA_LOCALITY_ONE		0x02
+#define TPMA_LOCALITY_TWO		0x04
+#define TPMA_LOCALITY_THREE		0x08
+#define TPMA_LOCALITY_FOUR		0x10
+#define TPMA_LOCALITY_EXTENDED		0xe0
+
+/* Table 34 - Definition of (UINT32) TPMA_PERMANENT Bits <OUT> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int ownerAuthSet	: 1;	/* 0	TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */
+	unsigned int endorsementAuthSet	: 1;	/* 1	TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */
+	unsigned int lockoutAuthSet	: 1;	/* 2	TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */
+	unsigned int Reserved1		: 5;	/* 7:3	 */
+	unsigned int disableClear	: 1;	/* 8	TPM2_Clear() is disabled. */
+	unsigned int inLockout		: 1;	/* 9	The TPM is in lockout and commands that require authorization
+						   with other than Platform Authorization or Lockout Authorization will not succeed. */
+	unsigned int tpmGeneratedEPS	: 1;	/* 10	The EPS was created by the TPM. */
+	unsigned int Reserved2		: 21;	/* 31:11 */
+    };
+    UINT32 val;
+} TPMA_PERMANENT;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Reserved2		: 21;	/* 31:11 */
+	unsigned int tpmGeneratedEPS	: 1;	/* 10	The EPS was created by the TPM. */
+	unsigned int inLockout		: 1;	/* 9	The TPM is in lockout and commands that require authorization with other than Platform Authorization will not succeed. */
+	unsigned int disableClear	: 1;	/* 8	TPM2_Clear() is disabled. */
+	unsigned int Reserved1		: 5;	/* 7:3	 */
+	unsigned int lockoutAuthSet	: 1;	/* 2	TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */
+	unsigned int endorsementAuthSet	: 1;	/* 1	TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */
+	unsigned int ownerAuthSet	: 1;	/* 0	TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */
+    };
+    UINT32 val;
+} TPMA_PERMANENT;
+
+#else
+
+typedef struct {
+    UINT32 val;
+} TPMA_PERMANENT;
+
+#endif
+
+#define TPMA_PERMANENT_OWNERAUTHSET		0x00000001
+#define TPMA_PERMANENT_ENDORSEMENTAUTHSET	0x00000002
+#define TPMA_PERMANENT_LOCKOUTAUTHSET		0x00000004
+#define TPMA_PERMANENT_RESERVED1		0x000000f8
+#define TPMA_PERMANENT_DISABLECLEAR		0x00000100
+#define TPMA_PERMANENT_INLOCKOUT		0x00000200
+#define TPMA_PERMANENT_TPMGENERATEDEPS		0x00000400
+#define TPMA_PERMANENT_RESERVED2		0xfffff800
+
+/* Table 35 - Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int phEnable		: 1;	/* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */
+	unsigned int shEnable		: 1;	/* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */
+	unsigned int ehEnable		: 1;	/* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */
+	unsigned int phEnableNV		: 1;	/* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written.  */
+	unsigned int Reserved		: 27;	/* 30:4 shall be zero */
+	unsigned int orderly		: 1;	/* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */
+    };
+    UINT32 val;
+} TPMA_STARTUP_CLEAR;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int orderly		: 1;	/* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */
+	unsigned int Reserved		: 27;	/* 30:4 shall be zero */
+	unsigned int phEnableNV		: 1;	/* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written.  */
+	unsigned int ehEnable		: 1;	/* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */
+	unsigned int shEnable		: 1;	/* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */
+	unsigned int phEnable		: 1;	/* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */
+    };
+    UINT32 val;
+} TPMA_STARTUP_CLEAR;
+
+#else 
+
+typedef struct {
+    UINT32 val;
+} TPMA_STARTUP_CLEAR;
+
+#endif
+
+#define TPMA_STARTUP_CLEAR_PHENABLE		0x00000001
+#define TPMA_STARTUP_CLEAR_SHENABLE		0x00000002
+#define TPMA_STARTUP_CLEAR_EHENABLE		0x00000004
+#define TPMA_STARTUP_CLEAR_PHENABLENV		0x00000008
+#define TPMA_STARTUP_CLEAR_RESERVED		0x7ffffff0
+#define TPMA_STARTUP_CLEAR_ORDERLY		0x80000000
+
+/* Table 36 - Definition of (UINT32) TPMA_MEMORY Bits <Out> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int sharedRAM		: 1;	/* 0	RAM memory used for authorization session contexts is shared with the memory used for transient objects */
+	unsigned int sharedNV		: 1;	/* 1	indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */
+	unsigned int objectCopiedToRam	: 1;	/* 2	indicates that the TPM copies persistent objects to a transient-object slot in RAM */
+	unsigned int Reserved		: 29;	/* 31:3	shall be zero */
+    };
+    UINT32 val;
+} TPMA_MEMORY;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Reserved		: 29;	/* 31:3	shall be zero */
+	unsigned int objectCopiedToRam	: 1;	/* 2	indicates that the TPM copies persistent objects to a transient-object slot in RAM */
+	unsigned int sharedNV		: 1;	/* 1	indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */
+	unsigned int sharedRAM		: 1;	/* 0	RAM memory used for authorization session contexts is shared with the memory used for transient objects */
+    };
+    UINT32 val;
+} TPMA_MEMORY;
+
+#else 
+
+typedef struct {
+    UINT32 val;
+} TPMA_MEMORY;
+
+#endif
+
+#define TPMA_MEMORY_SHAREDRAM		0x00000001
+#define TPMA_MEMORY_SHAREDNV		0x00000002
+#define TPMA_MEMORY_OBJECTCOPIEDTORAM	0x00000004
+#define TPMA_MEMORY_RESERVED		0xfffffff8
+
+/* Table 37 - Definition of (TPM_CC) TPMA_CC Bits <OUT> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int commandIndex : 16;	/* 15:0	indicates the command being selected */
+	unsigned int Reserved	: 6;	/* 21:16 shall be zero */
+	unsigned int nv		: 1;	/* 22 indicates that the command may write to NV */
+	unsigned int extensive	: 1;	/* 23 This command could flush any number of loaded contexts. */
+	unsigned int flushed	: 1;	/* 24 The context associated with any transient handle in the command will be flushed when this command completes. */
+	unsigned int cHandles	: 3;	/* 27:25 indicates the number of the handles in the handle area for this command */
+	unsigned int rHandle	: 1;	/* 28 indicates the presence of the handle area in the input */
+	unsigned int V		: 1;	/* 29 indicates that the command is vendor-specific */
+	unsigned int Res	: 2;	/* 31:30	allocated for software; shall be zero */
+    };
+    UINT32 val;
+} TPMA_CC;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Res	: 2;	/* 31:30	allocated for software; shall be zero */
+	unsigned int V		: 1;	/* 29 indicates that the command is vendor-specific */
+	unsigned int rHandle	: 1;	/* 28 indicates the presence of the handle area in the input */
+	unsigned int cHandles	: 3;	/* 27:25 indicates the number of the handles in the handle area for this command */
+	unsigned int flushed	: 1;	/* 24 The context associated with any transient handle in the command will be flushed when this command completes. */
+	unsigned int extensive	: 1;	/* 23 This command could flush any number of loaded contexts. */
+	unsigned int nv		: 1;	/* 22 indicates that the command may write to NV */
+	unsigned int Reserved	: 6;	/* 21:16 shall be zero */
+	unsigned int commandIndex : 16;	/* 15:0	indicates the command being selected */
+    };
+    UINT32 val;
+} TPMA_CC;
+
+#else
+
+typedef union {
+    struct {
+	UINT32 val;
+    };
+} TPMA_CC;
+    
+#endif
+
+#define TPMA_CC_COMMANDINDEX	0x0000ffff
+#define TPMA_CC_RESERVED1	0x003f0000
+#define TPMA_CC_NV		0x00400000
+#define TPMA_CC_EXTENSIVE	0x00800000
+#define TPMA_CC_FLUSHED		0x01000000
+#define TPMA_CC_CHANDLES	0x0e000000
+#define TPMA_CC_RHANDLE		0x10000000
+#define TPMA_CC_V		0x20000000
+#define TPMA_CC_RES		0xc0000000
+#define TPMA_CC_RESERVED	(0x003f0000 | 0xc0000000)
+
+    /* Table 38 - Definition of (UINT32) TPMA_MODES Bits <Out> */
+
+#if defined TPM_BITFIELD_LE
+
+    typedef union {
+	struct {
+	    unsigned int FIPS_140_2	: 1;	/* 0 indicates that the TPM is designed to comply with all of the FIPS 140-2 requirements at Level 1 or higher */
+	    unsigned int Reserved	: 31;	/* 31:1	shall be zero */
+	};
+	UINT32 val;
+    } TPMA_MODES;
+    
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int Reserved	: 31;	/* 31:1	shall be zero */
+	unsigned int FIPS_140_2	: 1;	/* 0 indicates that the TPM is designed to comply with all of the FIPS 140-2 requirements at Level 1 or higher */
+    };
+    UINT32 val;
+} TPMA_MODES;
+    
+#else 
+
+    typedef struct {
+	UINT32 val;
+    } TPMA_MODES;
+
+#endif
+
+#define TPMA_MODES_FIPS_140_2	 0x00000001
+    
+/* Table 38 - Definition of (BYTE) TPMI_YES_NO Type */
+
+typedef BYTE TPMI_YES_NO;
+
+#define NO	0
+#define YES	1	
+
+/* Table 39 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */
+
+typedef TPM_HANDLE TPMI_DH_OBJECT;
+
+/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PARENT Type */
+
+typedef TPM_HANDLE TPMI_DH_PARENT;
+    
+/* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */
+
+typedef TPM_HANDLE TPMI_DH_PERSISTENT;
+
+/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> */
+
+typedef TPM_HANDLE TPMI_DH_ENTITY;
+
+/* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> */
+
+typedef TPM_HANDLE TPMI_DH_PCR;
+
+/* Table 43 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> */
+
+typedef TPM_HANDLE TPMI_SH_AUTH_SESSION;
+
+/* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> */
+
+typedef TPM_HANDLE TPMI_SH_HMAC;
+
+/* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> */
+
+typedef TPM_HANDLE TPMI_SH_POLICY;
+
+/* Table 46 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type  */
+
+typedef TPM_HANDLE TPMI_DH_CONTEXT;
+
+/* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type */
+    
+typedef TPM_HANDLE TPMI_DH_SAVED;
+
+/* Table 47 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type  */
+
+typedef TPM_HANDLE TPMI_RH_HIERARCHY;
+
+/* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */
+
+typedef TPM_HANDLE TPMI_RH_ENABLES;
+
+/* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_HIERARCHY_AUTH;
+
+/* Table 2:55 - Definition of TPMI_RH_HIERARCHY_POLICY Type  */
+
+typedef  TPM_HANDLE         TPMI_RH_HIERARCHY_POLICY;
+
+/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_PLATFORM;
+
+/* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_OWNER;
+
+/* Table 52 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_ENDORSEMENT;
+
+/* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_PROVISION;
+
+/* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_CLEAR;
+
+/* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_NV_AUTH;
+
+/* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> */
+
+typedef TPM_HANDLE TPMI_RH_LOCKOUT;
+
+/* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> */
+
+typedef TPM_HANDLE TPMI_RH_NV_INDEX;
+
+/* Table 58 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+
+typedef TPM_ALG_ID TPMI_ALG_HASH;
+
+/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type */
+
+typedef TPM_ALG_ID TPMI_ALG_ASYM;
+
+/* Table 60 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */
+
+typedef TPM_ALG_ID TPMI_ALG_SYM;
+
+/* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */
+
+typedef TPM_ALG_ID TPMI_ALG_SYM_OBJECT;
+
+/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */
+
+typedef TPM_ALG_ID TPMI_ALG_SYM_MODE;
+
+/* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */
+
+typedef TPM_ALG_ID TPMI_ALG_KDF;
+
+/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */
+
+typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME;
+
+/* Table 65 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */
+
+typedef TPM_ALG_ID TPMI_ECC_KEY_EXCHANGE;
+
+/* Table 66 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */
+
+typedef TPM_ST TPMI_ST_COMMAND_TAG;
+
+/* Table 71 - Definition of (TPM_ALG_ID) TPMI_ALG_MAC_SCHEME Type */
+
+typedef TPM_ALG_ID TPMI_ALG_MAC_SCHEME;
+
+/* Table 72 - Definition of (TPM_ALG_ID) TPMI_ALG_CIPHER_MODE Type */
+
+typedef TPM_ALG_ID TPMI_ALG_CIPHER_MODE;    
+
+/* Table 67 - Definition of TPMS_EMPTY Structure <IN/OUT> */
+
+typedef struct {
+    /* a structure with no member */
+    BYTE empty[0];
+} TPMS_EMPTY;
+
+/* Table 68 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> */
+typedef struct {
+    TPM_ALG_ID		alg;		/* an algorithm	*/
+    TPMA_ALGORITHM 	attributes;	/* the attributes of the algorithm */
+} TPMS_ALGORITHM_DESCRIPTION;
+
+/* Table 69 - Definition of TPMU_HA Union <IN/OUT, S> */
+
+typedef union {
+    BYTE	sha1 [SHA1_DIGEST_SIZE];	/* TPM_ALG_SHA1 */
+    BYTE	sha256 [SHA256_DIGEST_SIZE]; 	/* TPM_ALG_SHA256 */
+    BYTE	sha384 [SHA384_DIGEST_SIZE];	/* TPM_ALG_SHA384 */
+    BYTE	sha512 [SHA512_DIGEST_SIZE];	/* TPM_ALG_SHA512 */
+    BYTE	sm3_256 [SM3_256_DIGEST_SIZE];	/* TPM_ALG_SM3_256 */
+    BYTE	tssmax [128];			/* to make union size larger */
+    
+} TPMU_HA;
+
+/* legacy, better to use (sizeof(TPMU_HA) */
+    
+#define MAX_DIGEST_SIZE (sizeof(TPMU_HA))    
+
+/* Table 70 - Definition of TPMT_HA Structure <IN/OUT> */
+
+typedef struct {
+    TPMI_ALG_HASH	hashAlg;	/* selector of the hash contained in the digest that implies the size of the digest */
+    TPMU_HA		digest;		/* the digest data */
+} TPMT_HA;
+
+/* Table 71 - Definition of TPM2B_DIGEST Structure */
+
+typedef struct {
+    UINT16    size;
+    BYTE      buffer[sizeof(TPMU_HA)];
+} DIGEST_2B;
+
+typedef union {
+    DIGEST_2B    t;
+    TPM2B        b;
+} TPM2B_DIGEST;
+
+/* Table 72 - Definition of TPM2B_DATA Structure */
+
+typedef struct {
+    UINT16	size;				/* size in octets of the buffer field; may be 0 */
+    BYTE	buffer[sizeof(TPMT_HA)];
+} DATA_2B;
+
+typedef union {
+    DATA_2B t;
+    TPM2B   b;
+} TPM2B_DATA;
+
+/* Table 73 - Definition of Types for TPM2B_NONCE */
+
+typedef TPM2B_DIGEST	TPM2B_NONCE;	/* size limited to the same as the digest structure */
+
+/* Table 74 - Definition of Types for TPM2B_AUTH */
+
+typedef TPM2B_DIGEST	TPM2B_AUTH;	/* size limited to the same as the digest structure */
+
+/* This is not in Part 2, but the concatenation of two digests to create an HMAC key is used often
+   enough that it's worth putting in a central location.
+
+   In Part 1 19.6.8 sessionKey Creation - authValue || salt.
+   In Part 1 19.6.5 HMAC Computation - sessionKey || authValue
+
+   I think both could be TPMU_HA, but the TPM reference code seems to use TPMT_HA.
+*/
+
+typedef struct {
+    UINT16    size;
+    BYTE      buffer[sizeof(TPMU_HA) +	/* TPM2B_AUTH authValue */
+		     sizeof(TPMT_HA)];	/* salt */
+} KEY_2B;
+
+typedef union {
+    KEY_2B    t;
+    TPM2B     b;
+} TPM2B_KEY;
+
+/* Table 75 - Definition of Types for TPM2B_OPERAND */
+
+typedef TPM2B_DIGEST	TPM2B_OPERAND;	/* size limited to the same as the digest structure */
+
+/* Table 76 - Definition of TPM2B_EVENT Structure */
+
+typedef struct {
+    UINT16	size;			/* size of the operand */
+    BYTE	buffer [1024];		/* the operand */
+} EVENT_2B;
+
+typedef union {
+    EVENT_2B t;
+    TPM2B    b;
+} TPM2B_EVENT;
+
+/* Table 77 - Definition of TPM2B_MAX_BUFFER Structure */
+
+/* MAX_DIGEST_BUFFER is TPM-dependent but is required to be at least 1,024. */
+
+typedef struct {
+    UINT16	size;				/* size of the buffer */
+    BYTE	buffer [MAX_DIGEST_BUFFER];	/* the operand  */
+} MAX_BUFFER_2B;
+
+typedef union {
+    MAX_BUFFER_2B t;
+    TPM2B         b;
+} TPM2B_MAX_BUFFER;
+
+/* Table 78 - Definition of TPM2B_MAX_NV_BUFFER Structure */
+
+typedef struct {
+    UINT16	size;				/* size of the buffer */
+    BYTE	buffer [MAX_NV_BUFFER_SIZE];	/* the operand  */
+} MAX_NV_BUFFER_2B;
+
+typedef union {
+    MAX_NV_BUFFER_2B t;
+    TPM2B            b;
+} TPM2B_MAX_NV_BUFFER;
+
+/* Table 79 - Definition of TPM2B_TIMEOUT Structure <IN/OUT> */
+
+typedef TPM2B_DIGEST	TPM2B_TIMEOUT;	/* size limited to the same as the digest structure */
+
+/* Table 80 - Definition of TPM2B_IV Structure <IN/OUT> */
+
+typedef struct {
+    UINT16	size;				/* size of the IV value */
+    BYTE	buffer [MAX_SYM_BLOCK_SIZE]; 	/* the IV value */
+} IV_2B;
+
+typedef union {
+    IV_2B t;
+    TPM2B b;
+} TPM2B_IV;
+
+/* Table 81 - Definition of TPMU_NAME Union <> */
+
+typedef union {
+    TPMT_HA	digest;		/* when the Name is a digest */
+    TPM_HANDLE	handle;		/* when the Name is a handle */
+} TPMU_NAME;
+
+/* Table 82 - Definition of TPM2B_NAME Structure */
+
+typedef struct {
+    UINT16	size;				/* size of the Name structure */
+    BYTE	name[sizeof(TPMU_NAME)];	/* the Name structure */
+} NAME_2B;
+
+typedef union {
+    NAME_2B t;
+    TPM2B   b;
+} TPM2B_NAME;
+
+/* Table 83 - Definition of TPMS_PCR_SELECT Structure */
+
+typedef struct {
+    UINT8	sizeofSelect;			/* the size in octets of the pcrSelect array */
+    BYTE 	pcrSelect [PCR_SELECT_MAX];	/* the bit map of selected PCR */
+} TPMS_PCR_SELECT;
+
+/* Table 84 - Definition of TPMS_PCR_SELECTION Structure */
+
+typedef struct {
+    TPMI_ALG_HASH	hash;				/* the hash algorithm associated with the selection */
+    UINT8		sizeofSelect;			/* the size in octets of the pcrSelect array */
+    BYTE 		pcrSelect [PCR_SELECT_MAX];	/* the bit map of selected PCR */
+} TPMS_PCR_SELECTION;
+
+/* Table 87 - Definition of TPMT_TK_CREATION Structure */
+
+typedef struct {
+    TPM_ST		tag;		/* ticket structure tag TPM_ST_CREATION */
+    TPMI_RH_HIERARCHY	hierarchy;	/* the hierarchy containing name */
+    TPM2B_DIGEST	digest;		/* This shall be the HMAC produced using a proof value of hierarchy. */
+} TPMT_TK_CREATION;
+
+/* Table 88 - Definition of TPMT_TK_VERIFIED Structure */
+
+typedef struct {
+    TPM_ST		tag;		/* ticket structure tag TPM_ST_VERIFIED */
+    TPMI_RH_HIERARCHY	hierarchy;	/* the hierarchy containing keyName */
+    TPM2B_DIGEST	digest;		/* This shall be the HMAC produced using a proof value of hierarchy. */
+} TPMT_TK_VERIFIED;
+
+/* Table 89 - Definition of TPMT_TK_AUTH Structure */
+
+typedef struct {
+    TPM_ST		tag;		/* ticket structure tag TPM_ST_AUTH_SIGNED, TPM_ST_AUTH_SECRET */
+    TPMI_RH_HIERARCHY	hierarchy;	/* the hierarchy of the object used to produce the ticket */
+    TPM2B_DIGEST	digest;		/* This shall be the HMAC produced using a proof value of hierarchy. */
+} TPMT_TK_AUTH;
+
+/* Table 90 - Definition of TPMT_TK_HASHCHECK Structure */
+
+typedef struct {
+    TPM_ST		tag;		/* ticket structure tag TPM_ST_HASHCHECK */
+    TPMI_RH_HIERARCHY	hierarchy;	/* the hierarchy */
+    TPM2B_DIGEST	digest;		/* This shall be the HMAC produced using a proof value of hierarchy. */
+} TPMT_TK_HASHCHECK;
+
+/* Table 91 - Definition of TPMS_ALG_PROPERTY Structure <OUT> */
+
+typedef struct {
+    TPM_ALG_ID		alg;		/* an algorithm identifier */
+    TPMA_ALGORITHM	algProperties;	/* the attributes of the algorithm */
+} TPMS_ALG_PROPERTY;
+
+/* Table 92 - Definition of TPMS_TAGGED_PROPERTY Structure <OUT> */
+
+typedef struct {
+    TPM_PT	property;	/* a property identifier */
+    UINT32	value;		/* the value of the property */
+} TPMS_TAGGED_PROPERTY;
+
+/* Table 93 - Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> */
+
+typedef struct {
+    TPM_PT_PCR	tag;				/* the property identifier */
+    UINT8	sizeofSelect;			/* the size in octets of the pcrSelect array */
+    BYTE 	pcrSelect [PCR_SELECT_MAX];	/* the bit map of PCR with the identified property */
+} TPMS_TAGGED_PCR_SELECT;
+
+/* Table 96 - Definition of TPMS_TAGGED_POLICY Structure  */
+
+typedef struct {
+    TPM_HANDLE              handle;
+    TPMT_HA                 policyHash;
+} TPMS_TAGGED_POLICY;
+
+/* Table 94 - Definition of TPML_CC Structure */
+
+typedef struct {
+    UINT32	count;				/* number of commands in the commandCode list; may be 0 */
+    TPM_CC	commandCodes[MAX_CAP_CC];	/* a list of command codes */
+} TPML_CC;
+
+/* Table 95 - Definition of TPML_CCA Structure <OUT> */
+
+typedef struct {
+    UINT32	count;				/* number of values in the commandAttributes list; may be 0 */
+    TPMA_CC	commandAttributes[MAX_CAP_CC];	/* a list of command codes attributes */
+} TPML_CCA;
+
+/* Table 96 - Definition of TPML_ALG Structure */
+
+typedef struct {
+    UINT32	count;				/* number of algorithms in the algorithms list; may be 0 */
+    TPM_ALG_ID	algorithms[MAX_ALG_LIST_SIZE];	/* a list of algorithm IDs */
+} TPML_ALG;
+
+/* Table 97 - Definition of TPML_HANDLE Structure <OUT> */
+
+typedef struct {
+    UINT32	count;				/* the number of handles in the list may have a value of 0 */
+    TPM_HANDLE 	handle[MAX_CAP_HANDLES];	/* an array of handles */
+} TPML_HANDLE;
+
+/* Table 98 - Definition of TPML_DIGEST Structure */
+
+typedef struct {
+    UINT32		count;		/* number of digests in the list, minimum is two for TPM2_PolicyOR(). */
+    TPM2B_DIGEST	digests[8];	/* a list of digests */
+} TPML_DIGEST;
+
+/* Table 99 - Definition of TPML_DIGEST_VALUES Structure */
+
+typedef struct {
+    UINT32	count;			/* number of digests in the list */
+    TPMT_HA	digests[HASH_COUNT];	/* a list of tagged digests */
+} TPML_DIGEST_VALUES;
+
+/* Table 100 - Definition of TPM2B_DIGEST_VALUES Structure */
+
+typedef struct {
+    UINT16	size;					/* size of the operand buffer */
+    BYTE	buffer [sizeof(TPML_DIGEST_VALUES)];	/* the operand */
+} TPM2B_DIGEST_VALUES;
+
+/* Table 101 - Definition of TPML_PCR_SELECTION Structure */
+
+typedef struct {
+    UINT32		count;				/* number of selection structures A value of zero is allowed. */
+    TPMS_PCR_SELECTION	pcrSelections[HASH_COUNT];	/* list of selections */
+} TPML_PCR_SELECTION;
+
+/* Table 102 - Definition of TPML_ALG_PROPERTY Structure <OUT> */
+
+typedef struct {
+    UINT32		count;				/* number of algorithm properties structures A value of zero is allowed. */
+    TPMS_ALG_PROPERTY	algProperties[MAX_CAP_ALGS];	/* list of properties */
+} TPML_ALG_PROPERTY;
+
+/* Table 103 - Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> */
+
+typedef struct {
+    UINT32			count;					/* number of properties A value of zero is allowed. */
+    TPMS_TAGGED_PROPERTY	tpmProperty[MAX_TPM_PROPERTIES];	/* an array of tagged properties */
+} TPML_TAGGED_TPM_PROPERTY;
+
+/* Table 104 - Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> */
+
+typedef struct {
+    UINT32			count;					/* number of properties A value of zero is allowed. */
+    TPMS_TAGGED_PCR_SELECT	pcrProperty[MAX_PCR_PROPERTIES];	/* a tagged PCR selection */
+} TPML_TAGGED_PCR_PROPERTY;
+
+/* Table 105 - Definition of {ECC} TPML_ECC_CURVE Structure <OUT> */
+
+typedef struct {
+    UINT32		count;				/* number of curves A value of zero is allowed. */
+    TPM_ECC_CURVE	eccCurves[MAX_ECC_CURVES];	/* array of ECC curve identifiers */
+} TPML_ECC_CURVE ;
+
+/* Table 109 - Definition of TPML_TAGGED_POLICY Structure */
+
+typedef struct {
+    UINT32                  count;
+    TPMS_TAGGED_POLICY      policies[MAX_TAGGED_POLICIES];
+} TPML_TAGGED_POLICY;
+
+/* Table 106 - Definition of TPMU_CAPABILITIES Union <OUT> */
+
+typedef union {
+    TPML_ALG_PROPERTY		algorithms;	/* TPM_CAP_ALGS */
+    TPML_HANDLE			handles;	/* TPM_CAP_HANDLES */
+    TPML_CCA			command;	/* TPM_CAP_COMMANDS */
+    TPML_CC			ppCommands;	/* TPM_CAP_PP_COMMANDS */
+    TPML_CC			auditCommands;	/* TPM_CAP_AUDIT_COMMANDS */
+    TPML_PCR_SELECTION		assignedPCR;	/* TPM_CAP_PCRS */
+    TPML_TAGGED_TPM_PROPERTY	tpmProperties;	/* TPM_CAP_TPM_PROPERTIES */
+    TPML_TAGGED_PCR_PROPERTY	pcrProperties;	/* TPM_CAP_PCR_PROPERTIES */
+    TPML_ECC_CURVE		eccCurves;	/* TPM_CAP_ECC_CURVES */
+    TPML_TAGGED_POLICY		authPolicies;	/* TPM_CAP_AUTH_POLICIES */
+} TPMU_CAPABILITIES;
+    
+/* Table 107 - Definition of TPMS_CAPABILITY_DATA Structure <OUT> */
+
+typedef struct {
+    TPM_CAP		capability;	/* the capability */
+    TPMU_CAPABILITIES	data;		/* the capability data */
+} TPMS_CAPABILITY_DATA;
+
+/* Table 108 - Definition of TPMS_CLOCK_INFO Structure */
+
+typedef struct {
+    UINT64	clock;		/* time in milliseconds during which the TPM has been powered */
+    UINT32	resetCount;	/* number of occurrences of TPM Reset since the last TPM2_Clear() */
+    UINT32	restartCount;	/* number of times that TPM2_Shutdown() or _TPM_Hash_Start have
+				   occurred since the last TPM Reset or TPM2_Clear(). */
+    TPMI_YES_NO	safe;		/* no value of Clock greater than the current value of Clock has
+				   been previously reported by the TPM */
+} TPMS_CLOCK_INFO;
+
+/* Table 109 - Definition of TPMS_TIME_INFO Structure */
+
+typedef struct {
+    UINT64		time;		/* time in milliseconds since the last _TPM_Init() or TPM2_Startup() */
+    TPMS_CLOCK_INFO	clockInfo;	/* a structure containing the clock information */
+} TPMS_TIME_INFO;
+
+/* Table 110 - Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> */
+
+typedef struct {
+    TPMS_TIME_INFO	time;			/* the Time, clock, resetCount, restartCount, and
+						   Safe indicator */
+    UINT64		firmwareVersion;	/* a TPM vendor-specific value indicating the
+						   version number of the firmware */
+} TPMS_TIME_ATTEST_INFO;
+
+/* Table 111 - Definition of TPMS_CERTIFY_INFO Structure <OUT> */
+
+typedef struct {
+    TPM2B_NAME	name;		/* Name of the certified object */
+    TPM2B_NAME	qualifiedName;	/* Qualified Name of the certified object */
+} TPMS_CERTIFY_INFO;
+
+/* Table 112 - Definition of TPMS_QUOTE_INFO Structure <OUT> */
+
+typedef struct {
+    TPML_PCR_SELECTION	pcrSelect;	/* information on algID, PCR selected and digest */
+    TPM2B_DIGEST	pcrDigest;	/* digest of the selected PCR using the hash of the signing key */
+} TPMS_QUOTE_INFO;
+
+/* Table 113 - Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> */
+
+typedef struct {
+    UINT64		auditCounter;	/* the monotonic audit counter */
+    TPM_ALG_ID		digestAlg;	/* hash algorithm used for the command audit */
+    TPM2B_DIGEST	auditDigest;	/* the current value of the audit digest */
+    TPM2B_DIGEST	commandDigest;	/* digest of the command codes being audited using digestAlg */
+} TPMS_COMMAND_AUDIT_INFO;
+
+/* Table 114 - Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> */
+
+typedef struct {
+    TPMI_YES_NO		exclusiveSession;	/* current exclusive status of the session  */
+    TPM2B_DIGEST	sessionDigest;		/* the current value of the session audit digest */
+} TPMS_SESSION_AUDIT_INFO;
+
+/* Table 115 - Definition of TPMS_CREATION_INFO Structure <OUT> */
+
+typedef struct {
+    TPM2B_NAME		objectName;	/* Name of the object */
+    TPM2B_DIGEST	creationHash;	/* creationHash */
+} TPMS_CREATION_INFO;
+
+/* Table 116 - Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> */
+
+typedef struct {
+    TPM2B_NAME 		indexName;	/* Name of the NV Index */
+    UINT16 		offset;		/* the offset parameter of TPM2_NV_Certify() */
+    TPM2B_MAX_NV_BUFFER nvContents;	/* contents of the NV Index */
+} TPMS_NV_CERTIFY_INFO;
+
+/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure <OUT> */
+typedef struct {
+    TPM2B_NAME		indexName;
+    TPM2B_DIGEST	nvDigest;
+} TPMS_NV_DIGEST_CERTIFY_INFO; 
+
+typedef TPM_ST TPMI_ST_ATTEST;
+
+/* Table 118 - Definition of TPMU_ATTEST Union <OUT> */
+
+typedef union {
+    TPMS_CERTIFY_INFO		certify;	/* TPM_ST_ATTEST_CERTIFY */
+    TPMS_CREATION_INFO		creation;	/* TPM_ST_ATTEST_CREATION */
+    TPMS_QUOTE_INFO		quote;		/* TPM_ST_ATTEST_QUOTE */
+    TPMS_COMMAND_AUDIT_INFO	commandAudit;	/* TPM_ST_ATTEST_COMMAND_AUDIT */
+    TPMS_SESSION_AUDIT_INFO	sessionAudit;	/* TPM_ST_ATTEST_SESSION_AUDIT */
+    TPMS_TIME_ATTEST_INFO	time;		/* TPM_ST_ATTEST_TIME */
+    TPMS_NV_CERTIFY_INFO	nv;		/* TPM_ST_ATTEST_NV */
+    TPMS_NV_DIGEST_CERTIFY_INFO	nvDigest;	/* TPM_ST_ATTEST_NV_DIGEST */
+} TPMU_ATTEST;
+
+/* Table 119 - Definition of TPMS_ATTEST Structure <OUT> */
+
+typedef struct {
+    TPM_GENERATED	magic;			/* the indication that this structure was created by
+						   a TPM (always TPM_GENERATED_VALUE) */
+    TPMI_ST_ATTEST	type;			/* type of the attestation structure */
+    TPM2B_NAME		qualifiedSigner;	/* Qualified Name of the signing key */
+    TPM2B_DATA		extraData;		/* external information supplied by caller */
+    TPMS_CLOCK_INFO	clockInfo;		/* Clock, resetCount, restartCount, and Safe */
+    UINT64		firmwareVersion;	/* TPM-vendor-specific value identifying the version
+						   number of the firmware */
+    TPMU_ATTEST		attested;		/* the type-specific attestation information */
+} TPMS_ATTEST;
+
+/* Table 120 - Definition of TPM2B_ATTEST Structure <OUT> */
+
+typedef struct {
+    UINT16	size;					/* size of the attestationData structure */
+    BYTE	attestationData[sizeof(TPMS_ATTEST)];	/* the signed structure */
+} ATTEST_2B;
+
+typedef union {
+    ATTEST_2B t;
+    TPM2B     b;
+} TPM2B_ATTEST;
+
+/* Table 121 - Definition of TPMS_AUTH_COMMAND Structure <IN> */
+
+typedef struct {
+    TPMI_SH_AUTH_SESSION	sessionHandle;		/* the session handle */
+    TPM2B_NONCE			nonce;			/* the session nonce, may be the Empty Buffer */
+    TPMA_SESSION		sessionAttributes;	/* the session attributes */
+    TPM2B_AUTH			hmac;			/* either an HMAC, a password, or an EmptyAuth */
+} TPMS_AUTH_COMMAND;
+
+/* Table 126 - Definition of TPMS_AUTH_RESPONSE Structure <OUT> */
+
+typedef struct {
+    TPM2B_NONCE		nonce;			/* the session nonce, may be the Empty Buffer */
+    TPMA_SESSION	sessionAttributes;	/* the session attributes */
+    TPM2B_AUTH		hmac;			/* either an HMAC or an EmptyAuth */
+} TPMS_AUTH_RESPONSE;
+
+/* Table 127 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */
+
+typedef TPM_KEY_BITS TPMI_TDES_KEY_BITS;
+typedef TPM_KEY_BITS TPMI_AES_KEY_BITS;
+typedef TPM_KEY_BITS TPMI_SM4_KEY_BITS;
+typedef TPM_KEY_BITS TPMI_CAMELLIA_KEY_BITS;
+
+/* Table 128 - Definition of TPMU_SYM_KEY_BITS Union */
+
+typedef union {
+#ifdef      TPM_ALG_TDES
+    TPMI_TDES_KEY_BITS        	tdes;   /* TPM_ALG_TDES */
+#endif
+#ifdef TPM_ALG_AES
+    TPMI_AES_KEY_BITS		aes;	/* TPM_ALG_AES */
+#endif
+#ifdef TPM_ALG_SM4
+    TPMI_SM4_KEY_BITS		sm4;	/* TPM_ALG_SM4 */
+#endif
+#ifdef TPM_ALG_CAMELLIA
+    TPMI_CAMELLIA_KEY_BITS 	camellia;	/* TPM_ALG_CAMELLIA */
+#endif
+#ifdef TPM_ALG_XOR
+    TPMI_ALG_HASH		xorr;	/* TPM_ALG_XOR	overload for using xor */
+#endif
+    TPM_KEY_BITS		sym;	/* when selector may be any of the symmetric block ciphers */
+} TPMU_SYM_KEY_BITS;
+
+/* Table 129 - Definition of TPMU_SYM_MODE Union */
+
+typedef union {
+#ifdef TPM_ALG_TDES
+    TPMI_ALG_SYM_MODE   tdes;		/* TPM_ALG_TDES */
+#endif
+#ifdef TPM_ALG_AES
+    TPMI_ALG_SYM_MODE	aes;		/* TPM_ALG_AES */
+#endif
+#ifdef TPM_ALG_SM4
+    TPMI_ALG_SYM_MODE	sm4;		/* TPM_ALG_SM4 */
+#endif
+#ifdef TPM_ALG_CAMELLIA
+    TPMI_ALG_SYM_MODE	camellia;	/* TPM_ALG_CAMELLIA */
+#endif
+    TPMI_ALG_SYM_MODE	sym;		/* when selector may be any of the symmetric block ciphers */
+} TPMU_SYM_MODE;
+
+/* Table 126 - xDefinition of TPMU_SYM_DETAILS Union */
+
+/* Table 127 - Definition of TPMT_SYM_DEF Structure */
+
+typedef struct {
+    TPMI_ALG_SYM	algorithm;	/* indicates a symmetric algorithm */
+    TPMU_SYM_KEY_BITS 	keyBits;	/* a supported key size */
+    TPMU_SYM_MODE 	mode;		/* the mode for the key */
+} TPMT_SYM_DEF;
+
+/* Table 128 - Definition of TPMT_SYM_DEF_OBJECT Structure */
+
+typedef struct {
+    TPMI_ALG_SYM_OBJECT	algorithm;	/* selects a symmetric block cipher */
+    TPMU_SYM_KEY_BITS	keyBits;	/* the key size */
+    TPMU_SYM_MODE	mode;		/* default mode */
+} TPMT_SYM_DEF_OBJECT;
+
+/* Table 129 - Definition of TPM2B_SYM_KEY Structure */
+
+typedef struct {
+    UINT16	size;				/* size, in octets, of the buffer containing the key; may be zero */
+    BYTE	buffer [MAX_SYM_KEY_BYTES]; 	/* the key */
+} SYM_KEY_2B;
+
+typedef union {
+    SYM_KEY_2B t;
+    TPM2B      b;
+} TPM2B_SYM_KEY;
+
+/* Table 130 - Definition of TPMS_SYMCIPHER_PARMS Structure */
+
+typedef struct {
+    TPMT_SYM_DEF_OBJECT	sym;	/* a symmetric block cipher */
+} TPMS_SYMCIPHER_PARMS;
+
+/* Table 135 - Definition of TPM2B_LABEL Structure */
+
+typedef union {
+    struct {
+	UINT16                  size;
+	BYTE                    buffer[LABEL_MAX_BUFFER];
+    }            t;
+    TPM2B        b;
+} TPM2B_LABEL;
+
+/* Table 135 - Definition of TPMS_DERIVE Structure */
+
+typedef struct {
+    TPM2B_LABEL	label;
+    TPM2B_LABEL	context;
+} TPMS_DERIVE; 
+
+/* Table 131 - Definition of TPM2B_SENSITIVE_DATA Structure */
+
+typedef struct {
+    UINT16	size;
+    BYTE	buffer[MAX_SYM_DATA];	/* the keyed hash private data structure */
+} SENSITIVE_DATA_2B;
+
+typedef union {
+    SENSITIVE_DATA_2B t;
+    TPM2B             b;
+} TPM2B_SENSITIVE_DATA;
+
+/* Table 132 - Definition of TPMS_SENSITIVE_CREATE Structure <IN> */
+
+typedef struct {
+    TPM2B_AUTH			userAuth;	/* the USER auth secret value */
+    TPM2B_SENSITIVE_DATA	data;		/* data to be sealed */
+} TPMS_SENSITIVE_CREATE;
+
+/* Table 133 - Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> */
+
+typedef struct {
+    UINT16			size;		/* size of sensitive in octets (may not be zero) */
+    TPMS_SENSITIVE_CREATE	sensitive;	/* data to be sealed or a symmetric key value. */
+} TPM2B_SENSITIVE_CREATE;
+
+/* Table 134 - Definition of TPMS_SCHEME_HASH Structure */
+
+typedef struct {
+    TPMI_ALG_HASH	hashAlg;	/* the hash algorithm used to digest the message */
+} TPMS_SCHEME_HASH;
+
+/* Table 135 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */
+
+typedef struct {
+    TPMI_ALG_HASH	hashAlg;	/* the hash algorithm used to digest the message */
+    UINT16		count;		/* the counter value that is used between TPM2_Commit() and the sign operation */
+} TPMS_SCHEME_ECDAA;
+    
+/* Table 136 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */
+
+typedef TPM_ALG_ID TPMI_ALG_KEYEDHASH_SCHEME;
+
+/* Table 137 - Definition of Types for HMAC_SIG_SCHEME */
+
+typedef TPMS_SCHEME_HASH	TPMS_SCHEME_HMAC;
+
+/* Table 138 - Definition of TPMS_SCHEME_XOR Structure */
+
+typedef struct {
+    TPMI_ALG_HASH	hashAlg;	/* the hash algorithm used to digest the message */
+    TPMI_ALG_KDF	kdf;		/* the key derivation function */
+} TPMS_SCHEME_XOR;
+
+/* Table 139 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_HMAC
+    TPMS_SCHEME_HMAC	hmac;	/* TPM_ALG_HMAC	the "signing" scheme */
+#endif
+#ifdef TPM_ALG_XOR
+    TPMS_SCHEME_XOR	xorr;	/* TPM_ALG_XOR 	the "obfuscation" scheme */
+#endif
+} TPMU_SCHEME_KEYEDHASH;
+
+/* Table 140 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+
+typedef struct {
+    TPMI_ALG_KEYEDHASH_SCHEME	scheme;		/* selects the scheme */
+    TPMU_SCHEME_KEYEDHASH	details;	/* the scheme parameters */
+} TPMT_KEYEDHASH_SCHEME;
+
+/* Table 141 - Definition of {RSA} Types for RSA Signature Schemes */
+
+typedef TPMS_SCHEME_HASH 	TPMS_SIG_SCHEME_RSASSA;			
+typedef TPMS_SCHEME_HASH 	TPMS_SIG_SCHEME_RSAPSS;
+
+/* Table 142 - Definition of {ECC} Types for ECC Signature Schemes */
+
+typedef TPMS_SCHEME_HASH 	TPMS_SIG_SCHEME_ECDSA;			
+typedef TPMS_SCHEME_HASH	TPMS_SIG_SCHEME_SM2;			
+typedef TPMS_SCHEME_HASH 	TPMS_SIG_SCHEME_ECSCHNORR;
+
+typedef TPMS_SCHEME_ECDAA	TPMS_SIG_SCHEME_ECDAA;
+
+/* Table 143 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_RSASSA
+    TPMS_SIG_SCHEME_RSASSA	rsassa;		/* TPM_ALG_RSASSA	the RSASSA-PKCS1v1_5 scheme */
+#endif
+#ifdef TPM_ALG_RSAPSS
+    TPMS_SIG_SCHEME_RSAPSS	rsapss;		/* TPM_ALG_RSAPSS	the RSASSA-PSS scheme */
+#endif
+#ifdef TPM_ALG_ECDSA
+    TPMS_SIG_SCHEME_ECDSA	ecdsa;		/* TPM_ALG_ECDSA	the ECDSA scheme */
+#endif
+#ifdef TPM_ALG_ECDAA
+    TPMS_SIG_SCHEME_ECDAA	ecdaa;		/* TPM_ALG_ECDAA	the ECDAA scheme */
+#endif
+#ifdef TPM_ALG_SM2
+    TPMS_SIG_SCHEME_SM2		sm2;		/* TPM_ALG_SM2		ECDSA from SM2 */
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+    TPMS_SIG_SCHEME_ECSCHNORR	ecSchnorr;	/* TPM_ALG_ECSCHNORR	the EC Schnorr */
+#endif
+#ifdef TPM_ALG_HMAC
+    TPMS_SCHEME_HMAC		hmac;		/* TPM_ALG_HMAC		the HMAC scheme */
+#endif
+    TPMS_SCHEME_HASH		any;		/* selector that allows access to digest for any signing scheme */
+} TPMU_SIG_SCHEME;
+
+/* Table 144 - Definition of TPMT_SIG_SCHEME Structure */
+
+typedef struct {
+    TPMI_ALG_SIG_SCHEME	scheme;		/* scheme selector */
+    TPMU_SIG_SCHEME	details;	/* scheme parameters */
+} TPMT_SIG_SCHEME;
+
+/* Table 145 - Definition of Types for {RSA} Encryption Schemes */
+
+typedef TPMS_SCHEME_HASH	TPMS_ENC_SCHEME_OAEP; 	/* schemes that only need a hash */ 
+
+typedef TPMS_EMPTY		TPMS_ENC_SCHEME_RSAES;	/* schemes that need nothing */
+
+/* Table 146 - Definition of Types for {ECC} ECC Key Exchange */
+
+typedef TPMS_SCHEME_HASH	TPMS_KEY_SCHEME_ECDH; 	/* schemes that only need a hash */ 
+typedef TPMS_SCHEME_HASH	TPMS_KEY_SCHEME_ECMQV; 	/* schemes that only need a hash */ 
+
+/* Table 147 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */
+
+typedef TPMS_SCHEME_HASH	TPMS_SCHEME_MGF1; 
+typedef TPMS_SCHEME_HASH	TPMS_SCHEME_KDF1_SP800_56A;
+typedef TPMS_SCHEME_HASH	TPMS_SCHEME_KDF2;
+typedef TPMS_SCHEME_HASH	TPMS_SCHEME_KDF1_SP800_108;
+
+/* Table 148 - Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_MGF1
+    TPMS_SCHEME_MGF1		mgf1;		/* TPM_ALG_MGF1 */
+#endif
+#ifdef TPM_ALG_KDF1_SP800_56A
+    TPMS_SCHEME_KDF1_SP800_56A	kdf1_SP800_56a;	/* TPM_ALG_KDF1_SP800_56A */
+#endif
+#ifdef TPM_ALG_KDF2
+    TPMS_SCHEME_KDF2		kdf2;		/* TPM_ALG_KDF2 */
+#endif
+#ifdef TPM_ALG_KDF1_SP800_108
+    TPMS_SCHEME_KDF1_SP800_108	kdf1_sp800_108;	/* TPM_ALG_KDF1_SP800_108 */
+#endif
+} TPMU_KDF_SCHEME;
+
+/* Table 149 - Definition of TPMT_KDF_SCHEME Structure */
+
+typedef struct {
+    TPMI_ALG_KDF	scheme;		/* scheme selector */
+    TPMU_KDF_SCHEME	details;	/* scheme parameters */
+} TPMT_KDF_SCHEME;
+ 
+/* Table 150 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */
+
+typedef TPM_ALG_ID 		TPMI_ALG_ASYM_SCHEME;
+
+/* Table 151 - Definition of TPMU_ASYM_SCHEME Union */
+
+typedef union {
+#ifdef TPM_ALG_ECDH
+    TPMS_KEY_SCHEME_ECDH	ecdh;		/* TPM_ALG_ECDH */
+#endif
+#ifdef TPM_ALG_ECMQV
+    TPMS_KEY_SCHEME_ECMQV	ecmqvh;		/* TPM_ALG_ECMQV */
+#endif
+#ifdef TPM_ALG_RSASSA
+    TPMS_SIG_SCHEME_RSASSA	rsassa;		/* TPM_ALG_RSASSA */
+#endif
+#ifdef TPM_ALG_RSAPSS
+    TPMS_SIG_SCHEME_RSAPSS	rsapss;		/* TPM_ALG_RSAPSS */
+#endif
+#ifdef TPM_ALG_ECDSA
+    TPMS_SIG_SCHEME_ECDSA	ecdsa;		/* TPM_ALG_ECDSA */
+#endif
+#ifdef TPM_ALG_ECDAA
+    TPMS_SIG_SCHEME_ECDAA	ecdaa;		/* TPM_ALG_ECDAA */
+#endif
+#ifdef TPM_ALG_SM2
+    TPMS_SIG_SCHEME_SM2		sm2;		/* TPM_ALG_SM2 */
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+    TPMS_SIG_SCHEME_ECSCHNORR	ecSchnorr;	/* TPM_ALG_ECSCHNORR */
+#endif
+#ifdef TPM_ALG_RSAES
+    TPMS_ENC_SCHEME_RSAES	rsaes;		/* TPM_ALG_RSAES */
+#endif
+#ifdef TPM_ALG_OAEP
+    TPMS_ENC_SCHEME_OAEP	oaep;		/* TPM_ALG_OAEP */
+#endif
+    TPMS_SCHEME_HASH		anySig;
+} TPMU_ASYM_SCHEME;
+
+/* Table 152 - Definition of TPMT_ASYM_SCHEME Structure <> */
+
+typedef struct {
+    TPMI_ALG_ASYM_SCHEME	scheme;		/* scheme selector */
+    TPMU_ASYM_SCHEME		details;	/* scheme parameters */
+} TPMT_ASYM_SCHEME;
+
+/* Table 153 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */
+
+typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME;
+
+/* Table 154 - Definition of {RSA} TPMT_RSA_SCHEME Structure */
+
+typedef struct {
+    TPMI_ALG_RSA_SCHEME	scheme;		/* scheme selector */
+    TPMU_ASYM_SCHEME	details;	/* scheme parameters */
+} TPMT_RSA_SCHEME;
+    
+/* Table 155 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */
+
+typedef TPM_ALG_ID TPMI_ALG_RSA_DECRYPT;
+
+/* Table 156 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */
+
+typedef struct {
+    TPMI_ALG_RSA_DECRYPT	scheme;		/* scheme selector */
+    TPMU_ASYM_SCHEME		details;	/* scheme parameters */
+} TPMT_RSA_DECRYPT;
+    
+/* Table 157 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */
+
+typedef struct {
+    UINT16	size;				/* size of the buffer */
+    BYTE	buffer[MAX_RSA_KEY_BYTES];	/* Value */
+} PUBLIC_KEY_RSA_2B;
+
+typedef union {
+    PUBLIC_KEY_RSA_2B t;
+    TPM2B             b;
+} TPM2B_PUBLIC_KEY_RSA;
+
+/* Table 158 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */
+
+typedef TPM_KEY_BITS TPMI_RSA_KEY_BITS;
+
+/* Table 159 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */
+
+typedef struct {
+    UINT16	size;
+    BYTE	buffer[MAX_RSA_KEY_BYTES/2];	
+} PRIVATE_KEY_RSA_2B;
+
+typedef union {
+    PRIVATE_KEY_RSA_2B t;
+    TPM2B              b;
+} TPM2B_PRIVATE_KEY_RSA;
+
+/* Table 160 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */
+
+typedef struct {
+    UINT16	size;				/* size of the buffer */
+    BYTE	buffer[MAX_ECC_KEY_BYTES];	/* the parameter data */
+} ECC_PARAMETER_2B;
+
+typedef union {
+    ECC_PARAMETER_2B t;
+    TPM2B	     b;
+} TPM2B_ECC_PARAMETER;
+
+/* Table 161 - Definition of {ECC} TPMS_ECC_POINT Structure */
+
+typedef struct {
+    TPM2B_ECC_PARAMETER	x;	/* X coordinate */
+    TPM2B_ECC_PARAMETER	y;	/* Y coordinate */
+} TPMS_ECC_POINT;
+    
+/* Table 162 - Definition of {ECC} TPM2B_ECC_POINT Structure */
+
+typedef struct {
+    UINT16		size;	/* size of the remainder of this structure */
+    TPMS_ECC_POINT	point;	/* coordinates */
+} TPM2B_ECC_POINT;
+
+/* Table 163 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */
+
+typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME;
+
+/* Table 164 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */
+
+typedef TPM_ECC_CURVE TPMI_ECC_CURVE;
+    
+/* Table 165 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */
+
+typedef struct {
+    TPMI_ALG_ECC_SCHEME 	scheme;		/* scheme selector */
+    TPMU_ASYM_SCHEME		details;	/* scheme parameters */
+} TPMT_ECC_SCHEME;
+   
+/* Table 166 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> */
+
+typedef struct {
+    TPM_ECC_CURVE	curveID;	/* identifier for the curve */
+    UINT16		keySize;	/* Size in bits of the key */
+    TPMT_KDF_SCHEME	kdf;		/* If not TPM_ALG_NULL, the required KDF and hash algorithm
+					   used in secret sharing operations */
+    TPMT_ECC_SCHEME	sign;		/* If not TPM_ALG_NULL, this is the mandatory signature
+					   scheme that is required to be used with this curve. */
+    TPM2B_ECC_PARAMETER	p;		/* Fp (the modulus) */
+    TPM2B_ECC_PARAMETER	a;		/* coefficient of the linear term in the curve equation */
+    TPM2B_ECC_PARAMETER	b;		/* constant term for curve equation */
+    TPM2B_ECC_PARAMETER	gX;		/* x coordinate of base point G */
+    TPM2B_ECC_PARAMETER	gY;		/* y coordinate of base point G */
+    TPM2B_ECC_PARAMETER	n;		/* order of G */
+    TPM2B_ECC_PARAMETER	h;		/* cofactor (a size of zero indicates a cofactor of 1) */
+} TPMS_ALGORITHM_DETAIL_ECC;
+    
+/* Table 167 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */
+
+typedef struct {
+    TPMI_ALG_HASH		hash;	/* the hash algorithm used to digest the message TPM_ALG_NULL is not allowed. */
+    TPM2B_PUBLIC_KEY_RSA	sig;	/* The signature is the size of a public key. */
+} TPMS_SIGNATURE_RSA;
+    
+/* Table 168 - Definition of Types for {RSA} Signature */
+
+typedef TPMS_SIGNATURE_RSA	TPMS_SIGNATURE_RSASSA;
+typedef TPMS_SIGNATURE_RSA	TPMS_SIGNATURE_RSAPSS;
+    
+/* Table 169  - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */
+
+typedef struct {
+    TPMI_ALG_HASH	hash;	/* the hash algorithm used in the signature process TPM_ALG_NULL is not allowed. */
+    TPM2B_ECC_PARAMETER	signatureR;
+    TPM2B_ECC_PARAMETER	signatureS;
+} TPMS_SIGNATURE_ECC;
+    
+/* Table 170 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */
+
+typedef TPMS_SIGNATURE_ECC	TPMS_SIGNATURE_ECDSA;
+typedef TPMS_SIGNATURE_ECC	TPMS_SIGNATURE_ECDAA;
+typedef TPMS_SIGNATURE_ECC	TPMS_SIGNATURE_SM2;
+typedef TPMS_SIGNATURE_ECC	TPMS_SIGNATURE_ECSCHNORR;
+
+/* Table 171 - Definition of TPMU_SIGNATURE Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_RSASSA
+    TPMS_SIGNATURE_RSASSA	rsassa;			/* TPM_ALG_RSASSA */
+#endif
+#ifdef TPM_ALG_RSAPSS
+    TPMS_SIGNATURE_RSAPSS	rsapss;			/* TPM_ALG_RSAPSS */
+#endif
+#ifdef TPM_ALG_ECDSA
+    TPMS_SIGNATURE_ECDSA	ecdsa;			/* TPM_ALG_ECDSA */
+#endif
+#ifdef TPM_ALG_ECDAA
+    TPMS_SIGNATURE_ECDSA	ecdaa;			/* TPM_ALG_ECDAA */
+#endif
+#ifdef TPM_ALG_SM2
+    TPMS_SIGNATURE_ECDSA	sm2;			/* TPM_ALG_SM2 */
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+    TPMS_SIGNATURE_ECDSA	ecschnorr;		/* TPM_ALG_ECSCHNORR */
+#endif
+#ifdef TPM_ALG_HMAC
+    TPMT_HA			hmac;			/* TPM_ALG_HMAC */
+#endif
+    TPMS_SCHEME_HASH		any;			/* used to access the hash */
+} TPMU_SIGNATURE;
+
+/* Table 172 - Definition of TPMT_SIGNATURE Structure */
+
+typedef struct {
+    TPMI_ALG_SIG_SCHEME	sigAlg;		/* selector of the algorithm used to construct the signature */
+    TPMU_SIGNATURE	signature;	/* This shall be the actual signature information. */
+} TPMT_SIGNATURE;
+    
+/* Table 173 - Definition of TPMU_ENCRYPTED_SECRET Union <S> */
+
+typedef union {
+#ifdef TPM_ALG_ECC
+    BYTE	ecc[sizeof(TPMS_ECC_POINT)];		/* TPM_ALG_ECC */
+#endif
+#ifdef TPM_ALG_RSA
+    BYTE	rsa[MAX_RSA_KEY_BYTES];			/* TPM_ALG_RSA */
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+    BYTE	symmetric[sizeof(TPM2B_DIGEST)];	/* TPM_ALG_SYMCIPHER */
+#endif
+#ifdef TPM_ALG_KEYEDHASH
+    BYTE	keyedHash[sizeof(TPM2B_DIGEST)];	/* TPM_ALG_KEYEDHASH */
+#endif
+} TPMU_ENCRYPTED_SECRET;
+
+/* Table 174 - Definition of TPM2B_ENCRYPTED_SECRET Structure */
+
+typedef struct {
+    UINT16	size;					/* size of the secret value */
+    BYTE	secret[sizeof(TPMU_ENCRYPTED_SECRET)];	/* secret */
+} ENCRYPTED_SECRET_2B;
+
+typedef union {
+    ENCRYPTED_SECRET_2B t;
+    TPM2B               b;
+} TPM2B_ENCRYPTED_SECRET;
+
+/* Table 175 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+
+typedef TPM_ALG_ID TPMI_ALG_PUBLIC;
+
+/* Table 176 - Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_KEYEDHASH
+    TPM2B_DIGEST		keyedHash;	/* TPM_ALG_KEYEDHASH */
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+    TPM2B_DIGEST		sym;		/* TPM_ALG_SYMCIPHER */
+#endif
+#ifdef TPM_ALG_RSA
+    TPM2B_PUBLIC_KEY_RSA	rsa;		/* TPM_ALG_RSA */
+#endif
+#ifdef TPM_ALG_ECC
+    TPMS_ECC_POINT		ecc;		/* TPM_ALG_ECC */
+#endif
+    TPMS_DERIVE			derive;		/* only allowed for TPM2_CreateLoaded when
+						   parentHandle is a Derivation Parent */
+} TPMU_PUBLIC_ID;
+
+/* Table 177 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+
+typedef struct {
+    TPMT_KEYEDHASH_SCHEME	scheme;	/* Indicates the signing method used for a keyedHash signing object */
+} TPMS_KEYEDHASH_PARMS;
+ 
+/* Table 178 - Definition of TPMS_ASYM_PARMS Structure <> */
+
+typedef struct {
+    TPMT_SYM_DEF_OBJECT	symmetric;	/* the companion symmetric algorithm for a restricted decryption key */
+    TPMT_ASYM_SCHEME	scheme;		/* for a key with the sign attribute SET, a valid signing scheme for the key type */
+} TPMS_ASYM_PARMS;
+ 
+/* Table 179 - Definition of {RSA} TPMS_RSA_PARMS Structure */
+
+typedef struct {
+    TPMT_SYM_DEF_OBJECT	symmetric;	/* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size, and mode. */
+    TPMT_RSA_SCHEME	scheme;		/* for an unrestricted signing key, shall be either TPM_ALG_RSAPSS TPM_ALG_RSASSA or TPM_ALG_NULL */
+    TPMI_RSA_KEY_BITS 	keyBits;	/* number of bits in the public modulus */
+    UINT32		exponent;	/* the public exponent  */
+} TPMS_RSA_PARMS;
+
+/* Table 180 - Definition of {ECC} TPMS_ECC_PARMS Structure */
+
+typedef struct {
+    TPMT_SYM_DEF_OBJECT	symmetric;	/* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size. and mode. */
+    TPMT_ECC_SCHEME	scheme;		/* If the sign attribute of the key is SET, then this shall be a valid signing scheme. */
+    TPMI_ECC_CURVE	curveID;	/* ECC curve ID */
+    TPMT_KDF_SCHEME	kdf;		/* an optional key derivation scheme for generating a symmetric key from a Z value */
+} TPMS_ECC_PARMS;
+
+/* Table 181 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_KEYEDHASH
+    TPMS_KEYEDHASH_PARMS	keyedHashDetail;	/* TPM_ALG_KEYEDHASH */
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+    TPMS_SYMCIPHER_PARMS	symDetail;		/* TPM_ALG_SYMCIPHER */
+#endif
+#ifdef TPM_ALG_RSA
+    TPMS_RSA_PARMS		rsaDetail;		/* TPM_ALG_RSA */
+#endif
+#ifdef TPM_ALG_ECC
+    TPMS_ECC_PARMS		eccDetail;		/* TPM_ALG_ECC */
+#endif
+    TPMS_ASYM_PARMS		asymDetail;		/* common scheme structure for RSA and ECC keys */
+} TPMU_PUBLIC_PARMS;
+
+/* Table 182 - Definition of TPMT_PUBLIC_PARMS Structure */
+
+typedef struct {
+    TPMI_ALG_PUBLIC	type;		/* the algorithm to be tested */
+    TPMU_PUBLIC_PARMS	parameters;	/* the algorithm details */
+} TPMT_PUBLIC_PARMS;
+ 
+/* Table 183 - Definition of TPMT_PUBLIC Structure */
+
+typedef struct {
+    TPMI_ALG_PUBLIC	type;			/* "algorithm" associated with this object */
+    TPMI_ALG_HASH	nameAlg;		/* algorithm used for computing the Name of the object */
+    TPMA_OBJECT		objectAttributes;	/* attributes that, along with type, determine the manipulations of this object */
+    TPM2B_DIGEST	authPolicy;		/* optional policy for using this key */
+    TPMU_PUBLIC_PARMS	parameters;		/* the algorithm or structure details */
+    TPMU_PUBLIC_ID	unique;			/* the unique identifier of the structure */
+} TPMT_PUBLIC;
+ 
+/* Table 184 - Definition of TPM2B_PUBLIC Structure */
+
+typedef struct {
+    UINT16	size;		/* size of publicArea */
+    TPMT_PUBLIC	publicArea;	/* the public area  */
+} TPM2B_PUBLIC;
+
+/* Table 192 - Definition of TPM2B_TEMPLATE Structure */
+
+typedef union {
+    struct {
+	UINT16	size;				/* size of publicArea */
+	BYTE	buffer[sizeof(TPMT_PUBLIC)];	/* the public area  */
+    } t;
+    TPM2B       b;
+} TPM2B_TEMPLATE;
+
+/* Table 186 - Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> */
+
+typedef union {
+#ifdef TPM_ALG_RSA
+    TPM2B_PRIVATE_KEY_RSA		rsa;	/* TPM_ALG_RSA a prime factor of the public key */
+#endif
+#ifdef TPM_ALG_ECC
+    TPM2B_ECC_PARAMETER			ecc;	/* TPM_ALG_ECC the integer private key */
+#endif
+#ifdef TPM_ALG_KEYEDHASH
+    TPM2B_SENSITIVE_DATA		bits;	/* TPM_ALG_KEYEDHASH the private data */
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+    TPM2B_SYM_KEY			sym;	/* TPM_ALG_SYMCIPHER the symmetric key */
+#endif
+} TPMU_SENSITIVE_COMPOSITE;
+
+/* Table 187 - Definition of TPMT_SENSITIVE Structure */
+
+typedef struct {
+    TPMI_ALG_PUBLIC		sensitiveType;	/* identifier for the sensitive area  */
+    TPM2B_AUTH			authValue;	/* user authorization data */
+    TPM2B_DIGEST		seedValue;	/* for asymmetric key object, the optional protection seed; for other objects, the obfuscation value */
+    TPMU_SENSITIVE_COMPOSITE	sensitive;	/* the type-specific private data */
+} TPMT_SENSITIVE;
+ 
+/* Table 188 - Definition of TPM2B_SENSITIVE Structure <IN/OUT> */
+
+typedef struct {
+    UINT16		size;		/* size of the private structure */
+    TPMT_SENSITIVE	sensitiveArea;	/* an unencrypted sensitive area */
+} SENSITIVE_2B;
+
+typedef union {
+    SENSITIVE_2B t;
+    TPM2B        b;
+} TPM2B_SENSITIVE;
+
+/* Table 189 - Definition of _PRIVATE Structure <> */
+
+typedef struct {
+    TPM2B_DIGEST	integrityOuter;
+    TPM2B_DIGEST	integrityInner;	/* could also be a TPM2B_IV */
+    TPM2B_SENSITIVE	sensitive;	/* the sensitive area */
+} _PRIVATE;
+ 
+/* Table 190 - Definition of TPM2B_PRIVATE Structure <IN/OUT, S> */
+
+typedef struct {
+    UINT16	size;				/* size of the private structure */
+    BYTE	buffer[sizeof(_PRIVATE)];	/* an encrypted private area */
+} PRIVATE_2B;
+
+typedef union {
+    PRIVATE_2B t;
+    TPM2B      b;
+} TPM2B_PRIVATE;
+
+/* Table 191 - Definition of _ID_OBJECT Structure <> */
+
+typedef struct {
+    TPM2B_DIGEST	integrityHMAC;	/* HMAC using the nameAlg of the storage key on the target TPM */
+    TPM2B_DIGEST	encIdentity;	/* credential protector information returned if name matches the referenced object */
+} _ID_OBJECT;
+ 
+/* Table 192 - Definition of TPM2B_ID_OBJECT Structure <IN/OUT> */
+
+typedef struct {
+    UINT16	size;				/* size of the credential structure */
+    BYTE	credential[sizeof(_ID_OBJECT)];	/* an encrypted credential area */
+} ID_OBJECT_2B;
+
+typedef union {
+    ID_OBJECT_2B t;
+    TPM2B        b;
+} TPM2B_ID_OBJECT;
+
+/* Table 193 - Definition of (UINT32) TPM_NV_INDEX Bits <> */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int index : 24;    	/* 23:0	 The Index of the NV location */
+	unsigned int RH_NV : 8;    	/* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */
+    };
+    UINT32 val;
+} TPM_NV_INDEX;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int RH_NV : 8;    	/* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */
+	unsigned int index : 24;    	/* 23:0	 The Index of the NV location */
+    };
+    UINT32 val;
+} TPM_NV_INDEX;
+
+#else 
+
+typedef struct {
+    UINT32 val;
+} TPM_NV_INDEX;
+
+#endif
+
+#define TPM_NV_INDEX_INDEX	0x00ffffff
+#define TPM_NV_INDEX_RH_NV	0xff000000
+
+/* Table 194 - Definition of TPM_NT Constants */
+
+#define TPM_NT_ORDINARY	0x0	/* Ordinary - contains data that is opaque to the TPM that can only be modified using TPM2_NV_Write(). */
+#define TPM_NT_COUNTER	0x1	/* Counter - contains an 8-octet value that is to be used as a
+				   counter and can only be modified with TPM2_NV_Increment() */
+#define TPM_NT_BITS	0x2	/* Bit Field - contains an 8-octet value to be used as a bit field
+				   and can only be modified with TPM2_NV_SetBits(). */
+#define TPM_NT_EXTEND	0x4	/* Extend - contains a digest-sized value used like a PCR. The Index
+				   can only be modified using TPM2_NV_Extend(). The extend will use
+				   the nameAlg of the Index. */
+#define TPM_NT_PIN_FAIL	0x8	/* PIN Fail - contains a PIN limit and a PIN count that increments on a PIN authorization failure */
+#define TPM_NT_PIN_PASS	0x9	/* PIN Pass - contains a PIN limit and a PIN count that increments on a PIN authorization success */
+
+/* Table 204 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure */
+
+typedef struct {
+    uint32_t pinCount;	/* This counter shows the current number of successful authValue
+			   authorization attempts to access a TPM_NT_PIN_PASS index or the current
+			   number of unsuccessful authValue authorization attempts to access a
+			   TPM_NT_PIN_FAIL index. */
+    uint32_t pinLimit;	/* This threshold is the value of pinCount at which the authValue
+			   authorization of the host TPM_NT_PIN_PASS or TPM_NT_PIN_FAIL index is
+			   locked out. */
+} TPMS_NV_PIN_COUNTER_PARAMETERS;
+
+/* Table 205 - Definition of (UINT32) TPMA_NV Bits */
+
+#if defined TPM_BITFIELD_LE
+
+typedef union {
+    struct {
+	unsigned int TPMA_NV_PPWRITE		: 1; 	/* 0	The Index data can be written if Platform Authorization is provided. */
+	unsigned int TPMA_NV_OWNERWRITE		: 1;	/* 1	The Index data can be written if Owner Authorization is provided. */
+	unsigned int TPMA_NV_AUTHWRITE		: 1;	/* 2    Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */
+	unsigned int TPMA_NV_POLICYWRITE	: 1;	/* 3    Authorizations to change the Index contents that require USER role may be provided with a policy session. */
+	unsigned int TPM_NT			: 4;	/* 7:4  The type of the index */
+	unsigned int Reserved1 			: 2;	/* 9:8	shall be zero reserved for future use */
+	unsigned int TPMA_NV_POLICY_DELETE	: 1;	/* 10	Index may not be deleted unless the authPolicy is satisfied. */
+	unsigned int TPMA_NV_WRITELOCKED	: 1;	/* 11	Index cannot be written. */
+	unsigned int TPMA_NV_WRITEALL		: 1;	/* 12   A partial write of the Index data is not allowed. The write size shall match the defined space size. */
+	unsigned int TPMA_NV_WRITEDEFINE	: 1;	/* 13   TPM2_NV_WriteLock() may be used to prevent further writes to this location. */
+	unsigned int TPMA_NV_WRITE_STCLEAR	: 1;	/* 14   TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_GLOBALLOCK		: 1;	/* 15   If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_PPREAD		: 1;	/* 16	The Index data can be read if Platform Authorization is provided. */
+	unsigned int TPMA_NV_OWNERREAD		: 1;	/* 17	The Index data can be read if Owner Authorization is provided. */
+	unsigned int TPMA_NV_AUTHREAD		: 1;	/* 18	The Index data may be read if the authValue is provided. */
+	unsigned int TPMA_NV_POLICYREAD		: 1;	/* 19	The Index data may be read if the authPolicy is satisfied. */
+	unsigned int Reserved2			: 5;	/* 24:20 shall be zero reserved for future use */
+	unsigned int TPMA_NV_NO_DA		: 1;	/* 25	Authorization failures of the Index do not affect the DA logic */
+	unsigned int TPMA_NV_ORDERLY		: 1;	/* 26	NV Index state is only required to be saved when the TPM performs an orderly shutdown */
+	unsigned int TPMA_NV_CLEAR_STCLEAR	: 1;	/* 27	TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_READLOCKED		: 1;	/* 28	Reads of the Index are blocked until the next TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_WRITTEN		: 1;	/* 29	Index has been written. */
+	unsigned int TPMA_NV_PLATFORMCREATE	: 1;	/* 30	This Index may be undefined with Platform Authorization but not with Owner Authorization. */
+	unsigned int TPMA_NV_READ_STCLEAR	: 1;	/* 31	TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */
+    };
+    UINT32 val;
+} TPMA_NV;
+
+#elif defined TPM_BITFIELD_BE
+
+typedef union {
+    struct {
+	unsigned int TPMA_NV_READ_STCLEAR	: 1;	/* 31	TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */
+	unsigned int TPMA_NV_PLATFORMCREATE	: 1;	/* 30	This Index may be undefined with Platform Authorization but not with Owner Authorization. */
+	unsigned int TPMA_NV_WRITTEN		: 1;	/* 29	Index has been written. */
+	unsigned int TPMA_NV_READLOCKED		: 1;	/* 28	Reads of the Index are blocked until the next TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_CLEAR_STCLEAR	: 1;	/* 27	TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_ORDERLY		: 1;	/* 26	NV Index state is only required to be saved when the TPM performs an orderly shutdown */
+	unsigned int TPMA_NV_NO_DA		: 1;	/* 25	Authorization failures of the Index do not affect the DA logic */
+	unsigned int Reserved2			: 5;	/* 24:20 shall be zero reserved for future use */
+	unsigned int TPMA_NV_POLICYREAD		: 1;	/* 19	The Index data may be read if the authPolicy is satisfied. */
+	unsigned int TPMA_NV_AUTHREAD		: 1;	/* 18	The Index data may be read if the authValue is provided. */
+	unsigned int TPMA_NV_OWNERREAD		: 1;	/* 17	The Index data can be read if Owner Authorization is provided. */
+	unsigned int TPMA_NV_PPREAD		: 1;	/* 16	The Index data can be read if Platform Authorization is provided. */
+	unsigned int TPMA_NV_GLOBALLOCK		: 1;	/* 15	If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_WRITE_STCLEAR	: 1;	/* 14	TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */
+	unsigned int TPMA_NV_WRITEDEFINE	: 1;	/* 13	TPM2_NV_WriteLock() may be used to prevent further writes to this location. */
+	unsigned int TPMA_NV_WRITEALL		: 1;	/* 12	A partial write of the Index data is not allowed. The write size shall match the defined space size. */
+	unsigned int TPMA_NV_WRITELOCKED	: 1;	/* 11	Index cannot be written. */
+	unsigned int TPMA_NV_POLICY_DELETE	: 1;	/* 10	Index may not be deleted unless the authPolicy is satisfied. */
+	unsigned int Reserved1 			: 2;	/* 9:8	shall be zero reserved for future use */
+	unsigned int TPM_NT			: 4;	/* 7:4  The type of the index */
+	unsigned int TPMA_NV_POLICYWRITE	: 1;	/* 3	Authorizations to change the Index contents that require USER role may be provided with a policy session. */
+	unsigned int TPMA_NV_AUTHWRITE		: 1;	/* 2	Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */
+	unsigned int TPMA_NV_OWNERWRITE		: 1;	/* 1	The Index data can be written if Owner Authorization is provided. */
+	unsigned int TPMA_NV_PPWRITE		: 1; 	/* 0	The Index data can be written if Platform Authorization is provided. */
+    };
+    UINT32 val;
+} TPMA_NV;
+
+#else 
+
+typedef struct {
+    UINT32 val;
+} TPMA_NV;
+
+#endif
+
+#define TPMA_NVA_PPWRITE	0x00000001
+#define TPMA_NVA_OWNERWRITE	0x00000002
+#define TPMA_NVA_AUTHWRITE	0x00000004
+#define TPMA_NVA_POLICYWRITE	0x00000008
+#define TPMA_NVA_ORDINARY	0x00000000
+#define TPMA_NVA_COUNTER	0x00000010
+#define TPMA_NVA_BITS		0x00000020
+#define TPMA_NVA_EXTEND		0x00000040
+#define TPMA_NVA_PIN_FAIL	0x00000080
+#define TPMA_NVA_PIN_PASS	0x00000090
+#define TPMA_NVA_RESERVED1	0x00000300
+#define TPMA_NVA_POLICY_DELETE	0x00000400
+#define TPMA_NVA_WRITELOCKED	0x00000800
+#define TPMA_NVA_WRITEALL	0x00001000
+#define TPMA_NVA_WRITEDEFINE	0x00002000
+#define TPMA_NVA_WRITE_STCLEAR	0x00004000
+#define TPMA_NVA_GLOBALLOCK	0x00008000
+#define TPMA_NVA_PPREAD		0x00010000
+#define TPMA_NVA_OWNERREAD	0x00020000
+#define TPMA_NVA_AUTHREAD	0x00040000
+#define TPMA_NVA_POLICYREAD	0x00080000
+#define TPMA_NVA_RESERVED2	0x01f00000
+#define TPMA_NVA_NO_DA		0x02000000
+#define TPMA_NVA_ORDERLY	0x04000000
+#define TPMA_NVA_CLEAR_STCLEAR	0x08000000
+#define TPMA_NVA_READLOCKED	0x10000000
+#define TPMA_NVA_WRITTEN	0x20000000
+#define TPMA_NVA_PLATFORMCREATE	0x40000000
+#define TPMA_NVA_READ_STCLEAR	0x80000000
+
+#define TPMA_NVA_TPM_NT_MASK	0x000000f0
+#define TPMA_NV_RESERVED	(TPMA_NVA_RESERVED1 | TPMA_NVA_RESERVED2)
+
+/* Table 197 - Definition of TPMS_NV_PUBLIC Structure */
+
+typedef struct {
+    TPMI_RH_NV_INDEX	nvIndex;	/* the handle of the data area */
+    TPMI_ALG_HASH	nameAlg;	/* hash algorithm used to compute the name of the Index and used for the authPolicy */
+    TPMA_NV		attributes;	/* the Index attributes */
+    TPM2B_DIGEST	authPolicy;	/* optional access policy for the Index */
+    UINT16		dataSize;	/* the size of the data area */
+} TPMS_NV_PUBLIC;
+
+/* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */
+
+typedef struct {
+    UINT16		size;		/* size of nvPublic */
+    TPMS_NV_PUBLIC	nvPublic;	/* the public area */
+} TPM2B_NV_PUBLIC;
+
+/* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> */
+
+typedef struct {
+    UINT16	size;
+    BYTE	buffer[MAX_CONTEXT_SIZE];	/* the sensitive data */
+} CONTEXT_SENSITIVE_2B;
+
+typedef union {
+    CONTEXT_SENSITIVE_2B t;
+    TPM2B                b;
+} TPM2B_CONTEXT_SENSITIVE;
+
+/* Table 200 - Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> */
+
+typedef struct {
+    TPM2B_DIGEST		integrity;	/* the integrity value */
+    TPM2B_CONTEXT_SENSITIVE	encrypted;	/* the sensitive area */
+} TPMS_CONTEXT_DATA;
+
+/* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> */
+
+typedef struct {
+    UINT16		size;
+    BYTE		buffer[sizeof(TPMS_CONTEXT_DATA)];	
+} CONTEXT_DATA_2B;
+
+typedef union {
+    CONTEXT_DATA_2B t;
+    TPM2B           b;
+} TPM2B_CONTEXT_DATA;
+
+/* Table 202 - Definition of TPMS_CONTEXT Structure */
+
+typedef struct {
+    UINT64		sequence;	/* the sequence number of the context */
+    TPMI_DH_SAVED	savedHandle;	/* a handle indicating if the context is a session, object or sequence object */
+    TPMI_RH_HIERARCHY	hierarchy;	/* the hierarchy of the context */
+    TPM2B_CONTEXT_DATA	contextBlob;	/* the context data and integrity HMAC */
+} TPMS_CONTEXT;
+ 
+/* Table 203 - Context Handle Values */
+
+#define TPM_CONTEXT_HANDLE_HMAC			0x02000000	/* an HMAC session context */
+#define TPM_CONTEXT_HANDLE_POLICY_SESSION	0x03000000	/* a policy session context */
+#define TPM_CONTEXT_HANDLE_TRANSIENT		0x80000000	/* an ordinary transient object */
+#define TPM_CONTEXT_HANDLE_SEQUENCE		0x80000001	/* a sequence object */
+#define TPM_CONTEXT_HANDLE_STCLEAR		0x80000002	/* a transient object with the stClear attribute SET */
+
+/* Table 204 - Definition of TPMS_CREATION_DATA Structure <OUT> */
+
+typedef struct {
+    TPML_PCR_SELECTION	pcrSelect;		/* list indicating the PCR included in pcrDigest */
+    TPM2B_DIGEST	pcrDigest;		/* digest of the selected PCR using nameAlg of the object for which this structure is being created */
+    TPMA_LOCALITY	locality;		/* the locality at which the object was created */
+    TPM_ALG_ID		parentNameAlg;		/* nameAlg of the parent */
+    TPM2B_NAME		parentName;		/* Name of the parent at time of creation */
+    TPM2B_NAME		parentQualifiedName;	/* Qualified Name of the parent at the time of creation */
+    TPM2B_DATA		outsideInfo;		/* association with additional information added by the key creator */
+} TPMS_CREATION_DATA;
+ 
+/* Table 205 - Definition of TPM2B_CREATION_DATA Structure <OUT> */
+
+typedef struct {
+    UINT16		size;	/* size of the creation data */
+    TPMS_CREATION_DATA	creationData;
+} TPM2B_CREATION_DATA;
+
+typedef struct tdNTC2_CFG_STRUCT {
+    uint8_t i2cLoc1_2;
+    uint8_t i2cLoc3_4;
+    uint8_t AltCfg;
+    uint8_t Direction;
+    uint8_t PullUp;
+    uint8_t PushPull;
+    uint8_t CFG_A;
+    uint8_t CFG_B;
+    uint8_t CFG_C;
+    uint8_t CFG_D;
+    uint8_t CFG_E;
+    uint8_t CFG_F;
+    uint8_t CFG_G;
+    uint8_t CFG_H;
+    uint8_t CFG_I;
+    uint8_t CFG_J;
+    uint8_t IsValid;	/* Must be AAh */
+    uint8_t IsLocked;	/* Ignored on NTC2_PreConfig, NTC2_GetConfig returns AAh once configuration
+			   is locked. */
+} NTC2_CFG_STRUCT;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/utils/ibmtss/TakeOwnership_fp.h b/utils/ibmtss/TakeOwnership_fp.h
new file mode 100644
index 000000000..20a8f6664
--- /dev/null
+++ b/utils/ibmtss/TakeOwnership_fp.h
@@ -0,0 +1,67 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 TakeOwnership				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: TakeOwnership_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TAKEOWNERSHIP_FP_H
+#define TAKEOWNERSHIP_FP_H
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#include <ibmtss/Implementation.h>
+
+typedef struct {
+    TPM_PROTOCOL_ID protocolID;
+    uint32_t encOwnerAuthSize;
+    uint8_t encOwnerAuth[MAX_RSA_KEY_BYTES];
+    uint32_t encSrkAuthSize;
+    uint8_t encSrkAuth[MAX_RSA_KEY_BYTES];
+    TPM_KEY12 srkParams;
+} TakeOwnership_In;  
+
+typedef struct {
+    TPM_KEY12 srkPub;
+} TakeOwnership_Out;  
+
+TPM_RC
+TPM2_TakeOwnership(
+		   TakeOwnership_In *in,            // IN: input parameter buffer
+		   TakeOwnership_Out *out           // OUT: output parameter buffer
+		   );
+
+#endif
diff --git a/utils/ibmtss/TestParms_fp.h b/utils/ibmtss/TestParms_fp.h
new file mode 100644
index 000000000..1d0ca4d3c
--- /dev/null
+++ b/utils/ibmtss/TestParms_fp.h
@@ -0,0 +1,79 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: TestParms_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef TESTPARMS_FP_H
+#define TESTPARMS_FP_H
+
+typedef struct {
+    TPMT_PUBLIC_PARMS	parameters;
+} TestParms_In;
+
+#define RC_TestParms_parameters	(TPM_RC_P + TPM_RC_1)
+
+TPM_RC
+TPM2_TestParms(
+	       TestParms_In    *in             // IN: input parameter list
+	       );
+
+
+#endif
diff --git a/utils/ibmtss/TpmBuildSwitches.h b/utils/ibmtss/TpmBuildSwitches.h
new file mode 100644
index 000000000..e61d9ed5d
--- /dev/null
+++ b/utils/ibmtss/TpmBuildSwitches.h
@@ -0,0 +1,87 @@
+/********************************************************************************/
+/*										*/
+/*			TSS Compiler Build Switches    				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: TpmBuildSwitches.h 1294 2018-08-09 19:08:34Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2018				*/
+/*										*/
+/********************************************************************************/
+
+// 5.12	TpmBuildSwitches.h
+
+// This file contains the build switches.
+
+#ifndef _TPM_BUILD_SWITCHES_H
+#define _TPM_BUILD_SWITCHES_H
+
+// Switch added to support packed lists that leave out space associated with unimplemented
+// commands. Comment this out to use linear lists.  NOTE: if vendor specific commands are present,
+// the associated list is always in compressed form.
+#define COMPRESSED_LISTS
+
+#ifdef  _MSC_VER
+// This macro is used to handle LIB_EXPORT of function and variable names in lieu of a .def
+// file. Visual Studio requires that functions be explicity exported and imported.
+#   define LIB_EXPORT __declspec(dllexport) // VS compatible version
+#endif
+
+// The following definitions are used if they have not already been defined. The defaults for these
+// settings are compatible with ISO/IEC 9899:2011 (E)
+
+#ifndef LIB_EXPORT
+#   define LIB_EXPORT
+#endif
+
+#endif // _TPM_BUILD_SWITCHES_H
diff --git a/utils/ibmtss/Unmarshal12_fp.h b/utils/ibmtss/Unmarshal12_fp.h
new file mode 100644
index 000000000..60149e0e0
--- /dev/null
+++ b/utils/ibmtss/Unmarshal12_fp.h
@@ -0,0 +1,94 @@
+/********************************************************************************/
+/*										*/
+/*			     Parameter Unmarshaling				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Unmarshal12_fp.h 1285 2018-07-27 18:33:41Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef UNMARSHAL12_FP_H
+#define UNMARSHAL12_FP_H
+
+#include "TPM_Types.h"
+#include "tpmtypes12.h"
+#include <ibmtss/tpmstructures12.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC
+    TSS_TPM_STARTUP_TYPE_Unmarshalu(TPM_STARTUP_TYPE *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_VERSION_Unmarshalu(TPM_VERSION *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_TAG_Unmarshalu(TPM_TAG *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PCR_SELECTION_Unmarshalu(TPM_PCR_SELECTION *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM4B_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PCR_INFO_LONG_Unmarshalu(TPM_PCR_INFO_LONG *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PCR_INFO_SHORT_Unmarshalu(TPM_PCR_INFO_SHORT *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_SYMMETRIC_KEY_Unmarshalu(TPM_SYMMETRIC_KEY *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_RSA_KEY_PARMS_Unmarshalu(TPM_RSA_KEY_PARMS *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector);
+    TPM_RC
+    TSS_TPM4B_TPMU_PARMS_Unmarshalu(TPMU_PARMS *target, BYTE **buffer, uint32_t *size, uint32_t selector);
+    TPM_RC
+    TSS_TPM_KEY_PARMS_Unmarshalu(TPM_KEY_PARMS *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_KEY12_Unmarshalu(TPM_KEY12 *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_STORE_PUBKEY_Unmarshalu(TPM_STORE_PUBKEY *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PUBKEY_Unmarshalu(TPM_PUBKEY *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_NV_ATTRIBUTES_Unmarshalu(TPM_NV_ATTRIBUTES *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(TPM_NV_DATA_PUBLIC *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_CAP_VERSION_INFO_Unmarshalu(TPM_CAP_VERSION_INFO *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_DA_INFO_Unmarshalu(TPM_DA_INFO *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_DA_INFO_LIMITED_Unmarshalu(TPM_DA_INFO_LIMITED *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_DA_ACTION_TYPE_Unmarshalu(TPM_DA_ACTION_TYPE *target, BYTE **buffer, uint32_t *size);
+
+#endif
diff --git a/utils/ibmtss/Unmarshal_fp.h b/utils/ibmtss/Unmarshal_fp.h
new file mode 100644
index 000000000..cd3062e7b
--- /dev/null
+++ b/utils/ibmtss/Unmarshal_fp.h
@@ -0,0 +1,696 @@
+/********************************************************************************/
+/*										*/
+/*			   Unmarshal Functions  				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2019				*/
+/*										*/
+/********************************************************************************/
+
+/* The functions with the TSS_ prefix are preferred.  They use an unsigned size.  The functions
+   without the prefix are deprecated.  */
+
+#ifndef UNMARSHAL_FP_H
+#define UNMARSHAL_FP_H
+
+#include "TPM_Types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    LIB_EXPORT TPM_RC
+    TSS_UINT8_Unmarshalu(UINT8 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_INT8_Unmarshalu(INT8 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT16_Unmarshalu(UINT16 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT32_Unmarshalu(UINT32 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_INT32_Unmarshalu(INT32 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT64_Unmarshalu(UINT64 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_Array_Unmarshalu(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_Unmarshalu(TPM2B *target, UINT16 targetSize, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_KEY_BITS_Unmarshalu(TPM_KEY_BITS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_GENERATED_Unmarshalu(TPM_GENERATED *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ALG_ID_Unmarshalu(TPM_ALG_ID *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ECC_CURVE_Unmarshalu(TPM_ECC_CURVE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_RC_Unmarshalu(TPM_RC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CLOCK_ADJUST_Unmarshalu(TPM_CLOCK_ADJUST *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_EO_Unmarshalu(TPM_EO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ST_Unmarshalu(TPM_ST *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_SU_Unmarshalu(TPM_SU *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_SE_Unmarshalu(TPM_SE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CAP_Unmarshalu(TPM_CAP *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_PT_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_PT_PCR_Unmarshalu(TPM_PT_PCR *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_HANDLE_Unmarshalu(TPM_HANDLE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_ALGORITHM_Unmarshalu(TPMA_ALGORITHM *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_OBJECT_Unmarshalu(TPMA_OBJECT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_SESSION_Unmarshalu(TPMA_SESSION *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_LOCALITY_Unmarshalu(TPMA_LOCALITY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_CC_Unmarshalu(TPMA_CC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_YES_NO_Unmarshalu(TPMI_YES_NO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_OBJECT_Unmarshalu(TPMI_DH_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PARENT_Unmarshalu(TPMI_DH_PARENT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PERSISTENT_Unmarshalu(TPMI_DH_PERSISTENT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_ENTITY_Unmarshalu(TPMI_DH_ENTITY *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PCR_Unmarshalu(TPMI_DH_PCR *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, uint32_t *size, BOOL allowPwd);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_HMAC_Unmarshalu(TPMI_SH_HMAC *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_POLICY_Unmarshalu(TPMI_SH_POLICY *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_CONTEXT_Unmarshalu(TPMI_DH_CONTEXT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_SAVED_Unmarshalu(TPMI_DH_SAVED *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_Unmarshalu(TPMI_RH_HIERARCHY *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_ENABLES_Unmarshalu(TPMI_RH_ENABLES *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_AUTH_Unmarshalu(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_PLATFORM_Unmarshalu(TPMI_RH_PLATFORM *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_ENDORSEMENT_Unmarshalu(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_PROVISION_Unmarshalu(TPMI_RH_PROVISION *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_CLEAR_Unmarshalu(TPMI_RH_CLEAR *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_NV_AUTH_Unmarshalu(TPMI_RH_NV_AUTH *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_LOCKOUT_Unmarshalu(TPMI_RH_LOCKOUT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_NV_INDEX_Unmarshalu(TPMI_RH_NV_INDEX *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_HASH_Unmarshalu(TPMI_ALG_HASH *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_Unmarshalu(TPMI_ALG_SYM *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_OBJECT_Unmarshalu(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_MODE_Unmarshalu(TPMI_ALG_SYM_MODE *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_KDF_Unmarshalu(TPMI_ALG_KDF *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SIG_SCHEME_Unmarshalu(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ECC_KEY_EXCHANGE_Unmarshalu(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ST_COMMAND_TAG_Unmarshalu(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_MAC_SCHEME_Unmarshalu(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_CIPHER_MODE_Unmarshalu(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_EMPTY_Unmarshalu(TPMS_EMPTY *target, BYTE **buffer, uint32_t *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_HA_Unmarshalu(TPMU_HA *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_HA_Unmarshalu(TPMT_HA *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_DIGEST_Unmarshalu(TPM2B_DIGEST *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_DATA_Unmarshalu(TPM2B_DATA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NONCE_Unmarshalu(TPM2B_NONCE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_AUTH_Unmarshalu(TPM2B_AUTH *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_OPERAND_Unmarshalu(TPM2B_OPERAND *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_EVENT_Unmarshalu(TPM2B_EVENT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_MAX_BUFFER_Unmarshalu(TPM2B_MAX_BUFFER *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_TIMEOUT_Unmarshalu(TPM2B_TIMEOUT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_IV_Unmarshalu(TPM2B_IV *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NAME_Unmarshalu(TPM2B_NAME *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_PCR_SELECTION_Unmarshalu(TPMS_PCR_SELECTION *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_CREATION_Unmarshalu(TPMT_TK_CREATION *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_VERIFIED_Unmarshalu(TPMT_TK_VERIFIED *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_AUTH_Unmarshalu(TPMT_TK_AUTH *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_HASHCHECK_Unmarshalu(TPMT_TK_HASHCHECK *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ALG_PROPERTY_Unmarshalu(TPMS_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_PROPERTY_Unmarshalu(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_PCR_SELECT_Unmarshalu(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_CC_Unmarshalu(TPML_CC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_POLICY_Unmarshalu(TPMS_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_CCA_Unmarshalu(TPML_CCA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ALG_Unmarshalu(TPML_ALG *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_HANDLE_Unmarshalu(TPML_HANDLE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_DIGEST_Unmarshalu(TPML_DIGEST *target, BYTE **buffer, uint32_t *size ,uint32_t minCount);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_DIGEST_VALUES_Unmarshalu(TPML_DIGEST_VALUES *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_PCR_SELECTION_Unmarshalu(TPML_PCR_SELECTION *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ALG_PROPERTY_Unmarshalu(TPML_ALG_PROPERTY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_TPM_PROPERTY_Unmarshalu(TPML_TAGGED_TPM_PROPERTY  *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_PCR_PROPERTY_Unmarshalu(TPML_TAGGED_PCR_PROPERTY  *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ECC_CURVE_Unmarshalu(TPML_ECC_CURVE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_POLICY_Unmarshalu(TPML_TAGGED_POLICY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_CAPABILITIES_Unmarshalu(TPMU_CAPABILITIES *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CLOCK_INFO_Unmarshalu(TPMS_CLOCK_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TIME_INFO_Unmarshalu(TPMS_TIME_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TIME_ATTEST_INFO_Unmarshalu(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CERTIFY_INFO_Unmarshalu(TPMS_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_QUOTE_INFO_Unmarshalu(TPMS_QUOTE_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_COMMAND_AUDIT_INFO_Unmarshalu(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SESSION_AUDIT_INFO_Unmarshalu(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CREATION_INFO_Unmarshalu(TPMS_CREATION_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_CERTIFY_INFO_Unmarshalu(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Unmarshalu(TPMS_NV_DIGEST_CERTIFY_INFO *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ST_ATTEST_Unmarshalu(TPMI_ST_ATTEST *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_ATTEST_Unmarshalu(TPMU_ATTEST *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ATTEST_Unmarshalu(TPMS_ATTEST *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ATTEST_Unmarshalu(TPM2B_ATTEST *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CAPABILITY_DATA_Unmarshalu(TPMS_CAPABILITY_DATA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_AUTH_RESPONSE_Unmarshalu(TPMS_AUTH_RESPONSE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_AES_KEY_BITS_Unmarshalu(TPMI_AES_KEY_BITS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SYM_KEY_BITS_Unmarshalu(TPMU_SYM_KEY_BITS *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SYM_MODE_Unmarshalu(TPMU_SYM_MODE *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SYM_DEF_Unmarshalu(TPMT_SYM_DEF *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SYM_DEF_OBJECT_Unmarshalu(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SYM_KEY_Unmarshalu(TPM2B_SYM_KEY *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SYMCIPHER_PARMS_Unmarshalu(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_LABEL_Unmarshalu(TPM2B_LABEL *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SENSITIVE_CREATE_Unmarshalu(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_CREATE_Unmarshalu(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_HASH_Unmarshalu(TPMS_SCHEME_HASH *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_ECDAA_Unmarshalu(TPMS_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size) ;
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_KEYEDHASH_SCHEME_Unmarshalu(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_HMAC_Unmarshalu(TPMS_SCHEME_HMAC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_XOR_Unmarshalu(TPMS_SCHEME_XOR *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SCHEME_KEYEDHASH_Unmarshalu(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_KEYEDHASH_SCHEME_Unmarshalu(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECDAA_Unmarshalu(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECDSA_Unmarshalu(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECSCHNORR_Unmarshalu(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_RSAPSS_Unmarshalu(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_RSASSA_Unmarshalu(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_SM2_Unmarshalu(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SIG_SCHEME_Unmarshalu(TPMU_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SIG_SCHEME_Unmarshalu(TPMT_SIG_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ENC_SCHEME_OAEP_Unmarshalu(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ENC_SCHEME_RSAES_Unmarshalu(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, uint32_t *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEY_SCHEME_ECDH_Unmarshalu(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEY_SCHEME_ECMQV_Unmarshalu(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF1_SP800_108_Unmarshalu(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF1_SP800_56A_Unmarshalu(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF2_Unmarshalu(TPMS_SCHEME_KDF2 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_MGF1_Unmarshalu(TPMS_SCHEME_MGF1 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_KDF_SCHEME_Unmarshalu(TPMU_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_KDF_SCHEME_Unmarshalu(TPMT_KDF_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_ASYM_SCHEME_Unmarshalu(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_ASYM_SCHEME_Unmarshalu(TPMU_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_ASYM_SCHEME_Unmarshalu(TPMT_ASYM_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_RSA_SCHEME_Unmarshalu(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_RSA_SCHEME_Unmarshalu(TPMT_RSA_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_RSA_DECRYPT_Unmarshalu(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_RSA_DECRYPT_Unmarshalu(TPMT_RSA_DECRYPT *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RSA_KEY_BITS_Unmarshalu(TPMI_RSA_KEY_BITS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PRIVATE_KEY_RSA_Unmarshalu(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ECC_PARAMETER_Unmarshalu(TPM2B_ECC_PARAMETER *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ECC_POINT_Unmarshalu(TPMS_ECC_POINT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ECC_POINT_Unmarshalu(TPM2B_ECC_POINT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_ECC_SCHEME_Unmarshalu(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ECC_CURVE_Unmarshalu(TPMI_ECC_CURVE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_ECC_SCHEME_Unmarshalu(TPMT_ECC_SCHEME *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSA_Unmarshalu(TPMS_SIGNATURE_RSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSASSA_Unmarshalu(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSAPSS_Unmarshalu(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECC_Unmarshalu(TPMS_SIGNATURE_ECC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECDSA_Unmarshalu(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECDAA_Unmarshalu(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_SM2_Unmarshalu(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECSCHNORR_Unmarshalu(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SIGNATURE_Unmarshalu(TPMU_SIGNATURE *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SIGNATURE_Unmarshalu(TPMT_SIGNATURE *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_PUBLIC_Unmarshalu(TPMI_ALG_PUBLIC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_PUBLIC_ID_Unmarshalu(TPMU_PUBLIC_ID *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEYEDHASH_PARMS_Unmarshalu(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ASYM_PARMS_Unmarshalu(TPMS_ASYM_PARMS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_RSA_PARMS_Unmarshalu(TPMS_RSA_PARMS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ECC_PARMS_Unmarshalu(TPMS_ECC_PARMS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_PUBLIC_PARMS_Unmarshalu(TPMU_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_PARMS_Unmarshalu(TPMT_PUBLIC_PARMS *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_Unmarshalu(TPMT_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PUBLIC_Unmarshalu(TPM2B_PUBLIC *target, BYTE **buffer, uint32_t *size, BOOL allowNull);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_TEMPLATE_Unmarshalu(TPM2B_TEMPLATE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SENSITIVE_COMPOSITE_Unmarshalu(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, uint32_t *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SENSITIVE_Unmarshalu(TPMT_SENSITIVE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_Unmarshalu(TPM2B_SENSITIVE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PRIVATE_Unmarshalu(TPM2B_PRIVATE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ID_OBJECT_Unmarshalu(TPM2B_ID_OBJECT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_NV_Unmarshalu(TPMA_NV *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_PUBLIC_Unmarshalu(TPMS_NV_PUBLIC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NV_PUBLIC_Unmarshalu(TPM2B_NV_PUBLIC *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CONTEXT_SENSITIVE_Unmarshalu(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CONTEXT_DATA_Unmarshalu(TPMS_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CONTEXT_DATA_Unmarshalu(TPM2B_CONTEXT_DATA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CONTEXT_Unmarshalu(TPMS_CONTEXT *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CREATION_DATA_Unmarshalu(TPMS_CREATION_DATA *target, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CREATION_DATA_Unmarshalu(TPM2B_CREATION_DATA *target, BYTE **buffer, uint32_t *size);
+
+    /* These functions are deprecated.  They were adapted from the TPM side, but the signed size
+       caused static analysis tool warnings. */
+    
+    TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size);
+    TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size);
+    TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size);
+    TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size);
+    TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size);
+    TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size);
+    TPM_RC Array_Unmarshal(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_CC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_RC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_PT_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd);
+    TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_ALG_PROPERTY_Unmarshal(TPMS_ALG_PROPERTY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_TAGGED_PROPERTY_Unmarshal(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_TAGGED_PCR_SELECT_Unmarshal(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_TAGGED_POLICY_Unmarshal(TPMS_TAGGED_POLICY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size,uint32_t minCount);
+    TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY  *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY  *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_CAPABILITIES_Unmarshal(TPMU_CAPABILITIES *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_TIME_ATTEST_INFO_Unmarshal(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_CERTIFY_INFO_Unmarshal(TPMS_CERTIFY_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_QUOTE_INFO_Unmarshal(TPMS_QUOTE_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_COMMAND_AUDIT_INFO_Unmarshal(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SESSION_AUDIT_INFO_Unmarshal(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_CREATION_INFO_Unmarshal(TPMS_CREATION_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_NV_CERTIFY_INFO_Unmarshal(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_ATTEST_Unmarshal(TPMU_ATTEST *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMS_ATTEST_Unmarshal(TPMS_ATTEST *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_ATTEST_Unmarshal(TPM2B_ATTEST *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_CAPABILITY_DATA_Unmarshal(TPMS_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_AUTH_RESPONSE_Unmarshal(TPMS_AUTH_RESPONSE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) ;
+    TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_ASYM_SCHEME_Unmarshal(TPMT_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_ASYM_PARMS_Unmarshal(TPMS_ASYM_PARMS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull);
+    TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector);
+    TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPMS_CREATION_DATA_Unmarshal(TPMS_CREATION_DATA *target, BYTE **buffer, INT32 *size);
+    TPM_RC TPM2B_CREATION_DATA_Unmarshal(TPM2B_CREATION_DATA *target, BYTE **buffer, INT32 *size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/Unseal_fp.h b/utils/ibmtss/Unseal_fp.h
new file mode 100644
index 000000000..87c720ec7
--- /dev/null
+++ b/utils/ibmtss/Unseal_fp.h
@@ -0,0 +1,83 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: Unseal_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef UNSEAL_FP_H
+#define UNSEAL_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	itemHandle;
+} Unseal_In;
+
+#define RC_Unseal_itemHandle 	(TPM_RC_H + TPM_RC_1)
+
+typedef struct {
+    TPM2B_SENSITIVE_DATA	outData;
+} Unseal_Out;
+
+TPM_RC
+TPM2_Unseal(
+	    Unseal_In       *in,
+	    Unseal_Out      *out
+	    );
+
+#endif
diff --git a/utils/ibmtss/VerifySignature_fp.h b/utils/ibmtss/VerifySignature_fp.h
new file mode 100644
index 000000000..19f36a2b5
--- /dev/null
+++ b/utils/ibmtss/VerifySignature_fp.h
@@ -0,0 +1,88 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: VerifySignature_fp.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef VERIFYSIGNATURE_FP_H
+#define VERIFYSIGNATURE_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT	keyHandle;
+    TPM2B_DIGEST	digest;
+    TPMT_SIGNATURE	signature;
+} VerifySignature_In;
+
+#define RC_VerifySignature_keyHandle 	(TPM_RC_H + TPM_RC_1)
+#define RC_VerifySignature_digest	(TPM_RC_P + TPM_RC_1)
+#define RC_VerifySignature_signature 	(TPM_RC_P + TPM_RC_2)
+
+typedef struct {
+    TPMT_TK_VERIFIED	validation;
+} VerifySignature_Out;
+
+TPM_RC
+TPM2_VerifySignature(
+		     VerifySignature_In      *in,            // IN: input parameter list
+		     VerifySignature_Out     *out            // OUT: output parameter list
+		     );
+
+
+#endif
diff --git a/utils/ibmtss/ZGen_2Phase_fp.h b/utils/ibmtss/ZGen_2Phase_fp.h
new file mode 100644
index 000000000..efbf082f8
--- /dev/null
+++ b/utils/ibmtss/ZGen_2Phase_fp.h
@@ -0,0 +1,93 @@
+/********************************************************************************/
+/*										*/
+/*			     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: ZGen_2Phase_fp.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/*  Licenses and Notices							*/
+/*										*/
+/*  1. Copyright Licenses:							*/
+/*										*/
+/*  - Trusted Computing Group (TCG) grants to the user of the source code in	*/
+/*    this specification (the "Source Code") a worldwide, irrevocable, 		*/
+/*    nonexclusive, royalty free, copyright license to reproduce, create 	*/
+/*    derivative works, distribute, display and perform the Source Code and	*/
+/*    derivative works thereof, and to grant others the rights granted herein.	*/
+/*										*/
+/*  - The TCG grants to the user of the other parts of the specification 	*/
+/*    (other than the Source Code) the rights to reproduce, distribute, 	*/
+/*    display, and perform the specification solely for the purpose of 		*/
+/*    developing products based on such documents.				*/
+/*										*/
+/*  2. Source Code Distribution Conditions:					*/
+/*										*/
+/*  - Redistributions of Source Code must retain the above copyright licenses, 	*/
+/*    this list of conditions and the following disclaimers.			*/
+/*										*/
+/*  - Redistributions in binary form must reproduce the above copyright 	*/
+/*    licenses, this list of conditions	and the following disclaimers in the 	*/
+/*    documentation and/or other materials provided with the distribution.	*/
+/*										*/
+/*  3. Disclaimers:								*/
+/*										*/
+/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF	*/
+/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH	*/
+/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)	*/
+/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.		*/
+/*  Contact TCG Administration (admin at trustedcomputinggroup.org) for 		*/
+/*  information on specification licensing rights available through TCG 	*/
+/*  membership agreements.							*/
+/*										*/
+/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED 	*/
+/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR 	*/
+/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR 		*/
+/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY 		*/
+/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.		*/
+/*										*/
+/*  - Without limitation, TCG and its members and licensors disclaim all 	*/
+/*    liability, including liability for infringement of any proprietary 	*/
+/*    rights, relating to use of information in this specification and to the	*/
+/*    implementation of this specification, and TCG disclaims all liability for	*/
+/*    cost of procurement of substitute goods or services, lost profits, loss 	*/
+/*    of use, loss of data or any incidental, consequential, direct, indirect, 	*/
+/*    or special damages, whether under contract, tort, warranty or otherwise, 	*/
+/*    arising in any way out of use or reliance upon this specification or any 	*/
+/*    information herein.							*/
+/*										*/
+/*  (c) Copyright IBM Corp. and others, 2012-2015				*/
+/*										*/
+/********************************************************************************/
+
+/* rev 119 */
+
+#ifndef ZGEN_2PHASE_FP_H
+#define ZGEN_2PHASE_FP_H
+
+typedef struct {
+    TPMI_DH_OBJECT		keyA;
+    TPM2B_ECC_POINT		inQsB;
+    TPM2B_ECC_POINT		inQeB;
+    TPMI_ECC_KEY_EXCHANGE	inScheme;
+    UINT16			counter;
+} ZGen_2Phase_In;
+
+#define RC_ZGen_2Phase_keyA	(TPM_RC_H + TPM_RC_1)
+#define RC_ZGen_2Phase_inQsB	(TPM_RC_P + TPM_RC_1)
+#define RC_ZGen_2Phase_inQeB	(TPM_RC_P + TPM_RC_2)
+#define RC_ZGen_2Phase_inScheme	(TPM_RC_P + TPM_RC_3)
+#define RC_ZGen_2Phase_counter	(TPM_RC_P + TPM_RC_4)
+
+typedef struct {
+    TPM2B_ECC_POINT	outZ1;
+    TPM2B_ECC_POINT	outZ2;
+} ZGen_2Phase_Out;
+
+TPM_RC
+TPM2_ZGen_2Phase(
+		 ZGen_2Phase_In      *in,            // IN: input parameter list
+		 ZGen_2Phase_Out     *out            // OUT: output parameter list
+		 );
+
+
+#endif
diff --git a/utils/ibmtss/tpmconstants12.h b/utils/ibmtss/tpmconstants12.h
new file mode 100644
index 000000000..55574badc
--- /dev/null
+++ b/utils/ibmtss/tpmconstants12.h
@@ -0,0 +1,1721 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              TPM 1.2 Constants                               */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2006, 2010.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TPMCONSTANTS12_H
+#define TPMCONSTANTS12_H
+
+#include <stdint.h>
+
+/*
+  NOTE implementation Specific
+*/
+
+/*
+  version, revision, specLevel, errataRev
+*/
+
+/* current for released specification revision 103 */
+
+#define TPM_REVISION_MAX 9999
+#ifndef TPM_REVISION
+#define TPM_REVISION TPM_REVISION_MAX
+#endif
+
+// #if  (TPM_REVISION >= 116) 
+
+// #define TPM_SPEC_LEVEL  0x0002          /* uint16_t The level of ordinals supported */
+// #define TPM_ERRATA_REV  0x03            /* specification errata level */
+
+// #elif  (TPM_REVISION >= 103) 
+
+// #define TPM_SPEC_LEVEL  0x0002          /* uint16_t The level of ordinals supported */
+// #define TPM_ERRATA_REV  0x02            /* specification errata level */
+
+// #elif (TPM_REVISION >= 94)
+
+// #define TPM_SPEC_LEVEL  0x0002          /* uint16_t The level of ordinals supported */
+// #define TPM_ERRATA_REV  0x01            /* specification errata level */
+
+// #elif (TPM_REVISION >= 85)
+
+// #define TPM_SPEC_LEVEL  0x0002          /* uint16_t The level of ordinals supported */
+// #define TPM_ERRATA_REV  0x00            /* specification errata level */
+
+// #else
+
+// #define TPM_SPEC_LEVEL  0x0001          /* uint16_t The level of ordinals supported */
+// #define TPM_ERRATA_REV  0x00            /* specification errata level */
+
+// #endif
+
+/* IBM specific */
+
+#if 0   /* at one time vendorID was the PCI vendor ID, this is the IBM code */
+#define TPM_VENDOR_ID   "\x00\x00\x10\x14"      /* BYTE[4], the vendor ID, obtained from the TCG,
+                                                   typically PCI vendor ID */
+#endif
+
+
+#ifdef TPM_VENDOR
+
+#define TPM_VENDOR_ID    "WEC"  /* 4 bytes, as of rev 99 vendorID and TPM_CAP_PROP_MANUFACTURER
+                                   return the same value */
+#define TPM_MANUFACTURER "WEC"  /* 4 characters, assigned by TCG, typically stock ticker symbol */
+
+#else
+
+#define TPM_VENDOR_ID    "IBM"  /* 4 bytes, as of rev 99 vendorID and TPM_CAP_PROP_MANUFACTURER
+                                   return the same value */
+#define TPM_MANUFACTURER "IBM"  /* 4 characters, assigned by TCG, typically stock ticker symbol */
+
+#endif
+
+/* Timeouts in microseconds.  These are for the platform specific interface (e.g. the LPC bus
+   registers in the PC Client TPM).  They are most likely not applicable to a software TPM.  */
+#define TPM_TIMEOUT_A   1000000
+#define TPM_TIMEOUT_B   1000000
+#define TPM_TIMEOUT_C   1000000
+#define TPM_TIMEOUT_D   1000000
+
+/* dictionary attack mitigation */
+
+#define TPM_LOCKOUT_THRESHOLD 5         /* successive failures to trigger lockout, must be greater
+                                           than 0 */
+
+/* Denotes the duration value in microseconds of the duration of the three classes of commands:
+   Small, Medium and Long.  The command types are in the Part 2 Ordinal Table.  Essentially:
+
+   Long - creating an RSA key pair
+   Medium - using an RSA key
+   Short  - anything else
+*/
+
+#ifndef TPM_SMALL_DURATION
+#define TPM_SMALL_DURATION      2000000
+#endif
+
+#ifndef TPM_MEDIUM_DURATION     
+#define TPM_MEDIUM_DURATION     5000000
+#endif
+
+#ifndef TPM_LONG_DURATION
+#define TPM_LONG_DURATION      60000000
+#endif
+
+/* startup effects */
+   
+#define    TPM_STARTUP_EFFECTS_VALUE   \
+(TPM_STARTUP_EFFECTS_ST_ANY_RT_KEY |    /* key resources init by TPM_Startup(ST_ANY) */ \
+ TPM_STARTUP_EFFECTS_ST_STATE_RT_HASH | /* hash resources are init by TPM_Startup(ST_STATE) */ \
+ TPM_STARTUP_EFFECTS_ST_CLEAR_AUDITDIGEST) /* auditDigest nulled on TPM_Startup(ST_CLEAR) */
+
+/*
+  TPM buffer limits
+*/
+
+/* This value is used to limit memory allocation to prevent resource overload. */
+
+#ifndef TPM_ALLOC_MAX
+#define TPM_ALLOC_MAX  0x10000  /* 64k bytes */
+#endif
+
+/* This is the increment by which the TPM_STORE_BUFFER grows.  A larger number saves realloc's.  A
+   smaller number saves memory.
+
+   TPM_ALLOC_MAX must be a multiple of this value.
+*/
+
+#define TPM_STORE_BUFFER_INCREMENT (TPM_ALLOC_MAX / 64)
+
+/* This is the maximum value of the TPM input and output packet buffer.  It should be large enough
+   to accommodate the largest TPM command or response, currently about 1200 bytes.  It should be
+   small enough to accommodate whatever software is driving the TPM.
+
+   NOTE: Some commands are somewhat open ended, and related to this parmater.  E.g., The input size
+   for the TPM_SHA1Init.  The output size for TPM_GetRandom.
+  
+   It is returned by TPM_GetCapability -> TPM_CAP_PROP_INPUT_BUFFER
+*/
+
+#ifndef TPM_BUFFER_MAX
+#define TPM_BUFFER_MAX  0x1000  /* 4k bytes */
+#endif
+
+/* Random number generator */
+
+/* maximum bytes in one TPM_GetRandom() call
+
+   Use maximum input buffer size minus tag, paramSize, returnCode, randomBytesSize.
+*/
+
+#define TPM_RANDOM_MAX  (TPM_BUFFER_MAX \
+                         - sizeof(TPM_TAG) - sizeof(uint32_t) \
+			 - sizeof(TPM_RESULT) - sizeof(uint32_t))
+
+/* Maximum number of bytes that can be sent to TPM_SHA1Update. Must be a multiple of 64 bytes.
+
+   Use maximum input buffer size minus tag, paramSize, ordinal, numBytes.
+*/
+
+#define TPM_SHA1_MAXNUMBYTES    (TPM_BUFFER_MAX - 64)
+
+/* extra audit status bits for TSC commands outside the normal ordinal range */
+#define TSC_PHYS_PRES_AUDIT     0x01
+#define TSC_RESET_ESTAB_AUDIT   0x02
+
+#ifdef TPM_VTPM
+/* ordinals for virtual TPM instance handling */
+/* NOTE must be contiguous, see TPM_PERMANENT_DATA -> instanceOrdinalAuditStatus */
+#define TPM_InstanceOrdinals_Start1     0x20000000
+#define TPM_InstanceOrdinals_End1       0x20000020
+#define TPM_InstanceOrdinals_Start2     0x20000020
+#define TPM_InstanceOrdinals_End2       0x20000040
+
+#define TPM_ORD_CreateInstance          0x20000001
+#define TPM_ORD_DeleteInstance          0x20000002
+#define TPM_ORD_LockInstance            0x20000003
+#define TPM_ORD_GetInstanceData         0x20000004
+#define TPM_ORD_SetInstanceData         0x20000005
+#define TPM_ORD_GetInstanceKey          0x20000009
+#define TPM_ORD_SetInstanceKey          0x2000000a
+#define TPM_ORD_TransportInstance       0x2000000b
+#define TPM_ORD_SetupInstance           0x2000000c
+#define TPM_ORD_UnlockInstance          0x2000000e
+#define TPM_ORD_ReportEnvironment       0x2000000f
+#define TPM_ORD_QuotePubEK              0x20000010
+
+/* actionMask for TPM_SetupInstance (bit mask) */
+
+#define TPM_INSTANCE_ACTIVATE           0x00000001
+#define TPM_INSTANCE_ENABLE             0x00000002
+#define TPM_INSTANCE_STARTUP            0x00000004
+#define TPM_INSTANCE_INIT               0x00000008
+
+#define TPM_INSTANCE_ACTION_MASK        0xfffffff0      /* ~ OR of all above bits */
+
+/* creationMask for TPM_CreateInstance (bit mask) */
+
+#define TPM_INSTANCE_PRIVILEGED         0x00000001
+#define TPM_INSTANCE_NO_MIGRATE         0x00000002
+#define TPM_INSTANCE_CREATION_MASK      0xfffffffc      /* ~ OR of all above bits */
+
+/* TPM_CAP_MFR capabilities */
+
+#define TPM_CAP_PROP_MAX_INSTANCES      0x00000001
+#define TPM_CAP_INSTANCE_HANDLE         0x00000002
+#define TPM_CAP_INSTANCE_PARENT         0x00000003
+#define TPM_CAP_INSTANCE_CHILDREN       0x00000004
+#define TPM_CAP_CREATION_MASK           0x00000005
+#define TPM_CAP_SETUP_PCRLIST           0x00000006
+#define TPM_CAP_NUMBER_PCR_MEAS         0x00000008 
+#define TPM_CAP_PCR_MEASUREMENTS        0x00000009
+#define TPM_CAP_PCR_SELECTIONS          0x0000000a
+
+/* TPM_SET_VENDOR Subcap */
+
+#define TPM_SETCAP_LOG_PCR_SELECTION            0x00000001
+#define TPM_SETCAP_SUBSCRIBE_PCR_SELECTION      0x00000002
+#define TPM_SETCAP_LOG_LOG_LENGTH_MAX           0x00000003
+
+/* VTPM Structure Tags */
+
+#define TPM_TAG_LOG_ENTRIES             0x8003
+
+#endif /* TPM_VTPM */
+
+/* TPM_CAP_MFR capabilities */
+#define TPM_CAP_PROCESS_ID              0x00000020
+
+#ifdef TPM_VENDOR
+
+#define WEC_ORD_PreConfig               0x2000000e
+#define WEC_ORD_LockPreConfig           0x2000000f
+#define WEC_ORD_GetTPMStatus            0x20000021
+
+#endif  /* TPM_VENDOR */
+
+/* define a value for an illegal instance handle */
+
+#define TPM_ILLEGAL_INSTANCE_HANDLE     0xffffffff
+
+/*
+  NOTE End Implementation Specific
+*/
+
+/* 3. Structure Tags rev 105
+
+   There have been some indications that knowing what structure is in use would be valuable
+   information in each structure. This new tag will be in each new structure that the TPM defines.
+   
+   The upper nibble of the value designates the purview of the structure tag.  0 is used for TPM
+   structures, 1 for platforms, and 2-F are reserved.
+*/
+
+/* 3.1 TPM_STRUCTURE_TAG */
+
+/*                                              Structure   */
+#define TPM_TAG_CONTEXTBLOB             0x0001 /*  TPM_CONTEXT_BLOB */
+#define TPM_TAG_CONTEXT_SENSITIVE       0x0002 /*  TPM_CONTEXT_SENSITIVE */
+#define TPM_TAG_CONTEXTPOINTER          0x0003 /*  TPM_CONTEXT_POINTER */
+#define TPM_TAG_CONTEXTLIST             0x0004 /*  TPM_CONTEXT_LIST */
+#define TPM_TAG_SIGNINFO                0x0005 /*  TPM_SIGN_INFO */
+#define TPM_TAG_PCR_INFO_LONG           0x0006 /*  TPM_PCR_INFO_LONG */
+#define TPM_TAG_PERSISTENT_FLAGS        0x0007 /*  TPM_PERSISTENT_FLAGS (deprecated 1.1 struct) */
+#define TPM_TAG_VOLATILE_FLAGS          0x0008 /*  TPM_VOLATILE_FLAGS (deprecated 1.1 struct) */
+#define TPM_TAG_PERSISTENT_DATA         0x0009 /*  TPM_PERSISTENT_DATA (deprecated 1.1 struct) */
+#define TPM_TAG_VOLATILE_DATA           0x000A /*  TPM_VOLATILE_DATA (deprecated 1.1 struct) */
+#define TPM_TAG_SV_DATA                 0x000B /*  TPM_SV_DATA */
+#define TPM_TAG_EK_BLOB                 0x000C /*  TPM_EK_BLOB */
+#define TPM_TAG_EK_BLOB_AUTH            0x000D /*  TPM_EK_BLOB_AUTH */
+#define TPM_TAG_COUNTER_VALUE           0x000E /*  TPM_COUNTER_VALUE */
+#define TPM_TAG_TRANSPORT_INTERNAL      0x000F /*  TPM_TRANSPORT_INTERNAL */
+#define TPM_TAG_TRANSPORT_LOG_IN        0x0010 /*  TPM_TRANSPORT_LOG_IN */
+#define TPM_TAG_TRANSPORT_LOG_OUT       0x0011 /*  TPM_TRANSPORT_LOG_OUT */
+#define TPM_TAG_AUDIT_EVENT_IN          0x0012 /*  TPM_AUDIT_EVENT_IN */
+#define TPM_TAG_AUDIT_EVENT_OUT         0X0013 /*  TPM_AUDIT_EVENT_OUT */
+#define TPM_TAG_CURRENT_TICKS           0x0014 /*  TPM_CURRENT_TICKS */
+#define TPM_TAG_KEY                     0x0015 /*  TPM_KEY */
+#define TPM_TAG_STORED_DATA12           0x0016 /*  TPM_STORED_DATA12 */
+#define TPM_TAG_NV_ATTRIBUTES           0x0017 /*  TPM_NV_ATTRIBUTES */
+#define TPM_TAG_NV_DATA_PUBLIC          0x0018 /*  TPM_NV_DATA_PUBLIC */
+#define TPM_TAG_NV_DATA_SENSITIVE       0x0019 /*  TPM_NV_DATA_SENSITIVE */
+#define TPM_TAG_DELEGATIONS             0x001A /*  TPM DELEGATIONS */
+#define TPM_TAG_DELEGATE_PUBLIC         0x001B /*  TPM_DELEGATE_PUBLIC */
+#define TPM_TAG_DELEGATE_TABLE_ROW      0x001C /*  TPM_DELEGATE_TABLE_ROW */
+#define TPM_TAG_TRANSPORT_AUTH          0x001D /*  TPM_TRANSPORT_AUTH */
+#define TPM_TAG_TRANSPORT_PUBLIC        0X001E /*  TPM_TRANSPORT_PUBLIC */
+#define TPM_TAG_PERMANENT_FLAGS         0X001F /*  TPM_PERMANENT_FLAGS */
+#define TPM_TAG_STCLEAR_FLAGS           0X0020 /*  TPM_STCLEAR_FLAGS */
+#define TPM_TAG_STANY_FLAGS             0X0021 /*  TPM_STANY_FLAGS */
+#define TPM_TAG_PERMANENT_DATA          0X0022 /*  TPM_PERMANENT_DATA */
+#define TPM_TAG_STCLEAR_DATA            0X0023 /*  TPM_STCLEAR_DATA */
+#define TPM_TAG_STANY_DATA              0X0024 /*  TPM_STANY_DATA */
+#define TPM_TAG_FAMILY_TABLE_ENTRY      0X0025 /*  TPM_FAMILY_TABLE_ENTRY */
+#define TPM_TAG_DELEGATE_SENSITIVE      0X0026 /*  TPM_DELEGATE_SENSITIVE */
+#define TPM_TAG_DELG_KEY_BLOB           0X0027 /*  TPM_DELG_KEY_BLOB */
+#define TPM_TAG_KEY12                   0x0028 /*  TPM_KEY12 */
+#define TPM_TAG_CERTIFY_INFO2           0X0029 /*  TPM_CERTIFY_INFO2 */
+#define TPM_TAG_DELEGATE_OWNER_BLOB     0X002A /*  TPM_DELEGATE_OWNER_BLOB */
+#define TPM_TAG_EK_BLOB_ACTIVATE        0X002B /*  TPM_EK_BLOB_ACTIVATE */
+#define TPM_TAG_DAA_BLOB                0X002C /*  TPM_DAA_BLOB */
+#define TPM_TAG_DAA_CONTEXT             0X002D /*  TPM_DAA_CONTEXT */
+#define TPM_TAG_DAA_ENFORCE             0X002E /*  TPM_DAA_ENFORCE */
+#define TPM_TAG_DAA_ISSUER              0X002F /*  TPM_DAA_ISSUER */
+#define TPM_TAG_CAP_VERSION_INFO        0X0030 /*  TPM_CAP_VERSION_INFO */
+#define TPM_TAG_DAA_SENSITIVE           0X0031 /*  TPM_DAA_SENSITIVE */
+#define TPM_TAG_DAA_TPM                 0X0032 /*  TPM_DAA_TPM */
+#define TPM_TAG_CMK_MIGAUTH             0X0033 /*  TPM_CMK_MIGAUTH */
+#define TPM_TAG_CMK_SIGTICKET           0X0034 /*  TPM_CMK_SIGTICKET */
+#define TPM_TAG_CMK_MA_APPROVAL         0X0035 /*  TPM_CMK_MA_APPROVAL */
+#define TPM_TAG_QUOTE_INFO2             0X0036 /*  TPM_QUOTE_INFO2 */
+#define TPM_TAG_DA_INFO                 0x0037 /*  TPM_DA_INFO */
+#define TPM_TAG_DA_INFO_LIMITED         0x0038 /*  TPM_DA_INFO_LIMITED */
+#define TPM_TAG_DA_ACTION_TYPE          0x0039 /*  TPM_DA_ACTION_TYPE */
+
+/*
+  SW TPM Tags
+*/
+
+/*
+  These tags are used to describe the format of serialized TPM non-volatile state
+*/
+
+/* These describe the overall format */
+
+/* V1 state is the sequence permanent data, permanent flags, owner evict keys, NV defined space */
+
+#define TPM_TAG_NVSTATE_V1		0x0001		/* svn revision 4078 */
+
+/* These tags describe the TPM_PERMANENT_DATA format */
+
+/* For the first release, use the standard TPM_TAG_PERMANENT_DATA tag.  Since this tag is never
+   visible outside the TPM, the tag value can be changed if the format changes.
+*/
+
+/* These tags describe the TPM_PERMANENT_FLAGS format */
+
+/* The TPM_PERMANENT_FLAGS structure changed from rev 94 to 103.  Unfortunately, the standard TPM
+   tag did not change.  Define distinguishing values here.
+*/
+
+#define TPM_TAG_NVSTATE_PF94		0x0001
+#define TPM_TAG_NVSTATE_PF103		0x0002
+
+/* This tag describes the owner evict key format */
+
+#define TPM_TAG_NVSTATE_OE_V1		0x0001
+
+/* This tag describes the NV defined space format */
+
+#define TPM_TAG_NVSTATE_NV_V1		0x0001
+
+/* V2 added the NV public optimization */
+
+#define TPM_TAG_NVSTATE_NV_V2		0x0002
+
+/*
+  These tags are used to describe the format of serialized TPM volatile state
+*/
+
+/* These describe the overall format */
+
+/* V1 state is the sequence TPM Parameters, TPM_STCLEAR_FLAGS, TPM_STANY_FLAGS, TPM_STCLEAR_DATA,
+   TPM_STANY_DATA, TPM_KEY_HANDLE_ENTRY, SHA1 context(s), TPM_TRANSHANDLE, testState, NV volatile
+   flags */
+
+#define TPM_TAG_VSTATE_V1		0x0001
+
+/* This tag defines the TPM Parameters format */
+
+#define TPM_TAG_TPM_PARAMETERS_V1	0x0001
+
+/* This tag defines the TPM_STCLEAR_FLAGS format */
+
+/* V1 is the TCG standard returned by the getcap.  It's unlikely that this will change */
+
+#define TPM_TAG_STCLEAR_FLAGS_V1	0x0001
+
+/* These tags describe the TPM_STANY_FLAGS format */
+
+/* For the first release, use the standard TPM_TAG_STANY_FLAGS tag.  Since this tag is never visible
+   outside the TPM, the tag value can be changed if the format changes.
+*/
+
+/* This tag defines the TPM_STCLEAR_DATA format */
+
+/* V2 deleted the ordinalResponse, responseCount */ 
+
+#define TPM_TAG_STCLEAR_DATA_V2         0X0024
+
+/* These tags describe the TPM_STANY_DATA format */
+
+/* For the first release, use the standard TPM_TAG_STANY_DATA tag.  Since this tag is never visible
+   outside the TPM, the tag value can be changed if the format changes.
+*/
+
+/* This tag defines the key handle entries format */
+
+#define TPM_TAG_KEY_HANDLE_ENTRIES_V1	0x0001
+
+/* This tag defines the SHA-1 context format */
+
+#define TPM_TAG_SHA1CONTEXT_OSSL_V1	0x0001		/* for openssl */
+
+#define TPM_TAG_SHA1CONTEXT_FREEBL_V1	0x0101		/* for freebl */
+
+/* This tag defines the NV index entries volatile format */
+
+#define TPM_TAG_NV_INDEX_ENTRIES_VOLATILE_V1	0x0001
+
+/* 4. Types
+ */
+
+/* 4.1 TPM_RESOURCE_TYPE rev 87 */
+
+#define TPM_RT_KEY      0x00000001  /* The handle is a key handle and is the result of a LoadKey
+                                       type operation */
+   
+#define TPM_RT_AUTH     0x00000002  /* The handle is an authorization handle. Auth handles come from
+                                       TPM_OIAP, TPM_OSAP and TPM_DSAP */
+   
+#define TPM_RT_HASH     0X00000003  /* Reserved for hashes */
+
+#define TPM_RT_TRANS    0x00000004  /* The handle is for a transport session. Transport handles come
+                                       from TPM_EstablishTransport */
+   
+#define TPM_RT_CONTEXT  0x00000005  /* Resource wrapped and held outside the TPM using the context
+                                       save/restore commands */
+
+#define TPM_RT_COUNTER  0x00000006  /* Reserved for counters */
+
+#define TPM_RT_DELEGATE 0x00000007  /* The handle is for a delegate row. These are the internal rows
+                                       held in NV storage by the TPM */
+   
+#define TPM_RT_DAA_TPM  0x00000008  /* The value is a DAA TPM specific blob */
+                                      
+#define TPM_RT_DAA_V0   0x00000009  /* The value is a DAA V0 parameter */
+                                     
+#define TPM_RT_DAA_V1   0x0000000A  /* The value is a DAA V1 parameter */
+                                     
+/* 4.2 TPM_PAYLOAD_TYPE rev 87
+
+   This structure specifies the type of payload in various messages. 
+*/
+
+#define TPM_PT_ASYM             0x01    /* The entity is an asymmetric key */
+#define TPM_PT_BIND             0x02    /* The entity is bound data */
+#define TPM_PT_MIGRATE          0x03    /* The entity is a migration blob */
+#define TPM_PT_MAINT            0x04    /* The entity is a maintenance blob */
+#define TPM_PT_SEAL             0x05    /* The entity is sealed data */
+#define TPM_PT_MIGRATE_RESTRICTED 0x06  /* The entity is a restricted-migration asymmetric key */
+#define TPM_PT_MIGRATE_EXTERNAL 0x07    /* The entity is a external migratable key */
+#define TPM_PT_CMK_MIGRATE      0x08    /* The entity is a CMK migratable blob */
+/* 0x09 - 0x7F Reserved for future use by TPM */
+/* 0x80 - 0xFF Vendor specific payloads */
+
+/* 4.3 TPM_ENTITY_TYPE rev 100
+
+   This specifies the types of entity that are supported by the TPM. 
+
+   The LSB is used to indicate the entity type.  The MSB is used to indicate the ADIP 
+   encryption scheme when applicable.
+
+   For compatibility with TPM 1.1, this mapping is maintained:
+
+   0x0001 specifies a keyHandle entity with XOR encryption
+   0x0002 specifies an owner entity with XOR encryption
+   0x0003 specifies some data entity with XOR encryption
+   0x0004 specifies the SRK entity with XOR encryption
+   0x0005 specifies a key entity with XOR encryption
+
+   When the entity is not being used for ADIP encryption, the MSB MUST be 0x00.
+*/
+
+/* TPM_ENTITY_TYPE LSB Values (entity type) */
+
+#define TPM_ET_KEYHANDLE        0x01    /* The entity is a keyHandle or key */
+#define TPM_ET_OWNER            0x02    /*0x40000001 The entity is the TPM Owner */
+#define TPM_ET_DATA             0x03    /* The entity is some data */
+#define TPM_ET_SRK              0x04    /*0x40000000 The entity is the SRK */
+#define TPM_ET_KEY              0x05    /* The entity is a key or keyHandle */
+#define TPM_ET_REVOKE           0x06    /*0x40000002 The entity is the RevokeTrust value */
+#define TPM_ET_DEL_OWNER_BLOB   0x07    /* The entity is a delegate owner blob */
+#define TPM_ET_DEL_ROW          0x08    /* The entity is a delegate row */
+#define TPM_ET_DEL_KEY_BLOB     0x09    /* The entity is a delegate key blob */
+#define TPM_ET_COUNTER          0x0A    /* The entity is a counter */
+#define TPM_ET_NV               0x0B    /* The entity is a NV index */
+#define TPM_ET_OPERATOR         0x0C    /* The entity is the operator */
+#define TPM_ET_RESERVED_HANDLE  0x40    /* Reserved. This value avoids collisions with the handle
+                                           MSB setting.*/
+
+/* TPM_ENTITY_TYPE MSB Values (ADIP encryption scheme) */
+
+#define TPM_ET_XOR              0x00    /* XOR  */
+#define TPM_ET_AES128_CTR       0x06    /* AES 128 bits in CTR mode */
+
+/* 4.4 Handles rev 88
+
+   Handles provides pointers to TPM internal resources. Handles should provide the ability to locate
+   a value without collision.
+
+   1. The TPM MAY order and set a handle to any value the TPM determines is appropriate
+
+   2. The handle value SHALL provide assurance that collisions SHOULD not occur in 2^24 handles
+
+   4.4.1 Reserved Key Handles 
+
+   The reserved key handles. These values specify specific keys or specific actions for the TPM. 
+*/
+
+/* 4.4.1 Reserved Key Handles rev 87
+
+   The reserved key handles. These values specify specific keys or specific actions for the TPM.
+
+   TPM_KH_TRANSPORT indicates to TPM_EstablishTransport that there is no encryption key, and that
+   the "secret" wrapped parameters are actually passed unencrypted.
+*/
+
+#define TPM_KH_SRK              0x40000000 /* The handle points to the SRK */
+#define TPM_KH_OWNER            0x40000001 /* The handle points to the TPM Owner */
+#define TPM_KH_REVOKE           0x40000002 /* The handle points to the RevokeTrust value */
+#define TPM_KH_TRANSPORT        0x40000003 /* The handle points to the TPM_EstablishTransport static
+                                              authorization */
+#define TPM_KH_OPERATOR         0x40000004 /* The handle points to the Operator auth */
+#define TPM_KH_ADMIN            0x40000005 /* The handle points to the delegation administration
+                                              auth */
+#define TPM_KH_EK               0x40000006 /* The handle points to the PUBEK, only usable with
+                                              TPM_OwnerReadInternalPub */
+
+/* 4.5 TPM_STARTUP_TYPE rev 87
+
+   To specify what type of startup is occurring.  
+*/
+
+#define TPM_ST_CLEAR            0x0001 /* The TPM is starting up from a clean state */
+#define TPM_ST_STATE            0x0002 /* The TPM is starting up from a saved state */
+#define TPM_ST_DEACTIVATED      0x0003 /* The TPM is to startup and set the deactivated flag to
+                                          TRUE */
+
+/* 4.6 TPM_STARTUP_EFFECTS rev 101
+
+   This structure lists for the various resources and sessions on a TPM the affect that TPM_Startup
+   has on the values.
+
+   There are three ST_STATE options for keys (restore all, restore non-volatile, or restore none)
+   and two ST_CLEAR options (restore non-volatile or restore none).  As bit 4 was insufficient to
+   describe the possibilities, it is deprecated.  Software should use TPM_CAP_KEY_HANDLE to
+   determine which keys are loaded after TPM_Startup.
+
+   31-9 No information and MUST be FALSE
+   
+   8 TPM_RT_DAA_TPM resources are initialized by TPM_Startup(ST_STATE)
+   7 TPM_Startup has no effect on auditDigest 
+   6 auditDigest is set to all zeros on TPM_Startup(ST_CLEAR) but not on other types of TPM_Startup 
+   5 auditDigest is set to all zeros on TPM_Startup(any)
+   4 TPM_RT_KEY Deprecated, as the meaning was subject to interpretation.  (Was:TPM_RT_KEY resources
+     are initialized by TPM_Startup(ST_ANY))
+   3 TPM_RT_AUTH resources are initialized by TPM_Startup(ST_STATE) 
+   2 TPM_RT_HASH resources are initialized by TPM_Startup(ST_STATE) 
+   1 TPM_RT_TRANS resources are initialized by TPM_Startup(ST_STATE) 
+   0 TPM_RT_CONTEXT session (but not key) resources are initialized by TPM_Startup(ST_STATE) 
+*/
+
+
+#define TPM_STARTUP_EFFECTS_ST_STATE_RT_DAA             0x00000100      /* bit 8 */
+#define TPM_STARTUP_EFFECTS_STARTUP_NO_AUDITDIGEST      0x00000080      /* bit 7 */
+#define TPM_STARTUP_EFFECTS_ST_CLEAR_AUDITDIGEST        0x00000040      /* bit 6 */
+#define TPM_STARTUP_EFFECTS_STARTUP_AUDITDIGEST         0x00000020      /* bit 5 */
+#define TPM_STARTUP_EFFECTS_ST_ANY_RT_KEY               0x00000010      /* bit 4 */
+#define TPM_STARTUP_EFFECTS_ST_STATE_RT_AUTH            0x00000008      /* bit 3 */
+#define TPM_STARTUP_EFFECTS_ST_STATE_RT_HASH            0x00000004      /* bit 2 */
+#define TPM_STARTUP_EFFECTS_ST_STATE_RT_TRANS           0x00000002      /* bit 1 */
+#define TPM_STARTUP_EFFECTS_ST_STATE_RT_CONTEXT         0x00000001      /* bit 0 */
+
+/* 4.7 TPM_PROTOCOL_ID rev 87 
+
+   This value identifies the protocol in use. 
+*/
+
+#define TPM_PID_NONE            0x0000  /* kgold - added */
+#define TPM_PID_OIAP            0x0001  /* The OIAP protocol. */
+#define TPM_PID_OSAP            0x0002  /* The OSAP protocol. */
+#define TPM_PID_ADIP            0x0003  /* The ADIP protocol. */
+#define TPM_PID_ADCP            0X0004  /* The ADCP protocol. */
+#define TPM_PID_OWNER           0X0005  /* The protocol for taking ownership of a TPM. */
+#define TPM_PID_DSAP            0x0006  /* The DSAP protocol */
+#define TPM_PID_TRANSPORT       0x0007  /*The transport protocol */
+
+/* 4.8 TPM_ALGORITHM_ID rev 99
+
+   This table defines the types of algorithms that may be supported by the TPM. 
+
+   The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC, and TPM_ALG_MGF1
+*/
+
+//#define TPM_ALG_RSA     0x00000001      /* The RSA algorithm. */
+/* #define TPM_ALG_DES  0x00000002         (was the DES algorithm) */
+/* #define TPM_ALG_3DES 0X00000003         (was the 3DES algorithm in EDE mode) */
+#define TPM_ALG_SHA     0x00000004      /* The SHA1 algorithm */
+//#define TPM_ALG_HMAC    0x00000005      /* The RFC 2104 HMAC algorithm */
+#define TPM_ALG_AES128  0x00000006      /* The AES algorithm, key size 128 */
+//#define TPM_ALG_MGF1    0x00000007      /* The XOR algorithm using MGF1 to create a string the size
+//of the encrypted block */
+#define TPM_ALG_AES192  0x00000008      /* AES, key size 192 */
+#define TPM_ALG_AES256  0x00000009      /* AES, key size 256 */
+//#define TPM_ALG_XOR     0x0000000A      /* XOR using the rolling nonces */
+
+/* 4.9 TPM_PHYSICAL_PRESENCE rev 87
+
+*/
+
+#define TPM_PHYSICAL_PRESENCE_HW_DISABLE        0x0200 /* Sets the physicalPresenceHWEnable to FALSE
+                                                        */
+#define TPM_PHYSICAL_PRESENCE_CMD_DISABLE       0x0100 /* Sets the physicalPresenceCMDEnable to
+                                                          FALSE */
+#define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK     0x0080 /* Sets the physicalPresenceLifetimeLock to
+                                                          TRUE */
+#define TPM_PHYSICAL_PRESENCE_HW_ENABLE         0x0040 /* Sets the physicalPresenceHWEnable to TRUE
+                                                        */
+#define TPM_PHYSICAL_PRESENCE_CMD_ENABLE        0x0020 /* Sets the physicalPresenceCMDEnable to TRUE
+                                                        */
+#define TPM_PHYSICAL_PRESENCE_NOTPRESENT        0x0010 /* Sets PhysicalPresence = FALSE */
+#define TPM_PHYSICAL_PRESENCE_PRESENT           0x0008 /* Sets PhysicalPresence = TRUE */
+#define TPM_PHYSICAL_PRESENCE_LOCK              0x0004 /* Sets PhysicalPresenceLock = TRUE */
+
+#define TPM_PHYSICAL_PRESENCE_MASK              0xfc03  /* ~ OR of all above bits */
+
+/* 4.10 TPM_MIGRATE_SCHEME rev 103
+
+   The scheme indicates how the StartMigrate command should handle the migration of the encrypted
+   blob.
+*/
+
+#define TPM_MS_MIGRATE                  0x0001 /* A public key that can be used with all TPM
+                                                  migration commands other than 'ReWrap' mode. */
+#define TPM_MS_REWRAP                   0x0002 /* A public key that can be used for the ReWrap mode
+                                                  of TPM_CreateMigrationBlob. */
+#define TPM_MS_MAINT                    0x0003 /* A public key that can be used for the Maintenance
+                                                  commands */
+#define TPM_MS_RESTRICT_MIGRATE         0x0004 /* The key is to be migrated to a Migration
+                                                  Authority. */
+#define TPM_MS_RESTRICT_APPROVE         0x0005 /* The key is to be migrated to an entity approved by
+                                                  a Migration Authority using double wrapping */
+
+/* 4.11 TPM_EK_TYPE rev 87 
+
+   This structure indicates what type of information that the EK is dealing with.
+*/
+
+#define TPM_EK_TYPE_ACTIVATE    0x0001  /* The blob MUST be TPM_EK_BLOB_ACTIVATE */
+#define TPM_EK_TYPE_AUTH        0x0002  /* The blob MUST be TPM_EK_BLOB_AUTH */
+
+/* 4.12 TPM_PLATFORM_SPECIFIC rev 87
+
+   This enumerated type indicates the platform specific spec that the information relates to.
+*/
+
+#define TPM_PS_PC_11            0x0001  /* PC Specific version 1.1 */
+#define TPM_PS_PC_12            0x0002  /* PC Specific version 1.2 */
+#define TPM_PS_PDA_12           0x0003  /* PDA Specific version 1.2 */
+#define TPM_PS_Server_12        0x0004  /* Server Specific version 1.2 */
+#define TPM_PS_Mobile_12        0x0005  /* Mobil Specific version 1.2 */
+
+/* 5.8 TPM_KEY_USAGE rev 101
+
+   This table defines the types of keys that are possible.  Each value defines for what operation
+   the key can be used.  Most key usages can be CMKs.  See 4.2, TPM_PAYLOAD_TYPE.
+
+   Each key has a setting defining the encryption and signature scheme to use. The selection of a
+   key usage value limits the choices of encryption and signature schemes.
+*/
+
+#define TPM_KEY_UNINITIALIZED   0x0000  /* NOTE: Added.  This seems like a good place to indicate
+                                           that a TPM_KEY structure has not been initialized */
+
+#define TPM_KEY_SIGNING         0x0010  /* This SHALL indicate a signing key. The [private] key
+                                           SHALL be used for signing operations, only. This means
+                                           that it MUST be a leaf of the Protected Storage key
+                                           hierarchy. */
+
+#define TPM_KEY_STORAGE         0x0011  /* This SHALL indicate a storage key. The key SHALL be used
+                                           to wrap and unwrap other keys in the Protected Storage
+                                           hierarchy */
+
+#define TPM_KEY_IDENTITY        0x0012  /* This SHALL indicate an identity key. The key SHALL be
+                                           used for operations that require a TPM identity, only. */
+
+#define TPM_KEY_AUTHCHANGE      0X0013  /* This SHALL indicate an ephemeral key that is in use
+                                           during the ChangeAuthAsym process, only. */
+
+#define TPM_KEY_BIND            0x0014  /* This SHALL indicate a key that can be used for TPM_Bind
+                                           and TPM_Unbind operations only. */
+
+#define TPM_KEY_LEGACY          0x0015  /* This SHALL indicate a key that can perform signing and
+                                           binding operations. The key MAY be used for both signing
+                                           and binding operations. The TPM_KEY_LEGACY key type is to
+                                           allow for use by applications where both signing and
+                                           encryption operations occur with the same key. */
+
+#define TPM_KEY_MIGRATE         0x0016  /* This SHALL indicate a key in use for TPM_MigrateKey */
+
+/* 5.8.1 TPM_ENC_SCHEME Mandatory Key Usage Schemes rev 99
+
+   The TPM MUST check that the encryption scheme defined for use with the key is a valid scheme for
+   the key type, as follows:
+*/
+
+#define TPM_ES_NONE                     0x0001 
+#define TPM_ES_RSAESPKCSv15             0x0002 
+#define TPM_ES_RSAESOAEP_SHA1_MGF1      0x0003 
+#define TPM_ES_SYM_CTR                  0x0004 
+#define TPM_ES_SYM_OFB                  0x0005
+
+/* 5.8.1 TPM_SIG_SCHEME Mandatory Key Usage Schemes rev 99
+
+   The TPM MUST check that the signature scheme defined for use with the key is a valid scheme for
+   the key type, as follows:
+*/
+
+#define TPM_SS_NONE                     0x0001 
+#define TPM_SS_RSASSAPKCS1v15_SHA1      0x0002 
+#define TPM_SS_RSASSAPKCS1v15_DER       0x0003 
+#define TPM_SS_RSASSAPKCS1v15_INFO      0x0004 
+
+/* 5.9 TPM_AUTH_DATA_USAGE rev 110
+
+   The indication to the TPM when authorization sessions for an entity are required.  Future
+   versions may allow for more complex decisions regarding AuthData checking.
+*/
+
+#define TPM_AUTH_NEVER         0x00 /* This SHALL indicate that usage of the key without
+                                       authorization is permitted. */
+
+#define TPM_AUTH_ALWAYS        0x01 /* This SHALL indicate that on each usage of the key the
+                                       authorization MUST be performed. */
+
+#define TPM_NO_READ_PUBKEY_AUTH 0x03 /* This SHALL indicate that on commands that require the TPM to
+                                       use the the key, the authorization MUST be performed. For
+                                       commands that cause the TPM to read the public portion of the
+                                       key, but not to use the key (e.g. TPM_GetPubKey), the
+                                       authorization may be omitted. */
+
+/* 5.10 TPM_KEY_FLAGS rev 110
+
+   This table defines the meanings of the bits in a TPM_KEY_FLAGS structure, used in
+   TPM_STORE_ASYMKEY and TPM_CERTIFY_INFO.
+   
+   The value of TPM_KEY_FLAGS MUST be decomposed into individual mask values. The presence of a mask
+   value SHALL have the effect described in the above table
+   
+   On input, all undefined bits MUST be zero. The TPM MUST return an error if any undefined bit is
+   set. On output, the TPM MUST set all undefined bits to zero.
+*/
+
+#define TPM_KEY_FLAGS_MASK      0x0000001f
+
+#define TPM_REDIRECTION         0x00000001 /* This mask value SHALL indicate the use of redirected
+                                              output. */
+
+#define TPM_MIGRATABLE          0x00000002 /* This mask value SHALL indicate that the key is
+                                              migratable. */
+
+#define TPM_ISVOLATILE          0x00000004 /* This mask value SHALL indicate that the key MUST be
+                                              unloaded upon execution of the
+                                              TPM_Startup(ST_Clear). This does not indicate that a
+                                              non-volatile key will remain loaded across
+                                              TPM_Startup(ST_Clear) events. */
+
+#define TPM_PCRIGNOREDONREAD    0x00000008 /* When TRUE the TPM MUST NOT check digestAtRelease or
+                                              localityAtRelease for commands that read the public
+                                              portion of the key (e.g., TPM_GetPubKey) and MAY NOT
+                                              check digestAtRelease or localityAtRelease for
+                                              commands that use the public portion of the key
+                                              (e.g. TPM_Seal)
+
+                                              When FALSE the TPM MUST check digestAtRelease and
+                                              localityAtRelease for commands that read or use the
+                                              public portion of the key */
+
+#define TPM_MIGRATEAUTHORITY    0x00000010 /* When set indicates that the key is under control of a
+                                              migration authority. The TPM MUST only allow the
+                                              creation of a key with this flag in
+                                              TPM_MA_CreateKey */
+
+/* 5.17 TPM_CMK_DELEGATE values rev 89
+
+   The bits of TPM_CMK_DELEGATE are flags that determine how the TPM responds to delegated requests
+   to manipulate a certified-migration-key, a loaded key with payload type TPM_PT_MIGRATE_RESTRICTED
+   or TPM_PT_MIGRATE_EXTERNAL..
+
+   26:0 reserved MUST be 0
+
+   The default value of TPM_CMK_Delegate is zero (0)
+*/
+
+#define TPM_CMK_DELEGATE_SIGNING        0x80000000 /* When set to 1, this bit SHALL indicate that a
+                                                      delegated command may manipulate a CMK of
+                                                      TPM_KEY_USAGE == TPM_KEY_SIGNING */
+#define TPM_CMK_DELEGATE_STORAGE        0x40000000 /* When set to 1, this bit SHALL indicate that a
+                                                      delegated command may manipulate a CMK of
+                                                      TPM_KEY_USAGE == TPM_KEY_STORAGE */
+#define TPM_CMK_DELEGATE_BIND           0x20000000 /* When set to 1, this bit SHALL indicate that a
+                                                      delegated command may manipulate a CMK of
+                                                      TPM_KEY_USAGE == TPM_KEY_BIND */
+#define TPM_CMK_DELEGATE_LEGACY         0x10000000 /* When set to 1, this bit SHALL indicate that a
+                                                      delegated command may manipulate a CMK of
+                                                      TPM_KEY_USAGE == TPM_KEY_LEGACY */
+#define TPM_CMK_DELEGATE_MIGRATE        0x08000000 /* When set to 1, this bit SHALL indicate that a
+                                                      delegated command may manipulate a CMK of
+                                                      TPM_KEY_USAGE == TPM_KEY_MIGRATE */
+
+/* 6. TPM_TAG (Command and Response Tags) rev 100
+
+   These tags indicate to the TPM the construction of the command either as input or as output. The
+   AUTH indicates that there are one or more AuthData values that follow the command
+   parameters.
+*/
+
+#define TPM_TAG_RQU_COMMAND             0x00C1 /* A command with no authentication.  */
+#define TPM_TAG_RQU_AUTH1_COMMAND       0x00C2 /* An authenticated command with one authentication
+                                                  handle */
+#define TPM_TAG_RQU_AUTH2_COMMAND       0x00C3 /* An authenticated command with two authentication
+                                                  handles */
+#define TPM_TAG_RSP_COMMAND             0x00C4 /* A response from a command with no authentication
+                                                */
+#define TPM_TAG_RSP_AUTH1_COMMAND       0x00C5 /* An authenticated response with one authentication
+                                                  handle */
+#define TPM_TAG_RSP_AUTH2_COMMAND       0x00C6 /* An authenticated response with two authentication
+                                                  handles */
+
+/* TIS 7.2 PCR Attributes
+
+*/
+
+#define TPM_DEBUG_PCR 		16
+#define TPM_LOCALITY_4_PCR	17
+#define TPM_LOCALITY_3_PCR	18
+#define TPM_LOCALITY_2_PCR	19
+#define TPM_LOCALITY_1_PCR	20
+
+/* 10.9 TPM_KEY_CONTROL rev 87
+
+   Attributes that can control various aspects of key usage and manipulation.
+
+   Allows for controlling of the key when loaded and how to handle TPM_Startup issues.
+*/
+
+#define TPM_KEY_CONTROL_OWNER_EVICT     0x00000001      /* Owner controls when the key is evicted
+                                                           from the TPM. When set the TPM MUST
+                                                           preserve key the key across all TPM_Init
+                                                           invocations. */
+
+/* 13.1.1 TPM_TRANSPORT_ATTRIBUTES Definitions */
+
+#define TPM_TRANSPORT_ENCRYPT           0x00000001      /* The session will provide encryption using
+                                                           the internal encryption algorithm */
+#define TPM_TRANSPORT_LOG               0x00000002      /* The session will provide a log of all
+                                                           operations that occur in the session */
+#define TPM_TRANSPORT_EXCLUSIVE         0X00000004      /* The transport session is exclusive and
+                                                           any command executed outside the
+                                                           transport session causes the invalidation
+                                                           of the session */
+
+/* 21.1 TPM_CAPABILITY_AREA rev 115
+
+   To identify a capability to be queried. 
+*/
+
+#define TPM_CAP_ORD             0x00000001 /* Boolean value. TRUE indicates that the TPM supports
+                                              the ordinal. FALSE indicates that the TPM does not
+                                              support the ordinal.  Unimplemented optional ordinals
+                                              and unused (unassigned) ordinals return FALSE. */
+#define TPM_CAP_ALG             0x00000002 /* Boolean value. TRUE means that the TPM supports the
+                                              asymmetric algorithm for TPM_Sign, TPM_Seal,
+                                              TPM_UnSeal and TPM_UnBind and related commands. FALSE
+                                              indicates that the asymmetric algorithm is not
+                                              supported for these types of commands. The TPM MAY
+                                              return TRUE or FALSE for other than asymmetric
+                                              algoroithms that it supports. Unassigned and
+                                              unsupported algorithm IDs return FALSE.*/
+
+#define TPM_CAP_PID             0x00000003 /* Boolean value. TRUE indicates that the TPM supports
+                                              the protocol, FALSE indicates that the TPM does not
+                                              support the protocol.  */
+#define TPM_CAP_FLAG            0x00000004 /* Return the TPM_PERMANENT_FLAGS structure or Return the
+                                              TPM_STCLEAR_FLAGS structure */
+#define TPM_CAP_PROPERTY        0x00000005 /* See following table for the subcaps */
+#define TPM_CAP_VERSION         0x00000006 /* TPM_STRUCT_VER structure. The Major and Minor must
+                                              indicate 1.1. The firmware revision MUST indicate
+                                              0.0 */
+#define TPM_CAP_KEY_HANDLE      0x00000007 /* A TPM_KEY_HANDLE_LIST structure that enumerates all
+                                              key handles loaded on the TPM.  */
+#define TPM_CAP_CHECK_LOADED    0x00000008 /* A Boolean value. TRUE indicates that the TPM has
+                                              enough memory available to load a key of the type
+                                              specified by TPM_KEY_PARMS. FALSE indicates that the
+                                              TPM does not have enough memory.  */
+#define TPM_CAP_SYM_MODE        0x00000009 /* Subcap TPM_SYM_MODE
+                                              A Boolean value. TRUE indicates that the TPM supports
+                                              the TPM_SYM_MODE, FALSE indicates the TPM does not
+                                              support the mode. */
+#define TPM_CAP_KEY_STATUS      0x0000000C /* Boolean value of ownerEvict. The handle MUST point to
+                                              a valid key handle.*/
+#define TPM_CAP_NV_LIST         0x0000000D /* A list of TPM_NV_INDEX values that are currently
+                                              allocated NV storage through TPM_NV_DefineSpace. */
+#define TPM_CAP_MFR             0x00000010 /* Manufacturer specific. The manufacturer may provide
+                                              any additional information regarding the TPM and the
+                                              TPM state but MUST not expose any sensitive
+                                              information.  */
+#define TPM_CAP_NV_INDEX        0x00000011 /* A TPM_NV_DATA_PUBLIC structure that indicates the
+                                              values for the TPM_NV_INDEX.  Returns TPM_BADINDEX if
+                                              the index is not in the TPM_CAP_NV_LIST list. */
+#define TPM_CAP_TRANS_ALG       0x00000012 /* Boolean value. TRUE means that the TPM supports the
+                                              algorithm for TPM_EstablishTransport,
+                                              TPM_ExecuteTransport and
+                                              TPM_ReleaseTransportSigned. FALSE indicates that for
+                                              these three commands the algorithm is not supported."
+                                              */
+#define TPM_CAP_HANDLE          0x00000014 /* A TPM_KEY_HANDLE_LIST structure that enumerates all
+                                              handles currently loaded in the TPM for the given
+                                              resource type.  */
+#define TPM_CAP_TRANS_ES        0x00000015 /* Boolean value. TRUE means the TPM supports the
+                                              encryption scheme in a transport session for at least
+                                              one algorithm..  */
+#define TPM_CAP_AUTH_ENCRYPT    0x00000017 /* Boolean value. TRUE indicates that the TPM supports
+                                              the encryption algorithm in OSAP encryption of
+                                              AuthData values */
+#define TPM_CAP_SELECT_SIZE     0x00000018 /* Boolean value. TRUE indicates that the TPM supports
+                                              the size for the given version. For instance a request
+                                              could ask for version 1.1 size 2 and the TPM would
+                                              indicate TRUE. For 1.1 size 3 the TPM would indicate
+                                              FALSE. For 1.2 size 3 the TPM would indicate TRUE. */
+#define TPM_CAP_DA_LOGIC        0x00000019 /* (OPTIONAL)
+                                              A TPM_DA_INFO or TPM_DA_INFO_LIMITED structure that
+                                              returns data according to the selected entity type
+                                              (e.g., TPM_ET_KEYHANDLE, TPM_ET_OWNER, TPM_ET_SRK,
+                                              TPM_ET_COUNTER, TPM_ET_OPERATOR, etc.). If the
+                                              implemented dictionary attack logic does not support
+                                              different secret types, the entity type can be
+                                              ignored. */
+#define TPM_CAP_VERSION_VAL     0x0000001A /* TPM_CAP_VERSION_INFO structure. The TPM fills in the
+                                              structure and returns the information indicating what
+                                              the TPM currently supports. */
+
+#define TPM_CAP_FLAG_PERMANENT  0x00000108 /* Return the TPM_PERMANENT_FLAGS structure */
+#define TPM_CAP_FLAG_VOLATILE   0x00000109 /* Return the TPM_STCLEAR_FLAGS structure */
+
+/* 21.2 CAP_PROPERTY Subcap values for CAP_PROPERTY rev 105
+
+   The TPM_CAP_PROPERTY capability has numerous subcap values.  The definition for all subcap values
+   occurs in this table.
+
+   TPM_CAP_PROP_MANUFACTURER returns a vendor ID unique to each manufacturer. The same value is
+   returned as the TPM_CAP_VERSION_INFO -> tpmVendorID.  A company abbreviation such as a null
+   terminated stock ticker is a typical choice. However, there is no requirement that the value
+   contain printable characters.  The document "TCG Vendor Naming" lists the vendor ID values.
+
+   TPM_CAP_PROP_MAX_xxxSESS is a constant.  At TPM_Startup(ST_CLEAR) TPM_CAP_PROP_xxxSESS ==
+   TPM_CAP_PROP_MAX_xxxSESS.  As sessions are created on the TPM, TPM_CAP_PROP_xxxSESS decreases
+   toward zero.  As sessions are terminated, TPM_CAP_PROP_xxxSESS increases toward
+   TPM_CAP_PROP_MAX_xxxSESS.
+
+   There is a similar relationship between the constants TPM_CAP_PROP_MAX_COUNTERS and
+   TPM_CAP_PROP_MAX_CONTEXT and the varying TPM_CAP_PROP_COUNTERS and TPM_CAP_PROP_CONTEXT.
+   
+   In one typical implementation where authorization and transport sessions reside in separate
+   pools, TPM_CAP_PROP_SESSIONS will be the sum of TPM_CAP_PROP_AUTHSESS and TPM_CAP_PROP_TRANSESS.
+   In another typical implementation where authorization and transport sessions share the same pool,
+   TPM_CAP_PROP_SESSIONS, TPM_CAP_PROP_AUTHSESS, and TPM_CAP_PROP_TRANSESS will all be equal.
+*/
+
+#define TPM_CAP_PROP_PCR                0x00000101    /* uint32_t value. Returns the number of PCR
+                                                         registers supported by the TPM */
+#define TPM_CAP_PROP_DIR                0x00000102    /* uint32_t. Deprecated. Returns the number of
+                                                         DIR, which is now fixed at 1 */
+#define TPM_CAP_PROP_MANUFACTURER       0x00000103    /* uint32_t value.  Returns the vendor ID
+                                                         unique to each TPM manufacturer. */
+#define TPM_CAP_PROP_KEYS               0x00000104    /* uint32_t value. Returns the number of 2048-
+                                                         bit RSA keys that can be loaded. This may
+                                                         vary with time and circumstances. */
+#define TPM_CAP_PROP_MIN_COUNTER        0x00000107    /* uint32_t. The minimum amount of time in
+                                                         10ths of a second that must pass between
+                                                         invocations of incrementing the monotonic
+                                                         counter. */
+#define TPM_CAP_PROP_AUTHSESS           0x0000010A    /* uint32_t. The number of available
+                                                         authorization sessions. This may vary with
+                                                         time and circumstances. */
+#define TPM_CAP_PROP_TRANSESS           0x0000010B    /* uint32_t. The number of available transport
+                                                         sessions. This may vary with time and
+                                                         circumstances.  */
+#define TPM_CAP_PROP_COUNTERS           0x0000010C    /* uint32_t. The number of available monotonic
+                                                         counters. This may vary with time and
+                                                         circumstances. */
+#define TPM_CAP_PROP_MAX_AUTHSESS       0x0000010D    /* uint32_t. The maximum number of loaded
+                                                         authorization sessions the TPM supports */
+#define TPM_CAP_PROP_MAX_TRANSESS       0x0000010E    /* uint32_t. The maximum number of loaded
+                                                         transport sessions the TPM supports. */
+#define TPM_CAP_PROP_MAX_COUNTERS       0x0000010F    /* uint32_t. The maximum number of monotonic
+                                                         counters under control of TPM_CreateCounter
+                                                         */
+#define TPM_CAP_PROP_MAX_KEYS           0x00000110    /* uint32_t. The maximum number of 2048 RSA
+                                                         keys that the TPM can support. The number
+                                                         does not include the EK or SRK. */
+#define TPM_CAP_PROP_OWNER              0x00000111    /* BOOL. A value of TRUE indicates that the
+                                                         TPM has successfully installed an owner. */
+#define TPM_CAP_PROP_CONTEXT            0x00000112    /* uint32_t. The number of available saved
+                                                         session slots. This may vary with time and
+                                                         circumstances. */
+#define TPM_CAP_PROP_MAX_CONTEXT        0x00000113    /* uint32_t. The maximum number of saved
+                                                         session slots. */
+#define TPM_CAP_PROP_FAMILYROWS         0x00000114    /* uint32_t. The maximum number of rows in the
+                                                         family table */
+#define TPM_CAP_PROP_TIS_TIMEOUT        0x00000115    /* A 4 element array of uint32_t values each
+                                                         denoting the timeout value in microseconds
+                                                         for the following in this order:
+                                                         
+                                                         TIMEOUT_A, TIMEOUT_B, TIMEOUT_C, TIMEOUT_D 
+
+                                                         Where these timeouts are to be used is
+                                                         determined by the platform specific TPM
+                                                         Interface Specification. */
+#define TPM_CAP_PROP_STARTUP_EFFECT     0x00000116    /* The TPM_STARTUP_EFFECTS structure */
+#define TPM_CAP_PROP_DELEGATE_ROW       0x00000117    /* uint32_t. The maximum size of the delegate
+                                                         table in rows. */
+#define TPM_CAP_PROP_MAX_DAASESS        0x00000119    /* uint32_t. The maximum number of loaded DAA
+                                                         sessions (join or sign) that the TPM
+                                                         supports */
+#define TPM_CAP_PROP_DAASESS            0x0000011A    /* uint32_t. The number of available DAA
+                                                         sessions. This may vary with time and
+                                                         circumstances */
+#define TPM_CAP_PROP_CONTEXT_DIST       0x0000011B    /* uint32_t. The maximum distance between
+                                                         context count values. This MUST be at least
+                                                         2^16-1. */
+#define TPM_CAP_PROP_DAA_INTERRUPT      0x0000011C    /* BOOL. A value of TRUE indicates that the
+                                                         TPM will accept ANY command while executing
+                                                         a DAA Join or Sign.
+
+                                                         A value of FALSE indicates that the TPM
+                                                         will invalidate the DAA Join or Sign upon
+                                                         the receipt of any command other than the
+                                                         next join/sign in the session or a
+                                                         TPM_SaveContext */
+#define TPM_CAP_PROP_SESSIONS           0X0000011D    /* uint32_t. The number of available sessions
+                                                         from the pool. This MAY vary with time and
+                                                         circumstances. Pool sessions include
+                                                         authorization and transport sessions. */
+#define TPM_CAP_PROP_MAX_SESSIONS       0x0000011E    /* uint32_t. The maximum number of sessions
+                                                         the TPM supports. */
+#define TPM_CAP_PROP_CMK_RESTRICTION    0x0000011F    /* uint32_t TPM_Permanent_Data ->
+                                                         restrictDelegate
+                                                       */
+#define TPM_CAP_PROP_DURATION           0x00000120    /* A 3 element array of uint32_t values each
+                                                         denoting the duration value in microseconds
+                                                         of the duration of the three classes of
+                                                         commands: Small, Medium and Long in the
+                                                         following in this order: SMALL_DURATION,
+                                                         MEDIUM_DURATION, LONG_DURATION */
+#define TPM_CAP_PROP_ACTIVE_COUNTER     0x00000122      /* TPM_COUNT_ID. The id of the current
+                                                           counter. 0xff..ff if no counter is active
+                                                        */
+#define TPM_CAP_PROP_MAX_NV_AVAILABLE   0x00000123      /*uint32_t. Deprecated.  The maximum number
+                                                          of NV space that can be allocated, MAY
+                                                          vary with time and circumstances.  This
+                                                          capability was not implemented
+                                                          consistently, and is replaced by
+                                                          TPM_NV_INDEX_TRIAL. */
+#define TPM_CAP_PROP_INPUT_BUFFER       0x00000124      /* uint32_t. The maximum size of the TPM
+                                                           input buffer or output buffer in
+                                                           bytes. */
+
+/* 21.4 Set_Capability Values rev 107
+ */
+   
+#define TPM_SET_PERM_FLAGS      0x00000001      /* The ability to set a value is field specific and
+                                                   a review of the structure will disclose the
+                                                   ability and requirements to set a value */
+#define TPM_SET_PERM_DATA       0x00000002      /* The ability to set a value is field specific and
+                                                   a review of the structure will disclose the
+                                                   ability and requirements to set a value */
+#define TPM_SET_STCLEAR_FLAGS   0x00000003      /* The ability to set a value is field specific and
+                                                   a review of the structure will disclose the
+                                                   ability and requirements to set a value */
+#define TPM_SET_STCLEAR_DATA    0x00000004      /* The ability to set a value is field specific and
+                                                   a review of the structure will disclose the
+                                                   ability and requirements to set a value */
+#define TPM_SET_STANY_FLAGS     0x00000005      /* The ability to set a value is field specific and
+                                                   a review of the structure will disclose the
+                                                   ability and requirements to set a value */
+#define TPM_SET_STANY_DATA      0x00000006      /* The ability to set a value is field specific and
+                                                   a review of the structure will disclose the
+                                                   ability and requirements to set a value */
+#define TPM_SET_VENDOR          0x00000007      /* This area allows the vendor to set specific areas
+                                                   in the TPM according to the normal shielded
+                                                   location requirements */
+
+/* Set Capability sub caps */
+
+/* TPM_PERMANENT_FLAGS */
+
+#define  TPM_PF_DISABLE                         1
+#define  TPM_PF_OWNERSHIP                       2
+#define  TPM_PF_DEACTIVATED                     3
+#define  TPM_PF_READPUBEK                       4
+#define  TPM_PF_DISABLEOWNERCLEAR               5
+#define  TPM_PF_ALLOWMAINTENANCE                6
+#define  TPM_PF_PHYSICALPRESENCELIFETIMELOCK    7
+#define  TPM_PF_PHYSICALPRESENCEHWENABLE        8
+#define  TPM_PF_PHYSICALPRESENCECMDENABLE       9
+#define  TPM_PF_CEKPUSED                        10
+#define  TPM_PF_TPMPOST                         11
+#define  TPM_PF_TPMPOSTLOCK                     12
+#define  TPM_PF_FIPS                            13
+#define  TPM_PF_OPERATOR                        14
+#define  TPM_PF_ENABLEREVOKEEK                  15
+#define  TPM_PF_NV_LOCKED                       16
+#define  TPM_PF_READSRKPUB                      17
+#define  TPM_PF_TPMESTABLISHED                  18
+#define  TPM_PF_MAINTENANCEDONE                 19
+#define  TPM_PF_DISABLEFULLDALOGICINFO          20
+
+/* TPM_STCLEAR_FLAGS */
+
+#define  TPM_SF_DEACTIVATED                     1
+#define  TPM_SF_DISABLEFORCECLEAR               2
+#define  TPM_SF_PHYSICALPRESENCE                3
+#define  TPM_SF_PHYSICALPRESENCELOCK            4
+#define  TPM_SF_BGLOBALLOCK                     5
+                                                
+/* TPM_STANY_FLAGS */                           
+                                                
+#define  TPM_AF_POSTINITIALISE                  1
+#define  TPM_AF_LOCALITYMODIFIER                2
+#define  TPM_AF_TRANSPORTEXCLUSIVE              3
+#define  TPM_AF_TOSPRESENT                      4
+                                                
+/* TPM_PERMANENT_DATA */                        
+                                                
+#define  TPM_PD_REVMAJOR                        1
+#define  TPM_PD_REVMINOR                        2
+#define  TPM_PD_TPMPROOF                        3
+#define  TPM_PD_OWNERAUTH                       4
+#define  TPM_PD_OPERATORAUTH                    5
+#define  TPM_PD_MANUMAINTPUB                    6
+#define  TPM_PD_ENDORSEMENTKEY                  7
+#define  TPM_PD_SRK                             8
+#define  TPM_PD_DELEGATEKEY                     9
+#define  TPM_PD_CONTEXTKEY                      10
+#define  TPM_PD_AUDITMONOTONICCOUNTER           11
+#define  TPM_PD_MONOTONICCOUNTER                12
+#define  TPM_PD_PCRATTRIB                       13
+#define  TPM_PD_ORDINALAUDITSTATUS              14
+#define  TPM_PD_AUTHDIR                         15
+#define  TPM_PD_RNGSTATE                        16
+#define  TPM_PD_FAMILYTABLE                     17
+#define  TPM_DELEGATETABLE                      18
+#define  TPM_PD_EKRESET                         19
+#define  TPM_PD_LASTFAMILYID                    21
+#define  TPM_PD_NOOWNERNVWRITE                  22
+#define  TPM_PD_RESTRICTDELEGATE                23
+#define  TPM_PD_TPMDAASEED                      24
+#define  TPM_PD_DAAPROOF                        25
+                                                
+/* TPM_STCLEAR_DATA */                          
+                                                
+#define  TPM_SD_CONTEXTNONCEKEY                 1
+#define  TPM_SD_COUNTID                         2
+#define  TPM_SD_OWNERREFERENCE                  3
+#define  TPM_SD_DISABLERESETLOCK                4
+#define  TPM_SD_PCR                             5
+#define  TPM_SD_DEFERREDPHYSICALPRESENCE        6
+
+/* TPM_STCLEAR_DATA -> deferredPhysicalPresence bits */
+
+#define  TPM_DPP_UNOWNED_FIELD_UPGRADE  0x00000001      /* bit 0 TPM_FieldUpgrade */
+                                
+/* TPM_STANY_DATA */                            
+                                                
+#define  TPM_AD_CONTEXTNONCESESSION             1
+#define  TPM_AD_AUDITDIGEST                     2
+#define  TPM_AD_CURRENTTICKS                    3
+#define  TPM_AD_CONTEXTCOUNT                    4
+#define  TPM_AD_CONTEXTLIST                     5
+#define  TPM_AD_SESSIONS                        6
+
+/*  17. Ordinals rev 110
+
+    Ordinals are 32 bit values of type TPM_COMMAND_CODE. The upper byte contains values that serve
+    as flag indicators, the next byte contains values indicating what committee designated the
+    ordinal, and the final two bytes contain the Command Ordinal Index.
+
+       3                   2                   1 
+     1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    |P|C|V| Reserved|    Purview    |     Command Ordinal Index     |
+    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
+
+    Where: 
+
+    P is Protected/Unprotected command. When 0 the command is a Protected command, when 1 the
+    command is an Unprotected command.
+
+    C is Non-Connection/Connection related command. When 0 this command passes through to either the
+    protected (TPM) or unprotected (TSS) components.
+
+    V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the command is vendor
+    defined.
+
+    All reserved area bits are set to 0. 
+*/
+
+/* The following masks are created to allow for the quick definition of the commands */
+
+#define TPM_PROTECTED_COMMAND   0x00000000 /* TPM protected command, specified in main specification
+                                            */
+#define TPM_UNPROTECTED_COMMAND 0x80000000 /* TSS command, specified in the TSS specification */
+#define TPM_CONNECTION_COMMAND  0x40000000 /* TSC command, protected connection commands are
+                                              specified in the main specification Unprotected
+                                              connection commands are specified in the TSS */
+#define TPM_VENDOR_COMMAND      0x20000000 /* Command that is vendor specific for a given TPM or
+                                              TSS.  */
+
+
+/* The following Purviews have been defined: */
+
+#define TPM_MAIN        0x00 /* Command is from the main specification  */
+#define TPM_PC          0x01 /* Command is specific to the PC  */
+#define TPM_PDA         0x02 /* Command is specific to a PDA  */
+#define TPM_CELL_PHONE  0x03 /* Command is specific to a cell phone  */
+#define TPM_SERVER      0x04 /* Command is specific to servers  */
+#define TPM_PERIPHERAL  0x05 /* Command is specific to peripherals */
+//#define TPM_TSS         0x06 /* Command is specific to TSS */
+
+/* Combinations for the main specification would be:   */
+
+#define TPM_PROTECTED_ORDINAL   (TPM_PROTECTED_COMMAND   | TPM_MAIN)
+#define TPM_UNPROTECTED_ORDINAL (TPM_UNPROTECTED_COMMAND | TPM_MAIN)
+#define TPM_CONNECTION_ORDINAL  (TPM_CONNECTION_COMMAND  | TPM_MAIN)
+
+/* Command ordinals */
+
+#define TPM_ORD_ActivateIdentity                0x0000007A
+#define TPM_ORD_AuthorizeMigrationKey           0x0000002B
+#define TPM_ORD_CertifyKey                      0x00000032
+#define TPM_ORD_CertifyKey2                     0x00000033
+#define TPM_ORD_CertifySelfTest                 0x00000052
+#define TPM_ORD_ChangeAuth                      0x0000000C
+#define TPM_ORD_ChangeAuthAsymFinish            0x0000000F
+#define TPM_ORD_ChangeAuthAsymStart             0x0000000E
+#define TPM_ORD_ChangeAuthOwner                 0x00000010
+#define TPM_ORD_CMK_ApproveMA                   0x0000001D
+#define TPM_ORD_CMK_ConvertMigration            0x00000024
+#define TPM_ORD_CMK_CreateBlob                  0x0000001B
+#define TPM_ORD_CMK_CreateKey                   0x00000013
+#define TPM_ORD_CMK_CreateTicket                0x00000012
+#define TPM_ORD_CMK_SetRestrictions             0x0000001C
+#define TPM_ORD_ContinueSelfTest                0x00000053
+#define TPM_ORD_ConvertMigrationBlob            0x0000002A
+#define TPM_ORD_CreateCounter                   0x000000DC
+#define TPM_ORD_CreateEndorsementKeyPair        0x00000078
+#define TPM_ORD_CreateMaintenanceArchive        0x0000002C
+#define TPM_ORD_CreateMigrationBlob             0x00000028
+#define TPM_ORD_CreateRevocableEK               0x0000007F
+#define TPM_ORD_CreateWrapKey                   0x0000001F
+#define TPM_ORD_DAA_Join                        0x00000029
+#define TPM_ORD_DAA_Sign                        0x00000031
+#define TPM_ORD_Delegate_CreateKeyDelegation    0x000000D4
+#define TPM_ORD_Delegate_CreateOwnerDelegation  0x000000D5
+#define TPM_ORD_Delegate_LoadOwnerDelegation    0x000000D8
+#define TPM_ORD_Delegate_Manage                 0x000000D2
+#define TPM_ORD_Delegate_ReadTable              0x000000DB
+#define TPM_ORD_Delegate_UpdateVerification     0x000000D1
+#define TPM_ORD_Delegate_VerifyDelegation       0x000000D6
+#define TPM_ORD_DirRead                         0x0000001A
+#define TPM_ORD_DirWriteAuth                    0x00000019
+#define TPM_ORD_DisableForceClear               0x0000005E
+#define TPM_ORD_DisableOwnerClear               0x0000005C
+#define TPM_ORD_DisablePubekRead                0x0000007E
+#define TPM_ORD_DSAP                            0x00000011
+#define TPM_ORD_EstablishTransport              0x000000E6
+#define TPM_ORD_EvictKey                        0x00000022
+#define TPM_ORD_ExecuteTransport                0x000000E7
+#define TPM_ORD_Extend                          0x00000014
+#define TPM_ORD_FieldUpgrade                    0x000000AA
+#define TPM_ORD_FlushSpecific                   0x000000BA
+#define TPM_ORD_ForceClear                      0x0000005D
+#define TPM_ORD_GetAuditDigest                  0x00000085
+#define TPM_ORD_GetAuditDigestSigned            0x00000086
+#define TPM_ORD_GetAuditEvent                   0x00000082
+#define TPM_ORD_GetAuditEventSigned             0x00000083
+#define TPM_ORD_GetCapability                   0x00000065
+#define TPM_ORD_GetCapabilityOwner              0x00000066
+#define TPM_ORD_GetCapabilitySigned             0x00000064
+#define TPM_ORD_GetOrdinalAuditStatus           0x0000008C
+#define TPM_ORD_GetPubKey                       0x00000021
+#define TPM_ORD_GetRandom                       0x00000046
+#define TPM_ORD_GetTestResult                   0x00000054
+#define TPM_ORD_GetTicks                        0x000000F1
+#define TPM_ORD_IncrementCounter                0x000000DD
+#define TPM_ORD_Init                            0x00000097
+#define TPM_ORD_KeyControlOwner                 0x00000023
+#define TPM_ORD_KillMaintenanceFeature          0x0000002E
+#define TPM_ORD_LoadAuthContext                 0x000000B7
+#define TPM_ORD_LoadContext                     0x000000B9
+#define TPM_ORD_LoadKey                         0x00000020
+#define TPM_ORD_LoadKey2                        0x00000041
+#define TPM_ORD_LoadKeyContext                  0x000000B5
+#define TPM_ORD_LoadMaintenanceArchive          0x0000002D
+#define TPM_ORD_LoadManuMaintPub                0x0000002F
+#define TPM_ORD_MakeIdentity                    0x00000079
+#define TPM_ORD_MigrateKey                      0x00000025
+#define TPM_ORD_NV_DefineSpace                  0x000000CC
+#define TPM_ORD_NV_ReadValue                    0x000000CF
+#define TPM_ORD_NV_ReadValueAuth                0x000000D0
+#define TPM_ORD_NV_WriteValue                   0x000000CD
+#define TPM_ORD_NV_WriteValueAuth               0x000000CE
+#define TPM_ORD_OIAP                            0x0000000A
+#define TPM_ORD_OSAP                            0x0000000B
+#define TPM_ORD_OwnerClear                      0x0000005B
+#define TPM_ORD_OwnerReadInternalPub            0x00000081
+#define TPM_ORD_OwnerReadPubek                  0x0000007D
+#define TPM_ORD_OwnerSetDisable                 0x0000006E
+#define TPM_ORD_PCR_Reset                       0x000000C8
+#define TPM_ORD_PcrRead                         0x00000015
+#define TPM_ORD_PhysicalDisable                 0x00000070
+#define TPM_ORD_PhysicalEnable                  0x0000006F
+#define TPM_ORD_PhysicalSetDeactivated          0x00000072
+#define TPM_ORD_Quote                           0x00000016
+#define TPM_ORD_Quote2                          0x0000003E
+#define TPM_ORD_ReadCounter                     0x000000DE
+#define TPM_ORD_ReadManuMaintPub                0x00000030
+#define TPM_ORD_ReadPubek                       0x0000007C
+#define TPM_ORD_ReleaseCounter                  0x000000DF
+#define TPM_ORD_ReleaseCounterOwner             0x000000E0
+#define TPM_ORD_ReleaseTransportSigned          0x000000E8
+#define TPM_ORD_Reset                           0x0000005A
+#define TPM_ORD_ResetLockValue                  0x00000040
+#define TPM_ORD_RevokeTrust                     0x00000080
+#define TPM_ORD_SaveAuthContext                 0x000000B6
+#define TPM_ORD_SaveContext                     0x000000B8
+#define TPM_ORD_SaveKeyContext                  0x000000B4
+#define TPM_ORD_SaveState                       0x00000098
+#define TPM_ORD_Seal                            0x00000017
+#define TPM_ORD_Sealx                           0x0000003D
+#define TPM_ORD_SelfTestFull                    0x00000050
+#define TPM_ORD_SetCapability                   0x0000003F
+#define TPM_ORD_SetOperatorAuth                 0x00000074
+#define TPM_ORD_SetOrdinalAuditStatus           0x0000008D
+#define TPM_ORD_SetOwnerInstall                 0x00000071
+#define TPM_ORD_SetOwnerPointer                 0x00000075
+#define TPM_ORD_SetRedirection                  0x0000009A
+#define TPM_ORD_SetTempDeactivated              0x00000073
+#define TPM_ORD_SHA1Complete                    0x000000A2
+#define TPM_ORD_SHA1CompleteExtend              0x000000A3
+#define TPM_ORD_SHA1Start                       0x000000A0
+#define TPM_ORD_SHA1Update                      0x000000A1
+#define TPM_ORD_Sign                            0x0000003C
+#define TPM_ORD_Startup                         0x00000099
+#define TPM_ORD_StirRandom                      0x00000047
+#define TPM_ORD_TakeOwnership                   0x0000000D
+#define TPM_ORD_Terminate_Handle                0x00000096
+#define TPM_ORD_TickStampBlob                   0x000000F2
+#define TPM_ORD_UnBind                          0x0000001E
+#define TPM_ORD_Unseal                          0x00000018
+
+#define TSC_ORD_PhysicalPresence                0x4000000A
+#define TSC_ORD_ResetEstablishmentBit           0x4000000B
+
+/* 19. NV storage structures */
+
+/* 19.1 TPM_NV_INDEX rev 110
+
+     The index provides the handle to identify the area of storage. The reserved bits allow for a
+     segregation of the index name space to avoid name collisions.
+
+     The TPM may check the resvd bits for zero.  Thus, applications should set the bits to zero.
+
+     The TCG defines the space where the high order bits (T, P, U) are 0. The other spaces are
+     controlled by the indicated entity.
+
+     T is the TPM manufacturer reserved bit. 0 indicates a TCG defined value. 1 indicates a TPM
+     manufacturer specific value.
+
+     P is the platform manufacturer reserved bit. 0 indicates a TCG defined value. 1 indicates that
+     the index is controlled by the platform manufacturer.
+
+     U is for the platform user. 0 indicates a TCG defined value. 1 indicates that the index is
+     controlled by the platform user.
+
+     The TPM_NV_INDEX is a 32-bit value.
+     3                   2                   1
+     1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |T|P|U|D| resvd |   Purview      |         Index                |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+     Where:
+
+     1. The TPM MAY return an error if the reserved area bits are not set to 0.
+
+     2. The TPM MUST accept all values for T, P, and U
+
+     3. D indicates defined. 1 indicates that the index is permanently defined and that any
+        TPM_NV_DefineSpace operation will fail after nvLocked is set TRUE.
+
+     a. TCG reserved areas MAY have D set to 0 or 1
+        
+     4. Purview is the value used to indicate the platform specific area. This value is the
+     same as used for command ordinals.
+
+     a. The TPM MUST reject purview values that the TPM cannot support. This means that an
+     index value for a PDA MUST be rejected by a TPM designed to work only on the PC Client.
+*/
+
+#define TPM_NV_INDEX_T_BIT              0x80000000
+#define TPM_NV_INDEX_P_BIT              0x40000000
+#define TPM_NV_INDEX_U_BIT              0x20000000
+#define TPM_NV_INDEX_D_BIT              0x10000000
+/* added kgold */
+#define TPM_NV_INDEX_RESVD              0x0f000000
+#define TPM_NV_INDEX_PURVIEW_BIT        16
+#define TPM_NV_INDEX_PURVIEW_MASK       0x00ff0000
+
+/* 19.1.1 Required TPM_NV_INDEX values rev 97
+
+   The required index values must be found on each TPM regardless of platform. These areas are
+   always present and do not require a TPM_DefineSpace command to allocate.
+
+   A platform specific specification may add additional required index values for the platform.
+
+   The TPM MUST reserve the space as indicated for the required index values
+*/
+
+#define TPM_NV_INDEX_LOCK  0xFFFFFFFF   /* This value turns on the NV authorization
+                                           protections. Once executed all NV areas use the
+                                           protections as defined. This value never resets.
+
+                                           Attempting to execute TPM_NV_DefineSpace on this value
+                                           with non-zero size MAY result in a TPM_BADINDEX
+                                           response.
+                                        */
+
+#define TPM_NV_INDEX0      0x00000000   /* This value allows for the setting of the bGlobalLock
+                                           flag, which is only reset on TPM_Startup(ST_Clear)
+
+                                           Attempting to execute TPM_NV_WriteValue with a size other
+                                           than zero MAY result in the TPM_BADINDEX error code.
+                                        */
+
+#define TPM_NV_INDEX_DIR   0x10000001   /* Size MUST be 20. This index points to the deprecated DIR
+                                           command area from 1.1.  The TPM MUST map this reserved
+                                           space to be the area operated on by the 1.1 DIR commands.
+                                           */
+
+/* 19.1.2 Reserved Index values rev 116
+
+  The reserved values are defined to avoid index collisions. These values are not in each and every
+  TPM.
+
+  1. The reserved index values are to avoid index value collisions. 
+  2. These index values require a TPM_DefineSpace to have the area for the index allocated 
+  3. A platform specific specification MAY indicate that reserved values are required. 
+  4. The reserved index values MAY have their D bit set by the TPM vendor to permanently
+*/
+
+#define TPM_NV_INDEX_TPM                0x0000Fxxx      /* Reserved for TPM use */
+#define TPM_NV_INDEX_EKCert             0x1000F000      /* The Endorsement credential */
+
+#define TPM_NV_INDEX_TPM_CC             0x0000F001      /* The TPM Conformance credential */
+#define TPM_NV_INDEX_PlatformCert       0x0000F002      /* The platform credential */
+#define TPM_NV_INDEX_Platform_CC        0x0000F003      /* The Platform conformance credential */
+#define TPM_NV_INDEX_TRIAL              0x0000F004      /* To try TPM_NV_DefineSpace without
+                                                           actually allocating NV space */
+
+#if 0
+#define TPM_NV_INDEX_PC                 0x0001xxxx      /* Reserved for PC Client use */
+#define TPM_NV_INDEX_GPIO_xx            0x000116xx      /* Reserved for GPIO pins */
+#define TPM_NV_INDEX_PDA                0x0002xxxx      /* Reserved for PDA use */
+#define TPM_NV_INDEX_MOBILE             0x0003xxxx      /* Reserved for mobile use */
+#define TPM_NV_INDEX_SERVER             0x0004xxxx      /* Reserved for Server use */
+#define TPM_NV_INDEX_PERIPHERAL         0x0005xxxx      /* Reserved for peripheral use */
+#define TPM_NV_INDEX_TSS                0x0006xxxx      /* Reserved for TSS use */
+#define TPM_NV_INDEX_GROUP_RESV         0x00xxxxxx      /* Reserved for TCG WG use */
+#endif                                 
+
+#define TPM_NV_INDEX_GPIO_00            0x00011600      /* GPIO-Express-00 */
+
+#define TPM_NV_INDEX_GPIO_START         0x00011600      /* Reserved for GPIO pins */
+#define TPM_NV_INDEX_GPIO_END           0x000116ff      /* Reserved for GPIO pins */
+
+/* 19.2 TPM_NV_ATTRIBUTES rev 99
+
+   The attributes TPM_NV_PER_AUTHREAD and TPM_NV_PER_OWNERREAD cannot both be set to TRUE.
+   Similarly, the attributes TPM_NV_PER_AUTHWRITE and TPM_NV_PER_OWNERWRITE cannot both be set to
+   TRUE.
+*/
+
+#define TPM_NV_PER_READ_STCLEAR         0x80000000 /* 31: The value can be read until locked by a
+                                                      read with a data size of 0.  It can only be
+                                                      unlocked by TPM_Startup(ST_Clear) or a
+                                                      successful write. Lock held for each area in
+                                                      bReadSTClear. */
+/* #define 30:19 Reserved */
+#define TPM_NV_PER_AUTHREAD             0x00040000 /* 18: The value requires authorization to read
+                                                      */
+#define TPM_NV_PER_OWNERREAD            0x00020000 /* 17: The value requires TPM Owner authorization
+                                                      to read. */
+#define TPM_NV_PER_PPREAD               0x00010000 /* 16: The value requires physical presence to
+                                                      read */
+#define TPM_NV_PER_GLOBALLOCK           0x00008000 /* 15: The value is writable until a write to
+                                                      index 0 is successful. The lock of this
+                                                      attribute is reset by
+                                                      TPM_Startup(ST_CLEAR). Lock held by SF ->
+                                                      bGlobalLock */
+#define TPM_NV_PER_WRITE_STCLEAR        0x00004000 /* 14: The value is writable until a write to
+                                                      the specified index with a datasize of 0 is
+                                                      successful. The lock of this attribute is
+                                                      reset by TPM_Startup(ST_CLEAR). Lock held for
+                                                      each area in bWriteSTClear. */
+#define TPM_NV_PER_WRITEDEFINE          0x00002000 /* 13: Lock set by writing to the index with a
+                                                      datasize of 0. Lock held for each area in
+                                                      bWriteDefine.  This is a persistent lock. */
+#define TPM_NV_PER_WRITEALL             0x00001000 /* 12: The value must be written in a single
+                                                      operation */
+/* #define 11:3 Reserved for write additions */
+#define TPM_NV_PER_AUTHWRITE            0x00000004 /* 2: The value requires authorization to write
+                                                      */
+#define TPM_NV_PER_OWNERWRITE           0x00000002 /* 1: The value requires TPM Owner authorization
+                                                      to write */
+#define TPM_NV_PER_PPWRITE              0x00000001 /* 0: The value requires physical presence to
+                                                      write */
+
+/* 20.2.1 Owner Permission Settings rev 87 */
+
+/* Per1 bits */
+
+#define TPM_DELEGATE_PER1_MASK                          0xffffffff      /* mask of legal bits */
+#define TPM_DELEGATE_KeyControlOwner                    31
+#define TPM_DELEGATE_SetOrdinalAuditStatus              30
+#define TPM_DELEGATE_DirWriteAuth                       29
+#define TPM_DELEGATE_CMK_ApproveMA                      28
+#define TPM_DELEGATE_NV_WriteValue                      27
+#define TPM_DELEGATE_CMK_CreateTicket                   26
+#define TPM_DELEGATE_NV_ReadValue                       25
+#define TPM_DELEGATE_Delegate_LoadOwnerDelegation       24
+#define TPM_DELEGATE_DAA_Join                           23
+#define TPM_DELEGATE_AuthorizeMigrationKey              22
+#define TPM_DELEGATE_CreateMaintenanceArchive           21
+#define TPM_DELEGATE_LoadMaintenanceArchive             20
+#define TPM_DELEGATE_KillMaintenanceFeature             19
+#define TPM_DELEGATE_OwnerReadInternalPub               18
+#define TPM_DELEGATE_ResetLockValue                     17
+#define TPM_DELEGATE_OwnerClear                         16
+#define TPM_DELEGATE_DisableOwnerClear                  15
+#define TPM_DELEGATE_NV_DefineSpace                     14
+#define TPM_DELEGATE_OwnerSetDisable                    13
+#define TPM_DELEGATE_SetCapability                      12
+#define TPM_DELEGATE_MakeIdentity                       11
+#define TPM_DELEGATE_ActivateIdentity                   10
+#define TPM_DELEGATE_OwnerReadPubek                     9 
+#define TPM_DELEGATE_DisablePubekRead                   8 
+#define TPM_DELEGATE_SetRedirection                     7 
+#define TPM_DELEGATE_FieldUpgrade                       6 
+#define TPM_DELEGATE_Delegate_UpdateVerification        5 
+#define TPM_DELEGATE_CreateCounter                      4 
+#define TPM_DELEGATE_ReleaseCounterOwner                3 
+#define TPM_DELEGATE_Delegate_Manage                    2 
+#define TPM_DELEGATE_Delegate_CreateOwnerDelegation     1 
+#define TPM_DELEGATE_DAA_Sign                           0 
+
+/* Per2 bits */
+#define TPM_DELEGATE_PER2_MASK                          0x00000000      /* mask of legal bits */
+/* All reserved */
+
+/* 20.2.3 Key Permission settings rev 85 */
+
+/* Per1 bits */
+
+#define TPM_KEY_DELEGATE_PER1_MASK                      0x1fffffff      /* mask of legal bits */
+#define TPM_KEY_DELEGATE_CMK_ConvertMigration           28
+#define TPM_KEY_DELEGATE_TickStampBlob                  27
+#define TPM_KEY_DELEGATE_ChangeAuthAsymStart            26
+#define TPM_KEY_DELEGATE_ChangeAuthAsymFinish           25
+#define TPM_KEY_DELEGATE_CMK_CreateKey                  24
+#define TPM_KEY_DELEGATE_MigrateKey                     23
+#define TPM_KEY_DELEGATE_LoadKey2                       22
+#define TPM_KEY_DELEGATE_EstablishTransport             21
+#define TPM_KEY_DELEGATE_ReleaseTransportSigned         20
+#define TPM_KEY_DELEGATE_Quote2                         19
+#define TPM_KEY_DELEGATE_Sealx                          18
+#define TPM_KEY_DELEGATE_MakeIdentity                   17
+#define TPM_KEY_DELEGATE_ActivateIdentity               16
+#define TPM_KEY_DELEGATE_GetAuditDigestSigned           15
+#define TPM_KEY_DELEGATE_Sign                           14
+#define TPM_KEY_DELEGATE_CertifyKey2                    13
+#define TPM_KEY_DELEGATE_CertifyKey                     12
+#define TPM_KEY_DELEGATE_CreateWrapKey                  11
+#define TPM_KEY_DELEGATE_CMK_CreateBlob                 10
+#define TPM_KEY_DELEGATE_CreateMigrationBlob            9 
+#define TPM_KEY_DELEGATE_ConvertMigrationBlob           8 
+#define TPM_KEY_DELEGATE_Delegate_CreateKeyDelegation   7 
+#define TPM_KEY_DELEGATE_ChangeAuth                     6 
+#define TPM_KEY_DELEGATE_GetPubKey                      5 
+#define TPM_KEY_DELEGATE_UnBind                         4 
+#define TPM_KEY_DELEGATE_Quote                          3 
+#define TPM_KEY_DELEGATE_Unseal                         2 
+#define TPM_KEY_DELEGATE_Seal                           1 
+#define TPM_KEY_DELEGATE_LoadKey                        0 
+
+/* Per2 bits */
+#define TPM_KEY_DELEGATE_PER2_MASK                      0x00000000      /* mask of legal bits */
+/* All reserved */
+
+/* 20.3 TPM_FAMILY_FLAGS rev 87
+
+   These flags indicate the operational state of the delegation and family table. These flags
+   are additions to TPM_PERMANENT_FLAGS and are not stand alone values.
+*/
+
+#define TPM_DELEGATE_ADMIN_LOCK 0x00000002 /* TRUE: Some TPM_Delegate_XXX commands are locked and
+                                              return TPM_DELEGATE_LOCK
+                                             
+                                              FALSE: TPM_Delegate_XXX commands are available
+
+                                              Default is FALSE */
+#define TPM_FAMFLAG_ENABLED     0x00000001 /* When TRUE the table is enabled. The default value is
+                                              FALSE.  */
+
+/* 20.14 TPM_FAMILY_OPERATION Values rev 87
+
+   These are the opFlag values used by TPM_Delegate_Manage.
+*/
+
+#define TPM_FAMILY_CREATE       0x00000001      /* Create a new family */
+#define TPM_FAMILY_ENABLE       0x00000002      /* Set or reset the enable flag for this family. */
+#define TPM_FAMILY_ADMIN        0x00000003      /* Prevent administration of this family. */
+#define TPM_FAMILY_INVALIDATE   0x00000004      /* Invalidate a specific family row. */
+
+/* 21.9 TPM_DA_STATE rev 100
+   
+   TPM_DA_STATE enumerates the possible states of the dictionary attack mitigation logic.
+*/
+
+#define TPM_DA_STATE_INACTIVE   0x00    /* The dictionary attack mitigation logic is currently
+                                           inactive */
+#define TPM_DA_STATE_ACTIVE     0x01    /* The dictionary attack mitigation logic is
+                                           active. TPM_DA_ACTION_TYPE (21.10) is in progress. */
+
+/* 21.10 TPM_DA_ACTION_TYPE rev 100
+ */
+
+/* 31-4 Reserved  No information and MUST be FALSE */
+
+#define TPM_DA_ACTION_FAILURE_MODE      0x00000008 /* bit 3: The TPM is in failure mode. */
+#define TPM_DA_ACTION_DEACTIVATE        0x00000004 /* bit 2: The TPM is in the deactivated state. */
+#define TPM_DA_ACTION_DISABLE           0x00000002 /* bit 1: The TPM is in the disabled state. */
+#define TPM_DA_ACTION_TIMEOUT           0x00000001 /* bit 0: The TPM will be in a locked state for
+                                                      TPM_DA_INFO -> actionDependValue seconds. This
+                                                      value is dynamic, depending on the time the
+                                                      lock has been active.  */
+
+/* 22. DAA Structures rev 91
+   
+   All byte and bit areas are byte arrays treated as large integers
+*/
+
+#define DAA_SIZE_r0             43
+#define DAA_SIZE_r1             43
+#define DAA_SIZE_r2             128
+#define DAA_SIZE_r3             168
+#define DAA_SIZE_r4             219
+#define DAA_SIZE_NT             20
+#define DAA_SIZE_v0             128
+#define DAA_SIZE_v1             192
+#define DAA_SIZE_NE             256
+#define DAA_SIZE_w              256
+#define DAA_SIZE_issuerModulus  256
+
+/* check that DAA_SIZE_issuerModulus will fit in DAA_scratch */
+#if (DAA_SIZE_issuerModulus != 256)
+#error "DAA_SIZE_issuerModulus must be 256"
+#endif
+
+/* 22.2 Constant definitions rev 91 */
+
+#define DAA_power0      104  
+#define DAA_power1      1024  
+
+#endif
diff --git a/utils/ibmtss/tpmstructures12.h b/utils/ibmtss/tpmstructures12.h
new file mode 100644
index 000000000..2d8169ba6
--- /dev/null
+++ b/utils/ibmtss/tpmstructures12.h
@@ -0,0 +1,2482 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              TPM 1.2 Structures                              */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TPMSTRUCTURES12_H
+#define TPMSTRUCTURES12_H
+
+#include <limits.h>
+#include "tpmconstants12.h"
+#include "tpmtypes12.h"
+
+/* Sanity check on build macros are centralized here, since any TPM will use this header */
+
+#if !defined (TPM_POSIX) && !defined (TPM_WINDOWS) && !defined(TPM_SKIBOOT)
+#error "Must define either TPM_POSIX TPM_SKIBOOT or TPM_WINDOWS"
+#endif
+
+#define TPM_REVISION_MAX 9999
+#ifndef TPM_REVISION
+#define TPM_REVISION TPM_REVISION_MAX
+#endif
+
+/* 5.1 TPM_STRUCT_VER rev 100
+
+   This indicates the version of the structure or TPM. 
+
+   Version 1.2 deprecates the use of this structure in all other structures. The structure is not
+   deprecated as many of the structures that contain this structure are not deprecated.
+*/
+
+typedef struct tdTPM_STRUCT_VER { 
+    BYTE major;         /* This SHALL indicate the major version of the structure. MUST be 0x01 */
+    BYTE minor;         /* This SHALL indicate the minor version of the structure. MUST be 0x01 */
+    BYTE revMajor;      /* This MUST be 0x00 on output, ignored on input */
+    BYTE revMinor;      /* This MUST be 0x00 on output, ignored on input */
+} TPM_STRUCT_VER; 
+
+/* 5.2 TPM_VERSION_BYTE rev 87
+
+   Allocating a byte for the version information is wasteful of space. The current allocation does
+   not provide sufficient resolution to indicate completely the version of the TPM. To allow for
+   backwards compatibility the size of the structure does not change from 1.1.
+   
+   To enable minor version, or revision, numbers with 2-digit resolution, the byte representing a
+   version splits into two BDC encoded nibbles. The ordering of the low and high order provides
+   backwards compatibility with existing numbering.
+   
+   An example of an implementation of this is; a version of 1.23 would have the value 2 in bit
+   positions 3-0 and the value 3 in bit positions 7-4.
+
+   TPM_VERSION_BYTE is a byte. The byte is broken up according to the following rule
+
+   7-4 leastSigVer Least significant nibble of the minor version. MUST be values within the range of
+        0000-1001
+   3-0 mostSigVer Most significant nibble of the minor version. MUST be values within the range of
+        0000-1001
+*/
+
+/* 5.3 TPM_VERSION rev 116
+
+   This structure provides information relative the version of the TPM. This structure should only
+   be in use by TPM_GetCapability to provide the information relative to the TPM.
+*/
+
+typedef struct tdTPM_VERSION { 
+    TPM_VERSION_BYTE major;     /* This SHALL indicate the major version of the TPM, mostSigVer MUST
+                                   be 0x1, leastSigVer MUST be 0x0 */
+    TPM_VERSION_BYTE minor;     /* This SHALL indicate the minor version of the TPM, mostSigVer MUST
+                                   be 0x1 or 0x2, leastSigVer MUST be 0x0 */
+    BYTE revMajor;              /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMajor */
+    BYTE revMinor;              /* This SHALL be the value of the TPM_PERMANENT_DATA -> revMinor */
+} TPM_VERSION; 
+
+/* 5.4 TPM_DIGEST rev 111
+
+   The digest value reports the result of a hash operation.
+
+   In version 1 the hash algorithm is SHA-1 with a resulting hash result being 20 bytes or 160 bits.
+
+   It is understood that algorithm agility is lost due to fixing the hash at 20 bytes and on
+   SHA-1. The reason for fixing is due to the internal use of the digest. It is the authorization
+   values, it provides the secrets for the HMAC and the size of 20 bytes determines the values that
+   can be stored and encrypted. For this reason, the size is fixed and any changes to this value
+   require a new version of the specification.
+
+   The digestSize parameter MUST indicate the block size of the algorithm and MUST be 20 or greater.
+
+   For all TPM v1 hash operations, the hash algorithm MUST be SHA-1 and the digestSize parameter is
+   therefore equal to 20.
+*/
+
+#define TPM_DIGEST_SIZE 20
+typedef BYTE TPM_DIGEST[TPM_DIGEST_SIZE];
+
+/* Redefinitions */
+
+typedef TPM_DIGEST TPM_CHOSENID_HASH;   /* This SHALL be the digest of the chosen identityLabel and
+                                           privacyCA for a new TPM identity.*/
+
+typedef TPM_DIGEST TPM_COMPOSITE_HASH;  /* This SHALL be the hash of a list of PCR indexes and PCR
+                                           values that a key or data is bound to. */
+
+typedef TPM_DIGEST TPM_DIRVALUE;        /* This SHALL be the value of a DIR register */
+
+typedef TPM_DIGEST TPM_HMAC;            /* This shall be the output of the HMAC algorithm */
+
+typedef TPM_DIGEST TPM_PCRVALUE;        /* The value inside of the PCR */
+
+typedef TPM_DIGEST TPM_AUDITDIGEST;     /* This SHALL be the value of the current internal audit
+                                           state */
+
+/* 5.5 TPM_NONCE rev 99
+
+   A nonce is a random value that provides protection from replay and other attacks.  Many of the
+   commands and protocols in the specification require a nonce. This structure provides a consistent
+   view of what a nonce is.
+*/
+
+#define TPM_NONCE_SIZE 20
+typedef BYTE TPM_NONCE[TPM_NONCE_SIZE];
+
+typedef TPM_NONCE TPM_DAA_TPM_SEED;     /* This SHALL be a random value generated by a TPM
+                                           immediately after the EK is installed in that TPM,
+                                           whenever an EK is installed in that TPM */
+typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; /* This SHALL be a random value */
+
+/* 5.6 TPM_AUTHDATA rev 87
+
+   The authorization data is the information that is saved or passed to provide proof of ownership
+   of an entity.  For version 1 this area is always 20 bytes.
+*/
+
+#define TPM_AUTHDATA_SIZE 20
+typedef BYTE TPM_AUTHDATA[TPM_AUTHDATA_SIZE];
+
+#define TPM_SECRET_SIZE 20
+typedef BYTE TPM_SECRET[TPM_SECRET_SIZE];
+
+typedef TPM_AUTHDATA TPM_ENCAUTH; /* A cipher text (encrypted) version of authorization data. The
+                                     encryption mechanism depends on the context. */
+
+#if 0	/* FIXME */
+/* 5.11 TPM_CHANGEAUTH_VALIDATE rev 87
+
+   This structure provides an area that will stores the new authorization data and the challenger's
+   nonce.
+*/
+
+typedef struct tdTPM_CHANGEAUTH_VALIDATE { 
+    TPM_SECRET newAuthSecret;   /* This SHALL be the new authorization data for the target entity */
+    TPM_NONCE n1;               /* This SHOULD be a nonce, to enable the caller to verify that the
+                                   target TPM is on-line. */
+} TPM_CHANGEAUTH_VALIDATE; 
+
+#endif
+
+
+/* PCR */
+
+/* NOTE: The TPM requires and the code assumes a multiple of CHAR_BIT (8).  48 registers (6 bytes)
+   may be a bad number, as it makes TPM_PCR_INFO and TPM_PCR_INFO_LONG indistinguishable in the
+   first two bytes. */
+
+#define TPM_NUM_PCR 24          /* Use PC Client specification values */
+
+#if (CHAR_BIT != 8)
+#error "CHAR_BIT must be 8"
+#endif
+
+#if ((TPM_NUM_PCR % 8) != 0)
+#error "TPM_NUM_PCR must be a multiple of 8"
+#endif
+
+#define TPM_DEBUG_PCR 16
+
+/* 8.1 TPM_PCR_SELECTION rev 110
+
+   This structure provides a standard method of specifying a list of PCR registers.
+*/
+
+typedef struct tdTPM_PCR_SELECTION { 
+    uint16_t sizeOfSelect;			/* The size in bytes of the pcrSelect structure */
+    BYTE pcrSelect[TPM_NUM_PCR/CHAR_BIT];       /* This SHALL be a bit map that indicates if a PCR
+                                                   is active or not */
+} TPM_PCR_SELECTION; 
+
+#if 0
+/* 8.2 TPM_PCR_COMPOSITE rev 97
+
+   The composite structure provides the index and value of the PCR register to be used when creating
+   the value that SEALS an entity to the composite.
+*/
+
+typedef struct tdTPM_PCR_COMPOSITE { 
+    TPM_PCR_SELECTION select;   /* This SHALL be the indication of which PCR values are active */
+#if 0
+    uint32_t valueSize;           /* This SHALL be the size of the pcrValue field (not the number of
+				     PCR's) */
+    TPM_PCRVALUE *pcrValue;     /* This SHALL be an array of TPM_PCRVALUE structures. The values
+                                   come in the order specified by the select parameter and are
+                                   concatenated into a single blob */
+#endif
+    TPM_SIZED_BUFFER pcrValue;
+} TPM_PCR_COMPOSITE; 
+
+/* 8.3 TPM_PCR_INFO rev 87 
+
+   The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the
+   sealing of data, to a set of PCRs.
+*/
+
+typedef struct tdTPM_PCR_INFO { 
+    TPM_PCR_SELECTION pcrSelection;             /* This SHALL be the selection of PCRs to which the
+                                                   data or key is bound. */
+    TPM_COMPOSITE_HASH digestAtRelease;         /* This SHALL be the digest of the PCR indices and
+                                                   PCR values to verify when revealing Sealed Data
+                                                   or using a key that was wrapped to PCRs.  NOTE:
+                                                   This is passed in by the host, and used as
+                                                   authorization to use the key */
+    TPM_COMPOSITE_HASH digestAtCreation;        /* This SHALL be the composite digest value of the
+                                                   PCR values, at the time when the sealing is
+                                                   performed. NOTE: This is generated at key
+                                                   creation, but is just informative to the host,
+                                                   not used for authorization */
+} TPM_PCR_INFO; 
+
+#endif
+
+/* 8.6 TPM_LOCALITY_SELECTION rev 87 
+
+   When used with localityAtCreation only one bit is set and it corresponds to the locality of the
+   command creating the structure.
+
+   When used with localityAtRelease the bits indicate which localities CAN perform the release.
+*/
+
+typedef BYTE TPM_LOCALITY_SELECTION;
+
+#define TPM_LOC_FOUR    0x10    /* Locality 4 */
+#define TPM_LOC_THREE   0x08    /* Locality 3  */
+#define TPM_LOC_TWO     0x04    /* Locality 2  */
+#define TPM_LOC_ONE     0x02    /* Locality 1  */
+#define TPM_LOC_ZERO    0x01    /* Locality 0. This is the same as the legacy interface.  */
+
+#define TPM_LOC_ALL     0x1f    /* kgold - added all localities */
+#define TPM_LOC_MAX     4       /* kgold - maximum value for TPM_MODIFIER_INDICATOR */
+
+/* 8.4 TPM_PCR_INFO_LONG rev 109
+
+   The TPM_PCR_INFO structure contains the information related to the wrapping of a key or the
+   sealing of data, to a set of PCRs.
+
+   The LONG version includes information necessary to properly define the configuration that creates
+   the blob using the PCR selection.
+*/
+
+/* Marshaled  TPM_PCR_INFO_LONG */
+
+typedef struct tdTPM_PCR_INFO_LONG { 
+    TPM_STRUCTURE_TAG tag;                      /* This SHALL be TPM_TAG_PCR_INFO_LONG  */
+    TPM_LOCALITY_SELECTION localityAtCreation;  /* This SHALL be the locality modifier of the
+                                                   function that creates the PCR info structure */
+    TPM_LOCALITY_SELECTION localityAtRelease;   /* This SHALL be the locality modifier required to
+                                                   reveal Sealed Data or use a key that was wrapped
+                                                   to PCRs */
+    TPM_PCR_SELECTION creationPCRSelection;     /* This SHALL be the selection of PCRs active when
+                                                   the blob is created */
+    TPM_PCR_SELECTION releasePCRSelection;      /* This SHALL be the selection of PCRs to which the
+                                                   data or key is bound. */
+    TPM_COMPOSITE_HASH digestAtCreation;        /* This SHALL be the composite digest value of the
+                                                   PCR values, at the time when the sealing is
+                                                   performed. */
+    TPM_COMPOSITE_HASH digestAtRelease;         /* This SHALL be the digest of the PCR indices and
+                                                   PCR values to verify when revealing Sealed Data
+                                                   or using a key that was wrapped to PCRs. */
+} TPM_PCR_INFO_LONG; 
+
+#if 0
+typedef struct {
+    UINT32		PCRInfoSize;
+    TPM_PCR_INFO_LONG 	PCRInfo;
+} TPM4B_TPM_PCR_INFO_LONG;
+
+#endif
+
+/* 8.5 TPM_PCR_INFO_SHORT rev 87
+
+   This structure is for defining a digest at release when the only information that is necessary is
+   the release configuration.
+*/
+
+typedef struct tdTPM_PCR_INFO_SHORT { 
+    TPM_PCR_SELECTION pcrSelection;     /* This SHALL be the selection of PCRs that specifies the
+                                           digestAtRelease */
+    TPM_LOCALITY_SELECTION localityAtRelease;   /* This SHALL be the locality modifier required to
+                                                   release the information.  This value must not be
+                                                   zero (0). */
+    TPM_COMPOSITE_HASH digestAtRelease;         /* This SHALL be the digest of the PCR indices and
+                                                   PCR values to verify when revealing auth data */
+} TPM_PCR_INFO_SHORT; 
+
+#if 0
+/* 8.8 TPM_PCR_ATTRIBUTES rev 107
+
+   These attributes are available on a per PCR basis.
+
+   The TPM is not required to maintain this structure internally to the TPM.
+
+   When a challenger evaluates a PCR an understanding of this structure is vital to the proper
+   understanding of the platform configuration. As this structure is static for all platforms of the
+   same type the structure does not need to be reported with each quote.
+*/
+
+typedef struct tdTPM_PCR_ATTRIBUTES { 
+    TPM_BOOL pcrReset;          /* A value of TRUE SHALL indicate that the PCR register can be reset
+                                   using the TPM_PCR_RESET command. */
+    TPM_LOCALITY_SELECTION pcrExtendLocal;      /* An indication of which localities can perform
+                                                   extends on the PCR. */
+    TPM_LOCALITY_SELECTION pcrResetLocal;       /* An indication of which localities can reset the
+                                                   PCR */
+} TPM_PCR_ATTRIBUTES; 
+
+/*
+  9. Storage Structures 
+*/
+
+/* 9.1 TPM_STORED_DATA rev 87 
+
+   The definition of this structure is necessary to ensure the enforcement of security properties.
+   
+   This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and
+   values that must be present to properly unseal the data.
+
+   This structure only provides 1.1 data store and uses PCR_INFO
+
+   1. This structure is created during the TPM_Seal process. The confidential data is encrypted
+   using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the
+   public information in the structure to validate the current configuration and release the
+   decrypted data
+
+   2. When sealInfoSize is not 0 sealInfo MUST be TPM_PCR_INFO
+*/
+
+typedef struct tdTPM_STORED_DATA { 
+    TPM_STRUCT_VER ver;         /* This MUST be 1.1.0.0  */
+    TPM_SIZED_BUFFER sealInfo;
+#if 0
+    uint32_t sealInfoSize;	/* Size of the sealInfo parameter */
+    BYTE* sealInfo;             /* This SHALL be a structure of type TPM_PCR_INFO or a 0 length
+                                   array if the data is not bound to PCRs. */
+#endif
+    TPM_SIZED_BUFFER encData;
+#if 0
+    uint32_t encDataSize;	/* This SHALL be the size of the encData parameter */
+    BYTE* encData;              /* This shall be an encrypted TPM_SEALED_DATA structure containing
+                                   the confidential part of the data. */
+#endif
+    /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
+    TPM_PCR_INFO *tpm_seal_info;
+} TPM_STORED_DATA; 
+
+
+/* 9.2 TPM_STORED_DATA12 rev 101
+
+   The definition of this structure is necessary to ensure the enforcement of security properties.
+   This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR index and
+   values that must be present to properly unseal the data.
+
+   1. This structure is created during the TPM_Seal process. The confidential data is encrypted
+   using a nonmigratable key. When the TPM_Unseal decrypts this structure the TPM_Unseal uses the
+   public information in the structure to validate the current configuration and release the
+   decrypted data.
+
+   2. If sealInfoSize is not 0 then sealInfo MUST be TPM_PCR_INFO_LONG
+*/
+
+typedef struct tdTPM_STORED_DATA12 { 
+    TPM_STRUCTURE_TAG tag;      /* This SHALL be TPM_TAG_STORED_DATA12 */
+    TPM_ENTITY_TYPE et;         /* The type of blob */
+    TPM_SIZED_BUFFER sealInfo;
+#if 0
+    uint32_t sealInfoSize;	/* Size of the sealInfo parameter */
+    BYTE* sealInfo;             /* This SHALL be a structure of type TPM_PCR_INFO_LONG or a 0 length
+                                   array if the data is not bound to PCRs. */
+#endif
+    TPM_SIZED_BUFFER encData;
+#if 0
+    uint32_t encDataSize;	/* This SHALL be the size of the encData parameter */
+    BYTE* encData;              /* This shall be an encrypted TPM_SEALED_DATA structure containing
+                                   the confidential part of the data. */
+#endif
+    /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
+    TPM_PCR_INFO_LONG *tpm_seal_info_long;
+} TPM_STORED_DATA12; 
+
+/* 9.3 TPM_SEALED_DATA rev 87 
+
+   This structure contains confidential information related to sealed data, including the data
+   itself.
+
+   1. To tie the TPM_STORED_DATA structure to the TPM_SEALED_DATA structure this structure contains
+   a digest of the containing TPM_STORED_DATA structure.
+
+   2. The digest calculation does not include the encDataSize and encData parameters.
+*/
+
+typedef struct tdTPM_SEALED_DATA { 
+    TPM_PAYLOAD_TYPE payload;   /* This SHALL indicate the payload type of TPM_PT_SEAL */
+    TPM_SECRET authData;        /* This SHALL be the authorization data for this value */
+    TPM_SECRET tpmProof;        /* This SHALL be a copy of TPM_PERMANENT_FLAGS -> tpmProof */
+    TPM_DIGEST storedDigest;    /* This SHALL be a digest of the TPM_STORED_DATA structure,
+                                   excluding the fields TPM_STORED_DATA -> encDataSize and
+                                   TPM_STORED_DATA -> encData.  */
+    TPM_SIZED_BUFFER data;      /* This SHALL be the data to be sealed */
+#if 0
+    uint32_t dataSize;		/* This SHALL be the size of the data parameter */
+    BYTE* data;                 /* This SHALL be the data to be sealed */
+#endif
+} TPM_SEALED_DATA; 
+
+#endif
+
+
+/* 9.4 TPM_SYMMETRIC_KEY rev 87 
+
+   This structure describes a symmetric key, used during the process "Collating a Request for a
+   Trusted Platform Module Identity".
+*/
+
+typedef struct tdTPM_SYMMETRIC_KEY { 
+    TPM_ALGORITHM_ID algId;     /* This SHALL be the algorithm identifier of the symmetric key. */
+    TPM_ENC_SCHEME encScheme;   /* This SHALL fully identify the manner in which the key will be
+                                   used for encryption operations.  */
+    uint16_t size;		/* This SHALL be the size of the data parameter in bytes */
+    BYTE data[MAX_SYM_KEY_BYTES];	/* This SHALL be the symmetric key data */
+} TPM_SYMMETRIC_KEY; 
+
+#if 0
+
+/* 9.5 TPM_BOUND_DATA rev 87 
+
+   This structure is defined because it is used by a TPM_UnBind command in a consistency check.
+
+   The intent of TCG is to promote "best practice" heuristics for the use of keys: a signing key
+   shouldn't be used for storage, and so on. These heuristics are used because of the potential
+   threats that arise when the same key is used in different ways. The heuristics minimize the
+   number of ways in which a given key can be used.
+
+   One such heuristic is that a key of type TPM_KEY_BIND, and no other type of key, should always be
+   used to create the blob that is unwrapped by TPM_UnBind. Binding is not a TPM function, so the
+   only choice is to perform a check for the correct payload type when a blob is unwrapped by a key
+   of type TPM_KEY_BIND. This requires the blob to have internal structure.
+
+   Even though payloadData has variable size, TPM_BOUND_DATA deliberately does not include the size
+   of payloadData. This is to maximise the size of payloadData that can be encrypted when
+   TPM_BOUND_DATA is encrypted in a single block. When using TPM-UnBind to obtain payloadData, the
+   size of payloadData is deduced as a natural result of the (RSA) decryption process.
+
+   1. This structure MUST be used for creating data when (wrapping with a key of type TPM_KEY_BIND)
+   or (wrapping using the encryption algorithm TPM_ES_RSAESOAEP_SHA1_MGF1). If it is not, the
+   TPM_UnBind command will fail.
+*/
+
+typedef struct tdTPM_BOUND_DATA { 
+    TPM_STRUCT_VER ver;                 /* This MUST be 1.1.0.0  */
+    TPM_PAYLOAD_TYPE payload;           /* This SHALL be the value TPM_PT_BIND  */
+    uint32_t payloadDataSize;		/* NOTE: added, not part of serialization */
+    BYTE *payloadData;                  /* The bound data */
+} TPM_BOUND_DATA; 
+
+#endif
+
+/*
+  10. TPM_KEY Complex
+*/
+
+/* 10.1.1 TPM_RSA_KEY_PARMS rev 87 
+
+   This structure describes the parameters of an RSA key.
+*/
+
+typedef struct tdTPM_RSA_KEY_PARMS { 
+    uint32_t keyLength;   /* This specifies the size of the RSA key in bits */
+    uint32_t numPrimes;   /* This specifies the number of prime factors used by this RSA key. */
+    uint32_t exponentSize;	/* This SHALL be the size of the exponent. If the key is using the
+				   the default public exponent then the exponentSize MUST be 0. */
+    uint8_t exponent[4];    	/* The public exponent of this key */
+} TPM_RSA_KEY_PARMS; 
+
+/* 10.1.2 TPM_SYMMETRIC_KEY_PARMS rev 87
+
+   This structure describes the parameters for symmetric algorithms 
+*/
+
+typedef struct tdTPM_SYMMETRIC_KEY_PARMS { 
+    uint32_t keyLength;	/* This SHALL indicate the length of the key in bits */
+    uint32_t blockSize;	/* This SHALL indicate the block size of the algorithm*/
+    TPM2B_IV iv;	/* The initialization vector */
+} TPM_SYMMETRIC_KEY_PARMS; 
+
+/* 10.1 TPM_KEY_PARMS rev 87
+
+   This provides a standard mechanism to define the parameters used to generate a key pair, and to
+   store the parts of a key shared between the public and private key parts.
+*/
+
+typedef union {
+    TPM_RSA_KEY_PARMS		rsaParms;
+    TPM_SYMMETRIC_KEY_PARMS	symParms;
+} TPMU_PARMS;
+
+/* Marshaled TPMU_PARMS */
+
+#if 0
+typedef struct {
+    UINT32		parmSize;
+    TPMU_PARMS		parms;
+} TPM4B_PARMS;
+#endif
+
+typedef struct { 
+    TPM_ALGORITHM_ID algorithmID;       /* This SHALL be the key algorithm in use */
+    TPM_ENC_SCHEME encScheme;   /* This SHALL be the encryption scheme that the key uses to encrypt
+                                   information */
+    TPM_SIG_SCHEME sigScheme;   /* This SHALL be the signature scheme that the key uses to perform
+                                   digital signatures */
+    TPMU_PARMS parms;	
+} TPM_KEY_PARMS; 
+
+#if 0
+
+/* 10.7 TPM_STORE_PRIVKEY rev 87
+
+   This structure can be used in conjunction with a corresponding TPM_PUBKEY to construct a private
+   key which can be unambiguously used.
+*/
+
+#if 0
+typedef struct tdTPM_STORE_PRIVKEY { 
+    uint32_t keyLength;	/* This SHALL be the length of the key field. */
+    BYTE* key;          /* This SHALL be a structure interpreted according to the algorithm Id in
+                           the corresponding TPM_KEY structure. */
+} TPM_STORE_PRIVKEY; 
+#endif
+
+/* NOTE: Hard coded for RSA keys.  This will change if other algorithms are supported */
+
+typedef struct tdTPM_STORE_PRIVKEY { 
+    TPM_SIZED_BUFFER d_key;             /* private key */
+    TPM_SIZED_BUFFER p_key;             /* private prime factor */
+    TPM_SIZED_BUFFER q_key;             /* private prime factor */
+} TPM_STORE_PRIVKEY; 
+
+/* 10.6 TPM_STORE_ASYMKEY rev 87
+
+   The TPM_STORE_ASYMKEY structure provides the area to identify the confidential information
+   related to a key.  This will include the private key factors for an asymmetric key.
+
+   The structure is designed so that encryption of a TPM_STORE_ASYMKEY structure containing a 2048
+   bit RSA key can be done in one operation if the encrypting key is 2048 bits.
+
+   Using typical RSA notation the structure would include P, and when loading the key include the
+   unencrypted P*Q which would be used to recover the Q value.
+
+   To accommodate the future use of multiple prime RSA keys the specification of additional prime
+   factors is an optional capability.
+
+   This structure provides the basis of defining the protection of the private key.  Changes in this
+   structure MUST be reflected in the TPM_MIGRATE_ASYMKEY structure (section 10.8).
+*/
+
+typedef struct tdTPM_STORE_ASYMKEY {    
+    TPM_PAYLOAD_TYPE payload;           /* This SHALL set to TPM_PT_ASYM to indicate an asymmetric
+                                           key. If used in TPM_CMK_ConvertMigration the value SHALL
+                                           be TPM_PT_MIGRATE_EXTERNAL. If used in TPM_CMK_CreateKey
+                                           the value SHALL be TPM_PT_MIGRATE_RESTRICTED  */
+    TPM_SECRET usageAuth;               /* This SHALL be the authorization data necessary to
+                                           authorize the use of this value */
+    TPM_SECRET migrationAuth;           /* This SHALL be the migration authorization data for a
+                                           migratable key, or the TPM secret value tpmProof for a
+                                           non-migratable key created by the TPM.
+
+                                           If the TPM sets this parameter to the value tpmProof,
+                                           then the TPM_KEY.keyFlags.migratable of the corresponding
+                                           TPM_KEY structure MUST be set to 0.
+
+                                           If this parameter is set to the migration authorization
+                                           data for the key in parameter PrivKey, then the
+                                           TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY
+                                           structure SHOULD be set to 1. */
+    TPM_DIGEST pubDataDigest;           /* This SHALL be the digest of the corresponding TPM_KEY
+                                           structure, excluding the fields TPM_KEY.encSize and
+                                           TPM_KEY.encData.
+
+                                           When TPM_KEY -> pcrInfoSize is 0 then the digest
+                                           calculation has no input from the pcrInfo field. The
+                                           pcrInfoSize field MUST always be part of the digest
+                                           calculation.
+                                        */
+    TPM_STORE_PRIVKEY privKey;          /* This SHALL be the private key data. The privKey can be a
+                                           variable length which allows for differences in the key
+                                           format. The maximum size of the area would be 151
+                                           bytes. */
+} TPM_STORE_ASYMKEY;            
+
+/* 10.8 TPM_MIGRATE_ASYMKEY rev 87
+
+   The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private key factors of a
+   asymmetric key while the key is migrating between TPM's.
+
+   This structure provides the basis of defining the protection of the private key.
+
+   k1k2 - 132 privkey.key (128 + 4)
+   k1 - 20, OAEP seed
+   k2 - 112, partPrivKey
+   TPM_STORE_PRIVKEY 4 partPrivKey.keyLength
+                     108 partPrivKey.key (128 - 20)
+*/
+
+typedef struct tdTPM_MIGRATE_ASYMKEY {
+    TPM_PAYLOAD_TYPE payload;   /* This SHALL set to TPM_PT_MIGRATE or TPM_PT_CMK_MIGRATE to
+                                   indicate an migrating asymmetric key or TPM_PT_MAINT to indicate
+                                   a maintenance key. */
+    TPM_SECRET usageAuth;       /* This SHALL be a copy of the usageAuth from the TPM_STORE_ASYMKEY
+                                   structure. */
+    TPM_DIGEST pubDataDigest;   /* This SHALL be a copy of the pubDataDigest from the
+                                   TPM_STORE_ASYMKEY structure. */
+#if 0
+    uint32_t partPrivKeyLen;	/* This SHALL be the size of the partPrivKey field */
+    BYTE *partPrivKey;          /* This SHALL be the k2 area as described in TPM_CreateMigrationBlob
+                                   */
+#endif
+    TPM_SIZED_BUFFER partPrivKey;
+} TPM_MIGRATE_ASYMKEY; 
+
+#endif
+
+/* 10.4 TPM_STORE_PUBKEY
+
+   This structure can be used in conjunction with a corresponding TPM_KEY_PARMS to 1382 construct a
+   public key which can be unambiguously used.
+*/
+
+typedef struct tdTPM_STORE_PUBKEY {
+    UINT32 keyLength;			/* This SHALL be the length of the key field. */
+    BYTE key[MAX_RSA_KEY_BYTES]; 	/* This SHALL be a structure interpreted according to the
+					   algorithm Id in the corresponding TPM_KEY_PARMS
+					   structure. */
+} TPM_STORE_PUBKEY;
+
+/* 10.3 TPM_KEY12 rev 87
+
+   This provides the same functionality as TPM_KEY but uses the new PCR_INFO_LONG structures and the
+   new structure tagging. In all other aspects this is the same structure.
+*/
+
+typedef struct tdTPM_KEY12 { 
+    TPM_STRUCTURE_TAG tag;      /* MUST be TPM_TAG_KEY12 */
+    uint16_t fill;		/* MUST be 0x0000 */
+    TPM_KEY_USAGE keyUsage;     /* This SHALL be the TPM key usage that determines the operations
+                                   permitted with this key */
+    TPM_KEY_FLAGS keyFlags;     /* This SHALL be the indication of migration, redirection etc. */
+    TPM_AUTH_DATA_USAGE authDataUsage;  /* This SHALL Indicate the conditions where it is required
+                                           that authorization be presented. */
+    TPM_KEY_PARMS algorithmParms;       /* This SHALL be the information regarding the algorithm for
+                                           this key */
+    TPM_PCR_INFO_LONG PCRInfo;
+    TPM_STORE_PUBKEY pubKey;    /* This SHALL be the public portion of the key */
+    TPM_STORE_PUBKEY encData;	/* This SHALL be an encrypted TPM_STORE_ASYMKEY structure
+					   TPM_MIGRATE_ASYMKEY structure */
+} TPM_KEY12; 
+
+/* 10.5 TPM_PUBKEY rev 99
+
+   The TPM_PUBKEY structure contains the public portion of an asymmetric key pair. It contains all
+   the information necessary for its unambiguous usage. It is possible to construct this structure
+   from a TPM_KEY, using the algorithmParms and pubKey fields.
+
+   The pubKey member of this structure shall contain the public key for a specific algorithm.
+*/
+
+typedef struct tdTPM_PUBKEY { 
+    TPM_KEY_PARMS algorithmParms;       /* This SHALL be the information regarding this key */
+    TPM_STORE_PUBKEY pubKey;            /* This SHALL be the public key information */
+} TPM_PUBKEY; 
+
+#if 0
+
+/* 5.b. The TPM must support a minimum of 2 key slots. */
+
+#define TPM_KEY_HANDLES         16     /* entries in global TPM_KEY_HANDLE_ENTRY array */
+
+/* TPM_GetCapability uses a uint_16 for the number of key slots */
+
+#if (TPM_KEY_HANDLES > 0xffff)
+#error "TPM_KEY_HANDLES must be less than 0x10000"
+#endif
+
+/* The TPM does not have to support any minumum number of owner evict keys.  Adjust this value to
+   match the amount of NV space available.  An owner evict key consumes about 512 bytes.
+
+   A value greater than (TPM_KEY_HANDLES - 2) is useless, as the TPM reserves 2 key slots for
+   non-owner evict keys to avoid blocking.
+*/
+
+#define TPM_OWNER_EVICT_KEY_HANDLES 	2
+#if (TPM_OWNER_EVICT_KEY_HANDLES > (TPM_KEY_HANDLES - 2))
+#error "TPM_OWNER_EVICT_KEY_HANDLES too large for TPM_KEY_HANDLES"
+#endif
+
+/* This is the version used by the TPM implementation.  It is part of the global TPM state */
+
+/* kgold: Added TPM_KEY member.  There needs to be a mapping between a key handle
+   and the pointer to TPM_KEY objects, and this seems to be the right place for it. */
+
+typedef struct tdTPM_KEY_HANDLE_ENTRY {
+    TPM_KEY_HANDLE handle;      /* Handles for a key currently loaded in the TPM */
+    TPM_KEY *key;               /* Pointer to the key object */
+    TPM_BOOL parentPCRStatus;   /* TRUE if parent of this key uses PCR's */
+    TPM_KEY_CONTROL keyControl; /* Attributes that can control various aspects of key usage and
+                                   manipulation. */
+} TPM_KEY_HANDLE_ENTRY; 
+
+/* 5.12 TPM_MIGRATIONKEYAUTH rev 87
+
+   This structure provides the proof that the associated public key has TPM Owner authorization to
+   be a migration key.
+*/
+
+typedef struct tdTPM_MIGRATIONKEYAUTH { 
+    TPM_PUBKEY migrationKey;            /* This SHALL be the public key of the migration facility */
+    TPM_MIGRATE_SCHEME migrationScheme; /* This shall be the type of migration operation.*/
+    TPM_DIGEST digest;                  /* This SHALL be the digest value of the concatenation of
+                                           migration key, migration scheme and tpmProof */
+} TPM_MIGRATIONKEYAUTH; 
+
+/* 5.13 TPM_COUNTER_VALUE rev 87
+
+   This structure returns the counter value. For interoperability, the value size should be 4 bytes.
+*/
+
+#define TPM_COUNTER_LABEL_SIZE  4
+#define TPM_COUNT_ID_NULL 0xffffffff    /* unused value TPM_CAP_PROP_ACTIVE_COUNTER expects this
+                                           value if no counter is active */
+#define TPM_COUNT_ID_ILLEGAL 0xfffffffe /* after releasing an active counter */
+
+typedef struct tdTPM_COUNTER_VALUE {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_COUNTER_VALUE */
+#endif
+    BYTE label[TPM_COUNTER_LABEL_SIZE]; /* The label for the counter */
+    TPM_ACTUAL_COUNT counter;           /* The 32-bit counter value. */
+    /* NOTE: Added.  TPMWG email says the specification structure is the public part, but these are
+       vendor specific private members. */
+    TPM_SECRET authData;                /* Authorization secret for counter */
+    TPM_BOOL valid;
+    TPM_DIGEST digest;                  /* for OSAP comparison */
+} TPM_COUNTER_VALUE; 
+
+/* 5.14 TPM_SIGN_INFO Structure rev 102
+
+   This is an addition in 1.2 and is the structure signed for certain commands (e.g.,
+   TPM_ReleaseTransportSigned).  Some commands have a structure specific to that command (e.g.,
+   TPM_Quote uses TPM_QUOTE_INFO) and do not use TPM_SIGN_INFO.
+
+   TPM_Sign uses this structure when the signature scheme is TPM_SS_RSASSAPKCS1v15_INFO.
+*/
+
+#define TPM_SIGN_INFO_FIXED_SIZE 4
+
+typedef struct tdTPM_SIGN_INFO { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_SIGNINFO */
+#endif
+    BYTE fixed[TPM_SIGN_INFO_FIXED_SIZE];       /* The ASCII text that identifies what function was
+                                                   performing the signing operation*/
+    TPM_NONCE replay;           /* Nonce provided by caller to prevent replay attacks */
+#if 0
+    uint32_t dataLen;		/* The length of the data area */
+    BYTE* data;                 /* The data that is being signed */
+#endif
+    TPM_SIZED_BUFFER data;      /* The data that is being signed */
+} TPM_SIGN_INFO; 
+
+/* 5.15 TPM_MSA_COMPOSITE Structure rev 87
+
+   TPM_MSA_COMPOSITE contains an arbitrary number of digests of public keys belonging to Migration
+   Authorities. An instance of TPM_MSA_COMPOSITE is incorporated into the migrationAuth value of a
+   certified-migration-key (CMK), and any of the Migration Authorities specified in that instance is
+   able to approve the migration of that certified-migration-key.
+   
+   TPMs MUST support TPM_MSA_COMPOSITE structures with MSAlist of four (4) or less, and MAY support
+   larger values of MSAlist.
+*/
+
+typedef struct tdTPM_MSA_COMPOSITE {
+    uint32_t MSAlist;			/* The number of migAuthDigests. MSAlist MUST be one (1) or
+                                           greater. */
+    TPM_DIGEST *migAuthDigest;          /* An arbitrary number of digests of public keys belonging
+                                           to Migration Authorities. */
+} TPM_MSA_COMPOSITE;
+
+/* 5.16 TPM_CMK_AUTH 
+
+   The signed digest of TPM_CMK_AUTH is a ticket to prove that the entity with public key
+   "migrationAuthority" has approved the public key "destination Key" as a migration destination for
+   the key with public key "sourceKey".
+
+   Normally the digest of TPM_CMK_AUTH is signed by the private key corresponding to
+   "migrationAuthority".
+
+   To reduce data size, TPM_CMK_AUTH contains just the digests of "migrationAuthority",
+   "destinationKey" and "sourceKey".
+*/
+
+typedef struct tdTPM_CMK_AUTH { 
+    TPM_DIGEST migrationAuthorityDigest;        /* The digest of the public key of a Migration
+                                                   Authority */
+    TPM_DIGEST destinationKeyDigest;            /* The digest of a TPM_PUBKEY structure that is an
+                                                   approved destination key for the private key
+                                                   associated with "sourceKey"*/
+    TPM_DIGEST sourceKeyDigest;                 /* The digest of a TPM_PUBKEY structure whose
+                                                   corresponding private key is approved by the
+                                                   Migration Authority to be migrated as a child to
+                                                   the destinationKey.  */
+} TPM_CMK_AUTH;
+
+#endif
+
+/* 5.18 TPM_SELECT_SIZE rev 87
+
+  This structure provides the indication for the version and sizeOfSelect structure in GetCapability
+*/
+
+typedef struct tdTPM_SELECT_SIZE {
+    BYTE major;         /* This SHALL indicate the major version of the TPM. This MUST be 0x01 */
+    BYTE minor;         /* This SHALL indicate the minor version of the TPM. This MAY be 0x01 or
+                           0x02 */
+    uint16_t reqSize;	/* This SHALL indicate the value for a sizeOfSelect field in the
+                           TPM_SELECTION structure */
+} TPM_SELECT_SIZE;
+
+#if 0
+
+/* 5.19 TPM_CMK_MIGAUTH rev 89
+
+   Structure to keep track of the CMK migration authorization
+*/
+
+typedef struct tdTPM_CMK_MIGAUTH {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* Set to TPM_TAG_CMK_MIGAUTH */
+#endif
+    TPM_DIGEST msaDigest;       /* The digest of a TPM_MSA_COMPOSITE structure containing the
+                                   migration authority public key and parameters. */
+    TPM_DIGEST pubKeyDigest;    /* The hash of the associated public key */
+} TPM_CMK_MIGAUTH;
+
+/* 5.20 TPM_CMK_SIGTICKET rev 87
+
+   Structure to keep track of the CMK migration authorization
+*/
+
+typedef struct tdTPM_CMK_SIGTICKET {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* Set to TPM_TAG_CMK_SIGTICKET */
+#endif
+    TPM_DIGEST verKeyDigest;    /* The hash of a TPM_PUBKEY structure containing the public key and
+                                   parameters of the key that can verify the ticket */
+    TPM_DIGEST signedData;      /* The ticket data */
+} TPM_CMK_SIGTICKET;
+
+/* 5.21 TPM_CMK_MA_APPROVAL rev 87
+    
+   Structure to keep track of the CMK migration authorization
+*/
+
+typedef struct tdTPM_CMK_MA_APPROVAL {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;                      /* Set to TPM_TAG_CMK_MA_APPROVAL */
+#endif
+    TPM_DIGEST migrationAuthorityDigest;        /* The hash of a TPM_MSA_COMPOSITE structure
+                                                   containing the hash of one or more migration
+                                                   authority public keys and parameters. */
+} TPM_CMK_MA_APPROVAL;
+
+/* 20.2 Delegate Definitions rev 101
+
+   The delegations are in a 64-bit field. Each bit describes a capability that the TPM Owner can
+   delegate to a trusted process by setting that bit. Each delegation bit setting is independent of
+   any other delegation bit setting in a row.
+
+   If a TPM command is not listed in the following table, then the TPM Owner cannot delegate that
+   capability to a trusted process. For the TPM commands that are listed in the following table, if
+   the bit associated with a TPM command is set to zero in the row of the table that identifies a
+   trusted process, then that process has not been delegated to use that TPM command.
+
+   The minimum granularity for delegation is at the ordinal level. It is not possible to delegate an
+   option of an ordinal. This implies that if the options present a difficulty and there is a need
+   to separate the delegations then there needs to be a split into two separate ordinals.
+*/
+
+#define TPM_DEL_OWNER_BITS 0x00000001 
+#define TPM_DEL_KEY_BITS   0x00000002 
+
+typedef struct tdTPM_DELEGATIONS { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* This SHALL be TPM_TAG_DELEGATIONS */
+#endif
+    uint32_t delegateType;        /* Owner or key */
+    uint32_t per1;                /* The first block of permissions */
+    uint32_t per2;                /* The second block of permissions */
+} TPM_DELEGATIONS; 
+
+/* 20.4 TPM_FAMILY_LABEL rev 85
+
+   Used in the family table to hold a one-byte numeric value (sequence number) that software can map
+   to a string of bytes that can be displayed or used by applications.
+
+   This is not sensitive data. 
+*/
+
+#if 0
+typedef struct tdTPM_FAMILY_LABEL { 
+    BYTE label;         /* A sequence number that software can map to a string of bytes that can be
+                           displayed or used by the applications. This MUST not contain sensitive
+                           information. */
+} TPM_FAMILY_LABEL; 
+#endif
+
+typedef BYTE TPM_FAMILY_LABEL;  /* NOTE: No need for a structure here */
+
+/* 20.5 TPM_FAMILY_TABLE_ENTRY rev 101
+
+   The family table entry is an individual row in the family table. There are no sensitive values in
+   a family table entry.
+
+   Each family table entry contains values to facilitate table management: the familyID sequence
+   number value that associates a family table row with one or more delegate table rows, a
+   verification sequence number value that identifies when rows in the delegate table were last
+   verified, and BYTE family label value that software can map to an ASCII text description of the
+   entity using the family table entry
+*/
+
+typedef struct tdTPM_FAMILY_TABLE_ENTRY { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* This SHALL be TPM_TAG_FAMILY_TABLE_ENTRY */
+#endif
+    TPM_FAMILY_LABEL familyLabel;       /* A sequence number that software can map to a string of
+                                           bytes that can be displayed of used by the applications.
+                                           This MUST not contain sensitive informations. */
+    TPM_FAMILY_ID familyID;             /* The family ID in use to tie values together. This is not
+                                           a sensitive value. */
+    TPM_FAMILY_VERIFICATION verificationCount;  /* The value inserted into delegation rows to
+                                                   indicate that they are the current generation of
+                                                   rows. Used to identify when a row in the delegate
+                                                   table was last verified. This is not a sensitive
+                                                   value. */
+    TPM_FAMILY_FLAGS flags;             /* See section on TPM_FAMILY_FLAGS. */
+    /* NOTE Added */
+    TPM_BOOL valid;
+} TPM_FAMILY_TABLE_ENTRY;
+
+/* 20.6 TPM_FAMILY_TABLE rev 87
+
+   The family table is stored in a TPM shielded location. There are no confidential values in the
+   family table.  The family table contains a minimum of 8 rows.
+*/
+
+#define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 8 
+
+typedef struct tdTPM_FAMILY_TABLE { 
+    TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN]; 
+} TPM_FAMILY_TABLE;
+
+/* 20.7 TPM_DELEGATE_LABEL rev 87
+
+   Used in both the delegate table and the family table to hold a string of bytes that can be
+   displayed or used by applications. This is not sensitive data.
+*/
+
+#if 0
+typedef struct tdTPM_DELEGATE_LABEL { 
+    BYTE label;         /* A byte that can be displayed or used by the applications. This MUST not
+                           contain sensitive information.  */
+} TPM_DELEGATE_LABEL; 
+#endif
+
+typedef BYTE TPM_DELEGATE_LABEL;        /* NOTE: No need for structure */
+
+/* 20.8 TPM_DELEGATE_PUBLIC rev 101
+
+   The information of a delegate row that is public and does not have any sensitive information.
+
+   PCR_INFO_SHORT is appropriate here as the command to create this is done using owner
+   authorization, hence the owner authorized the command and the delegation. There is no need to
+   validate what configuration was controlling the platform during the blob creation.
+*/
+
+typedef struct tdTPM_DELEGATE_PUBLIC { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* This SHALL be TPM_TAG_DELEGATE_PUBLIC  */
+#endif
+    TPM_DELEGATE_LABEL rowLabel;        /* This SHALL be the label for the row. It
+                                           MUST not contain any sensitive information. */
+    TPM_PCR_INFO_SHORT pcrInfo;         /* This SHALL be the designation of the process that can use
+                                           the permission. This is a not sensitive
+                                           value. PCR_SELECTION may be NULL.
+
+                                           If selected the pcrInfo MUST be checked on each use of
+                                           the delegation. Use of the delegation is where the
+                                           delegation is passed as an authorization handle. */
+    TPM_DELEGATIONS permissions;        /* This SHALL be the permissions that are allowed to the
+                                           indicated process. This is not a sensitive value. */
+    TPM_FAMILY_ID familyID;             /* This SHALL be the family ID that identifies which family
+                                           the row belongs to. This is not a sensitive value. */
+    TPM_FAMILY_VERIFICATION verificationCount;  /* A copy of verificationCount from the associated
+                                                   family table. This is not a sensitive value. */
+} TPM_DELEGATE_PUBLIC; 
+
+
+/* 20.9 TPM_DELEGATE_TABLE_ROW rev 101
+
+   A row of the delegate table. 
+*/
+
+typedef struct tdTPM_DELEGATE_TABLE_ROW { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* This SHALL be TPM_TAG_DELEGATE_TABLE_ROW */
+#endif
+    TPM_DELEGATE_PUBLIC pub;    /* This SHALL be the public information for a table row. */
+    TPM_SECRET authValue;       /* This SHALL be the authorization value that can use the
+                                   permissions. This is a sensitive value. */
+    /* NOTE Added */
+    TPM_BOOL valid;
+} TPM_DELEGATE_TABLE_ROW; 
+
+/* 20.10 TPM_DELEGATE_TABLE rev 87
+
+   This is the delegate table. The table contains a minimum of 2 rows.
+
+   This will be an entry in the TPM_PERMANENT_DATA structure.
+*/
+
+#define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 
+
+typedef struct tdTPM_DELEGATE_TABLE { 
+    TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN]; /* The array of delegations */
+} TPM_DELEGATE_TABLE; 
+
+/* 20.11 TPM_DELEGATE_SENSITIVE rev 115
+
+   The TPM_DELEGATE_SENSITIVE structure is the area of a delegate blob that contains sensitive
+   information.
+
+   This structure is normative for loading unencrypted blobs before there is an owner.  It is
+   informative for TPM_CreateOwnerDelegation and TPM_LoadOwnerDelegation after there is an owner and
+   encrypted blobs are used, since the structure is under complete control of the TPM.
+*/
+
+typedef struct tdTPM_DELEGATE_SENSITIVE {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* This MUST be TPM_TAG_DELEGATE_SENSITIVE */
+#endif
+    TPM_SECRET authValue;       /* AuthData value */
+} TPM_DELEGATE_SENSITIVE;
+
+/* 20.12 TPM_DELEGATE_OWNER_BLOB rev 87
+
+   This data structure contains all the information necessary to externally store a set of owner
+   delegation rights that can subsequently be loaded or used by this TPM.
+   
+   The encryption mechanism for the sensitive area is a TPM choice. The TPM may use asymmetric
+   encryption and the SRK for the key. The TPM may use symmetric encryption and a secret key known
+   only to the TPM.
+*/
+
+typedef struct tdTPM_DELEGATE_OWNER_BLOB {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* This MUST be TPM_TAG_DELG_OWNER_BLOB */
+#endif
+    TPM_DELEGATE_PUBLIC pub;    /* The public information for this blob */
+    TPM_DIGEST integrityDigest; /* The HMAC to guarantee the integrity of the entire structure */
+    TPM_SIZED_BUFFER additionalArea;    /* An area that the TPM can add to the blob which MUST NOT
+                                           contain any sensitive information. This would include any
+                                           IV material for symmetric encryption */
+    TPM_SIZED_BUFFER sensitiveArea;     /* The area that contains the encrypted
+                                           TPM_DELEGATE_SENSITIVE */
+} TPM_DELEGATE_OWNER_BLOB;
+
+/* 20.13 TPM_DELEGATE_KEY_BLOB rev 87
+    
+   A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores delegation information for user
+   keys.  As compared to TPM_DELEGATE_OWNER_BLOB, it adds a hash of the corresponding public key
+   value to the public information.
+*/
+
+typedef struct tdTPM_DELEGATE_KEY_BLOB {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* This MUST be TPM_TAG_DELG_KEY_BLOB */
+#endif
+    TPM_DELEGATE_PUBLIC pub;            /* The public information for this blob */
+    TPM_DIGEST integrityDigest;         /* The HMAC to guarantee the integrity of the entire
+                                           structure */
+    TPM_DIGEST pubKeyDigest;            /* The digest, that uniquely identifies the key for which
+                                           this usage delegation applies.  */
+    TPM_SIZED_BUFFER additionalArea;    /* An area that the TPM can add to the blob which MUST NOT
+                                           contain any sensitive information. This would include any
+                                           IV material for symmetric encryption */
+    TPM_SIZED_BUFFER sensitiveArea;     /* The area that contains the encrypted
+                                           TPM_DELEGATE_SENSITIVE */
+} TPM_DELEGATE_KEY_BLOB;
+
+/* 15.1 TPM_CURRENT_TICKS rev 110
+
+   This structure holds the current number of time ticks in the TPM. The value is the number of time
+   ticks from the start of the current session. Session start is a variable function that is
+   platform dependent. Some platforms may have batteries or other power sources and keep the TPM
+   clock session across TPM initialization sessions.
+   
+   The <tickRate> element of the TPM_CURRENT_TICKS structure provides the number of microseconds per
+   tick.  The platform manufacturer must satisfy input clock requirements set by the TPM vendor to
+   ensure the accuracy of the tickRate.
+   
+   No external entity may ever set the current number of time ticks held in TPM_CURRENT_TICKS. This
+   value is always reset to 0 when a new clock session starts and increments under control of the
+   TPM.
+   
+   Maintaining the relationship between the number of ticks counted by the TPM and some real world
+   clock is a task for external software.
+*/
+
+/* This is not a true UINT64, but a special structure to hold currentTicks */
+
+typedef struct tdTPM_UINT64 {
+    uint32_t sec;
+    uint32_t usec;
+} TPM_UINT64;
+
+typedef struct tdTPM_CURRENT_TICKS {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_CURRENT_TICKS */
+#endif
+    TPM_UINT64 currentTicks;    /* The number of ticks since the start of this tick session */
+    /* upper is seconds, lower is useconds */
+    uint16_t tickRate;		/* The number of microseconds per tick. The maximum resolution of
+                                   the TPM tick counter is thus 1 microsecond. The minimum
+                                   resolution SHOULD be 1 millisecond. */
+    TPM_NONCE tickNonce;        /* TPM_NONCE tickNonce The nonce created by the TPM when resetting
+                                   the currentTicks to 0.  This indicates the beginning of a time
+                                   session.  This value MUST be valid before the first use of
+                                   TPM_CURRENT_TICKS. The value can be set at TPM_Startup or just
+                                   prior to first use. */
+    /* NOTE Added */
+    TPM_UINT64 initialTime;     /* Time from TPM_GetTimeOfDay() */
+} TPM_CURRENT_TICKS;
+
+/*
+  13. Transport Structures
+*/
+
+/* 13.1 TPM _TRANSPORT_PUBLIC rev 87
+
+   The public information relative to a transport session
+*/
+
+typedef struct tdTPM_TRANSPORT_PUBLIC {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG   tag;                    /* TPM_TAG_TRANSPORT_PUBLIC */
+#endif
+    TPM_TRANSPORT_ATTRIBUTES transAttributes;   /* The attributes of this session */
+    TPM_ALGORITHM_ID algId;                     /* This SHALL be the algorithm identifier of the
+                                                   symmetric key. */
+    TPM_ENC_SCHEME encScheme;                   /* This SHALL fully identify the manner in which the
+                                                   key will be used for encryption operations. */
+} TPM_TRANSPORT_PUBLIC;
+
+/* 13.2 TPM_TRANSPORT_INTERNAL rev 88
+
+   The internal information regarding transport session
+*/
+
+#define TPM_MIN_TRANS_SESSIONS 3
+
+typedef struct tdTPM_TRANSPORT_INTERNAL {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_TRANSPORT_INTERNAL */
+#endif
+    TPM_AUTHDATA authData;              /* The shared secret for this session */
+    TPM_TRANSPORT_PUBLIC transPublic;   /* The public information of this session */
+    TPM_TRANSHANDLE transHandle;        /* The handle for this session */
+    TPM_NONCE transNonceEven;           /* The even nonce for the rolling protocol */
+    TPM_DIGEST transDigest;             /* The log of transport events */
+    /* added kgold */
+    TPM_BOOL valid;                     /* entry is valid */
+} TPM_TRANSPORT_INTERNAL;
+
+/* 13.3 TPM_TRANSPORT_LOG_IN rev 87
+
+   The logging of transport commands occurs in two steps, before execution with the input 
+   parameters and after execution with the output parameters.
+   
+   This structure is in use for input log calculations.
+*/
+
+typedef struct tdTPM_TRANSPORT_LOG_IN {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG   tag;    /* TPM_TAG_TRANSPORT_LOG_IN */
+#endif
+    TPM_DIGEST parameters;      /* The actual parameters contained in the digest are subject to the
+                                   rules of the command using this structure. To find the exact
+                                   calculation refer to the actions in the command using this
+                                   structure. */
+    TPM_DIGEST pubKeyHash;      /* The hash of any keys in the transport command */
+} TPM_TRANSPORT_LOG_IN;
+
+/* 13.4 TPM_TRANSPORT_LOG_OUT rev 88
+
+   The logging of transport commands occurs in two steps, before execution with the input parameters
+   and after execution with the output parameters.
+   
+   This structure is in use for output log calculations. 
+   
+   This structure is in use for the INPUT logging during releaseTransport.
+*/
+
+typedef struct tdTPM_TRANSPORT_LOG_OUT {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_TRANSPORT_LOG_OUT */
+#endif
+    TPM_CURRENT_TICKS currentTicks;     /* The current tick count. This SHALL be the value of the
+                                           current TPM tick counter.  */
+    TPM_DIGEST parameters;              /* The actual parameters contained in the digest are subject
+                                           to the rules of the command using this structure. To find
+                                           the exact calculation refer to the actions in the command
+                                           using this structure. */
+    TPM_MODIFIER_INDICATOR locality;    /* The locality that called TPM_ExecuteTransport */
+} TPM_TRANSPORT_LOG_OUT;
+
+/* 13.5 TPM_TRANSPORT_AUTH structure rev 87
+
+   This structure provides the validation for the encrypted AuthData value.
+*/
+
+typedef struct tdTPM_TRANSPORT_AUTH {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG   tag;    /* TPM_TAG_TRANSPORT_AUTH */
+#endif
+    TPM_AUTHDATA authData;      /* The AuthData value */
+} TPM_TRANSPORT_AUTH;
+
+/* 22.3 TPM_DAA_ISSUER rev 91
+
+   This structure is the abstract representation of non-secret settings controlling a DAA
+   context. The structure is required when loading public DAA data into a TPM.  TPM_DAA_ISSUER
+   parameters are normally held outside the TPM as plain text data, and loaded into a TPM when a DAA
+   session is required. A TPM_DAA_ISSUER structure contains no integrity check: the TPM_DAA_ISSUER
+   structure at time of JOIN is indirectly verified by the issuer during the JOIN process, and a
+   digest of the verified TPM_DAA_ISSUER structure is held inside the TPM_DAA_TPM structure created
+   by the JOIN process.  Parameters DAA_digest_X are digests of public DAA_generic_X parameters, and
+   used to verify that the correct value of DAA_generic_X has been loaded. DAA_generic_q is stored
+   in its native form to reduce command complexity.
+*/
+
+typedef struct tdTPM_DAA_ISSUER {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG   tag;    /* MUST be TPM_TAG_DAA_ISSUER */
+#endif
+    TPM_DIGEST  DAA_digest_R0;  /* A digest of the parameter "R0", which is not secret and may be
+                                   common to many TPMs.  */
+    TPM_DIGEST  DAA_digest_R1;  /* A digest of the parameter "R1", which is not secret and may be
+                                   common to many TPMs.  */
+    TPM_DIGEST  DAA_digest_S0;  /* A digest of the parameter "S0", which is not secret and may be
+                                   common to many TPMs.  */
+    TPM_DIGEST  DAA_digest_S1;  /* A digest of the parameter "S1", which is not secret and may be
+                                   common to many TPMs. */
+    TPM_DIGEST  DAA_digest_n;   /* A digest of the parameter "n", which is not secret and may be
+                                   common to many TPMs.  */
+    TPM_DIGEST  DAA_digest_gamma;       /* A digest of the parameter "gamma", which is not secret
+                                           and may be common to many TPMs.  */
+    BYTE        DAA_generic_q[26];      /* The parameter q, which is not secret and may be common to
+                                           many TPMs. Note that q is slightly larger than a digest,
+                                           but is stored in its native form to simplify the
+                                           TPM_DAA_join command. Otherwise, JOIN requires 3 input
+                                           parameters. */
+} TPM_DAA_ISSUER;
+
+/* 22.4 TPM_DAA_TPM rev 91
+
+   This structure is the abstract representation of TPM specific parameters used during a DAA 
+   context. TPM-specific DAA parameters may be stored outside the TPM, and hence this 
+   structure is needed to save private DAA data from a TPM, or load private DAA data into a 
+   TPM.
+   
+   If a TPM_DAA_TPM structure is stored outside the TPM, it is stored in a confidential format that
+   can be interpreted only by the TPM created it. This is to ensure that secret parameters are
+   rendered confidential, and that both secret and non-secret data in TPM_DAA_TPM form a
+   self-consistent set.
+  
+   TPM_DAA_TPM includes a digest of the public DAA parameters that were used during creation of the
+   TPM_DAA_TPM structure. This is needed to verify that a TPM_DAA_TPM is being used with the public
+   DAA parameters used to create the TPM_DAA_TPM structure.  Parameters DAA_digest_v0 and
+   DAA_digest_v1 are digests of public DAA_private_v0 and DAA_private_v1 parameters, and used to
+   verify that the correct private parameters have been loaded.
+   
+   Parameter DAA_count is stored in its native form, because it is smaller than a digest, and is
+   required to enforce consistency.
+*/
+
+typedef struct tdTPM_DAA_TPM {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* MUST be TPM_TAG_DAA_TPM */
+#endif
+    TPM_DIGEST  DAA_digestIssuer;       /* A digest of a TPM_DAA_ISSUER structure that contains the
+                                           parameters used to generate this TPM_DAA_TPM
+                                           structure. */
+    TPM_DIGEST  DAA_digest_v0;  /* A digest of the parameter "v0", which is secret and specific to
+                                   this TPM. "v0" is generated during a JOIN phase.  */
+    TPM_DIGEST  DAA_digest_v1;  /* A digest of the parameter "v1", which is secret and specific to
+                                   this TPM. "v1" is generated during a JOIN phase.  */
+    TPM_DIGEST  DAA_rekey;      /* A digest related to the rekeying process, which is not secret but
+                                   is specific to this TPM, and must be consistent across JOIN/SIGN
+                                   sessions. "rekey" is generated during a JOIN phase. */
+    uint32_t      DAA_count;	/* The parameter "count", which is not secret but must be consistent
+                                   across JOIN/SIGN sessions. "count" is an input to the TPM from
+                                   the host system. */
+} TPM_DAA_TPM;
+
+/* 22.5 TPM_DAA_CONTEXT rev 91
+
+   TPM_DAA_CONTEXT structure is created and used inside a TPM, and never leaves the TPM.  This
+   entire section is informative as the TPM does not expose this structure.  TPM_DAA_CONTEXT
+   includes a digest of the public and private DAA parameters that were used during creation of the
+   TPM_DAA_CONTEXT structure. This is needed to verify that a TPM_DAA_CONTEXT is being used with the
+   public and private DAA parameters used to create the TPM_DAA_CONTEXT structure.
+*/
+
+typedef struct tdTPM_DAA_CONTEXT {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG   tag;    /* MUST be TPM_TAG_DAA_CONTEXT */
+#endif
+    TPM_DIGEST  DAA_digestContext;      /* A digest of parameters used to generate this
+                                           structure. The parameters vary, depending on whether the
+                                           session is a JOIN session or a SIGN session. */
+    TPM_DIGEST  DAA_digest;     /* A running digest of certain parameters generated during DAA
+                                   computation; operationally the same as a PCR (which holds a
+                                   running digest of integrity metrics). */
+    TPM_DAA_CONTEXT_SEED        DAA_contextSeed;        /* The seed used to generate other DAA
+                                                           session parameters */
+    BYTE        DAA_scratch[256];       /* Memory used to hold different parameters at different
+                                           times of DAA computation, but only one parameter at a
+                                           time.  The maximum size of this field is 256 bytes */
+    BYTE        DAA_stage;      /* A counter, indicating the stage of DAA computation that was most
+                                   recently completed. The value of the counter is zero if the TPM
+                                   currently contains no DAA context.
+
+                                   When set to zero (0) the TPM MUST clear all other fields in this
+                                   structure.
+
+                                   The TPM MUST set DAA_stage to 0 on TPM_Startup(ANY) */
+    TPM_BOOL    DAA_scratch_null;       
+} TPM_DAA_CONTEXT;
+
+/* 22.6 TPM_DAA_JOINDATA rev 91
+
+   This structure is the abstract representation of data that exists only during a specific JOIN
+   session.
+*/
+
+typedef struct tdTPM_DAA_JOINDATA {
+    BYTE        DAA_join_u0[128];       /* A TPM-specific secret "u0", used during the JOIN phase,
+                                           and discarded afterwards.  */
+    BYTE        DAA_join_u1[138];       /* A TPM-specific secret "u1", used during the JOIN phase,
+                                           and discarded afterwards.  */
+    TPM_DIGEST  DAA_digest_n0;  /* A digest of the parameter "n0", which is an RSA public key with
+                                   exponent 2^16 +1 */
+} TPM_DAA_JOINDATA;
+
+/* DAA Session structure
+
+*/
+
+#define TPM_MIN_DAA_SESSIONS 2
+
+typedef struct tdTPM_DAA_SESSION_DATA {
+    TPM_DAA_ISSUER      DAA_issuerSettings;     /* A set of DAA issuer parameters controlling a DAA
+                                                   session. (non-secret) */
+    TPM_DAA_TPM         DAA_tpmSpecific;        /* A set of DAA parameters associated with a
+                                                   specific TPM. (secret) */
+    TPM_DAA_CONTEXT     DAA_session;            /* A set of DAA parameters associated with a DAA
+                                                   session. (secret) */
+    TPM_DAA_JOINDATA    DAA_joinSession;        /* A set of DAA parameters used only during the JOIN
+                                                   phase of a DAA session, and generated by the
+                                                   TPM. (secret) */
+    /* added kgold */
+    TPM_HANDLE          daaHandle;              /* DAA session handle */
+    TPM_BOOL            valid;                  /* array entry is valid */
+    /* FIXME should have handle type Join or Sign */
+} TPM_DAA_SESSION_DATA;
+
+/* 22.8 TPM_DAA_BLOB rev 98
+
+   The structure passed during the join process
+*/
+
+typedef struct tdTPM_DAA_BLOB {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* MUST be TPM_TAG_DAA_BLOB */
+#endif
+    TPM_RESOURCE_TYPE resourceType;     /* The resource type: enc(DAA_tpmSpecific) or enc(v0) or
+                                           enc(v1) */
+    BYTE label[16];                     /* Label for identification of the blob. Free format
+                                           area. */
+    TPM_DIGEST blobIntegrity;           /* The integrity of the entire blob including the sensitive
+                                           area. This is a HMAC calculation with the entire
+                                           structure (including sensitiveData) being the hash and
+                                           daaProof is the secret */
+    TPM_SIZED_BUFFER additionalData;    /* Additional information set by the TPM that helps define
+                                           and reload the context. The information held in this area
+                                           MUST NOT expose any information held in shielded
+                                           locations. This should include any IV for symmetric
+                                           encryption */
+    TPM_SIZED_BUFFER sensitiveData;     /* A TPM_DAA_SENSITIVE structure */
+#if 0
+    uint32_t additionalSize;              
+    [size_is(additionalSize)] BYTE* additionalData;
+    uint32_t sensitiveSize;
+    [size_is(sensitiveSize)] BYTE* sensitiveData;
+#endif
+} TPM_DAA_BLOB;
+
+/* 22.9 TPM_DAA_SENSITIVE rev 91
+   
+   The encrypted area for the DAA parameters
+*/
+
+typedef struct tdTPM_DAA_SENSITIVE {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* MUST be TPM_TAG_DAA_SENSITIVE */
+#endif
+    TPM_SIZED_BUFFER internalData;      /* DAA_tpmSpecific or DAA_private_v0 or DAA_private_v1 */
+#if 0
+    uint32_t internalSize;
+    [size_is(internalSize)] BYTE* internalData;
+#endif
+} TPM_DAA_SENSITIVE;
+
+#endif
+
+/* 7.1 TPM_PERMANENT_FLAGS rev 110
+
+   These flags maintain state information for the TPM. The values are not affected by any
+   TPM_Startup command.
+
+   The flag history includes:
+
+   Rev 62 specLevel 1 errataRev 0:  15 BOOLs
+   Rev 85 specLevel 2 errataRev 0:  19 BOOLs
+        Added: nvLocked, readSRKPub, tpmEstablished, maintenanceDone
+   Rev 94 specLevel 2 errataRev 1:  19 BOOLs
+   Rev 103 specLevel 2 errataRev 2:  20 BOOLs
+        Added: disableFullDALogicInfo
+*/
+
+typedef struct tdTPM_PERMANENT_FLAGS { 
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_PERMANENT_FLAGS */
+    TPM_BOOL disable;           /* disable The state of the disable flag. The default state is TRUE
+                                   */
+    TPM_BOOL ownership;         /* The ability to install an owner. The default state is TRUE. */
+    TPM_BOOL deactivated;       /* The state of the inactive flag. The default state is TRUE. */
+    TPM_BOOL readPubek;         /* The ability to read the PUBEK without owner authorization. The
+                                   default state is TRUE.
+
+                                   set TRUE on owner clear
+                                   set FALSE on take owner, disablePubekRead
+                                */
+    TPM_BOOL disableOwnerClear; /* Whether the owner authorized clear commands are active. The
+                                   default state is FALSE. */
+    TPM_BOOL allowMaintenance;  /* Whether the TPM Owner may create a maintenance archive. The
+                                   default state is TRUE. */
+    TPM_BOOL physicalPresenceLifetimeLock; /* This bit can only be set to TRUE; it cannot be set to
+                                           FALSE except during the manufacturing process.
+
+                                           FALSE: The state of either physicalPresenceHWEnable or
+                                           physicalPresenceCMDEnable MAY be changed. (DEFAULT)
+
+                                           TRUE: The state of either physicalPresenceHWEnable or
+                                           physicalPresenceCMDEnable MUST NOT be changed for the
+                                           life of the TPM. */
+    TPM_BOOL physicalPresenceHWEnable;  /* FALSE: Disable the hardware signal indicating physical
+                                           presence. (DEFAULT)
+
+                                           TRUE: Enables the hardware signal indicating physical
+                                           presence. */
+    TPM_BOOL physicalPresenceCMDEnable;         /* FALSE: Disable the command indicating physical
+                                           presence. (DEFAULT)
+
+                                           TRUE: Enables the command indicating physical
+                                           presence. */
+    TPM_BOOL CEKPUsed;          /* TRUE: The PRIVEK and PUBEK were created using
+                                   TPM_CreateEndorsementKeyPair.
+
+                                   FALSE: The PRIVEK and PUBEK were created using a manufacturer's
+                                   process.  NOTE: This flag has no default value as the key pair
+                                   MUST be created by one or the other mechanism. */
+    TPM_BOOL TPMpost;           /* TRUE: After TPM_Startup, if there is a call to
+                                   TPM_ContinueSelfTest the TPM MUST execute the actions of
+                                   TPM_SelfTestFull
+
+                                   FALSE: After TPM_Startup, if there is a call to
+                                   TPM_ContinueSelfTest the TPM MUST execute TPM_ContinueSelfTest
+
+                                   If the TPM supports the implicit invocation of
+                                   TPM_ContinueSelftTest upon the use of an untested resource, the
+                                   TPM MUST use the TPMPost flag to call either TPM_ContinueSelfTest
+                                   or TPM_SelfTestFull
+
+                                   The TPM manufacturer sets this bit during TPM manufacturing and
+                                   the bit is unchangeable after shipping the TPM
+
+                                   The default state is FALSE */
+    TPM_BOOL TPMpostLock;       /* With the clarification of TPMPost TPMpostLock is now 
+                                   unnecessary. 
+                                   This flag is now deprecated */
+    TPM_BOOL FIPS;              /* TRUE: This TPM operates in FIPS mode 
+                                   FALSE: This TPM does NOT operate in FIPS mode */
+    TPM_BOOL tpmOperator;       /* TRUE: The operator authorization value is valid 
+                                   FALSE: the operator authorization value is not set */
+    TPM_BOOL enableRevokeEK;    /* TRUE: The TPM_RevokeTrust command is active 
+                                   FALSE: the TPM RevokeTrust command is disabled */
+    TPM_BOOL nvLocked;          /* TRUE: All NV area authorization checks are active
+                                   FALSE: No NV area checks are performed, except for maxNVWrites.
+                                   FALSE is the default value */
+    TPM_BOOL readSRKPub;        /* TRUE: GetPubKey will return the SRK pub key
+                                   FALSE: GetPubKey will not return the SRK pub key
+                                   Default SHOULD be FALSE */
+    TPM_BOOL tpmEstablished;    /* TRUE: TPM_HASH_START has been executed at some time
+                                   FALSE: TPM_HASH_START has not been executed at any time
+                                   Default is FALSE - resets using TPM_ResetEstablishmentBit */
+    TPM_BOOL maintenanceDone;   /* TRUE: A maintenance archive has been created for the current
+                                   SRK */
+    TPM_BOOL disableFullDALogicInfo; /* TRUE: The full dictionary attack TPM_GetCapability info is
+                                        deactivated.  The returned structure is TPM_DA_INFO_LIMITED.
+                                        FALSE: The full dictionary attack TPM_GetCapability info is
+                                        activated.  The returned structure is TPM_DA_INFO.
+                                        Default is FALSE.
+                                     */
+    /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized
+       structure */
+} TPM_PERMANENT_FLAGS; 
+
+/* 7.2 TPM_STCLEAR_FLAGS rev 109
+
+   These flags maintain state that is reset on each TPM_Startup(ST_Clear) command. The values are
+   not affected by TPM_Startup(ST_State) commands.
+*/
+
+typedef struct tdTPM_STCLEAR_FLAGS { 
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_STCLEAR_FLAGS */
+    TPM_BOOL deactivated;               /* Prevents the operation of most capabilities. There is no
+                                           default state. It is initialized by TPM_Startup to the
+                                           same value as TPM_PERMANENT_FLAGS ->
+                                           deactivated. TPM_SetTempDeactivated sets it to TRUE. */
+    TPM_BOOL disableForceClear;         /* Prevents the operation of TPM_ForceClear when TRUE. The
+                                           default state is FALSE.  TPM_DisableForceClear sets it to
+                                           TRUE. */
+    TPM_BOOL physicalPresence;          /* Command assertion of physical presence. The default state
+                                           is FALSE.  This flag is affected by the
+                                           TSC_PhysicalPresence command but not by the hardware
+                                           signal.  */
+    TPM_BOOL physicalPresenceLock;      /* Indicates whether changes to the TPM_STCLEAR_FLAGS ->
+                                           physicalPresence flag are permitted.
+                                           TPM_Startup(ST_CLEAR) sets PhysicalPresenceLock to its
+                                           default state of FALSE (allow changes to the
+                                           physicalPresence flag). When TRUE, the physicalPresence
+                                           flag is FALSE. TSC_PhysicalPresence can change the state
+                                           of physicalPresenceLock.  */
+    TPM_BOOL bGlobalLock;               /* Set to FALSE on each TPM_Startup(ST_CLEAR). Set to TRUE
+                                           when a write to NV_Index =0 is successful */
+    /* NOTE: Cannot add vendor specific flags here, since TPM_GetCapability() returns the serialized
+       structure */
+} TPM_STCLEAR_FLAGS; 
+
+#if 0
+
+
+/* 7.3 TPM_STANY_FLAGS rev 87
+
+   These flags reset on any TPM_Startup command. 
+*/
+
+typedef struct tdTPM_STANY_FLAGS {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_STANY_FLAGS   */
+#endif
+    TPM_BOOL postInitialise;    /* Prevents the operation of most capabilities. There is no default
+                                   state. It is initialized by TPM_Init to TRUE. TPM_Startup sets it
+                                   to FALSE.  */
+    TPM_MODIFIER_INDICATOR localityModifier; /*This SHALL indicate for each command the presence of
+                                               a locality modifier for the command. It MUST be set
+                                               to NULL after the TPM executes each command.  */
+#if 0
+    TPM_BOOL transportExclusive; /* Defaults to FALSE. TRUE when there is an exclusive transport
+                                    session active. Execution of ANY command other than
+                                    TPM_ExecuteTransport or TPM_ReleaseTransportSigned MUST
+                                    invalidate the exclusive transport session.
+                                */    
+#endif
+    TPM_TRANSHANDLE transportExclusive; /* Defaults to 0x00000000, Set to the handle when an
+                                           exclusive transport session is active */
+    TPM_BOOL TOSPresent;        /* Defaults to FALSE
+                                   Set to TRUE on TPM_HASH_START
+                                   set to FALSE using setCapability */
+    /* NOTE: Added kgold */
+    TPM_BOOL stateSaved;        /* Defaults to FALSE
+                                   Set to TRUE on TPM_SaveState
+                                   Set to FALSE on any other ordinal
+
+                                   This is an optimization flag, so the file need not be deleted if
+                                   it does not exist.
+                                */
+} TPM_STANY_FLAGS;
+
+/* 7.4 TPM_PERMANENT_DATA rev 105
+
+   This structure contains the data fields that are permanently held in the TPM and not affected by
+   TPM_Startup(any).
+
+   Many of these fields contain highly confidential and privacy sensitive material. The TPM must
+   maintain the protections around these fields.
+*/
+
+#define TPM_MIN_COUNTERS 4 /* the minimum number of counters is 4 */
+#define TPM_DELEGATE_KEY TPM_KEY 
+#define TPM_MAX_NV_WRITE_NOOWNER 64 
+
+/* Although the ordinal is 32 bits, only the lower 8 bits seem to be used.  So for now, define an
+   array of 256/8 bytes for ordinalAuditStatus - kgold */
+
+#define TPM_ORDINALS_MAX        256     /* assumes a multiple of CHAR_BIT */
+#define TPM_AUTHDIR_SIZE        1       /* Number of DIR registers */
+
+#ifdef TPM_VTPM
+
+/* Substructure of TPM_PERMANENT_DATA for VTPM instance data
+
+ */
+
+typedef struct tdTPM_PERMANENT_INSTANCE_DATA {
+    uint32_t creationMask;		/* creationMask from TPM_CreateInstance */
+    TPM_INSTANCE_HANDLE parentHandle;   /* instance handle of this instance's parent instance */
+    TPM_SIZED_BUFFER childHandles;      /* instance handle list of this instance's children */
+    TPM_NONCE migrationNonce;           /* Controls state import using TPM_SetInstanceData */
+    TPM_DIGEST migrationDigest;         /* Digest of all migrated data structures */
+    TPM_BOOL sourceLock;                /* Lock instance before export migration */
+    TPM_BOOL destinationLock;           /* Lock instance before import migration */
+    
+} TPM_PERMANENT_INSTANCE_DATA;
+
+#endif /* TPM_VTPM */ 
+
+#ifdef TPM_VENDOR
+
+/*
+  WEC_CFG_STRUCT
+*/
+
+/* Winbond preconfiguration */
+
+typedef struct tdTPM_WEC_CFG_STRUCT {
+    BYTE lowBaseAddress;        /* reserved - keep FFh value */
+    BYTE highBaseAddress;       /* reserved - keep FFh value */
+    BYTE altCfg;                /* GPIO alternate configuration */
+    BYTE direction;             /* direction (input/output) of GPIO pins */
+    BYTE pullUp;                /* pull-up of GPIO input pins */
+    BYTE pushPull;              /* push-pull of open drain of GPIO output pins */
+    BYTE cfg_a;                 /* hardware physical presence, 32 khz clock */
+    BYTE cfg_b;                 /* reserved - keep FFh value */         
+    BYTE cfg_c;                 /* reserved - keep FFh value */
+    BYTE cfg_d;                 /* reserved - keep FFh value */
+    BYTE cfg_e;                 /* reserved - keep FFh value */
+    BYTE cfg_f;                 /* software binding */
+    BYTE cfg_g;                 /* tplPost flagm N_FAILS and WEC_GetTpmStatus */
+    BYTE cfg_h;                 /* LpcSelfTest and FIPS flags */
+    BYTE cfg_i;                 /* reserved - keep FFh value */
+    BYTE cfg_j;                 /* reserved - keep FFh value */
+}  TPM_WEC_CFG_STRUCT;
+
+#endif /*TPM_VENDOR */ 
+
+
+typedef struct tdTPM_PERMANENT_DATA {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_PERMANENT_DATA */
+#endif
+    BYTE revMajor;              /* This is the TPM major revision indicator. This SHALL be set by
+                                   the TPME, only. The default value is manufacturer-specific. */
+    BYTE revMinor;              /* This is the TPM minor revision indicator. This SHALL be set by
+                                   the TPME, only. The default value is manufacturer-specific. */
+    TPM_SECRET tpmProof;        /* This is a random number that each TPM maintains to validate blobs
+                                   in the SEAL and other processes. The default value is
+                                   manufacturer-specific. */
+    TPM_NONCE EKReset;          /* Nonce held by TPM to validate TPM_RevokeTrust. This value is set
+                                   as the next 20 bytes from the TPM RNG when the EK is set
+                                   (was fipsReset - kgold) */
+    TPM_SECRET ownerAuth;       /* This is the TPM-Owner's authorization data. The default value is
+                                   manufacturer-specific. */
+    TPM_SECRET operatorAuth;    /* The value that allows the execution of the SetTempDeactivated
+                                   command */
+    TPM_DIRVALUE authDIR;       /* The array of TPM Owner authorized DIR. Points to the same
+                                   location as the NV index value. (kgold - was array of 1) */
+#ifndef TPM_NOMAINTENANCE
+    TPM_PUBKEY manuMaintPub;    /* This is the manufacturer's public key to use in the maintenance
+                                   operations. The default value is manufacturer-specific. */
+#endif
+    TPM_KEY endorsementKey;     /* This is the TPM's endorsement key pair. */
+    TPM_KEY srk;                /* This is the TPM's StorageRootKey. */
+    TPM_SYMMETRIC_KEY_TOKEN contextKey;  /* This is the key in use to perform context saves. The key
+					    may be symmetric or asymmetric. The key size is
+					    predicated by the algorithm in use. */
+    TPM_SYMMETRIC_KEY_TOKEN delegateKey;	/* This key encrypts delegate rows that are stored
+						   outside the TPM. */
+    TPM_COUNTER_VALUE auditMonotonicCounter;    /* This SHALL be the audit monotonic counter for the
+                                                   TPM. This value starts at 0 and increments
+                                                   according to the rules of auditing */
+    TPM_COUNTER_VALUE monotonicCounter[TPM_MIN_COUNTERS];       /* This SHALL be the monotonic
+                                                                   counters for the TPM. The
+                                                                   individual counters start and
+                                                                   increment according to the rules
+                                                                   of monotonic counters. */
+    TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR];  /* The attributes for all of the PCR registers
+                                                   supported by the TPM. */
+    BYTE ordinalAuditStatus[TPM_ORDINALS_MAX/CHAR_BIT]; /* Table indicating which ordinals are being
+                                                           audited. */
+#if 0
+    /* kgold - The xcrypto RNG is good enough that this is not needed */
+    BYTE* rngState;                     /* State information describing the random number
+                                           generator. */
+#endif
+    TPM_FAMILY_TABLE familyTable;       /* The family table in use for delegations */
+    TPM_DELEGATE_TABLE delegateTable;   /* The delegate table */
+    uint32_t lastFamilyID;	/* A value that sets the high water mark for family ID's. Set to 0
+                                   during TPM manufacturing and never reset. */
+    uint32_t noOwnerNVWrite;	/* The count of NV writes that have occurred when there is no TPM
+                                   Owner.
+
+                                   This value starts at 0 in manufacturing and after each
+                                   TPM_OwnerClear. If the value exceeds 64 the TPM returns
+                                   TPM_MAXNVWRITES to any command attempting to manipulate the NV
+                                   storage. */
+    TPM_CMK_DELEGATE restrictDelegate;  /* The settings that allow for the delegation and
+                                           use on CMK keys.  Default value is false. */
+    TPM_DAA_TPM_SEED tpmDAASeed;        /* This SHALL be a random value generated after generation
+                                           of the EK.
+
+                                           tpmDAASeed does not change during TPM Owner changes.  If
+                                           the EK is removed (RevokeTrust) then the TPM MUST
+                                           invalidate the tpmDAASeed. The owner can force a change
+                                           in the value through TPM_SetCapability.
+
+                                           (linked to daaProof) */
+    TPM_NONCE daaProof;         /* This is a random number that each TPM maintains to validate blobs
+                                   in the DAA processes. The default value is manufacturer-specific.
+
+                                   The value is not changed when the owner is changed.  It is
+                                   changed when the EK changes.  The owner can force a change in the
+                                   value through TPM_SetCapability. */
+    unsigned char *daaBlobKey;  /* This is the key in use to perform DAA encryption and decryption.
+				   The key may be symmetric or asymmetric. The key size is
+				   predicated by the algorithm in use.
+
+				   This value MUST be changed when daaProof changes.
+
+				   This key MUST NOT be a copy of the EK or SRK.
+
+				   (linked to daaProof) */
+    /* NOTE: added kgold */
+    TPM_BOOL ownerInstalled;            /* TRUE: The TPM has an owner installed.
+                                           FALSE: The TPM has no owner installed. (default) */
+    BYTE tscOrdinalAuditStatus;         /* extra byte to track TSC ordinals */
+#ifdef TPM_VTPM		/* VTPM specific ordinals */
+    uint32_t instanceOrdinalAuditStatus1; /* extra longs to track vendor specific ordinals */
+    uint32_t instanceOrdinalAuditStatus2;
+#endif
+    TPM_BOOL allowLoadMaintPub;         /* TRUE allows the TPM_LoadManuMaintPub command */
+    
+#ifdef TPM_VTPM
+    TPM_PERMANENT_INSTANCE_DATA instanceData;   /* substructure for VTPM instance data */
+#endif
+#ifdef TPM_VENDOR
+    TPM_WEC_CFG_STRUCT  wecPreConfig;   /* Winbond preconfiguration data */
+    TPM_BOOL preConfigSet;              /* TRUE if the structure has been set through
+                                           WEC_PreConfig */
+#endif
+} TPM_PERMANENT_DATA; 
+
+#define TPM_MIN_AUTH_SESSIONS 3 
+
+/* NOTE: Vendor specific */
+
+typedef struct tdTPM_AUTH_SESSION_DATA {
+    /* vendor specific */
+    TPM_AUTHHANDLE handle;      /* Handle for a session */
+    TPM_PROTOCOL_ID protocolID; /* TPM_PID_OIAP, TPM_PID_OSAP, TPM_PID_DSAP */
+    TPM_ENT_TYPE entityTypeByte;        /* The type of entity in use (TPM_ET_SRK, TPM_ET_OWNER,
+                                           TPM_ET_KEYHANDLE ... */
+    TPM_ADIP_ENC_SCHEME adipEncScheme;  /* ADIP encryption scheme */
+    TPM_NONCE nonceEven;        /* OIAP, OSAP, DSAP */
+    TPM_SECRET sharedSecret;    /* OSAP */
+    TPM_DIGEST entityDigest;    /* OSAP tracks which entity established the OSAP session */
+    TPM_DELEGATE_PUBLIC pub;    /* DSAP */
+    TPM_BOOL valid;             /* added kgold: array entry is valid */
+} TPM_AUTH_SESSION_DATA;
+
+#ifdef TPM_VTPM
+/* 3.3.2 TPM_PCR_LIST
+
+   TPM_PCR_LIST is a structure saved by TPM_SetupInstance and returned by TPM_GetCapability.
+*/
+
+typedef struct tdTPM_PCR_LIST {
+    TPM_PCRINDEX pcrIndex;      /* Index to a PCR register */
+    TPM_DIGEST inDigest;        /* The digest representing the event to be recorded. */
+    BYTE eventID;               /* Identifier for measurements */
+#if 0
+    uint32_t nameSize;		/* The size of the name area */
+    BYTE* name;                 /* Name of an initial measurement */
+#endif
+    TPM_SIZED_BUFFER name;
+} TPM_PCR_LIST;
+
+/* TPM_PCR_LIST_TIMESTAMP
+
+   TPM_PCR_LIST_TIMESTAMP is a structure saved by the TPM when logging PCR extensions and returned
+   by TPM_GetCapability.
+*/
+
+typedef struct tdTPM_PCR_LIST_TIMESTAMP {
+    TPM_COMMAND_CODE ordinal;   /* The ordinal that altered the PCR */
+    TPM_PCRINDEX pcrIndex;      /* Index to a PCR register */
+    TPM_DIGEST digest;          /* The digest representing the recorded PCR Extension */
+    uint32_t timestamp_hi;	/* time of the log entry */
+    uint32_t timestamp_lo;
+} TPM_PCR_LIST_TIMESTAMP;
+
+/* TPM_PCR_LIST_TIMESTAMP_INST
+
+   TPM_PCR_LIST_TIMESTAMP_INST is a structure created by the TPM when notifying clients of PCR
+   extensions.
+*/
+
+typedef struct tdTPM_PCR_LIST_TIMESTAMP_INST {
+    TPM_INSTANCE_HANDLE instance;       /* instance handle */
+    TPM_COMMAND_CODE ordinal;           /* The ordinal that altered the PCR */
+    TPM_PCRINDEX pcrIndex;              /* Index to a PCR register */
+    TPM_DIGEST digest;                  /* The digest representing the recorded PCR Extensions. */
+    uint32_t timestamp_hi;		/* time of the log entry */
+    uint32_t timestamp_lo;
+} TPM_PCR_LIST_TIMESTAMP_INST;
+
+/* Added for virtual TPM support */
+
+typedef struct tdTPM_VTPM_INSTANCE {
+    TPM_SYMMETRIC_KEY_TOKEN instanceEncKey;	/* symmetric key to encrypt instance migration
+                                                   blobs */
+    TPM_SECRET instanceHmacKey;         /* secret used to MAC instance migration blobs */
+    TPM_SIZED_BUFFER pcrList;           /* PCR lists from TPM_SetupInstance */
+    TPM_PCR_SELECTION logPCRSelection; 	/* Indices of PCRs that should be saved for logging */
+    TPM_PCR_SELECTION subscribePCRSelection;    /* Indices of PCRs that should be reported to a
+                                                   subscriber */
+    uint32_t logLengthMax;		/* Upper limit on the length of the buffer (number of
+                                           measurements) used for logging of measurements */
+    uint32_t logLength;			/* number of measurements in the log */
+    TPM_BOOL logOverflow;               /* pcrMeasurementLog has overflowed */
+    uint32_t subscribeSequenceNumber;	/* count of measurements sent to subscriber */
+} TPM_VTPM_INSTANCE;
+
+#endif  /* TPM_VTPM */
+
+/* 3.   contextList MUST support a minimum of 16 entries, it MAY support more. */
+#define TPM_MIN_SESSION_LIST 16
+
+/* 7.5 TPM_STCLEAR_DATA rev 101
+
+   This is an informative structure and not normative. It is purely for convenience of writing the
+   spec.
+
+   Most of the data in this structure resets on TPM_Startup(ST_Clear). A TPM may implement rules
+   that provide longer-term persistence for the data. The TPM reflects how it handles the data in
+   various TPM_GetCapability fields including startup effects.
+*/
+
+typedef struct tdTPM_STCLEAR_DATA {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_STCLEAR_DATA */
+#endif
+    TPM_NONCE contextNonceKey;  /* This is the nonce in use to properly identify saved key context
+                                   blobs This SHALL be set to all zeros on each TPM_Startup
+                                   (ST_Clear).
+                                */
+    TPM_COUNT_ID countID;       /* This is the handle for the current monotonic counter.  This SHALL
+                                   be set to zero on each TPM_Startup(ST_Clear). */
+    uint32_t ownerReference;	/* Points to where to obtain the owner secret in OIAP and OSAP
+                                   commands. This allows a TSS to manage 1.1 applications on a 1.2
+                                   TPM where delegation is in operation. */
+    TPM_BOOL disableResetLock;  /* Disables TPM_ResetLockValue upon authorization failure.
+                                   The value remains TRUE for the timeout period.
+
+                                   Default is FALSE.
+
+                                   The value is in the STCLEAR_DATA structure as the
+                                   implementation of this flag is TPM vendor specific. */
+    TPM_PCRVALUE PCRS[TPM_NUM_PCR];     /* Platform configuration registers */
+#if  (TPM_REVISION >= 103)      /* added for rev 103 */
+    uint32_t deferredPhysicalPresence;	/* The value can save the assertion of physicalPresence.
+                                           Individual bits indicate to its ordinal that
+                                           physicalPresence was previously asserted when the
+                                           software state is such that it can no longer be asserted.
+                                           Set to zero on each TPM_Startup(ST_Clear). */
+#endif
+    /* NOTE: Added for dictionary attack mitigation */
+    uint32_t authFailCount;	/* number of authorization failures without a TPM_ResetLockValue */
+    uint32_t authFailTime;	/* time of threshold failure in seconds */
+    /* NOTE: Moved from TPM_STANY_DATA.  Saving this state is optional.  This implementation
+       does. */
+    TPM_AUTH_SESSION_DATA authSessions[TPM_MIN_AUTH_SESSIONS];  /* List of current
+                                                                   sessions. Sessions can be OSAP,
+                                                                   OIAP, DSAP and Transport */
+    /* NOTE: Added for transport */
+    TPM_TRANSPORT_INTERNAL transSessions[TPM_MIN_TRANS_SESSIONS];
+    /* 22.7 TPM_STANY_DATA Additions (for DAA) - moved to TPM_STCLEAR_DATA for startup state */
+    TPM_DAA_SESSION_DATA daaSessions[TPM_MIN_DAA_SESSIONS];
+    /* 1. The group of contextNonceSession, contextCount, contextList MUST reset at the same
+       time. */
+    TPM_NONCE contextNonceSession;      /* This is the nonce in use to properly identify saved
+                                           session context blobs.  This MUST be set to all zeros on
+                                           each TPM_Startup (ST_Clear).  The nonce MAY be set to
+                                           null on TPM_Startup( any). */
+    uint32_t contextCount;		/* This is the counter to avoid session context blob replay
+                                           attacks.  This MUST be set to 0 on each TPM_Startup
+                                           (ST_Clear).  The value MAY be set to 0 on TPM_Startup
+                                           (any). */
+    uint32_t contextList[TPM_MIN_SESSION_LIST];	/* This is the list of outstanding session blobs.
+                                                   All elements of this array MUST be set to 0 on
+                                                   each TPM_Startup (ST_Clear).  The values MAY be
+                                                   set to 0 on TPM_Startup (any). */
+    /* NOTE Added auditDigest effect, saved with ST_STATE */
+    TPM_DIGEST auditDigest;             /* This is the extended value that is the audit log. This
+                                           SHALL be set to all zeros at the start of each audit
+                                           session. */
+    /* NOTE Storage for the ordinal response */
+    TPM_STORE_BUFFER ordinalResponse;           /* outgoing response buffer for this ordinal */
+    uint32_t responseCount;			/* increments after each response */
+} TPM_STCLEAR_DATA; 
+
+/* 7.6 TPM_STANY_DATA rev 87
+
+   This is an informative structure and not normative. It is purely for convenience of writing the
+   spec.
+    
+   Most of the data in this structure resets on TPM_Startup(ST_State). A TPM may implement rules
+   that provide longer-term persistence for the data. The TPM reflects how it handles the data in
+   various getcapability fields including startup effects.
+*/
+
+typedef struct tdTPM_STANY_DATA {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_STANY_DATA */
+#endif
+    TPM_CURRENT_TICKS currentTicks;     /* This is the current tick counter.  This is reset to 0
+                                           according to the rules when the TPM can tick. See the
+                                           section on the tick counter for details. */
+} TPM_STANY_DATA;
+
+/* 11. Signed Structures  */
+
+/* 11.1 TPM_CERTIFY_INFO rev 101
+
+   When the TPM certifies a key, it must provide a signature with a TPM identity key on information
+   that describes that key. This structure provides the mechanism to do so.
+
+   Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other
+   signature headers.
+*/
+
+typedef struct tdTPM_CERTIFY_INFO { 
+    TPM_STRUCT_VER version;             /* This MUST be 1.1.0.0  */
+    TPM_KEY_USAGE keyUsage;             /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified. The
+                                           upper byte MUST be zero */
+    TPM_KEY_FLAGS keyFlags;             /* This SHALL be set to the same value as the corresponding
+                                           parameter in the TPM_KEY structure that describes the
+                                           public key that is being certified. The upper byte MUST
+                                           be zero */
+    TPM_AUTH_DATA_USAGE authDataUsage;  /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified */
+    TPM_KEY_PARMS algorithmParms;       /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified */
+    TPM_DIGEST pubkeyDigest;            /* This SHALL be a digest of the value TPM_KEY -> pubKey ->
+                                           key in a TPM_KEY representation of the key to be
+                                           certified */
+    TPM_NONCE data;                     /* This SHALL be externally provided data.  */
+    TPM_BOOL parentPCRStatus;           /* This SHALL indicate if any parent key was wrapped to a
+                                           PCR */
+    TPM_SIZED_BUFFER pcrInfo;           /*  */
+#if 0
+    uint32_t PCRInfoSize;		/* This SHALL be the size of the pcrInfo parameter. A value
+                                           of zero indicates that the key is not wrapped to a PCR */
+    BYTE* PCRInfo;                      /* This SHALL be the TPM_PCR_INFO structure.  */
+#endif
+    /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
+    TPM_PCR_INFO *tpm_pcr_info;
+} TPM_CERTIFY_INFO;
+
+/* 11.2 TPM_CERTIFY_INFO2 rev 101
+
+   When the TPM certifies a key, it must provide a signature with a TPM identity key on information
+   that describes that key. This structure provides the mechanism to do so.
+
+   Key usage and keyFlags must have their upper byte set to zero to avoid collisions with the other
+   signature headers.
+*/
+
+typedef struct tdTPM_CERTIFY_INFO2 { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* MUST be TPM_TAG_CERTIFY_INFO2  */
+#endif
+    BYTE fill;                          /* MUST be 0x00  */
+    TPM_PAYLOAD_TYPE payloadType;       /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified */
+    TPM_KEY_USAGE keyUsage;             /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified. The
+                                           upper byte MUST be zero */
+    TPM_KEY_FLAGS keyFlags;             /* This SHALL be set to the same value as the corresponding
+                                           parameter in the TPM_KEY structure that describes the
+                                           public key that is being certified. The upper byte MUST
+                                           be zero.  */
+    TPM_AUTH_DATA_USAGE authDataUsage;  /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified */
+    TPM_KEY_PARMS algorithmParms;       /* This SHALL be the same value that would be set in a
+                                           TPM_KEY representation of the key to be certified */
+    TPM_DIGEST pubkeyDigest;            /* This SHALL be a digest of the value TPM_KEY -> pubKey ->
+                                           key in a TPM_KEY representation of the key to be
+                                           certified */
+    TPM_NONCE data;                     /* This SHALL be externally provided data.  */
+    TPM_BOOL parentPCRStatus;           /* This SHALL indicate if any parent key was wrapped to a
+                                           PCR */
+#if 0
+    uint32_t PCRInfoSize;		/* This SHALL be the size of the pcrInfo parameter. A value
+                                           of zero indicates that the key is not wrapped to a PCR */
+    BYTE* PCRInfo;                      /* This SHALL be the TPM_PCR_INFO_SHORT structure.  */
+#endif
+    TPM_SIZED_BUFFER pcrInfo;
+#if 0
+    uint32_t migrationAuthoritySize;	/* This SHALL be the size of migrationAuthority */
+    BYTE *migrationAuthority;           /* If the key to be certified has [payload ==
+                                           TPM_PT_MIGRATE_RESTRICTED or payload
+                                           ==TPM_PT_MIGRATE_EXTERNAL], migrationAuthority is the
+                                           digest of the TPM_MSA_COMPOSITE and has TYPE ==
+                                           TPM_DIGEST. Otherwise it is NULL. */
+#endif
+    TPM_SIZED_BUFFER migrationAuthority;
+    /* NOTE: kgold - Added this structure, a cache of PCRInfo when not NULL */
+    TPM_PCR_INFO_SHORT *tpm_pcr_info_short;
+} TPM_CERTIFY_INFO2;
+
+/* 11.3 TPM_QUOTE_INFO rev 87
+
+   This structure provides the mechanism for the TPM to quote the current values of a list of PCRs.
+*/
+
+typedef struct tdTPM_QUOTE_INFO { 
+    TPM_STRUCT_VER version;             /* This MUST be 1.1.0.0 */
+    BYTE fixed[4];                      /* This SHALL always be the string 'QUOT' */
+    TPM_COMPOSITE_HASH digestValue;     /* This SHALL be the result of the composite hash algorithm
+                                           using the current values of the requested PCR indices. */
+    TPM_NONCE externalData;             /* 160 bits of externally supplied data */
+} TPM_QUOTE_INFO;
+
+#endif
+
+/* 11.4 TPM_QUOTE_INFO2 rev 87
+
+   This structure provides the mechanism for the TPM to quote the current values of a list of PCRs.
+*/
+
+typedef struct tdTPM_QUOTE_INFO2 {
+    TPM_STRUCTURE_TAG tag;              /* This SHALL be TPM_TAG_QUOTE_INFO2 */
+    BYTE fixed[4];                      /* This SHALL always be the string 'QUT2' */
+    TPM_NONCE externalData;             /* 160 bits of externally supplied data  */
+    TPM_PCR_INFO_SHORT infoShort;       /*  */
+} TPM_QUOTE_INFO2;
+
+/* 12.1 TPM_EK_BLOB rev 87
+  
+  This structure provides a wrapper to each type of structure that will be in use when the
+  endorsement key is in use.
+*/
+
+typedef struct tdTPM_EK_BLOB {
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_EK_BLOB */
+    TPM_EK_TYPE ekType;         /* This SHALL be set to reflect the type of blob in use */
+    uint32_t blobSize;    	/* The size of the blob field */
+    BYTE blob[MAX_COMMAND_SIZE]; /* The blob of information depending on the type */
+} TPM_EK_BLOB;
+
+/* 12.2 TPM_EK_BLOB_ACTIVATE rev 87
+
+   This structure contains the symmetric key to encrypt the identity credential.  This structure
+   always is contained in a TPM_EK_BLOB.
+*/
+
+typedef struct tdTPM_EK_BLOB_ACTIVATE {
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_EK_BLOB_ACTIVATE */
+    TPM_SYMMETRIC_KEY sessionKey;       /* This SHALL be the session key used by the CA to encrypt
+                                           the TPM_IDENTITY_CREDENTIAL */
+    TPM_DIGEST idDigest;                /* This SHALL be the digest of the TPM identity public key
+                                           that is being certified by the CA */
+    TPM_PCR_INFO_SHORT pcrInfo;         /* This SHALL indicate the PCR's and localities */
+} TPM_EK_BLOB_ACTIVATE;
+
+#if 0
+
+/* 12.3 TPM_EK_BLOB_AUTH rev 87
+
+   This structure contains the symmetric key to encrypt the identity credential.  This structure
+   always is contained in a TPM_EK_BLOB.
+*/
+
+typedef struct tdTPM_EK_BLOB_AUTH {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_EK_BLOB_AUTH */
+#endif
+    TPM_SECRET authValue;       /* This SHALL be the authorization value */
+} TPM_EK_BLOB_AUTH;
+
+/* 12.5 TPM_IDENTITY_CONTENTS rev 87
+
+   TPM_MakeIdentity uses this structure and the signature of this structure goes to a privacy CA
+   during the certification process.
+*/
+
+typedef struct tdTPM_IDENTITY_CONTENTS {
+    TPM_STRUCT_VER ver;                 /* This MUST be 1.1.0.0 */
+    uint32_t ordinal;			/* This SHALL be the ordinal of the TPM_MakeIdentity
+                                           command. */
+    TPM_CHOSENID_HASH labelPrivCADigest;        /* This SHALL be the result of hashing the chosen
+                                                   identityLabel and privacyCA for the new TPM
+                                                   identity */
+    TPM_PUBKEY identityPubKey;          /* This SHALL be the public key structure of the identity
+                                           key */
+} TPM_IDENTITY_CONTENTS; 
+
+/* 12.8 TPM_ASYM_CA_CONTENTS rev 87
+
+   This structure contains the symmetric key to encrypt the identity credential.
+*/
+
+typedef struct tdTPM_ASYM_CA_CONTENTS {
+    TPM_SYMMETRIC_KEY sessionKey;       /* This SHALL be the session key used by the CA to encrypt
+                                           the TPM_IDENTITY_CREDENTIAL */
+    TPM_DIGEST idDigest;                /* This SHALL be the digest of the TPM_PUBKEY of the key
+                                           that is being certified by the CA */
+} TPM_ASYM_CA_CONTENTS;
+
+/*
+  14. Audit Structures
+*/
+
+/* 14.1 TPM_AUDIT_EVENT_IN rev 87
+
+   This structure provides the auditing of the command upon receipt of the command. It provides the
+   information regarding the input parameters.
+*/
+
+typedef struct tdTPM_AUDIT_EVENT_IN {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG   tag;            /* TPM_TAG_AUDIT_EVENT_IN */
+#endif
+    TPM_DIGEST inputParms;              /* Digest value according to the HMAC digest rules of the
+                                           "above the line" parameters (i.e. the first HMAC digest
+                                           calculation). When there are no HMAC rules, the input
+                                           digest includes all parameters including and after the
+                                           ordinal. */
+    TPM_COUNTER_VALUE auditCount;       /* The current value of the audit monotonic counter */
+} TPM_AUDIT_EVENT_IN;
+
+/* 14.2 TPM_AUDIT_EVENT_OUT rev 87
+
+  This structure reports the results of the command execution. It includes the return code and the
+  output parameters.
+*/
+
+typedef struct tdTPM_AUDIT_EVENT_OUT {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* TPM_TAG_AUDIT_EVENT_OUT */
+#endif
+    TPM_DIGEST outputParms;             /* Digest value according to the HMAC digest rules of the
+                                           "above the line" parameters (i.e. the first HMAC digest
+                                           calculation). When there are no HMAC rules, the output
+                                           digest includes the return code, the ordinal, and all
+                                           parameters after the return code. */
+    TPM_COUNTER_VALUE auditCount;       /* The current value of the audit monotonic counter */
+} TPM_AUDIT_EVENT_OUT;
+
+/*
+  18. Context structures
+*/
+
+/* 18.1 TPM_CONTEXT_BLOB rev 102
+
+   This is the header for the wrapped context. The blob contains all information necessary to reload
+   the context back into the TPM.
+   
+   The additional data is used by the TPM manufacturer to save information that will assist in the
+   reloading of the context. This area must not contain any shielded data. For instance, the field
+   could contain some size information that allows the TPM more efficient loads of the context. The
+   additional area could not contain one of the primes for a RSA key.
+   
+   To ensure integrity of the blob when using symmetric encryption the TPM vendor could use some
+   valid cipher chaining mechanism. To ensure the integrity without depending on correct
+   implementation, the TPM_CONTEXT_BLOB structure uses a HMAC of the entire structure using tpmProof
+   as the secret value.
+
+   Since both additionalData and sensitiveData are informative, any or all of additionalData 
+   could be moved to sensitiveData.
+*/
+
+#define TPM_CONTEXT_LABEL_SIZE 16
+
+typedef struct tdTPM_CONTEXT_BLOB {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* MUST be TPM_TAG_CONTEXTBLOB */
+#endif
+    TPM_RESOURCE_TYPE resourceType;     /* The resource type */
+    TPM_HANDLE handle;                  /* Previous handle of the resource */
+    BYTE label[TPM_CONTEXT_LABEL_SIZE]; /* Label for identification of the blob. Free format
+                                           area. */
+    uint32_t contextCount;		/* MUST be TPM_STANY_DATA -> contextCount when creating the
+                                           structure.  This value is ignored for context blobs that
+                                           reference a key. */
+    TPM_DIGEST integrityDigest;         /* The integrity of the entire blob including the sensitive
+                                           area. This is a HMAC calculation with the entire
+                                           structure (including sensitiveData) being the hash and
+                                           tpmProof is the secret */
+#if 0
+    uint32_t additionalSize;
+    [size_is(additionalSize)] BYTE* additionalData;
+    uint32_t sensitiveSize;
+    [size_is(sensitiveSize)] BYTE* sensitiveData;
+#endif
+    TPM_SIZED_BUFFER additionalData;    /* Additional information set by the TPM that helps define
+                                           and reload the context. The information held in this area
+                                           MUST NOT expose any information held in shielded
+                                           locations. This should include any IV for symmetric
+                                           encryption */
+    TPM_SIZED_BUFFER sensitiveData;     /* The normal information for the resource that can be
+                                           exported */
+} TPM_CONTEXT_BLOB;
+
+/* 18.2 TPM_CONTEXT_SENSITIVE rev 87
+
+   The internal areas that the TPM needs to encrypt and store off the TPM.
+
+   This is an informative structure and the TPM can implement in any manner they wish.
+*/
+
+typedef struct tdTPM_CONTEXT_SENSITIVE {
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;              /* MUST be TPM_TAG_CONTEXT_SENSITIVE */
+#endif
+    TPM_NONCE contextNonce;             /* On context blobs other than keys this MUST be
+                                           TPM_STANY_DATA - > contextNonceSession For keys the value
+                                           is TPM_STCLEAR_DATA -> contextNonceKey */
+#if 0
+    uint32_t internalSize;
+    [size_is(internalSize)] BYTE* internalData;
+#endif
+    TPM_SIZED_BUFFER internalData;      /* The internal data area */
+} TPM_CONTEXT_SENSITIVE;
+
+#endif
+
+/* 19.2 TPM_NV_ATTRIBUTES rev 99
+
+   This structure allows the TPM to keep track of the data and permissions to manipulate the area. 
+*/
+
+typedef struct tdTPM_NV_ATTRIBUTES { 
+    TPM_STRUCTURE_TAG tag;      /* TPM_TAG_NV_ATTRIBUTES */
+    uint32_t attributes;	/* The attribute area */
+} TPM_NV_ATTRIBUTES; 
+
+/* 19.3 TPM_NV_DATA_PUBLIC rev 110
+
+   This structure represents the public description and controls on the NV area.
+
+   bReadSTClear and bWriteSTClear are volatile, in that they are set FALSE at TPM_Startup(ST_Clear).
+   bWriteDefine is persistent, in that it remains TRUE through startup.
+
+   A pcrSelect of 0 indicates that the digestAsRelease is not checked.  In this case, the TPM is not
+   required to consume NVRAM space to store the digest, although it may do so.  When
+   TPM_GetCapability (TPM_CAP_NV_INDEX) returns the structure, a TPM that does not store the digest
+   can return zero.  A TPM that does store the digest may return either the digest or zero.
+*/
+
+typedef struct tdTPM_NV_DATA_PUBLIC { 
+    TPM_STRUCTURE_TAG tag;              /* This SHALL be TPM_TAG_NV_DATA_PUBLIC */
+    TPM12_NV_INDEX nvIndex;               /* The index of the data area */
+    TPM_PCR_INFO_SHORT pcrInfoRead;     /* The PCR selection that allows reading of the area */
+    TPM_PCR_INFO_SHORT pcrInfoWrite;    /* The PCR selection that allows writing of the area */
+    TPM_NV_ATTRIBUTES permission;       /* The permissions for manipulating the area */
+    TPM_BOOL bReadSTClear;              /* Set to FALSE on each TPM_Startup(ST_Clear) and set to
+                                           TRUE after a ReadValuexxx with datasize of 0 */
+    TPM_BOOL bWriteSTClear;             /* Set to FALSE on each TPM_Startup(ST_CLEAR) and set to
+                                           TRUE after a WriteValuexxx with a datasize of 0. */
+    TPM_BOOL bWriteDefine;              /* Set to FALSE after TPM_NV_DefineSpace and set to TRUE
+                                           after a successful WriteValuexxx with a datasize of 0 */
+    uint32_t dataSize;			/* The size of the data area in bytes */
+} TPM_NV_DATA_PUBLIC; 
+
+#if 0
+
+/*  19.4 TPM_NV_DATA_SENSITIVE rev 101
+  
+    This is an internal structure that the TPM uses to keep the actual NV data and the controls
+    regarding the area.
+*/
+
+typedef struct tdTPM_NV_DATA_SENSITIVE { 
+#ifdef TPM_USE_TAG_IN_STRUCTURE
+    TPM_STRUCTURE_TAG tag;      /* This SHALL be TPM_TAG_NV_DATA_SENSITIVE */
+#endif
+    TPM_NV_DATA_PUBLIC pubInfo; /* The public information regarding this area */
+    TPM_AUTHDATA authValue;     /* The authorization value to manipulate the value */
+    BYTE *data;                 /* The data area. This MUST not contain any sensitive information as
+                                   the TPM does not provide any confidentiality on the data. */
+    /* NOTE Added kg */
+    TPM_DIGEST digest;          /* for OSAP comparison */
+} TPM_NV_DATA_SENSITIVE;
+
+typedef struct tdTPM_NV_INDEX_ENTRIES {
+    uint32_t nvIndexCount;			/* number of entries */
+    TPM_NV_DATA_SENSITIVE *tpm_nvindex_entry;	/* array of TPM_NV_DATA_SENSITIVE */
+} TPM_NV_INDEX_ENTRIES;
+
+/* TPM_NV_DATA_ST
+
+   This is a cache of the the NV defined space volatile flags, used during error rollback
+*/
+
+typedef struct tdTPM_NV_DATA_ST {
+    TPM12_NV_INDEX nvIndex;               /* The index of the data area */
+    TPM_BOOL bReadSTClear;
+    TPM_BOOL bWriteSTClear;
+} TPM_NV_DATA_ST;
+
+#endif
+
+/*
+  21. Capability areas
+*/
+
+/* 21.6 TPM_CAP_VERSION_INFO rev 99
+
+   This structure is an output from a TPM_GetCapability -> TPM_CAP_VERSION_VAL request.  TPM returns
+   the current version and revision of the TPM.
+
+   The specLevel and errataRev are defined in the document "Specification and File Naming
+   Conventions"
+
+   The tpmVendorID is a value unique to each vendor. It is defined in the document "TCG Vendor
+   Naming".
+
+   The vendor specific area allows the TPM vendor to provide support for vendor options. The TPM
+   vendor may define the area to the TPM vendor's needs.
+*/
+
+typedef struct tdTPM_CAP_VERSION_INFO {
+    TPM_STRUCTURE_TAG tag;      /* MUST be TPM_TAG_CAP_VERSION_INFO */
+    TPM_VERSION version;        /* The version and revision */
+    uint16_t specLevel;		/* A number indicating the level of ordinals supported */
+    BYTE errataRev;             /* A number indicating the errata version of the specification */
+    BYTE tpmVendorID[4];        /* The vendor ID unique to each TPM manufacturer. */
+    uint16_t vendorSpecificSize;  		/* The size of the vendor specific area */
+    BYTE vendorSpecific[MAX_COMMAND_SIZE];      /* Vendor specific information */
+} TPM_CAP_VERSION_INFO;
+
+/* 21.10 TPM_DA_ACTION_TYPE rev 100
+
+   This structure indicates the action taken when the dictionary attack mitigation logic is active,
+   when TPM_DA_STATE is TPM_DA_STATE_ACTIVE.
+*/   
+
+typedef struct tdTPM_DA_ACTION_TYPE {
+    TPM_STRUCTURE_TAG tag;      /* MUST be TPM_TAG_DA_ACTION_TYPE */
+    uint32_t actions;		/* The action taken when TPM_DA_STATE is TPM_DA_STATE_ACTIVE. */
+} TPM_DA_ACTION_TYPE;
+
+/* 21.7  TPM_DA_INFO rev 100
+   
+   This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if
+   TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is FALSE.
+   
+   It returns static information describing the TPM response to authorization failures that might
+   indicate a dictionary attack and dynamic information regarding the current state of the
+   dictionary attack mitigation logic.
+*/
+
+typedef struct tdTPM_DA_INFO {
+    TPM_STRUCTURE_TAG tag;      /* MUST be TPM_TAG_DA_INFO */
+    TPM_DA_STATE state;         /* Dynamic.  The actual state of the dictionary attack mitigation
+                                   logic.  See 21.9. */
+    uint16_t currentCount;	/* Dynamic.  The actual count of the authorization failure counter
+                                   for the selected entity type */
+    uint16_t thresholdCount;	/* Static.  Dictionary attack mitigation threshold count for the
+                                   selected entity type */
+    TPM_DA_ACTION_TYPE actionAtThreshold;       /* Static Action of the TPM when currentCount passes
+                                                   thresholdCount. See 21.10. */
+    uint32_t actionDependValue;	/* Dynamic.  Action being taken when the dictionary attack
+                                   mitigation logic is active.  E.g., when actionAtThreshold is
+                                   TPM_DA_ACTION_TIMEOUT, this is the lockout time remaining in
+                                   seconds. */
+    uint32_t vendorDataSize;
+    uint8_t vendorData[2048];   /* Vendor specific data field */
+} TPM_DA_INFO;
+
+/* 21.8 TPM_DA_INFO_LIMITED rev 100
+
+   This structure is an output from a TPM_GetCapability -> TPM_CAP_DA_LOGIC request if
+   TPM_PERMANENT_FLAGS -> disableFullDALogicInfo is TRUE.
+   
+   It returns static information describing the TPM response to authorization failures that might
+   indicate a dictionary attack and dynamic information regarding the current state of the
+   dictionary attack mitigation logic. This structure omits information that might aid an attacker.
+*/
+
+typedef struct tdTPM_DA_INFO_LIMITED {
+    TPM_STRUCTURE_TAG tag;	/*  MUST be TPM_TAG_DA_INFO_LIMITED */
+    TPM_DA_STATE state;         /* Dynamic.  The actual state of the dictionary attack mitigation
+                                   logic.  See 21.9. */
+    TPM_DA_ACTION_TYPE actionAtThreshold;       /* Static Action of the TPM when currentCount passes
+                                                   thresholdCount. See 21.10. */
+    uint32_t vendorDataSize;
+    uint8_t vendorData[2048];   /* Vendor specific data field */
+} TPM_DA_INFO_LIMITED;
+
+#endif
diff --git a/utils/ibmtss/tpmtypes12.h b/utils/ibmtss/tpmtypes12.h
new file mode 100644
index 000000000..0b1ed083a
--- /dev/null
+++ b/utils/ibmtss/tpmtypes12.h
@@ -0,0 +1,148 @@
+/********************************************************************************/
+/*                                                                              */
+/*                              TPM Types                                       */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*            $Id: tpmtypes12.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2006, 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TPMTYPES12_H
+#define TPMTYPES12_H
+
+#include <stdint.h>
+
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#include <windows.h>
+#endif
+#if defined (TPM_POSIX) || defined (TPM_SYSTEM_P)
+#include <netinet/in.h>         /* for byte order conversions */
+#endif
+
+#include <ibmtss/BaseTypes.h>
+
+/* 2.2.1 Basic data types rev 87 */
+//typedef unsigned char  BYTE;            /* Basic byte used to transmit all character fields.  */
+typedef unsigned char  TPM_BOOL;        /* TRUE/FALSE field. TRUE = 0x01, FALSE = 0x00 Use TPM_BOOL
+					   because MS VC++ defines BOOL on Windows */
+
+/* 2.2.2 Boolean types rev 107 */
+
+#undef TRUE
+#define TRUE   0x01  /* Assertion   */
+#undef FALSE
+#define FALSE  0x00  /* Contradiction   */
+
+/* 2.2.3 Helper redefinitions rev 101
+
+   The following definitions are to make the definitions more explicit and easier to read.
+
+   NOTE: They cannot be changed without breaking the serialization.
+*/
+
+typedef BYTE  TPM_AUTH_DATA_USAGE;      /* Indicates the conditions where it is required that
+                                           authorization be presented.  */
+typedef BYTE  TPM_PAYLOAD_TYPE;         /* The information as to what the payload is in an encrypted
+                                           structure */
+typedef BYTE  TPM_VERSION_BYTE;         /* The version info breakdown */
+typedef BYTE  TPM_DA_STATE;             /* The state of the dictionary attack mitigation logic */
+
+/* added kgold */
+typedef BYTE  TPM_ENT_TYPE;             /* LSB of TPM_ENTITY_TYPE */
+typedef BYTE  TPM_ADIP_ENC_SCHEME;      /* MSB of TPM_ENTITY_TYPE */
+
+typedef uint16_t  TPM_PROTOCOL_ID;	/* The protocol in use.  */
+typedef uint16_t  TPM_STARTUP_TYPE;	/* Indicates the start state.  */
+typedef uint16_t  TPM_ENC_SCHEME;	/* The definition of the encryption scheme. */
+typedef uint16_t  TPM_SIG_SCHEME;	/* The definition of the signature scheme. */
+typedef uint16_t  TPM_MIGRATE_SCHEME;	/* The definition of the migration scheme */
+typedef uint16_t  TPM_PHYSICAL_PRESENCE; /* Sets the state of the physical presence mechanism. */
+typedef uint16_t  TPM_ENTITY_TYPE;	/* Indicates the types of entity that are supported by the
+                                           TPM. */
+typedef uint16_t  TPM_KEY_USAGE;	/* Indicates the permitted usage of the key.  */
+typedef uint16_t  TPM_EK_TYPE;		/* The type of asymmetric encrypted structure in use by the
+                                           endorsement key  */
+typedef uint16_t  TPM_STRUCTURE_TAG;	/* The tag for the structure */
+typedef uint16_t  TPM_PLATFORM_SPECIFIC; /* The platform specific spec to which the information
+                                           relates to */
+typedef uint32_t  TPM_COMMAND_CODE;	/* The command ordinal. */
+typedef uint32_t  TPM_CAPABILITY_AREA;	/* Identifies a TPM capability area. */
+typedef uint32_t  TPM_KEY_FLAGS;	/* Indicates information regarding a key. */
+//typedef uint32_t  TPM_ALGORITHM_ID;	/* Indicates the type of algorithm.  */
+//typedef uint32_t  TPM_MODIFIER_INDICATOR; /* The locality modifier  */
+typedef uint32_t  TPM_ACTUAL_COUNT;	/* The actual number of a counter.  */
+typedef uint32_t  TPM_TRANSPORT_ATTRIBUTES;	/* Attributes that define what options are in use
+                                                   for a transport session */
+typedef uint32_t  TPM_AUTHHANDLE;	/* Handle to an authorization session  */
+typedef uint32_t  TPM_DIRINDEX;		/* Index to a DIR register  */
+typedef uint32_t  TPM_KEY_HANDLE;	/* The area where a key is held assigned by the TPM.  */
+typedef uint32_t  TPM_PCRINDEX;		/* Index to a PCR register  */
+typedef uint32_t  TPM_RESULT;		/* The return code from a function  */
+typedef uint32_t  TPM_RESOURCE_TYPE;	/* The types of resources that a TPM may have using internal
+                                           resources */
+typedef uint32_t  TPM_KEY_CONTROL;	/* Allows for controlling of the key when loaded and how to
+                                           handle TPM_Startup issues  */
+typedef uint32_t  TPM12_NV_INDEX;	/* The index into the NV storage area  */
+typedef uint32_t  TPM_FAMILY_ID;	/* The family ID. Families ID's are automatically assigned a
+                                           sequence number by the TPM. A trusted process can set the
+                                           FamilyID value in an individual row to zero, which
+                                           invalidates that row. The family ID resets to zero on
+                                           each change of TPM Owner.  */
+typedef uint32_t  TPM_FAMILY_VERIFICATION;	/* A value used as a label for the most recent
+						   verification of this family. Set to zero when not
+						   in use.  */
+typedef uint32_t  TPM_STARTUP_EFFECTS;	/* How the TPM handles var  */
+typedef uint32_t  TPM_SYM_MODE;		/* The mode of a symmetric encryption  */
+typedef uint32_t  TPM_FAMILY_FLAGS;	/* The family flags  */
+typedef uint32_t  TPM_DELEGATE_INDEX;	/* The index value for the delegate NV table  */
+typedef uint32_t  TPM_CMK_DELEGATE;	/* The restrictions placed on delegation of CMK
+                                           commands */
+typedef uint32_t  TPM_COUNT_ID;		/* The ID value of a monotonic counter  */
+typedef uint32_t  TPM_REDIT_COMMAND;	/* A command to execute  */
+typedef uint32_t  TPM_TRANSHANDLE;	/* A transport session handle  */
+//typedef uint32_t  TPM_HANDLE;		/* A generic handle could be key, transport etc.  */
+typedef uint32_t  TPM_FAMILY_OPERATION;	/* What operation is happening  */
+#ifdef TPM_VTPM
+typedef uint32_t  TPM_INSTANCE_HANDLE;	/* Handle to a virtual TPM instance */
+typedef uint32_t  TPM_CREATION_MASK;	/* TPM_CreateInstance creation mask */
+#endif
+
+/* Not in specification */
+
+typedef uint16_t  TPM_TAG;		/* The command and response tags */
+
+typedef unsigned char *	TPM_SYMMETRIC_KEY_TOKEN;	/* abstract symmetric key token */
+typedef unsigned char *	TPM_BIGNUM;			/* abstract bignum */
+
+#endif
diff --git a/utils/ibmtss/tss.h b/utils/ibmtss/tss.h
new file mode 100644
index 000000000..36816d6d4
--- /dev/null
+++ b/utils/ibmtss/tss.h
@@ -0,0 +1,112 @@
+/********************************************************************************/
+/*										*/
+/*			   TSS Primary API 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSS_H
+#define TSS_H
+
+#include <ibmtss/TPM_Types.h>
+#include <ibmtss/Parameters.h>
+#include <ibmtss/Parameters12.h>
+
+/* include this as a convenience to applications */
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+
+typedef struct TSS_CONTEXT TSS_CONTEXT; 
+   
+#define TPM_TRACE_LEVEL		1
+#define TPM_DATA_DIR		2
+#define TPM_COMMAND_PORT	3
+#define TPM_PLATFORM_PORT	4
+#define TPM_SERVER_NAME		5
+#define TPM_INTERFACE_TYPE	6
+#define TPM_DEVICE		7
+#define TPM_ENCRYPT_SESSIONS	8
+#define TPM_SERVER_TYPE		9
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /* extra parameters as required */
+
+    /* TPM 2.0 */
+
+    typedef struct {
+	const char 		*bindPassword;
+	TPM2B_DIGEST 		salt;
+    } StartAuthSession_Extra;
+	
+    typedef union {
+	StartAuthSession_Extra 	StartAuthSession;
+    } EXTRA_PARAMETERS;
+
+    /* TPM 1.2 */
+
+    typedef struct {
+	const char 	*usagePassword;
+    } OSAP_Extra;
+	
+    typedef union {
+	OSAP_Extra 	OSAP;
+    } EXTRA12_PARAMETERS;
+    
+    LIB_EXPORT
+    TPM_RC TSS_Create(TSS_CONTEXT **tssContext);
+
+    LIB_EXPORT
+    TPM_RC TSS_Delete(TSS_CONTEXT *tssContext);
+
+    LIB_EXPORT
+    TPM_RC TSS_Execute(TSS_CONTEXT *tssContext,
+		       RESPONSE_PARAMETERS *out,	
+		       COMMAND_PARAMETERS *in,
+		       EXTRA_PARAMETERS *extra,
+		       TPM_CC commandCode,
+		       ...);
+
+    LIB_EXPORT
+    TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext,
+			   int property,
+			   const char *value);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tsscrypto.h b/utils/ibmtss/tsscrypto.h
new file mode 100644
index 000000000..5bf559106
--- /dev/null
+++ b/utils/ibmtss/tsscrypto.h
@@ -0,0 +1,164 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Library Dependent Crypto Support		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API should be stable, but is less guaranteed.
+
+   It is useful for applications that need some basic crypto functions.
+*/
+
+#ifndef TSSCRYPTO_H
+#define TSSCRYPTO_H
+
+#include <stdint.h>
+#include <stdio.h>
+
+#ifndef TPM_TSS_NORSA
+#include <openssl/rsa.h>
+#endif
+#ifndef TPM_TSS_NOECC
+#include <openssl/ec.h>
+#endif
+
+#include <ibmtss/tss.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    LIB_EXPORT
+    TPM_RC TSS_Crypto_Init(void);
+
+    LIB_EXPORT
+    TPM_RC TSS_Hash_Generate_valist(TPMT_HA *digest,
+				    va_list ap);
+    LIB_EXPORT
+    TPM_RC TSS_HMAC_Generate_valist(TPMT_HA *digest,
+				    const TPM2B_KEY *hmacKey,
+				    va_list ap);
+    LIB_EXPORT void TSS_XOR(unsigned char *out,
+			    const unsigned char *in1,
+			    const unsigned char *in2,
+			    size_t length);
+    LIB_EXPORT
+    TPM_RC TSS_RandBytes(unsigned char *buffer, uint32_t size);
+
+    LIB_EXPORT
+    TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen,
+					  const unsigned char *from, uint32_t fLen,
+					  const unsigned char *p,
+					  int plen,
+					  TPMI_ALG_HASH halg);	
+#ifndef TPM_TSS_NORSA
+    LIB_EXPORT
+    void TSS_RsaFree(void *rsaKey);
+
+    LIB_EXPORT
+    TPM_RC TSS_RSAPublicEncrypt(unsigned char* encrypt_data,
+				size_t encrypt_data_size,
+				const unsigned char *decrypt_data,
+				size_t decrypt_data_size,
+				unsigned char *narr,
+				uint32_t nbytes,
+				unsigned char *earr,
+				uint32_t ebytes,
+				unsigned char *p,
+				int pl,
+				TPMI_ALG_HASH halg);
+    /*
+      deprecated OpenSSL specific functions
+    */
+#ifndef TPM_TSS_NO_OPENSSL
+
+    LIB_EXPORT
+    TPM_RC TSS_RsaNew(void **rsaKey);
+
+    LIB_EXPORT
+    TPM_RC TSS_RSAGeneratePublicToken(RSA **rsa_pub_key,		/* freed by caller */
+				      const unsigned char *narr,   	/* public modulus */
+				      uint32_t nbytes,
+				      const unsigned char *earr,   	/* public exponent */
+				      uint32_t ebytes);
+#endif /* TPM_TSS_NO_OPENSSL */
+
+    /* crypto library independent */
+    LIB_EXPORT
+    TPM_RC TSS_RSAGeneratePublicTokenI(void **rsa_pub_key,		/* freed by caller */
+				       const unsigned char *narr,   	/* public modulus */
+				       uint32_t nbytes,
+				       const unsigned char *earr,   	/* public exponent */
+				       uint32_t ebytes);
+
+#endif
+#ifndef TPM_TSS_NOECC
+    TPM_RC TSS_ECC_Salt(TPM2B_DIGEST 		*salt,
+			TPM2B_ENCRYPTED_SECRET	*encryptedSalt,
+			TPMT_PUBLIC		*publicArea);
+
+#endif
+    TPM_RC TSS_AES_GetEncKeySize(size_t *tssSessionEncKeySize);
+    TPM_RC TSS_AES_GetDecKeySize(size_t *tssSessionDecKeySize);
+    TPM_RC TSS_AES_KeyGenerate(void *tssSessionEncKey,
+			       void *tssSessionDecKey);
+    TPM_RC TSS_AES_Encrypt(void *tssSessionEncKey,
+			   unsigned char **encrypt_data,
+			   uint32_t *encrypt_length,
+			   const unsigned char *decrypt_data,
+			   uint32_t decrypt_length);
+    TPM_RC TSS_AES_Decrypt(void *tssSessionDecKey,
+			   unsigned char **decrypt_data,
+			   uint32_t *decrypt_length,
+			   const unsigned char *encrypt_data,
+			   uint32_t encrypt_length);
+    TPM_RC TSS_AES_EncryptCFB(uint8_t	*dOut,
+			      uint32_t	keySizeInBits,
+			      uint8_t 	*key,
+			      uint8_t 	*iv,
+			      uint32_t	dInSize,
+			      uint8_t 	*dIn);
+    TPM_RC TSS_AES_DecryptCFB(uint8_t *dOut,
+			      uint32_t keySizeInBits,
+			      uint8_t *key,
+			      uint8_t *iv,
+			      uint32_t dInSize,
+			      uint8_t *dIn);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tsscryptoh.h b/utils/ibmtss/tsscryptoh.h
new file mode 100644
index 000000000..02a2da224
--- /dev/null
+++ b/utils/ibmtss/tsscryptoh.h
@@ -0,0 +1,107 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Library Independent Crypto Support		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API should be stable, but is less guaranteed.
+
+   It is useful for applications that need some basic crypto functions.
+*/
+
+#ifndef TSSCRYPTOH_H
+#define TSSCRYPTOH_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    LIB_EXPORT
+    uint16_t TSS_GetDigestSize(TPM_ALG_ID hashAlg)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+
+    LIB_EXPORT
+    uint16_t TSS_GetDigestBlockSize(TPM_ALG_ID hashAlg)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+
+    LIB_EXPORT
+    TPM_RC TSS_Hash_Generate(TPMT_HA *digest,
+			     ...);
+
+    LIB_EXPORT
+    TPM_RC TSS_HMAC_Generate(TPMT_HA *digest,
+			     const TPM2B_KEY *hmacKey,
+			     ...);
+    LIB_EXPORT
+    TPM_RC TSS_HMAC_Verify(TPMT_HA *expect,
+			   const TPM2B_KEY *hmacKey,
+			   UINT32 sizeInBytes,
+			   ...);
+    LIB_EXPORT
+    TPM_RC TSS_KDFA(uint8_t          *keyStream,
+		    TPM_ALG_ID       hashAlg,
+		    const TPM2B     *key,
+		    const char      *label,
+		    const TPM2B     *contextU,
+		    const TPM2B     *contextV,
+		    uint32_t         sizeInBits);
+
+    LIB_EXPORT
+    TPM_RC TSS_KDFE(uint8_t          *keyStream,
+		    TPM_ALG_ID       hashAlg,
+		    const TPM2B     *key,
+		    const char      *label,
+		    const TPM2B     *contextU,
+		    const TPM2B     *contextV,
+		    uint32_t         sizeInBits);
+
+    uint16_t TSS_Sym_GetBlockSize(TPM_ALG_ID	symmetricAlg, 
+				  uint16_t	keySizeInBits)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tsserror.h b/utils/ibmtss/tsserror.h
new file mode 100644
index 000000000..a53074416
--- /dev/null
+++ b/utils/ibmtss/tsserror.h
@@ -0,0 +1,115 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Error Codes					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a public header. That defines TSS error codes.
+
+   tss.h includes it for convenience.
+*/
+
+#ifndef TSSERROR_H
+#define TSSERROR_H
+
+/* the base for these errors is 11 << 16 = 000bxxxx */
+
+#define	TSS_RC_OUT_OF_MEMORY		0x000b0001	/* Out of memory,(malloc failed) */
+#define	TSS_RC_ALLOC_INPUT		0x000b0002	/* The input to an allocation is not NULL */
+#define	TSS_RC_MALLOC_SIZE		0x000b0003	/* The malloc size is too large or zero */
+#define	TSS_RC_INSUFFICIENT_BUFFER	0x000b0004	/* A buffer was insufficient for a copy */
+#define TSS_RC_BAD_PROPERTY		0x000b0005	/* The property parameter is out of range */
+#define TSS_RC_BAD_PROPERTY_VALUE	0x000b0006	/* The property value is invalid */
+#define TSS_RC_INSUPPORTED_INTERFACE	0x000b0007	/* The TPM interface type is not supported */
+#define TSS_RC_NO_CONNECTION		0x000b0008	/* Failure connecting to lower layer */
+#define TSS_RC_BAD_CONNECTION		0x000b0009	/* Failure communicating with lower layer */
+#define TSS_RC_MALFORMED_RESPONSE	0x000b000a	/* A response packet was fundamentally malformed */
+#define TSS_RC_NULL_PARAMETER		0x000b000b	/* A required parameter was NULL */
+#define TSS_RC_NOT_IMPLEMENTED		0x000b000c	/* TSS function is not implemented */
+#define TSS_RC_BAD_READ_VALUE		0x000b000d	/* Actual read value different from expected */
+#define	TSS_RC_FILE_OPEN		0x000b0010	/* The file could not be opened */
+#define	TSS_RC_FILE_SEEK		0x000b0011	/* A file seek failed */
+#define	TSS_RC_FILE_FTELL		0x000b0012	/* A file ftell failed */
+#define	TSS_RC_FILE_READ		0x000b0013	/* A file read failed */
+#define	TSS_RC_FILE_CLOSE		0x000b0014	/* A file close failed */
+#define	TSS_RC_FILE_WRITE		0x000b0015	/* A file write failed */
+#define	TSS_RC_FILE_REMOVE		0x000b0016	/* A file remove failed */
+#define	TSS_RC_RNG_FAILURE		0x000b0020	/* Random number generator failed */
+#define TSS_RC_BAD_PWAP_NONCE		0x000b0030	/* Bad PWAP response nonce */
+#define TSS_RC_BAD_PWAP_ATTRIBUTES	0x000b0031	/* Bad PWAP response attributes */
+#define	TSS_RC_BAD_PWAP_HMAC		0x000b0032	/* Bad PWAP response HMAC */
+#define	TSS_RC_NAME_NOT_IMPLEMENTED	0x000b0040	/* Name calculation not implemented for handle type */
+#define	TSS_RC_MALFORMED_NV_PUBLIC	0x000b0041	/* The NV public structure does not match the name */
+#define TSS_RC_NAME_FILENAME		0x000b0042	/* The name filename function has inconsistent arguments */
+#define TSS_RC_MALFORMED_PUBLIC		0x000b0043	/* The public structure does not match the name */
+#define	TSS_RC_DECRYPT_SESSIONS		0x000b0050	/* More than one command decrypt session */
+#define	TSS_RC_ENCRYPT_SESSIONS		0x000b0051	/* More than one response encrypt session */
+#define	TSS_RC_NO_DECRYPT_PARAMETER	0x000b0052	/* Command has no decrypt parameter */
+#define	TSS_RC_NO_ENCRYPT_PARAMETER	0x000b0053	/* Response has no encrypt parameter */
+#define	TSS_RC_BAD_DECRYPT_ALGORITHM	0x000b0054	/* Session had an unimplemented decrypt symmetric algorithm */
+#define	TSS_RC_BAD_ENCRYPT_ALGORITHM	0x000b0055	/* Session had an unimplemented encrypt symmetric algorithm */
+#define	TSS_RC_AES_ENCRYPT_FAILURE	0x000b0056	/* AES encryption failed */
+#define	TSS_RC_AES_DECRYPT_FAILURE	0x000b0057	/* AES decryption failed */
+#define TSS_RC_BAD_ENCRYPT_SIZE		0x000b0058	/* Parameter encryption size mismatch */
+#define TSS_RC_AES_KEYGEN_FAILURE	0x000b0059	/* AES key generation failed */
+#define TSS_RC_SESSION_NUMBER		0x000b005a	/* session number out of range */
+#define	TSS_RC_BAD_SALT_KEY		0x000b0060	/* tpmKey is unsuitable for salt */
+#define	TSS_RC_KDFA_FAILED		0x000b0070	/* KDFa function failed */
+#define	TSS_RC_HMAC			0x000b0071	/* An HMAC calculation failed */
+#define	TSS_RC_HMAC_SIZE		0x000b0072	/* Response HMAC is the wrong size */
+#define	TSS_RC_HMAC_VERIFY		0x000b0073	/* HMAC does not verify */
+#define	TSS_RC_BAD_HASH_ALGORITHM	0x000b0074	/* Unimplemented hash algorithm */
+#define	TSS_RC_HASH			0x000b0075	/* A hash calculation failed */
+#define TSS_RC_RSA_KEY_CONVERT		0x000b0076	/* RSA key conversion failed */
+#define TSS_RC_RSA_PADDING		0x000b0077	/* RSA add padding failed */
+#define TSS_RC_RSA_ENCRYPT		0x000b0078	/* RSA public encrypt failed */
+#define TSS_RC_BIGNUM			0x000b0079	/* BIGNUM operation failed */
+#define TSS_RC_RSA_SIGNATURE		0x000b007a	/* RSA signature is bad */
+#define TSS_RC_EC_SIGNATURE		0x000b007b	/* EC signature is bad */
+#define TSS_RC_EC_KEY_CONVERT		0x000b007c	/* EC key conversion failed */
+#define TSS_RC_BAD_SIGNATURE_ALGORITHM	0x000b007d	/* Unimplemented signature algorithm */
+#define TSS_RC_X509_ERROR		0x000b007e	/* X509 parse error */
+#define TSS_RC_PEM_ERROR		0x000b007f	/* PEM parse error */
+#define TSS_RC_COMMAND_UNIMPLEMENTED	0x000b0080	/* Unimplemented command */
+#define TSS_RC_IN_PARAMETER		0x000b0081	/* Bad in parameter to TSS_Execute */
+#define TSS_RC_OUT_PARAMETER		0x000b0082	/* Bad out parameter to TSS_Execute */
+#define TSS_RC_BAD_HANDLE_NUMBER	0x000b0083	/* Bad handle number for this command */
+#define TSS_RC_KDFE_FAILED              0x000b0084      /* KDFe function failed */
+#define TSS_RC_EC_EPHEMERAL_FAILURE     0x000b0085      /* Failed while making or using EC ephemeral key */
+#define TSS_RC_FAIL			0x000b0086	/* TSS internal failure */
+#define TSS_RC_NO_SESSION_SLOT		0x000b0090	/* TSS context has no session slot for handle */
+#define TSS_RC_NO_OBJECTPUBLIC_SLOT	0x000b0091	/* TSS context has no object public slot for handle */
+#define TSS_RC_NO_NVPUBLIC_SLOT		0x000b0092	/* TSS context has no NV public slot for handle */
+#endif
diff --git a/utils/ibmtss/tsserror12.h b/utils/ibmtss/tsserror12.h
new file mode 100644
index 000000000..46d2e3f67
--- /dev/null
+++ b/utils/ibmtss/tsserror12.h
@@ -0,0 +1,248 @@
+/********************************************************************************/
+/*                                                                              */
+/*                          TPM 1.2 Error Response                              */
+/*                           Written by Ken Goldman                             */
+/*                     IBM Thomas J. Watson Research Center                     */
+/*                                                                              */
+/* (c) Copyright IBM Corporation 2006, 2010.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TPM_ERROR_H
+#define TPM_ERROR_H
+
+/* 16. Return codes rev 99
+
+   The TPM has five types of return code. One indicates successful operation and four indicate 
+   failure. TPM_SUCCESS (00000000) indicates successful execution. The failure reports are: 
+   TPM defined fatal errors (00000001 to 000003FF), vendor defined fatal errors (00000400 to 
+   000007FF), TPM defined non-fatal errors (00000800 to 00000BFF), and vendor defined 
+   non-fatal errors (00000C00 to 00000FFF).
+   
+   The range of vendor defined non-fatal errors was determined by the TSS-WG, which defined 
+   XXXX YCCC with XXXX as OS specific and Y defining the TSS SW stack layer (0: TPM layer)
+   
+   All failure cases return only a non-authenticated fixed set of information. This is because 
+   the failure may have been due to authentication or other factors, and there is no possibility 
+   of producing an authenticated response.
+   
+   Fatal errors also terminate any authorization sessions. This is a result of returning only the 
+   error code, as there is no way to return the nonces necessary to maintain an authorization 
+   session. Non-fatal errors do not terminate authorization sessions.
+
+   The return code MUST use the following base. The return code MAY be TCG defined or vendor
+   defined. */
+
+#define TPM_BASE                0x0             /*  The start of TPM return codes */
+#define TPM_SUCCESS             TPM_BASE        /* Successful completion of the operation */
+#define TPM_VENDOR_ERROR        TPM_Vendor_Specific32   /* Mask to indicate that the error code is
+                                                           vendor specific for vendor specific
+                                                           commands. */
+#define TPM_NON_FATAL           0x00000800 /* Mask to indicate that the error code is a non-fatal
+                                              failure. */
+
+/* TPM-defined fatal error codes */
+
+#define TPM_AUTHFAIL            TPM_BASE + 1  /* Authentication failed */
+#define TPM_BADINDEX            TPM_BASE + 2  /* The index to a PCR, DIR or other register is
+                                                 incorrect */
+#define TPM_BAD_PARAMETER       TPM_BASE + 3  /* One or more parameter is bad */
+#define TPM_AUDITFAILURE        TPM_BASE + 4  /* An operation completed successfully but the auditing
+                                                 of that operation failed.  */
+#define TPM_CLEAR_DISABLED      TPM_BASE + 5  /* The clear disable flag is set and all clear
+                                                 operations now require physical access */
+#define TPM_DEACTIVATED         TPM_BASE + 6  /* The TPM is deactivated */
+#define TPM_DISABLED            TPM_BASE + 7  /* The TPM is disabled */
+#define TPM_DISABLED_CMD        TPM_BASE + 8  /* The target command has been disabled */
+#define TPM_FAIL                TPM_BASE + 9  /* The operation failed */
+#define TPM_BAD_ORDINAL         TPM_BASE + 10 /* The ordinal was unknown or inconsistent */
+#define TPM_INSTALL_DISABLED    TPM_BASE + 11 /* The ability to install an owner is disabled */
+#define TPM_INVALID_KEYHANDLE   TPM_BASE + 12 /* The key handle presented was invalid */
+#define TPM_KEYNOTFOUND         TPM_BASE + 13 /* The target key was not found */
+#define TPM_INAPPROPRIATE_ENC   TPM_BASE + 14 /* Unacceptable encryption scheme */
+#define TPM_MIGRATEFAIL         TPM_BASE + 15 /* Migration authorization failed */
+#define TPM_INVALID_PCR_INFO    TPM_BASE + 16 /* PCR information could not be interpreted */
+#define TPM_NOSPACE             TPM_BASE + 17 /* No room to load key.  */
+#define TPM_NOSRK               TPM_BASE + 18 /* There is no SRK set */
+#define TPM_NOTSEALED_BLOB      TPM_BASE + 19 /* An encrypted blob is invalid or was not created by
+                                                 this TPM */
+#define TPM_OWNER_SET           TPM_BASE + 20 /* There is already an Owner */
+#define TPM_RESOURCES           TPM_BASE + 21 /* The TPM has insufficient internal resources to
+                                                 perform the requested action.  */
+#define TPM_SHORTRANDOM         TPM_BASE + 22 /* A random string was too short */
+#define TPM_SIZE                TPM_BASE + 23 /* The TPM does not have the space to perform the
+                                                 operation. */
+#define TPM_WRONGPCRVAL         TPM_BASE + 24 /* The named PCR value does not match the current PCR
+                                                 value. */
+#define TPM_BAD_PARAM_SIZE      TPM_BASE + 25 /* The paramSize argument to the command has the
+                                                 incorrect value */
+#define TPM_SHA_THREAD          TPM_BASE + 26 /* There is no existing SHA-1 thread.  */
+#define TPM_SHA_ERROR           TPM_BASE + 27 /* The calculation is unable to proceed because the
+                                                 existing SHA-1 thread has already encountered an
+                                                 error.  */
+#define TPM_FAILEDSELFTEST      TPM_BASE + 28 /* Self-test has failed and the TPM has shutdown.  */
+#define TPM_AUTH2FAIL           TPM_BASE + 29 /* The authorization for the second key in a 2 key
+                                                 function failed authorization */
+#define TPM_BADTAG              TPM_BASE + 30 /* The tag value sent to for a command is invalid */
+#define TPM_IOERROR             TPM_BASE + 31 /* An IO error occurred transmitting information to
+                                                 the TPM */
+#define TPM_ENCRYPT_ERROR       TPM_BASE + 32 /* The encryption process had a problem.  */
+#define TPM_DECRYPT_ERROR       TPM_BASE + 33 /* The decryption process did not complete.  */
+#define TPM_INVALID_AUTHHANDLE  TPM_BASE + 34 /* An invalid handle was used.  */
+#define TPM_NO_ENDORSEMENT      TPM_BASE + 35 /* The TPM does not a EK installed */
+#define TPM_INVALID_KEYUSAGE    TPM_BASE + 36 /* The usage of a key is not allowed */
+#define TPM_WRONG_ENTITYTYPE    TPM_BASE + 37 /* The submitted entity type is not allowed */
+#define TPM_INVALID_POSTINIT    TPM_BASE + 38 /* The command was received in the wrong sequence
+                                                 relative to TPM_Init and a subsequent TPM_Startup
+                                                 */
+#define TPM_INAPPROPRIATE_SIG   TPM_BASE + 39 /* Signed data cannot include additional DER
+                                                 information */
+#define TPM_BAD_KEY_PROPERTY    TPM_BASE + 40 /* The key properties in TPM_KEY_PARMs are not
+                                                 supported by this TPM */
+#define TPM_BAD_MIGRATION       TPM_BASE + 41 /* The migration properties of this key are incorrect.
+                                               */
+#define TPM_BAD_SCHEME          TPM_BASE + 42 /* The signature or encryption scheme for this key is
+                                                 incorrect or not permitted in this situation.  */
+#define TPM_BAD_DATASIZE        TPM_BASE + 43 /* The size of the data (or blob) parameter is bad or
+                                                 inconsistent with the referenced key */
+#define TPM_BAD_MODE            TPM_BASE + 44 /* A mode parameter is bad, such as capArea or
+                                                 subCapArea for TPM_GetCapability, physicalPresence
+                                                 parameter for TPM_PhysicalPresence, or
+                                                 migrationType for TPM_CreateMigrationBlob.  */
+#define TPM_BAD_PRESENCE        TPM_BASE + 45 /* Either the physicalPresence or physicalPresenceLock
+                                                 bits have the wrong value */
+#define TPM_BAD_VERSION         TPM_BASE + 46 /* The TPM cannot perform this version of the
+                                                 capability */
+#define TPM_NO_WRAP_TRANSPORT   TPM_BASE + 47 /* The TPM does not allow for wrapped transport
+                                                 sessions */
+#define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 /* TPM audit construction failed and the
+                                                    underlying command was returning a failure
+                                                    code also */
+#define TPM_AUDITFAIL_SUCCESSFUL   TPM_BASE + 49 /* TPM audit construction failed and the underlying
+                                                    command was returning success */
+#define TPM_NOTRESETABLE        TPM_BASE + 50 /* Attempt to reset a PCR register that does not have
+                                                 the resettable attribute */
+#define TPM_NOTLOCAL            TPM_BASE + 51 /* Attempt to reset a PCR register that requires
+                                                 locality and locality modifier not part of command
+                                                 transport */
+#define TPM_BAD_TYPE            TPM_BASE + 52 /* Make identity blob not properly typed */
+#define TPM_INVALID_RESOURCE    TPM_BASE + 53 /* When saving context identified resource type does
+                                                 not match actual resource */
+#define TPM_NOTFIPS             TPM_BASE + 54 /* The TPM is attempting to execute a command only
+                                                 available when in FIPS mode */
+#define TPM_INVALID_FAMILY      TPM_BASE + 55 /* The command is attempting to use an invalid family
+                                                 ID */
+#define TPM_NO_NV_PERMISSION    TPM_BASE + 56 /* The permission to manipulate the NV storage is not
+                                                 available */
+#define TPM_REQUIRES_SIGN       TPM_BASE + 57 /* The operation requires a signed command */
+#define TPM_KEY_NOTSUPPORTED    TPM_BASE + 58 /* Wrong operation to load an NV key */
+#define TPM_AUTH_CONFLICT       TPM_BASE + 59 /* NV_LoadKey blob requires both owner and blob
+                                                 authorization */
+#define TPM_AREA_LOCKED         TPM_BASE + 60 /* The NV area is locked and not writable */
+#define TPM_BAD_LOCALITY        TPM_BASE + 61 /* The locality is incorrect for the attempted
+                                                 operation */
+#define TPM_READ_ONLY           TPM_BASE + 62 /* The NV area is read only and can't be written to
+                                               */
+#define TPM_PER_NOWRITE         TPM_BASE + 63 /* There is no protection on the write to the NV area
+                                               */
+#define TPM_FAMILYCOUNT         TPM_BASE + 64 /* The family count value does not match */
+#define TPM_WRITE_LOCKED        TPM_BASE + 65 /* The NV area has already been written to */
+#define TPM_BAD_ATTRIBUTES      TPM_BASE + 66 /* The NV area attributes conflict */
+#define TPM_INVALID_STRUCTURE   TPM_BASE + 67 /* The structure tag and version are invalid or
+                                                 inconsistent */
+#define TPM_KEY_OWNER_CONTROL   TPM_BASE + 68 /* The key is under control of the TPM Owner and can
+                                                 only be evicted by the TPM Owner.  */
+#define TPM_BAD_COUNTER         TPM_BASE + 69 /* The counter handle is incorrect */
+#define TPM_NOT_FULLWRITE       TPM_BASE + 70 /* The write is not a complete write of the area */
+#define TPM_CONTEXT_GAP         TPM_BASE + 71 /* The gap between saved context counts is too large
+                                               */
+#define TPM_MAXNVWRITES         TPM_BASE + 72 /* The maximum number of NV writes without an owner
+                                                 has been exceeded */
+#define TPM_NOOPERATOR          TPM_BASE + 73 /* No operator authorization value is set */
+#define TPM_RESOURCEMISSING     TPM_BASE + 74 /* The resource pointed to by context is not loaded
+                                               */
+#define TPM_DELEGATE_LOCK       TPM_BASE + 75 /* The delegate administration is locked */
+#define TPM_DELEGATE_FAMILY     TPM_BASE + 76 /* Attempt to manage a family other then the delegated
+                                                 family */
+#define TPM_DELEGATE_ADMIN      TPM_BASE + 77 /* Delegation table management not enabled */
+#define TPM_TRANSPORT_NOTEXCLUSIVE TPM_BASE + 78 /* There was a command executed outside of an
+                                                 exclusive transport session */
+#define TPM_OWNER_CONTROL       TPM_BASE + 79 /* Attempt to context save a owner evict controlled
+                                                 key */
+#define TPM_DAA_RESOURCES       TPM_BASE + 80 /* The DAA command has no resources available to
+                                                 execute the command */
+#define TPM_DAA_INPUT_DATA0     TPM_BASE + 81 /* The consistency check on DAA parameter inputData0
+                                                 has failed. */
+#define TPM_DAA_INPUT_DATA1     TPM_BASE + 82 /* The consistency check on DAA parameter inputData1
+                                                 has failed. */
+#define TPM_DAA_ISSUER_SETTINGS TPM_BASE + 83 /* The consistency check on DAA_issuerSettings has
+                                                 failed. */
+#define TPM_DAA_TPM_SETTINGS    TPM_BASE + 84 /* The consistency check on DAA_tpmSpecific has
+                                                 failed. */
+#define TPM_DAA_STAGE           TPM_BASE + 85 /* The atomic process indicated by the submitted DAA
+                                                 command is not the expected process. */
+#define TPM_DAA_ISSUER_VALIDITY TPM_BASE + 86 /* The issuer's validity check has detected an
+                                                 inconsistency */
+#define TPM_DAA_WRONG_W         TPM_BASE + 87 /* The consistency check on w has failed. */
+#define TPM_BAD_HANDLE          TPM_BASE + 88 /* The handle is incorrect */
+#define TPM_BAD_DELEGATE        TPM_BASE + 89 /* Delegation is not correct */
+#define TPM_BADCONTEXT          TPM_BASE + 90 /* The context blob is invalid */
+#define TPM_TOOMANYCONTEXTS     TPM_BASE + 91 /* Too many contexts held by the TPM */
+#define TPM_MA_TICKET_SIGNATURE TPM_BASE + 92 /* Migration authority signature validation failure
+                                               */
+#define TPM_MA_DESTINATION      TPM_BASE + 93 /* Migration destination not authenticated */
+#define TPM_MA_SOURCE           TPM_BASE + 94 /* Migration source incorrect */
+#define TPM_MA_AUTHORITY        TPM_BASE + 95 /* Incorrect migration authority */
+#define TPM_PERMANENTEK         TPM_BASE + 97 /* Attempt to revoke the EK and the EK is not revocable */
+#define TPM_BAD_SIGNATURE       TPM_BASE + 98 /* Bad signature of CMK ticket */ 
+#define TPM_NOCONTEXTSPACE      TPM_BASE + 99 /* There is no room in the context list for additional
+                                                 contexts */
+
+/* As error codes are added here, they should also be added to lib/miscfunc.c */
+
+/* TPM-defined non-fatal errors */
+
+#define TPM_RETRY               TPM_BASE + TPM_NON_FATAL /* The TPM is too busy to respond to the
+                                                            command immediately, but the command
+                                                            could be submitted at a later time */
+#define TPM_NEEDS_SELFTEST      TPM_BASE + TPM_NON_FATAL + 1 /* TPM_ContinueSelfTest has has not
+                                                                been run*/
+#define TPM_DOING_SELFTEST      TPM_BASE + TPM_NON_FATAL + 2 /* The TPM is currently executing the
+                                                                actions of TPM_ContinueSelfTest
+                                                                because the ordinal required
+                                                                resources that have not been
+                                                                tested. */
+#define TPM_DEFEND_LOCK_RUNNING TPM_BASE + TPM_NON_FATAL + 3
+                                                        /* The TPM is defending against dictionary
+                                                           attacks and is in some time-out
+                                                           period. */
+
+#endif
diff --git a/utils/ibmtss/tssfile.h b/utils/ibmtss/tssfile.h
new file mode 100644
index 000000000..a75a4ed35
--- /dev/null
+++ b/utils/ibmtss/tssfile.h
@@ -0,0 +1,95 @@
+/********************************************************************************/
+/*										*/
+/*			TSS and Application File Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssfile.h 1324 2018-08-31 16:36:12Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API is subject to change.
+
+   It is useful rapid application development, and as sample code.  It is risky for production code.
+
+*/
+
+#ifndef TSSFILE_H
+#define TSSFILE_H
+
+#include <stdio.h>
+
+#include <ibmtss/TPM_Types.h>
+#include <ibmtss/tssutils.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    LIB_EXPORT
+    int TSS_File_Open(FILE **file,
+		      const char *filename,
+		      const char* mode);
+    LIB_EXPORT
+    TPM_RC TSS_File_ReadBinaryFile(unsigned char **data,
+				   size_t *length,
+				   const char *filename); 
+    LIB_EXPORT 
+    TPM_RC TSS_File_WriteBinaryFile(const unsigned char *data,
+				    size_t length,
+				    const char *filename); 
+    
+    LIB_EXPORT 
+    TPM_RC TSS_File_ReadStructure(void 			*structure,
+				  UnmarshalFunction_t 	unmarshalFunction,
+				  const char 		*filename);
+    LIB_EXPORT 
+    TPM_RC TSS_File_ReadStructureFlag(void 			*structure,
+				      UnmarshalFunctionFlag_t 	unmarshalFunction,
+				      BOOL 			allowNull,
+				      const char 		*filename);
+    LIB_EXPORT 
+    TPM_RC TSS_File_WriteStructure(void 			*structure,
+				   MarshalFunction_t 	marshalFunction,
+				   const char 		*filename);
+    LIB_EXPORT 
+    TPM_RC TSS_File_Read2B(TPM2B 		*tpm2b,
+			   uint16_t 	targetSize,
+			   const char 	*filename);
+    LIB_EXPORT 
+    TPM_RC TSS_File_DeleteFile(const char *filename); 
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tssmarshal.h b/utils/ibmtss/tssmarshal.h
new file mode 100644
index 000000000..52227a8a0
--- /dev/null
+++ b/utils/ibmtss/tssmarshal.h
@@ -0,0 +1,1628 @@
+/********************************************************************************/
+/*										*/
+/*			 TSS Marshal and Unmarshal    				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API should be stable, but is less guaranteed.
+
+   It is useful for applications that have to marshal / unmarshal
+   structures for file save / load.
+*/
+
+#ifndef TSSMARSHAL_H
+#define TSSMARSHAL_H
+
+#include "BaseTypes.h"
+#include <ibmtss/TPM_Types.h>
+
+#include "ActivateCredential_fp.h"
+#include "CertifyCreation_fp.h"
+#include "CertifyX509_fp.h"
+#include "Certify_fp.h"
+#include "ChangeEPS_fp.h"
+#include "ChangePPS_fp.h"
+#include "ClearControl_fp.h"
+#include "Clear_fp.h"
+#include "ClockRateAdjust_fp.h"
+#include "ClockSet_fp.h"
+#include "Commit_fp.h"
+#include "Commit_fp.h"
+#include "ContextLoad_fp.h"
+#include "ContextSave_fp.h"
+#include "CreatePrimary_fp.h"
+#include "Create_fp.h"
+#include "CreateLoaded_fp.h"
+#include "DictionaryAttackLockReset_fp.h"
+#include "DictionaryAttackParameters_fp.h"
+#include "Duplicate_fp.h"
+#include "ECC_Parameters_fp.h"
+#include "ECDH_KeyGen_fp.h"
+#include "ECDH_ZGen_fp.h"
+#include "EC_Ephemeral_fp.h"
+#include "EncryptDecrypt_fp.h"
+#include "EncryptDecrypt2_fp.h"
+#include "EventSequenceComplete_fp.h"
+#include "EvictControl_fp.h"
+#include "FlushContext_fp.h"
+#include "GetCapability_fp.h"
+#include "GetCommandAuditDigest_fp.h"
+#include "GetRandom_fp.h"
+#include "GetSessionAuditDigest_fp.h"
+#include "GetTestResult_fp.h"
+#include "GetTime_fp.h"
+#include "HMAC_Start_fp.h"
+#include "HMAC_fp.h"
+#include "HashSequenceStart_fp.h"
+#include "Hash_fp.h"
+#include "HierarchyChangeAuth_fp.h"
+#include "HierarchyControl_fp.h"
+#include "Import_fp.h"
+#include "IncrementalSelfTest_fp.h"
+#include "LoadExternal_fp.h"
+#include "Load_fp.h"
+#include "MakeCredential_fp.h"
+#include "NV_Certify_fp.h"
+#include "NV_ChangeAuth_fp.h"
+#include "NV_DefineSpace_fp.h"
+#include "NV_Extend_fp.h"
+#include "NV_GlobalWriteLock_fp.h"
+#include "NV_Increment_fp.h"
+#include "NV_ReadLock_fp.h"
+#include "NV_ReadPublic_fp.h"
+#include "NV_Read_fp.h"
+#include "NV_SetBits_fp.h"
+#include "NV_UndefineSpaceSpecial_fp.h"
+#include "NV_UndefineSpace_fp.h"
+#include "NV_WriteLock_fp.h"
+#include "NV_Write_fp.h"
+#include "ObjectChangeAuth_fp.h"
+#include "PCR_Allocate_fp.h"
+#include "PCR_Event_fp.h"
+#include "PCR_Extend_fp.h"
+#include "PCR_Read_fp.h"
+#include "PCR_Reset_fp.h"
+#include "PCR_SetAuthPolicy_fp.h"
+#include "PCR_SetAuthValue_fp.h"
+#include "PP_Commands_fp.h"
+#include "PolicyAuthValue_fp.h"
+#include "PolicyAuthorize_fp.h"
+#include "PolicyAuthorizeNV_fp.h"
+#include "PolicyCommandCode_fp.h"
+#include "PolicyCounterTimer_fp.h"
+#include "PolicyCpHash_fp.h"
+#include "PolicyDuplicationSelect_fp.h"
+#include "PolicyGetDigest_fp.h"
+#include "PolicyLocality_fp.h"
+#include "PolicyNV_fp.h"
+#include "PolicyAuthorizeNV_fp.h"
+#include "PolicyNvWritten_fp.h"
+#include "PolicyNameHash_fp.h"
+#include "PolicyOR_fp.h"
+#include "PolicyPCR_fp.h"
+#include "PolicyPassword_fp.h"
+#include "PolicyPhysicalPresence_fp.h"
+#include "PolicyRestart_fp.h"
+#include "PolicySecret_fp.h"
+#include "PolicySigned_fp.h"
+#include "PolicyTemplate_fp.h"
+#include "PolicyTicket_fp.h"
+#include "Quote_fp.h"
+#include "RSA_Decrypt_fp.h"
+#include "RSA_Encrypt_fp.h"
+#include "ReadClock_fp.h"
+#include "ReadPublic_fp.h"
+#include "Rewrap_fp.h"
+#include "SelfTest_fp.h"
+#include "SequenceComplete_fp.h"
+#include "SequenceUpdate_fp.h"
+#include "SetAlgorithmSet_fp.h"
+#include "SetCommandCodeAuditStatus_fp.h"
+#include "SetPrimaryPolicy_fp.h"
+#include "Shutdown_fp.h"
+#include "Sign_fp.h"
+#include "StartAuthSession_fp.h"
+#include "Startup_fp.h"
+#include "StirRandom_fp.h"
+#include "TestParms_fp.h"
+#include "Unseal_fp.h"
+#include "VerifySignature_fp.h"
+#include "ZGen_2Phase_fp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /* Recommended functions */
+    
+    TPM_RC
+    TSS_Startup_In_Marshalu(const Startup_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Shutdown_In_Marshalu(const Shutdown_In  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SelfTest_In_Marshalu(const SelfTest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_IncrementalSelfTest_In_Marshalu(const IncrementalSelfTest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_StartAuthSession_In_Marshalu(const StartAuthSession_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyRestart_In_Marshalu(const PolicyRestart_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Create_In_Marshalu(const Create_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Load_In_Marshalu(const Load_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_LoadExternal_In_Marshalu(const LoadExternal_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ReadPublic_In_Marshalu(const ReadPublic_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ActivateCredential_In_Marshalu(const ActivateCredential_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_MakeCredential_In_Marshalu(const MakeCredential_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Unseal_In_Marshalu(const Unseal_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ObjectChangeAuth_In_Marshalu(const ObjectChangeAuth_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreateLoaded_In_Marshalu(const CreateLoaded_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Duplicate_In_Marshalu(const Duplicate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Rewrap_In_Marshalu(const Rewrap_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Import_In_Marshalu(const Import_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_RSA_Encrypt_In_Marshalu(const RSA_Encrypt_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_RSA_Decrypt_In_Marshalu(const RSA_Decrypt_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ECDH_KeyGen_In_Marshalu(const ECDH_KeyGen_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ECDH_ZGen_In_Marshalu(const ECDH_ZGen_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ECC_Parameters_In_Marshalu(const ECC_Parameters_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ZGen_2Phase_In_Marshalu(const ZGen_2Phase_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EncryptDecrypt_In_Marshalu(const EncryptDecrypt_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EncryptDecrypt2_In_Marshalu(const EncryptDecrypt2_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Hash_In_Marshalu(const Hash_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HMAC_In_Marshalu(const HMAC_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetRandom_In_Marshalu(const GetRandom_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_StirRandom_In_Marshalu(const StirRandom_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HMAC_Start_In_Marshalu(const HMAC_Start_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HashSequenceStart_In_Marshalu(const HashSequenceStart_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SequenceUpdate_In_Marshalu(const SequenceUpdate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SequenceComplete_In_Marshalu(const SequenceComplete_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EventSequenceComplete_In_Marshalu(const EventSequenceComplete_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Certify_In_Marshalu(const Certify_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CertifyCreation_In_Marshalu(const CertifyCreation_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CertifyX509_In_Marshalu(const CertifyX509_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Quote_In_Marshalu(const Quote_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetSessionAuditDigest_In_Marshalu(const GetSessionAuditDigest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetCommandAuditDigest_In_Marshalu(const GetCommandAuditDigest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetTime_In_Marshalu(const GetTime_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Commit_In_Marshalu(const Commit_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EC_Ephemeral_In_Marshalu(const EC_Ephemeral_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_VerifySignature_In_Marshalu(const VerifySignature_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Sign_In_Marshalu(const Sign_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SetCommandCodeAuditStatus_In_Marshalu(const SetCommandCodeAuditStatus_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Extend_In_Marshalu(const PCR_Extend_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Event_In_Marshalu(const PCR_Event_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Read_In_Marshalu(const PCR_Read_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Allocate_In_Marshalu(const PCR_Allocate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_SetAuthPolicy_In_Marshalu(const PCR_SetAuthPolicy_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_SetAuthValue_In_Marshalu(const PCR_SetAuthValue_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Reset_In_Marshalu(const PCR_Reset_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicySigned_In_Marshalu(const PolicySigned_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicySecret_In_Marshalu(const PolicySecret_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyTicket_In_Marshalu(const PolicyTicket_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyOR_In_Marshalu(const PolicyOR_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyPCR_In_Marshalu(const PolicyPCR_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyLocality_In_Marshalu(const PolicyLocality_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyNV_In_Marshalu(const PolicyNV_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyAuthorizeNV_In_Marshalu(const PolicyAuthorizeNV_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyCounterTimer_In_Marshalu(const PolicyCounterTimer_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyCommandCode_In_Marshalu(const PolicyCommandCode_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyPhysicalPresence_In_Marshalu(const PolicyPhysicalPresence_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyCpHash_In_Marshalu(const PolicyCpHash_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyNameHash_In_Marshalu(const PolicyNameHash_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyDuplicationSelect_In_Marshalu(const PolicyDuplicationSelect_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyAuthorize_In_Marshalu(const PolicyAuthorize_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyAuthValue_In_Marshalu(const PolicyAuthValue_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyPassword_In_Marshalu(const PolicyPassword_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyGetDigest_In_Marshalu(const PolicyGetDigest_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyNvWritten_In_Marshalu(const PolicyNvWritten_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyTemplate_In_Marshalu(const PolicyTemplate_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreatePrimary_In_Marshalu(const CreatePrimary_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HierarchyControl_In_Marshalu(const HierarchyControl_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SetPrimaryPolicy_In_Marshalu(const SetPrimaryPolicy_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ChangePPS_In_Marshalu(const ChangePPS_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ChangeEPS_In_Marshalu(const ChangeEPS_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Clear_In_Marshalu(const Clear_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ClearControl_In_Marshalu(const ClearControl_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HierarchyChangeAuth_In_Marshalu(const HierarchyChangeAuth_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_DictionaryAttackLockReset_In_Marshalu(const DictionaryAttackLockReset_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_DictionaryAttackParameters_In_Marshalu(const DictionaryAttackParameters_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PP_Commands_In_Marshalu(const PP_Commands_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SetAlgorithmSet_In_Marshalu(const SetAlgorithmSet_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ContextSave_In_Marshalu(const ContextSave_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ContextLoad_In_Marshalu(const ContextLoad_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_FlushContext_In_Marshalu(const FlushContext_In *source, UINT16 *written, BYTE **buffer, uint32_t *size) ;
+    TPM_RC
+    TSS_EvictControl_In_Marshalu(const EvictControl_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ClockSet_In_Marshalu(const ClockSet_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ClockRateAdjust_In_Marshalu(const ClockRateAdjust_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetCapability_In_Marshalu(const GetCapability_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TestParms_In_Marshalu(const TestParms_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_DefineSpace_In_Marshalu(const NV_DefineSpace_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_UndefineSpace_In_Marshalu(const NV_UndefineSpace_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_UndefineSpaceSpecial_In_Marshalu(const NV_UndefineSpaceSpecial_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadPublic_In_Marshalu(const NV_ReadPublic_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Write_In_Marshalu(const NV_Write_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Increment_In_Marshalu(const NV_Increment_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Extend_In_Marshalu(const NV_Extend_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_SetBits_In_Marshalu(const NV_SetBits_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_WriteLock_In_Marshalu(const NV_WriteLock_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_GlobalWriteLock_In_Marshalu(const NV_GlobalWriteLock_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Read_In_Marshalu(const NV_Read_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadLock_In_Marshalu(const NV_ReadLock_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ChangeAuth_In_Marshalu(const NV_ChangeAuth_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Certify_In_Marshalu(const NV_Certify_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+
+    /* Deprecated functions */
+    
+    TPM_RC
+    TSS_Startup_In_Marshal(const Startup_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Shutdown_In_Marshal(const Shutdown_In  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SelfTest_In_Marshal(const SelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_IncrementalSelfTest_In_Marshal(const IncrementalSelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_StartAuthSession_In_Marshal(const StartAuthSession_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyRestart_In_Marshal(const PolicyRestart_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Create_In_Marshal(const Create_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Load_In_Marshal(const Load_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_LoadExternal_In_Marshal(const LoadExternal_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ReadPublic_In_Marshal(const ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ActivateCredential_In_Marshal(const ActivateCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_MakeCredential_In_Marshal(const MakeCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Unseal_In_Marshal(const Unseal_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ObjectChangeAuth_In_Marshal(const ObjectChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CreateLoaded_In_Marshal(const CreateLoaded_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Duplicate_In_Marshal(const Duplicate_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Rewrap_In_Marshal(const Rewrap_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Import_In_Marshal(const Import_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_RSA_Encrypt_In_Marshal(const RSA_Encrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_RSA_Decrypt_In_Marshal(const RSA_Decrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ECDH_KeyGen_In_Marshal(const ECDH_KeyGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ECDH_ZGen_In_Marshal(const ECDH_ZGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ECC_Parameters_In_Marshal(const ECC_Parameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ZGen_2Phase_In_Marshal(const ZGen_2Phase_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EncryptDecrypt_In_Marshal(const EncryptDecrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EncryptDecrypt2_In_Marshal(const EncryptDecrypt2_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Hash_In_Marshal(const Hash_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HMAC_In_Marshal(const HMAC_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetRandom_In_Marshal(const GetRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_StirRandom_In_Marshal(const StirRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HMAC_Start_In_Marshal(const HMAC_Start_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HashSequenceStart_In_Marshal(const HashSequenceStart_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SequenceUpdate_In_Marshal(const SequenceUpdate_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SequenceComplete_In_Marshal(const SequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EventSequenceComplete_In_Marshal(const EventSequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Certify_In_Marshal(const Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CertifyCreation_In_Marshal(const CertifyCreation_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CertifyX509_In_Marshal(const CertifyX509_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Quote_In_Marshal(const Quote_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetSessionAuditDigest_In_Marshal(const GetSessionAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetCommandAuditDigest_In_Marshal(const GetCommandAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetTime_In_Marshal(const GetTime_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Commit_In_Marshal(const Commit_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EC_Ephemeral_In_Marshal(const EC_Ephemeral_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_VerifySignature_In_Marshal(const VerifySignature_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Sign_In_Marshal(const Sign_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SetCommandCodeAuditStatus_In_Marshal(const SetCommandCodeAuditStatus_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Extend_In_Marshal(const PCR_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Event_In_Marshal(const PCR_Event_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Read_In_Marshal(const PCR_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Allocate_In_Marshal(const PCR_Allocate_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_SetAuthPolicy_In_Marshal(const PCR_SetAuthPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_SetAuthValue_In_Marshal(const PCR_SetAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Reset_In_Marshal(const PCR_Reset_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicySigned_In_Marshal(const PolicySigned_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicySecret_In_Marshal(const PolicySecret_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyTicket_In_Marshal(const PolicyTicket_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyOR_In_Marshal(const PolicyOR_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyPCR_In_Marshal(const PolicyPCR_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyLocality_In_Marshal(const PolicyLocality_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyNV_In_Marshal(const PolicyNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyAuthorizeNV_In_Marshal(const PolicyAuthorizeNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyCounterTimer_In_Marshal(const PolicyCounterTimer_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyCommandCode_In_Marshal(const PolicyCommandCode_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyPhysicalPresence_In_Marshal(const PolicyPhysicalPresence_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyCpHash_In_Marshal(const PolicyCpHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyNameHash_In_Marshal(const PolicyNameHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyDuplicationSelect_In_Marshal(const PolicyDuplicationSelect_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyAuthorize_In_Marshal(const PolicyAuthorize_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyAuthValue_In_Marshal(const PolicyAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyPassword_In_Marshal(const PolicyPassword_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyGetDigest_In_Marshal(const PolicyGetDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyNvWritten_In_Marshal(const PolicyNvWritten_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyTemplate_In_Marshal(const PolicyTemplate_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CreatePrimary_In_Marshal(const CreatePrimary_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HierarchyControl_In_Marshal(const HierarchyControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SetPrimaryPolicy_In_Marshal(const SetPrimaryPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ChangePPS_In_Marshal(const ChangePPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ChangeEPS_In_Marshal(const ChangeEPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Clear_In_Marshal(const Clear_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ClearControl_In_Marshal(const ClearControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HierarchyChangeAuth_In_Marshal(const HierarchyChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_DictionaryAttackLockReset_In_Marshal(const DictionaryAttackLockReset_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_DictionaryAttackParameters_In_Marshal(const DictionaryAttackParameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PP_Commands_In_Marshal(const PP_Commands_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SetAlgorithmSet_In_Marshal(const SetAlgorithmSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ContextSave_In_Marshal(const ContextSave_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ContextLoad_In_Marshal(const ContextLoad_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_FlushContext_In_Marshal(const FlushContext_In *source, UINT16 *written, BYTE **buffer, INT32 *size) ;
+    TPM_RC
+    TSS_EvictControl_In_Marshal(const EvictControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ClockSet_In_Marshal(const ClockSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ClockRateAdjust_In_Marshal(const ClockRateAdjust_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetCapability_In_Marshal(const GetCapability_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_TestParms_In_Marshal(const TestParms_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_DefineSpace_In_Marshal(const NV_DefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_UndefineSpace_In_Marshal(const NV_UndefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_UndefineSpaceSpecial_In_Marshal(const NV_UndefineSpaceSpecial_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_ReadPublic_In_Marshal(const NV_ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Write_In_Marshal(const NV_Write_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Increment_In_Marshal(const NV_Increment_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Extend_In_Marshal(const NV_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_SetBits_In_Marshal(const NV_SetBits_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_WriteLock_In_Marshal(const NV_WriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_GlobalWriteLock_In_Marshal(const NV_GlobalWriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Read_In_Marshal(const NV_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_ReadLock_In_Marshal(const NV_ReadLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_ChangeAuth_In_Marshal(const NV_ChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Certify_In_Marshal(const NV_Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size);
+
+    /* Recommended functions */
+    
+    TPM_RC
+    TSS_IncrementalSelfTest_Out_Unmarshalu(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetTestResult_Out_Unmarshalu(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_StartAuthSession_Out_Unmarshalu(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Create_Out_Unmarshalu(Create_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Load_Out_Unmarshalu(Load_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_LoadExternal_Out_Unmarshalu(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ReadPublic_Out_Unmarshalu(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ActivateCredential_Out_Unmarshalu(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_MakeCredential_Out_Unmarshalu(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Unseal_Out_Unmarshalu(Unseal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ObjectChangeAuth_Out_Unmarshalu(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreateLoaded_Out_Unmarshalu(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Duplicate_Out_Unmarshalu(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Rewrap_Out_Unmarshalu(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Import_Out_Unmarshalu(Import_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_RSA_Encrypt_Out_Unmarshalu(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_RSA_Decrypt_Out_Unmarshalu(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ECDH_KeyGen_Out_Unmarshalu(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ECDH_ZGen_Out_Unmarshalu(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ECC_Parameters_Out_Unmarshalu(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ZGen_2Phase_Out_Unmarshalu(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EncryptDecrypt_Out_Unmarshalu(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EncryptDecrypt2_Out_Unmarshalu(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Hash_Out_Unmarshalu(Hash_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HMAC_Out_Unmarshalu(HMAC_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetRandom_Out_Unmarshalu(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HMAC_Start_Out_Unmarshalu(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_HashSequenceStart_Out_Unmarshalu(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_SequenceComplete_Out_Unmarshalu(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EventSequenceComplete_Out_Unmarshalu(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Certify_Out_Unmarshalu(Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CertifyCreation_Out_Unmarshalu(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CertifyX509_Out_Unmarshalu(CertifyX509_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Quote_Out_Unmarshalu(Quote_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetSessionAuditDigest_Out_Unmarshalu(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetCommandAuditDigest_Out_Unmarshalu(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetTime_Out_Unmarshalu(GetTime_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Commit_Out_Unmarshalu(Commit_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_EC_Ephemeral_Out_Unmarshalu(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_VerifySignature_Out_Unmarshalu(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Sign_Out_Unmarshalu(Sign_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Event_Out_Unmarshalu(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Read_Out_Unmarshalu(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Allocate_Out_Unmarshalu(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicySigned_Out_Unmarshalu(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicySecret_Out_Unmarshalu(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PolicyGetDigest_Out_Unmarshalu(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreatePrimary_Out_Unmarshalu(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ContextSave_Out_Unmarshalu(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ContextLoad_Out_Unmarshalu(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ReadClock_Out_Unmarshalu(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetCapability_Out_Unmarshalu(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadPublic_Out_Unmarshalu(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Read_Out_Unmarshalu(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_Certify_Out_Unmarshalu(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+
+    /* Deprecated functions */
+    
+    TPM_RC
+    TSS_IncrementalSelfTest_Out_Unmarshal(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetTestResult_Out_Unmarshal(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_StartAuthSession_Out_Unmarshal(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Create_Out_Unmarshal(Create_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Load_Out_Unmarshal(Load_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_LoadExternal_Out_Unmarshal(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ReadPublic_Out_Unmarshal(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ActivateCredential_Out_Unmarshal(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_MakeCredential_Out_Unmarshal(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Unseal_Out_Unmarshal(Unseal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ObjectChangeAuth_Out_Unmarshal(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CreateLoaded_Out_Unmarshal(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Duplicate_Out_Unmarshal(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Rewrap_Out_Unmarshal(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Import_Out_Unmarshal(Import_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_RSA_Encrypt_Out_Unmarshal(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_RSA_Decrypt_Out_Unmarshal(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ECDH_KeyGen_Out_Unmarshal(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ECDH_ZGen_Out_Unmarshal(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ECC_Parameters_Out_Unmarshal(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ZGen_2Phase_Out_Unmarshal(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EncryptDecrypt_Out_Unmarshal(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EncryptDecrypt2_Out_Unmarshal(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Hash_Out_Unmarshal(Hash_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HMAC_Out_Unmarshal(HMAC_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetRandom_Out_Unmarshal(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HMAC_Start_Out_Unmarshal(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_HashSequenceStart_Out_Unmarshal(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_SequenceComplete_Out_Unmarshal(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EventSequenceComplete_Out_Unmarshal(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Certify_Out_Unmarshal(Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CertifyCreation_Out_Unmarshal(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Quote_Out_Unmarshal(Quote_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetSessionAuditDigest_Out_Unmarshal(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetCommandAuditDigest_Out_Unmarshal(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetTime_Out_Unmarshal(GetTime_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Commit_Out_Unmarshal(Commit_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_EC_Ephemeral_Out_Unmarshal(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_VerifySignature_Out_Unmarshal(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_Sign_Out_Unmarshal(Sign_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Event_Out_Unmarshal(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Read_Out_Unmarshal(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PCR_Allocate_Out_Unmarshal(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicySigned_Out_Unmarshal(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicySecret_Out_Unmarshal(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_PolicyGetDigest_Out_Unmarshal(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_CreatePrimary_Out_Unmarshal(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ContextSave_Out_Unmarshal(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ContextLoad_Out_Unmarshal(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_ReadClock_Out_Unmarshal(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_GetCapability_Out_Unmarshal(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_ReadPublic_Out_Unmarshal(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Read_Out_Unmarshal(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+    TPM_RC
+    TSS_NV_Certify_Out_Unmarshal(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+
+    /* Recommended functions */
+    
+    LIB_EXPORT TPM_RC
+    TSS_UINT8_Marshalu(const UINT8 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_INT8_Marshalu(const INT8 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT16_Marshalu(const UINT16 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT32_Marshalu(const uint32_t *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_INT32_Marshalu(const INT32 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT64_Marshalu(const UINT64 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_Array_Marshalu(const BYTE *source, UINT16 sourceSize, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_Marshalu(const TPM2B *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_KEY_BITS_Marshalu(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_GENERATED_Marshalu(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ALG_ID_Marshalu(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ECC_CURVE_Marshalu(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_RC_Marshalu(const TPM_RC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CLOCK_ADJUST_Marshalu(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_EO_Marshalu(const TPM_EO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ST_Marshalu(const TPM_ST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_SU_Marshalu(const TPM_ST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_SE_Marshalu(const TPM_SE  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CAP_Marshalu(const TPM_CAP *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_PT_Marshalu(const TPM_PT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_PT_PCR_Marshalu(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_HANDLE_Marshalu(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_ALGORITHM_Marshalu(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_OBJECT_Marshalu(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_SESSION_Marshalu(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_LOCALITY_Marshalu(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CC_Marshalu(const TPM_CC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_CC_Marshalu(const TPMA_CC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_YES_NO_Marshalu(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_OBJECT_Marshalu(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PERSISTENT_Marshalu(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_ENTITY_Marshalu(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PCR_Marshalu(const TPMI_DH_PCR  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_AUTH_SESSION_Marshalu(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_HMAC_Marshalu(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_POLICY_Marshalu(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_CONTEXT_Marshalu(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_SAVED_Marshalu(const TPMI_DH_SAVED *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_Marshalu(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_ENABLES_Marshalu(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_POLICY_Marshalu(const TPMI_RH_HIERARCHY_POLICY *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_PLATFORM_Marshalu(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_ENDORSEMENT_Marshalu(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_PROVISION_Marshalu(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_CLEAR_Marshalu(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_NV_AUTH_Marshalu(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_LOCKOUT_Marshalu(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_NV_INDEX_Marshalu(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_HASH_Marshalu(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_Marshalu(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_OBJECT_Marshalu(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_MODE_Marshalu(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_KDF_Marshalu(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SIG_SCHEME_Marshalu(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ST_COMMAND_TAG_Marshalu(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_MAC_SCHEME_Marshalu(const TPMI_ALG_MAC_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_CIPHER_MODE_Marshalu(const TPMI_ALG_CIPHER_MODE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_HA_Marshalu(const TPMU_HA *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_HA_Marshalu(const TPMT_HA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_DIGEST_Marshalu(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_DATA_Marshalu(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NONCE_Marshalu(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_AUTH_Marshalu(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_OPERAND_Marshalu(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_EVENT_Marshalu(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_MAX_BUFFER_Marshalu(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_MAX_NV_BUFFER_Marshalu(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_TIMEOUT_Marshalu(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_IV_Marshalu(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NAME_Marshalu(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_PCR_SELECTION_Marshalu(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_CREATION_Marshalu(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_VERIFIED_Marshalu(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_AUTH_Marshalu(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_HASHCHECK_Marshalu(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ALG_PROPERTY_Marshalu(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_PROPERTY_Marshalu(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_CC_Marshalu(const TPML_CC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_CCA_Marshalu(const TPML_CCA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ALG_Marshalu(const TPML_ALG *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_HANDLE_Marshalu(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_DIGEST_Marshalu(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_DIGEST_VALUES_Marshalu(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_PCR_SELECTION_Marshalu(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ALG_PROPERTY_Marshalu(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ECC_CURVE_Marshalu(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_CAPABILITIES_Marshalu(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CAPABILITY_DATA_Marshalu(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CLOCK_INFO_Marshalu(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TIME_INFO_Marshalu(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TIME_ATTEST_INFO_Marshalu(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CERTIFY_INFO_Marshalu(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_QUOTE_INFO_Marshalu(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CREATION_INFO_Marshalu(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_CERTIFY_INFO_Marshalu(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ST_ATTEST_Marshalu(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_ATTEST_Marshalu(const TPMU_ATTEST  *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ATTEST_Marshalu(const TPMS_ATTEST  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ATTEST_Marshalu(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_AUTH_COMMAND_Marshalu(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_AES_KEY_BITS_Marshalu(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SYM_KEY_BITS_Marshalu(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SYM_MODE_Marshalu(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SYM_DEF_Marshalu(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SYM_DEF_OBJECT_Marshalu(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SYM_KEY_Marshalu(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_LABEL_Marshalu(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_DERIVE_Marshalu(const TPMS_DERIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SYMCIPHER_PARMS_Marshalu(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_DATA_Marshalu(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SENSITIVE_CREATE_Marshalu(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_CREATE_Marshalu(const TPM2B_SENSITIVE_CREATE  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_HASH_Marshalu(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_ECDAA_Marshalu(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_HMAC_Marshalu(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_XOR_Marshalu(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_SM2_Marshalu(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SIG_SCHEME_Marshalu(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SIG_SCHEME_Marshalu(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, uint32_t *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, uint32_t *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_MGF1_Marshalu(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF2_Marshalu(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_KDF_SCHEME_Marshalu(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_KDF_SCHEME_Marshalu(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_ASYM_SCHEME_Marshalu(const TPMU_ASYM_SCHEME  *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_RSA_SCHEME_Marshalu(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_RSA_SCHEME_Marshalu(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_RSA_DECRYPT_Marshalu(const TPMT_RSA_DECRYPT  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RSA_KEY_BITS_Marshalu(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ECC_PARAMETER_Marshalu(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ECC_POINT_Marshalu(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ECC_POINT_Marshalu(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_ECC_SCHEME_Marshalu(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ECC_CURVE_Marshalu(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_ECC_SCHEME_Marshalu(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshalu(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSA_Marshalu(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSASSA_Marshalu(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECC_Marshalu(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECDSA_Marshalu(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECDAA_Marshalu(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_SM2_Marshalu(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECSCHNORR_Marshalu(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SIGNATURE_Marshalu(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SIGNATURE_Marshalu(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_PUBLIC_Marshalu(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_PUBLIC_ID_Marshalu(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEYEDHASH_PARMS_Marshalu(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_RSA_PARMS_Marshalu(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ECC_PARMS_Marshalu(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_PUBLIC_PARMS_Marshalu(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_PARMS_Marshalu(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_Marshalu(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_D_Marshalu(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PUBLIC_Marshalu(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_TEMPLATE_Marshalu(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SENSITIVE_Marshalu(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_Marshalu(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PRIVATE_Marshalu(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ID_OBJECT_Marshalu(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_NV_Marshalu(const TPMA_NV *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_PUBLIC_Marshalu(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NV_PUBLIC_Marshalu(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CONTEXT_SENSITIVE_Marshalu(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CONTEXT_DATA_Marshalu(const TPM2B_CONTEXT_DATA  *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CONTEXT_Marshalu(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CREATION_DATA_Marshalu(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CREATION_DATA_Marshalu(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+
+    /* Deprecated functions */
+    
+    LIB_EXPORT TPM_RC
+    TSS_UINT8_Marshal(const UINT8 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_INT8_Marshal(const INT8 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT16_Marshal(const UINT16 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT32_Marshal(const UINT32 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_INT32_Marshal(const INT32 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_UINT64_Marshal(const UINT64 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_Array_Marshal(const BYTE *source, UINT16 sourceSize, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_Marshal(const TPM2B *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_KEY_BITS_Marshal(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_GENERATED_Marshal(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ALG_ID_Marshal(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ECC_CURVE_Marshal(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_RC_Marshal(const TPM_RC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CLOCK_ADJUST_Marshal(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_EO_Marshal(const TPM_EO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_ST_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_SU_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_SE_Marshal(const TPM_SE  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CAP_Marshal(const TPM_CAP *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_PT_Marshal(const TPM_PT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_PT_PCR_Marshal(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_HANDLE_Marshal(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_ALGORITHM_Marshal(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_OBJECT_Marshal(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_SESSION_Marshal(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_LOCALITY_Marshal(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM_CC_Marshal(const TPM_CC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_CC_Marshal(const TPMA_CC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_YES_NO_Marshal(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_OBJECT_Marshal(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PERSISTENT_Marshal(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_ENTITY_Marshal(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_PCR_Marshal(const TPMI_DH_PCR  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_AUTH_SESSION_Marshal(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_HMAC_Marshal(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_SH_POLICY_Marshal(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_DH_CONTEXT_Marshal(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_Marshal(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_ENABLES_Marshal(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_PLATFORM_Marshal(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_ENDORSEMENT_Marshal(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_PROVISION_Marshal(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_CLEAR_Marshal(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_NV_AUTH_Marshal(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_LOCKOUT_Marshal(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RH_NV_INDEX_Marshal(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_HASH_Marshal(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_Marshal(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_OBJECT_Marshal(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SYM_MODE_Marshal(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_KDF_Marshal(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_SIG_SCHEME_Marshal(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ST_COMMAND_TAG_Marshal(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_MAC_SCHEME_Marshal(const TPMI_ALG_MAC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_CIPHER_MODE_Marshal(const TPMI_ALG_CIPHER_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_HA_Marshal(const TPMU_HA *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_HA_Marshal(const TPMT_HA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_DIGEST_Marshal(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_DATA_Marshal(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NONCE_Marshal(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_AUTH_Marshal(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_OPERAND_Marshal(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_EVENT_Marshal(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_MAX_BUFFER_Marshal(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_MAX_NV_BUFFER_Marshal(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_TIMEOUT_Marshal(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_IV_Marshal(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NAME_Marshal(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_PCR_SELECTION_Marshal(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_CREATION_Marshal(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_VERIFIED_Marshal(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_AUTH_Marshal(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_TK_HASHCHECK_Marshal(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ALG_PROPERTY_Marshal(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_PROPERTY_Marshal(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TAGGED_PCR_SELECT_Marshal(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_CC_Marshal(const TPML_CC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_CCA_Marshal(const TPML_CCA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ALG_Marshal(const TPML_ALG *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_HANDLE_Marshal(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_DIGEST_Marshal(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_DIGEST_VALUES_Marshal(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_PCR_SELECTION_Marshal(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ALG_PROPERTY_Marshal(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPML_ECC_CURVE_Marshal(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_CAPABILITIES_Marshal(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CAPABILITY_DATA_Marshal(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CLOCK_INFO_Marshal(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TIME_INFO_Marshal(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_TIME_ATTEST_INFO_Marshal(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CERTIFY_INFO_Marshal(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_QUOTE_INFO_Marshal(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SESSION_AUDIT_INFO_Marshal(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CREATION_INFO_Marshal(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_CERTIFY_INFO_Marshal(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ST_ATTEST_Marshal(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_ATTEST_Marshal(const TPMU_ATTEST  *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ATTEST_Marshal(const TPMS_ATTEST  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ATTEST_Marshal(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_AUTH_COMMAND_Marshal(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_AES_KEY_BITS_Marshal(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SYM_KEY_BITS_Marshal(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SYM_MODE_Marshal(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SYM_DEF_Marshal(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SYM_DEF_OBJECT_Marshal(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SYM_KEY_Marshal(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_LABEL_Marshal(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_DERIVE_Marshal(const TPMS_DERIVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SYMCIPHER_PARMS_Marshal(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_DATA_Marshal(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SENSITIVE_CREATE_Marshal(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_CREATE_Marshal(const TPM2B_SENSITIVE_CREATE  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_HASH_Marshal(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_ECDAA_Marshal(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_HMAC_Marshal(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_XOR_Marshal(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SCHEME_KEYEDHASH_Marshal(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_KEYEDHASH_SCHEME_Marshal(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_SM2_Marshal(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SIG_SCHEME_Marshal(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SIG_SCHEME_Marshal(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ENC_SCHEME_OAEP_Marshal(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, INT32 *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ENC_SCHEME_RSAES_Marshal(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, INT32 *size)
+#ifdef __ULTRAVISOR__
+	__attribute__ ((const))
+#endif
+	;
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEY_SCHEME_ECDH_Marshal(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_MGF1_Marshal(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF2_Marshal(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_KDF_SCHEME_Marshal(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_KDF_SCHEME_Marshal(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_ASYM_SCHEME_Marshal(const TPMU_ASYM_SCHEME  *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_RSA_SCHEME_Marshal(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_RSA_SCHEME_Marshal(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_RSA_DECRYPT_Marshal(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_RSA_DECRYPT_Marshal(const TPMT_RSA_DECRYPT  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_RSA_KEY_BITS_Marshal(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ECC_PARAMETER_Marshal(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ECC_POINT_Marshal(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ECC_POINT_Marshal(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_ECC_SCHEME_Marshal(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ECC_CURVE_Marshal(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_ECC_SCHEME_Marshal(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSA_Marshal(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSASSA_Marshal(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_RSAPSS_Marshal(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECC_Marshal(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECDSA_Marshal(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECDAA_Marshal(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_SM2_Marshal(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_SIGNATURE_ECSCHNORR_Marshal(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SIGNATURE_Marshal(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SIGNATURE_Marshal(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ENCRYPTED_SECRET_Marshal(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMI_ALG_PUBLIC_Marshal(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_PUBLIC_ID_Marshal(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_KEYEDHASH_PARMS_Marshal(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_RSA_PARMS_Marshal(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_ECC_PARMS_Marshal(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_PUBLIC_PARMS_Marshal(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_PARMS_Marshal(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_PUBLIC_D_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PUBLIC_Marshal(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_TEMPLATE_Marshal(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector);
+    LIB_EXPORT TPM_RC
+    TSS_TPMT_SENSITIVE_Marshal(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_SENSITIVE_Marshal(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_PRIVATE_Marshal(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_ID_OBJECT_Marshal(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMA_NV_Marshal(const TPMA_NV *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_NV_PUBLIC_Marshal(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_NV_PUBLIC_Marshal(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CONTEXT_SENSITIVE_Marshal(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CONTEXT_DATA_Marshal(const TPM2B_CONTEXT_DATA  *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CONTEXT_Marshal(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPMS_CREATION_DATA_Marshal(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+    LIB_EXPORT TPM_RC
+    TSS_TPM2B_CREATION_DATA_Marshal(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tssmarshal12.h b/utils/ibmtss/tssmarshal12.h
new file mode 100644
index 000000000..b2f21d47e
--- /dev/null
+++ b/utils/ibmtss/tssmarshal12.h
@@ -0,0 +1,192 @@
+/********************************************************************************/
+/*										*/
+/*			 TSS Marshal and Unmarshal    				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssmarshal12.h 1286 2018-07-27 19:20:16Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API should be stable, but is less guaranteed.
+
+   It is useful for applications that have to marshal / unmarshal
+   structures for file save / load.
+*/
+
+#ifndef TSSMARSHAL12_H
+#define TSSMARSHAL12_H
+
+#include "BaseTypes.h"
+#include <ibmtss/TPM_Types.h>
+
+#include <ibmtss/Parameters12.h>
+#include <ibmtss/tpmstructures12.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC
+    TSS_ActivateIdentity_In_Marshalu(const ActivateIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreateEndorsementKeyPair_In_Marshalu(const CreateEndorsementKeyPair_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreateWrapKey_In_Marshalu(const CreateWrapKey_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Extend_In_Marshalu(const Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_FlushSpecific_In_Marshalu(const FlushSpecific_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetCapability12_In_Marshalu(const GetCapability12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_LoadKey2_In_Marshalu(const LoadKey2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_MakeIdentity_In_Marshalu(const MakeIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_DefineSpace12_In_Marshalu(const NV_DefineSpace12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadValueAuth_In_Marshalu(const NV_ReadValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadValue_In_Marshalu(const NV_ReadValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_WriteValue_In_Marshalu(const NV_WriteValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_WriteValueAuth_In_Marshalu(const NV_WriteValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_OwnerReadInternalPub_In_Marshalu(const OwnerReadInternalPub_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_OwnerSetDisable_In_Marshalu(const OwnerSetDisable_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_OSAP_In_Marshalu(const OSAP_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PcrRead12_In_Marshalu(const PcrRead12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PCR_Reset12_In_Marshalu(const PCR_Reset12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Quote2_In_Marshalu(const Quote2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ReadPubek_In_Marshalu(const ReadPubek_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Sign12_In_Marshalu(const Sign12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Startup12_In_Marshalu(const Startup12_In *source, UINT16 *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TakeOwnership_In_Marshalu(const TakeOwnership_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+
+    TPM_RC
+    TSS_ActivateIdentity_Out_Unmarshalu(ActivateIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreateEndorsementKeyPair_Out_Unmarshalu(CreateEndorsementKeyPair_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_CreateWrapKey_Out_Unmarshalu(CreateWrapKey_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Extend_Out_Unmarshalu(Extend_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_GetCapability12_Out_Unmarshalu(GetCapability12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_LoadKey2_Out_Unmarshalu(LoadKey2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_MakeIdentity_Out_Unmarshalu(MakeIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadValueAuth_Out_Unmarshalu(NV_ReadValueAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NV_ReadValue_Out_Unmarshalu(NV_ReadValue_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_OIAP_Out_Unmarshalu(OIAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_OSAP_Out_Unmarshalu(OSAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_OwnerReadInternalPub_Out_Unmarshalu(OwnerReadInternalPub_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_PcrRead12_Out_Unmarshalu(PcrRead12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Quote2_Out_Unmarshalu(Quote2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_ReadPubek_Out_Unmarshalu(ReadPubek_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_Sign12_Out_Unmarshalu(Sign12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TakeOwnership_Out_Unmarshalu(TakeOwnership_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+
+    TPM_RC
+    TSS_TPM_STARTUP_TYPE_Marshalu(const TPM_STARTUP_TYPE *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+
+    TPM_RC
+    TSS_TPM_VERSION_Marshalu(const TPM_VERSION*source, uint16_t *written, BYTE **buffer, uint32_t *size);
+
+    TPM_RC
+    TSS_TPM_PCR_SELECTION_Marshalu(const TPM_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PCR_INFO_SHORT_Marshalu(const TPM_PCR_INFO_SHORT *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM4B_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+
+    TPM_RC
+    TSS_TPM_SYMMETRIC_KEY_Marshalu(const TPM_SYMMETRIC_KEY *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+
+    TPM_RC
+    TSS_TPM_RSA_KEY_PARMS_Marshalu(const TPM_RSA_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    TPM_RC
+    TSS_TPM4B_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector);
+    TPM_RC
+    TSS_TPM_KEY_PARMS_Marshalu(const TPM_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_STORE_PUBKEY_Marshalu(const TPM_STORE_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_KEY12_PUBKEY_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_PUBKEY_Marshalu(const TPM_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_KEY12_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_QUOTE_INFO2_Marshalu(const TPM_QUOTE_INFO2 *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_EK_BLOB_Marshalu(const TPM_EK_BLOB *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_EK_BLOB_ACTIVATE_Marshalu(const TPM_EK_BLOB_ACTIVATE *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_NV_ATTRIBUTES_Marshalu(const TPM_NV_ATTRIBUTES *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_NV_DATA_PUBLIC_Marshalu(const TPM_NV_DATA_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_TPM_CAP_VERSION_INFO_Marshalu(const TPM_CAP_VERSION_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tssprint.h b/utils/ibmtss/tssprint.h
new file mode 100644
index 000000000..5ea514c5e
--- /dev/null
+++ b/utils/ibmtss/tssprint.h
@@ -0,0 +1,288 @@
+/********************************************************************************/
+/*										*/
+/*			     Structure Print Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API is not guaranteed to be stable, and the format of the
+   output is subject to change
+
+   It is useful for application debug.
+*/
+
+#ifndef TSSPRINT_H
+#define TSSPRINT_H
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include <ibmtss/TPM_Types.h>
+
+#define LOGLEVEL_INFO 6		/* LOGLEVEL_INFO prints a concise output */
+#define LOGLEVEL_DEBUG 7	/* LOGLEVEL_DEBUG prints a verbose output */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    #ifdef TPM_TSS_NO_PRINT
+
+    /* return code to eliminate "statement has no effect" compiler warning */
+    extern int tssSwallowRc;
+    /* function prototype to match the printf prototype */
+    int TSS_SwallowPrintf(const char *format, ...);
+    /* macro to compile out printf */
+#define printf tssSwallowRc = 0 && TSS_SwallowPrintf
+
+    #endif
+    
+    LIB_EXPORT 
+    uint32_t TSS_Array_Scan(unsigned char **data, size_t *len, const char *string);
+    LIB_EXPORT 
+    void TSS_PrintAll(const char *string, const unsigned char* buff, uint32_t length);
+    LIB_EXPORT 
+    void TSS_PrintAlli(const char *string, unsigned int indent,
+		       const unsigned char* buff, uint32_t length);
+    LIB_EXPORT
+    void TSS_PrintAllLogLevel(uint32_t log_level, const char *string, unsigned int indent,
+			      const unsigned char* buff, uint32_t length);
+    LIB_EXPORT
+    void TSS_TPM2B_Print(const char *string, unsigned int indent, TPM2B *source);
+    LIB_EXPORT
+    void TSS_TPM_ALG_ID_Print(const char *string, TPM_ALG_ID source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_ECC_CURVE_Print(const char *string, TPM_ECC_CURVE source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_TAGGED_POLICY_Print(TPMS_TAGGED_POLICY *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_CC_Print(const char *string, TPM_CC source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_CLOCK_ADJUST_Print(const char *string, TPM_CLOCK_ADJUST source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_EO_Print(const char *string, TPM_EO source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_ST_Print(const char *string, TPM_ST source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_SU_Print(const char *string, TPM_SU source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_SE_Print(const char *string, TPM_SE source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_CAP_Print(const char *string, TPM_CAP source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_HANDLE_Print(const char *string, TPM_HANDLE source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_OBJECT_Print(const char *string, TPMA_OBJECT source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_LOCALITY_Print(TPMA_LOCALITY source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_SESSION_Print(TPMA_SESSION source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_PERMANENT_Print(TPMA_PERMANENT source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_STARTUP_CLEAR_Print(TPMA_STARTUP_CLEAR source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_MEMORY_Print(TPMA_MEMORY source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_MODES_Print(TPMA_MODES source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMI_YES_NO_Print(const char *string, TPMI_YES_NO source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_HA_Print(TPMU_HA *source, uint32_t selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_HA_Print(TPMT_HA *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_PCR_SELECT_Print(TPMS_PCR_SELECT *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_PCR_SELECTION_Print(TPMS_PCR_SELECTION *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPML_PCR_SELECTION_Print(TPML_PCR_SELECTION *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_TK_CREATION_Print(TPMT_TK_CREATION *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_TK_VERIFIED_Print(TPMT_TK_VERIFIED *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_TK_AUTH_Print(TPMT_TK_AUTH *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_TK_HASHCHECK_Print(TPMT_TK_HASHCHECK *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPML_CC_Print(TPML_CC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPML_ALG_Print(TPML_ALG *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPML_DIGEST_Print(TPML_DIGEST *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPML_DIGEST_VALUES_Print(TPML_DIGEST_VALUES *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_CLOCK_INFO_Print(TPMS_CLOCK_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_TIME_INFO_Print(TPMS_TIME_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_TIME_ATTEST_INFO_Print(TPMS_TIME_ATTEST_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_CERTIFY_INFO_Print(TPMS_CERTIFY_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_QUOTE_INFO_Print(TPMS_QUOTE_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_COMMAND_AUDIT_INFO_Print(TPMS_COMMAND_AUDIT_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SESSION_AUDIT_INFO_Print(TPMS_SESSION_AUDIT_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_CREATION_INFO_Print(TPMS_CREATION_INFO *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_NV_CERTIFY_INFO_Print(TPMS_NV_CERTIFY_INFO  *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Print(TPMS_NV_DIGEST_CERTIFY_INFO  *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMI_ST_ATTEST_Print(const char *string, TPMI_ST_ATTEST selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_ATTEST_Print(TPMU_ATTEST *source, TPMI_ST_ATTEST selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_ATTEST_Print(TPMS_ATTEST *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_ATTEST_Print(TPM2B_ATTEST *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_AUTH_COMMAND_Print(TPMS_AUTH_COMMAND *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_AUTH_RESPONSE_Print(TPMS_AUTH_RESPONSE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_SYM_KEY_BITS_Print(TPMU_SYM_KEY_BITS *source, TPMI_ALG_SYM selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM_KEY_BITS_Print(TPM_KEY_BITS source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_SYM_DEF_Print(TPMT_SYM_DEF *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_SYM_DEF_OBJECT_Print(TPMT_SYM_DEF_OBJECT *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_DERIVE_Print(TPMS_DERIVE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SENSITIVE_CREATE_Print(TPMS_SENSITIVE_CREATE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_SENSITIVE_CREATE_Print(const char *string, TPM2B_SENSITIVE_CREATE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SCHEME_ECDAA_Print(TPMS_SCHEME_ECDAA *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SCHEME_XOR_Print(TPMS_SCHEME_XOR *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_SCHEME_KEYEDHASH_Print(TPMU_SCHEME_KEYEDHASH *source, TPMI_ALG_KEYEDHASH_SCHEME selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_KEYEDHASH_SCHEME_Print(TPMT_KEYEDHASH_SCHEME  *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_SIG_SCHEME_Print(TPMU_SIG_SCHEME *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_SIG_SCHEME_Print(TPMT_SIG_SCHEME *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_KDF_SCHEME_Print(TPMT_KDF_SCHEME *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_ASYM_SCHEME_Print(TPMU_ASYM_SCHEME *source, TPMI_ALG_ASYM_SCHEME selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_ASYM_SCHEME_Print(TPMT_ASYM_SCHEME *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_RSA_SCHEME_Print(TPMT_RSA_SCHEME *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_RSA_DECRYPT_Print(TPMT_RSA_DECRYPT *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMI_RSA_KEY_BITS_Print(TPMI_RSA_KEY_BITS source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_ECC_POINT_Print(TPMS_ECC_POINT *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_ECC_POINT_Print(const char *string, TPM2B_ECC_POINT *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMI_ECC_CURVE_Print(const char *string, TPMI_ECC_CURVE source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_ECC_SCHEME_Print(TPMT_ECC_SCHEME *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_ALGORITHM_DETAIL_ECC_Print(TPMS_ALGORITHM_DETAIL_ECC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SIGNATURE_RSA_Print(TPMS_SIGNATURE_RSA *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SIGNATURE_RSASSA_Print(TPMS_SIGNATURE_RSASSA *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_SIGNATURE_ECC_Print(TPMS_SIGNATURE_ECC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_SIGNATURE_Print(TPMU_SIGNATURE *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_SIGNATURE_Print(TPMT_SIGNATURE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_PUBLIC_ID_Print(TPMU_PUBLIC_ID *source, TPMI_ALG_PUBLIC selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMI_ALG_PUBLIC_Print(const char *string, TPMI_ALG_PUBLIC source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_ECC_PARMS_Print(TPMS_ECC_PARMS *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_RSA_PARMS_Print(TPMS_RSA_PARMS *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_KEYEDHASH_PARMS_Print(TPMS_KEYEDHASH_PARMS *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_ASYM_PARMS_Print(TPMS_ASYM_PARMS *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_PUBLIC_PARMS_Print(TPMU_PUBLIC_PARMS *source, UINT32 selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_PUBLIC_PARMS_Print(TPMT_PUBLIC_PARMS *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_PUBLIC_Print(TPMT_PUBLIC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_PUBLIC_Print(const char *string, TPM2B_PUBLIC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMU_SENSITIVE_COMPOSITE_Print(TPMU_SENSITIVE_COMPOSITE *source, uint32_t selector, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMT_SENSITIVE_Print(TPMT_SENSITIVE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_SENSITIVE_Print(TPM2B_SENSITIVE *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_NV_PIN_COUNTER_PARAMETERS_Print(TPMS_NV_PIN_COUNTER_PARAMETERS *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMA_NV_Print(TPMA_NV source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_NV_PUBLIC_Print(TPMS_NV_PUBLIC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_NV_PUBLIC_Print(TPM2B_NV_PUBLIC *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_CONTEXT_DATA_Print(TPMS_CONTEXT_DATA *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_CONTEXT_Print(TPMS_CONTEXT *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPMS_CREATION_DATA_Print(TPMS_CREATION_DATA *source, unsigned int indent);
+    LIB_EXPORT
+    void TSS_TPM2B_CREATION_DATA_Print(TPM2B_CREATION_DATA *source, unsigned int indent);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tssprintcmd.h b/utils/ibmtss/tssprintcmd.h
new file mode 100644
index 000000000..eb717ba37
--- /dev/null
+++ b/utils/ibmtss/tssprintcmd.h
@@ -0,0 +1,172 @@
+/********************************************************************************/
+/*										*/
+/*			     Structure Print Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API is not guaranteed to be stable, and the format of the
+   output is subject to change
+
+   It is useful for application debug.
+*/
+
+#ifndef TSSPRINTCMD_H
+#define TSSPRINTCMD_H
+
+#include <ibmtss/tss.h>
+
+#include <stdint.h>
+#include <stdio.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    void ActivateCredential_In_Print(ActivateCredential_In *in, unsigned int indent);
+    void CertifyCreation_In_Print(CertifyCreation_In *in, unsigned int indent);
+    void CertifyX509_In_Print(CertifyX509_In *in, unsigned int indent);
+    void Certify_In_Print(Certify_In *in, unsigned int indent);
+    void ChangeEPS_In_Print(ChangeEPS_In *in, unsigned int indent);
+    void ChangePPS_In_Print(ChangePPS_In *in, unsigned int indent);
+    void ClearControl_In_Print(ClearControl_In *in, unsigned int indent);
+    void Clear_In_Print(Clear_In *in, unsigned int indent);
+    void ClockRateAdjust_In_Print(ClockRateAdjust_In *in, unsigned int indent);
+    void ClockSet_In_Print(ClockSet_In *in, unsigned int indent);
+    void Commit_In_Print(Commit_In *in, unsigned int indent);
+    void ContextLoad_In_Print(ContextLoad_In *in, unsigned int indent);
+    void ContextSave_In_Print(ContextSave_In *in, unsigned int indent);
+    void Create_In_Print(Create_In *in, unsigned int indent);
+    void CreateLoaded_In_Print(CreateLoaded_In *in, unsigned int indent);
+    void CreatePrimary_In_Print(CreatePrimary_In *in, unsigned int indent);
+    void DictionaryAttackLockReset_In_Print(DictionaryAttackLockReset_In *in, unsigned int indent);
+    void DictionaryAttackParameters_In_Print(DictionaryAttackParameters_In *in, unsigned int indent);
+    void Duplicate_In_Print(Duplicate_In *in, unsigned int indent);
+    void ECC_Parameters_In_Print(ECC_Parameters_In *in, unsigned int indent);
+    void ECDH_KeyGen_In_Print(ECDH_KeyGen_In *in, unsigned int indent);
+    void ECDH_ZGen_In_Print(ECDH_ZGen_In *in, unsigned int indent);
+    void EC_Ephemeral_In_Print(EC_Ephemeral_In *in, unsigned int indent);
+    void EncryptDecrypt_In_Print(EncryptDecrypt_In *in, unsigned int indent);
+    void EncryptDecrypt2_In_Print(EncryptDecrypt2_In *in, unsigned int indent);
+    void EventSequenceComplete_In_Print(EventSequenceComplete_In *in, unsigned int indent);
+    void EvictControl_In_Print(EvictControl_In *in, unsigned int indent);
+    void FlushContext_In_Print(FlushContext_In *in, unsigned int indent);
+    void GetCapability_In_Print(GetCapability_In *in, unsigned int indent);
+    void GetCommandAuditDigest_In_Print(GetCommandAuditDigest_In *in, unsigned int indent);
+    void GetRandom_In_Print(GetRandom_In *in, unsigned int indent);
+    void GetSessionAuditDigest_In_Print(GetSessionAuditDigest_In *in, unsigned int indent);
+    void GetTime_In_Print(GetTime_In *in, unsigned int indent);
+    void HMAC_Start_In_Print(HMAC_Start_In *in, unsigned int indent);
+    void HMAC_In_Print(HMAC_In *in, unsigned int indent);
+    void HashSequenceStart_In_Print(HashSequenceStart_In *in, unsigned int indent);
+    void Hash_In_Print(Hash_In *in, unsigned int indent);
+    void HierarchyChangeAuth_In_Print(HierarchyChangeAuth_In *in, unsigned int indent);
+    void HierarchyControl_In_Print(HierarchyControl_In *in, unsigned int indent);
+    void Import_In_Print(Import_In *in, unsigned int indent);
+    void IncrementalSelfTest_In_Print(IncrementalSelfTest_In *in, unsigned int indent);
+    void LoadExternal_In_Print(LoadExternal_In *in, unsigned int indent);
+    void Load_In_Print(Load_In *in, unsigned int indent);
+    void MakeCredential_In_Print(MakeCredential_In *in, unsigned int indent);
+    void NTC2_PreConfig_In_Print(NTC2_PreConfig_In *in, unsigned int indent);
+    void NV_Certify_In_Print(NV_Certify_In *in, unsigned int indent);
+    void NV_ChangeAuth_In_Print(NV_ChangeAuth_In *in, unsigned int indent);
+    void NV_DefineSpace_In_Print(NV_DefineSpace_In *in, unsigned int indent);
+    void NV_Extend_In_Print(NV_Extend_In *in, unsigned int indent);
+    void NV_GlobalWriteLock_In_Print(NV_GlobalWriteLock_In *in, unsigned int indent);
+    void NV_Increment_In_Print(NV_Increment_In *in, unsigned int indent);
+    void NV_ReadLock_In_Print(NV_ReadLock_In *in, unsigned int indent);
+    void NV_ReadPublic_In_Print(NV_ReadPublic_In *in, unsigned int indent);
+    void NV_Read_In_Print(NV_Read_In *in, unsigned int indent);
+    void NV_SetBits_In_Print(NV_SetBits_In *in, unsigned int indent);
+    void NV_UndefineSpaceSpecial_In_Print(NV_UndefineSpaceSpecial_In *in, unsigned int indent);
+    void NV_UndefineSpace_In_Print(NV_UndefineSpace_In *in, unsigned int indent);
+    void NV_WriteLock_In_Print(NV_WriteLock_In *in, unsigned int indent);
+    void NV_Write_In_Print(NV_Write_In *in, unsigned int indent);
+    void ObjectChangeAuth_In_Print(ObjectChangeAuth_In *in, unsigned int indent);
+    void PCR_Allocate_In_Print(PCR_Allocate_In *in, unsigned int indent);
+    void PCR_Event_In_Print(PCR_Event_In *in, unsigned int indent);
+    void PCR_Extend_In_Print(PCR_Extend_In *in, unsigned int indent);
+    void PCR_Read_In_Print(PCR_Read_In *in, unsigned int indent);
+    void PCR_Reset_In_Print(PCR_Reset_In *in, unsigned int indent);
+    void PCR_SetAuthPolicy_In_Print(PCR_SetAuthPolicy_In *in, unsigned int indent);
+    void PCR_SetAuthValue_In_Print(PCR_SetAuthValue_In *in, unsigned int indent);
+    void PP_Commands_In_Print(PP_Commands_In *in, unsigned int indent);
+    void PolicyAuthValue_In_Print(PolicyAuthValue_In *in, unsigned int indent);
+    void PolicyAuthorizeNV_In_Print(PolicyAuthorizeNV_In *in, unsigned int indent);
+    void PolicyAuthorize_In_Print(PolicyAuthorize_In *in, unsigned int indent);
+    void PolicyCommandCode_In_Print(PolicyCommandCode_In *in, unsigned int indent);
+    void PolicyCounterTimer_In_Print(PolicyCounterTimer_In *in, unsigned int indent);
+    void PolicyCpHash_In_Print(PolicyCpHash_In *in, unsigned int indent);
+    void PolicyDuplicationSelect_In_Print(PolicyDuplicationSelect_In *in, unsigned int indent);
+    void PolicyGetDigest_In_Print(PolicyGetDigest_In *in, unsigned int indent);
+    void PolicyLocality_In_Print(PolicyLocality_In *in, unsigned int indent);
+    void PolicyNV_In_Print(PolicyNV_In *in, unsigned int indent);
+    void PolicyNameHash_In_Print(PolicyNameHash_In *in, unsigned int indent);
+    void PolicyNvWritten_In_Print(PolicyNvWritten_In *in, unsigned int indent);
+    void PolicyOR_In_Print(PolicyOR_In *in, unsigned int indent);
+    void PolicyPCR_In_Print(PolicyPCR_In *in, unsigned int indent);
+    void PolicyPassword_In_Print(PolicyPassword_In *in, unsigned int indent);
+    void PolicyPhysicalPresence_In_Print(PolicyPhysicalPresence_In *in, unsigned int indent);
+    void PolicyRestart_In_Print(PolicyRestart_In *in, unsigned int indent);
+    void PolicySecret_In_Print(PolicySecret_In *in, unsigned int indent);
+    void PolicySigned_In_Print(PolicySigned_In *in, unsigned int indent);
+    void PolicyTemplate_In_Print(PolicyTemplate_In *in, unsigned int indent);
+    void PolicyTicket_In_Print(PolicyTicket_In *in, unsigned int indent);
+    void Quote_In_Print(Quote_In *in, unsigned int indent);
+    void RSA_Decrypt_In_Print(RSA_Decrypt_In *in, unsigned int indent);
+    void RSA_Encrypt_In_Print(RSA_Encrypt_In *in, unsigned int indent);
+    void ReadPublic_In_Print(ReadPublic_In *in, unsigned int indent);
+    void Rewrap_In_Print(Rewrap_In *in, unsigned int indent);
+    void SelfTest_In_Print(SelfTest_In *in, unsigned int indent);
+    void SequenceComplete_In_Print(SequenceComplete_In *in, unsigned int indent);
+    void SequenceUpdate_In_Print(SequenceUpdate_In *in, unsigned int indent);
+    void SetAlgorithmSet_In_Print(SetAlgorithmSet_In *in, unsigned int indent);
+    void SetCommandCodeAuditStatus_In_Print(SetCommandCodeAuditStatus_In *in, unsigned int indent);
+    void SetPrimaryPolicy_In_Print(SetPrimaryPolicy_In *in, unsigned int indent);
+    void Shutdown_In_Print(Shutdown_In *in, unsigned int indent);
+    void Sign_In_Print(Sign_In *in, unsigned int indent);
+    void StartAuthSession_In_Print(StartAuthSession_In *in, unsigned int indent);
+    void Startup_In_Print(Startup_In *in, unsigned int indent);
+    void StirRandom_In_Print(StirRandom_In *in, unsigned int indent);
+    void TestParms_In_Print(TestParms_In *in, unsigned int indent);
+    void Unseal_In_Print(Unseal_In *in, unsigned int indent);
+    void VerifySignature_In_Print(VerifySignature_In *in, unsigned int indent);
+    void ZGen_2Phase_In_Print(ZGen_2Phase_In *in, unsigned int indent);
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/utils/ibmtss/tssresponsecode.h b/utils/ibmtss/tssresponsecode.h
new file mode 100644
index 000000000..b3de0e83e
--- /dev/null
+++ b/utils/ibmtss/tssresponsecode.h
@@ -0,0 +1,62 @@
+/********************************************************************************/
+/*										*/
+/*			  TSS Response Code Printer  				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssresponsecode.h 1257 2018-06-27 20:52:08Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API likely to be stable, but the format and text output are
+   subject to change
+
+   It is useful for application debug.
+*/
+
+#ifndef TSSRESPONSECODE_H
+#define TSSRESPONSECODE_H
+
+#include <ibmtss/TPM_Types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    LIB_EXPORT 
+    void TSS_ResponseCode_toString(const char **msg, const char **submsg,  const char **num, TPM_RC rc);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tsstransmit.h b/utils/ibmtss/tsstransmit.h
new file mode 100644
index 000000000..de35d92f7
--- /dev/null
+++ b/utils/ibmtss/tsstransmit.h
@@ -0,0 +1,80 @@
+/********************************************************************************/
+/*										*/
+/*			   TSS Transmit		   				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tsstransmit.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2017, 2018				*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSSTRANSMIT_H
+#define TSSTRANSMIT_H
+
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+
+/* copy of TpmTcpProtocol.h.  These are only used with the SW TPM. */
+#define TPM_SIGNAL_POWER_ON         1
+#define TPM_SIGNAL_POWER_OFF        2
+#define TPM_SIGNAL_NV_ON            11
+
+/* copy of TpmTcpProtocol.h.  These are only used with the SW TPM, but they may be used with a
+   resource manager in the future. */
+#define TPM_SEND_COMMAND            8
+#define TPM_SESSION_END             20
+#define TPM_STOP                    21
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+    LIB_EXPORT TPM_RC
+    TSS_TransmitPlatform(TSS_CONTEXT *tssContext,
+			 uint32_t command, const char *message);
+    LIB_EXPORT TPM_RC
+    TSS_TransmitCommand(TSS_CONTEXT *tssContext,
+			uint32_t command, const char *message);
+    LIB_EXPORT TPM_RC
+    TSS_Transmit(TSS_CONTEXT *tssContext,
+		 uint8_t *responseBuffer, uint32_t *read,
+		 const uint8_t *commandBuffer, uint32_t written,
+		 const char *message);
+
+    LIB_EXPORT TPM_RC
+    TSS_Close(TSS_CONTEXT *tssContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ibmtss/tssutils.h b/utils/ibmtss/tssutils.h
new file mode 100644
index 000000000..375ebacb6
--- /dev/null
+++ b/utils/ibmtss/tssutils.h
@@ -0,0 +1,98 @@
+/********************************************************************************/
+/*										*/
+/*			TSS and Application Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssutils.h 1324 2018-08-31 16:36:12Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is a semi-public header. The API is subject to change.
+
+   It is useful rapid application development, and as sample code.  It is risky for production code.
+
+*/
+
+#ifndef TSSUTILS_H
+#define TSSUTILS_H
+
+#include <stdio.h>
+
+#include <ibmtss/TPM_Types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    typedef TPM_RC (*UnmarshalFunction_t)(void *target, uint8_t **buffer, uint32_t *size);
+    typedef TPM_RC (*UnmarshalFunctionFlag_t)(void *target, uint8_t **buffer, uint32_t *size, BOOL allowNull);
+    typedef TPM_RC (*MarshalFunction_t)(void *source, uint16_t *written, uint8_t **buffer, uint32_t *size);
+
+    LIB_EXPORT
+    TPM_RC TSS_Malloc(unsigned char **buffer, uint32_t size);
+    LIB_EXPORT
+    TPM_RC TSS_Realloc(unsigned char **buffer, uint32_t size);
+
+    LIB_EXPORT
+    TPM_RC TSS_Structure_Marshal(uint8_t		**buffer,
+				 uint16_t		*written,
+				 void 		*structure,
+				 MarshalFunction_t 	marshalFunction);
+
+    LIB_EXPORT 
+    TPM_RC TSS_TPM2B_Copy(TPM2B *target, TPM2B *source, uint16_t targetSize);
+    
+    LIB_EXPORT 
+    TPM_RC TSS_TPM2B_Append(TPM2B *target, TPM2B *source, uint16_t targetSize);
+    
+    LIB_EXPORT 
+    TPM_RC TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size, uint16_t targetSize);
+    
+    LIB_EXPORT 
+    TPM_RC TSS_TPM2B_CreateUint32(TPM2B *target, uint32_t source, uint16_t targetSize);
+    
+    LIB_EXPORT 
+    TPM_RC TSS_TPM2B_StringCopy(TPM2B *target, const char *source, uint16_t targetSize);
+    
+    LIB_EXPORT 
+    BOOL TSS_TPM2B_Compare(TPM2B *expect, TPM2B *actual);
+    
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef TPM_TSS_NOFILE
+#include <ibmtss/tssfile.h>
+#endif
+
+#endif
diff --git a/utils/imaextend.c b/utils/imaextend.c
new file mode 100644
index 000000000..7217e4501
--- /dev/null
+++ b/utils/imaextend.c
@@ -0,0 +1,436 @@
+/********************************************************************************/
+/*										*/
+/*		      Extend an IMA measurement list into PCRs			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2014 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* imaextend is test/demo code.  It parses a TPM 1.2 IMA event log file and extends the measurements
+   into TPM PCRs.  This simulates the actions that would be performed by the Linux kernel IMA in a
+   hardware platform.
+
+   To test incremental attestations, the caller can optionally specify a beginning event number and
+   ending event number.
+
+   To test a platform without a TPM or TPM device driver, but where IMA is creating an event log,
+   the caller can optionally specify a sleep time.  The program will then incrementally extend after
+   each sleep.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+
+#include "imalib.h"
+
+/* local prototypes */
+
+static TPM_RC copyDigest(PCR_Extend_In 	*in,
+			 ImaEvent 	*imaEvent);
+static TPM_RC pcrread(TSS_CONTEXT *tssContext,
+		      TPMI_DH_PCR pcrHandle);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+int vverbose = FALSE;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 		rc = 0;
+    int 		i = 0;
+    TSS_CONTEXT		*tssContext = NULL;
+    PCR_Extend_In 	in;
+    const char 		*infilename = NULL;
+    FILE 		*infile = NULL;
+    int 		littleEndian = FALSE;
+    int			sim = FALSE;			/* extend into simulated PCRs */
+    uint32_t 		bankNum = 0;			/* PCR hash bank, 0 is SHA-1, 1 is
+							   SHA-256 */
+    unsigned int 	pcrNum = 0;			/* PCR number iterator */
+    TPMT_HA 		simPcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR];
+    unsigned long	beginEvent = 0;			/* default beginning of log */
+    unsigned long	endEvent = 0xffffffff;		/* default end of log */
+    unsigned int	loopTime = 0;			/* default no loop */
+    ImaEvent 		imaEvent;
+    unsigned int 	lineNum;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; i<argc ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		infilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+		exit(2);
+	    }
+	}
+	else if (strcmp(argv[i],"-sim") == 0) {
+	    sim = TRUE;
+	}
+	else if (strcmp(argv[i],"-le") == 0) {
+	    littleEndian = TRUE; 
+	}
+	else if (strcmp(argv[i],"-b") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%lu", &beginEvent);
+	    }
+	    else {
+		printf("Missing parameter for -b\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-e") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%lu", &endEvent);
+	    }
+	    else {
+		printf("Missing parameter for -e\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-l") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &loopTime);
+	    }
+	    else {
+		printf("Missing parameter for -e\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    vverbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (infilename == NULL) {
+	printf("Missing -if argument\n");
+	printUsage();
+    }
+    if (!sim) {
+	/* Start a TSS context */
+	if (rc == 0) {
+	    rc = TSS_Create(&tssContext);
+	}
+	if (rc == 0) {
+	    uint32_t algs;				/* hash algorithm iterator */
+	    in.digests.count = 2;			/* extend SHA-1 and SHA-256 banks */
+	    in.digests.digests[0].hashAlg = TPM_ALG_SHA1;
+	    in.digests.digests[1].hashAlg = TPM_ALG_SHA256;
+	    /* IMA zero extends into the SHA-256 bank */
+	    for (algs = 0 ; algs < in.digests.count ; algs++) {
+		memset((uint8_t *)&in.digests.digests[algs].digest, 0, sizeof(TPMU_HA));
+	    }
+	}
+	if ((rc == 0) && tssUtilsVerbose) {
+	    printf("Initial PCR 10 value\n");
+	    rc = pcrread(tssContext, 10);
+	}
+    }
+    else {	/* sim TRUE */
+	/* simulated PCRs start at zero at boot */
+	if (rc == 0) {
+	    for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) {
+		/* initialize each algorithm ID */
+		simPcrs[0][pcrNum].hashAlg = TPM_ALG_SHA1;
+		simPcrs[1][pcrNum].hashAlg = TPM_ALG_SHA256;
+		memset(&simPcrs[0][pcrNum].digest.tssmax, 0, SHA1_DIGEST_SIZE);
+		memset(&simPcrs[1][pcrNum].digest.tssmax, 0, SHA256_DIGEST_SIZE);
+	    }
+	}
+    }
+    /*
+      scan each measurement 'line' in the binary
+    */
+    do {
+	/* read the IMA event log file */
+	int endOfFile = FALSE;
+	if (rc == 0) {
+	    infile = fopen(infilename,"rb");
+	    if (infile == NULL) {
+		printf("Unable to open input file '%s'\n", infilename);
+		rc = TSS_RC_FILE_OPEN;
+	    }
+	}
+	for (lineNum = 0 ; (rc == 0) && !endOfFile ; lineNum++) {
+	    /* read an IMA event line */
+	    IMA_Event_Init(&imaEvent);
+	    if (rc == 0) {
+		rc = IMA_Event_ReadFile(&imaEvent, &endOfFile, infile,
+					littleEndian);
+	    }
+	    /*
+	      if the event line is in range
+	    */
+	    if ((rc == 0) && (lineNum >= beginEvent) && (lineNum <= endEvent) && !endOfFile) {
+		/* debug tracing */
+		if (rc == 0) {
+		    ImaTemplateData imaTemplateData;
+		    if (tssUtilsVerbose) printf("\n");
+		    printf("imaextend: line %u\n", lineNum);
+		    if (tssUtilsVerbose) {
+			IMA_Event_Trace(&imaEvent, FALSE);
+			/* unmarshal the template data */
+			if (rc == 0) {
+			    rc = IMA_TemplateData_ReadBuffer(&imaTemplateData,
+							     &imaEvent,
+							     littleEndian);
+			}
+			if (rc == 0) {
+			    IMA_TemplateData_Trace(&imaTemplateData,
+						   imaEvent.nameInt);
+			}
+			else {
+			    printf("imaextend: Error parsing template data, event %u\n", lineNum);
+			    rc = 0;		/* not a fatal error */
+			}
+		    }
+		}
+		if (!sim) {
+		    if (rc == 0) {
+			in.pcrHandle = imaEvent.pcrIndex;		/* normally PCR 10 */
+		    }
+		    /* copy the SHA-1 digest to be extended into the SHA-1 and SHA-256 banks */
+		    if (rc == 0) {
+			rc = copyDigest(&in, &imaEvent);
+		    }	
+		    if (rc == 0) {
+			rc = TSS_Execute(tssContext,
+					 NULL, 
+					 (COMMAND_PARAMETERS *)&in,
+					 NULL,
+					 TPM_CC_PCR_Extend,
+					 TPM_RS_PW, NULL, 0,
+					 TPM_RH_NULL, NULL, 0);
+		    }
+		    if (rc == 0 && tssUtilsVerbose) {
+			rc = pcrread(tssContext, imaEvent.pcrIndex);
+		    }
+		}
+		else {		/* sim */
+		    /* even though IMA_Event_ReadFile() range checks the PCR index, range check it
+		       again here to silence the static analysis tool */
+		    if (rc == 0) {
+			if (imaEvent.pcrIndex >= IMPLEMENTATION_PCR) {
+			    printf("imaextend: PCR index %u %08x out of range\n",
+				   imaEvent.pcrIndex, imaEvent.pcrIndex);
+			    rc = TSS_RC_BAD_PROPERTY_VALUE;
+			}
+		    }
+		    if (rc == 0) {
+			rc = IMA_Event_PcrExtend(simPcrs, &imaEvent);
+		    }
+		    if (rc == 0 && tssUtilsVerbose) {
+			TSS_PrintAll("PCR digest SHA-1",
+				     simPcrs[0][imaEvent.pcrIndex].digest.tssmax,
+				     SHA1_DIGEST_SIZE);
+			TSS_PrintAll("PCR digest SHA-256",
+				     simPcrs[1][imaEvent.pcrIndex].digest.tssmax,
+				     SHA256_DIGEST_SIZE);
+			
+			
+		    }
+		}
+	    }	/* for each IMA event in range */
+	    IMA_Event_Free(&imaEvent);
+	}	/* for each IMA event line */
+	if (tssUtilsVerbose && (loopTime != 0)) printf("set beginEvent to %u\n", lineNum-1);
+	beginEvent = lineNum-1;		/* remove the last increment at EOF */
+	if (infile != NULL) {
+	    fclose(infile);
+	}
+#ifdef TPM_POSIX
+	sleep(loopTime);
+#endif
+#ifdef TPM_WINDOWS
+	Sleep(loopTime * 1000);
+#endif
+	
+    } while ((rc == 0) && (loopTime != 0)); 		/* sleep loop */
+    if (!sim) {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    else {	/* sim */
+	for (bankNum = 0 ; (rc == 0) && (bankNum < IMA_PCR_BANKS) ; bankNum++) {
+	    TSS_TPM_ALG_ID_Print("algorithmId", simPcrs[bankNum][0].hashAlg, 0);
+	    for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) {
+	        char 		pcrString[9];	/* PCR number */
+		uint16_t 	digestSize;
+		sprintf(pcrString, "PCR %02u:", pcrNum);
+		/* TSS_PrintAllLogLevel() with a log level of LOGLEVEL_INFO to print the byte
+		   array on one line with no length */
+		digestSize = TSS_GetDigestSize(simPcrs[bankNum][pcrNum].hashAlg);
+		TSS_PrintAllLogLevel(LOGLEVEL_INFO, pcrString, 1,
+				     simPcrs[bankNum][pcrNum].digest.tssmax,
+				     digestSize);
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("imaextend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("imaextend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static TPM_RC copyDigest(PCR_Extend_In 	*in,
+			 ImaEvent 	*imaEvent)
+{
+    TPM_RC 		rc = 0;
+    unsigned char 	zeroDigest[SHA1_DIGEST_SIZE];
+    int 		notAllZero;
+    if (rc == 0) {
+	memset(zeroDigest, 0, SHA1_DIGEST_SIZE);
+	notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE);
+	/* the SHA-256 bank has already been 0 extended, so only the first 20 bytes need be
+	   copied */
+	if (notAllZero) {
+	    memcpy((uint8_t *)&in->digests.digests[0].digest, imaEvent->digest, SHA1_DIGEST_SIZE);
+	    memcpy((uint8_t *)&in->digests.digests[1].digest, imaEvent->digest, SHA1_DIGEST_SIZE);
+	}
+	/* IMA has a quirk where some measurements store a zero digest in the event log, but
+	   extend ones into PCR 10 */
+	else {
+	    memset((uint8_t *)&in->digests.digests[0].digest, 0xff, SHA1_DIGEST_SIZE);
+	    memset((uint8_t *)&in->digests.digests[1].digest, 0xff, SHA1_DIGEST_SIZE);
+	}
+    }
+    return rc;
+}	
+
+static TPM_RC pcrread(TSS_CONTEXT *tssContext,
+		      TPMI_DH_PCR pcrHandle)
+{
+    TPM_RC 		rc = 0;
+    /* for debug, read back and trace the PCR value after the extend */
+    PCR_Read_In 		pcrReadIn;
+    PCR_Read_Out 		pcrReadOut;
+
+    if (rc == 0) {
+	pcrReadIn.pcrSelectionIn.count = 2;
+	pcrReadIn.pcrSelectionIn.pcrSelections[0].hash = TPM_ALG_SHA1;
+	pcrReadIn.pcrSelectionIn.pcrSelections[1].hash = TPM_ALG_SHA256;
+	pcrReadIn.pcrSelectionIn.pcrSelections[0].sizeofSelect = 3;
+	pcrReadIn.pcrSelectionIn.pcrSelections[1].sizeofSelect = 3;
+	pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[0] = 0;
+	pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[1] = 0;
+	pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[2] = 0;
+	pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[0] = 0;
+	pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[1] = 0;
+	pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[2] = 0;
+	pcrReadIn.pcrSelectionIn.pcrSelections[0].pcrSelect[pcrHandle / 8] =
+	    1 << (pcrHandle % 8);
+	pcrReadIn.pcrSelectionIn.pcrSelections[1].pcrSelect[pcrHandle / 8] =
+	    1 << (pcrHandle % 8);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&pcrReadOut,
+			 (COMMAND_PARAMETERS *)&pcrReadIn,
+			 NULL,
+			 TPM_CC_PCR_Read,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	TSS_PrintAll("PCR digest SHA-1",
+		     pcrReadOut.pcrValues.digests[0].t.buffer,
+		     pcrReadOut.pcrValues.digests[0].t.size);
+	TSS_PrintAll("PCR digest SHA-256",
+		     pcrReadOut.pcrValues.digests[1].t.buffer,
+		     pcrReadOut.pcrValues.digests[1].t.size);
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("imaextend\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Extend to Extend a SHA-1 IMA measurement file (binary) into TPM PCRs\n");
+    printf("The IMA measurement is directly extended into the SHA-1 bank, and a zero padded\n");
+    printf("measurement is extended into the SHA-256 bank\n");
+    printf("\n");
+    printf("This handles the case where a zero measurement extends ones into the IMA PCR\n");
+    printf("\n");
+    printf("If -sim is specified, TPM PCRs are not extended.  Rather, imaextend extends into\n");
+    printf("simluated PCRs and traces the result.\n");
+    printf("\n");
+    printf("\t-if\tIMA event log file name\n");
+    printf("\t[-le\tinput file is little endian (default big endian)]\n");
+    printf("\t[-sim\tcalculate simulated PCRs]\n");
+    printf("\t[-b\tbeginning entry (default 0, beginning of log)]\n");
+    printf("\t\tA beginning entry after the end of the log becomes a noop\n");
+    printf("\t[-e\tending entry (default end of log)]\n");
+    printf("\t\tE.g., -b 0 -e 0 sends one entry\n");
+    printf("\t[-l\ttime - run in a continuous loop, with a sleep of 'time' seconds betwteen loops]\n");
+    printf("\t\tThe intent is that this be run without specifying -b and -e\n");
+    printf("\t\tAfer each pass, the next beginning entry is set to the last entry +1\n");
+    printf("\n");
+    exit(1);
+}
+
diff --git a/utils/imalib.c b/utils/imalib.c
new file mode 100644
index 000000000..6da9b77ca
--- /dev/null
+++ b/utils/imalib.c
@@ -0,0 +1,1486 @@
+/********************************************************************************/
+/*										*/
+/*			     IMA Routines					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* imalib is a set of utility functions to handle IMA (Integrity Measurement Architecture) event
+   logs.
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef TPM_POSIX
+#include <arpa/inet.h>
+#endif
+
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/TPM_Types.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tsserror.h>
+
+#include "imalib.h"
+
+#define IMA_PARSE_FUNCTIONS_MAX 128
+
+static uint32_t IMA_Uint32_Convert(const uint8_t *stream,
+				   int littleEndian);
+static uint32_t IMA_Strn2cpy(char *dest, const uint8_t *src,
+			     size_t destLength, size_t srcLength);
+static void IMA_Event_ParseName(ImaEvent *imaEvent);
+
+static uint32_t IMA_TemplateData_ReadFile(ImaEvent *imaEvent,
+					  int *endOfFile,
+					  FILE *inFile,
+					  int littleEndian);
+static uint32_t IMA_TemplateDataIma_ReadFile(ImaEvent *imaEvent,
+					     int *endOfFile,
+					     FILE *inFile,
+					     int littleEndian);
+
+/* callback to parse a template data field */
+
+typedef uint32_t (*TemplateDataParseFunction_t)(ImaTemplateData	*imaTemplateData,
+						uint8_t 	**buffer,
+						size_t 		*length,
+						int 		littleEndian);
+static uint32_t IMA_TemplateName_Parse(TemplateDataParseFunction_t templateDataParseFunctions[],
+				       size_t templateDataParseFunctionsSize,
+				       ImaEvent *imaEvent);
+static uint32_t
+IMA_TemplateName_ParseCustom(TemplateDataParseFunction_t templateDataParseFunctions[],
+			     size_t templateDataParseFunctionsSize,
+			     ImaEvent *imaEvent);
+static uint32_t IMA_ParseD(ImaTemplateData	*imaTemplateData,
+			   uint8_t 		**buffer,
+			   size_t 		*length,
+			   int 		littleEndian);
+static uint32_t IMA_ParseDNG(ImaTemplateData	*imaTemplateData,
+			     uint8_t 		**buffer,
+			     size_t 		*length,
+			     int 		littleEndian);
+static uint32_t IMA_ParseNNG(ImaTemplateData	*imaTemplateData,
+			     uint8_t 		**buffer,
+			     size_t 		*length,
+			     int 		littleEndian);
+static uint32_t IMA_ParseSIG(ImaTemplateData	*imaTemplateData,
+			     uint8_t 		**buffer,
+			     size_t 		*length,
+			     int 		littleEndian);
+
+extern int tssUtilsVerbose;
+
+/* IMA_Event_Init() initializes the ImaEvent structure so that IMA_Event_Free() is safe.
+
+ */
+
+void IMA_Event_Init(ImaEvent *imaEvent)
+{
+    if (imaEvent != NULL) {
+	imaEvent->nameInt = IMA_UNSUPPORTED;
+	imaEvent->template_data = NULL;
+    }
+    return;
+}
+
+/* IMA_Event_Free() frees any memory allocated for the ImaEvent structure.
+
+ */
+
+void IMA_Event_Free(ImaEvent *imaEvent)
+{
+    if (imaEvent != NULL) {
+	free(imaEvent->template_data);
+	imaEvent->template_data = NULL;
+    }
+    return;
+}
+
+/* IMA_Event_Trace() traces the ImaEvent structure.
+
+   If traceTemplate is FALSE, template data is not traced.  This handles the case where template
+   data is not unmarshaled.
+
+*/
+
+void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate)
+{
+    printf("IMA_Event_Trace: PCR index %u\n", imaEvent->pcrIndex);
+    TSS_PrintAll("IMA_Event_Trace: hash",
+		 imaEvent->digest, sizeof(((ImaEvent *)NULL)->digest));
+
+    printf("IMA_Event_Trace: name length %u\n", imaEvent->name_len);
+    printf("IMA_Event_Trace: name %s\n", imaEvent->name);
+    printf("IMA_Event_Trace: name integer %u\n", imaEvent->nameInt);
+    printf("IMA_Event_Trace: template data length %u\n", imaEvent->template_data_len);
+    /* in some use cases, the template_data field is not populated.  In those cases, do not trace
+       it. */
+    if (traceTemplate) {
+	TSS_PrintAll("IMA_Event_Trace: template data",
+		     imaEvent->template_data, imaEvent->template_data_len);
+    }
+    return;
+}
+
+/* IMA_Event_ParseName() parses the Template Name and sets the nameInt field */
+
+static void IMA_Event_ParseName(ImaEvent *imaEvent)
+{
+    if (strcmp(imaEvent->name, "ima-ng") == 0) {
+	imaEvent->nameInt = IMA_FORMAT_IMA_NG;
+    }
+    else if (strcmp(imaEvent->name, "ima-sig") == 0) {
+	imaEvent->nameInt = IMA_FORMAT_IMA_SIG;
+    }
+    else if (strcmp(imaEvent->name, "ima") == 0) {
+	imaEvent->nameInt = IMA_FORMAT_IMA;
+    }
+    /* the template data parser currently supports only these formats. */
+    else {
+	imaEvent->nameInt = IMA_UNSUPPORTED;
+    }
+    return;
+}
+
+/* IMA_TemplateData_Trace() traces the ImaTemplateData  structure.
+
+   nameInt maps to the template name.
+
+*/
+  
+void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData,
+			    unsigned int nameInt)
+{
+    nameInt = nameInt;	/* obsolete now that custom templates are supported */
+    
+    printf("IMA_TemplateData_Trace: hashLength %u\n", imaTemplateData->hashLength); 
+    printf("IMA_TemplateData_Trace: hashAlg %s\n", imaTemplateData->hashAlg);
+    TSS_PrintAll("IMA_Template_Trace: file data hash",
+		 imaTemplateData->fileDataHash, imaTemplateData->fileDataHashLength);
+    printf("IMA_TemplateData_Trace: fileNameLength %u\n", imaTemplateData->fileNameLength);
+    if (imaTemplateData->fileNameLength > 0) {
+	printf("IMA_TemplateData_Trace: fileName %s\n", imaTemplateData->fileName);
+    }
+    printf("IMA_TemplateData_Trace: sigLength %u\n", imaTemplateData->sigLength);
+    if (imaTemplateData->sigLength != 0) {
+	TSS_PrintAll("IMA_TemplateData_Trace: sigHeader",
+		     imaTemplateData->sigHeader, imaTemplateData->sigHeaderLength);
+	printf("IMA_TemplateData_Trace: signatureSize %u\n", imaTemplateData->signatureSize);
+	TSS_PrintAll("IMA_TemplateData_Trace: signature",
+		     imaTemplateData->signature, imaTemplateData->signatureSize);
+    }
+    return;    
+}
+
+/* IMA_Event_ReadFile() reads one IMA event from a file.
+
+   It currently supports these template formats:  ima, ima-ng, ima-sig.
+
+   This is typically used at the client, reading from the pseudofile.
+*/
+
+uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent,	/* freed by caller */
+			    int *endOfFile,
+			    FILE *inFile,
+			    int littleEndian)
+{
+    int rc = 0;
+    size_t readSize;
+    *endOfFile = FALSE;
+    
+    imaEvent->template_data = NULL;		/* for free */
+
+    /* read the IMA PCR index */
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(&(imaEvent->pcrIndex),
+			 sizeof(((ImaEvent *)NULL)->pcrIndex), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_Event_ReadFile: could not read pcrIndex, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* PCR index endian convert */
+    if ((rc == 0) && !(*endOfFile)) {
+	imaEvent->pcrIndex = IMA_Uint32_Convert((uint8_t *)&imaEvent->pcrIndex, littleEndian);
+	/* range check the PCR index */
+	if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
+	    printf("ERROR: IMA_Event_ReadFile: PCR index %u %08x out of range\n",
+		   imaEvent->pcrIndex, imaEvent->pcrIndex);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }	
+    /* read the IMA digest, this is hard coded to SHA-1 */
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(&(imaEvent->digest),
+			 sizeof(((ImaEvent *)NULL)->digest), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_Event_ReadFile: could not read digest, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* read the IMA name length */
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(&(imaEvent->name_len),
+			 sizeof(((ImaEvent *)NULL)->name_len), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_Event_ReadFile: could not read name_len, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	imaEvent->name_len = IMA_Uint32_Convert((uint8_t *)&imaEvent->name_len, littleEndian);
+    }
+    /* bounds check the name length, leave a byte for the nul terminator */
+    if ((rc == 0) && !(*endOfFile)) {
+	if (imaEvent->name_len > (sizeof(((ImaEvent *)NULL)->name)) -1) {
+	    printf("ERROR: IMA_Event_ReadFile: template name length too big: %u\n",
+		   imaEvent->name_len);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* read the template name */
+    if ((rc == 0) && !(*endOfFile)) {
+	/* nul terminate first */
+	memset(imaEvent->name, 0, sizeof(((ImaEvent *)NULL)->name));
+	readSize = fread(&(imaEvent->name),
+			 imaEvent->name_len, 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_Event_ReadFile: could not read template name, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* record the template name as an int */
+    if ((rc == 0) && !(*endOfFile)) {
+	IMA_Event_ParseName(imaEvent);
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	if (imaEvent->nameInt != IMA_FORMAT_IMA) {	/* standard format */
+	    rc = IMA_TemplateData_ReadFile(imaEvent, endOfFile, inFile, littleEndian);
+	}
+	else {						/* unique 'ima' format */
+	    rc = IMA_TemplateDataIma_ReadFile(imaEvent, endOfFile, inFile, littleEndian);
+	}
+    }
+    return rc;
+}
+
+/* IMA_TemplateData_ReadFile() reads the template data as a pure array.  It handles the normal case
+   of template data length plus template data.
+*/
+
+static uint32_t IMA_TemplateData_ReadFile(ImaEvent *imaEvent,	/* freed by caller */
+					  int *endOfFile,
+					  FILE *inFile,
+					  int littleEndian)
+{
+    int rc = 0;
+    size_t readSize;
+
+    /* read template data length */
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(&(imaEvent->template_data_len),
+			 sizeof(((ImaEvent *)NULL)->template_data_len ), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_TemplateData_ReadFile: could not read template_data_len, "
+		       " returned %lu\n", (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	imaEvent->template_data_len =
+	    IMA_Uint32_Convert((uint8_t *)&imaEvent->template_data_len,
+			       littleEndian);
+    }
+    /* bounds check the template data length */
+    if ((rc == 0) && !(*endOfFile)) {
+	if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) {
+	    printf("ERROR: IMA_TemplateData_ReadFile: template data length too big: %u\n",
+		   imaEvent->template_data_len);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	imaEvent->template_data = malloc(imaEvent->template_data_len);
+	if (imaEvent->template_data == NULL) {
+	    printf("ERROR: IMA_TemplateData_ReadFile: "
+		   "could not allocate template data, size %u\n",
+		   imaEvent->template_data_len);
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(imaEvent->template_data,
+			 imaEvent->template_data_len, 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_Event_ReadFile: could not read template_data, "
+		       "returned %lu\n", (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    return rc;
+}
+
+/* IMA_TemplateDataIma_ReadFile() reads the template data.  It handles the special case of the
+   template name 'ima', which does not have a template data length.  'ima' has a 20 byte file data
+   hash, a 4 byte file name length, and a file name.
+*/
+
+static uint32_t IMA_TemplateDataIma_ReadFile(ImaEvent *imaEvent,	/* freed by caller */
+					     int *endOfFile,
+					     FILE *inFile,
+					     int littleEndian)
+{
+    int 	rc = 0;
+    size_t 	readSize;
+    uint8_t 	fileDataHash[SHA1_DIGEST_SIZE];		/* IMA hard coded to SHA-1 */
+    uint32_t 	fileNameLengthIbo;			/* ima log byte order */
+    uint32_t 	fileNameLength;				/* host byte order */
+
+    /* read the fileDataHash digest, this is hard coded to SHA-1 */
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(&fileDataHash,
+			 sizeof(fileDataHash), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_TemplateDataIma_ReadFile: "
+		       "could not read fileDataHash, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    /* read the IMA name length */
+    if ((rc == 0) && !(*endOfFile)) {
+	readSize = fread(&fileNameLengthIbo,
+			 sizeof(fileNameLength), 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_TemplateDataIma_ReadFile: "
+		       "could not read fileNameLength, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	fileNameLength = IMA_Uint32_Convert((uint8_t *)&fileNameLengthIbo, littleEndian);
+	/* should check for addition overflowing a uint32_t */
+	if (fileNameLength > (0xffffffff - (uint32_t)(sizeof(fileDataHash) + sizeof(fileNameLength)))) {
+	    printf("ERROR: IMA_TemplateDataIma_ReadFile: file name length too big: %u\n",
+		   fileNameLength);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	/* addition is safe because of above check */
+	imaEvent->template_data_len = sizeof(fileDataHash) + sizeof(fileNameLength) + fileNameLength;
+    }
+    /* bounds check the template data length */
+    if ((rc == 0) && !(*endOfFile)) {
+	if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) {
+	    printf("ERROR: IMA_TemplateDataIma_ReadFile: template data length too big: %u\n",
+		   imaEvent->template_data_len);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if ((rc == 0) && !(*endOfFile)) {
+	imaEvent->template_data = malloc(imaEvent->template_data_len);
+	if (imaEvent->template_data == NULL) {
+	    printf("ERROR: IMA_TemplateData_ReadFile: "
+		   "could not allocate template data, size %u\n",
+		   imaEvent->template_data_len);
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* copy results to template_data */
+    if ((rc == 0) && !(*endOfFile)) {
+	/* copy file data hash */
+	memcpy(imaEvent->template_data, fileDataHash, sizeof(fileDataHash));
+	/* copy file name length */
+	memcpy(imaEvent->template_data + sizeof(fileDataHash),
+	       &fileNameLength, sizeof(fileNameLength));
+	/* read and copy the file name */
+	readSize = fread(imaEvent->template_data + sizeof(fileDataHash) + sizeof(fileNameLength),
+			 fileNameLength, 1, inFile);
+	if (readSize != 1) {
+	    if (feof(inFile)) {
+		*endOfFile = TRUE;
+	    }
+	    else {
+		printf("ERROR: IMA_TemplateDataIma_ReadFile: "
+		       "could not read fileNameLength, returned %lu\n",
+		       (unsigned long)readSize);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+    }
+    return rc;
+}
+ 
+/* IMA_Event_ReadBuffer()  reads one IMA event from a buffer.
+
+   This is typically used at the server, reading from a client connection.
+
+   Although the raw IMA event log 'ima' template does not have a template data length, this function
+   at the server assumes it has been inserted by the client.
+
+   If getTemplate is TRUE, the template data is copied to a malloced imaEvent->template_data.  If
+   FALSE, template data is skipped. FALSE is used for the first pass, where the template data is not
+   needed until the hash is validated.
+
+*/
+
+uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent,	/* freed by caller */
+			      size_t *length,
+			      uint8_t **buffer,
+			      int *endOfBuffer,
+			      int littleEndian,
+			      int getTemplate)
+{
+    int rc = 0;
+    
+    imaEvent->template_data = NULL;		/* for free */
+    if (*length == 0) {
+	*endOfBuffer = 1;
+    }
+    else {
+	/* read the IMA pcr index */
+	if (rc == 0) {
+	    /* bounds check the length */
+	    if (*length < sizeof(uint32_t)) {
+		printf("ERROR: IMA_Event_ReadBuffer: buffer too small for PCR index\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		imaEvent->pcrIndex = IMA_Uint32_Convert(*buffer, littleEndian);
+		*buffer += sizeof(uint32_t);
+		*length -= sizeof(uint32_t);
+	    }
+	}
+	/* sanity check the PCR index */
+	if (rc == 0) {
+	    if (imaEvent->pcrIndex != IMA_PCR) {
+		printf("ERROR: IMA_Event_ReadBuffer: PCR index %u not PCR %u\n",
+		       IMA_PCR, imaEvent->pcrIndex);
+		rc = TSS_RC_BAD_PROPERTY_VALUE;
+	    }
+	}	
+	/* read the IMA digest, this is hard coded to SHA-1 */
+	if (rc == 0) {
+	    /* bounds check the length */
+	    if (*length < sizeof(((ImaEvent *)NULL)->digest)) {
+		printf("ERROR: IMA_Event_ReadBuffer: buffer too small for IMA digest\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		memcpy(&(imaEvent->digest), *buffer, sizeof(((ImaEvent *)NULL)->digest));
+		*buffer += sizeof(((ImaEvent *)NULL)->digest);
+		*length -= sizeof(((ImaEvent *)NULL)->digest);
+	    }
+	}
+	/* read the IMA name length */
+	if (rc == 0) {
+	    /* bounds check the length */
+	    if (*length < sizeof(uint32_t)) {
+		printf("ERROR: IMA_Event_ReadBuffer: "
+		       "buffer too small for IMA template name length\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		imaEvent->name_len = IMA_Uint32_Convert(*buffer, littleEndian);
+		*buffer += sizeof(uint32_t);
+		*length -= sizeof(uint32_t);
+	    }
+	}
+	/* read the template name */
+	if (rc == 0) {
+	    /* bounds check the name length */
+	    if (imaEvent->name_len > TCG_EVENT_NAME_LEN_MAX) {
+		printf("ERROR: IMA_Event_ReadBuffer: Error, template name length too big: %u\n",
+		       imaEvent->name_len);
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else if (*length < imaEvent->name_len) {
+		printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template name\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		/* nul terminate first */
+		memset(imaEvent->name, 0, sizeof(((ImaEvent *)NULL)->name));
+		memcpy(&(imaEvent->name), *buffer, imaEvent->name_len);
+		*buffer += imaEvent->name_len;
+		*length -= imaEvent->name_len;
+	    }
+	}
+	/* record the template name as an int */
+	if (rc == 0) {
+	    IMA_Event_ParseName(imaEvent);
+	}
+	/* read the template data length */
+	if (rc == 0) {
+	    /* bounds check the length */
+	    if (*length < sizeof(uint32_t)) {
+		printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template data length\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		imaEvent->template_data_len = IMA_Uint32_Convert(*buffer, littleEndian);
+		*buffer += sizeof(uint32_t);
+		*length -= sizeof(uint32_t);
+	    }
+	}
+	/* allocate for the template data */
+	if (rc == 0) {
+	    if (getTemplate) {
+		/* bounds check the template data length */
+		if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) {
+		    printf("ERROR: IMA_Event_ReadBuffer: template data length too big: %u\n",
+			   imaEvent->template_data_len );
+		    rc = TSS_RC_INSUFFICIENT_BUFFER;
+		}
+		else if (*length < imaEvent->template_data_len) {
+		    printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template data\n");
+		    rc = TSS_RC_INSUFFICIENT_BUFFER;
+		}
+		else {
+		    if (rc == 0) {
+			imaEvent->template_data = malloc(imaEvent->template_data_len);
+			if (imaEvent->template_data == NULL) {
+			    printf("ERROR: IMA_Event_ReadBuffer: "
+				   "could not allocate template data, size %u\n",
+				   imaEvent->template_data_len);
+			    rc = TSS_RC_OUT_OF_MEMORY;
+			}
+		    }
+		    if (rc == 0) {
+			memcpy(imaEvent->template_data, *buffer, imaEvent->template_data_len);
+		    }
+		}
+	    }
+	    /* move the buffer even if getTemplate is false */
+	    if (rc == 0) {
+		*buffer += imaEvent->template_data_len;
+		*length -= imaEvent->template_data_len;
+	    }
+	}
+    }
+    return rc;
+}
+
+/* IMA_TemplateName_Parse() parses the template name and registers the template data callbacks */
+
+static uint32_t IMA_TemplateName_Parse(TemplateDataParseFunction_t templateDataParseFunctions[],
+				       size_t templateDataParseFunctionsSize,
+				       ImaEvent *imaEvent)
+{
+    uint32_t 	rc = 0;
+    size_t	i;
+    
+    /* initialize all the function pointers to NULL */
+    for (i = 0 ; (rc == 0) && (i < templateDataParseFunctionsSize) ; i++) {
+	templateDataParseFunctions[i] = NULL;
+    }
+    /* parse the name into the callback structure */
+    if (rc == 0) {
+	switch (imaEvent->nameInt) {
+	    /* these are the pre-defined formats */
+	  case IMA_FORMAT_IMA_NG:
+	    /* d-ng | n-ng */
+	    templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseDNG;
+	    templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG;
+	    break;
+	  case IMA_FORMAT_IMA_SIG:
+	    /* d-ng | n-ng | sig */
+	    templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseDNG;
+	    templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG;
+	    templateDataParseFunctions[2] = (TemplateDataParseFunction_t)IMA_ParseSIG;
+	    break;
+	  case IMA_FORMAT_IMA:
+	    templateDataParseFunctions[0] = (TemplateDataParseFunction_t)IMA_ParseD;
+	    templateDataParseFunctions[1] = (TemplateDataParseFunction_t)IMA_ParseNNG;
+	    break;
+	    /* these are potentially the custom templates */
+	  default:
+	    rc = IMA_TemplateName_ParseCustom(templateDataParseFunctions,
+					      templateDataParseFunctionsSize,
+					      imaEvent);
+	}	    
+    }
+    return rc;
+}
+
+/* the mapping between a format string and the template data parse function */
+
+typedef struct {
+    const char *formatString;
+    TemplateDataParseFunction_t parseFunction;
+} ImaFormatMap; 
+
+static ImaFormatMap imaFormatMap[] = {
+    {"d", (TemplateDataParseFunction_t)IMA_ParseD},
+    {"n", (TemplateDataParseFunction_t)IMA_ParseNNG},
+    {"d-ng", (TemplateDataParseFunction_t)IMA_ParseDNG},
+    {"n-ng", (TemplateDataParseFunction_t)IMA_ParseNNG},
+    {"sig", (TemplateDataParseFunction_t)IMA_ParseSIG}
+};
+	 
+static uint32_t
+IMA_TemplateName_ParseCustom(TemplateDataParseFunction_t templateDataParseFunctions[],
+			     size_t templateDataParseFunctionsSize,
+			     ImaEvent *imaEvent)
+{
+    uint32_t 	rc = 0;
+    size_t	i;		/* index into templateDataParseFunctions table */
+    size_t	j;		/* index into imaFormatMap table */
+    char 	*startName;
+    char	*endName;
+    char 	templateName[TCG_EVENT_NAME_LEN_MAX + 1];	/* one | separated item with nul */
+
+    /* parse the custom templates */
+    strcpy(templateName, imaEvent->name);	/* modify'able */
+    startName = templateName;
+
+    for (i = 0 ; (rc == 0) && (i < templateDataParseFunctionsSize) ; i++) {
+	endName = strchr(startName, '|');
+	if (endName != NULL) {	/* found a | character */
+	    *endName = '\0';	/* nul terminate the next format string */
+	}
+	printf("item %lu : %s\n", (unsigned long)i, startName);
+	/* search the table for the format string */
+	for (j = 0 ; j < (sizeof(imaFormatMap) / sizeof(ImaFormatMap)) ; j++) {
+	    int irc;
+	    irc = strcmp(startName, imaFormatMap[j].formatString);
+	    if (irc == 0) {
+		templateDataParseFunctions[i] = imaFormatMap[j].parseFunction;
+	    }
+	}
+	/* if no format string found */
+	if (templateDataParseFunctions[i] == NULL) {
+	    printf("ERROR: IMA_TemplateName_ParseCustom: unknown format string %s\n",
+		   startName);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+	/* if found an item, move the pointer */
+	if (rc == 0) {
+	    startName = endName + 1;
+	}
+	if (endName == NULL) {	/* no | character, last entry */
+	    break;
+	}
+    }
+    return rc;
+}
+
+/*
+  template data callbacks
+*/
+
+/* IMA_ParseD() parses a d : digest (no length or algorithm) */
+
+static uint32_t IMA_ParseD(ImaTemplateData	*imaTemplateData,
+			   uint8_t 		**buffer,
+			   size_t 		*length,
+			   int 			littleEndian)
+{
+    uint32_t 	rc = 0;
+    littleEndian = littleEndian;	/* unised */
+    /* fileDataHash */
+    if (rc == 0) {
+	/* bounds check the length */
+	if (*length < SHA1_DIGEST_SIZE) {
+	    printf("ERROR: IMA_ParseD: buffer too small for file data hash\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    imaTemplateData->fileDataHashLength = SHA1_DIGEST_SIZE;
+	    memcpy(&(imaTemplateData->fileDataHash), *buffer, SHA1_DIGEST_SIZE);
+	    *buffer += SHA1_DIGEST_SIZE;
+	    *length -= SHA1_DIGEST_SIZE;
+	}
+    }
+    return rc;
+}
+
+/* IMA_ParseDNG parses a d-ng : hash length + hash algorithm string + digest */
+
+static uint32_t IMA_ParseDNG(ImaTemplateData	*imaTemplateData,
+			     uint8_t 		**buffer,
+			     size_t 		*length,
+			     int 		littleEndian)
+{
+    uint32_t 	rc = 0;
+    size_t 	hashAlgSize;
+    /* read the hash length, algorithm + hash */
+    if (rc == 0) {
+	/* bounds check the length */
+	if (*length < sizeof(uint32_t)) {
+	    printf("ERROR: IMA_ParseDNG: buffer too small for hash length\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    imaTemplateData->hashLength = IMA_Uint32_Convert(*buffer, littleEndian);
+	    *buffer += sizeof(uint32_t);
+	    *length -= sizeof(uint32_t);
+	}
+    }
+    /* read the hash algorithm, nul terminated string */
+    if (rc == 0) {
+    	/* NUL terminate first */
+	memset(imaTemplateData->hashAlg, 0, sizeof(((ImaTemplateData *)NULL)->hashAlg));
+	rc = IMA_Strn2cpy(imaTemplateData->hashAlg, *buffer,
+			  sizeof(((ImaTemplateData *)NULL)->hashAlg),	/* destLength */
+			  imaTemplateData->hashLength);			/* srcLength */
+	if (rc != 0) {
+	    printf("ERROR: IMA_ParseDNG: buffer too small for hash algorithm\n"
+		   "\tor hash algorithm exceeds maximum size\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    hashAlgSize = strlen(imaTemplateData->hashAlg) + 1;
+	    *buffer += hashAlgSize;
+	    *length -= hashAlgSize;
+	}
+    }
+    /* fileDataHashLength */
+    if (rc == 0) {
+	if (strcmp(imaTemplateData->hashAlg, "sha1:") == 0) {
+	    imaTemplateData->fileDataHashLength = SHA1_DIGEST_SIZE;
+	    imaTemplateData->hashAlgId = TPM_ALG_SHA1;
+	}
+	else if (strcmp(imaTemplateData->hashAlg, "sha256:") == 0) {
+	    imaTemplateData->fileDataHashLength = SHA256_DIGEST_SIZE;
+	    imaTemplateData->hashAlgId = TPM_ALG_SHA256;
+	}
+	else {
+	    printf("ERROR: IMA_ParseDNG: Unknown file data hash algorithm: %s\n",
+		   imaTemplateData->hashAlg);
+	    rc = TSS_RC_BAD_HASH_ALGORITHM;
+	}
+    }
+    /* consistency check hashLength vs contents */
+    if (rc == 0) {
+	if ((hashAlgSize + imaTemplateData->fileDataHashLength) != imaTemplateData->hashLength) {
+	    printf("ERROR: IMA_ParseDNG: "
+		   "hashLength %u inconsistent with hashAlgSize %lu and fileDataHashLength %u\n",
+		   imaTemplateData->hashLength, (unsigned long)hashAlgSize,
+		   imaTemplateData->fileDataHashLength);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* fileDataHash */
+    if (rc == 0) {
+	/* bounds check the length */
+	if (*length < imaTemplateData->fileDataHashLength) {
+	    printf("ERROR: IMA_ParseDNG: buffer too small for file data hash\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else if (imaTemplateData->fileDataHashLength >
+		 sizeof(((ImaTemplateData *)NULL)->fileDataHash)) {
+	    printf("ERROR: IMA_ParseDNG: "
+		   "file data hash length exceeds maximum size\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	} 
+	else {
+	    memcpy(&(imaTemplateData->fileDataHash), *buffer, imaTemplateData->fileDataHashLength);
+	    *buffer += imaTemplateData->fileDataHashLength;
+	    *length -= imaTemplateData->fileDataHashLength;
+	}
+    }
+    return rc;
+}
+
+/* IMA_ParseNNG() parses a n-ng : length + filename */
+
+static uint32_t IMA_ParseNNG(ImaTemplateData	*imaTemplateData,
+			     uint8_t 		**buffer,
+			     size_t 		*length,
+			     int 		littleEndian)
+{
+    uint32_t 	rc = 0;
+    /* fileNameLength (length includes the nul terminator) */
+    if (rc == 0) {
+	/* bounds check the length */
+	if (*length < sizeof(uint32_t)) {
+	    printf("ERROR: IMA_ParseNNG: buffer too small for file name length\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    imaTemplateData->fileNameLength = IMA_Uint32_Convert(*buffer, littleEndian);
+	    *buffer += sizeof(uint32_t);
+	    *length -= sizeof(uint32_t);
+	}
+    }
+    /* fileName */
+    if (rc == 0) {
+	/* bounds check the length */
+	if (*length < imaTemplateData->fileNameLength) {
+	    printf("ERROR: IMA_ParseNNG: buffer too small for file name\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	/* leave one byte for the nul terminator */
+	else if (imaTemplateData->fileNameLength > (sizeof(imaTemplateData->fileName)-1)) {
+	    printf("ERROR: IMA_ParseNNG: file name length exceeds maximum size\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    memcpy(&(imaTemplateData->fileName), *buffer, imaTemplateData->fileNameLength);
+	    /* ima template does not nul terminate the file name */
+	    imaTemplateData->fileName[imaTemplateData->fileNameLength] = '\0';
+	    *buffer += imaTemplateData->fileNameLength;
+	    *length -= imaTemplateData->fileNameLength;
+	}
+    }    return rc;
+}
+
+/* IMA_ParseSIG() parses a sig : signature header + signature */
+
+static uint32_t IMA_ParseSIG(ImaTemplateData	*imaTemplateData,
+			     uint8_t 		**buffer,
+			     size_t 		*length,
+			     int 		littleEndian)
+{
+    uint32_t 	rc = 0;
+    /* sigLength */
+    if (rc == 0) {
+	/* bounds check the length */
+	if (*length < sizeof(uint32_t)) {
+	    printf("ERROR: IMA_ParseSIG: "
+		   "buffer too small for signature length\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    imaTemplateData->sigLength = IMA_Uint32_Convert(*buffer, littleEndian);
+	    *buffer += sizeof(uint32_t);
+	    *length -= sizeof(uint32_t);
+	}
+    }
+    /* sigHeader - only parsed if its length is not zero */
+    if (imaTemplateData->sigLength != 0) {
+	if (rc == 0) {
+	    imaTemplateData->sigHeaderLength = sizeof((ImaTemplateData *)NULL)->sigHeader;
+	    /* bounds check the length */
+	    if (*length < imaTemplateData->sigHeaderLength) {
+		printf("ERROR: IMA_ParseSIG: "
+		       "buffer too small for signature header\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		memcpy(&(imaTemplateData->sigHeader), *buffer,
+		       imaTemplateData->sigHeaderLength);
+		*buffer += imaTemplateData->sigHeaderLength;
+		*length -= imaTemplateData->sigHeaderLength;
+	    }
+	}
+	/* get signature length from last two bytes */
+	if (rc == 0) {
+	    /* magic number for offset: type(1) version(1) hash alg (1) pubkey id (4) */
+	    imaTemplateData->signatureSize =
+		ntohs(*(uint16_t *)(imaTemplateData->sigHeader + 7));
+	}
+	/* consistency check signature header contents */
+	if (rc == 0) {
+	    int goodHashAlgo = (((imaTemplateData->sigHeader[2] == HASH_ALGO_SHA1) &&
+				 (imaTemplateData->hashAlgId == TPM_ALG_SHA1)) ||
+				((imaTemplateData->sigHeader[2] == HASH_ALGO_SHA256) &&
+				 (imaTemplateData->hashAlgId == TPM_ALG_SHA256)));
+	    int goodSigSize = ((imaTemplateData->signatureSize == 128) ||
+			       (imaTemplateData->signatureSize == 256));
+	    /* xattr type */
+	    if (
+		(imaTemplateData->sigHeader[0] != EVM_IMA_XATTR_DIGSIG) || /* [0] type */
+		(imaTemplateData->sigHeader[1] != 2) ||		/* [1] version */
+		!goodHashAlgo ||				/* [2] hash algorithm */
+		/* [3]-[6] are the public key fingerprint.  Any value is legal. */
+		!goodSigSize 					/* [7][8] sig size */
+		) {
+		printf("ERROR: IMA_ParseSIG: invalid sigHeader\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	/* signature */
+	if (rc == 0) {
+	    /* bounds check the length */
+	    if (*length < imaTemplateData->signatureSize) {
+		printf("ERROR: IMA_ParseSIG: "
+		       "buffer too small for signature \n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    /* sanity check the signatureSize against the sigLength */
+	    else if (imaTemplateData->sigLength !=
+		     (sizeof((ImaTemplateData *)NULL)->sigHeader +
+		      imaTemplateData->signatureSize)) {
+		printf("ERROR: IMA_ParseSIG: "
+		       "sigLength inconsistent with signatureSize\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	    else {
+		memcpy(&(imaTemplateData->signature), *buffer,
+		       imaTemplateData->signatureSize);
+		*buffer += imaTemplateData->signatureSize;
+		*length -= imaTemplateData->signatureSize;
+	    }
+	}
+    }
+    return rc;
+}
+
+/* IMA_TemplateData_ReadBuffer() unmarshals the template data fields from the template data byte
+   array.
+
+*/
+
+uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData,
+				     ImaEvent *imaEvent,
+				     int littleEndian)
+{
+    uint32_t 	rc = 0;
+    size_t 	length = imaEvent->template_data_len;
+    uint8_t 	*buffer = imaEvent->template_data;
+    TemplateDataParseFunction_t templateDataParseFunctions[IMA_PARSE_FUNCTIONS_MAX];
+    size_t	i;
+
+    /* initialize all fields, since not all fields are included in all templates */
+    if (rc == 0) {
+	imaTemplateData->hashLength = 0;
+	imaTemplateData->fileDataHashLength = 0;
+	imaTemplateData->fileNameLength = 0;
+	imaTemplateData->fileName[0] = '\0';
+	imaTemplateData->sigLength = 0;
+	imaTemplateData->sigHeaderLength = 0;
+	imaTemplateData->signatureSize = 0;
+    }
+    if (rc == 0) {
+	rc = IMA_TemplateName_Parse(templateDataParseFunctions, IMA_PARSE_FUNCTIONS_MAX,
+				    imaEvent);	
+    }
+    for (i = 0 ; (rc == 0) && (templateDataParseFunctions[i] != NULL) ; i++) {
+	rc = templateDataParseFunctions[i](imaTemplateData, &buffer, &length, littleEndian);
+    }
+    /* length should now be zero */
+    if (rc == 0) {
+	if (length != 0) {
+	    printf("ERROR: IMA_TemplateData_ReadBuffer: "
+		   "buffer too large (bytes remaining after unmarshaling)\n");
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }    
+    return rc;
+}
+
+/* IMA_Event_Write() writes an event line to a binary file outFile.
+
+   The write is always big endian, network byte order.
+*/
+
+uint32_t IMA_Event_Write(ImaEvent *imaEvent,
+			 FILE *outFile)
+{
+    int rc = 0;
+    size_t writeSize;
+    uint32_t nbo32;	/* network byte order */
+
+    if (rc == 0) {
+	/* do the endian conversion */
+	nbo32 = htonl(imaEvent->pcrIndex);
+	/* write the IMA pcr index */
+	writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile);
+	if (writeSize != 1) {
+	    printf("ERROR: IMA_Event_Write: could not write pcrIndex, returned %lu\n",
+		   (unsigned long)writeSize);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    /* write the IMA digest, name length */
+    if (rc == 0) {
+	writeSize = fwrite(&(imaEvent->digest), sizeof(((ImaEvent *)NULL)->digest), 1, outFile);
+	if (writeSize != 1) {
+	    printf("ERROR: IMA_Event_Write: could not write digest, returned %lu\n",
+		   (unsigned long)writeSize);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    /* write the IMA name length */
+    if (rc == 0) {
+	/* do the endian conversion */
+	nbo32 = htonl(imaEvent->name_len);
+	/* write the IMA name length */
+	writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile);
+	if (writeSize != 1) {
+	    printf("ERROR: IMA_Event_Write: could not write name length, returned %lu\n",
+		   (unsigned long)writeSize);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    /* write the name */
+    if (rc == 0) {
+	writeSize = fwrite(&(imaEvent->name), imaEvent->name_len, 1, outFile);
+	if (writeSize != 1) {
+	    printf("ERROR: IMA_Event_Write: could not write name, returned %lu\n",
+		   (unsigned long)writeSize);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    /* write the template data length */
+    if (rc == 0) {
+	/* do the endian conversion */
+	nbo32 = htonl(imaEvent->template_data_len);
+	/* write the IMA template data length */
+	writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile);
+	if (writeSize != 1) {
+	    printf("ERROR: IMA_Event_Write: could not template data length , returned %lu\n",
+		   (unsigned long)writeSize);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    /* write the template data */
+    if (rc == 0) {
+	writeSize = fwrite(&(imaEvent->template_data), imaEvent->template_data_len, 1, outFile);
+	if (writeSize != 1) {
+	    printf("ERROR: IMA_Event_Write: could not write template data, returned %lu\n",
+		   (unsigned long)writeSize);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    return rc;
+}
+
+/* IMA_Extend() extends the event into the imaPcr.
+
+   An IMA quirk is that, if the event is all zero, all ones is extended into the SHA-1 bank.  Since
+   the SHA-256 bank currently gets the SHA-1 value zero extended, it will get 20 ff's and 12 00's.
+
+   halg indicates whether to calculate the digest for the SHA-1 or SHA-256 PCR bank.  The IMA event
+   log itself is always SHA-1.
+
+   This function assumes that the same hash algorithm / PCR bank is used for all calls.
+*/
+
+uint32_t IMA_Extend(TPMT_HA *imapcr,
+		    ImaEvent *imaEvent,
+		    TPMI_ALG_HASH hashAlg)
+{
+    uint32_t 		rc = 0;
+    uint16_t		digestSize;
+    uint16_t		zeroPad;
+    int 		notAllZero;
+    unsigned char zeroDigest[SHA256_DIGEST_SIZE];
+    unsigned char oneDigest[SHA256_DIGEST_SIZE];
+
+    /* FIXME sanity check TPM_IMA_PCR imaEvent->pcrIndex */
+    
+    /* extend based on the previous IMA PCR value */
+    if (rc == 0) {
+	memset(zeroDigest, 0, SHA256_DIGEST_SIZE);
+	memset(oneDigest, 0xff, SHA256_DIGEST_SIZE);
+	if (hashAlg == TPM_ALG_SHA1) {
+	    digestSize = SHA1_DIGEST_SIZE;
+	    zeroPad = 0;
+	}
+	else if (hashAlg == TPM_ALG_SHA256) {
+	    digestSize = SHA256_DIGEST_SIZE;
+	    /* pad the SHA-1 event with zeros for the SHA-256 bank */
+	    zeroPad = SHA256_DIGEST_SIZE - SHA1_DIGEST_SIZE;
+	}
+	else {
+	    printf("ERROR: IMA_Extend: Unsupported hash algorithm: %04x\n", hashAlg);
+	    rc = TSS_RC_BAD_HASH_ALGORITHM;
+	}
+    }
+    if (rc == 0) {
+	notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE);
+	imapcr->hashAlg = hashAlg;
+#if 1
+	TSS_PrintAll("IMA_Extend: Start PCR", (uint8_t *)&imapcr->digest, digestSize);
+	TSS_PrintAll("IMA_Extend: SHA-256 Pad", zeroDigest, zeroPad);
+#endif
+	if (notAllZero) {
+	    TSS_PrintAll("IMA_Extend: Extend", (uint8_t *)&imaEvent->digest, SHA1_DIGEST_SIZE);
+	    rc = TSS_Hash_Generate(imapcr,
+				   digestSize, (uint8_t *)&imapcr->digest,
+				   SHA1_DIGEST_SIZE, &imaEvent->digest,
+				   /* SHA-1 PCR extend gets zero padded */
+				   zeroPad, zeroDigest,
+				   0, NULL);
+#if 1
+	    TSS_PrintAll("IMA_Extend: notAllZero End PCR",
+			 (uint8_t *)&imapcr->digest, digestSize);
+#endif
+	}
+	/* IMA has a quirk where, when it places all all zero digest into the measurement log, it
+	   extends all ones into IMA PCR */
+	else {
+	    TSS_PrintAll("IMA_Extend: Extend", (uint8_t *)oneDigest, SHA1_DIGEST_SIZE);
+	    rc = TSS_Hash_Generate(imapcr,
+				   digestSize, (uint8_t *)&imapcr->digest,
+				   SHA1_DIGEST_SIZE, oneDigest,
+				   /* SHA-1 gets zero padded */
+				   zeroPad, zeroDigest,
+				   0, NULL);
+#if 1
+	    TSS_PrintAll("IMA_Extend: allZero End PCR",
+			 (uint8_t *)&imapcr->digest, digestSize);
+#endif
+	}
+    }
+    if (rc != 0) {
+	printf("ERROR: IMA_Extend: could not extend imapcr, rc %08x\n", rc);
+    }
+    return rc;
+}
+
+/* IMA_VerifyImaDigest() verifies the IMA digest against the hash of the template data.
+
+   This handles the SHA-1 IMA event log.
+*/
+
+uint32_t IMA_VerifyImaDigest(uint32_t *badEvent, /* TRUE if hash does not match */
+			     ImaEvent *imaEvent, /* the current IMA event being processed */
+			     int eventNum)	 /* the current IMA event number being processed */
+{
+    uint32_t 	rc = 0;
+    int		irc;
+    TPMT_HA 	calculatedImaDigest;
+    
+    /* calculate the hash of the template data */
+    if (rc == 0) {
+	calculatedImaDigest.hashAlg = TPM_ALG_SHA1;
+	/* standard case, hash of entire template data */
+	if (imaEvent->nameInt != IMA_FORMAT_IMA) {
+	    rc = TSS_Hash_Generate(&calculatedImaDigest,
+				   imaEvent->template_data_len, imaEvent->template_data,
+				   0, NULL);
+	}
+	/* special case of "ima" template, hash of File Data Hash || File Name padded with zeros to
+	   256 bytes */
+	else {
+	    ImaTemplateData imaTemplateData;
+	    int zeroPadLength;
+	    uint8_t zeroPad[256];
+	    if (rc == 0) {
+		rc = IMA_TemplateData_ReadBuffer(&imaTemplateData,
+						 imaEvent,
+						 TRUE);	/* FIXME littleEndian */
+	    }
+	    if (rc == 0) {
+		if (imaTemplateData.fileNameLength > sizeof(zeroPad)) {
+		    printf("ERROR: IMA_VerifyImaDigest: ima template file name length %lu > %lu\n",
+			   (unsigned long)imaTemplateData.fileNameLength,
+			   (unsigned long)sizeof(zeroPad));
+		    rc = TSS_RC_INSUFFICIENT_BUFFER;
+		}
+	    }
+	    if (rc == 0) {
+		memset(zeroPad, 0, sizeof(zeroPad));
+		/* subtract safe after above length check */
+		zeroPadLength = sizeof(zeroPad) - imaTemplateData.fileNameLength;
+	    }		
+	    if (rc == 0) {
+		rc = TSS_Hash_Generate(&calculatedImaDigest,
+				       SHA1_DIGEST_SIZE, &imaTemplateData.fileDataHash,
+				       imaTemplateData.fileNameLength, &imaTemplateData.fileName,
+				       zeroPadLength, zeroPad,
+				       0, NULL);
+	    }
+	}
+    }
+    /* compare the calculated hash to the event digest received from the client */
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("IMA_VerifyImaDigest: Received IMA digest",
+				   imaEvent->digest, SHA1_DIGEST_SIZE);
+	if (tssUtilsVerbose) TSS_PrintAll("IMA_VerifyImaDigest: Calculated IMA digest",
+				   (uint8_t *)&calculatedImaDigest.digest, SHA1_DIGEST_SIZE);
+
+	irc = memcmp(imaEvent->digest, &calculatedImaDigest.digest, SHA1_DIGEST_SIZE);
+	if (irc == 0) {
+	    if (tssUtilsVerbose) printf("IMA_VerifyImaDigest: IMA digest verified, event %u\n", eventNum);
+	    *badEvent = FALSE;
+	}
+	else {
+	    printf("ERROR: IMA_VerifyImaDigest: IMA digest did not verify, event %u\n",
+		   eventNum);
+	    *badEvent = TRUE;
+	}
+    }
+    return rc;
+}
+
+/* IMA_Uint32_Convert() converts a uint8_t (from an input stream) to host byte order
+ */
+
+static uint32_t IMA_Uint32_Convert(const uint8_t *stream,
+				   int littleEndian)
+{
+    uint32_t out = 0;
+
+    /* little endian input */
+    if (littleEndian) {
+	out = (stream[0] <<  0) |
+	      (stream[1] <<  8) |
+	      (stream[2] << 16) |
+	      (stream[3] << 24);
+    }
+    /* big endian input */
+    else {
+	out = (stream[0] << 24) |
+	      (stream[1] << 16) |
+	      (stream[2] <<  8) |
+	      (stream[3] <<  0);
+    }
+    return out;
+}
+
+/* IMA_Strn2cpy() copies src to dest, including a NUL terminator
+
+   It checks that src is nul terminated within srcLength bytes.
+   It checks that src fits into dest within destLength bytes
+
+   Returns error if either the src is not nul terminated or will not fit in dest.
+*/
+
+static uint32_t IMA_Strn2cpy(char *dest, const uint8_t *src,
+			     size_t destLength, size_t srcLength)
+{
+    uint32_t rc = 0;
+    int done = 0;
+    
+    while ((destLength > 0) && (srcLength > 0)) {
+	*dest = *src;
+	if (*dest == '\0') {
+	    done = 1;
+	    break;
+	}
+	else {
+	    dest++;
+	    src++;
+	    destLength--;
+	    srcLength--;
+	}
+    }
+    if (!done) {
+	rc = TSS_RC_INSUFFICIENT_BUFFER;
+    }
+    return rc;
+}
+
+/* IMA_Event_Marshal() marshals an ImaEvent structure */
+
+TPM_RC IMA_Event_Marshal(ImaEvent *source,
+			 uint16_t *written, uint8_t **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->digest, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->name_len, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu((uint8_t *)source->name, source->name_len, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->template_data_len, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->template_data, source->template_data_len,
+			       written, buffer, size);
+    }
+    return rc;
+}
+
+/* IMA_Event_PcrExtend() extends PCR digests with the digest from the ImaEvent event log
+   entry.
+
+   Bank 0 is SHA-1.  Bank 1 is SHA-256.
+
+   The function supports all PCRs, even though the PCRs are limited in practice.
+
+*/
+
+uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
+			     ImaEvent *imaEvent)
+{
+    TPM_RC 		rc = 0;
+    uint8_t		eventData[SHA256_DIGEST_SIZE];
+    
+    /* validate PCR number */
+    if (rc == 0) {
+	if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
+	    printf("ERROR: IMA_Event_PcrExtend: PCR number %u %08x out of range\n",
+		   imaEvent->pcrIndex, imaEvent->pcrIndex);
+	    rc = TSS_RC_BAD_PROPERTY;
+	}
+    }
+    /* process each event hash algorithm */
+    if (rc == 0) {
+	unsigned char 	zeroDigest[SHA1_DIGEST_SIZE];
+	int 		notAllZero;
+	memset(zeroDigest, 0, SHA1_DIGEST_SIZE);
+	notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE);
+	/* for the SHA-256 zero extend */
+	memset(eventData, 0, SHA256_DIGEST_SIZE);
+	
+	/* IMA has a quirk where some measurements store a zero digest in the event log, but
+	   extend ones into PCR 10 */
+	if (notAllZero) {
+	    memcpy(eventData, imaEvent->digest, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    memset(eventData, 0xff, SHA1_DIGEST_SIZE);
+	}
+    }
+    /* SHA-1 */
+    if (rc == 0) {
+	rc = TSS_Hash_Generate(&pcrs[0][imaEvent->pcrIndex],
+			       SHA1_DIGEST_SIZE,
+			       (uint8_t *)&pcrs[0][imaEvent->pcrIndex].digest,
+			       SHA1_DIGEST_SIZE,
+			       eventData,
+			       0, NULL);
+    }
+    /* SHA-256 */
+    if (rc == 0) {
+	rc = TSS_Hash_Generate(&pcrs[1][imaEvent->pcrIndex],
+			       SHA256_DIGEST_SIZE,
+			       (uint8_t *)&pcrs[1][imaEvent->pcrIndex].digest,
+			       SHA256_DIGEST_SIZE,
+			       eventData,
+			       0, NULL);
+    }
+    return rc;
+}
+
+#if 0
+/* IMA_Event_ToString() converts the ImaEvent structure to a hexascii string, big endian. */
+
+uint32_t IMA_Event_ToString(char **eventString,	/* freed by caller */
+			    ImaEvent *imaEvent)
+{
+    int 	rc = 0;
+    size_t	length;
+    
+    /* calculate size of string, from ImaEvent structure */
+    if (rc == 0) {
+	length = ((sizeof(uint32_t) + SHA1_DIGEST_SIZE + sizeof(uint32_t) +
+		   TCG_EVENT_NAME_LEN_MAX + 1 + sizeof(uint32_t) +
+		   imaEvent->template_data_len) * 2) + 1;
+    }
+    if (rc == 0) {
+	*eventString = malloc(length);
+	if (*eventString == NULL) {
+	    printf("ERROR: IMA_Event_ToString: error allocating %lu bytes\n", length);
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	memset(*eventString, '\0', length);
+	char *p = *eventString;
+
+	sprintf(p, "%08lx", (long unsigned int)imaEvent->pcrIndex);
+	p += sizeof(uint32_t)* 2;
+
+	Array_Print(p, NULL, imaEvent->digest, SHA1_DIGEST_SIZE);
+	p += SHA1_DIGEST_SIZE * 2;
+
+	sprintf(p, "%08lx", (long unsigned int)imaEvent->name_len);
+	p += sizeof(uint32_t) * 2;
+
+	Array_Print(p, NULL, FALSE, (uint8_t *)imaEvent->name, imaEvent->name_len);
+	p += imaEvent->name_len * 2;
+
+	sprintf(p, "%08lx", (long unsigned int)imaEvent->template_data_len);
+	p += sizeof(uint32_t) * 2;
+
+	Array_Print(p, NULL, FALSE, imaEvent->template_data, imaEvent->template_data_len);
+	p += imaEvent->template_data_len * 2;
+	/* printf("IMA_Event_ToString: result\n:%s:\n", *eventString); */
+    }
+    return rc;
+}
+
+#endif
+
diff --git a/utils/imalib.h b/utils/imalib.h
new file mode 100644
index 000000000..643c53a78
--- /dev/null
+++ b/utils/imalib.h
@@ -0,0 +1,182 @@
+/********************************************************************************/
+/*										*/
+/*			     	IMA Routines					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef IMA_H
+#define IMA_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <sys/param.h>
+
+#include <ibmtss/TPM_Types.h>
+
+/* Debian/Hurd does not define MAXPATHLEN */
+#ifndef MAXPATHLEN
+#define MAXPATHLEN 4096
+#endif
+
+#define IMA_PCR 		10
+/* IMA currently supports only SHA-1 and SHA-256 */
+#define IMA_PCR_BANKS		2
+
+/* FIXME need verification */
+#define TCG_EVENT_NAME_LEN_MAX	255
+
+#define TCG_TEMPLATE_DATA_LEN_MAX				\
+sizeof(uint32_t) +		/* hash length */		\
+65 +				/* hash algorithm as text */	\
+32 +				/* file data hash */		\
+sizeof(uint32_t) +	 	/* file name length */		\
+MAXPATHLEN+1 +			/* file name */			\
+sizeof(uint32_t) +		/* signature length */		\
+32 + 256			/* signature */
+
+/* from security/integrity/integrity.h: */
+
+enum evm_ima_xattr_type {
+    IMA_XATTR_DIGEST = 0x01,
+    EVM_XATTR_HMAC,
+    EVM_IMA_XATTR_DIGSIG,
+    IMA_XATTR_DIGEST_NG,
+    IMA_XATTR_LAST
+};
+
+/* from include/uapi/linux/hash_info.h: */
+
+enum hash_algo {
+    HASH_ALGO_MD4,
+    HASH_ALGO_MD5,
+    HASH_ALGO_SHA1,
+    HASH_ALGO_RIPE_MD_160,
+    HASH_ALGO_SHA256,
+    HASH_ALGO_SHA384,
+    HASH_ALGO_SHA512,
+    HASH_ALGO_SHA224,
+    HASH_ALGO_RIPE_MD_128,
+    HASH_ALGO_RIPE_MD_256,
+    HASH_ALGO_RIPE_MD_320,
+    HASH_ALGO_WP_256,
+    HASH_ALGO_WP_384,
+    HASH_ALGO_WP_512,
+    HASH_ALGO_TGR_128,
+    HASH_ALGO_TGR_160,
+    HASH_ALGO_TGR_192,
+    HASH_ALGO__LAST
+};
+
+#define IMA_UNSUPPORTED	0
+#define IMA_FORMAT_IMA_NG	1
+#define IMA_FORMAT_IMA_SIG	2
+#define IMA_FORMAT_IMA		3
+
+//typedef TPM_DIGEST TPM_PCRVALUE;        	/* The value inside of the PCR */
+
+typedef struct ImaEvent {
+    uint32_t pcrIndex;
+    uint8_t digest[SHA1_DIGEST_SIZE];		/* IMA hard coded to SHA-1 */
+    uint32_t name_len;
+    char name[TCG_EVENT_NAME_LEN_MAX + 1];
+    unsigned int nameInt;			/* integer for template data handler */
+    struct ima_template_desc *template_desc; 	/* template descriptor */
+    uint32_t template_data_len;
+    uint8_t *template_data;			/* template related data */
+} ImaEvent;
+
+typedef struct ImaTemplateData {
+    uint32_t hashLength;
+    char hashAlg[64+1];		/* FIXME need verification */
+    TPMI_ALG_HASH hashAlgId;
+    uint32_t fileDataHashLength;
+    uint8_t fileDataHash[SHA256_DIGEST_SIZE];
+    uint32_t fileNameLength;
+    uint8_t fileName[MAXPATHLEN+1];
+    uint32_t sigLength;
+    uint32_t sigHeaderLength;
+    uint8_t sigHeader[9];	/* FIXME need verification, length and contents */
+    uint16_t signatureSize;
+    uint8_t signature[256];	/* FIXME need verification */
+} ImaTemplateData;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    void IMA_Event_Init(ImaEvent *imaEvent);
+    void IMA_Event_Free(ImaEvent *imaEvent);
+    void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate);
+    void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData,
+				unsigned int nameInt);
+    uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent,
+				int *endOfFile,
+				FILE *infile,
+				int littleEndian);
+    uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent,
+				  size_t *length,
+				  uint8_t **buffer,
+				  int *endOfBuffer,
+				  int littleEndian,
+				  int getTemplate);
+    uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData,
+					 ImaEvent *imaEvent,
+					 int littleEndian);
+    uint32_t IMA_Event_Write(ImaEvent *imaEvent,
+			     FILE *outFile);
+    uint32_t IMA_Extend(TPMT_HA *imapcr,
+			ImaEvent *imaEvent,
+			TPMI_ALG_HASH hashAlg);
+    uint32_t IMA_VerifyImaDigest(uint32_t *badEvent,
+				 ImaEvent *imaEvent,
+				 int eventNum);
+    TPM_RC IMA_Event_Marshal(ImaEvent *source,
+			     uint16_t *written, uint8_t **buffer, uint32_t *size);
+
+    uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
+				 ImaEvent *imaEvent);
+#if 0
+    uint32_t IMA_Event_ToString(char **eventString,
+				ImaEvent *imaEvent);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/import.c b/utils/import.c
new file mode 100644
index 000000000..1e82f166a
--- /dev/null
+++ b/utils/import.c
@@ -0,0 +1,377 @@
+/********************************************************************************/
+/*										*/
+/*			   Import		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Import_In 			in;
+    Import_Out 			out;
+    TPMI_DH_OBJECT		parentHandle = 0;
+    const char			*parentPassword = NULL;
+    const char 			*encryptionKeyFilename = NULL;
+    const char			*objectPublicFilename = NULL;
+    const char			*duplicateFilename = NULL;
+    const char			*inSymSeedFilename = NULL;
+    const char			*outPrivateFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */
+    in.symmetricAlg.algorithm = TPM_ALG_NULL;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ik") == 0) {
+	    i++;
+	    if (i < argc) {
+		encryptionKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ik option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		objectPublicFilename = argv[i];
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-id") == 0) {
+	    i++;
+	    if (i < argc) {
+		duplicateFilename = argv[i];
+	    }
+	    else {
+		printf("-id option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-iss") == 0) {
+	    i++;
+	    if (i < argc) {
+		inSymSeedFilename = argv[i];
+	    }
+	    else {
+		printf("-iss option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"aes") == 0) {
+		    in.symmetricAlg.algorithm = TPM_ALG_AES;
+		    in.symmetricAlg.keyBits.aes = 128;
+		    in.symmetricAlg.mode.aes = TPM_ALG_CFB;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opr") == 0) {
+	    i++;
+	    if (i < argc) {
+		outPrivateFilename = argv[i];
+	    }
+	    else {
+		printf("-opr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((in.symmetricAlg.algorithm == TPM_ALG_NULL) &&
+	(encryptionKeyFilename != NULL)) {
+	printf("-ik needs -salg\n");
+	printUsage();
+    }
+    if ((in.symmetricAlg.algorithm != TPM_ALG_NULL) &&
+	(encryptionKeyFilename == NULL)) {
+	printf("-salg needs -ik\n");
+	printUsage();
+    }
+    if (parentHandle == 0) {
+	printf("Missing or bad object handle parameter -hp\n");
+	printUsage();
+    }
+    if (objectPublicFilename == NULL) {
+	printf("Missing parameter -ipu\n");
+	printUsage();
+    }
+    if (duplicateFilename == NULL) {
+	printf("Missing parameter -id\n");
+	printUsage();
+    }
+    if (inSymSeedFilename == NULL) {
+	printf("Missing parameter -iss\n");
+	printUsage();
+    }
+    if (outPrivateFilename  == NULL) {
+	printf("Missing parameter -opr\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+    }
+    /* optional symmetric encryption key */
+    if (rc == 0) {
+	if (encryptionKeyFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.encryptionKey.b,
+				 sizeof(in.encryptionKey.t.buffer),
+				 encryptionKeyFilename);
+	}
+	else {
+	    in.encryptionKey.t.size = 0;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructureFlag(&in.objectPublic,
+					(UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					FALSE,			/* NULL not permitted */
+					objectPublicFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.duplicate.b,
+			     sizeof(in.duplicate.t.buffer),
+			     duplicateFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.inSymSeed.b,
+			     sizeof(in.inSymSeed.t.secret),
+			     inSymSeedFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Import,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_File_WriteStructure(&out.outPrivate,
+				     (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal,
+				     outPrivateFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("import: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("import: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("import\n");
+    printf("\n");
+    printf("Runs TPM2_Import\n");
+    printf("\n");
+    printf("\t-hp\tparent handle\n");
+    printf("\t[-pwdp\tpassword for parent (default empty)]\n");
+    printf("\t[-ik\tencryption key in file name]\n");
+    printf("\t-ipu\tobject public area file name\n");
+    printf("\t-id\tduplicate file name\n");
+    printf("\t-iss\tsymmetric seed file name\n");
+    printf("\t[-salg\tsymmetric algorithm (default none)]\n");
+    printf("\t-opr\tprivate area file name\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/importpem.c b/utils/importpem.c
new file mode 100644
index 000000000..8d11967b2
--- /dev/null
+++ b/utils/importpem.c
@@ -0,0 +1,482 @@
+/********************************************************************************/
+/*										*/
+/*			   Import a PEM keypair 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* Use OpenSSL to create an RSA or ECC keypair like this
+
+   > openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048
+   > openssl ecparam -name prime256v1 -genkey -noout |
+	openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include "cryptoutils.h"
+#include "objecttemplates.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Import_In 			in;
+    Import_Out 			out;
+    TPMI_DH_OBJECT		parentHandle = 0;
+    const char			*parentPassword = NULL;
+    const char			*pemKeyFilename = NULL;
+    const char			*pemKeyPassword = "";	/* default empty password */
+    const char			*outPublicFilename = NULL;
+    const char			*outPrivateFilename = NULL;
+    const char			*policyFilename = NULL;
+    int				keyType = TYPE_SI;
+    uint32_t 			keyTypeSpecified = 0;
+    TPMI_ALG_SIG_SCHEME 	scheme = TPM_ALG_RSASSA;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    FILE 			*pemKeyFile = NULL;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ipem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	    scheme = TPM_ALG_ECDSA;
+	}
+	else if (strcmp(argv[i],"-scheme") == 0) {
+	    if (keyType == TYPE_SI) {
+		i++;
+		if (i < argc) {
+		    if (strcmp(argv[i],"rsassa") == 0) {
+			scheme = TPM_ALG_RSASSA;
+		    }
+		    else if (strcmp(argv[i],"rsapss") == 0) {
+			scheme = TPM_ALG_RSAPSS;
+		    }
+		    else {
+			printf("Bad parameter %s for -scheme\n", argv[i]);
+			printUsage();
+		    }
+		}
+	    }
+	    else {
+		printf("-scheme can only be specified for signing key\n");
+		printUsage();
+	    }
+        }
+	else if (strcmp(argv[i], "-st") == 0) {
+	    keyType = TYPE_ST;
+	    scheme = TPM_ALG_NULL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-den") == 0) {
+	    keyType = TYPE_DEN;
+	    scheme = TPM_ALG_NULL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-si") == 0) {
+	    keyType = TYPE_SI;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemKeyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opu") == 0) {
+	    i++;
+	    if (i < argc) {
+		outPublicFilename = argv[i];
+	    }
+	    else {
+		printf("-opu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opr") == 0) {
+	    i++;
+	    if (i < argc) {
+		outPrivateFilename = argv[i];
+	    }
+	    else {
+		printf("-opr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pol") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyFilename = argv[i];
+	    }
+	    else {
+		printf("-pol option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (parentHandle == 0) {
+	printf("Missing or bad object handle parameter -hp\n");
+	printUsage();
+    }
+    if (pemKeyFilename == NULL) {
+	printf("Missing parameter -ipem\n");
+	printUsage();
+    }
+    if (keyTypeSpecified > 1) {
+	printf("Too many key attributes\n");
+	printUsage();
+    }
+    if (outPublicFilename == NULL) {
+	printf("Missing parameter -opu\n");
+	printUsage();
+    }
+    if (outPrivateFilename == NULL) {
+	printf("Missing parameter -opr\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+	in.encryptionKey.t.size = 0;
+	in.inSymSeed.t.size = 0;
+	in.symmetricAlg.algorithm = TPM_ALG_NULL;
+    }
+    if (rc == 0) {
+	switch (algPublic) {
+	  case TPM_ALG_RSA:
+	    rc = convertRsaPemToKeyPair(&in.objectPublic,
+					&in.duplicate,
+					keyType,
+					scheme,
+					nalg,
+					halg,
+					pemKeyFilename,
+					pemKeyPassword);
+	    break;
+#ifndef TPM_TSS_NOECC
+	  case TPM_ALG_ECC:
+	    rc = convertEcPemToKeyPair(&in.objectPublic,
+				       &in.duplicate,
+				       keyType,
+				       scheme,
+				       nalg,
+				       halg,
+				       pemKeyFilename,
+				       pemKeyPassword);
+	    break;
+#endif	/* TPM_TSS_NOECC */
+	  default:
+	    printf("-rsa algorithm %04x not supported\n", algPublic);
+	    rc = TPM_RC_ASYMMETRIC;
+	}
+    }
+    /* instantiate optional policy */
+    if (rc == 0) {
+	rc = getPolicy(&in.objectPublic.publicArea, policyFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Import,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* output the TPM2B_PUBLIC */
+    if (rc == 0) {
+	rc = TSS_File_WriteStructure(&in.objectPublic,
+				     (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal,
+				     outPublicFilename);
+    }
+    /* output the TPM2B_PRIVATE, which is now wrapped by the parent */
+    if (rc == 0) {
+	rc = TSS_File_WriteStructure(&out.outPrivate,
+				     (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal,
+				     outPrivateFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("importpem: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("importpem: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    if (pemKeyFile != NULL) {
+	fclose(pemKeyFile);			/* @2 */
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("importpem\n");
+    printf("\n");
+    printf("Runs TPM2_Import for a PEM key\n");
+    printf("\n");
+    printf("\t-hp\tparent handle\n");
+    printf("\t[-pwdp\tpassword for parent (default empty)]\n");
+    printf("\t-ipem\tPEM format key pair\n");
+    printf("\n");
+    printf("\t[Asymmetric Key Algorithm]\n");
+    printf("\n");
+    printf("\t[-rsa\t(default)]\n");
+    printf("\t[-ecc\t]\n");
+    printf("\n");
+    printf("\t[-si\tsigning (default)]\n");
+    printf("\t[-scheme  signing scheme (rsassa rsapss) (RSA default RSASSA) (ECC ECDSA)]\n");
+    printf("\t[-st\tstorage (NULL scheme)]\n");
+    printf("\t[-den\tdecryption, (unrestricted, RSA and ECC NULL scheme)\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t-opu\tpublic area file name\n");
+    printf("\t-opr\tprivate area file name\n");
+    printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-pol\tpolicy file (default empty)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/load.c b/utils/load.c
new file mode 100644
index 000000000..1b87c8d38
--- /dev/null
+++ b/utils/load.c
@@ -0,0 +1,280 @@
+/********************************************************************************/
+/*										*/
+/*			   Load 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: load.c 1324 2018-08-31 16:36:12Z kgoldman $			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Load_In 			in;
+    Load_Out 			out;
+    TPMI_DH_OBJECT		parentHandle = 0;
+    const char			*publicKeyFilename = NULL;
+    const char			*privateKeyFilename = NULL;
+    const char			*parentPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipr") == 0) {
+	    i++;
+	    if (i < argc) {
+		privateKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ipr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (parentHandle == 0) {
+	printf("Missing handle parameter -hp\n");
+	printUsage();
+    }
+    if (privateKeyFilename == NULL) {
+	printf("Missing private key parameter -ipr\n");
+	printUsage();
+    }
+    if (publicKeyFilename == NULL) {
+	printf("Missing private key parameter -ipu\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.inPrivate,
+				    (UnmarshalFunction_t)TSS_TPM2B_PRIVATE_Unmarshalu,
+				    privateKeyFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructureFlag(&in.inPublic,
+					(UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					FALSE,			/* NULL not permitted */
+					publicKeyFilename);
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Load,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.objectHandle);
+	if (tssUtilsVerbose) printf("load: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("load: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("load\n");
+    printf("\n");
+    printf("Runs TPM2_Load\n");
+    printf("\n");
+    printf("\t-hp\tparent handle\n");
+    printf("\t[-pwdp\tpassword for parent key (default empty)]\n");
+    printf("\t-ipu\tpublic key file name\n");
+    printf("\t-ipr\tprivate key file name\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/loadexternal.c b/utils/loadexternal.c
new file mode 100644
index 000000000..5d29c131c
--- /dev/null
+++ b/utils/loadexternal.c
@@ -0,0 +1,542 @@
+/********************************************************************************/
+/*										*/
+/*			   Load External					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/*
+  DER example:
+
+  Create a key pair in PEM format
+  
+  > openssl genrsa -out keypair.pem -aes256 -passout pass:rrrr 2048
+  > openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem
+
+  Convert to plaintext DER format
+
+  > openssl rsa -inform pem -outform der -in keypair.pem -out keypair.der -passin pass:rrrr
+  > openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include "objecttemplates.h"
+#include "cryptoutils.h"
+#include "ekutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    LoadExternal_In 		in;
+    LoadExternal_Out 		out;
+    char 			hierarchyChar = 0;
+    TPMI_RH_HIERARCHY		hierarchy = TPM_RH_NULL;
+    int				keyType = TYPE_SI;
+    TPMI_ALG_SIG_SCHEME 	scheme = TPM_ALG_RSASSA;
+    uint32_t 			keyTypeSpecified = 0;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    const char			*publicKeyFilename = NULL;
+    const char			*derKeyFilename = NULL;
+    const char			*pemKeyFilename = NULL;
+    const char			*keyPassword = NULL;
+    int				userWithAuth = TRUE;
+    unsigned int		inputCount = 0;
+    int				noSpace = FALSE;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (argv[i][0] != 'e' && argv[i][0] != 'o' &&
+		    argv[i][0] != 'p' && argv[i][0] != 'n') {
+		    printUsage();
+		}
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	}
+	else if (strcmp(argv[i],"-scheme") == 0) {
+	    if (keyType == TYPE_SI) {
+		i++;
+		if (i < argc) {
+		    if (strcmp(argv[i],"rsassa") == 0) {
+			scheme = TPM_ALG_RSASSA;
+		    }
+		    else if (strcmp(argv[i],"rsapss") == 0) {
+			scheme = TPM_ALG_RSAPSS;
+		    }
+		    else {
+			printf("Bad parameter %s for -scheme\n", argv[i]);
+			printUsage();
+		    }
+		}
+	    }
+	    else {
+		printf("-scheme can only be specified for signing key\n");
+		printUsage();
+	    }
+        }
+	else if (strcmp(argv[i], "-st") == 0) {
+	    keyType = TYPE_ST;
+	    scheme = TPM_ALG_NULL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-den") == 0) {
+	    keyType = TYPE_DEN;
+	    scheme = TPM_ALG_NULL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-si") == 0) {
+	    keyType = TYPE_SI;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+		inputCount++;
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemKeyFilename = argv[i];
+		inputCount++;
+	    }
+	    else {
+		printf("-ipem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ider") == 0) {
+	    i++;
+	    if (i < argc) {
+		derKeyFilename = argv[i];
+		inputCount++;
+	    }
+	    else {
+		printf("-ider option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-uwa") == 0) {
+	    userWithAuth = FALSE;
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (inputCount != 1) {
+	printf("Missing or too many parameters -ipu, -ipem, -ider\n");
+	printUsage();
+    }
+    if (keyTypeSpecified > 1) {
+	printf("Too many key attributes\n");
+	printUsage();
+    }
+    if (derKeyFilename == NULL) {
+	if (keyPassword != NULL) {
+	    printf("Password only valid for -ider keypair\n");
+	    printUsage();
+	}
+    }
+    /* loadexternal key pair cannot be restricted (storage key) and must have NULL symmetric
+       scheme*/
+    if (derKeyFilename != NULL) {
+	if (keyType == TYPE_ST) {
+	    keyType = TYPE_DEN;
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'e') {
+	    hierarchy = TPM_RH_ENDORSEMENT;
+	}
+	else if (hierarchyChar == 'o') {
+	    hierarchy = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    hierarchy = TPM_RH_PLATFORM;
+	}
+	else if (hierarchyChar == 'n') {
+	    hierarchy = TPM_RH_NULL;
+	}
+    }
+    if (rc == 0) {
+	in.inPrivate.t.size = 0;	/* default - mark optional inPrivate not used */
+	/* TPM format key, output from create */
+	if (publicKeyFilename != NULL) {
+	    rc = TSS_File_ReadStructureFlag(&in.inPublic,
+					    (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					    TRUE,			/* NULL permitted */
+					    publicKeyFilename);
+	}
+	/* PEM format, output from e.g. openssl, readpublic, createprimary, create */
+	else if (pemKeyFilename != NULL) {
+	    switch (algPublic) {
+	      case TPM_ALG_RSA:
+		rc = convertRsaPemToPublic(&in.inPublic,
+					   keyType,
+					   scheme,
+					   nalg,
+					   halg,
+					   pemKeyFilename);
+		break;
+#ifndef TPM_TSS_NOECC
+	      case TPM_ALG_ECC:
+		rc = convertEcPemToPublic(&in.inPublic,
+					  keyType,
+					  scheme,
+					  nalg,
+					  halg,
+					  pemKeyFilename);
+		break;
+#endif	/* TPM_TSS_NOECC */
+	      default:
+		printf("-rsa algorithm %04x not supported\n", algPublic);
+		rc = TPM_RC_ASYMMETRIC;
+	    }
+	}
+	/* DER format key pair */
+	else if (derKeyFilename != NULL) {
+	    in.inPrivate.t.size = 1;		/* mark that private area should be loaded */
+	    switch (algPublic) {
+	      case TPM_ALG_RSA:
+		rc = convertRsaDerToKeyPair(&in.inPublic,
+					    &in.inPrivate,
+					    keyType,
+					    scheme,
+					    nalg,
+					    halg,
+					    derKeyFilename,
+					    keyPassword);
+		break;
+#ifndef TPM_TSS_NOECC
+	      case TPM_ALG_ECC:
+		rc = convertEcDerToKeyPair(&in.inPublic,
+					   &in.inPrivate,
+					   keyType,
+					   scheme,
+					   nalg,
+					   halg,
+					   derKeyFilename,
+					   keyPassword);
+		break;
+#endif	/* TPM_TSS_NOECC */
+	      default:
+		printf("-rsa algorithm %04x not supported\n", algPublic);
+		rc = TPM_RC_ASYMMETRIC;
+	    }
+	}
+	else {
+	    printf("Failure parsing -ipu, -ipem, -ider\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (!userWithAuth) {
+	    in.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_USERWITHAUTH;
+	}
+	in.hierarchy = hierarchy;
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_PUBLIC_Print(&in.inPublic.publicArea, 0);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_LoadExternal,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.objectHandle);
+	if (noSpace) {
+	    unsigned int b;
+	    for (b = 0 ; b < out.name.t.size ; b++) {
+		printf("%02x", out.name.t.name[b]);
+	    }
+	    printf("\n");
+	}
+	if (tssUtilsVerbose) printf("loadexternal: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("loadexternal: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("loadexternal\n");
+    printf("\n");
+    printf("Runs TPM2_LoadExternal\n");
+    printf("\n");
+    printf("\t[-hi\thierarchy (e, o, p, n) (default NULL)]\n");
+    printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\n");
+    printf("\t[Asymmetric Key Algorithm]\n");
+    printf("\n");
+    printf("\t[-rsa\t(default)]\n");
+    printf("\t[-ecc\t]\n");
+    printf("\n");
+    printf("\t-ipu\tTPM2B_PUBLIC public key file name\n");
+    printf("\t-ipem\tPEM format public key file name\n");
+    printf("\t-ider\tDER format plaintext key pair file name\n");
+    printf("\t[-pwdk\tpassword for DER key (default empty)]\n");
+    printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n");
+    printf("\t[-si\tsigning (default) RSA]\n");
+    printf("\t[-scheme  for signing key (default RSASSA scheme)]\n");
+    printf("\t\trsassa\n");
+    printf("\t\trsapss\n");
+    printf("\t[-st\tstorage (default NULL scheme)]\n");
+    printf("\t[-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n");
+    printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n");
+    printf("\t\tUseful to paste into policy\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    printf("\t80\taudit\n");
+    exit(1);	
+}
diff --git a/utils/makecredential.c b/utils/makecredential.c
new file mode 100644
index 000000000..ed33fac3d
--- /dev/null
+++ b/utils/makecredential.c
@@ -0,0 +1,303 @@
+/********************************************************************************/
+/*										*/
+/*			    MakeCredential					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    MakeCredential_In 		in;
+    MakeCredential_Out 		out;
+    TPMI_DH_OBJECT		pubHandle = 0;
+    const char			*inputCredentialFilename = NULL;
+    const char			*nameFilename = NULL;			
+    const char			*outputCredentialFilename = NULL;
+    const char			*secretFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-in") == 0) {
+	    i++;
+	    if (i < argc) {
+		nameFilename = argv[i];
+	    }
+	    else {
+		printf("-in option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-icred") == 0) {
+	    i++;
+	    if (i < argc) {
+		inputCredentialFilename = argv[i];
+	    }
+	    else {
+		printf("-icred option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ocred") == 0) {
+	    i++;
+	    if (i < argc) {
+		outputCredentialFilename = argv[i];
+	    }
+	    else {
+		printf("-ocred option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		secretFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &pubHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pubHandle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (inputCredentialFilename == NULL) {
+	printf("Missing name parameter -icred\n");
+	printUsage();
+    }
+    if (nameFilename == NULL) {
+	printf("Missing name parameter -in\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.handle = pubHandle;
+    }
+    /* read the credential information */
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.credential.b,
+			     sizeof(in.credential.t.buffer),
+			     inputCredentialFilename);
+    }
+    /* read the object Name */
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.objectName.b,
+			     sizeof(in.objectName.t.name),
+			     nameFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_MakeCredential,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* optionally save the credential */
+    if ((rc == 0) && (outputCredentialFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.credentialBlob,
+				     (MarshalFunction_t)TSS_TPM2B_ID_OBJECT_Marshal,
+				     outputCredentialFilename);
+    }
+    /* optionally save the secret */
+    if ((rc == 0) && (secretFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.secret,
+				     (MarshalFunction_t)TSS_TPM2B_ENCRYPTED_SECRET_Marshal,
+				     secretFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("makecredential: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("makecredential: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("makecredential\n");
+    printf("\n");
+    printf("Runs TPM2_MakeCredential\n");
+    printf("\n");
+    printf("\t-ha\thandle of encryption key public area\n");
+    printf("\t-icred\tinput credential file name\n");
+    printf("\t-in\tobject name file name\n");
+    printf("\t[-ocred\t output credential file name (default do not save)]\n");
+    printf("\t[-os\tsecret file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/makefile-common b/utils/makefile-common
new file mode 100644
index 000000000..3f6fc657f
--- /dev/null
+++ b/utils/makefile-common
@@ -0,0 +1,99 @@
+#################################################################################
+#										#
+#										#
+# TPM2 Library and Utilities makefile - Common to TPM 1.2 and 2.0 variations	#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefile-common 1294 2018-08-09 19:08:34Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2014, 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 				\
+	-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
+	-Wformat=2 -Wold-style-definition -Wno-self-assign \
+	-Werror=declaration-after-statement -Wvla \
+	-ggdb -O0 -c 
+
+# to compile with optimizations on (warning will result)
+#	-O3 -c
+# to compile with plaintext session state (see documentation)
+#	-DTPM_ENCRYPT_SESSIONS_DEFAULT="\"0\""
+
+# link - common flags for Posix and Windows, for TSS library and applications
+
+#LNFLAGS += 	-ggdb
+
+ALL += 	$(LIBTSS)				\
+	$(LIBTSSA)				\
+	$(LIBTSSUTILS)
+
+# TSS shared library headers 
+
+TSS_HEADERS += 					\
+		tssauth.h 			\
+		tssccattributes.h 		\
+		tssdev.h  			\
+		tsssocket.h  			\
+		ibmtss/tss.h			\
+		ibmtss/tsscryptoh.h		\
+		ibmtss/tsscrypto.h		\
+		ibmtss/tsserror.h		\
+		ibmtss/tssfile.h		\
+		ibmtss/tssmarshal.h		\
+		ibmtss/tssprint.h		\
+		ibmtss/tssprintcmd.h		\
+		tssproperties.h			\
+		ibmtss/tsstransmit.h		\
+		ibmtss/tssresponsecode.h	\
+		ibmtss/tssutils.h		\
+		ibmtss/Unmarshal_fp.h		\
+		ibmtss/Implementation.h
+
+# TSS shared library object files
+
+TSS_OBJS += 	tss.o			\
+		tssproperties.o		\
+		tssmarshal.o		\
+		tssauth.o 		\
+		tssutils.o 		\
+		tsssocket.o 		\
+		tssdev.o 		\
+		tsstransmit.o 		\
+		tssresponsecode.o 	\
+		tssccattributes.o	\
+		tssprint.o		\
+		Unmarshal.o 		\
+		CommandAttributeData.o
diff --git a/utils/makefile-common12 b/utils/makefile-common12
new file mode 100644
index 000000000..b08a265c0
--- /dev/null
+++ b/utils/makefile-common12
@@ -0,0 +1,70 @@
+#################################################################################
+#										#
+#										#
+#	TPM2 Library and Utilities makefile - Common to all variations		#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefile-common12 1257 2018-06-27 20:52:08Z kgoldman $	#
+#										#
+# (c) Copyright IBM Corporation 2014, 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# link - common flags for Posix and Windows, for TSS library and applications
+
+#LNFLAGS += 	-ggdb
+
+ALL += 	
+
+# TSS shared library headers 
+
+TSS_HEADERS +=				\
+		tss12.h  		\
+		tssauth12.h		\
+		tssccattributes12.h	\
+		ibmtss/tssmarshal12.h	\
+		ibmtss/Unmarshal12_fp.h	\
+		ibmtss/Parameters12.h	\
+		ibmtss/tpmstructures12.h	\
+		ibmtss/tpmconstants12.h	\
+		ibmtss/tpmtypes12.h
+
+# TSS shared library object files
+
+TSS_OBJS +=	tss12.o			\
+		tssauth12.o		\
+		tssmarshal12.o		\
+		Unmarshal12.o 		\
+		Commands12.o 		\
+		tssccattributes12.o	\
+		CommandAttributeData12.o
+
diff --git a/utils/makefile-common20 b/utils/makefile-common20
new file mode 100644
index 000000000..191fd4840
--- /dev/null
+++ b/utils/makefile-common20
@@ -0,0 +1,180 @@
+#################################################################################
+#										#
+#										#
+#	TPM 2.0 Library and Utilities makefile - Common to all variations	#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2014 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# link - common flags for Posix and Windows, for TSS library and applications
+
+#LNFLAGS += 	-ggdb
+
+ALL += 	activatecredential$(EXE)		\
+	eventextend$(EXE)			\
+	imaextend$(EXE)				\
+	certify$(EXE)				\
+	certifycreation$(EXE)			\
+	certifyx509$(EXE)			\
+	changeeps$(EXE)				\
+	changepps$(EXE)				\
+	clear$(EXE)				\
+	clearcontrol$(EXE)			\
+	clockrateadjust$(EXE)			\
+	clockset$(EXE)				\
+	commit$(EXE)				\
+	contextload$(EXE)			\
+	contextsave$(EXE)			\
+	create$(EXE)				\
+	createloaded$(EXE)			\
+	createprimary$(EXE)			\
+	dictionaryattacklockreset$(EXE) 	\
+	dictionaryattackparameters$(EXE) 	\
+	duplicate$(EXE)				\
+	eccparameters$(EXE)			\
+	ecephemeral$(EXE)			\
+	encryptdecrypt$(EXE)			\
+	evictcontrol$(EXE)			\
+	eventsequencecomplete$(EXE)		\
+	flushcontext$(EXE)			\
+	getcommandauditdigest$(EXE)		\
+	getcapability$(EXE)			\
+	getrandom$(EXE)				\
+	gettestresult$(EXE)			\
+	getsessionauditdigest$(EXE)		\
+	gettime$(EXE)				\
+	hash$(EXE)				\
+	hashsequencestart$(EXE) 		\
+	hierarchycontrol$(EXE) 			\
+	hierarchychangeauth$(EXE) 		\
+	hmac$(EXE)				\
+	hmacstart$(EXE)				\
+	import$(EXE)				\
+	importpem$(EXE)				\
+	load$(EXE)				\
+	loadexternal$(EXE)			\
+	makecredential$(EXE)			\
+	nvcertify$(EXE)				\
+	nvchangeauth$(EXE)			\
+	nvdefinespace$(EXE)			\
+	nvextend$(EXE) 				\
+	nvglobalwritelock$(EXE)			\
+	nvincrement$(EXE) 			\
+	nvread$(EXE)				\
+	nvreadlock$(EXE)			\
+	nvreadpublic$(EXE)			\
+	nvsetbits$(EXE)				\
+	nvundefinespace$(EXE)			\
+	nvundefinespacespecial$(EXE)		\
+	nvwrite$(EXE)				\
+	nvwritelock$(EXE)			\
+	objectchangeauth$(EXE) 			\
+	pcrallocate$(EXE)			\
+	pcrevent$(EXE)				\
+	pcrextend$(EXE)				\
+	pcrread$(EXE)				\
+	pcrreset$(EXE)				\
+	policyauthorize$(EXE)			\
+	policyauthvalue$(EXE)			\
+	policycommandcode$(EXE) 		\
+	policycphash$(EXE)	 		\
+	policynamehash$(EXE)	 		\
+	policycountertimer$(EXE)		\
+	policyduplicationselect$(EXE)		\
+	policygetdigest$(EXE)			\
+	policymaker$(EXE)			\
+	policymakerpcr$(EXE)			\
+	policynv$(EXE)				\
+	policyauthorizenv$(EXE)			\
+	policynvwritten$(EXE)			\
+	policypassword$(EXE)			\
+	policypcr$(EXE)				\
+	policyor$(EXE)				\
+	policyrestart$(EXE)			\
+	policysigned$(EXE)			\
+	policysecret$(EXE)			\
+	policytemplate$(EXE)			\
+	policyticket$(EXE)			\
+	powerup$(EXE)				\
+	quote$(EXE)				\
+	readclock$(EXE)				\
+	readpublic$(EXE)			\
+	returncode$(EXE)			\
+	rewrap$(EXE)				\
+	rsadecrypt$(EXE)			\
+	rsaencrypt$(EXE)			\
+	sequencecomplete$(EXE)			\
+	sequenceupdate$(EXE)			\
+	setcommandcodeauditstatus$(EXE)		\
+	setprimarypolicy$(EXE) 			\
+	shutdown$(EXE) 				\
+	sign$(EXE)				\
+	startauthsession$(EXE)			\
+	startup$(EXE) 				\
+	stirrandom$(EXE)			\
+	unseal$(EXE)				\
+	verifysignature$(EXE)			\
+	zgen2phase$(EXE)			\
+						\
+	signapp$(EXE)				\
+	writeapp$(EXE)				\
+	timepacket$(EXE)			\
+	createek$(EXE)				\
+	createekcert$(EXE)			\
+	tpm2pem$(EXE)				\
+	tpmpublic2eccpoint$(EXE)		\
+	publicname$(EXE)			\
+	getcryptolibrary$(EXE)			\
+	printattr$(EXE)				\
+	tpmcmd$(EXE)
+
+ALL	+= 					\
+	ntc2getconfig$(EXE)			\
+	ntc2preconfig$(EXE)			\
+	ntc2lockconfig$(EXE)
+
+# TSS shared library headers 
+
+TSS_HEADERS +=				\
+		tss20.h  		\
+		tssauth20.h
+
+# TSS shared library object files
+
+TSS_OBJS +=	tss20.o		\
+		tssauth20.o	\
+		Commands.o 	\
+		ntc2lib.o	\
+		tssntc.o
diff --git a/utils/makefile.mac b/utils/makefile.mac
new file mode 100644
index 000000000..7af69c14b
--- /dev/null
+++ b/utils/makefile.mac
@@ -0,0 +1,454 @@
+#################################################################################
+#										#
+#			Mac TPM2 Utilities Makefile				#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2017 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 	-DTPM_POSIX 
+
+# example of pointing to a locally built openssl 1.1
+# CCFLAGS += 	-I/home/kgold/openssl-1.1.0c/include
+
+# compile - for TSS library
+
+# include the hardening flag PIC needed for compiling for dynamic
+# linking
+
+CCLFLAGS += 	-I. 		\
+		-fPIC		\
+		-I/usr/local/Cellar/openssl/1.0.2m/include/
+
+# to compile out printf's.  Regression test will fail because it tries
+# to print a structure -DTPM_TSS_NO_PRINT
+
+# example of changing the default interface type
+#	-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
+
+# compile - for applications
+
+# include the hardening flag PIE needed for compiling for
+# static linking
+
+CCAFLAGS += 	-I.	\
+		-fPIE	\
+		-I/usr/local/Cellar/openssl/1.0.2m/include/
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX		\
+		-L.
+
+# This seems to be required on some Ubuntu distros due to an issue with the gold linker
+#		-fuse-ld=bfd
+
+# example of pointing to a locally built openssl 1.1
+# LNFLAGS +=	 -L/home/kgold/openssl-1.1.0c
+# This also requires setting the environment variable LD_LIBRARY_PATH.  E.g.,
+# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c
+
+# link - for TSS library
+
+# hardening flags for linking shared objects
+#LNLFLAGS += -shared -Wl,-z,now
+LNLFLAGS += -shared 
+
+# This is an alternative to using the bfd linker on Ubuntu
+LNLLIBS += -lcrypto
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+# hardening flags for linking executables
+#LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+#LNAFLAGS += 	-pie	 
+LNAFLAGS +=		-L/usr/local/Cellar/openssl/1.0.2m/lib
+LNLFLAGS +=		-L/usr/local/Cellar/openssl/1.0.2m/lib
+LNALIBS +=  -libmtss -lcrypto
+
+# shared library
+
+# versioned shared library
+LIBTSSVERSIONED=libibmtss.dylib.0.1
+
+# soname field of the shared library
+# which will be made symbolic link to the versioned shared library
+# this is used to provide version backward-compatibility information
+LIBTSSSONAME=libibmtss.dylib.0
+
+# symbolic link to the versioned shared library
+# this allows linking to the shared library with '-libmtss' 
+
+#os := $(shell uname -o)
+#ifeq ($(os),Cygwin)
+#  LIBTSS=libibmtss.dll
+#else
+#  LIBTSS=libibmtss.so
+#endif
+LIBTSS=libibmtss.dylib
+
+# executable extension
+
+EXE =
+
+# 
+
+TSS_HEADERS=
+
+# default TSS library
+
+TSS_OBJS = 	tssfile.o 		\
+		tsscryptoh.o 		\
+		tsscrypto.o 		\
+		tssprintcmd.o
+
+# common to all builds
+
+include makefile-common
+include makefile-common20
+
+# default build target
+
+all:	$(ALL)
+
+# TSS shared library source
+
+tss.o: 		$(TSS_HEADERS) tss.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss.c
+tssproperties.o: $(TSS_HEADERS) tssproperties.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c
+tssauth.o: 	$(TSS_HEADERS) tssauth.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c
+tssmarshal.o: 	$(TSS_HEADERS) tssmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c
+tsscryptoh.o: 	$(TSS_HEADERS) tsscryptoh.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c
+tsscrypto.o: 	$(TSS_HEADERS) tsscrypto.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c
+tssutils.o: 	$(TSS_HEADERS) tssutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c
+tssfile.o: 	$(TSS_HEADERS) tssfile.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c
+tsssocket.o: 	$(TSS_HEADERS) tsssocket.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c
+tssdev.o: 	$(TSS_HEADERS) tssdev.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c
+tsstransmit.o: 	$(TSS_HEADERS) tsstransmit.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c
+tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c
+tssccattributes.o: $(TSS_HEADERS) tssccattributes.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c
+tssprint.o: 	$(TSS_HEADERS) tssprint.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c
+Unmarshal.o: 	$(TSS_HEADERS) Unmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c
+Commands.o: 	$(TSS_HEADERS) Commands.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c
+CommandAttributeData.o: 	$(TSS_HEADERS) CommandAttributeData.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c
+ntc2lib.o:	$(TSS_HEADERS) ntc2lib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c
+tssntc.o:	$(TSS_HEADERS) tssntc.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-install_name,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSONAME)
+		ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME)
+		rm -f $(LIBTSS)
+		ln -sf $(LIBTSSSONAME) $(LIBTSS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:		
+		rm -f *.o  *~ 	\
+		h*.bin		\
+		$(LIBTSSSONAME)	\
+		$(LIBTSSVERSIONED) \
+		$(ALL)
+
+# applications
+
+activatecredential:	ibmtss/tss.h activatecredential.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential
+eventextend:		eventextend.o eventlib.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o $(LNALIBS) -o eventextend
+imaextend:		imaextend.o imalib.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o $(LNALIBS) -o imaextend
+certify:		ibmtss/tss.h certify.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify
+certifycreation:	ibmtss/tss.h certifycreation.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation
+certifyx509:		ibmtss/tss.h certifyx509.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certifyx509.o $(LNALIBS) -o certifyx509
+changeeps:		ibmtss/tss.h changeeps.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps
+changepps:		ibmtss/tss.h changepps.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps
+clear:			ibmtss/tss.h clear.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear
+clearcontrol:		ibmtss/tss.h clearcontrol.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol
+clockrateadjust:	ibmtss/tss.h clockrateadjust.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust
+clockset:		ibmtss/tss.h clockset.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset
+commit:			ibmtss/tss.h commit.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit
+contextload:		ibmtss/tss.h contextload.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload
+contextsave:		ibmtss/tss.h contextsave.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave
+create:			ibmtss/tss.h create.o objecttemplates.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o cryptoutils.o $(LNALIBS) -o create
+createloaded:		ibmtss/tss.h createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createloaded
+createprimary:		ibmtss/tss.h createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createprimary
+dictionaryattacklockreset:		ibmtss/tss.h dictionaryattacklockreset.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset
+dictionaryattackparameters:		ibmtss/tss.h dictionaryattackparameters.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters
+duplicate:		ibmtss/tss.h duplicate.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate 
+eccparameters:		ibmtss/tss.h eccparameters.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters 
+ecephemeral:		ibmtss/tss.h ecephemeral.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral 
+encryptdecrypt:		ibmtss/tss.h encryptdecrypt.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt	
+eventsequencecomplete:	ibmtss/tss.h eventsequencecomplete.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete	
+evictcontrol:		ibmtss/tss.h evictcontrol.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol	
+flushcontext:		ibmtss/tss.h flushcontext.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext
+getcommandauditdigest:	ibmtss/tss.h getcommandauditdigest.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest
+getcapability:		ibmtss/tss.h getcapability.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability
+getrandom:		ibmtss/tss.h getrandom.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom
+gettestresult:		ibmtss/tss.h gettestresult.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) gettestresult.o $(LNALIBS) -o gettestresult
+getsessionauditdigest:	ibmtss/tss.h getsessionauditdigest.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest
+gettime:		ibmtss/tss.h gettime.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime
+hashsequencestart:	ibmtss/tss.h hashsequencestart.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart
+hash:			ibmtss/tss.h hash.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash
+hierarchycontrol:	ibmtss/tss.h hierarchycontrol.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol
+hierarchychangeauth:	ibmtss/tss.h hierarchychangeauth.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth
+hmac:			ibmtss/tss.h hmac.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac
+hmacstart:		ibmtss/tss.h hmacstart.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart
+import:			ibmtss/tss.h import.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import
+importpem:		ibmtss/tss.h importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LNALIBS) -o importpem
+load:			ibmtss/tss.h load.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load
+loadexternal:		ibmtss/tss.h loadexternal.o cryptoutils.o ekutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o cryptoutils.o ekutils.o $(LNALIBS) -o loadexternal
+makecredential:		ibmtss/tss.h makecredential.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential
+nvcertify:		ibmtss/tss.h nvcertify.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify
+nvchangeauth:		ibmtss/tss.h nvchangeauth.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth
+nvdefinespace:		ibmtss/tss.h nvdefinespace.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace
+nvextend:		ibmtss/tss.h nvextend.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend
+nvglobalwritelock:	ibmtss/tss.h nvglobalwritelock.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock
+nvincrement:		ibmtss/tss.h nvincrement.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement
+nvread:			ibmtss/tss.h nvread.o cryptoutils.o ekutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o cryptoutils.o ekutils.o $(LNALIBS) -o nvread
+nvreadlock:		ibmtss/tss.h nvreadlock.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock
+nvreadpublic:		ibmtss/tss.h nvreadpublic.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic
+nvsetbits:		ibmtss/tss.h nvsetbits.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits
+nvundefinespace:	ibmtss/tss.h nvundefinespace.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace
+nvundefinespacespecial:	ibmtss/tss.h nvundefinespacespecial.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial
+nvwrite:		ibmtss/tss.h nvwrite.o cryptoutils.o ekutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o cryptoutils.o ekutils.o $(LNALIBS) -o nvwrite
+nvwritelock:		ibmtss/tss.h nvwritelock.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock
+objectchangeauth:	ibmtss/tss.h objectchangeauth.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth
+pcrallocate: 		ibmtss/tss.h pcrallocate.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate
+pcrevent: 		ibmtss/tss.h pcrevent.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent
+pcrextend: 		ibmtss/tss.h pcrextend.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend
+pcrread: 		ibmtss/tss.h pcrread.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread
+pcrreset: 		ibmtss/tss.h pcrreset.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset
+policyauthorize:	ibmtss/tss.h policyauthorize.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize
+policyauthvalue:	ibmtss/tss.h policyauthvalue.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue
+policycommandcode:	ibmtss/tss.h policycommandcode.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode
+policycphash:		ibmtss/tss.h policycphash.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash
+policynamehash:		ibmtss/tss.h policynamehash.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynamehash.o $(LNALIBS) -o policynamehash
+policycountertimer :	ibmtss/tss.h policycountertimer.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer
+policyduplicationselect:	ibmtss/tss.h policyduplicationselect.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyduplicationselect.o $(LNALIBS) -o policyduplicationselect
+policygetdigest:	ibmtss/tss.h policygetdigest.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest
+policymaker:		ibmtss/tss.h policymaker.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker
+policymakerpcr:		ibmtss/tss.h policymakerpcr.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr
+policyauthorizenv:	ibmtss/tss.h policyauthorizenv.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv
+policynv:		ibmtss/tss.h policynv.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv
+policynvwritten:	ibmtss/tss.h policynvwritten.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten
+policyor:		ibmtss/tss.h policyor.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor
+policypassword:		ibmtss/tss.h policypassword.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword
+policypcr:		ibmtss/tss.h policypcr.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr
+policyrestart:		ibmtss/tss.h policyrestart.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart
+policysigned:		ibmtss/tss.h policysigned.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned
+policysecret:		ibmtss/tss.h policysecret.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret
+policytemplate:		ibmtss/tss.h policytemplate.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate
+policyticket:		ibmtss/tss.h policyticket.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket
+quote:			ibmtss/tss.h quote.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote
+powerup:		ibmtss/tss.h powerup.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup
+readclock:		ibmtss/tss.h readclock.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock
+readpublic:		ibmtss/tss.h readpublic.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o cryptoutils.o $(LNALIBS) -o readpublic
+returncode:		ibmtss/tss.h returncode.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode
+rewrap:			ibmtss/tss.h rewrap.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap
+rsadecrypt: 		ibmtss/tss.h rsadecrypt.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt
+rsaencrypt: 		ibmtss/tss.h rsaencrypt.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt
+sequenceupdate:		ibmtss/tss.h sequenceupdate.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate
+sequencecomplete:	ibmtss/tss.h sequencecomplete.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete
+setprimarypolicy:	ibmtss/tss.h setprimarypolicy.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy
+setcommandcodeauditstatus:	ibmtss/tss.h setcommandcodeauditstatus.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) setcommandcodeauditstatus.o $(LNALIBS) -o setcommandcodeauditstatus
+shutdown:		ibmtss/tss.h shutdown.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown
+sign:			ibmtss/tss.h sign.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sign.o cryptoutils.o $(LNALIBS) -o sign
+startauthsession:	ibmtss/tss.h startauthsession.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession
+startup:		ibmtss/tss.h startup.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup
+stirrandom:		ibmtss/tss.h stirrandom.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom
+unseal:			ibmtss/tss.h unseal.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal
+verifysignature:	ibmtss/tss.h verifysignature.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o cryptoutils.o $(LNALIBS) -o verifysignature
+zgen2phase:		ibmtss/tss.h zgen2phase.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) zgen2phase.o cryptoutils.o $(LNALIBS) -o zgen2phase
+signapp:		ibmtss/tss.h signapp.o ekutils.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o ekutils.o cryptoutils.o $(LNALIBS) -o signapp
+writeapp:		ibmtss/tss.h writeapp.o ekutils.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o ekutils.o cryptoutils.o $(LNALIBS) -o writeapp
+timepacket:		ibmtss/tss.h timepacket.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket
+createek:		createek.o cryptoutils.o ekutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createek.o cryptoutils.o ekutils.o $(LNALIBS) -o createek
+createekcert:		createekcert.o cryptoutils.o ekutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o cryptoutils.o ekutils.o $(LNALIBS) -o createekcert
+tpm2pem:		tpm2pem.o cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpm2pem.o cryptoutils.o $(LNALIBS) -o tpm2pem
+tpmpublic2eccpoint:	tpmpublic2eccpoint.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpmpublic2eccpoint.o $(LNALIBS) -o tpmpublic2eccpoint
+ntc2getconfig:		ntc2getconfig.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig
+ntc2preconfig:		ntc2preconfig.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig
+ntc2lockconfig:		ntc2lockconfig.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig
+publicname:		publicname.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) publicname.o $(LNALIBS) -o publicname
+getcryptolibrary:	getcryptolibrary.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcryptolibrary.o $(LNALIBS) -o getcryptolibrary
+printattr:		printattr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) printattr.o $(LNALIBS) -o printattr
+
+# for applications, not for TSS library
+
+%.o:		%.c ibmtss/tss.h 
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
+
diff --git a/utils/makefile.mak b/utils/makefile.mak
new file mode 100644
index 000000000..8e43d5c2d
--- /dev/null
+++ b/utils/makefile.mak
@@ -0,0 +1,255 @@
+#################################################################################
+#										#
+#			Windows MinGW TPM2 Makefile OpenSSL 1.1.1 32-bit	#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# Windows OpenSSL 1.1.1 32-bit with mingw
+
+# Please contribute a solution for OpenSSL 64-bit (Shining Light),
+# which does not include the mingw .a files.
+
+# For this to work, copy the file .../openssl/bin/libcrypto-1.1.dll to
+# libcrypto.dll.  Please contribute a solution that does not require
+# this step.
+
+# C compiler
+
+CC = "c:/program files/mingw/bin/gcc.exe"
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 					\
+	-DTPM_WINDOWS				\
+	-I. 					\
+	-I"c:/program files/MinGW/include"	\
+	-I"c:/program files/openssl/include"	\
+
+# compile - for TSS library
+
+CCLFLAGS +=					\
+		-DTPM_TPM20
+
+# compile - for applications
+
+CCAFLAGS += 			\
+		-DTPM_TPM20
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS +=					\
+	-D_MT					\
+	-DTPM_WINDOWS				\
+	-I.
+
+# link - for TSS library
+
+LNLFLAGS += 
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+LNAFLAGS += 
+
+LNLIBS = 	"c:/program files/openssl/lib/mingw/libcrypto.a" \
+		"c:/program files/MinGW/lib/libws2_32.a"
+
+# shared library
+
+LIBTSS=libibmtss.dll
+
+# executable extension
+
+EXE=.exe
+
+# 
+
+ALL =
+
+# default TSS library
+
+TSS_OBJS = 	tssfile.o 		\
+		tsscryptoh.o 		\
+		tsscrypto.o 		\
+		tssprintcmd.o
+
+# common to all builds
+
+include makefile-common
+include makefile-common20
+
+#
+# Start Windows TBSI
+#
+
+# mingw libraries are apparently no longer compatible with Windows
+# Kits for TBS.  Contributions are welcome.  Until then, use the
+# Visual Studio solution for the hardware TPM.
+
+#TSS_OBJS += tsstbsi.o
+
+#CCFLAGS +=	-DTPM_WINDOWS_TBSI
+#CCFLAGS +=	-D_WIN32_WINNT=0x0600
+
+# Windows 10
+
+#CCFLAGS +=	-DTPM_WINDOWS_TBSI_WIN8
+#CCFLAGS +=	-I"c:\Program Files (x86)\Windows Kits\10\Include\10.0.17763.0\shared"
+
+#LNLIBS += "c:/Program Files (x86)/Windows Kits/10/Lib/10.0.17763.0/um/x64/tbs.lib"
+
+# Windows 7
+
+#CCFLAGS +=	-DTPM_WINDOWS_TBSI_WIN7
+
+#LNLIBS += c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib
+
+#
+# End Windows TBSI
+#
+
+# default build target
+
+all:	$(ALL)
+
+# TSS shared library source
+
+tss.o: 		$(TSS_HEADERS) tss.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss.c
+tssproperties.o: $(TSS_HEADERS) tssproperties.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c
+tssauth.o: 	$(TSS_HEADERS) tssauth.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c
+tssmarshal.o: 	$(TSS_HEADERS) tssmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c
+tsscryptoh.o: 	$(TSS_HEADERS) tsscryptoh.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c
+tsscrypto.o: 	$(TSS_HEADERS) tsscrypto.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c
+tssutils.o: 	$(TSS_HEADERS) tssutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c
+tssfile.o: 	$(TSS_HEADERS) tssfile.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c
+tsssocket.o: 	$(TSS_HEADERS) tsssocket.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c
+tssdev.o: 	$(TSS_HEADERS) tssdev.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c
+tsstransmit.o: 	$(TSS_HEADERS) tsstransmit.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c
+tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c
+tssccattributes.o: $(TSS_HEADERS) tssccattributes.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c
+tssprint.o: 	$(TSS_HEADERS) tssprint.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c
+Unmarshal.o: 	$(TSS_HEADERS) Unmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c
+Commands.o: 	$(TSS_HEADERS) Commands.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c
+CommandAttributeData.o: 	$(TSS_HEADERS) CommandAttributeData.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c
+ntc2lib.o:	$(TSS_HEADERS) ntc2lib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c
+tssntc.o:	$(TSS_HEADERS) tssntc.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c
+
+# TPM 2.0
+
+tss20.o: 	$(TSS_HEADERS) tss20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c
+tssauth20.o: 	$(TSS_HEADERS) tssauth20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS) \
+		-Wl,--out-implib,libibmtss.a $(LNLIBS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:		
+		rm -f *.o 	\
+		$(LIBTSS)	\
+		$(ALL)
+
+create.exe:	create.o objecttemplates.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) 
+
+createloaded.exe:	createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) 
+
+createprimary.exe:	createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) 
+
+eventextend.exe:	eventextend.o eventlib.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o eventlib.o cryptoutils.o $(LNLIBS) $(LIBTSS) 
+
+imaextend.exe:	imaextend.o imalib.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o imalib.o cryptoutils.o $(LNLIBS) $(LIBTSS) 
+
+createek.exe:	createek.o ekutils.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+certifyx509.exe:	certifyx509.o ekutils.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+createekcert.exe:	createekcert.o ekutils.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+importpem.exe:	importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS)
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o objecttemplates.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+loadexternal.exe:	loadexternal.o cryptoutils.o ekutils.o $(LIBTSS)
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o cryptoutils.o ekutils.o $(LNLIBS) $(LIBTSS)
+
+nvread.exe:	nvread.o ekutils.o cryptoutils.o $(LIBTSS) 
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+nvwrite.exe:	nvwrite.o ekutils.o cryptoutils.o $(LIBTSS)
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+signapp.exe:	signapp.o ekutils.o cryptoutils.o $(LIBTSS)
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+writeapp.exe:	writeapp.o ekutils.o cryptoutils.o $(LIBTSS)
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+%.exe:		%.o applink.o cryptoutils.o $(LIBTSS)
+		$(CC) $(LNFLAGS) -L. -libmtss $< -o $@ applink.o cryptoutils.o $(LNLIBS) $(LIBTSS)
+
+%.o:		%.c
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
diff --git a/utils/makefile.min b/utils/makefile.min
new file mode 100644
index 000000000..32dd87664
--- /dev/null
+++ b/utils/makefile.min
@@ -0,0 +1,178 @@
+#################################################################################
+#										#
+#		Linux TPM2 Utilities Makefile for minimal TSS			#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2016 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# makefile to build a TSS library that does not require file read/write or crypto
+# within the library
+#
+# See the documentation for limitations.
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS  += \
+	-DTPM_POSIX		\
+	-DTPM_TSS_NOFILE	\
+	-DTPM_TSS_NOCRYPTO	\
+	-DTPM_TSS_NORSA
+
+# -DTPM_NOSOCKET
+
+# compile - for TSS library
+
+CCLFLAGS += 	-I.			\
+		-fPIC			\
+		-DTPM_TPM20
+
+# compile - for applications
+
+CCAFLAGS += 	-I.		\
+		-DTPM_TPM20	\
+		-fPIE
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX		\
+		-L.
+
+# link - for TSS library
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+LNAFLAGS += -Wl,-rpath,.
+
+LNALIBS +=  -libmtssmin
+
+# shared library
+
+LIBTSS=libibmtssmin.so
+
+# 
+
+ALL = $(LIBTSS)
+#TSS_HEADERS = ibmtss/tssfile.h
+
+# default TSS library
+
+TSS_OBJS =	tssprintcmd.o
+
+
+# common to all builds
+
+include makefile-common
+include makefile-common20
+
+# default build target
+
+all:	writeapp
+
+# TSS shared library source
+
+tss.o: 			$(TSS_HEADERS) tss.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tss.c
+tssproperties.o: 	$(TSS_HEADERS) tssproperties.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssproperties.c
+tssauth.o: 		$(TSS_HEADERS) tssauth.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssauth.c
+tssmarshal.o: 		$(TSS_HEADERS) tssmarshal.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssmarshal.c
+tsscryptoh.o: 		$(TSS_HEADERS) tsscryptoh.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscryptoh.c
+tsscrypto.o: 		$(TSS_HEADERS) tsscrypto.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscrypto.c
+tssutils.o: 		$(TSS_HEADERS) tssutils.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssutils.c
+tsssocket.o: 		$(TSS_HEADERS) tsssocket.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsssocket.c
+tssdev.o: 		$(TSS_HEADERS) tssdev.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssdev.c
+tsstransmit.o: 		$(TSS_HEADERS) tsstransmit.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsstransmit.c
+tssresponsecode.o: 	$(TSS_HEADERS) tssresponsecode.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssresponsecode.c
+tssccattributes.o: 	$(TSS_HEADERS) tssccattributes.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssccattributes.c
+tssprint.o: 		$(TSS_HEADERS) tssprint.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssprint.c
+tssprintcmd.o: 		$(TSS_HEADERS) tssprintcmd.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssprintcmd.c
+Unmarshal.o: 		$(TSS_HEADERS) Unmarshal.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Unmarshal.c
+Commands.o: 		$(TSS_HEADERS) Commands.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Commands.c
+CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC CommandAttributeData.c
+ntc2lib.o:		$(TSS_HEADERS) ntc2lib.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC ntc2lib.c
+tssntc.o:		$(TSS_HEADERS) tssntc.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssntc.c
+
+# TPM 2.0
+
+tss20.o: 	$(TSS_HEADERS) tss20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c
+tssauth20.o: 	$(TSS_HEADERS) tssauth20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:		
+		rm -f *.o	\
+		$(ALL)
+
+# applications
+
+writeapp:		ibmtss/tss.h writeapp.o tssutilsverbose.o $(LIBTSS) 
+
+			$(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o tssutilsverbose.o \
+			$(LNALIBS) -o writeapp
+
+# for applications, not for TSS library
+
+%.o:		%.c ibmtss/tss.h 
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
+
diff --git a/utils/makefile.nofile b/utils/makefile.nofile
new file mode 100644
index 000000000..3d22cc4fc
--- /dev/null
+++ b/utils/makefile.nofile
@@ -0,0 +1,243 @@
+#################################################################################
+#										#
+#		Linux TPM2 Utilities Makefile for TSS without files		#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2016 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# makefile to build a TSS library that does not require file read/write.
+#
+# See the documentation for limitations.
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS  += 	-DTPM_POSIX			\
+		-DTPM_TSS_NOFILE
+
+# -DTPM_NOSOCKET
+
+# compile - for TSS library
+
+# include the hardening flag PIC needed for compiling for dynamic
+# linking
+
+CCLFLAGS += 	-I. 		\
+		-fPIC		\
+		-DTPM_TPM20
+
+# compile - for applications
+
+# include the hardening flag PIE needed for compiling for
+# static linking
+
+CCAFLAGS += 	-I.		\
+		-DTPM_TPM20	\
+		-fPIE
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX	\
+		-L.
+
+# link - for TSS library
+
+# hardening flags for linking shared objects
+LNLFLAGS += -shared -Wl,-z,now
+
+#	This is an alternative to using the bfd linker on Ubuntu
+LNLLIBS += -lcrypto
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+
+LNALIBS +=  -libmtssutils -libmtssmin
+
+# versioned shared library
+LIBTSSVERSIONED=libibmtssmin.so.1.3
+
+# soname field of the shared library
+# which will be made symbolic link to the versioned shared library
+# this is used to provide version backward-compatibility information
+LIBTSSSONAME=libibmtssmin.so.1
+
+# symbolic link to the versioned shared library
+# this allows linking to the shared library with '-libmtss' 
+
+os := $(shell uname -o)
+ifeq ($(os),Cygwin)
+  LIBTSS=libibmtssmin.dll
+else
+  LIBTSS=libibmtssmin.so
+endif
+
+# TSS utilities shared library
+
+LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3
+LIBTSSUTILSSONAME=libibmtssutils.so.1
+LIBTSSUTILS=libibmtssutils.so
+
+# executable extension
+
+EXE =
+
+ALL = signapp writeapp
+
+TSS_HEADERS = ibmtss/tssfile.h
+
+# default TSS library
+
+TSS_OBJS =  	tsscryptoh.o 		\
+		tsscrypto.o 		\
+		tssprintcmd.o
+
+TSSUTILS_OBJS = cryptoutils.o	\
+		ekutils.o	\
+		imalib.o	\
+		eventlib.o
+
+# common to all builds
+
+include makefile-common
+include makefile-common20
+
+# default build target
+
+all: 	signapp writeapp
+
+# TSS shared library source
+
+tss.o: 			$(TSS_HEADERS) tss.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tss.c
+tssauth.o: 		$(TSS_HEADERS) tssauth.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c
+tssproperties.o: 	$(TSS_HEADERS) tssproperties.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c
+tssmarshal.o: 		$(TSS_HEADERS) tssmarshal.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c
+tsscryptoh.o: 		$(TSS_HEADERS) tsscryptoh.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c
+tsscrypto.o: 		$(TSS_HEADERS) tsscrypto.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c
+tssutils.o: 		$(TSS_HEADERS) tssutils.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c
+tsssocket.o: 		$(TSS_HEADERS) tsssocket.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c
+tssdev.o: 		$(TSS_HEADERS) tssdev.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c
+tsstransmit.o: 		$(TSS_HEADERS) tsstransmit.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c
+tssresponsecode.o: 	$(TSS_HEADERS) tssresponsecode.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c
+tssccattributes.o: 	$(TSS_HEADERS) tssccattributes.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c
+tssprint.o: 		$(TSS_HEADERS) tssprint.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c
+tssprintcmd.o: 		$(TSS_HEADERS) tssprintcmd.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c
+Unmarshal.o: 		$(TSS_HEADERS) Unmarshal.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c
+Commands.o: 		$(TSS_HEADERS) Commands.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c
+CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c
+ntc2lib.o:		$(TSS_HEADERS) ntc2lib.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c
+tssntc.o:		$(TSS_HEADERS) tssntc.c
+			$(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c
+
+# TPM 2.0
+
+tss20.o: 	$(TSS_HEADERS) tss20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c
+tssauth20.o: 	$(TSS_HEADERS) tssauth20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c
+
+# TSS utilities shared library source
+
+cryptoutils.o: 	$(TSS_HEADERS) cryptoutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c
+ekutils.o: 	$(TSS_HEADERS) ekutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c
+imalib.o: 	$(TSS_HEADERS) imalib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c
+eventlib.o: 	$(TSS_HEADERS) eventlib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSONAME)
+		ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME)
+		rm -f $(LIBTSS)
+		ln -sf $(LIBTSSSONAME) $(LIBTSS)
+
+# TSS utilities shared library
+
+$(LIBTSSUTILS):	$(TSSUTILS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) $(TSSUTILS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSUTILSONAME)
+		ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME)
+		rm -f $(LIBTSSUTILS)
+		ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:		
+		rm -f *.o 		\
+		$(LIBTSSSONAME)		\
+		$(LIBTSSVERSIONED) 	\
+		$(LIBTSSUTILSSONAME) 	\
+		$(LIBTSSUTILSVERSIONED)	\
+		$(ALL)
+
+# applications
+
+signapp:		ibmtss/tss.h signapp.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o $(LNALIBS) -o signapp
+writeapp:		ibmtss/tss.h writeapp.o $(LIBTSS) $(LIBTSSUTILS) 
+			$(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o $(LNALIBS) -o writeapp
+
+# for applications, not for TSS library
+
+%.o:		%.c ibmtss/tss.h 
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
+
diff --git a/utils/makefiletpm12 b/utils/makefiletpm12
new file mode 100644
index 000000000..92e9b9742
--- /dev/null
+++ b/utils/makefiletpm12
@@ -0,0 +1,265 @@
+#################################################################################
+#										#
+#		Linux TPM 1.2 TSS Makefile					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2018 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 	-DTPM_POSIX
+
+# example of pointing to a locally built openssl 1.1
+# CCFLAGS += 	-I/home/kgold/openssl/include
+
+# compile - for TSS library
+
+# include the hardening flag PIC needed for compiling for dynamic
+# linking
+
+CCLFLAGS += 	-I. 		\
+		-fPIC		\
+		-DTPM_TPM12
+
+# to compile out printf's.  Regression test will fail because it tries
+# to print a structure -DTPM_TSS_NO_PRINT
+
+# example of changing the default interface type
+#	-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
+
+# compile - for applications
+
+# include the hardening flag PIE needed for compiling for
+# static linking
+
+CCAFLAGS += 	-I.		\
+		-DTPM_TPM12	\
+		-fPIE
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX		\
+		-L.
+
+# This seems to be required on some Ubuntu distros due to an issue with the gold linker
+#		-fuse-ld=bfd
+
+# example of pointing to a locally built openssl 1.1
+# LNFLAGS +=	 -L/home/kgold/openssl
+# This also requires setting the environment variable LD_LIBRARY_PATH.  E.g.,
+# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c
+
+# link - for TSS library
+
+# hardening flags for linking shared objects
+LNLFLAGS += -shared -Wl,-z,now
+
+# This is an alternative to using the bfd linker on Ubuntu
+LNLLIBS += -lcrypto
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+# hardening flags for linking executables
+LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+
+LNALIBS +=  -libmtss
+
+# shared library
+
+# versioned shared library
+LIBTSSVERSIONED=libibmtss.so.1.3
+
+# soname field of the shared library
+# which will be made symbolic link to the versioned shared library
+# this is used to provide version backward-compatibility information
+LIBTSSSONAME=libibmtss.so.1
+
+# symbolic link to the versioned shared library
+# this allows linking to the shared library with '-libmtss' 
+
+os := $(shell uname -o)
+ifeq ($(os),Cygwin)
+  LIBTSS=libibmtss.dll
+else
+  LIBTSS=libibmtss.so
+endif
+
+# TSS utilities shared library
+
+LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3
+LIBTSSUTILSSONAME=libibmtssutils.so.1
+LIBTSSUTILS=libibmtssutils.so
+
+# executable extension
+
+EXE =
+
+# 
+
+ALL = 
+TSS_HEADERS=
+
+# default TSS library
+
+TSS_OBJS =	tssfile.o 		\
+		tsscryptoh.o 		\
+		tsscrypto.o
+
+TSSUTILS_OBJS = cryptoutils.o	\
+		ekutils.o	\
+		imalib.o	\
+		eventlib.o
+
+# common to all builds
+
+include makefile-common
+include makefile-common12
+
+# default build target
+
+all:	$(ALL)
+
+# TSS shared library source
+
+tss.o: 		$(TSS_HEADERS) tss.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss.c
+tssproperties.o: $(TSS_HEADERS) tssproperties.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c
+tssauth.o: 	$(TSS_HEADERS) tssauth.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c
+tssmarshal.o: 	$(TSS_HEADERS) tssmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c
+tsscryptoh.o: 	$(TSS_HEADERS) tsscryptoh.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c
+tsscrypto.o: 	$(TSS_HEADERS) tsscrypto.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c
+tssutils.o: 	$(TSS_HEADERS) tssutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c
+tssfile.o: 	$(TSS_HEADERS) tssfile.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c
+tsssocket.o: 	$(TSS_HEADERS) tsssocket.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c
+tssdev.o: 	$(TSS_HEADERS) tssdev.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c
+tsstransmit.o: 	$(TSS_HEADERS) tsstransmit.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c
+tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c
+tssccattributes.o: $(TSS_HEADERS) tssccattributes.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c
+tssprint.o: 	$(TSS_HEADERS) tssprint.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c
+tssprintcmd.o: 	$(TSS_HEADERS) tssprintcmd.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c
+Unmarshal.o: 	$(TSS_HEADERS) Unmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c
+Commands.o: 	$(TSS_HEADERS) Commands.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c
+CommandAttributeData.o: 	$(TSS_HEADERS) CommandAttributeData.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c
+ntc2lib.o:	$(TSS_HEADERS) ntc2lib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c
+tssntc.o:	$(TSS_HEADERS) tssntc.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c
+# TPM 1.2
+
+tss12.o: 	$(TSS_HEADERS) tss12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss12.c
+tssauth12.o: 	$(TSS_HEADERS) tssauth12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth12.c
+tssmarshal12.o:	$(TSS_HEADERS) tssmarshal12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal12.c
+Unmarshal12.o: 	$(TSS_HEADERS) Unmarshal12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal12.c
+Commands12.o: 	$(TSS_HEADERS) Commands12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands12.c
+tssccattributes12.o: $(TSS_HEADERS) tssccattributes12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes12.c
+CommandAttributeData12.o: 	$(TSS_HEADERS) CommandAttributeData12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData12.c
+
+# TSS utilities shared library source
+
+cryptoutils.o: 	$(TSS_HEADERS) cryptoutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c
+ekutils.o: 	$(TSS_HEADERS) ekutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c
+imalib.o: 	$(TSS_HEADERS) imalib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c
+eventlib.o: 	$(TSS_HEADERS) eventlib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSONAME)
+		ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME)
+		rm -f $(LIBTSS)
+		ln -sf $(LIBTSSSONAME) $(LIBTSS)
+
+# TSS utilities shared library
+
+$(LIBTSSUTILS):	$(TSSUTILS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) $(TSSUTILS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSUTILSONAME)
+		ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME)
+		rm -f $(LIBTSSUTILS)
+		ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:		
+		rm -f *.o  *~ 		\
+		h*.bin			\
+		$(LIBTSSSONAME)		\
+		$(LIBTSSVERSIONED) 	\
+		$(LIBTSSUTILSSONAME) 	\
+		$(LIBTSSUTILSVERSIONED)	\
+		$(ALL)
+
+# applications are in .../utils12
+
+# for applications, not for TSS library
+
+%.o:		%.c ibmtss/tss.h 
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
+
diff --git a/utils/makefiletpm20 b/utils/makefiletpm20
new file mode 100644
index 000000000..0af7c525b
--- /dev/null
+++ b/utils/makefiletpm20
@@ -0,0 +1,494 @@
+#################################################################################
+#										#
+#		Linux TPM2 Utilities Makefile					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2014 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 	-DTPM_POSIX
+
+# example of pointing to a locally built openssl 1.1
+# CCFLAGS += 	-I/home/kgold/openssl/include
+
+# compile - for TSS library
+
+# include the hardening flag PIC needed for compiling for dynamic
+# linking
+
+CCLFLAGS += 	-I. 		\
+		-fPIC		\
+		-DTPM_TPM20
+
+# to compile out printf's.  Regression test will fail because it tries
+# to print a structure -DTPM_TSS_NO_PRINT
+
+# example of changing the default interface type
+#	-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
+
+# compile - for applications
+
+# include the hardening flag PIE needed for compiling for
+# static linking
+
+CCAFLAGS += 	-I.		\
+		-DTPM_TPM20	\
+		-fPIE
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX		\
+		-L.
+
+# This seems to be required on some Ubuntu distros due to an issue with the gold linker
+#		-fuse-ld=bfd
+
+# example of pointing to a locally built openssl 1.1
+# LNFLAGS +=	 -L/home/kgold/openssl
+# This also requires setting the environment variable LD_LIBRARY_PATH.  E.g.,
+# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl
+
+# link - for TSS library
+
+# hardening flags for linking shared objects
+LNLFLAGS += -shared -Wl,-z,now
+
+# This is an alternative to using the bfd linker on Ubuntu
+LNLLIBS += -lcrypto
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+# hardening flags for linking executables
+LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+
+LNALIBS +=  -libmtssutils -libmtss
+
+# shared library
+
+# versioned shared library
+LIBTSSVERSIONED=libibmtss.so.1.3
+
+# soname field of the shared library
+# which will be made symbolic link to the versioned shared library
+# this is used to provide version backward-compatibility information
+LIBTSSSONAME=libibmtss.so.1
+
+# symbolic link to the versioned shared library
+# this allows linking to the shared library with '-libmtss' 
+
+os := $(shell uname -o)
+ifeq ($(os),Cygwin)
+  LIBTSS=libibmtss.dll
+else
+  LIBTSS=libibmtss.so
+endif
+
+# TSS utilities shared library
+
+LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3
+LIBTSSUTILSSONAME=libibmtssutils.so.1
+LIBTSSUTILS=libibmtssutils.so
+
+# executable extension
+
+EXE =
+
+# 
+
+
+TSS_HEADERS=
+
+# default TSS library
+
+TSS_OBJS = 	tssfile.o 		\
+		tsscryptoh.o 		\
+		tsscrypto.o 		\
+		tssprintcmd.o
+
+TSSUTILS_OBJS = cryptoutils.o	\
+		ekutils.o	\
+		imalib.o	\
+		eventlib.o
+
+# common to all builds
+
+include makefile-common
+include makefile-common20
+
+# default build target
+
+all:	$(ALL)
+
+# TSS shared library source
+
+tss.o: 		$(TSS_HEADERS) tss.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss.c
+tssauth.o: 	$(TSS_HEADERS) tssauth.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c
+tssproperties.o: $(TSS_HEADERS) tssproperties.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c
+tssmarshal.o: 	$(TSS_HEADERS) tssmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c
+tsscryptoh.o: 	$(TSS_HEADERS) tsscryptoh.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c
+tsscrypto.o: 	$(TSS_HEADERS) tsscrypto.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c
+tssutils.o: 	$(TSS_HEADERS) tssutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c
+tssfile.o: 	$(TSS_HEADERS) tssfile.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c
+tsssocket.o: 	$(TSS_HEADERS) tsssocket.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c
+tssdev.o: 	$(TSS_HEADERS) tssdev.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c
+tsstransmit.o: 	$(TSS_HEADERS) tsstransmit.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c
+tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c
+tssccattributes.o: $(TSS_HEADERS) tssccattributes.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c
+tssprint.o: 	$(TSS_HEADERS) tssprint.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c
+tssprintcmd.o: 	$(TSS_HEADERS) tssprintcmd.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c
+Unmarshal.o: 	$(TSS_HEADERS) Unmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c
+Commands.o: 	$(TSS_HEADERS) Commands.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c
+CommandAttributeData.o: 	$(TSS_HEADERS) CommandAttributeData.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c
+ntc2lib.o:	$(TSS_HEADERS) ntc2lib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c
+tssntc.o:	$(TSS_HEADERS) tssntc.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c
+
+# TPM 2.0
+
+tss20.o: 	$(TSS_HEADERS) tss20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c
+tssauth20.o: 	$(TSS_HEADERS) tssauth20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c
+
+# TSS utilities shared library source
+
+cryptoutils.o: 	$(TSS_HEADERS) cryptoutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c
+ekutils.o: 	$(TSS_HEADERS) ekutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c
+imalib.o: 	$(TSS_HEADERS) imalib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c
+eventlib.o: 	$(TSS_HEADERS) eventlib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSONAME)
+		ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME)
+		rm -f $(LIBTSS)
+		ln -sf $(LIBTSSSONAME) $(LIBTSS)
+
+# TSS utilities shared library
+
+$(LIBTSSUTILS):	$(TSSUTILS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) $(TSSUTILS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSUTILSONAME)
+		ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME)
+		rm -f $(LIBTSSUTILS)
+		ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:		
+		rm -f *.o  *~ 		\
+		h*.bin			\
+		$(LIBTSSSONAME)		\
+		$(LIBTSSVERSIONED) 	\
+		$(LIBTSSUTILSSONAME) 	\
+		$(LIBTSSUTILSVERSIONED)	\
+		$(ALL)
+# applications
+
+activatecredential:	ibmtss/tss.h activatecredential.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential
+eventextend:		eventextend.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o $(LNALIBS) -o eventextend
+imaextend:		imaextend.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o $(LNALIBS) -o imaextend
+certify:		ibmtss/tss.h certify.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify
+certifycreation:	ibmtss/tss.h certifycreation.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation
+certifyx509:		ibmtss/tss.h certifyx509.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certifyx509.o $(LNALIBS) -lcrypto -o certifyx509
+changeeps:		ibmtss/tss.h changeeps.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps
+changepps:		ibmtss/tss.h changepps.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps
+clear:			ibmtss/tss.h clear.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear
+clearcontrol:		ibmtss/tss.h clearcontrol.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol
+clockrateadjust:	ibmtss/tss.h clockrateadjust.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust
+clockset:		ibmtss/tss.h clockset.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset
+commit:			ibmtss/tss.h commit.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit
+contextload:		ibmtss/tss.h contextload.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload
+contextsave:		ibmtss/tss.h contextsave.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave
+create:			ibmtss/tss.h create.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o $(LNALIBS) -o create
+createloaded:		ibmtss/tss.h createloaded.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o $(LNALIBS) -o createloaded
+createprimary:		ibmtss/tss.h createprimary.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o $(LNALIBS) -o createprimary
+dictionaryattacklockreset:		ibmtss/tss.h dictionaryattacklockreset.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset
+dictionaryattackparameters:		ibmtss/tss.h dictionaryattackparameters.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters
+duplicate:		ibmtss/tss.h duplicate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate 
+eccparameters:		ibmtss/tss.h eccparameters.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters 
+ecephemeral:		ibmtss/tss.h ecephemeral.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral 
+encryptdecrypt:		ibmtss/tss.h encryptdecrypt.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt	
+eventsequencecomplete:	ibmtss/tss.h eventsequencecomplete.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete	
+evictcontrol:		ibmtss/tss.h evictcontrol.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol	
+flushcontext:		ibmtss/tss.h flushcontext.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext
+getcommandauditdigest:	ibmtss/tss.h getcommandauditdigest.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest
+getcapability:		ibmtss/tss.h getcapability.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability
+getrandom:		ibmtss/tss.h getrandom.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom
+gettestresult:		ibmtss/tss.h gettestresult.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) gettestresult.o $(LNALIBS) -o gettestresult
+getsessionauditdigest:	ibmtss/tss.h getsessionauditdigest.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest
+gettime:		ibmtss/tss.h gettime.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime
+hashsequencestart:	ibmtss/tss.h hashsequencestart.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart
+hash:			ibmtss/tss.h hash.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash
+hierarchycontrol:	ibmtss/tss.h hierarchycontrol.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol
+hierarchychangeauth:	ibmtss/tss.h hierarchychangeauth.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth
+hmac:			ibmtss/tss.h hmac.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac
+hmacstart:		ibmtss/tss.h hmacstart.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart
+import:			ibmtss/tss.h import.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import
+importpem:		ibmtss/tss.h importpem.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o $(LNALIBS) -o importpem
+load:			ibmtss/tss.h load.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load
+loadexternal:		ibmtss/tss.h loadexternal.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o $(LNALIBS) -o loadexternal
+makecredential:		ibmtss/tss.h makecredential.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential
+nvcertify:		ibmtss/tss.h nvcertify.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify
+nvchangeauth:		ibmtss/tss.h nvchangeauth.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth
+nvdefinespace:		ibmtss/tss.h nvdefinespace.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace
+nvextend:		ibmtss/tss.h nvextend.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend
+nvglobalwritelock:	ibmtss/tss.h nvglobalwritelock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock
+nvincrement:		ibmtss/tss.h nvincrement.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement
+nvread:			ibmtss/tss.h nvread.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o $(LNALIBS) -o nvread
+nvreadlock:		ibmtss/tss.h nvreadlock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock
+nvreadpublic:		ibmtss/tss.h nvreadpublic.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic
+nvsetbits:		ibmtss/tss.h nvsetbits.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits
+nvundefinespace:	ibmtss/tss.h nvundefinespace.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace
+nvundefinespacespecial:	ibmtss/tss.h nvundefinespacespecial.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial
+nvwrite:		ibmtss/tss.h nvwrite.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o $(LNALIBS) -o nvwrite
+nvwritelock:		ibmtss/tss.h nvwritelock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock
+objectchangeauth:	ibmtss/tss.h objectchangeauth.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth
+pcrallocate: 		ibmtss/tss.h pcrallocate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate
+pcrevent: 		ibmtss/tss.h pcrevent.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent
+pcrextend: 		ibmtss/tss.h pcrextend.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend
+pcrread: 		ibmtss/tss.h pcrread.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread
+pcrreset: 		ibmtss/tss.h pcrreset.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset
+policyauthorize:	ibmtss/tss.h policyauthorize.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize
+policyauthvalue:	ibmtss/tss.h policyauthvalue.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue
+policycommandcode:	ibmtss/tss.h policycommandcode.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode
+policycphash:		ibmtss/tss.h policycphash.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash
+policynamehash:		ibmtss/tss.h policynamehash.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynamehash.o $(LNALIBS) -o policynamehash
+policycountertimer:	ibmtss/tss.h policycountertimer.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer
+policyduplicationselect:	ibmtss/tss.h policyduplicationselect.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyduplicationselect.o $(LNALIBS) -o policyduplicationselect
+policygetdigest:	ibmtss/tss.h policygetdigest.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest
+policymaker:		ibmtss/tss.h policymaker.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker
+policymakerpcr:		ibmtss/tss.h policymakerpcr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr
+policyauthorizenv:	ibmtss/tss.h policyauthorizenv.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv
+policynv:		ibmtss/tss.h policynv.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv
+policynvwritten:	ibmtss/tss.h policynvwritten.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten
+policyor:		ibmtss/tss.h policyor.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor
+policypassword:		ibmtss/tss.h policypassword.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword
+policypcr:		ibmtss/tss.h policypcr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr
+policyrestart:		ibmtss/tss.h policyrestart.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart
+policysigned:		ibmtss/tss.h policysigned.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned
+policysecret:		ibmtss/tss.h policysecret.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret
+policytemplate:		ibmtss/tss.h policytemplate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate
+policyticket:		ibmtss/tss.h policyticket.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket
+quote:			ibmtss/tss.h quote.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote
+powerup:		ibmtss/tss.h powerup.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup
+readclock:		ibmtss/tss.h readclock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock
+readpublic:		ibmtss/tss.h readpublic.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o $(LNALIBS) -o readpublic
+returncode:		ibmtss/tss.h returncode.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode
+rewrap:			ibmtss/tss.h rewrap.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap
+rsadecrypt: 		ibmtss/tss.h rsadecrypt.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt
+rsaencrypt: 		ibmtss/tss.h rsaencrypt.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt
+sequenceupdate:		ibmtss/tss.h sequenceupdate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate
+sequencecomplete:	ibmtss/tss.h sequencecomplete.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete
+setprimarypolicy:	ibmtss/tss.h setprimarypolicy.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy
+setcommandcodeauditstatus:	ibmtss/tss.h setcommandcodeauditstatus.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) setcommandcodeauditstatus.o $(LNALIBS) -o setcommandcodeauditstatus
+shutdown:		ibmtss/tss.h shutdown.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown
+sign:			ibmtss/tss.h sign.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign
+startauthsession:	ibmtss/tss.h startauthsession.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession
+startup:		ibmtss/tss.h startup.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup
+stirrandom:		ibmtss/tss.h stirrandom.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom
+unseal:			ibmtss/tss.h unseal.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal
+verifysignature:	ibmtss/tss.h verifysignature.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o $(LNALIBS) -o verifysignature
+zgen2phase:		ibmtss/tss.h zgen2phase.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) zgen2phase.o $(LNALIBS) -o zgen2phase
+signapp:		ibmtss/tss.h signapp.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o $(LNALIBS) -o signapp
+writeapp:		ibmtss/tss.h writeapp.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o $(LNALIBS) -o writeapp
+timepacket:		ibmtss/tss.h timepacket.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket
+createek:		createek.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createek.o $(LNALIBS) -o createek
+createekcert:		createekcert.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o $(LNALIBS) -o createekcert
+tpm2pem:		tpm2pem.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpm2pem.o $(LNALIBS) -o tpm2pem
+tpmpublic2eccpoint:	tpmpublic2eccpoint.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpmpublic2eccpoint.o $(LNALIBS) -o tpmpublic2eccpoint
+ntc2getconfig:		ntc2getconfig.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig
+ntc2preconfig:		ntc2preconfig.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig
+ntc2lockconfig:		ntc2lockconfig.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig
+publicname:		publicname.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) publicname.o $(LNALIBS) -o publicname
+getcryptolibrary:	getcryptolibrary.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcryptolibrary.o $(LNALIBS) -o getcryptolibrary
+printattr:		printattr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) printattr.o $(LNALIBS) -o printattr
+tpmcmd:			tpmcmd.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpmcmd.o $(LNALIBS) -o tpmcmd
+
+# for applications, not for TSS library
+
+%.o:		%.c ibmtss/tss.h 
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
+
diff --git a/utils/makefiletpmc b/utils/makefiletpmc
new file mode 100644
index 000000000..35579578b
--- /dev/null
+++ b/utils/makefiletpmc
@@ -0,0 +1,515 @@
+#################################################################################
+#										#
+#		Linux TPM 1.2 TSS and TPM 2.0 TSS and Utilities Makefile	#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2018 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 	-DTPM_POSIX
+
+# example of pointing to a locally built openssl 1.1
+# CCFLAGS += 	-I/home/kgold/openssl/include
+
+# compile - for TSS library
+
+# include the hardening flag PIC needed for compiling for dynamic
+# linking
+
+CCLFLAGS += 	-I. 		\
+		-fPIC		\
+		-DTPM_TPM20	\
+		-DTPM_TPM12
+
+# to compile out printf's.  Regression test will fail because it tries
+# to print a structure -DTPM_TSS_NO_PRINT
+
+# example of changing the default interface type
+#	-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""
+
+# compile - for applications
+
+# include the hardening flag PIE needed for compiling for
+# static linking
+
+CCAFLAGS += 	-I.		\
+		-DTPM_TPM20	\
+		-DTPM_TPM12	\
+		-fPIE
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX		\
+		-L.
+
+# This seems to be required on some Ubuntu distros due to an issue with the gold linker
+#		-fuse-ld=bfd
+
+# example of pointing to a locally built openssl 1.1
+# LNFLAGS +=	 -L/home/kgold/openssl
+# This also requires setting the environment variable LD_LIBRARY_PATH.  E.g.,
+# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl
+
+# link - for TSS library
+
+# hardening flags for linking shared objects
+LNLFLAGS += -shared -Wl,-z,now
+
+# This is an alternative to using the bfd linker on Ubuntu
+LNLLIBS += -lcrypto
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+# hardening flags for linking executables
+LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+
+LNALIBS +=  -libmtssutils -libmtss
+
+# shared library
+
+# versioned shared library
+LIBTSSVERSIONED=libibmtss.so.1.3
+
+# soname field of the shared library
+# which will be made symbolic link to the versioned shared library
+# this is used to provide version backward-compatibility information
+LIBTSSSONAME=libibmtss.so.1
+
+# symbolic link to the versioned shared library
+# this allows linking to the shared library with '-libmtss'
+
+os := $(shell uname -o)
+ifeq ($(os),Cygwin)
+  LIBTSS=libibmtss.dll
+else
+  LIBTSS=libibmtss.so
+endif
+
+# TSS utilities shared library
+
+LIBTSSUTILSVERSIONED=libibmtssutils.so.1.3
+LIBTSSUTILSSONAME=libibmtssutils.so.1
+LIBTSSUTILS=libibmtssutils.so
+
+# executable extension
+
+EXE =
+
+#
+
+
+TSS_HEADERS=
+
+# default TSS library
+
+TSS_OBJS = 	tssfile.o 		\
+		tsscryptoh.o 		\
+		tsscrypto.o 		\
+		tssprintcmd.o
+
+TSSUTILS_OBJS = cryptoutils.o	\
+		ekutils.o	\
+		imalib.o	\
+		eventlib.o
+
+# common to all builds
+
+include makefile-common
+include makefile-common12
+include makefile-common20
+
+# default build target
+
+all:	$(ALL)
+
+# TSS shared library source
+
+tss.o: 		$(TSS_HEADERS) tss.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss.c
+tssauth.o: 	$(TSS_HEADERS) tssauth.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c
+tssproperties.o: $(TSS_HEADERS) tssproperties.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c
+tssmarshal.o: 	$(TSS_HEADERS) tssmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c
+tsscryptoh.o: 	$(TSS_HEADERS) tsscryptoh.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c
+tsscrypto.o: 	$(TSS_HEADERS) tsscrypto.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c
+tssutils.o: 	$(TSS_HEADERS) tssutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c
+tssfile.o: 	$(TSS_HEADERS) tssfile.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c
+tsssocket.o: 	$(TSS_HEADERS) tsssocket.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c
+tssdev.o: 	$(TSS_HEADERS) tssdev.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c
+tsstransmit.o: 	$(TSS_HEADERS) tsstransmit.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c
+tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c
+tssccattributes.o: $(TSS_HEADERS) tssccattributes.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c
+tssprint.o: 	$(TSS_HEADERS) tssprint.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c
+tssprintcmd.o: 	$(TSS_HEADERS) tssprintcmd.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssprintcmd.c
+Unmarshal.o: 	$(TSS_HEADERS) Unmarshal.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c
+Commands.o: 	$(TSS_HEADERS) Commands.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c
+CommandAttributeData.o: 	$(TSS_HEADERS) CommandAttributeData.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c
+ntc2lib.o:	$(TSS_HEADERS) ntc2lib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c
+tssntc.o:	$(TSS_HEADERS) tssntc.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c
+
+# TPM 2.0
+
+tss20.o: 	$(TSS_HEADERS) tss20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss20.c
+tssauth20.o: 	$(TSS_HEADERS) tssauth20.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth20.c
+# TPM 1.2
+
+tss12.o: 	$(TSS_HEADERS) tss12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tss12.c
+tssauth12.o: 	$(TSS_HEADERS) tssauth12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssauth12.c
+tssmarshal12.o:	$(TSS_HEADERS) tssmarshal12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal12.c
+Unmarshal12.o: 	$(TSS_HEADERS) Unmarshal12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal12.c
+Commands12.o: 	$(TSS_HEADERS) Commands12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) Commands12.c
+tssccattributes12.o: $(TSS_HEADERS) tssccattributes12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes12.c
+CommandAttributeData12.o: 	$(TSS_HEADERS) CommandAttributeData12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData12.c
+
+# TSS utilities shared library source
+
+cryptoutils.o: 	$(TSS_HEADERS) cryptoutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) cryptoutils.c
+ekutils.o: 	$(TSS_HEADERS) ekutils.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ekutils.c
+imalib.o: 	$(TSS_HEADERS) imalib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) imalib.c
+eventlib.o: 	$(TSS_HEADERS) eventlib.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) eventlib.c
+
+# TSS shared library build
+
+$(LIBTSS): 	$(TSS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) \
+			$(TSS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSONAME)
+		ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME)
+		rm -f $(LIBTSS)
+		ln -sf $(LIBTSSSONAME) $(LIBTSS)
+
+# TSS utilities shared library
+
+$(LIBTSSUTILS):	$(TSSUTILS_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILSSONAME) -o $(LIBTSSUTILSVERSIONED) \
+			$(TSSUTILS_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSUTILSONAME)
+		ln -sf $(LIBTSSUTILSVERSIONED) $(LIBTSSUTILSSONAME)
+		rm -f $(LIBTSSUTILS)
+		ln -sf $(LIBTSSUTILSSONAME) $(LIBTSSUTILS)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:
+		rm -f *.o  *~ 		\
+		h*.bin			\
+		$(LIBTSSSONAME)		\
+		$(LIBTSSVERSIONED) 	\
+		$(LIBTSSUTILSSONAME) 	\
+		$(LIBTSSUTILSVERSIONED)	\
+		$(ALL)
+
+# applications
+
+activatecredential:	ibmtss/tss.h activatecredential.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential
+eventextend:		eventextend.o eventlib.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o $(LNALIBS) -o eventextend
+imaextend:		imaextend.o imalib.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o $(LNALIBS) -o imaextend
+certify:		ibmtss/tss.h certify.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify
+certifycreation:	ibmtss/tss.h certifycreation.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation
+certifyx509:		ibmtss/tss.h certifyx509.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) certifyx509.o $(LNALIBS) -lcrypto -o certifyx509
+changeeps:		ibmtss/tss.h changeeps.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps
+changepps:		ibmtss/tss.h changepps.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps
+clear:			ibmtss/tss.h clear.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear
+clearcontrol:		ibmtss/tss.h clearcontrol.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol
+clockrateadjust:	ibmtss/tss.h clockrateadjust.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust
+clockset:		ibmtss/tss.h clockset.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset
+commit:			ibmtss/tss.h commit.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit
+contextload:		ibmtss/tss.h contextload.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload
+contextsave:		ibmtss/tss.h contextsave.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave
+create:			ibmtss/tss.h create.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o $(LNALIBS) -o create
+createloaded:		ibmtss/tss.h createloaded.o objecttemplates.o $(LIBTSS) $(LIBTTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o $(LNALIBS) -o createloaded
+createprimary:		ibmtss/tss.h createprimary.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o $(LNALIBS) -o createprimary
+dictionaryattacklockreset:		ibmtss/tss.h dictionaryattacklockreset.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset
+dictionaryattackparameters:		ibmtss/tss.h dictionaryattackparameters.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters
+duplicate:		ibmtss/tss.h duplicate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate
+eccparameters:		ibmtss/tss.h eccparameters.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters
+ecephemeral:		ibmtss/tss.h ecephemeral.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral
+encryptdecrypt:		ibmtss/tss.h encryptdecrypt.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt
+eventsequencecomplete:	ibmtss/tss.h eventsequencecomplete.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete
+evictcontrol:		ibmtss/tss.h evictcontrol.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol
+flushcontext:		ibmtss/tss.h flushcontext.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext
+getcommandauditdigest:	ibmtss/tss.h getcommandauditdigest.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest
+getcapability:		ibmtss/tss.h getcapability.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability
+getrandom:		ibmtss/tss.h getrandom.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom
+gettestresult:		ibmtss/tss.h gettestresult.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) gettestresult.o $(LNALIBS) -o gettestresult
+getsessionauditdigest:	ibmtss/tss.h getsessionauditdigest.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest
+gettime:		ibmtss/tss.h gettime.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime
+hashsequencestart:	ibmtss/tss.h hashsequencestart.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart
+hash:			ibmtss/tss.h hash.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash
+hierarchycontrol:	ibmtss/tss.h hierarchycontrol.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol
+hierarchychangeauth:	ibmtss/tss.h hierarchychangeauth.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth
+hmac:			ibmtss/tss.h hmac.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac
+hmacstart:		ibmtss/tss.h hmacstart.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart
+import:			ibmtss/tss.h import.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import
+importpem:		ibmtss/tss.h importpem.o objecttemplates.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o $(LNALIBS) -o importpem
+load:			ibmtss/tss.h load.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load
+loadexternal:		ibmtss/tss.h loadexternal.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o $(LNALIBS) -o loadexternal
+makecredential:		ibmtss/tss.h makecredential.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential
+nvcertify:		ibmtss/tss.h nvcertify.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify
+nvchangeauth:		ibmtss/tss.h nvchangeauth.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth
+nvdefinespace:		ibmtss/tss.h nvdefinespace.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace
+nvextend:		ibmtss/tss.h nvextend.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend
+nvglobalwritelock:	ibmtss/tss.h nvglobalwritelock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock
+nvincrement:		ibmtss/tss.h nvincrement.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement
+nvread:			ibmtss/tss.h nvread.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o $(LNALIBS) -o nvread
+nvreadlock:		ibmtss/tss.h nvreadlock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock
+nvreadpublic:		ibmtss/tss.h nvreadpublic.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic
+nvsetbits:		ibmtss/tss.h nvsetbits.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits
+nvundefinespace:	ibmtss/tss.h nvundefinespace.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace
+nvundefinespacespecial:	ibmtss/tss.h nvundefinespacespecial.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial
+nvwrite:		ibmtss/tss.h nvwrite.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o $(LNALIBS) -o nvwrite
+nvwritelock:		ibmtss/tss.h nvwritelock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock
+objectchangeauth:	ibmtss/tss.h objectchangeauth.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth
+pcrallocate: 		ibmtss/tss.h pcrallocate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate
+pcrevent: 		ibmtss/tss.h pcrevent.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent
+pcrextend: 		ibmtss/tss.h pcrextend.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend
+pcrread: 		ibmtss/tss.h pcrread.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread
+pcrreset: 		ibmtss/tss.h pcrreset.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset
+policyauthorize:	ibmtss/tss.h policyauthorize.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize
+policyauthvalue:	ibmtss/tss.h policyauthvalue.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue
+policycommandcode:	ibmtss/tss.h policycommandcode.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode
+policycphash:		ibmtss/tss.h policycphash.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash
+policynamehash:		ibmtss/tss.h policynamehash.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynamehash.o $(LNALIBS) -o policynamehash
+policycountertimer:	ibmtss/tss.h policycountertimer.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer
+policyduplicationselect:	ibmtss/tss.h policyduplicationselect.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyduplicationselect.o $(LNALIBS) -o policyduplicationselect
+policygetdigest:	ibmtss/tss.h policygetdigest.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest
+policymaker:		ibmtss/tss.h policymaker.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker
+policymakerpcr:		ibmtss/tss.h policymakerpcr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr
+policyauthorizenv:	ibmtss/tss.h policyauthorizenv.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv
+policynv:		ibmtss/tss.h policynv.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv
+policynvwritten:	ibmtss/tss.h policynvwritten.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten
+policyor:		ibmtss/tss.h policyor.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor
+policypassword:		ibmtss/tss.h policypassword.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword
+policypcr:		ibmtss/tss.h policypcr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr
+policyrestart:		ibmtss/tss.h policyrestart.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart
+policysigned:		ibmtss/tss.h policysigned.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned
+policysecret:		ibmtss/tss.h policysecret.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret
+policytemplate:		ibmtss/tss.h policytemplate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate
+policyticket:		ibmtss/tss.h policyticket.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket
+quote:			ibmtss/tss.h quote.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote
+powerup:		ibmtss/tss.h powerup.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup
+readclock:		ibmtss/tss.h readclock.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock
+readpublic:		ibmtss/tss.h readpublic.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o $(LNALIBS) -o readpublic
+returncode:		ibmtss/tss.h returncode.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode
+rewrap:			ibmtss/tss.h rewrap.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap
+rsadecrypt: 		ibmtss/tss.h rsadecrypt.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt
+rsaencrypt: 		ibmtss/tss.h rsaencrypt.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt
+sequenceupdate:		ibmtss/tss.h sequenceupdate.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate
+sequencecomplete:	ibmtss/tss.h sequencecomplete.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete
+setprimarypolicy:	ibmtss/tss.h setprimarypolicy.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy
+setcommandcodeauditstatus:	ibmtss/tss.h setcommandcodeauditstatus.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) setcommandcodeauditstatus.o $(LNALIBS) -o setcommandcodeauditstatus
+shutdown:		ibmtss/tss.h shutdown.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown
+sign:			ibmtss/tss.h sign.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign
+startauthsession:	ibmtss/tss.h startauthsession.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession
+startup:		ibmtss/tss.h startup.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup
+stirrandom:		ibmtss/tss.h stirrandom.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom
+unseal:			ibmtss/tss.h unseal.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal
+verifysignature:	ibmtss/tss.h verifysignature.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o $(LNALIBS) -o verifysignature
+zgen2phase:		ibmtss/tss.h zgen2phase.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) zgen2phase.o $(LNALIBS) -o zgen2phase
+signapp:		ibmtss/tss.h signapp.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o $(LNALIBS) -o signapp
+writeapp:		ibmtss/tss.h writeapp.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o $(LNALIBS) -o writeapp
+timepacket:		ibmtss/tss.h timepacket.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket
+createek:		createek.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createek.o $(LNALIBS) -o createek
+createekcert:		createekcert.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o $(LNALIBS) -o createekcert
+tpm2pem:		tpm2pem.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpm2pem.o $(LNALIBS) -o tpm2pem
+tpmpublic2eccpoint:	tpmpublic2eccpoint.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpmpublic2eccpoint.o $(LNALIBS) -o tpmpublic2eccpoint
+ntc2getconfig:		ntc2getconfig.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig
+ntc2preconfig:		ntc2preconfig.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig
+ntc2lockconfig:		ntc2lockconfig.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig
+publicname:		publicname.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) publicname.o $(LNALIBS) -o publicname
+getcryptolibrary:	getcryptolibrary.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcryptolibrary.o $(LNALIBS) -o getcryptolibrary
+printattr:		printattr.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) printattr.o $(LNALIBS) -o printattr
+tpmcmd:			tpmcmd.o $(LIBTSS) $(LIBTSSUTILS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpmcmd.o $(LNALIBS) -o tpmcmd
+
+# for applications, not for TSS library
+
+%.o:		%.c ibmtss/tss.h
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
diff --git a/utils/man/man1/tssactivatecredential.1 b/utils/man/man1/tssactivatecredential.1
new file mode 100644
index 000000000..4b0afd625
--- /dev/null
+++ b/utils/man/man1/tssactivatecredential.1
@@ -0,0 +1,41 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH ACTIVATECREDENTIAL "1" "December 2019" "activatecredential 1546" "User Commands"
+.SH NAME
+activatecredential \- Runs TPM2 activatecredential
+.SH DESCRIPTION
+activatecredential
+.PP
+Runs TPM2_ActivateCredential
+.TP
+\fB\-ha\fR
+activation handle of object associated with the certificate
+.TP
+\fB\-hk\fR
+handle of loaded decryption key
+.TP
+\fB\-icred\fR
+input credential file name
+.TP
+\fB\-is\fR
+secret file name
+.TP
+[\-pwda
+password for activation key (default empty)]
+.TP
+[\-pwdk
+password for decryption key (default empty)]
+.TP
+[\-ocred
+output credential file name (default do not save)]
+.TP
+\fB\-se[0\-2]\fR
+session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsscertify.1 b/utils/man/man1/tsscertify.1
new file mode 100644
index 000000000..dba3ec302
--- /dev/null
+++ b/utils/man/man1/tsscertify.1
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CERTIFY "1" "December 2019" "certify 1546" "User Commands"
+.SH NAME
+certify \- Runs TPM2 certify
+.SH DESCRIPTION
+certify
+.PP
+Runs TPM2_Certify
+.TP
+\fB\-ho\fR
+object handle
+.TP
+[\-pwdo
+password for object (default empty)]
+.TP
+\fB\-hk\fR
+certifying key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384 sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc, hmac) (default rsa)]
+.TP
+[\-qd
+qualifying data file name]
+.TP
+[\-os
+signature file name (default do not save)]
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsscertifycreation.1 b/utils/man/man1/tsscertifycreation.1
new file mode 100644
index 000000000..8eb48cb4e
--- /dev/null
+++ b/utils/man/man1/tsscertifycreation.1
@@ -0,0 +1,49 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CERTIFYCREATION "1" "December 2019" "certifycreation 1546" "User Commands"
+.SH NAME
+certifycreation \- Runs TPM2 certifycreation
+.SH DESCRIPTION
+certifycreation
+.PP
+Runs TPM2_CertifyCreation
+.TP
+\fB\-ho\fR
+object handle
+.TP
+\fB\-hk\fR
+certifying key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc) (default rsa)]
+.TP
+[\-qd
+qualifying data file name]
+.TP
+\fB\-tk\fR
+input ticket file name
+.TP
+\fB\-ch\fR
+input creation hash file name
+.TP
+[\-os
+signature file name] (default do not save)
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsscertifyx509.1 b/utils/man/man1/tsscertifyx509.1
new file mode 100644
index 000000000..6aab51e67
--- /dev/null
+++ b/utils/man/man1/tsscertifyx509.1
@@ -0,0 +1,68 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CERTIFYX509 "1" "December 2019" "certifyx509 1546" "User Commands"
+.SH NAME
+certifyx509 \- Runs TPM2 certifyx509
+.SH DESCRIPTION
+certifyx509
+.PP
+Runs TPM2_Certifyx509
+.TP
+\fB\-ho\fR
+object handle
+.TP
+[\-pwdo
+password for object (default empty)]
+.TP
+\fB\-hk\fR
+certifying key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384 sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc) (default rsa)]
+.TP
+[\-ku
+X509 key usage \- string \- comma separated, no spaces]
+.TP
+[\-iob
+TPMA_OBJECT \- 4 byte hex]
+e.g. sign: critical,digitalSignature,keyCertSign,cRLSign (default)
+e.g. decrypt: critical,dataEncipherment,keyAgreement,encipherOnly,decipherOnly
+e.g. fixedTPM: critical,nonRepudiation
+e.g. parent (restrict decrypt): critical,keyEncipherment
+.TP
+[\-bit
+bit in partialCertificate to toggle]
+.TP
+[\-sub
+subject same as issuer for self signed (root) certificate]
+.TP
+[\-opc
+partial certificate file name (default do not save)]
+.TP
+[\-oa
+addedToCertificate file name (default do not save)]
+.TP
+[\-otbs
+signed tbsDigest file name (default do not save)]
+.TP
+[\-os
+signature file name (default do not save)]
+.TP
+[\-ocert
+reconstructed certificate file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsschangeeps.1 b/utils/man/man1/tsschangeeps.1
new file mode 100644
index 000000000..2e2ad032e
--- /dev/null
+++ b/utils/man/man1/tsschangeeps.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CHANGEEPS "1" "December 2019" "changeeps 1546" "User Commands"
+.SH NAME
+changeeps \- Runs TPM2 changeeps
+.SH DESCRIPTION
+changeeps
+.PP
+Runs TPM2_ChangeEPS
+.TP
+\fB\-pwda\fR
+authorization password (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tsschangepps.1 b/utils/man/man1/tsschangepps.1
new file mode 100644
index 000000000..d5a0c0727
--- /dev/null
+++ b/utils/man/man1/tsschangepps.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CHANGEPPS "1" "December 2019" "changepps 1546" "User Commands"
+.SH NAME
+changepps \- Runs TPM2 changepps
+.SH DESCRIPTION
+changepps
+.PP
+Runs TPM2_ChangePPS
+.TP
+\fB\-pwda\fR
+authorization password (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssclear.1 b/utils/man/man1/tssclear.1
new file mode 100644
index 000000000..7a9e2d0d1
--- /dev/null
+++ b/utils/man/man1/tssclear.1
@@ -0,0 +1,20 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CLEAR "1" "December 2019" "clear 1546" "User Commands"
+.SH NAME
+clear \- Runs TPM2 clear
+.SH DESCRIPTION
+clear
+.PP
+Runs TPM2_Clear
+.TP
+\fB\-hi\fR
+authhandle hierarchy (l, p)
+l lockout, p platform
+.TP
+\fB\-pwda\fR
+authorization password (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssclearcontrol.1 b/utils/man/man1/tssclearcontrol.1
new file mode 100644
index 000000000..e2482a637
--- /dev/null
+++ b/utils/man/man1/tssclearcontrol.1
@@ -0,0 +1,23 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CLEARCONTROL "1" "December 2019" "clearcontrol 1546" "User Commands"
+.SH NAME
+clearcontrol \- Runs TPM2 clearcontrol
+.SH DESCRIPTION
+clearcontrol
+.PP
+Runs TPM2_ClearControl
+.TP
+\fB\-hi\fR
+authhandle hierarchy (l, p)
+l lockout, p platform
+.TP
+\fB\-pwda\fR
+authorization password (default empty)
+.TP
+\fB\-state\fR
+0 to disable, 1 to enable (default enable)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssclockrateadjust.1 b/utils/man/man1/tssclockrateadjust.1
new file mode 100644
index 000000000..fe8402b09
--- /dev/null
+++ b/utils/man/man1/tssclockrateadjust.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CLOCKRATEADJUST "1" "December 2019" "clockrateadjust 1546" "User Commands"
+.SH NAME
+clockrateadjust \- Runs TPM2 clockrateadjust
+.SH DESCRIPTION
+clockrateadjust
+.PP
+Runs TPM2_ClockRateAdjust
+.TP
+[\-hi
+hierarchy auth (p, o) (default p)]
+.TP
+[\-pwdp
+hierarchy password (default empty)]
+.TP
+[\-adj
+rate adjust (default 0)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssclockset.1 b/utils/man/man1/tssclockset.1
new file mode 100644
index 000000000..7ba963c18
--- /dev/null
+++ b/utils/man/man1/tssclockset.1
@@ -0,0 +1,31 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CLOCKSET "1" "December 2019" "clockset 1546" "User Commands"
+.SH NAME
+clockset \- Runs TPM2 clockset
+.SH DESCRIPTION
+clockset
+.PP
+Runs TPM2_ClockSet
+.TP
+\fB\-clock\fR
+new clock
+.TP
+\fB\-iclock\fR
+new clock file name
+.TP
+[\-addsec
+seconds to add to new clock]
+.TP
+\fB\-hi\fR
+hierarchy (o, p) (default platform)
+.IP
+o owner, p platform
+.TP
+\fB\-pwdp\fR
+password for hierarchy (default empty)
+.TP
+\fB\-se[0\-2]\fR
+session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tsscommit.1 b/utils/man/man1/tsscommit.1
new file mode 100644
index 000000000..1d8c2a051
--- /dev/null
+++ b/utils/man/man1/tsscommit.1
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH COMMIT "1" "December 2019" "commit 1546" "User Commands"
+.SH NAME
+commit \- Runs TPM2 commit
+.SH DESCRIPTION
+commit
+.PP
+Runs TPM2_Commit
+.TP
+\fB\-hk\fR
+key handle
+.TP
+[\-pt
+point input file name (default empty)]
+.TP
+[\-s2
+s2 input file name (default empty)]
+.TP
+[\-y2
+y2 input file name (default empty)]
+.TP
+[\-Kf
+K output data file name (default do not save)]
+.TP
+[\-Lf
+output data file name (default do not save)]
+.TP
+[\-Ef
+output data file name (default do not save)]
+.TP
+[\-cf
+output counter file name (default do not save)]
+.TP
+[\-pwdk
+password for key (default empty)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsscontextload.1 b/utils/man/man1/tsscontextload.1
new file mode 100644
index 000000000..b1928caac
--- /dev/null
+++ b/utils/man/man1/tsscontextload.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CONTEXTLOAD "1" "December 2019" "contextload 1546" "User Commands"
+.SH NAME
+contextload \- Runs TPM2 contextload
+.SH DESCRIPTION
+contextload
+.PP
+Runs TPM2_ContextLoad
+.TP
+\fB\-if\fR
+context file name
diff --git a/utils/man/man1/tsscontextsave.1 b/utils/man/man1/tsscontextsave.1
new file mode 100644
index 000000000..bb72d83c3
--- /dev/null
+++ b/utils/man/man1/tsscontextsave.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CONTEXTSAVE "1" "December 2019" "contextsave 1546" "User Commands"
+.SH NAME
+contextsave \- Runs TPM2 contextsave
+.SH DESCRIPTION
+contextsave
+.PP
+Runs TPM2_ContextSave
+.TP
+\fB\-ha\fR
+handle
+.TP
+[\-of
+context file name (default do not save)]
diff --git a/utils/man/man1/tsscreate.1 b/utils/man/man1/tsscreate.1
new file mode 100644
index 000000000..12c5cb831
--- /dev/null
+++ b/utils/man/man1/tsscreate.1
@@ -0,0 +1,122 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATE "1" "December 2019" "create 1546" "User Commands"
+.SH NAME
+create \- Runs TPM2 create
+.SH DESCRIPTION
+create
+.PP
+Runs TPM2_Create
+.HP
+\fB\-hp\fR parent handle
+.IP
+[Asymmetric Key Algorithm]
+.HP
+\fB\-rsa\fR (default)
+.HP
+\fB\-ecc\fR curve
+.IP
+bnp256
+nistp256
+nistp384
+.IP
+Key attributes
+.TP
+\fB\-bl\fR
+data blob for unseal (create only)
+requires \fB\-if\fR
+.TP
+\fB\-den\fR
+decryption, (unrestricted, RSA and EC NULL scheme)
+.TP
+\fB\-deo\fR
+decryption, (unrestricted, RSA OAEP, EC NULL scheme)
+.TP
+\fB\-des\fR
+encryption/decryption, AES symmetric
+[\-116 for TPM rev 116 compatibility]
+.TP
+\fB\-st\fR
+storage (restricted)
+[default for primary keys]
+.TP
+\fB\-si\fR
+unrestricted signing (RSA and EC NULL scheme)
+.TP
+\fB\-sir\fR
+restricted signing (RSA RSASSA, EC ECDSA scheme)
+.TP
+\fB\-dau\fR
+unrestricted ECDAA signing key pair
+.TP
+\fB\-dar\fR
+restricted ECDAA signing key pair
+.TP
+\fB\-kh\fR
+keyed hash (unrestricted, hmac)
+.TP
+\fB\-khr\fR
+keyed hash (restricted, hmac)
+.TP
+\fB\-dp\fR
+derivation parent
+.TP
+\fB\-gp\fR
+general purpose, not storage
+.TP
+[\-kt
+(can be specified more than once)]
+f       fixedTPM (default for primary keys and derivation parents)
+p       fixedParent (default for primary keys and derivation parents)
+nf      no fixedTPM (default for non\-primary keys)
+np      no fixedParent (default for non\-primary keys)
+ed      encrypted duplication (default not set)
+.TP
+[\-da
+object subject to DA protection (default no)]
+.TP
+[\-pol
+policy file (default empty)]
+.TP
+[\-uwa
+userWithAuth attribute clear (default set)]
+.TP
+[\-if
+data (inSensitive) file name]
+.TP
+[\-nalg
+name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-halg
+scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-pwdp
+password for parent key (default empty)]
+.TP
+[\-opu
+public key file name (default do not save)]
+.TP
+[\-opr
+private key file name (default do not save)]
+.TP
+[\-opem
+public key PEM format file name (default do not save)]
+.TP
+[\-tk
+output ticket file name (default do not save)]
+.TP
+[\-ch
+output creation hash file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsscreateek.1 b/utils/man/man1/tsscreateek.1
new file mode 100644
index 000000000..47b3e3a0c
--- /dev/null
+++ b/utils/man/man1/tsscreateek.1
@@ -0,0 +1,33 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATEEK "1" "December 2019" "createek 1546" "User Commands"
+.SH NAME
+createek \- Runs TPM2 createek
+.SH DESCRIPTION
+createek
+.PP
+Parses and prints the various EK NV indexes specified by the IWG
+Creates a primary key based on the EK NV indexes
+.TP
+\fB\-te\fR
+print EK Template
+.TP
+\fB\-no\fR
+print EK nonce
+.TP
+\fB\-ce\fR
+print EK certificate
+.TP
+\fB\-cp\fR
+CreatePrimary using the EK template and EK nonce.
+Validate the EK against the EK certificate
+.TP
+[\-noflush
+Do not flush the primary key after validation]
+.TP
+[\-root
+filename \- validate EK certificate against the root]
+filename contains a list of PEM format CA root certificate
+filenames, one per line.
+The list may contain up to 100 certificates.
+.HP
+\fB\-alg\fR (rsa or ecc)
diff --git a/utils/man/man1/tsscreateekcert.1 b/utils/man/man1/tsscreateekcert.1
new file mode 100644
index 000000000..11587e2f2
--- /dev/null
+++ b/utils/man/man1/tsscreateekcert.1
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATEEKCERT "1" "December 2019" "createekcert 1546" "User Commands"
+.SH NAME
+createekcert \- Runs TPM2 createekcert
+.SH SYNOPSIS
+.B createekcert
+\fI\,-alg rsa -cakey cakey.pem    -capwd rrrr -v\/\fR
+.br
+.B createekcert
+\fI\,-alg ecc -cakey cakeyecc.pem -capwd rrrr -caalg ec -v\/\fR
+.SH DESCRIPTION
+createekcert
+.PP
+Provisions an EK certificate, using the default IWG template
+E.g.,
+.TP
+[\-pwdp
+platform hierarchy password (default empty)]
+.TP
+\fB\-cakey\fR
+CA PEM key file name
+.TP
+[\-capwd
+CA PEM key password (default empty)]
+.TP
+[\-caalg
+CA key algorithm (rsa or ec) (default rsa)]
+.TP
+[\-alg
+(rsa or ecc certificate) (default rsa)]
+.TP
+[\-noflush
+do not flush the primary key]
+.TP
+[\-of
+DER certificate output file name]
+.PP
+Currently:
+.IP
+Certificate issuer, subject, and validity are hard coded.
diff --git a/utils/man/man1/tsscreateloaded.1 b/utils/man/man1/tsscreateloaded.1
new file mode 100644
index 000000000..86286c218
--- /dev/null
+++ b/utils/man/man1/tsscreateloaded.1
@@ -0,0 +1,123 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATELOADED "1" "December 2019" "createloaded 1546" "User Commands"
+.SH NAME
+createloaded \- Runs TPM2 createloaded
+.SH DESCRIPTION
+createloaded
+.PP
+Runs TPM2_CreateLoaded
+.HP
+\fB\-hp\fR parent handle (can be hierarchy)
+.IP
+40000001 Owner
+4000000c Platform
+4000000b Endorsement
+.IP
+[Asymmetric Key Algorithm]
+.HP
+\fB\-rsa\fR (default)
+.HP
+\fB\-ecc\fR curve
+.IP
+bnp256
+nistp256
+nistp384
+.IP
+Key attributes
+.TP
+\fB\-bl\fR
+data blob for unseal (create only)
+requires \fB\-if\fR
+.TP
+\fB\-den\fR
+decryption, (unrestricted, RSA and EC NULL scheme)
+.TP
+\fB\-deo\fR
+decryption, (unrestricted, RSA OAEP, EC NULL scheme)
+.TP
+\fB\-des\fR
+encryption/decryption, AES symmetric
+[\-116 for TPM rev 116 compatibility]
+.TP
+\fB\-st\fR
+storage (restricted)
+[default for primary keys]
+.TP
+\fB\-si\fR
+unrestricted signing (RSA and EC NULL scheme)
+.TP
+\fB\-sir\fR
+restricted signing (RSA RSASSA, EC ECDSA scheme)
+.TP
+\fB\-dau\fR
+unrestricted ECDAA signing key pair
+.TP
+\fB\-dar\fR
+restricted ECDAA signing key pair
+.TP
+\fB\-kh\fR
+keyed hash (unrestricted, hmac)
+.TP
+\fB\-khr\fR
+keyed hash (restricted, hmac)
+.TP
+\fB\-dp\fR
+derivation parent
+.TP
+\fB\-gp\fR
+general purpose, not storage
+.TP
+[\-kt
+(can be specified more than once)]
+f       fixedTPM (default for primary keys and derivation parents)
+p       fixedParent (default for primary keys and derivation parents)
+nf      no fixedTPM (default for non\-primary keys)
+np      no fixedParent (default for non\-primary keys)
+ed      encrypted duplication (default not set)
+.TP
+[\-da
+object subject to DA protection (default no)]
+.TP
+[\-pol
+policy file (default empty)]
+.TP
+[\-uwa
+userWithAuth attribute clear (default set)]
+.TP
+[\-if
+data (inSensitive) file name]
+.TP
+[\-nalg
+name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-halg
+scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-der
+object's parent is a derivation parent]
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-pwdp
+password for parent key (default empty)]
+.TP
+[\-opu
+public key file name (default do not save)]
+.TP
+[\-opr
+private key file name (default do not save)]
+.TP
+[\-opem
+public key PEM format file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsscreateprimary.1 b/utils/man/man1/tsscreateprimary.1
new file mode 100644
index 000000000..08935c971
--- /dev/null
+++ b/utils/man/man1/tsscreateprimary.1
@@ -0,0 +1,126 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATEPRIMARY "1" "December 2019" "createprimary 1546" "User Commands"
+.SH NAME
+createprimary \- Runs TPM2 createprimary
+.SH DESCRIPTION
+createprimary creates a primary storage key
+.PP
+Runs TPM2_CreatePrimary
+.TP
+[\-hi
+hierarchy (e, o, p, n) (default null)]
+.TP
+[\-pwdp
+password for hierarchy (default empty)]
+.TP
+[\-pwdpi
+password file name for hierarchy (default empty)]
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-iu
+inPublic unique field file (default none)]
+.TP
+[\-opu
+public key file name (default do not save)]
+.TP
+[\-opem
+public key PEM format file name (default do not save)]
+.TP
+[\-tk
+output ticket file name]
+.TP
+[\-ch
+output creation hash file name]
+.IP
+[Asymmetric Key Algorithm]
+.HP
+\fB\-rsa\fR (default)
+.HP
+\fB\-ecc\fR curve
+.IP
+bnp256
+nistp256
+nistp384
+.IP
+Key attributes
+.TP
+\fB\-bl\fR
+data blob for unseal (create only)
+requires \fB\-if\fR
+.TP
+\fB\-den\fR
+decryption, (unrestricted, RSA and EC NULL scheme)
+.TP
+\fB\-deo\fR
+decryption, (unrestricted, RSA OAEP, EC NULL scheme)
+.TP
+\fB\-des\fR
+encryption/decryption, AES symmetric
+[\-116 for TPM rev 116 compatibility]
+.TP
+\fB\-st\fR
+storage (restricted)
+[default for primary keys]
+.TP
+\fB\-si\fR
+unrestricted signing (RSA and EC NULL scheme)
+.TP
+\fB\-sir\fR
+restricted signing (RSA RSASSA, EC ECDSA scheme)
+.TP
+\fB\-dau\fR
+unrestricted ECDAA signing key pair
+.TP
+\fB\-dar\fR
+restricted ECDAA signing key pair
+.TP
+\fB\-kh\fR
+keyed hash (unrestricted, hmac)
+.TP
+\fB\-khr\fR
+keyed hash (restricted, hmac)
+.TP
+\fB\-dp\fR
+derivation parent
+.TP
+\fB\-gp\fR
+general purpose, not storage
+.TP
+[\-kt
+(can be specified more than once)]
+f       fixedTPM (default for primary keys and derivation parents)
+p       fixedParent (default for primary keys and derivation parents)
+nf      no fixedTPM (default for non\-primary keys)
+np      no fixedParent (default for non\-primary keys)
+ed      encrypted duplication (default not set)
+.TP
+[\-da
+object subject to DA protection (default no)]
+.TP
+[\-pol
+policy file (default empty)]
+.TP
+[\-uwa
+userWithAuth attribute clear (default set)]
+.TP
+[\-if
+data (inSensitive) file name]
+.TP
+[\-nalg
+name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-halg
+scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssdictionaryattacklockreset.1 b/utils/man/man1/tssdictionaryattacklockreset.1
new file mode 100644
index 000000000..47bcd5d41
--- /dev/null
+++ b/utils/man/man1/tssdictionaryattacklockreset.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH DICTIONARYATTACKLOCKRESET "1" "December 2019" "dictionaryattacklockreset 1546" "User Commands"
+.SH NAME
+dictionaryattacklockreset \- Runs TPM2 dictionaryattacklockreset
+.SH DESCRIPTION
+dictionaryattacklockreset
+.PP
+Runs TPM2_DictionaryAttackLockReset
+.TP
+[\-pwd
+lockout auth password (default empty)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssdictionaryattackparameters.1 b/utils/man/man1/tssdictionaryattackparameters.1
new file mode 100644
index 000000000..7b7ec707a
--- /dev/null
+++ b/utils/man/man1/tssdictionaryattackparameters.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH DICTIONARYATTACKPARAMETERS "1" "December 2019" "dictionaryattackparameters 1546" "User Commands"
+.SH NAME
+dictionaryattackparameters \- Runs TPM2 dictionaryattackparameters
+.SH DESCRIPTION
+dictionaryattackparameters
+.PP
+Runs TPM2_DictionaryAttackParameters
+.TP
+[\-pwd
+lockout auth password (default empty)]
+.TP
+[\-nmt
+new max tries (default 1 try)]
+.TP
+[\-nrt
+new recovery time (default 10 seconds)]
+.TP
+[\-lr
+lockout recovery (default 1 second)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssduplicate.1 b/utils/man/man1/tssduplicate.1
new file mode 100644
index 000000000..13eaa7669
--- /dev/null
+++ b/utils/man/man1/tssduplicate.1
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH DUPLICATE "1" "December 2019" "duplicate 1546" "User Commands"
+.SH NAME
+duplicate \- Runs TPM2 duplicate
+.SH DESCRIPTION
+duplicate
+.PP
+Runs TPM2_Duplicate
+.TP
+\fB\-ho\fR
+object handle
+.TP
+[\-pwdo
+password for object (default empty)]
+.TP
+[\-hp
+new parent handle (default TPM_RH_NULL)]
+.TP
+[\-ik
+encryption key in file name]
+.TP
+[\-salg
+symmetric algorithm (aes)(default none)]
+.TP
+[\-oek
+encryption key out file name (default do not save)]
+.TP
+[\-od
+duplicate private area file name (default do not save)]
+.TP
+[\-oss
+symmetric seed file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsseccparameters.1 b/utils/man/man1/tsseccparameters.1
new file mode 100644
index 000000000..66e400fbd
--- /dev/null
+++ b/utils/man/man1/tsseccparameters.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH ECCPARAMETERS "1" "December 2019" "eccparameters 1546" "User Commands"
+.SH NAME
+eccparameters \- Runs TPM2 eccparameters
+.SH DESCRIPTION
+eccparameters
+.PP
+Runs TPM2_ECC_Parameters
+.TP
+\fB\-cv\fR
+curve ID
+bnp256
+nistp256
+nistp384
+.IP
+[\-of data file, ECC parameters (default do not save)]
diff --git a/utils/man/man1/tssecephemeral.1 b/utils/man/man1/tssecephemeral.1
new file mode 100644
index 000000000..2a0e1e1b5
--- /dev/null
+++ b/utils/man/man1/tssecephemeral.1
@@ -0,0 +1,20 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH ECEPHEMERAL "1" "December 2019" "ecephemeral 1546" "User Commands"
+.SH NAME
+ecephemeral \- Runs TPM2 ecephemeral
+.SH DESCRIPTION
+ecephmeral
+.PP
+Runs TPM2_EC_Ephemeral
+.TP
+\fB\-ecc\fR
+curve
+bnp256
+nistp256
+nistp384
+.TP
+[\-oq
+output Q ephemeral public key file name (default do not save)]
+.TP
+[\-cf
+output counter file name (default do not save)]
diff --git a/utils/man/man1/tssencryptdecrypt.1 b/utils/man/man1/tssencryptdecrypt.1
new file mode 100644
index 000000000..ae3c45978
--- /dev/null
+++ b/utils/man/man1/tssencryptdecrypt.1
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH ENCRYPTDECRYPT "1" "December 2019" "encryptdecrypt 1546" "User Commands"
+.SH NAME
+encryptdecrypt \- Runs TPM2 encryptdecrypt
+.SH DESCRIPTION
+encryptdecrypt
+.PP
+Runs TPM2_EncryptDecrypt
+.TP
+\fB\-hk\fR
+key handle
+.TP
+\fB\-pwdk\fR
+password for key (default empty)
+.TP
+\fB\-d\fR
+decrypt (default encrypt)
+.TP
+\fB\-if\fR
+input file name
+.TP
+[\-of
+output file name (default do not save)]
+.TP
+[\-2
+use TPM2_EncryptDecrypt2]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsseventextend.1 b/utils/man/man1/tsseventextend.1
new file mode 100644
index 000000000..f69c64299
--- /dev/null
+++ b/utils/man/man1/tsseventextend.1
@@ -0,0 +1,29 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH EVENTEXTEND "1" "December 2019" "eventextend 1546" "User Commands"
+.SH NAME
+eventextend \- Runs TPM2 eventextend
+.SH SYNOPSIS
+.B eventextend
+\fI\,-if <measurement file> \/\fR[\fI\,-v\/\fR]
+.SH DESCRIPTION
+Extends a measurement file (binary) into a TPM or simulated PCRs
+.TP
+\fB\-if\fR
+file containing the data to be extended
+.TP
+[\-nospec
+file does not contain spec ID header (useful for incremental test)]
+.TP
+[\-tpm
+extend TPM PCRs]
+.TP
+[\-sim
+calculate simulated PCRs and boot aggregate]
+.TP
+[\-pcrmax
+with \fB\-sim\fR, sets the highest PCR number to be used to calculate the
+.IP
+boot aggregate (default 7)]
+.TP
+[\-ns
+no space, no text, no newlines]
diff --git a/utils/man/man1/tsseventsequencecomplete.1 b/utils/man/man1/tsseventsequencecomplete.1
new file mode 100644
index 000000000..ca2e66670
--- /dev/null
+++ b/utils/man/man1/tsseventsequencecomplete.1
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH EVENTSEQUENCECOMPLETE "1" "December 2019" "eventsequencecomplete 1546" "User Commands"
+.SH NAME
+eventsequencecomplete \- Runs TPM2 eventsequencecomplete
+.SH DESCRIPTION
+eventsequencecomplete
+.PP
+Runs TPM2_EventSequenceComplete
+.TP
+[\-ha
+pcr handle (default NULL)]
+.TP
+\fB\-hs\fR
+sequence handle
+.TP
+[\-pwds
+password for sequence (default empty)]
+.TP
+[\-if
+input file to be added (default no data)]
+.TP
+[\-of1
+sha1 output digest file (default do not save)]
+.TP
+[\-of2
+sha256 output digest file (default do not save)]
+.TP
+[\-of3
+sha384 output digest file (default do not save)]
+.TP
+[\-of5
+sha512 output digest file (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tssevictcontrol.1 b/utils/man/man1/tssevictcontrol.1
new file mode 100644
index 000000000..f4bf2e580
--- /dev/null
+++ b/utils/man/man1/tssevictcontrol.1
@@ -0,0 +1,29 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH EVICTCONTROL "1" "December 2019" "evictcontrol 1546" "User Commands"
+.SH NAME
+evictcontrol \- Runs TPM2 evictcontrol
+.SH DESCRIPTION
+evictcontrol
+.PP
+Runs TPM2_EvictControl
+.TP
+\fB\-hi\fR
+authhandle hierarchy (o, p)
+o owner, p platform
+.TP
+\fB\-ho\fR
+object handle
+if transient: make persistent, if persistent: flush
+.TP
+\fB\-hp\fR
+persistent handle
+owner    81000000 to 817FFFFF
+platform 81800000 to 81FFFFFF
+.TP
+\fB\-pwda\fR
+authorization password (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssflushcontext.1 b/utils/man/man1/tssflushcontext.1
new file mode 100644
index 000000000..946cd438b
--- /dev/null
+++ b/utils/man/man1/tssflushcontext.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH FLUSHCONTEXT "1" "December 2019" "flushcontext 1546" "User Commands"
+.SH NAME
+flushcontext \- Runs TPM2 flushcontext
+.SH DESCRIPTION
+flushcontext
+.PP
+Runs TPM2_FlushContext
+.TP
+\fB\-ha\fR
+handle
diff --git a/utils/man/man1/tssgetcapability.1 b/utils/man/man1/tssgetcapability.1
new file mode 100644
index 000000000..d6a6d6025
--- /dev/null
+++ b/utils/man/man1/tssgetcapability.1
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETCAPABILITY "1" "December 2019" "getcapability 1546" "User Commands"
+.SH NAME
+getcapability \- Runs TPM2 getcapability
+.SH DESCRIPTION
+getcapability
+.PP
+Runs TPM2_GetCapability
+.TP
+\fB\-cap\fR
+capability
+.TP
+\fB\-pr\fR
+property (defaults to 0)
+.TP
+\fB\-pc\fR
+propertyCount (defaults to 64)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+80
+command audit
+.TP
+\fB\-cap\fR
+values
+.TP
+TPM_CAP_ALGS
+0
+.TP
+TPM_CAP_HANDLES
+1
+.TP
+TPM_CAP_COMMANDS
+2
+.TP
+TPM_CAP_PP_COMMANDS
+3
+.TP
+TPM_CAP_AUDIT_COMMANDS
+4
+.TP
+TPM_CAP_PCRS
+5
+.TP
+TPM_CAP_TPM_PROPERTIES
+6
+.TP
+TPM_CAP_PCR_PROPERTIES
+7
+.TP
+TPM_CAP_ECC_CURVES
+8
+.TP
+TPM_CAP_AUTH_POLICIES
+9
diff --git a/utils/man/man1/tssgetcommandauditdigest.1 b/utils/man/man1/tssgetcommandauditdigest.1
new file mode 100644
index 000000000..1af1f400c
--- /dev/null
+++ b/utils/man/man1/tssgetcommandauditdigest.1
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETCOMMANDAUDITDIGEST "1" "December 2019" "getcommandauditdigest 1546" "User Commands"
+.SH NAME
+getcommandauditdigest \- Runs TPM2 getcommandauditdigest
+.SH DESCRIPTION
+getcommandauditdigest
+.PP
+Runs TPM2_GetCommandAuditDigest
+.TP
+[\-pwde
+endorsement hierarchy password (default empty)]
+.TP
+\fB\-hk\fR
+signing key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc, hmac) (default rsa)]
+.TP
+[\-qd
+qualifying data file name]
+.TP
+[\-os
+signature file name (default do not save)]
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssgetrandom.1 b/utils/man/man1/tssgetrandom.1
new file mode 100644
index 000000000..b265d6712
--- /dev/null
+++ b/utils/man/man1/tssgetrandom.1
@@ -0,0 +1,29 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETRANDOM "1" "December 2019" "getrandom 1546" "User Commands"
+.SH NAME
+getrandom \- Runs TPM2 getrandom
+.SH DESCRIPTION
+getrandom
+.PP
+Runs TPM2_GetRandom
+.TP
+\fB\-by\fR
+bytes requested
+.TP
+[\-of
+output file, with \fB\-nz\fR, appends nul terminator (default do not save)]
+.TP
+[\-nz
+get random number with no zero bytes (for authorization value)]
+.TP
+[\-ns
+no space, no text, no newlines]
+just a string of hexascii suitable for a symmetric key
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssgetsessionauditdigest.1 b/utils/man/man1/tssgetsessionauditdigest.1
new file mode 100644
index 000000000..de93dc6b4
--- /dev/null
+++ b/utils/man/man1/tssgetsessionauditdigest.1
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETSESSIONAUDITDIGEST "1" "December 2019" "getsessionauditdigest 1546" "User Commands"
+.SH NAME
+getsessionauditdigest \- Runs TPM2 getsessionauditdigest
+.SH DESCRIPTION
+getsessionauditdigest
+.PP
+Runs TPM2_GetSessionAuditDigest
+.TP
+[\-pwde
+endorsement hierarchy password (default empty)]
+.TP
+[\-hk
+signing key handle]
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+\fB\-hs\fR
+audit session handle
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-qd
+qualifying data file name]
+.TP
+[\-os
+signature file name (default do not save)]
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.TP
+[\-od
+session digest file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssgettestresult.1 b/utils/man/man1/tssgettestresult.1
new file mode 100644
index 000000000..119c05dd1
--- /dev/null
+++ b/utils/man/man1/tssgettestresult.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETTESTRESULT "1" "December 2019" "gettestresult 1546" "User Commands"
+.SH NAME
+gettestresult \- Runs TPM2 gettestresult
+.SH DESCRIPTION
+gettestresult
+.PP
+Runs TPM2_GetTestResult
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssgettime.1 b/utils/man/man1/tssgettime.1
new file mode 100644
index 000000000..db5b6a7b2
--- /dev/null
+++ b/utils/man/man1/tssgettime.1
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETTIME "1" "December 2019" "gettime 1546" "User Commands"
+.SH NAME
+gettime \- Runs TPM2 gettime
+.SH DESCRIPTION
+gettime
+.PP
+Runs TPM2_GetTime
+.TP
+\fB\-hk\fR
+signing key handle
+.TP
+[\-pwdk
+password for signing key (default empty)]
+.TP
+[\-pwde
+password for endorsement hierarchy (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc, hmac) (default rsa)]
+.TP
+[\-qd
+qualifying data file name]
+.TP
+[\-os
+signature file name  (default do not save)]
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsshash.1 b/utils/man/man1/tsshash.1
new file mode 100644
index 000000000..0c0b9df7c
--- /dev/null
+++ b/utils/man/man1/tsshash.1
@@ -0,0 +1,30 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH HASH "1" "December 2019" "hash 1546" "User Commands"
+.SH NAME
+hash \- Runs TPM2 hash
+.SH DESCRIPTION
+hash
+.PP
+Runs TPM2_Hash
+.TP
+[\-hi
+hierarchy (e, o, p, n) (default null)]
+e endorsement, o owner, p platform, n null
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+\fB\-if\fR
+input file to be hashed
+.TP
+\fB\-ic\fR
+data string to be hashed
+.TP
+[\-ns
+no space, no text, no newlines]
+.TP
+[\-oh
+hash file name (default do not save)]
+.TP
+[\-tk
+ticket file name (default do not save)]
diff --git a/utils/man/man1/tsshashsequencestart.1 b/utils/man/man1/tsshashsequencestart.1
new file mode 100644
index 000000000..4ed97b60a
--- /dev/null
+++ b/utils/man/man1/tsshashsequencestart.1
@@ -0,0 +1,23 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH HASHSEQUENCESTART "1" "December 2019" "hashsequencestart 1546" "User Commands"
+.SH NAME
+hashsequencestart \- Runs TPM2 hashsequencestart
+.SH DESCRIPTION
+hashsequencestart
+.PP
+Runs TPM2_HashSequenceStart
+.TP
+[\-pwda
+password for sequence (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512, null) (default sha256)]
+null is an event sequence
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsshierarchychangeauth.1 b/utils/man/man1/tsshierarchychangeauth.1
new file mode 100644
index 000000000..ab3dad7e3
--- /dev/null
+++ b/utils/man/man1/tsshierarchychangeauth.1
@@ -0,0 +1,32 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH HIERARCHYCHANGEAUTH "1" "December 2019" "hierarchychangeauth 1546" "User Commands"
+.SH NAME
+hierarchychangeauth \- Runs TPM2 hierarchychangeauth
+.SH DESCRIPTION
+hierarchychangeauth
+.PP
+Runs TPM2_HierarchyChangeAuth
+.TP
+\fB\-hi\fR
+hierarchy (l, e, o, p)
+l lockout, e endorsement, o owner, p platform
+.TP
+\fB\-pwdn\fR
+new authorization password (default empty)
+.TP
+\fB\-pwdni\fR
+new authorization password file name (default empty)
+.TP
+\fB\-pwda\fR
+authorization password (default empty)
+.TP
+\fB\-pwdai\fR
+authorization password file name (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsshierarchycontrol.1 b/utils/man/man1/tsshierarchycontrol.1
new file mode 100644
index 000000000..8f78d099b
--- /dev/null
+++ b/utils/man/man1/tsshierarchycontrol.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH HIERARCHYCONTROL "1" "December 2019" "hierarchycontrol 1546" "User Commands"
+.SH NAME
+hierarchycontrol \- Runs TPM2 hierarchycontrol
+.SH DESCRIPTION
+hierarchycontrol
+.PP
+Runs TPM2_HierarchyControl
+.TP
+\fB\-hi\fR
+authhandle hierarchy (e, o, p)
+.TP
+\fB\-he\fR
+enable hierarchy (e, o, p, n)
+e       endorsement, o owner, p platform, n null
+.TP
+[\-pwda
+authorization password (default empty)]
+.IP
+[\-state (0 to disable, 1 to enable) (default enable)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tsshmac.1 b/utils/man/man1/tsshmac.1
new file mode 100644
index 000000000..1d71c85d6
--- /dev/null
+++ b/utils/man/man1/tsshmac.1
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH HMAC "1" "December 2019" "hmac 1546" "User Commands"
+.SH NAME
+hmac \- Runs TPM2 hmac
+.SH DESCRIPTION
+hmac
+.PP
+Runs TPM2_HMAC
+.TP
+\fB\-hk\fR
+key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+\fB\-if\fR
+input file to be HMACed
+.TP
+\fB\-ic\fR
+data string to be HMACed
+.TP
+[\-os
+hmac file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsshmacstart.1 b/utils/man/man1/tsshmacstart.1
new file mode 100644
index 000000000..462e07071
--- /dev/null
+++ b/utils/man/man1/tsshmacstart.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH HMACSTART "1" "December 2019" "hmacstart 1546" "User Commands"
+.SH NAME
+hmacstart \- Runs TPM2 hmacstart
+.SH DESCRIPTION
+hmacstart
+.PP
+Runs TPM2_Hmac_Start
+.TP
+\fB\-hk\fR
+key handle
+.TP
+\fB\-pwdk\fR
+password for key (default empty)
+.TP
+\fB\-pwda\fR
+password for sequence (default empty)
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssimaextend.1 b/utils/man/man1/tssimaextend.1
new file mode 100644
index 000000000..c61765c87
--- /dev/null
+++ b/utils/man/man1/tssimaextend.1
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH IMAEXTEND "1" "December 2019" "imaextend 1546" "User Commands"
+.SH NAME
+imaextend \- Runs TPM2 imaextend
+.SH DESCRIPTION
+imaextend
+.PP
+Runs TPM2_PCR_Extend to Extend a SHA\-1 IMA measurement file (binary) into TPM PCRs
+The IMA measurement is directly extended into the SHA\-1 bank, and a zero padded
+measurement is extended into the SHA\-256 bank
+.PP
+This handles the case where a zero measurement extends ones into the IMA PCR
+.PP
+If \fB\-sim\fR is specified, TPM PCRs are not extended.  Rather, imaextend extends into
+simluated PCRs and traces the result.
+.TP
+\fB\-if\fR
+IMA event log file name
+.TP
+[\-le
+input file is little endian (default big endian)]
+.TP
+[\-sim
+calculate simulated PCRs]
+.TP
+[\-b
+beginning entry (default 0, beginning of log)]
+A beginning entry after the end of the log becomes a noop
+.TP
+[\-e
+ending entry (default end of log)]
+E.g., \fB\-b\fR 0 \fB\-e\fR 0 sends one entry
+.TP
+[\-l
+time \- run in a continuous loop, with a sleep of 'time' seconds betwteen loops]
+The intent is that this be run without specifying \fB\-b\fR and \fB\-e\fR
+Afer each pass, the next beginning entry is set to the last entry +1
diff --git a/utils/man/man1/tssimport.1 b/utils/man/man1/tssimport.1
new file mode 100644
index 000000000..6fd580e68
--- /dev/null
+++ b/utils/man/man1/tssimport.1
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH IMPORT "1" "December 2019" "import 1546" "User Commands"
+.SH NAME
+import \- Runs TPM2 import
+.SH DESCRIPTION
+import
+.PP
+Runs TPM2_Import
+.TP
+\fB\-hp\fR
+parent handle
+.TP
+[\-pwdp
+password for parent (default empty)]
+.TP
+[\-ik
+encryption key in file name]
+.TP
+\fB\-ipu\fR
+object public area file name
+.TP
+\fB\-id\fR
+duplicate file name
+.TP
+\fB\-iss\fR
+symmetric seed file name
+.TP
+[\-salg
+symmetric algorithm (default none)]
+.TP
+\fB\-opr\fR
+private area file name
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssimportpem.1 b/utils/man/man1/tssimportpem.1
new file mode 100644
index 000000000..0f5c137de
--- /dev/null
+++ b/utils/man/man1/tssimportpem.1
@@ -0,0 +1,66 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH IMPORTPEM "1" "December 2019" "importpem 1546" "User Commands"
+.SH NAME
+importpem \- Runs TPM2 importpem
+.SH DESCRIPTION
+importpem
+.PP
+Runs TPM2_Import for a PEM key
+.TP
+\fB\-hp\fR
+parent handle
+.TP
+[\-pwdp
+password for parent (default empty)]
+.TP
+\fB\-ipem\fR
+PEM format key pair
+.IP
+[Asymmetric Key Algorithm]
+.TP
+[\-rsa
+(default)]
+.TP
+[\-ecc
+]
+.TP
+[\-si
+signing (default)]
+.TP
+[\-scheme
+signing scheme (rsassa rsapss) (RSA default RSASSA) (ECC ECDSA)]
+.TP
+[\-st
+storage (NULL scheme)]
+.TP
+[\-den
+decryption, (unrestricted, RSA and ECC NULL scheme)
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+\fB\-opu\fR
+public area file name
+.TP
+\fB\-opr\fR
+private area file name
+.TP
+[\-nalg
+name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-halg
+scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-pol
+policy file (default empty)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssload.1 b/utils/man/man1/tssload.1
new file mode 100644
index 000000000..a7257b298
--- /dev/null
+++ b/utils/man/man1/tssload.1
@@ -0,0 +1,31 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH LOAD "1" "December 2019" "load 1546" "User Commands"
+.SH NAME
+load \- Runs TPM2 load
+.SH DESCRIPTION
+load
+.PP
+Runs TPM2_Load
+.TP
+\fB\-hp\fR
+parent handle
+.TP
+[\-pwdp
+password for parent key (default empty)]
+.TP
+\fB\-ipu\fR
+public key file name
+.TP
+\fB\-ipr\fR
+private key file name
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssloadexternal.1 b/utils/man/man1/tssloadexternal.1
new file mode 100644
index 000000000..5fa80d723
--- /dev/null
+++ b/utils/man/man1/tssloadexternal.1
@@ -0,0 +1,73 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH LOADEXTERNAL "1" "December 2019" "loadexternal 1546" "User Commands"
+.SH NAME
+loadexternal \- Runs TPM2 loadexternal
+.SH DESCRIPTION
+loadexternal
+.PP
+Runs TPM2_LoadExternal
+.TP
+[\-hi
+hierarchy (e, o, p, n) (default NULL)]
+.TP
+[\-nalg
+name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-halg
+scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.IP
+[Asymmetric Key Algorithm]
+.TP
+[\-rsa
+(default)]
+.TP
+[\-ecc
+]
+.TP
+\fB\-ipu\fR
+TPM2B_PUBLIC public key file name
+.TP
+\fB\-ipem\fR
+PEM format public key file name
+.TP
+\fB\-ider\fR
+DER format plaintext key pair file name
+.TP
+[\-pwdk
+password for DER key (default empty)]
+.TP
+[\-uwa
+userWithAuth attribute clear (default set)]
+.TP
+[\-si
+signing (default) RSA]
+.TP
+[\-scheme
+for signing key (default RSASSA scheme)]
+.IP
+rsassa
+rsapss
+.TP
+[\-st
+storage (default NULL scheme)]
+.TP
+[\-den
+decryption, (unrestricted, RSA and EC NULL scheme)
+.TP
+[\-ns
+additionally print Name in hex ascii on one line]
+Useful to paste into policy
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
+.TP
+80
+audit
diff --git a/utils/man/man1/tssmakecredential.1 b/utils/man/man1/tssmakecredential.1
new file mode 100644
index 000000000..d015bc212
--- /dev/null
+++ b/utils/man/man1/tssmakecredential.1
@@ -0,0 +1,34 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH MAKECREDENTIAL "1" "December 2019" "makecredential 1546" "User Commands"
+.SH NAME
+makecredential \- Runs TPM2 makecredential
+.SH DESCRIPTION
+makecredential
+.PP
+Runs TPM2_MakeCredential
+.TP
+\fB\-ha\fR
+handle of encryption key public area
+.TP
+\fB\-icred\fR
+input credential file name
+.TP
+\fB\-in\fR
+object name file name
+.TP
+[\-ocred
+output credential file name (default do not save)]
+.TP
+[\-os
+secret file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssntc2getconfig.1 b/utils/man/man1/tssntc2getconfig.1
new file mode 100644
index 000000000..2b460e56c
--- /dev/null
+++ b/utils/man/man1/tssntc2getconfig.1
@@ -0,0 +1,19 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NTC2GETCONFIG "1" "December 2019" "ntc2getconfig 1546" "User Commands"
+.SH NAME
+ntc2getconfig \- Runs TPM2 ntc2getconfig
+.SH DESCRIPTION
+ntc2getconfig
+.PP
+Runs NTC2_GetConfig
+.TP
+[\-verify
+Verify results against System P default (default no verify)]
+.TP
+[\-verifylocked
+Also verify that the preconfig is locked
+.IP
+(default verify not locked)]
+.TP
+[\-p8 or \fB\-p9\fR
+Verify Nuvoton TPM for P8 or P9]
diff --git a/utils/man/man1/tssntc2lockconfig.1 b/utils/man/man1/tssntc2lockconfig.1
new file mode 100644
index 000000000..8f89165d9
--- /dev/null
+++ b/utils/man/man1/tssntc2lockconfig.1
@@ -0,0 +1,10 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NTC2LOCKCONFIG "1" "December 2019" "ntc2lockconfig 1546" "User Commands"
+.SH NAME
+ntc2lockconfig \- Runs TPM2 ntc2lockconfig
+.SH DESCRIPTION
+ntc2lockpreconfig
+.PP
+Runs NTC2_LockPreConfig
+.PP
+\fB\-lock\fR   (required)
diff --git a/utils/man/man1/tssntc2preconfig.1 b/utils/man/man1/tssntc2preconfig.1
new file mode 100644
index 000000000..f16498a54
--- /dev/null
+++ b/utils/man/man1/tssntc2preconfig.1
@@ -0,0 +1,67 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NTC2PRECONFIG "1" "December 2019" "ntc2preconfig 1546" "User Commands"
+.SH NAME
+ntc2preconfig \- Runs TPM2 ntc2preconfig
+.SH DESCRIPTION
+ntc2preconfig
+.PP
+Runs NTC2_PreConfig
+.TP
+\fB\-p8\fR or \fB\-p9\fR
+Configure Nuvoton TPM for P8 or P9
+.TP
+\fB\-override\fR
+permits individual register values, read\-modify\-write
+.PP
+Values to set, each is a hex byte, (default do not change)
+.TP
+[\-i2cLoc1_2
+byte]
+.TP
+[\-i2cLoc3_4
+byte]
+.TP
+[\-AltCfg
+byte]
+.TP
+[\-Direction
+byte]
+.TP
+[\-PullUp
+byte]
+.TP
+[\-PushPull
+byte]
+.TP
+[\-CFG_A
+byte]
+.TP
+[\-CFG_B
+byte]
+.TP
+[\-CFG_C
+byte]
+.TP
+[\-CFG_D
+byte]
+.TP
+[\-CFG_E
+byte]
+.TP
+[\-CFG_F
+byte]
+.TP
+[\-CFG_G
+byte]
+.TP
+[\-CFG_H
+byte]
+.TP
+[\-CFG_I
+byte]
+.TP
+[\-CFG_J
+byte]
+.TP
+[\-IsValid
+byte]
diff --git a/utils/man/man1/tssnvcertify.1 b/utils/man/man1/tssnvcertify.1
new file mode 100644
index 000000000..8611a40b8
--- /dev/null
+++ b/utils/man/man1/tssnvcertify.1
@@ -0,0 +1,52 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVCERTIFY "1" "December 2019" "nvcertify 1546" "User Commands"
+.SH NAME
+nvcertify \- Runs TPM2 nvcertify
+.SH DESCRIPTION
+nvcertify
+.PP
+Runs TPM2_NV_Certify
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdn
+password for NV index (default empty)]
+.TP
+\fB\-hk\fR
+certifying key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc, hmac) (default rsa)]
+.TP
+\fB\-sz\fR
+data size
+.TP
+[\-off
+offset (default 0)]
+.TP
+[\-os
+signature file name  (default do not save)]
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.TP
+[\-od
+certified data file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssnvchangeauth.1 b/utils/man/man1/tssnvchangeauth.1
new file mode 100644
index 000000000..98b15983c
--- /dev/null
+++ b/utils/man/man1/tssnvchangeauth.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVCHANGEAUTH "1" "December 2019" "nvchangeauth 1546" "User Commands"
+.SH NAME
+nvchangeauth \- Runs TPM2 nvchangeauth
+.SH DESCRIPTION
+nvchangeauth
+.PP
+Runs TPM2_NV_ChangeAuth
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdo\fR
+password (default empty)
+.TP
+\fB\-pwdn\fR
+new password (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tssnvdefinespace.1 b/utils/man/man1/tssnvdefinespace.1
new file mode 100644
index 000000000..bb6d73a3a
--- /dev/null
+++ b/utils/man/man1/tssnvdefinespace.1
@@ -0,0 +1,101 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVDEFINESPACE "1" "December 2019" "nvdefinespace 1546" "User Commands"
+.SH NAME
+nvdefinespace \- Runs TPM2 nvdefinespace
+.SH DESCRIPTION
+nvdefinespace
+.PP
+Runs TPM2_NV_DefineSpace
+.TP
+\fB\-ha\fR
+NV index handle
+01xxxxxx
+.TP
+\fB\-hi\fR
+authorizing hierarchy (o, p)
+o owner, p platform
+p sets PLATFORMCREATE
+.TP
+[\-pwdp
+password for hierarchy (default empty)]
+.TP
+[\-hia
+hierarchy authorization (o, p)(default index authorization)]
+.TP
+default
+AUTHWRITE, AUTHREAD
+.TP
+o sets
+OWNERWRITE, OWNERREAD
+.TP
+p sets
+PPWRITE, PPREAD (platform)
+.TP
+[\-pwdn
+password for NV index (default empty)]
+sets AUTHWRITE (if not PIN index), AUTHREAD
+.TP
+[\-nalg
+name algorithm (sha1, sha256, sha384 sha512) (default sha256)]
+.TP
+[\-sz
+data size in decimal (default 0)]
+Ignored for other than ordinary index
+.TP
+[\-ty
+index type (o, c, b, e, p, f) (default ordinary)]
+ordinary, counter, bits, extend, pin pass, pin fail
+.TP
+[\-pol
+policy file (default empty)]
+sets POLICYWRITE, POLICYREAD
+.TP
+[+at
+attributes to add (may be specified more than once)]
+.TP
+ppw
+(PPWRITE)         ppr (PPREAD)
+.TP
+ow
+(OWNERWRITE)      or  (OWNERREAD)
+.TP
+aw
+(AUTHWRITE)       ar  (AUTHREAD)
+.TP
+wd
+(WRITEDEFINE)     gl  (GLOBALLOCK)
+.TP
+rst
+(READ_STCLEAR)    wst (WRITE_STCLEAR)
+.TP
+wa
+(WRITEALL)        ody (ORDERLY)
+.TP
+pold
+(POLICY_DELETE)   stc (CLEAR_STCLEAR)
+.TP
+[\-at
+attributes to delete (may be specified more than once)]
+.TP
+ppw
+(PPWRITE)         ppr (PPREAD)
+.TP
+ow
+(OWNERWRITE)      or  (OWNERREAD)
+.TP
+aw
+(AUTHWRITE)       ar  (AUTHREAD)
+.TP
+pw
+(POLICYWRITE)     pr  (POLICYREAD)
+.TP
+da
+(NO_DA) (default set)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tssnvextend.1 b/utils/man/man1/tssnvextend.1
new file mode 100644
index 000000000..9abaf95d4
--- /dev/null
+++ b/utils/man/man1/tssnvextend.1
@@ -0,0 +1,28 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVEXTEND "1" "December 2019" "nvextend 1546" "User Commands"
+.SH NAME
+nvextend \- Runs TPM2 nvextend
+.SH DESCRIPTION
+nvextend
+.PP
+Runs TPM2_NV_Extend
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdn\fR
+password for NV index (default empty)
+.TP
+\fB\-ic\fR
+data string
+.TP
+\fB\-if\fR
+data file
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+20
+command decrypt
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvglobalwritelock.1 b/utils/man/man1/tssnvglobalwritelock.1
new file mode 100644
index 000000000..332ca78e3
--- /dev/null
+++ b/utils/man/man1/tssnvglobalwritelock.1
@@ -0,0 +1,19 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVGLOBALWRITELOCK "1" "December 2019" "nvglobalwritelock 1546" "User Commands"
+.SH NAME
+nvglobalwritelock \- Runs TPM2 nvglobalwritelock
+.SH DESCRIPTION
+nvglobalwritelock
+.PP
+Runs TPM2_NV_GlobalWriteLock
+.TP
+\fB\-hia\fR
+hierarchy authorization (o, p)
+.TP
+[\-pwd
+authorization password (default empty)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvincrement.1 b/utils/man/man1/tssnvincrement.1
new file mode 100644
index 000000000..f6e5dca21
--- /dev/null
+++ b/utils/man/man1/tssnvincrement.1
@@ -0,0 +1,19 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVINCREMENT "1" "December 2019" "nvincrement 1546" "User Commands"
+.SH NAME
+nvincrement \- Runs TPM2 nvincrement
+.SH DESCRIPTION
+nvincrement
+.PP
+Runs TPM2_NV_Increment
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdn\fR
+password for NV index (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvread.1 b/utils/man/man1/tssnvread.1
new file mode 100644
index 000000000..d9a9f89e9
--- /dev/null
+++ b/utils/man/man1/tssnvread.1
@@ -0,0 +1,50 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVREAD "1" "December 2019" "nvread 1546" "User Commands"
+.SH NAME
+nvread \- Runs TPM2 nvread
+.SH DESCRIPTION
+nvread
+.PP
+Runs TPM2_NV_Read
+.TP
+[\-hia
+hierarchy authorization (o, p)(default index authorization)]
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdn
+password for NV index (default empty)]
+.TP
+[\-sz
+data size (default to size of index)]
+counter, bits, pin read 8 bytes, extend reads based on hash algorithm
+.TP
+[\-cert
+dumps the certificate
+.TP
+01c00002
+RSA EK certificate
+.TP
+01c0000a
+ECC EK certificate
+.TP
+[\-ocert
+certificate file name, writes in PEM format
+.TP
+[\-off
+offset (default 0)]
+.TP
+[\-of
+data file (default do not save)]
+.TP
+[\-id
+data values for pinCount and pinLimit verification, (4 bytes each)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssnvreadlock.1 b/utils/man/man1/tssnvreadlock.1
new file mode 100644
index 000000000..1da37c3f0
--- /dev/null
+++ b/utils/man/man1/tssnvreadlock.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVREADLOCK "1" "December 2019" "nvreadlock 1546" "User Commands"
+.SH NAME
+nvreadlock \- Runs TPM2 nvreadlock
+.SH DESCRIPTION
+nvreadlock
+.PP
+Runs TPM2_NV_ReadLock
+.TP
+[\-hia
+hierarchy authorization (o, p)(default index authorization)]
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdn\fR
+password for NV index (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvreadpublic.1 b/utils/man/man1/tssnvreadpublic.1
new file mode 100644
index 000000000..a29c8fdd1
--- /dev/null
+++ b/utils/man/man1/tssnvreadpublic.1
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVREADPUBLIC "1" "December 2019" "nvreadpublic 1546" "User Commands"
+.SH NAME
+nvreadpublic \- Runs TPM2 nvreadpublic
+.SH DESCRIPTION
+nvreadpublic
+.PP
+Runs TPM2_NV_ReadPublic
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-nalg
+expected name hash algorithm (sha1, sha256, sha384 sha512)
+(default no check)]
+.TP
+[\-opu
+NV public file name (default do not save)]
+.TP
+[\-ns
+additionally print Name in hex ascii on one line]
+.TP
+[\-on
+binary format Name file name]
+Useful to paste into policy
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+40
+response encrypt
+.TP
+80
+audit
diff --git a/utils/man/man1/tssnvsetbits.1 b/utils/man/man1/tssnvsetbits.1
new file mode 100644
index 000000000..746c8b60f
--- /dev/null
+++ b/utils/man/man1/tssnvsetbits.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVSETBITS "1" "December 2019" "nvsetbits 1546" "User Commands"
+.SH NAME
+nvsetbits \- Runs TPM2 nvsetbits
+.SH DESCRIPTION
+nvsetbits
+.PP
+Runs TPM2_NV_SetBits
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdn\fR
+password for NV index (default empty)
+.TP
+\fB\-bit\fR
+bit to set, can be specified multiple times
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvundefinespace.1 b/utils/man/man1/tssnvundefinespace.1
new file mode 100644
index 000000000..60f43e81a
--- /dev/null
+++ b/utils/man/man1/tssnvundefinespace.1
@@ -0,0 +1,23 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVUNDEFINESPACE "1" "December 2019" "nvundefinespace 1546" "User Commands"
+.SH NAME
+nvundefinespace \- Runs TPM2 nvundefinespace
+.SH DESCRIPTION
+nvundefinespace
+.PP
+Runs TPM2_NV_UndefineSpace
+.TP
+\fB\-hi\fR
+hierarchy (o, p)
+o owner, p platform
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdp\fR
+password for hierarchy (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvundefinespacespecial.1 b/utils/man/man1/tssnvundefinespacespecial.1
new file mode 100644
index 000000000..e8fa3f03c
--- /dev/null
+++ b/utils/man/man1/tssnvundefinespacespecial.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVUNDEFINESPACESPECIAL "1" "December 2019" "nvundefinespacespecial 1546" "User Commands"
+.SH NAME
+nvundefinespacespecial \- Runs TPM2 nvundefinespacespecial
+.SH DESCRIPTION
+nvundefinespacespecial
+.PP
+Runs TPM2_NV_UndefineSpaceSpecial
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdp
+password for platform (default empty)]
+.TP
+[\-pwdn
+password for NV index (default empty)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvwrite.1 b/utils/man/man1/tssnvwrite.1
new file mode 100644
index 000000000..283ddecff
--- /dev/null
+++ b/utils/man/man1/tssnvwrite.1
@@ -0,0 +1,40 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVWRITE "1" "December 2019" "nvwrite 1546" "User Commands"
+.SH NAME
+nvwrite \- Runs TPM2 nvwrite
+.SH DESCRIPTION
+nvwrite
+.PP
+Runs TPM2_NV_Write
+.TP
+[\-hia
+hierarchy authorization (o, p)(default index authorization)]
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdn
+authorization password (default empty)]
+hierarchy or NV index password
+.TP
+[\-ic
+data string]
+.TP
+[\-if
+data file]
+.TP
+[\-id
+data values, pinPass and pinLimit (4 bytes each)]
+if none is specified, a 0 byte write occurs
+\fB\-id\fR is normally used for pin pass or pin fail indexes
+.TP
+[\-off
+offset (default 0)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+20
+command decrypt
+.TP
+01
+continue
diff --git a/utils/man/man1/tssnvwritelock.1 b/utils/man/man1/tssnvwritelock.1
new file mode 100644
index 000000000..234818e05
--- /dev/null
+++ b/utils/man/man1/tssnvwritelock.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVWRITELOCK "1" "December 2019" "nvwritelock 1546" "User Commands"
+.SH NAME
+nvwritelock \- Runs TPM2 nvwritelock
+.SH DESCRIPTION
+nvwritelock
+.PP
+Runs TPM2_NV_WriteLock
+.TP
+[\-hia
+hierarchy authorization (o, p) (default index authorization)]
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+\fB\-pwdn\fR
+password for NV index (default empty)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tssobjectchangeauth.1 b/utils/man/man1/tssobjectchangeauth.1
new file mode 100644
index 000000000..4fc18f407
--- /dev/null
+++ b/utils/man/man1/tssobjectchangeauth.1
@@ -0,0 +1,34 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH OBJECTCHANGEAUTH "1" "December 2019" "objectchangeauth 1546" "User Commands"
+.SH NAME
+objectchangeauth \- Runs TPM2 objectchangeauth
+.SH DESCRIPTION
+objectchangeauth
+.PP
+Runs TPM2_ObjectChangeAuth
+.TP
+\fB\-hp\fR
+parent handle
+.TP
+\fB\-ho\fR
+object handle
+.TP
+[\-pwdo
+password for object (default empty)]
+.TP
+[\-pwdn
+new password for object (default empty)]
+.IP
+[\-pwdni new password file for object, nul terminated (default empty)]
+[\-opr   private key file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsspcrallocate.1 b/utils/man/man1/tsspcrallocate.1
new file mode 100644
index 000000000..43b4c503a
--- /dev/null
+++ b/utils/man/man1/tsspcrallocate.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PCRALLOCATE "1" "December 2019" "pcrallocate 1546" "User Commands"
+.SH NAME
+pcrallocate \- Runs TPM2 pcrallocate
+.SH DESCRIPTION
+pcrallocate
+.PP
+Runs TPM2_PCR_Allocate
+.PP
+Allocates banks for a full set of PCR 0\-23.  Not all
+hardware TPMs support multiple banks or all algorithms
+.TP
+[\-pwdp
+platform hierarchy password (default empty)]
+.TP
++sha1   \fB\-sha1\fR
+allocate / deallocate a SHA\-1 bank
+.HP
++sha256 \fB\-sha256\fR allocate / deallocate a SHA\-256 bank
+.HP
++sha384 \fB\-sha384\fR allocate / deallocate a SHA\-384 bank
+.HP
++sha512 \fB\-sha512\fR allocate / deallocate a SHA\-512 bank
+.IP
+More than one algorithm can be specified
diff --git a/utils/man/man1/tsspcrevent.1 b/utils/man/man1/tsspcrevent.1
new file mode 100644
index 000000000..232b1f668
--- /dev/null
+++ b/utils/man/man1/tsspcrevent.1
@@ -0,0 +1,29 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PCREVENT "1" "December 2019" "pcrevent 1546" "User Commands"
+.SH NAME
+pcrevent \- Runs TPM2 pcrevent
+.SH DESCRIPTION
+pcrevent
+.PP
+Runs TPM2_PCR_Event
+.TP
+\fB\-ha\fR
+pcr handle
+.TP
+\fB\-ic\fR
+data string
+.TP
+\fB\-if\fR
+data file
+.TP
+[\-of1
+sha1 output digest file (default do not save)]
+.TP
+[\-of2
+sha256 output digest file (default do not save)]
+.TP
+[\-of3
+sha384 output digest file (default do not save)]
+.TP
+[\-of5
+sha512 output digest file (default do not save)]
diff --git a/utils/man/man1/tsspcrextend.1 b/utils/man/man1/tsspcrextend.1
new file mode 100644
index 000000000..be094ddf2
--- /dev/null
+++ b/utils/man/man1/tsspcrextend.1
@@ -0,0 +1,21 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PCREXTEND "1" "December 2019" "pcrextend 1546" "User Commands"
+.SH NAME
+pcrextend \- Runs TPM2 pcrextend
+.SH DESCRIPTION
+pcrextend
+.PP
+Runs TPM2_PCR_Extend
+.TP
+\fB\-ha\fR
+pcr handle
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+\fB\-halg\fR may be specified more than once
+.TP
+\fB\-ic\fR
+data string, 0 pad appended to halg length
+.TP
+\fB\-if\fR
+data file, 0 pad appended to halg length
diff --git a/utils/man/man1/tsspcrread.1 b/utils/man/man1/tsspcrread.1
new file mode 100644
index 000000000..810c6105e
--- /dev/null
+++ b/utils/man/man1/tsspcrread.1
@@ -0,0 +1,36 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PCRREAD "1" "December 2019" "pcrread 1546" "User Commands"
+.SH NAME
+pcrread \- Runs TPM2 pcrread
+.SH DESCRIPTION
+pcrread
+.PP
+Runs TPM2_PCR_Read
+.TP
+\fB\-ha\fR
+pcr handle
+.TP
+\fB\-halg\fR
+(sha1, sha256, sha384, sha512) (default sha256)
+\fB\-halg\fR may be specified more than once
+.TP
+[\-of
+data file for first algorithm specified, in binary]
+.TP
+[\-ahalg
+to extend session audit digest for testing (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-iosad
+file for session audit digest testing]
+.TP
+[\-ns
+no space, no text, no newlines]
+Used for scripting policy construction
+.HP
+\fB\-se0\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+80
+audit
diff --git a/utils/man/man1/tsspcrreset.1 b/utils/man/man1/tsspcrreset.1
new file mode 100644
index 000000000..ae42d72c2
--- /dev/null
+++ b/utils/man/man1/tsspcrreset.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PCRRESET "1" "December 2019" "pcrreset 1546" "User Commands"
+.SH NAME
+pcrreset \- Runs TPM2 pcrreset
+.SH DESCRIPTION
+pcrreset
+.PP
+Runs TPM2_PCR_Reset
+.TP
+\fB\-ha\fR
+pcr handle
diff --git a/utils/man/man1/tsspolicyauthorize.1 b/utils/man/man1/tsspolicyauthorize.1
new file mode 100644
index 000000000..3653a65e5
--- /dev/null
+++ b/utils/man/man1/tsspolicyauthorize.1
@@ -0,0 +1,31 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYAUTHORIZE "1" "December 2019" "policyauthorize 1546" "User Commands"
+.SH NAME
+policyauthorize \- Runs TPM2 policyauthorize
+.SH DESCRIPTION
+policyauthorize
+.PP
+Runs TPM2_PolicyAuthorize
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-appr\fR
+file name of digest of the policy being approved
+.TP
+[\-pref
+policyRef file] (default none)
+.TP
+\fB\-skn\fR
+signing key Name file name
+.TP
+\fB\-tk\fR
+ticket file name
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+20
+command decrypt
+.TP
+01
+continue
diff --git a/utils/man/man1/tsspolicyauthorizenv.1 b/utils/man/man1/tsspolicyauthorizenv.1
new file mode 100644
index 000000000..354117eab
--- /dev/null
+++ b/utils/man/man1/tsspolicyauthorizenv.1
@@ -0,0 +1,26 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYAUTHORIZENV "1" "December 2019" "policyauthorizenv 1546" "User Commands"
+.SH NAME
+policyauthorizenv \- Runs TPM2 policyauthorizenv
+.SH DESCRIPTION
+policyauthorizenv
+.PP
+Runs TPM2_PolicyAuthorizeNV
+.TP
+[\-hi
+hierarchy authHandle (o, p)]
+default NV index
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwda
+password for authorization (default empty)]
+.TP
+\fB\-hs\fR
+policy session handle
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
diff --git a/utils/man/man1/tsspolicyauthvalue.1 b/utils/man/man1/tsspolicyauthvalue.1
new file mode 100644
index 000000000..0ce73a364
--- /dev/null
+++ b/utils/man/man1/tsspolicyauthvalue.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYAUTHVALUE "1" "December 2019" "policyauthvalue 1546" "User Commands"
+.SH NAME
+policyauthvalue \- Runs TPM2 policyauthvalue
+.SH DESCRIPTION
+policyauthvalue
+.PP
+Runs TPM2_PolicyAuthValue
+.TP
+\fB\-ha\fR
+policy session handle
diff --git a/utils/man/man1/tsspolicycommandcode.1 b/utils/man/man1/tsspolicycommandcode.1
new file mode 100644
index 000000000..1f1b3d3ee
--- /dev/null
+++ b/utils/man/man1/tsspolicycommandcode.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYCOMMANDCODE "1" "December 2019" "policycommandcode 1546" "User Commands"
+.SH NAME
+policycommandcode \- Runs TPM2 policycommandcode
+.SH DESCRIPTION
+policycommandcode
+.PP
+Runs TPM2_PolicyCommandCode
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-cc\fR
+command code
diff --git a/utils/man/man1/tsspolicycountertimer.1 b/utils/man/man1/tsspolicycountertimer.1
new file mode 100644
index 000000000..2bf361a2c
--- /dev/null
+++ b/utils/man/man1/tsspolicycountertimer.1
@@ -0,0 +1,67 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYCOUNTERTIMER "1" "December 2019" "policycountertimer 1546" "User Commands"
+.SH NAME
+policycountertimer \- Runs TPM2 policycountertimer
+.SH DESCRIPTION
+policycountertimer
+.PP
+Runs TPM2_PolicyCounterTimer
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-ic\fR
+data string (operandB)
+.TP
+\fB\-if\fR
+data file (operandB)
+.TP
+[\-off
+offset (default 0)]
+.TP
+\fB\-op\fR
+operation (default A = B)
+.TP
+0
+A = B
+.TP
+1
+A != B
+.TP
+2
+A > B signed    
+.TP
+3
+A > B unsigned  
+.TP
+4
+A < B signed    
+.TP
+5
+A < B unsigned  
+.TP
+6
+A >= B signed   
+.TP
+7
+A >= B unsigned 
+.TP
+8
+A <= B signed   
+.TP
+9
+A <= B unsigned 
+.TP
+A
+All bits SET in B are SET in A. ((A&B)=B)
+.TP
+B
+All bits SET in B are CLEAR in A. ((A&B)=0)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsspolicycphash.1 b/utils/man/man1/tsspolicycphash.1
new file mode 100644
index 000000000..3e4a2ca42
--- /dev/null
+++ b/utils/man/man1/tsspolicycphash.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYCPHASH "1" "December 2019" "policycphash 1546" "User Commands"
+.SH NAME
+policycphash \- Runs TPM2 policycphash
+.SH DESCRIPTION
+policycphash
+.PP
+Runs TPM2_PolicyCpHash
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-cp\fR
+cpHash file
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsspolicyduplicationselect.1 b/utils/man/man1/tsspolicyduplicationselect.1
new file mode 100644
index 000000000..981c40f39
--- /dev/null
+++ b/utils/man/man1/tsspolicyduplicationselect.1
@@ -0,0 +1,28 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYDUPLICATIONSELECT "1" "December 2019" "policyduplicationselect 1546" "User Commands"
+.SH NAME
+policyduplicationselect \- Runs TPM2 policyduplicationselect
+.SH DESCRIPTION
+policyduplicationselect
+.PP
+Runs TPM2_PolicyDuplicationSelect
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-inpn\fR
+new parent Name file
+.TP
+\fB\-ion\fR
+object Name file
+.TP
+[\-io
+include object (default no)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsspolicygetdigest.1 b/utils/man/man1/tsspolicygetdigest.1
new file mode 100644
index 000000000..17feef71b
--- /dev/null
+++ b/utils/man/man1/tsspolicygetdigest.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYGETDIGEST "1" "December 2019" "policygetdigest 1546" "User Commands"
+.SH NAME
+policygetdigest \- Runs TPM2 policygetdigest
+.SH DESCRIPTION
+policygetdigest
+.PP
+Runs TPM2_PolicyGetDigest
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+[\-of
+binary digest file name (default do not save)]
diff --git a/utils/man/man1/tsspolicymaker.1 b/utils/man/man1/tsspolicymaker.1
new file mode 100644
index 000000000..714c949ce
--- /dev/null
+++ b/utils/man/man1/tsspolicymaker.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYMAKER "1" "December 2019" "policymaker 1546" "User Commands"
+.SH NAME
+policymaker \- Runs TPM2 policymaker
+.SH DESCRIPTION
+policymaker
+.TP
+[\-halg
+hash algorithm (sha1 sha256 sha384 sha512) (default sha256)]
+.TP
+[\-nz
+do not extend starting with zeros, just hash the last line]
+.TP
+\fB\-if\fR
+input policy statements in hex ascii
+.TP
+[\-of
+output file \- policy hash in binary]
+.TP
+[\-pr
+stdout \- policy hash in hex ascii]
+.TP
+[\-ns
+additionally print policy hash in hex ascii on one line]
+Useful to paste into policy OR
diff --git a/utils/man/man1/tsspolicymakerpcr.1 b/utils/man/man1/tsspolicymakerpcr.1
new file mode 100644
index 000000000..1952a60d9
--- /dev/null
+++ b/utils/man/man1/tsspolicymakerpcr.1
@@ -0,0 +1,29 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYMAKERPCR "1" "December 2019" "policymakerpcr 1546" "User Commands"
+.SH NAME
+policymakerpcr \- Runs TPM2 policymakerpcr
+.SH DESCRIPTION
+policymakerpcr
+.PP
+Creates a policyPCR term suitable for input to policymaker (hex ascii)
+.PP
+Assumes that the byte mask and PCR values are consistent
+.TP
+[\-halg
+hash algorithm  (sha1 sha256 sha384 sha512) (default sha256)]
+.TP
+\fB\-bm\fR
+pcr byte mask in hex, big endian
+.IP
+e.g. 010000 selects PCR 16
+e.g. ffffff selects all 24 PCRs
+.HP
+\fB\-if\fR input file \- PCR values, hex ascii, one per line, 24 max
+.IP
+required unless pcr mask is 0
+.TP
+[\-of
+output file \- policy hash in binary]
+.TP
+[\-pr
+stdout \- policy hash in hex ascii]
diff --git a/utils/man/man1/tsspolicynamehash.1 b/utils/man/man1/tsspolicynamehash.1
new file mode 100644
index 000000000..6b350d43a
--- /dev/null
+++ b/utils/man/man1/tsspolicynamehash.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYNAMEHASH "1" "December 2019" "policynamehash 1546" "User Commands"
+.SH NAME
+policynamehash \- Runs TPM2 policynamehash
+.SH DESCRIPTION
+policynamehash
+.PP
+Runs TPM2_PolicyNameHash
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-nh\fR
+NameHash file \- TPM2B_DIGEST
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsspolicynv.1 b/utils/man/man1/tsspolicynv.1
new file mode 100644
index 000000000..9a709df59
--- /dev/null
+++ b/utils/man/man1/tsspolicynv.1
@@ -0,0 +1,77 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYNV "1" "December 2019" "policynv 1546" "User Commands"
+.SH NAME
+policynv \- Runs TPM2 policynv
+.SH DESCRIPTION
+policynv
+.PP
+Runs TPM2_PolicyNV
+.TP
+[\-hi
+hierarchy authHandle (o, p)]
+default NV index
+.TP
+\fB\-ha\fR
+NV index handle (operand A)
+.TP
+[\-pwda
+password for authorization (default empty)]
+.TP
+\fB\-hs\fR
+policy session handle
+.TP
+\fB\-ic\fR
+data string (operandB)
+.TP
+\fB\-if\fR
+data file (operandB)
+.TP
+[\-off
+offset (default 0)]
+.TP
+\fB\-op\fR
+operation (default A = B)
+.TP
+0
+A = B
+.TP
+1
+A != B
+.TP
+2
+A > B signed    
+.TP
+3
+A > B unsigned  
+.TP
+4
+A < B signed    
+.TP
+5
+A < B unsigned  
+.TP
+6
+A >= B signed   
+.TP
+7
+A >= B unsigned 
+.TP
+8
+A <= B signed   
+.TP
+9
+A <= B unsigned 
+.TP
+A
+All bits SET in B are SET in A. ((A&B)=B)
+.TP
+B
+All bits SET in B are CLEAR in A. ((A&B)=0)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsspolicynvwritten.1 b/utils/man/man1/tsspolicynvwritten.1
new file mode 100644
index 000000000..5626c251d
--- /dev/null
+++ b/utils/man/man1/tsspolicynvwritten.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYNVWRITTEN "1" "December 2019" "policynvwritten 1546" "User Commands"
+.SH NAME
+policynvwritten \- Runs TPM2 policynvwritten
+.SH DESCRIPTION
+policynvwritten
+.PP
+Runs TPM2_PolicyNvWritten
+.TP
+\fB\-hs\fR
+policy session handle
+.TP
+\fB\-ws\fR
+written set (y, n)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+80
+audit
diff --git a/utils/man/man1/tsspolicyor.1 b/utils/man/man1/tsspolicyor.1
new file mode 100644
index 000000000..3ab13a9e1
--- /dev/null
+++ b/utils/man/man1/tsspolicyor.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYOR "1" "December 2019" "policyor 1546" "User Commands"
+.SH NAME
+policyor \- Runs TPM2 policyor
+.SH DESCRIPTION
+policyor
+.PP
+Runs TPM2_PolicyOR
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-if\fR
+policy digest file (2\-8 \fB\-if\fR specifiers required)
diff --git a/utils/man/man1/tsspolicypassword.1 b/utils/man/man1/tsspolicypassword.1
new file mode 100644
index 000000000..774ec8690
--- /dev/null
+++ b/utils/man/man1/tsspolicypassword.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYPASSWORD "1" "December 2019" "policypassword 1546" "User Commands"
+.SH NAME
+policypassword \- Runs TPM2 policypassword
+.SH DESCRIPTION
+policypassword
+.PP
+Runs TPM2_PolicyPassword
+.TP
+\fB\-ha\fR
+policy session handle
diff --git a/utils/man/man1/tsspolicypcr.1 b/utils/man/man1/tsspolicypcr.1
new file mode 100644
index 000000000..074f2e8f9
--- /dev/null
+++ b/utils/man/man1/tsspolicypcr.1
@@ -0,0 +1,18 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYPCR "1" "December 2019" "policypcr 1546" "User Commands"
+.SH NAME
+policypcr \- Runs TPM2 policypcr
+.SH DESCRIPTION
+policypcr
+.PP
+Runs TPM2_PolicyPCR
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+\fB\-bm\fR
+pcr mask in hex
+e.g., \fB\-bm\fR 10000 is PCR 16, 000001 is PCR 0
diff --git a/utils/man/man1/tsspolicyrestart.1 b/utils/man/man1/tsspolicyrestart.1
new file mode 100644
index 000000000..36b8222d0
--- /dev/null
+++ b/utils/man/man1/tsspolicyrestart.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYRESTART "1" "December 2019" "policyrestart 1546" "User Commands"
+.SH NAME
+policyrestart \- Runs TPM2 policyrestart
+.SH DESCRIPTION
+policyrestart
+.PP
+Runs TPM2_PolicyRestart
+.TP
+\fB\-ha\fR
+policy session handle
diff --git a/utils/man/man1/tsspolicysecret.1 b/utils/man/man1/tsspolicysecret.1
new file mode 100644
index 000000000..6e79d25fe
--- /dev/null
+++ b/utils/man/man1/tsspolicysecret.1
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYSECRET "1" "December 2019" "policysecret 1546" "User Commands"
+.SH NAME
+policysecret \- Runs TPM2 policysecret
+.SH DESCRIPTION
+policysecret
+.PP
+Runs TPM2_PolicySecret
+.TP
+\fB\-ha\fR
+authorizing entity handle
+.TP
+\fB\-hs\fR
+policy session handle
+.TP
+[\-in
+nonceTPM file (default none)]
+.TP
+[\-cp
+cpHash file (default none)]
+.TP
+[\-pref
+policyRef file (default none)]
+.TP
+[\-exp
+expiration (default none)]
+.TP
+[\-pwde
+authorizing entity password (default empty)]
+.TP
+[\-tk
+ticket file name]
+.TP
+[\-to
+timeout file name]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsspolicysigned.1 b/utils/man/man1/tsspolicysigned.1
new file mode 100644
index 000000000..e68c4b00d
--- /dev/null
+++ b/utils/man/man1/tsspolicysigned.1
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYSIGNED "1" "December 2019" "policysigned 1546" "User Commands"
+.SH NAME
+policysigned \- Runs TPM2 policysigned
+.SH DESCRIPTION
+policysigned
+.PP
+Runs TPM2_PolicySigned
+.TP
+\fB\-hk\fR
+signature verification key handle
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+[\-in
+nonceTPM file (default none)]
+.TP
+[\-cp
+cpHash file (default none)]
+.TP
+[\-pref
+policyRef file (default none)]
+.TP
+[\-exp
+expiration in decimal (default none)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+\fB\-sk\fR
+RSA signing key file name (PEM format)
+Use this signing key.
+.TP
+\fB\-is\fR
+signature file name
+Use this signature from e.g., a smart card or other HSM.
+.TP
+[\-pwdk
+signing key password (default null)]
+.TP
+[\-tk
+ticket file name]
+.TP
+[\-to
+timeout file name]
diff --git a/utils/man/man1/tsspolicytemplate.1 b/utils/man/man1/tsspolicytemplate.1
new file mode 100644
index 000000000..3662ed5b1
--- /dev/null
+++ b/utils/man/man1/tsspolicytemplate.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYTEMPLATE "1" "December 2019" "policytemplate 1546" "User Commands"
+.SH NAME
+policytemplate \- Runs TPM2 policytemplate
+.SH DESCRIPTION
+policytemplate
+.PP
+Runs TPM2_PolicyTemplate
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-te\fR
+template file
diff --git a/utils/man/man1/tsspolicyticket.1 b/utils/man/man1/tsspolicyticket.1
new file mode 100644
index 000000000..47c88f746
--- /dev/null
+++ b/utils/man/man1/tsspolicyticket.1
@@ -0,0 +1,30 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POLICYTICKET "1" "December 2019" "policyticket 1546" "User Commands"
+.SH NAME
+policyticket \- Runs TPM2 policyticket
+.SH DESCRIPTION
+policyticket
+.PP
+Runs TPM2_PolicyTicket
+.TP
+\fB\-ha\fR
+policy session handle
+.TP
+\fB\-to\fR
+timeout file name
+.TP
+[\-cp
+cpHash file (default none)]
+.TP
+[\-pref
+policyRef file (default none)]
+.TP
+\fB\-na\fR
+authName file (not hierarchy)
+.TP
+\fB\-hi\fR
+hierarchy (e, o, p) (authName is hierarchy)
+e endorsement, o owner, p platform
+.TP
+\fB\-tk\fR
+ticket file name
diff --git a/utils/man/man1/tsspowerup.1 b/utils/man/man1/tsspowerup.1
new file mode 100644
index 000000000..abd7b512d
--- /dev/null
+++ b/utils/man/man1/tsspowerup.1
@@ -0,0 +1,8 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH POWERUP "1" "December 2019" "powerup 1546" "User Commands"
+.SH NAME
+powerup \- Runs TPM2 powerup
+.SH DESCRIPTION
+powerup
+.PP
+Powers the simulator off and on, and powers up NV
diff --git a/utils/man/man1/tssprintattr.1 b/utils/man/man1/tssprintattr.1
new file mode 100644
index 000000000..6f71981f5
--- /dev/null
+++ b/utils/man/man1/tssprintattr.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PRINTATTR "1" "December 2019" "printattr 1546" "User Commands"
+.SH NAME
+printattr \- Runs TPM2 printattr
+.SH DESCRIPTION
+printattr
+.PP
+Prints TPMA attributes as text
+.HP
+\fB\-ob\fR TPMA_OBJECT
+.HP
+\fB\-se\fR TPMA_SESSION
+.HP
+\fB\-st\fR TPMA_STARTUP_CLEAR
+.HP
+\fB\-nv\fR TPMA_NV
diff --git a/utils/man/man1/tsspublicname.1 b/utils/man/man1/tsspublicname.1
new file mode 100644
index 000000000..1dc06edd2
--- /dev/null
+++ b/utils/man/man1/tsspublicname.1
@@ -0,0 +1,63 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PUBLICNAME "1" "December 2019" "publicname 1546" "User Commands"
+.SH NAME
+publicname \- Runs TPM2 publicname
+.SH DESCRIPTION
+publicname
+.PP
+Calculates the public name of an entity. There are times that a policy creator
+has TPM, PEM, or DER format information, but does not have access to a TPM.
+This utility accepts these inputs and outputs the name in the 'no spaces'
+format suitable for pasting into a policy.  The binary format is used in the
+regression test
+.TP
+\fB\-invpu\fR
+TPM2B_NV_PUBLIC public key file name
+.TP
+\fB\-ipu\fR
+TPM2B_PUBLIC public key file name
+.TP
+\fB\-ipem\fR
+PEM format public key file name
+.TP
+\fB\-ider\fR
+DER format plaintext key pair file name]
+.TP
+[\-on
+binary format Name file name]
+.TP
+[\-ns
+print Name in hexacsii]
+.IP
+\fB\-pem\fR and \fB\-ider\fR optional arguments
+.TP
+[\-rsa
+(default)]
+.TP
+[\-ecc
+]
+.TP
+[\-scheme
+for signing key (default RSASSA scheme)]
+.IP
+rsassa
+rsapss
+null
+.TP
+[\-nalg
+name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-halg
+scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-uwa
+userWithAuth attribute clear (default set)]
+.TP
+[\-si
+signing (default) RSA]
+.TP
+[\-st
+storage (default NULL scheme)]
+.TP
+[\-den
+decryption, (unrestricted, RSA and EC NULL scheme)
diff --git a/utils/man/man1/tssquote.1 b/utils/man/man1/tssquote.1
new file mode 100644
index 000000000..e99db734b
--- /dev/null
+++ b/utils/man/man1/tssquote.1
@@ -0,0 +1,46 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH QUOTE "1" "December 2019" "quote 1546" "User Commands"
+.SH NAME
+quote \- Runs TPM2 quote
+.SH DESCRIPTION
+quote
+.PP
+Runs TPM2_Quote
+.TP
+\fB\-hp\fR
+pcr handle (may be specified more than once)
+.TP
+\fB\-hk\fR
+quoting key handle
+.TP
+[\-pwdk
+password for quoting key (default empty)]
+.TP
+[\-halg
+for signing (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-palg
+for PCR bank selection (sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc, hmac) (default rsa)]
+.TP
+[\-qd
+qualifying data file name]
+.TP
+[\-os
+quote signature file name (default do not save)]
+.TP
+[\-oa
+attestation output file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssreadclock.1 b/utils/man/man1/tssreadclock.1
new file mode 100644
index 000000000..59ed1f719
--- /dev/null
+++ b/utils/man/man1/tssreadclock.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH READCLOCK "1" "December 2019" "readclock 1546" "User Commands"
+.SH NAME
+readclock \- Runs TPM2 readclock
+.SH DESCRIPTION
+readclock
+.PP
+Runs TPM2_ReadClock
+.TP
+[\-otime
+time file name (default do not save)]
+.TP
+[\-oclock
+clock file name (default do not save)]
diff --git a/utils/man/man1/tssreadpublic.1 b/utils/man/man1/tssreadpublic.1
new file mode 100644
index 000000000..aad802e93
--- /dev/null
+++ b/utils/man/man1/tssreadpublic.1
@@ -0,0 +1,32 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH READPUBLIC "1" "December 2019" "readpublic 1546" "User Commands"
+.SH NAME
+readpublic \- Runs TPM2 readpublic
+.SH DESCRIPTION
+readpublic
+.PP
+Runs TPM2_ReadPublic
+.TP
+\fB\-ho\fR
+object handle
+.TP
+[\-opu
+public key file name (default do not save)]
+.TP
+[\-opem
+public key PEM format file name (default do not save)]
+.TP
+[\-ns
+additionally print Name in hex ascii on one line]
+Useful to paste into policy
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+40
+response encrypt
+.TP
+80
+audit
diff --git a/utils/man/man1/tssreturncode.1 b/utils/man/man1/tssreturncode.1
new file mode 100644
index 000000000..1b7e413f8
--- /dev/null
+++ b/utils/man/man1/tssreturncode.1
@@ -0,0 +1,9 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH RETURNCODE "1" "December 2019" "returncode 1546" "User Commands"
+.SH NAME
+returncode \- Runs TPM2 returncode
+.SH SYNOPSIS
+.B returncode
+\fI\,hex-number\/\fR
+.SH DESCRIPTION
+Returns the TPM_RC name and text for the return code
diff --git a/utils/man/man1/tssrewrap.1 b/utils/man/man1/tssrewrap.1
new file mode 100644
index 000000000..34130eaa3
--- /dev/null
+++ b/utils/man/man1/tssrewrap.1
@@ -0,0 +1,43 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH REWRAP "1" "December 2019" "rewrap 1546" "User Commands"
+.SH NAME
+rewrap \- Runs TPM2 rewrap
+.SH DESCRIPTION
+rewrap
+.PP
+Runs TPM2_Rewrap
+.TP
+\fB\-ho\fR
+handle of object old parent
+.TP
+[\-pwdo
+password for old parent (default empty)]
+.TP
+\fB\-hn\fR
+handle of object new parent
+.TP
+\fB\-id\fR
+duplicate private area file name
+.TP
+\fB\-in\fR
+object name file name
+.TP
+\fB\-iss\fR
+input symmetric seed file name
+.TP
+[\-od
+rewrap private area file name (default do not save)]
+.TP
+[\-oss
+symmetric seed file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssrsadecrypt.1 b/utils/man/man1/tssrsadecrypt.1
new file mode 100644
index 000000000..d7e4a01f1
--- /dev/null
+++ b/utils/man/man1/tssrsadecrypt.1
@@ -0,0 +1,33 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH RSADECRYPT "1" "December 2019" "rsadecrypt 1546" "User Commands"
+.SH NAME
+rsadecrypt \- Runs TPM2 rsadecrypt
+.SH DESCRIPTION
+rsadecrypt
+.PP
+Runs TPM2_RSA_Decrypt
+.TP
+\fB\-hk\fR
+key handle
+.TP
+[\-pwdk
+password for key (default empty)[
+.IP
+[\-ipwdk password file for key, nul terminated (default empty)]
+\fB\-ie\fR     encrypt file name
+\fB\-od\fR     decrypt file name (default do not save)
+[\-oid   (sha1, sha256, sha384 sha512)]
+.IP
+optionally add OID and PKCS1 padding to the
+encrypt data (demo of signing with arbitrary OID)
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssrsaencrypt.1 b/utils/man/man1/tssrsaencrypt.1
new file mode 100644
index 000000000..1b7cedea1
--- /dev/null
+++ b/utils/man/man1/tssrsaencrypt.1
@@ -0,0 +1,17 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH RSAENCRYPT "1" "December 2019" "rsaencrypt 1546" "User Commands"
+.SH NAME
+rsaencrypt \- Runs TPM2 rsaencrypt
+.SH DESCRIPTION
+rsaencrypt
+.PP
+Runs TPM2_RSA_Encrypt
+.TP
+\fB\-hk\fR
+key handle
+.TP
+\fB\-id\fR
+decrypt file name
+.TP
+[\-oe
+encrypt file name (default do not save)]
diff --git a/utils/man/man1/tsssequencecomplete.1 b/utils/man/man1/tsssequencecomplete.1
new file mode 100644
index 000000000..2eb151cd3
--- /dev/null
+++ b/utils/man/man1/tsssequencecomplete.1
@@ -0,0 +1,34 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SEQUENCECOMPLETE "1" "December 2019" "sequencecomplete 1546" "User Commands"
+.SH NAME
+sequencecomplete \- Runs TPM2 sequencecomplete
+.SH DESCRIPTION
+sequencecomplete
+.PP
+Runs TPM2_SequenceComplete
+.TP
+\fB\-hs\fR
+sequence handle
+.TP
+[\-pwds
+password for sequence (default empty)]
+.TP
+[\-if
+input file to be added (default no data)]
+.TP
+[\-of
+result file name]
+.TP
+[\-tk
+ticket file name]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tsssequenceupdate.1 b/utils/man/man1/tsssequenceupdate.1
new file mode 100644
index 000000000..4c2646c95
--- /dev/null
+++ b/utils/man/man1/tsssequenceupdate.1
@@ -0,0 +1,22 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SEQUENCEUPDATE "1" "December 2019" "sequenceupdate 1546" "User Commands"
+.SH NAME
+sequenceupdate \- Runs TPM2 sequenceupdate
+.SH DESCRIPTION
+sequenceupdate
+.PP
+Runs TPM2_SequenceUpdate
+.TP
+\fB\-hs\fR
+sequence handle
+.TP
+[\-pwds
+password for sequence (default empty)]
+.TP
+\fB\-if\fR
+input file to be HMACed
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.IP
+01 continue
+20 command decrypt
diff --git a/utils/man/man1/tsssetcommandcodeauditstatus.1 b/utils/man/man1/tsssetcommandcodeauditstatus.1
new file mode 100644
index 000000000..d856a3df4
--- /dev/null
+++ b/utils/man/man1/tsssetcommandcodeauditstatus.1
@@ -0,0 +1,31 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SETCOMMANDCODEAUDITSTATUS "1" "December 2019" "setcommandcodeauditstatus 1546" "User Commands"
+.SH NAME
+setcommandcodeauditstatus \- Runs TPM2 setcommandcodeauditstatus
+.SH DESCRIPTION
+setprimarypolicy
+.PP
+Runs TPM2_SetCommandCodeAuditStatus
+.TP
+[\-hi
+authhandle hierarchy (o, p) (default platform)]
+.TP
+[\-pwda
+authorization password (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512, null) (default null)]
+.TP
+[\-set
+command code to set (may be specified more than once (default none)]
+.TP
+[\-clr
+command code to clear (may be specified more than once (default none)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsssetprimarypolicy.1 b/utils/man/man1/tsssetprimarypolicy.1
new file mode 100644
index 000000000..92f77966c
--- /dev/null
+++ b/utils/man/man1/tsssetprimarypolicy.1
@@ -0,0 +1,28 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SETPRIMARYPOLICY "1" "December 2019" "setprimarypolicy 1546" "User Commands"
+.SH NAME
+setprimarypolicy \- Runs TPM2 setprimarypolicy
+.SH DESCRIPTION
+setprimarypolicy
+.PP
+Runs TPM2_SetPrimaryPolicy
+.TP
+[\-hi
+authhandle hierarchy (l, e, o, p) (default platform)]
+.TP
+[\-pwda
+authorization password (default empty)]
+.TP
+[\-pol
+policy file (default empty policy)]
+.TP
+[\-halg
+(sha1, sha256) (default null)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tssshutdown.1 b/utils/man/man1/tssshutdown.1
new file mode 100644
index 000000000..5bc49c1fc
--- /dev/null
+++ b/utils/man/man1/tssshutdown.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SHUTDOWN "1" "December 2019" "shutdown 1546" "User Commands"
+.SH NAME
+shutdown \- Runs TPM2 shutdown
+.SH DESCRIPTION
+shutdown
+.PP
+Runs TPM2_Shutdown
+.TP
+[\-c
+shutdown clear (default)]
+.TP
+[\-s
+shutdown state]
diff --git a/utils/man/man1/tsssign.1 b/utils/man/man1/tsssign.1
new file mode 100644
index 000000000..05d6c8182
--- /dev/null
+++ b/utils/man/man1/tsssign.1
@@ -0,0 +1,48 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SIGN "1" "December 2019" "sign 1546" "User Commands"
+.SH NAME
+sign \- Runs TPM2 sign
+.SH DESCRIPTION
+sign
+.PP
+Runs TPM2_Sign
+.TP
+\fB\-hk\fR
+key handle
+.TP
+\fB\-if\fR
+input message to hash and sign
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-salg
+signature algorithm (rsa, ecc, hmac) (default rsa)]
+.IP
+[\-scheme signing scheme (rsassa, rsapss, ecdsa, ecdaa, hmac)]
+.IP
+(default rsassa, ecdsa, hmac)]
+.TP
+[\-cf
+input counter file (commit count required for ECDAA scheme]
+.TP
+[\-ipu
+public key file name to verify signature (default no verify)]
+Verify only supported for RSA now
+.TP
+[\-os
+signature file name (default do not save)]
+.TP
+[\-tk
+ticket file name]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
diff --git a/utils/man/man1/tsssignapp.1 b/utils/man/man1/tsssignapp.1
new file mode 100644
index 000000000..17d472d05
--- /dev/null
+++ b/utils/man/man1/tsssignapp.1
@@ -0,0 +1,15 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SIGNAPP "1" "December 2019" "signapp 1546" "User Commands"
+.SH NAME
+signapp \- Runs TPM2 signapp
+.SH DESCRIPTION
+signapp
+.PP
+Runs a TPM2_Sign application, including creating a primary storage key
+and creating and loading a signing key
+.TP
+\fB\-ic\fR
+input message to hash and sign
+.TP
+[\-pwsess
+Use a password session, no HMAC or parameter encryption]
diff --git a/utils/man/man1/tssstartauthsession.1 b/utils/man/man1/tssstartauthsession.1
new file mode 100644
index 000000000..c1fbe5b5d
--- /dev/null
+++ b/utils/man/man1/tssstartauthsession.1
@@ -0,0 +1,37 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH STARTAUTHSESSION "1" "December 2019" "startauthsession 1546" "User Commands"
+.SH NAME
+startauthsession \- Runs TPM2 startauthsession
+.SH DESCRIPTION
+startauthsession
+.PP
+Runs TPM2_StartAuthSession
+.HP
+\fB\-se\fR
+.TP
+h
+HMAC session
+.TP
+p
+Policy session
+.TP
+t
+Trial policy session
+.TP
+[\-halg
+(sha1, sha256, sha384, sha512) (default sha256)]
+.TP
+[\-hs
+salt handle (default TPM_RH_NULL)]
+.TP
+[\-bi
+bind handle (default TPM_RH_NULL)]
+.TP
+[\-pwdb
+bind password for bind handle (default empty)]
+.TP
+[\-sym
+(xor, aes) symmetric parameter encryption algorithm (default xor)]
+.TP
+[\-on
+nonceTPM file for policy session (default do not save)]
diff --git a/utils/man/man1/tssstartup.1 b/utils/man/man1/tssstartup.1
new file mode 100644
index 000000000..93db32cd8
--- /dev/null
+++ b/utils/man/man1/tssstartup.1
@@ -0,0 +1,20 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH STARTUP "1" "December 2019" "startup 1546" "User Commands"
+.SH NAME
+startup \- Runs TPM2 startup
+.SH DESCRIPTION
+startup
+.PP
+Runs TPM2_Startup
+.TP
+[\-c
+startup clear (default)]
+.TP
+[\-s
+startup state]
+.TP
+[\-st
+run TPM2_SelfTest]
+.TP
+[\-sto
+run only TPM2_SelfTest (no startup)]
diff --git a/utils/man/man1/tssstirrandom.1 b/utils/man/man1/tssstirrandom.1
new file mode 100644
index 000000000..42fc5a06d
--- /dev/null
+++ b/utils/man/man1/tssstirrandom.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH STIRRANDOM "1" "December 2019" "stirrandom 1546" "User Commands"
+.SH NAME
+stirrandom \- Runs TPM2 stirrandom
+.SH DESCRIPTION
+stirrandom
+.PP
+Runs TPM2_StirRandom
+.TP
+\fB\-if\fR
+input file name
diff --git a/utils/man/man1/tsstimepacket.1 b/utils/man/man1/tsstimepacket.1
new file mode 100644
index 000000000..56f3eafe4
--- /dev/null
+++ b/utils/man/man1/tsstimepacket.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH TIMEPACKET "1" "December 2019" "timepacket 1546" "User Commands"
+.SH NAME
+timepacket \- Runs TPM2 timepacket
+.SH DESCRIPTION
+timepacket
+.PP
+Times the supplied packet
+.TP
+\fB\-if\fR
+packet in hexascii (requires one space at end of packet)
+.TP
+[\-l
+number of loops to time (default 1)]
diff --git a/utils/man/man1/tsstpm2pem.1 b/utils/man/man1/tsstpm2pem.1
new file mode 100644
index 000000000..6a18fc426
--- /dev/null
+++ b/utils/man/man1/tsstpm2pem.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH TPM2PEM "1" "December 2019" "tpm2pem 1546" "User Commands"
+.SH NAME
+tpm2pem \- Runs TPM2 tpm2pem
+.SH DESCRIPTION
+tpm2pem
+.PP
+Converts an RSA or EC TPM2B_PUBLIC to PEM
+.TP
+\fB\-ipu\fR
+public key input file in TPM format
+.TP
+\fB\-opem\fR
+public key output file in PEM format
diff --git a/utils/man/man1/tsstpmcmd.1 b/utils/man/man1/tsstpmcmd.1
new file mode 100644
index 000000000..f9e958367
--- /dev/null
+++ b/utils/man/man1/tsstpmcmd.1
@@ -0,0 +1,11 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH TPMCMD "1" "December 2019" "tpmcmd 1550" "User Commands"
+.SH NAME
+tpmcmd \- Runs TPM2 tpmcmd
+.SH DESCRIPTION
+tpmcmd
+.PP
+Sends an in\-band TPM simulator signal
+.TP
+\fB\-stop\fR
+Stop the TPM simulator
diff --git a/utils/man/man1/tsstpmpublic2eccpoint.1 b/utils/man/man1/tsstpmpublic2eccpoint.1
new file mode 100644
index 000000000..6f26caf57
--- /dev/null
+++ b/utils/man/man1/tsstpmpublic2eccpoint.1
@@ -0,0 +1,17 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH TPMPUBLIC2ECCPOINT "1" "December 2019" "tpmpublic2eccpoint 1546" "User Commands"
+.SH NAME
+tpmpublic2eccpoint \- Runs TPM2 tpmpublic2eccpoint
+.SH DESCRIPTION
+tpmpublic2eccpoint
+.PP
+Converts an EC TPM2B_PUBLIC to TPM2B_ECC_POINT.  The intended use case
+is to convert the public key output of certain commands (TPM2_CreatePrimary,
+TPM2_Create, TPM2_CreateLoaded, TPM2_ReadPublic) to a format useful for
+TPM2_ZGen_2Phase.
+.TP
+\fB\-ipu\fR
+EC public key input file in TPM TPM2B_PUBLIC format
+.TP
+\fB\-pt\fR
+EC public key output file in TPM TPM2B_ECC_POINT format
diff --git a/utils/man/man1/tssunseal.1 b/utils/man/man1/tssunseal.1
new file mode 100644
index 000000000..d2a9b73e1
--- /dev/null
+++ b/utils/man/man1/tssunseal.1
@@ -0,0 +1,25 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH UNSEAL "1" "December 2019" "unseal 1546" "User Commands"
+.SH NAME
+unseal \- Runs TPM2 unseal
+.SH DESCRIPTION
+unseal
+.PP
+Runs TPM2_Unseal
+.TP
+\fB\-ha\fR
+sealed data item handle
+.TP
+[\-pwd
+password sealed data item (default empty)]
+.TP
+[\-of
+output data (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+40
+response encrypt
diff --git a/utils/man/man1/tssverifysignature.1 b/utils/man/man1/tssverifysignature.1
new file mode 100644
index 000000000..6dfe6cd5b
--- /dev/null
+++ b/utils/man/man1/tssverifysignature.1
@@ -0,0 +1,59 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH VERIFYSIGNATURE "1" "December 2019" "verifysignature 1546" "User Commands"
+.SH NAME
+verifysignature \- Runs TPM2 verifysignature
+.SH DESCRIPTION
+verifysignature
+.PP
+Runs TPM2_VerifySignature and/or verifies using the PEM public key
+.TP
+\fB\-if\fR
+input message file name
+.TP
+\fB\-ih\fR
+input hash file name
+.IP
+One of \fB\-if\fR, \fB\-ih\fR must be specified
+.TP
+\fB\-is\fR
+signature file name
+.TP
+[\-raw
+signature specified by \fB\-is\fR is in raw format]
+(default TPMT_SIGNATURE)
+.TP
+\fB\-hk\fR
+key handle
+.TP
+\fB\-ipem\fR
+public key PEM format file name to verify signature
+.TP
+\fB\-ihmac\fR
+HMAC key in raw binary format file name to verify signature
+.IP
+One of \fB\-hk\fR, \fB\-ipem\fR, \fB\-ihmac\fR must be specified
+.TP
+[\-tk
+ticket file name (requires \fB\-hk\fR)]
+.TP
+[\-halg
+(sha1, sha256, sha384 sha512) (default sha256)]
+.IP
+[Asymmetric Key Algorithm]
+.TP
+[\-rsa
+(default)]
+.TP
+[\-ecc
+]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default NULL)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+80
+audit
diff --git a/utils/man/man1/tsswriteapp.1 b/utils/man/man1/tsswriteapp.1
new file mode 100644
index 000000000..92090db43
--- /dev/null
+++ b/utils/man/man1/tsswriteapp.1
@@ -0,0 +1,15 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH WRITEAPP "1" "December 2019" "writeapp 1546" "User Commands"
+.SH NAME
+writeapp \- Runs TPM2 writeapp
+.SH DESCRIPTION
+writeapp
+.PP
+writeapp is a sample NV write application.  Provisions an NV location,
+then does two writes with password 'pwd' using a bound, salted
+HMAC session using AES CFB parameter encryption.
+.PP
+Used to test minimal TSS build
+.TP
+[\-pwsess
+Use a password session, no HMAC or parameter encryption]
diff --git a/utils/man/man1/tsszgen2phase.1 b/utils/man/man1/tsszgen2phase.1
new file mode 100644
index 000000000..8d9091910
--- /dev/null
+++ b/utils/man/man1/tsszgen2phase.1
@@ -0,0 +1,47 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH ZGEN2PHASE "1" "December 2019" "zgen2phase 1546" "User Commands"
+.SH NAME
+zgen2phase \- Runs TPM2 zgen2phase
+.SH DESCRIPTION
+zgen2phase
+.PP
+Runs TPM2_ZGen_2Phase
+.TP
+\fB\-hk\fR
+unrestricted decryption key handle
+.TP
+[\-pwdk
+password for key (default empty)]
+.TP
+\fB\-qsb\fR
+QsB point input file name
+.TP
+\fB\-qeb\fR
+QeB point input file name
+.TP
+\fB\-cf\fR
+counter file name
+.TP
+[\-scheme
+(default ecdh)]
+.IP
+ecdh
+ecmqv
+sm2
+.TP
+[\-z1
+Z1 output data file name (default do not save)]
+.TP
+[\-z2
+Z2 output data file name (default do not save)]
+.HP
+\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
+.TP
+01
+continue
+.TP
+20
+command decrypt
+.TP
+40
+response encrypt
diff --git a/utils/ntc2getconfig.c b/utils/ntc2getconfig.c
new file mode 100644
index 000000000..722215354
--- /dev/null
+++ b/utils/ntc2getconfig.c
@@ -0,0 +1,199 @@
+/********************************************************************************/
+/*										*/
+/*			   Nuvoton GetConfig 	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   Gets the Nuvoton preConfig registers.  Optionally checks 'lock' and several
+   hard coded configurations.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+#include "ntc2lib.h"
+
+static void printUsage(void);
+static void printHexResponse(NTC2_CFG_STRUCT *preConfig);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    		/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NTC2_GetConfig_Out 		out;
+    NTC2_CFG_STRUCT 		preConfig;	
+    int 			verify = FALSE;
+    int 			verifyLocked = FALSE;
+    int				p8 = FALSE;
+    int				p9 = FALSE;
+  
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-verify") == 0) {
+	    verify = TRUE;
+	}
+	else if (strcmp(argv[i],"-verifylocked") == 0) {
+	    verify = TRUE;
+	    verifyLocked = TRUE;
+	}
+	else if (strcmp(argv[i],"-p8") == 0) {
+	    p8 = TRUE;
+	}
+	else if (strcmp(argv[i],"-p9") == 0) {
+	    p9 = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (verify) {
+	if (!p8 && !p9) {
+	    printf("Either -p8 or -p9 must be specified\n");
+	    printUsage();
+	}
+	if (p8 && p9) {
+	    printf("-p8 and -p9 cannot both be specified\n");
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 NULL,
+			 NULL,
+			 NTC2_CC_GetConfig,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printHexResponse(&out.preConfig);
+    }
+    /* required / expected values */
+    if (verify) {
+	if (rc == 0) {
+	    requiredConfig(&preConfig, p9);
+	}
+	if (rc == 0) {
+	    rc = verifyConfig(&preConfig,	/* expected */
+			      &out.preConfig,	/* actual */
+			      verifyLocked);	/* expect locked */
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("ntc2getconfig: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("ntc2getconfig: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* printHexResponse() prints the read preConfig in a concise hex format */
+
+static void printHexResponse(NTC2_CFG_STRUCT *preConfig)
+{
+    printf("i2cLoc1_2:\t%02x\n", preConfig->i2cLoc1_2);
+    printf("i2cLoc3_4:\t%02x\n", preConfig->i2cLoc3_4);
+    printf("AltCfg:\t\t%02x\n", preConfig->AltCfg);
+    printf("Direction:\t%02x\n", preConfig->Direction);
+    printf("PullUp:\t\t%02x\n", preConfig->PullUp);
+    printf("PushPull:\t%02x\n", preConfig->PushPull);
+    printf("CFG_A:\t\t%02x\n", preConfig->CFG_A);
+    printf("CFG_B:\t\t%02x\n", preConfig->CFG_B);
+    printf("CFG_C:\t\t%02x\n", preConfig->CFG_C);
+    printf("CFG_D:\t\t%02x\n", preConfig->CFG_D);
+    printf("CFG_E:\t\t%02x\n", preConfig->CFG_E);
+    printf("CFG_F:\t\t%02x\n", preConfig->CFG_F);
+    printf("CFG_G:\t\t%02x\n", preConfig->CFG_G);
+    printf("CFG_H:\t\t%02x\n", preConfig->CFG_H);
+    printf("CFG_I:\t\t%02x\n", preConfig->CFG_I);
+    printf("CFG_J:\t\t%02x\n", preConfig->CFG_J);
+    printf("IsValid:\t%02x\n", preConfig->IsValid);
+    printf("IsLocked:\t%02x\n", preConfig->IsLocked);
+    return;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("ntc2getconfig\n");
+    printf("\n");
+    printf("Runs NTC2_GetConfig\n");
+    printf("\n");
+    printf("\t[-verify\tVerify results against System P default (default no verify)]\n");
+    printf("\t[-verifylocked\tAlso verify that the preconfig is locked\n"
+	   "\t\t(default verify not locked)]\n");
+    printf("\t[-p8 or -p9\tVerify Nuvoton TPM for P8 or P9]");
+    printf("\n");
+    exit(1);
+}
diff --git a/utils/ntc2lib.c b/utils/ntc2lib.c
new file mode 100644
index 000000000..29bd08ba5
--- /dev/null
+++ b/utils/ntc2lib.c
@@ -0,0 +1,210 @@
+/********************************************************************************/
+/*										*/
+/*	     	TPM2 Nuvoton Proprietary Command Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: ntc2lib.c 1290 2018-08-01 14:45:24Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2018					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "ntc2lib.h"
+
+/* verifyConfig() compares the expected and actual values for the entire NTC2_CFG_STRUCT structure.
+
+   If verifyLocked is TRUE, checks that the configuration is locked.  If FALSE, checks that the
+   configuration is not locked
+*/
+
+TPM_RC verifyConfig(NTC2_CFG_STRUCT *expected, NTC2_CFG_STRUCT *actual, int verifyLocked)
+{
+    TPM_RC			rc = 0;
+    int b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16;
+    b0 = (actual->i2cLoc1_2 	== expected->i2cLoc1_2);
+    if (!b0) {
+	printf("ERROR: i2cLoc1_2 expect %02x actual %02x\n", expected->i2cLoc1_2, actual->i2cLoc1_2);
+	rc = TPM_RC_VALUE;
+    }
+    b1 = (actual->i2cLoc3_4 	== expected->i2cLoc3_4);
+    if (!b1) {
+	printf("ERROR: i2cLoc3_4 expect %02x actual %02x\n", expected->i2cLoc3_4, actual->i2cLoc3_4);
+	rc = TPM_RC_VALUE;
+    }
+    b2 = (actual->AltCfg 		== expected->AltCfg);
+    if (!b2) {
+	printf("ERROR: AltCfg expect %02x actual %02x\n", expected->AltCfg, actual->AltCfg);
+	rc = TPM_RC_VALUE;
+    }
+    b3 = (actual->Direction 	== expected->Direction);
+    if (!b3) {
+	printf("ERROR: Direction expect %02x actual %02x\n", expected->Direction, actual->Direction);
+	rc = TPM_RC_VALUE;
+    }
+    b4 = (actual->PullUp 		== expected->PullUp);
+    if (!b4) {
+	printf("ERROR: PullUp expect %02x actual %02x\n", expected->PullUp, actual->PullUp);
+	rc = TPM_RC_VALUE;
+    }
+    b5 = (actual->PushPull 		== expected->PushPull);
+    if (!b5) {
+	printf("ERROR: PushPull expect %02x actual %02x\n", expected->PushPull, actual->PushPull);
+	rc = TPM_RC_VALUE;
+    }
+    b6 = (actual->CFG_A 		== expected->CFG_A);
+    if (!b6) {
+	printf("ERROR: CFG_A expect %02x actual %02x\n", expected->CFG_A, actual->CFG_A);
+	rc = TPM_RC_VALUE;
+    }
+    b7 = (actual->CFG_B 		== expected->CFG_B);
+    if (!b7) {
+	printf("ERROR: CFG_B expect %02x actual %02x\n", expected->CFG_B, actual->CFG_B);
+	rc = TPM_RC_VALUE;
+    }
+    b8 = (actual->CFG_C 		== expected->CFG_C);
+    if (!b8) {
+	printf("ERROR: CFG_C expect %02x actual %02x\n", expected->CFG_C, actual->CFG_C);
+	rc = TPM_RC_VALUE;
+    }
+    b9 = (actual->CFG_D 		== expected->CFG_D);
+    if (!b9) {
+	printf("ERROR: CFG_D expect %02x actual %02x\n", expected->CFG_D, actual->CFG_D);
+	rc = TPM_RC_VALUE;
+    }
+    b10 = (actual->CFG_E 		== expected->CFG_E);
+    if (!b10) {
+	printf("CFG_E expect %02x actual %02x\n", expected->CFG_E, actual->CFG_E);
+	rc = TPM_RC_VALUE;
+    }
+    b11 = (actual->CFG_F 		== expected->CFG_F);
+    if (!b11) {
+	printf("CFG_F expect %02x actual %02x\n", expected->CFG_F, actual->CFG_F);
+	rc = TPM_RC_VALUE;
+    }
+    b12 = (actual->CFG_G 		== expected->CFG_G);
+    if (!b12) {
+	printf("ERROR: CFG_G expect %02x actual %02x\n", expected->CFG_G, actual->CFG_G);
+	rc = TPM_RC_VALUE;
+    }
+    b13 = (actual->CFG_H 		== expected->CFG_H);
+    if (!b13) {
+	printf("ERROR: CFG_H expect %02x actual %02x\n", expected->CFG_H, actual->CFG_H);
+	rc = TPM_RC_VALUE;
+    }
+    b14 = (actual->CFG_I 		== expected->CFG_I);
+    if (!b14) {
+	printf("ERROR: CFG_I expect %02x actual %02x\n", expected->CFG_I, actual->CFG_I);
+	rc = TPM_RC_VALUE;
+    }
+    b15 = (actual->CFG_J 		== expected->CFG_J);
+    if (!b15) {
+	printf("ERROR: CFG_J expect %02x actual %02x\n", expected->CFG_J, actual->CFG_J);
+	rc = TPM_RC_VALUE;
+    }
+    b16 = (actual->IsValid 		== expected->IsValid);
+    if (!b16) {
+	printf("ERROR: IsValid expect %02x actual %02x\n", expected->IsValid, actual->IsValid);
+	rc = TPM_RC_VALUE;
+    }
+    if (verifyLocked) {
+	if (actual->IsLocked != 0xaa) {
+	    printf("ERROR: IsLocked is %02x not %02x\n",
+		   actual->IsLocked, 0xaa);
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    else {
+	if (actual->IsLocked != 0xff) {
+	    printf("ERROR: IsLocked %02x not %02x\n",
+		   actual->IsLocked, 0xff);
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    return rc;
+}
+
+/* requiredConfig() fills in the structure with the required values
+
+   p9 FALSE uses P8 values.  p9 TRUE uses P9 values
+*/
+
+void requiredConfig(NTC2_CFG_STRUCT *preConfig, int p9)
+{
+    /* p8 preConfig */
+    if (!p9) {
+	preConfig->i2cLoc1_2 	= P8_REQUIRED_i2cLoc1_2;
+	preConfig->i2cLoc3_4 	= P8_REQUIRED_i2cLoc3_4;
+	preConfig->AltCfg 	= P8_REQUIRED_AltCfg;
+	preConfig->Direction 	= P8_REQUIRED_Direction;
+	preConfig->PullUp 	= P8_REQUIRED_PullUp;
+	preConfig->PushPull 	= P8_REQUIRED_PushPull;
+	preConfig->CFG_A 	= P8_REQUIRED_CFG_A;
+	preConfig->CFG_B 	= P8_REQUIRED_CFG_B;
+	preConfig->CFG_C 	= P8_REQUIRED_CFG_C;
+	preConfig->CFG_D 	= P8_REQUIRED_CFG_D;
+	preConfig->CFG_E 	= P8_REQUIRED_CFG_E;
+	preConfig->CFG_F 	= P8_REQUIRED_CFG_F;
+	preConfig->CFG_G 	= P8_REQUIRED_CFG_G;
+	preConfig->CFG_H 	= P8_REQUIRED_CFG_H;
+	preConfig->CFG_I 	= P8_REQUIRED_CFG_I;
+	preConfig->CFG_J 	= P8_REQUIRED_CFG_J;
+	preConfig->IsValid 	= P8_REQUIRED_IsValid;
+	preConfig->IsLocked 	= P8_REQUIRED_IsLocked;
+    }
+    /* p9 preConfig */
+    else {
+	preConfig->i2cLoc1_2 	= P9_REQUIRED_i2cLoc1_2;
+	preConfig->i2cLoc3_4 	= P9_REQUIRED_i2cLoc3_4;
+	preConfig->AltCfg 	= P9_REQUIRED_AltCfg;
+	preConfig->Direction 	= P9_REQUIRED_Direction;
+	preConfig->PullUp 	= P9_REQUIRED_PullUp;
+	preConfig->PushPull 	= P9_REQUIRED_PushPull;
+	preConfig->CFG_A 	= P9_REQUIRED_CFG_A;
+	preConfig->CFG_B 	= P9_REQUIRED_CFG_B;
+	preConfig->CFG_C 	= P9_REQUIRED_CFG_C;
+	preConfig->CFG_D 	= P9_REQUIRED_CFG_D;
+	preConfig->CFG_E 	= P9_REQUIRED_CFG_E;
+	preConfig->CFG_F 	= P9_REQUIRED_CFG_F;
+	preConfig->CFG_G 	= P9_REQUIRED_CFG_G;
+	preConfig->CFG_H 	= P9_REQUIRED_CFG_H;
+	preConfig->CFG_I 	= P9_REQUIRED_CFG_I;
+	preConfig->CFG_J 	= P9_REQUIRED_CFG_J;
+	preConfig->IsValid 	= P9_REQUIRED_IsValid;
+	preConfig->IsLocked 	= P9_REQUIRED_IsLocked;
+    }
+    return;
+}
+
+
diff --git a/utils/ntc2lib.h b/utils/ntc2lib.h
new file mode 100644
index 000000000..4d37959fb
--- /dev/null
+++ b/utils/ntc2lib.h
@@ -0,0 +1,116 @@
+/********************************************************************************/
+/*										*/
+/*	     	TPM2 Novoton Proprietary Command Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: ntc2lib.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2017					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef NTC2LIB_H
+#define NTC2LIB_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/TPM_Types.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+/* default values for System P8 I2C */
+
+#define P8_REQUIRED_i2cLoc1_2  	0xff
+#define P8_REQUIRED_i2cLoc3_4  	0xff
+#define P8_REQUIRED_AltCfg	0x03
+#define P8_REQUIRED_Direction  	0x00
+#define P8_REQUIRED_PullUp    	0xff
+#define P8_REQUIRED_PushPull   	0xff
+#define P8_REQUIRED_CFG_A    	0xfe
+#define P8_REQUIRED_CFG_B    	0xff
+#define P8_REQUIRED_CFG_C    	0xff
+#define P8_REQUIRED_CFG_D    	0xff
+#define P8_REQUIRED_CFG_E    	0xff
+#define P8_REQUIRED_CFG_F    	0xff
+#define P8_REQUIRED_CFG_G    	0xff
+#define P8_REQUIRED_CFG_H    	0xff
+#define P8_REQUIRED_CFG_I    	0xff
+#define P8_REQUIRED_CFG_J    	0xff
+#define P8_REQUIRED_IsValid    	0xaa
+#define P8_REQUIRED_IsLocked	0x00;
+
+/* default values for System P8 I2C */
+
+#define P9_REQUIRED_i2cLoc1_2  	0xa9		/* changed */
+#define P9_REQUIRED_i2cLoc3_4  	0xa5		/* changed */
+#define P9_REQUIRED_AltCfg	0x03
+#define P9_REQUIRED_Direction  	0x00
+#define P9_REQUIRED_PullUp    	0xff
+#define P9_REQUIRED_PushPull   	0xff
+#define P9_REQUIRED_CFG_A    	0xfe
+#define P9_REQUIRED_CFG_B    	0xff
+#define P9_REQUIRED_CFG_C    	0xff
+#define P9_REQUIRED_CFG_D    	0xff
+#define P9_REQUIRED_CFG_E    	0xff
+#define P9_REQUIRED_CFG_F    	0xff
+#define P9_REQUIRED_CFG_G    	0xff
+#define P9_REQUIRED_CFG_H    	0xf0		/* changed */
+#define P9_REQUIRED_CFG_I    	0xff
+#define P9_REQUIRED_CFG_J    	0xff
+#define P9_REQUIRED_IsValid    	0xaa
+#define P9_REQUIRED_IsLocked	0x00;
+
+/* required values, others not supported */
+
+#define FIXED_Direction   	0x00
+#define FIXED_PullUp    	0xff
+#define FIXED_PushPull    	0xff
+#define FIXED_CFG_F    		0xff
+#define FIXED_CFG_I    		0xff
+#define FIXED_CFG_J    		0xff
+#define FIXED_IsValid    	0xaa
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC
+    verifyConfig(NTC2_CFG_STRUCT *expected, NTC2_CFG_STRUCT *actual, int verifyLocked);
+    void
+    requiredConfig(NTC2_CFG_STRUCT *preConfig, int p9);
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/ntc2lockconfig.c b/utils/ntc2lockconfig.c
new file mode 100644
index 000000000..983379c34
--- /dev/null
+++ b/utils/ntc2lockconfig.c
@@ -0,0 +1,135 @@
+/********************************************************************************/
+/*										*/
+/*			   Nuvoton Lock Preconfig  				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   Locks the Nuvoton preConfig registers
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+#include "ntc2lib.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    		/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    int				lock = FALSE;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-lock") == 0) {
+	    lock = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (!lock) {
+	printf("\nntc2lockpreconfig requires -lock\n");
+	printUsage();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 NULL,
+			 NULL,
+			 NTC2_CC_LockPreConfig,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("ntc2lockpreconfig: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("ntc2lockpreconfig: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("ntc2lockpreconfig\n");
+    printf("\n");
+    printf("Runs NTC2_LockPreConfig\n");
+    printf("\n");
+    printf("-lock\t(required)\n");
+    printf("\n");
+    exit(1);
+}
+
diff --git a/utils/ntc2preconfig.c b/utils/ntc2preconfig.c
new file mode 100644
index 000000000..3d8c35b70
--- /dev/null
+++ b/utils/ntc2preconfig.c
@@ -0,0 +1,579 @@
+/********************************************************************************/
+/*										*/
+/*			   Nuvoton Preconfig 	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* The function permits configuring either standard manufacturing values or individual registers.
+
+   The hard coded values are in ../src/ntc2lib.h.  They are configured as a set.
+
+   That file also has certain required values that cannot be changed.
+
+   To override the standard manufacturing values, cautiously use -override.  This can brick the TPM,
+   since it's setting up the bus interface.  Override does a red-modify-write, reading the registers
+   and substiuting the new values.
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+#include "ntc2lib.h"
+
+static void printUsage(void);
+static TPM_RC fixedConfig(NTC2_CFG_STRUCT *preConfig);
+static void mergeConfig(NTC2_CFG_STRUCT *preConfigOut,
+			const NTC2_CFG_STRUCT *preConfigIn,
+			const NTC2_CFG_STRUCT *preConfigSet);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    		/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NTC2_GetConfig_Out 		out;
+    NTC2_PreConfig_In 		in;
+    NTC2_CFG_STRUCT 		preConfigSet;		/* flags mark values to change */
+    NTC2_CFG_STRUCT 		preConfigIn;		/* values to change */
+    int				p8 = FALSE;
+    int				p9 = FALSE;
+    int 			override = FALSE;	/* TRUE to override P required values */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    memset(&preConfigSet, 0, sizeof(NTC2_CFG_STRUCT));	/* default nothing to change */
+    memset(&preConfigIn, 0, sizeof(NTC2_CFG_STRUCT));   /* initialized to suppress false gcc -O3
+							   warning */
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	int inttmp;	/* for sccanf */
+	if (strcmp(argv[i],"-p8") == 0) {
+	    p8 = TRUE;
+	}
+	else if (strcmp(argv[i],"-p9") == 0) {
+	    p9 = TRUE;
+	}
+	else if (strcmp(argv[i],"-override") == 0) {
+	    override = TRUE;
+	}
+	else if (strcmp(argv[i],"-i2cLoc1_2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.i2cLoc1_2 = inttmp;
+		preConfigSet.i2cLoc1_2 = 1;
+	    }
+	    else {
+		printf("Missing parameter for -i2cLoc1_2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-i2cLoc3_4") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.i2cLoc3_4 = inttmp;
+		preConfigSet.i2cLoc3_4 = 1;
+	    }
+	    else {
+		printf("Missing parameter for -i2cLoc3_4\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-AltCfg") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.AltCfg = inttmp;
+		preConfigSet.AltCfg = 1;
+	    }
+	    else {
+		printf("Missing parameter for -AltCfg\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-Direction") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.Direction = inttmp;
+		preConfigSet.Direction = 1;
+	    }
+	    else {
+		printf("Missing parameter for -Direction\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-PullUp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.PullUp = inttmp;
+		preConfigSet.PullUp = 1;
+	    }
+	    else {
+		printf("Missing parameter for -PullUp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-PushPull") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.PushPull = inttmp;
+		preConfigSet.PushPull = 1;
+	    }
+	    else {
+		printf("Missing parameter for -PushPull\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_A") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_A = inttmp;
+		preConfigSet.CFG_A = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_A\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_B") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_B = inttmp;
+		preConfigSet.CFG_B = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_B\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_C") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_C = inttmp;
+		preConfigSet.CFG_C = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_C\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_D") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_D = inttmp;
+		preConfigSet.CFG_D = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_D\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_E") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_E = inttmp;
+		preConfigSet.CFG_E = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_E\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_F") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_F = inttmp;
+		preConfigSet.CFG_F = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_F\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_G") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_G = inttmp;
+		preConfigSet.CFG_G = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_G\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_H") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_H = inttmp;
+		preConfigSet.CFG_H = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_H\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_I") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_I = inttmp;
+		preConfigSet.CFG_I = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_I\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-CFG_J") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.CFG_J = inttmp;
+		preConfigSet.CFG_J = 1;
+	    }
+	    else {
+		printf("Missing parameter for -CFG_J\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-IsValid") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &inttmp);
+		preConfigIn.IsValid = inttmp;
+		preConfigSet.IsValid = 1;
+	    }
+	    else {
+		printf("Missing parameter for -IsValid\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (p8 && p9) {
+	printf("-p8 and -p9 cannot both be specified\n");
+	printUsage();
+    }
+     /* can't specify both hard coded and override */
+    if ((p8 || p9) && override) {
+	printf("\nCannot have both -override and -p8 or -p9\n");
+	printUsage();
+    }
+    /* must specify one of these options */
+    if (!(p8 || p9) && !override) {
+	printf("\nNeed either -p8, -p9, or -override\n");
+	printUsage();
+    }
+    /* if override, at least one of the registers must be specified */
+    if (override && 
+	!(preConfigSet.i2cLoc1_2 	||
+	  preConfigSet.i2cLoc3_4 	||
+	  preConfigSet.AltCfg  		||
+	  preConfigSet.Direction  	||
+	  preConfigSet.PullUp  		||
+	  preConfigSet.PushPull  	||
+	  preConfigSet.CFG_A  		||
+	  preConfigSet.CFG_B  		||
+	  preConfigSet.CFG_C  		||
+	  preConfigSet.CFG_D  		||
+	  preConfigSet.CFG_E  		||
+	  preConfigSet.CFG_F  		||
+	  preConfigSet.CFG_G  		||
+	  preConfigSet.CFG_H  		||
+	  preConfigSet.CFG_I  		||
+	  preConfigSet.CFG_J  		||
+	  preConfigSet.IsValid)) {
+	printf("\n-override requires at least one value to set\n");
+	printUsage();
+    }
+    /* if hard coded values, none of the registers can be specified */
+    if ((p8 || p9) && 
+	(preConfigSet.i2cLoc1_2 	||
+	 preConfigSet.i2cLoc3_4 	||
+	 preConfigSet.AltCfg  		||
+	 preConfigSet.Direction  	||
+	 preConfigSet.PullUp  		||
+	 preConfigSet.PushPull  	||
+	 preConfigSet.CFG_A  		||
+	 preConfigSet.CFG_B  		||
+	 preConfigSet.CFG_C  		||
+	 preConfigSet.CFG_D  		||
+	 preConfigSet.CFG_E  		||
+	 preConfigSet.CFG_F  		||
+	 preConfigSet.CFG_G  		||
+	 preConfigSet.CFG_H  		||
+	 preConfigSet.CFG_I  		||
+	 preConfigSet.CFG_J  		||
+	 preConfigSet.IsValid )) {
+	printf("\n-p8 and -p9  cannot specify a value to set\n");
+	printUsage();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* if overriding hard coded values, do read-modify-write */
+    if (override) {
+	/* call TSS NTC2_CC_GetConfig to read the current configuration parameters */
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out, 
+			     NULL,
+			     NULL,
+			     NTC2_CC_GetConfig,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    /* copy the existing read config to the new write config as the baseline values */
+	    in.preConfig = out.preConfig;
+	    /* merge values to change, from command line parameters */
+	    mergeConfig(&in.preConfig,	/* baseline on input, merged on output */
+			&preConfigIn,	/* values to merge */
+			&preConfigSet);	/* boolean, true to merge the value */
+	}
+    }
+    /* if setting System P required values */
+    if (p8 || p9) {
+	if (rc == 0) {
+	    requiredConfig(&in.preConfig, p9);
+	}
+    }
+    /* check that Nuvoton fixed values are in the correct state.  This is a sanity check for
+       -p8 or -p9, but a required test for override */
+    if (rc == 0) {
+	rc = fixedConfig(&in.preConfig);
+    }
+    /* call TSS to execute the NTC2_CC_PreConfig command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 NTC2_CC_PreConfig,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("ntc2preconfig: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("ntc2preconfig: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* fixedConfig() is a sanity check that the TPM is not being configured incorrectly.  Certain values
+   are fixed.
+
+   For -prequired, this is a simple consistency check on the required and fixed #define values
+   For -override, this is a validation of the user input
+*/
+
+static TPM_RC fixedConfig(NTC2_CFG_STRUCT *preConfig)
+{
+    if (preConfig->Direction != FIXED_Direction) {
+	printf("Direction is not the required value %02x\n", FIXED_Direction);
+	return TPM_RC_RANGE;
+    }
+    if (preConfig->PullUp != FIXED_PullUp) {
+	printf("PullUp is not the required value %02x\n", FIXED_PullUp);
+	return TPM_RC_RANGE;
+    }
+    if (preConfig->PushPull != FIXED_PushPull) {
+	printf("PushPull is not the required value %02x\n", FIXED_PushPull);
+	return TPM_RC_RANGE;
+    }
+    if (preConfig->CFG_F != FIXED_CFG_F) {
+	printf("CFG_F is not the required value %02x\n", FIXED_CFG_F);
+	return TPM_RC_RANGE;
+    }
+    if (preConfig->CFG_I != FIXED_CFG_I) {
+	printf("CFG_I is not the required value %02x\n", FIXED_CFG_I);
+	return TPM_RC_RANGE;
+    }
+    if (preConfig->CFG_J != FIXED_CFG_J) {
+	printf("CFG_J is not the required value %02x\n", FIXED_CFG_J);
+	return TPM_RC_RANGE;
+    }
+    if (preConfig->IsValid != FIXED_IsValid) {
+	printf("IsValid is not the required value %02x\n", FIXED_IsValid);
+	return TPM_RC_RANGE;
+    }
+    return 0;
+}
+
+/* mergeConfig() handles the read modify write setup.
+
+   preConfigIn are the new values
+   preConfigSet are booleans, true for the new values
+   preConfigOut at input are the current values, at output are the merged values
+*/
+
+static void mergeConfig(NTC2_CFG_STRUCT *preConfigOut,
+			const NTC2_CFG_STRUCT *preConfigIn,
+			const NTC2_CFG_STRUCT *preConfigSet)
+{
+    if (preConfigSet->i2cLoc1_2) {
+	preConfigOut->i2cLoc1_2 = preConfigIn->i2cLoc1_2;
+    }
+    if (preConfigSet->i2cLoc3_4) {
+	preConfigOut->i2cLoc3_4 = preConfigIn->i2cLoc3_4;
+    }
+    if (preConfigSet->AltCfg) {
+	preConfigOut->AltCfg = preConfigIn->AltCfg;
+    }
+    if (preConfigSet->Direction) {
+	preConfigOut->Direction = preConfigIn->Direction;
+    }
+    if (preConfigSet->PullUp) {
+	preConfigOut->PullUp = preConfigIn->PullUp;
+    }
+    if (preConfigSet->PushPull) {
+	preConfigOut->PushPull = preConfigIn->PushPull;
+    }
+    if (preConfigSet->CFG_A) {
+	preConfigOut->CFG_A = preConfigIn->CFG_A;
+    }
+    if (preConfigSet->CFG_B) {
+	preConfigOut->CFG_B = preConfigIn->CFG_B;
+    }
+    if (preConfigSet->CFG_C) {
+	preConfigOut->CFG_C = preConfigIn->CFG_C;
+    }
+    if (preConfigSet->CFG_D) {
+	preConfigOut->CFG_D = preConfigIn->CFG_D;
+    }
+    if (preConfigSet->CFG_E) {
+	preConfigOut->CFG_E = preConfigIn->CFG_E;
+    }
+    if (preConfigSet->CFG_F) {
+	preConfigOut->CFG_F = preConfigIn->CFG_F;
+    }
+    if (preConfigSet->CFG_G) {
+	preConfigOut->CFG_G = preConfigIn->CFG_G;
+    }
+    if (preConfigSet->CFG_H) {
+	preConfigOut->CFG_H = preConfigIn->CFG_H;
+    }
+    if (preConfigSet->CFG_I) {
+	preConfigOut->CFG_I = preConfigIn->CFG_I;
+    }
+    if (preConfigSet->CFG_J) {
+	preConfigOut->CFG_J = preConfigIn->CFG_J;
+    }
+    if (preConfigSet->IsValid) {
+	preConfigOut->IsValid = preConfigIn->IsValid;
+    }
+    return;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("ntc2preconfig\n");
+    printf("\n");
+    printf("Runs NTC2_PreConfig\n");
+    printf("\n");
+    printf("\t-p8 or -p9\tConfigure Nuvoton TPM for P8 or P9\n");
+    printf("\t-override\tpermits individual register values, read-modify-write\n");
+    printf("\n");
+    printf("Values to set, each is a hex byte, (default do not change)\n");
+    printf("\n");
+    printf("\t[-i2cLoc1_2\tbyte]\n");
+    printf("\t[-i2cLoc3_4\tbyte]\n");
+    printf("\t[-AltCfg\tbyte]\n");
+    printf("\t[-Direction\tbyte]\n");
+    printf("\t[-PullUp\tbyte]\n");
+    printf("\t[-PushPull\tbyte]\n");
+    printf("\t[-CFG_A\t\tbyte]\n");
+    printf("\t[-CFG_B\t\tbyte]\n");
+    printf("\t[-CFG_C\t\tbyte]\n");
+    printf("\t[-CFG_D\t\tbyte]\n");
+    printf("\t[-CFG_E\t\tbyte]\n");
+    printf("\t[-CFG_F\t\tbyte]\n");
+    printf("\t[-CFG_G\t\tbyte]\n");
+    printf("\t[-CFG_H\t\tbyte]\n");
+    printf("\t[-CFG_I\t\tbyte]\n");
+    printf("\t[-CFG_J\t\tbyte]\n");
+    printf("\t[-IsValid\tbyte]\n");
+    exit(1);
+}
+
+
+
diff --git a/utils/nvcertify.c b/utils/nvcertify.c
new file mode 100644
index 000000000..9b5ef5193
--- /dev/null
+++ b/utils/nvcertify.c
@@ -0,0 +1,449 @@
+/********************************************************************************/
+/*										*/
+/*			    NV_Certify						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_Certify_In 		in;
+    NV_Certify_Out 		out;
+    TPMI_DH_OBJECT		signHandle = 0;
+    const char			*keyPassword = NULL; 
+    char 			hierarchyAuthChar = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    uint16_t 			size = 0;
+    uint16_t 			offset = 0;			/* default 0 */
+    TPMS_ATTEST 		tpmsAttest;
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*certifyDataFilename = NULL;
+    TPM_ALG_ID			sigAlg = TPM_ALG_RSA;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    sigAlg = TPM_ALG_RSA;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    sigAlg = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    sigAlg = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sz") == 0) {
+	    i++;
+	    if (i < argc) {
+		size = atoi(argv[i]);
+	    }
+	    else {
+		printf("-sz option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-od") == 0) {
+	    i++;
+	    if (i < argc) {
+		certifyDataFilename = argv[i];
+	    }
+	    else {
+		printf("-od option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* certifying key */
+    if (signHandle == 0) {
+	printf("Missing sign handle parameter -hk\n");
+	printUsage();
+    }
+    /* Authorization handle */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;  
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;  
+	}
+	else if (hierarchyAuthChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("\n");
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.signHandle = signHandle;
+	in.nvIndex = nvIndex;
+	in.qualifyingData.t.size = 0;
+	if (sigAlg == TPM_ALG_RSA) {
+	    /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	    in.inScheme.scheme = TPM_ALG_RSASSA;	
+	    /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	    /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else if (sigAlg == TPM_ALG_ECDSA) {
+	    in.inScheme.scheme = TPM_ALG_ECDSA;	
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+	else {	/* HMAC */
+	    in.inScheme.scheme = TPM_ALG_HMAC;	
+	    in.inScheme.details.hmac.hashAlg = halg;
+	}
+	in.size = size;
+	in.offset = offset;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_Certify,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, nvPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData,
+				      out.certifyInfo.t.size,
+				      attestInfoFilename);
+    }
+    /* unmarshal the TPM2B_ATTEST output to a TPMS_ATTEST structure */
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.certifyInfo.t.attestationData;
+	uint32_t tmpSize = out.certifyInfo.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    if ((rc == 0) && (certifyDataFilename != NULL)) {
+	/* TPMS_NV_DIGEST_CERTIFY_INFO */
+	if ((offset == 0) && (size == 0)) {
+	    rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.nvDigest.nvDigest.t.buffer,
+					  tpmsAttest.attested.nvDigest.nvDigest.t.size,
+					  certifyDataFilename);
+	}
+	/* TPMS_NV_CERTIFY_INFO */
+	else {
+	    rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.nv.nvContents.t.buffer,
+					  tpmsAttest.attested.nv.nvContents.t.size,
+					  certifyDataFilename);
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("nvcertify: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvcertify: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvcertify\n");
+    printf("\n");
+    printf("Runs TPM2_NV_Certify\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdn\tpassword for NV index (default empty)]\n");
+    printf("\t-hk\tcertifying key handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n");
+    printf("\t-sz\tdata size\n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\t[-os\tsignature file name  (default do not save)]\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\t[-od\tcertified data file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/nvchangeauth.c b/utils/nvchangeauth.c
new file mode 100644
index 000000000..e2244ac4a
--- /dev/null
+++ b/utils/nvchangeauth.c
@@ -0,0 +1,255 @@
+/********************************************************************************/
+/*										*/
+/*			    NV_ChangeAuth	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_ChangeAuth_In 		in;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*password = NULL; 
+    const char			*newPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		password = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		newPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+    }
+    /* convert password string to TPM2B */
+    if (rc == 0) {
+	if (newPassword == NULL) {
+	    in.newAuth.t.size = 0;
+	}
+	else {
+	    rc = TSS_TPM2B_StringCopy(&in.newAuth.b,
+				      newPassword, sizeof(in.newAuth.t.buffer));
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_ChangeAuth,
+			 sessionHandle0, password, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvchangeauth: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvchangeauth: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvchangeauth\n");
+    printf("\n");
+    printf("Runs TPM2_NV_ChangeAuth\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdo\tpassword (default empty)\n");
+    printf("\t-pwdn\tnew password (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/nvdefinespace.c b/utils/nvdefinespace.c
new file mode 100644
index 000000000..34e158664
--- /dev/null
+++ b/utils/nvdefinespace.c
@@ -0,0 +1,591 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Define Space	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+#define TPMA_NVA_CLEAR_STCLEAR	0x08000000
+
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_DefineSpace_In 		in;
+    char 			hierarchyChar = 0;
+    char 			hierarchyAuthChar = '\0';
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    unsigned int		hashSize = SHA256_DIGEST_SIZE;
+    char 			typeChar = 'o';
+    unsigned int		typeCount = 0;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    uint16_t 			dataSize = 0;
+    TPMA_NV			nvAttributes;	  	/* final attributes to command */
+    TPMA_NV			setAttributes;		/* attributes to add to defaults*/
+    TPMA_NV			clearAttributes;	/* attributes to subtract from defaults */
+    const char			*policyFilename = NULL;
+    const char			*nvPassword = NULL; 
+    const char			*parentPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* nvAttributes first accumumates attributes that are default side effects of other arguments.
+       E.g., specifying a policy sets POLICYWRITE and POLICYREAD.  After all arguments are
+       processed, setAttributes and clearAttributes may optional fine tune the attributes. E.g.,
+       POLICYWRITE can be cleared. */
+
+    /* default values */
+    nvAttributes.val = 0;
+    setAttributes.val = TPMA_NVA_NO_DA;
+    clearAttributes.val = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hia") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyAuthChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hia\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		    hashSize = SHA1_DIGEST_SIZE;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		    hashSize = SHA256_DIGEST_SIZE;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		    hashSize = SHA384_DIGEST_SIZE;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		    hashSize = SHA512_DIGEST_SIZE;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pol") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyFilename = argv[i];
+	    }
+	    else {
+		printf("-pol option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sz") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataSize = atoi(argv[i]);
+	    }
+	    else {
+		printf("-sz option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ty") == 0) {
+	    i++;
+	    if (i < argc) {
+		typeChar = argv[i][0];
+		typeCount++;
+	    }
+	    else {
+		printf("-ty option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "+at") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i], "wd")  == 0) {
+		    setAttributes.val |= TPMA_NVA_WRITEDEFINE;
+		}
+		else if (strcmp(argv[i], "wst") == 0) {
+		    setAttributes.val |= TPMA_NVA_WRITE_STCLEAR;
+		}
+		else if (strcmp(argv[i], "gl") == 0) {
+		    setAttributes.val |= TPMA_NVA_GLOBALLOCK;
+		}
+		else if (strcmp(argv[i], "rst") == 0) {
+		    setAttributes.val |= TPMA_NVA_READ_STCLEAR;
+		}
+		else if (strcmp(argv[i], "pold") == 0) {
+		    setAttributes.val |= TPMA_NVA_POLICY_DELETE;
+		}
+		else if (strcmp(argv[i], "stc") == 0) {
+		    setAttributes.val |= TPMA_NVA_CLEAR_STCLEAR;
+		}
+		else if (strcmp(argv[i], "ody") == 0) {
+		    setAttributes.val |= TPMA_NVA_ORDERLY;
+		}
+		else if (strcmp(argv[i], "ppw") == 0) {
+		    setAttributes.val |= TPMA_NVA_PPWRITE;
+		}
+		else if (strcmp(argv[i], "ppr") == 0) {
+		    setAttributes.val |= TPMA_NVA_PPREAD;
+		}
+		else if (strcmp(argv[i], "ow") == 0) {
+		    setAttributes.val |= TPMA_NVA_OWNERWRITE;
+		}
+		else if (strcmp(argv[i], "or") == 0) {
+		    setAttributes.val |= TPMA_NVA_OWNERREAD;
+		}
+		else if (strcmp(argv[i], "aw") == 0) {
+		    setAttributes.val |= TPMA_NVA_AUTHWRITE;
+		}
+		else if (strcmp(argv[i], "ar") == 0) {
+		    setAttributes.val |= TPMA_NVA_AUTHREAD;
+		}
+		else if (strcmp(argv[i], "wa") == 0) {
+		    setAttributes.val |= TPMA_NVA_WRITEALL;
+		}
+		else {
+		    printf("Bad parameter %s for +at\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for +at\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-at") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i], "da") == 0) {
+		    clearAttributes.val |= TPMA_NVA_NO_DA;
+		}
+		else if (strcmp(argv[i], "ppw") == 0) {
+		    clearAttributes.val |= TPMA_NVA_PPWRITE;
+		}
+		else if (strcmp(argv[i], "ppr") == 0) {
+		    clearAttributes.val |= TPMA_NVA_PPREAD;
+		}
+		else if (strcmp(argv[i], "ow") == 0) {
+		    clearAttributes.val |= TPMA_NVA_OWNERWRITE;
+		}
+		else if (strcmp(argv[i], "or") == 0) {
+		    clearAttributes.val |= TPMA_NVA_OWNERREAD;
+		}
+		else if (strcmp(argv[i], "aw") == 0) {
+		    clearAttributes.val |= TPMA_NVA_AUTHWRITE;
+		}
+		else if (strcmp(argv[i], "ar") == 0) {
+		    clearAttributes.val |= TPMA_NVA_AUTHREAD;
+		}
+		else if (strcmp(argv[i], "pw") == 0) {
+		    clearAttributes.val |= TPMA_NVA_POLICYWRITE;
+		}
+		else if (strcmp(argv[i], "pr") == 0) {
+		    clearAttributes.val |= TPMA_NVA_POLICYREAD;
+		}
+		else {
+		    printf("Bad parameter %s for -at\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -at\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (typeCount > 1) {
+	printf("-ty can only be specified once\n");
+	printUsage();
+    }
+    /* Authorization attributes */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    nvAttributes.val |= TPMA_NVA_OWNERWRITE | TPMA_NVA_OWNERREAD;
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    nvAttributes.val |= TPMA_NVA_PPWRITE | TPMA_NVA_PPREAD;
+	}
+	else if (hierarchyAuthChar == '\0') {
+	    nvAttributes.val |= TPMA_NVA_AUTHWRITE | TPMA_NVA_AUTHREAD;
+	}
+	else {
+	    printf("-hia has bad parameter\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (hierarchyChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	    nvAttributes.val |= TPMA_NVA_PLATFORMCREATE;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	switch (typeChar) {
+	  case 'o':
+	    nvAttributes.val |= TPMA_NVA_ORDINARY;
+	    break;
+	  case 'c':
+	    nvAttributes.val |= TPMA_NVA_COUNTER;
+	    dataSize = 8;
+	    break;
+	  case 'b':
+	    nvAttributes.val |= TPMA_NVA_BITS;
+	    dataSize = 8;
+	    break;
+	  case 'e':
+	    nvAttributes.val |= TPMA_NVA_EXTEND;
+	    dataSize = hashSize;
+	    break;
+	  case 'p':
+	    nvAttributes.val |= TPMA_NVA_PIN_PASS;
+	    dataSize = 8;
+	    break;
+	  case 'f':
+	    nvAttributes.val |= TPMA_NVA_PIN_FAIL;
+	    dataSize = 8;
+	    break;
+	  default:
+	    printf("Illegal -ty\n");
+	    printUsage();
+	}
+    }	
+    /* Table 75 - Definition of Types for TPM2B_AUTH */
+    if (rc == 0) {
+	if (nvPassword == NULL) {
+	    in.auth.b.size = 0;
+	}
+	/* if there was a password specified, permit index authorization */
+	else {
+	    /* PIN index cannot use index AUTHWRITE authorization */
+	    if (((nvAttributes.val & TPMA_NVA_TPM_NT_MASK) != TPMA_NVA_PIN_FAIL) &&
+		((nvAttributes.val & TPMA_NVA_TPM_NT_MASK) != TPMA_NVA_PIN_PASS)) {
+		nvAttributes.val |= TPMA_NVA_AUTHWRITE;
+	    }
+	    nvAttributes.val |= TPMA_NVA_AUTHREAD;
+	    rc = TSS_TPM2B_StringCopy(&in.auth.b,
+				      nvPassword, sizeof(in.auth.t.buffer));
+	}
+    }
+    /* optional authorization policy */
+    if (rc == 0) {
+	if (policyFilename != NULL) {
+	    if (rc == 0) {
+		nvAttributes.val |= TPMA_NVA_POLICYWRITE | TPMA_NVA_POLICYREAD;
+		rc = TSS_File_Read2B(&in.publicInfo.nvPublic.authPolicy.b,
+				     sizeof(in.publicInfo.nvPublic.authPolicy.t.buffer),
+				     policyFilename);
+	    }
+	    /* sanity check that the size of the policy hash matches the name algorithm */
+	    if (rc == 0) {
+		if (in.publicInfo.nvPublic.authPolicy.b.size != hashSize) {
+		    printf("Policy size %u does not match name algorithm %u\n",
+			   in.publicInfo.nvPublic.authPolicy.b.size, hashSize);
+		    rc = TPM_RC_POLICY;
+		}
+	    }
+	}
+	else {
+	    in.publicInfo.nvPublic.authPolicy.t.size = 0;	/* default empty policy */
+	}
+    }
+    /* Table 197 - Definition of TPM2B_NV_PUBLIC Structure publicInfo */
+    /* Table 196 - Definition of TPMS_NV_PUBLIC Structure nvPublic */
+    if (rc == 0) {
+	in.publicInfo.nvPublic.nvIndex = nvIndex;	/* the handle of the data area */
+	in.publicInfo.nvPublic.nameAlg = nalg;		/* hash algorithm used to compute the name
+							   of the Index and used for the
+							   authPolicy */
+	in.publicInfo.nvPublic.attributes = nvAttributes;	/* the default Index attributes */
+	/* additional set attributes */
+	in.publicInfo.nvPublic.attributes.val |= setAttributes.val;
+	/* clear attributes */
+	in.publicInfo.nvPublic.attributes.val &= ~(clearAttributes.val);
+	in.publicInfo.nvPublic.dataSize = dataSize;	/* the size of the data area */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_DefineSpace,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("nvdefinespace: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvdefinespace: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvdefinespace\n");
+    printf("\n");
+    printf("Runs TPM2_NV_DefineSpace\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t\t01xxxxxx\n");
+    printf("\t-hi\tauthorizing hierarchy (o, p)\n");
+    printf("\t\to owner, p platform\n");
+    printf("\t\tp sets PLATFORMCREATE\n");
+    printf("\t[-pwdp\tpassword for hierarchy (default empty)]\n");
+    printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n");
+    printf("\n");
+    printf("\t\tdefault  AUTHWRITE, AUTHREAD\n");
+    printf("\t\to sets  OWNERWRITE, OWNERREAD\n");
+    printf("\t\tp sets  PPWRITE, PPREAD (platform)\n");
+    printf("\n");
+    printf("\t[-pwdn\tpassword for NV index (default empty)]\n");
+    printf("\t\tsets AUTHWRITE (if not PIN index), AUTHREAD\n");
+    printf("\t[-nalg\tname algorithm (sha1, sha256, sha384 sha512) (default sha256)]\n");
+    printf("\t[-sz\tdata size in decimal (default 0)]\n");
+    printf("\t\tIgnored for other than ordinary index\n");
+    printf("\t[-ty\tindex type (o, c, b, e, p, f) (default ordinary)]\n");
+    printf("\t\tordinary, counter, bits, extend, pin pass, pin fail\n");
+    printf("\t[-pol\tpolicy file (default empty)]\n");
+    printf("\t\tsets POLICYWRITE, POLICYREAD\n");
+    printf("\t[+at\tattributes to add (may be specified more than once)]\n");
+    printf("\n");
+    printf("\t\tppw   (PPWRITE)\t\tppr (PPREAD) \n");
+    printf("\t\tow    (OWNERWRITE)\tor  (OWNERREAD) \n");
+    printf("\t\taw    (AUTHWRITE)\tar  (AUTHREAD) \n");
+    printf("\t\twd    (WRITEDEFINE)\tgl  (GLOBALLOCK) \n");
+    printf("\t\trst   (READ_STCLEAR)\twst (WRITE_STCLEAR) \n");
+    printf("\t\twa    (WRITEALL)\tody (ORDERLY) \n");
+    printf("\t\tpold  (POLICY_DELETE) \tstc (CLEAR_STCLEAR) \n");
+    printf("\n");
+    printf("\t[-at\tattributes to delete (may be specified more than once)]\n");
+    printf("\n");
+    printf("\t\tppw   (PPWRITE)\t\tppr (PPREAD)\n");
+    printf("\t\tow    (OWNERWRITE)\tor  (OWNERREAD)\n");
+    printf("\t\taw    (AUTHWRITE)\tar  (AUTHREAD)\n");
+    printf("\t\tpw    (POLICYWRITE)\tpr  (POLICYREAD)\n");
+    printf("\t\tda    (NO_DA) (default set)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/nvextend.c b/utils/nvextend.c
new file mode 100644
index 000000000..ce9943984
--- /dev/null
+++ b/utils/nvextend.c
@@ -0,0 +1,274 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Extend		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_Extend_In 		in;
+    const char 			*data = NULL;
+    const char 			*datafilename = NULL;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		data = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if ((data == NULL) && (datafilename == NULL)) {
+	printf("Data string or data file must be specified\n");
+	printUsage();
+    }
+    if ((data != NULL) && (datafilename != NULL)) {
+	printf("Data string and data file cannot both be specified\n");
+	printUsage();
+    }
+    if ((rc == 0) && (data != NULL)) {
+	rc = TSS_TPM2B_StringCopy(&in.data.b,
+				  data, sizeof(in.data.t.buffer));
+	
+    }
+    if ((rc == 0) && (datafilename != NULL)) {
+	rc = TSS_File_Read2B(&in.data.b,
+			     sizeof(in.data.t.buffer),
+			     datafilename);
+    }
+    if (rc == 0) {
+	in.authHandle = nvIndex;
+	in.nvIndex = nvIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_Extend,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvextend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvextend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvextend\n");
+    printf("\n");
+    printf("Runs TPM2_NV_Extend\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdn\tpassword for NV index (default empty)\n");
+    printf("\t-ic\tdata string\n");
+    printf("\t-if\tdata file\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvglobalwritelock.c b/utils/nvglobalwritelock.c
new file mode 100644
index 000000000..2a737ec5e
--- /dev/null
+++ b/utils/nvglobalwritelock.c
@@ -0,0 +1,237 @@
+/********************************************************************************/
+/*										*/
+/*			    NV GlobalWriteLock	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_GlobalWriteLock_In 	in;
+    char 			hierarchyAuthChar = 0;
+    const char			*password = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hia") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyAuthChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hia\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		password = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Authorization handle */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;  
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;  
+	}
+	else {
+	    printf("\n");
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_GlobalWriteLock,
+			 sessionHandle0, password, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvglobalwritelock: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvglobalwritelock: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvglobalwritelock\n");
+    printf("\n");
+    printf("Runs TPM2_NV_GlobalWriteLock\n");
+    printf("\n");
+    printf("\t-hia\thierarchy authorization (o, p)\n");
+    printf("\t[-pwd\tauthorization password (default empty)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvincrement.c b/utils/nvincrement.c
new file mode 100644
index 000000000..84889930b
--- /dev/null
+++ b/utils/nvincrement.c
@@ -0,0 +1,233 @@
+/********************************************************************************/
+/*										*/
+/*			    NV_Increment	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_Increment_In 		in;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.authHandle = nvIndex;
+	in.nvIndex = nvIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_Increment,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    { 
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvincrement: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvincrement: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvincrement\n");
+    printf("\n");
+    printf("Runs TPM2_NV_Increment\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdn\tpassword for NV index (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvread.c b/utils/nvread.c
new file mode 100644
index 000000000..34eebf896
--- /dev/null
+++ b/utils/nvread.c
@@ -0,0 +1,483 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Read		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include "ekutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_Read_In 			in;
+    NV_Read_Out			out;
+    uint16_t 			offset = 0;			/* default 0 */
+    uint16_t 			readLength = 0;			/* bytes to read */
+    int 			ireadLength = 0;		/* bytes to read as integer */
+    int 			cert = FALSE;			/* boolean, read certificate */
+    const char			*certificateFilename = NULL;
+    int				readLengthSet = FALSE;
+    char 			hierarchyAuthChar = 0;
+    const char 			*datafilename = NULL;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    uint32_t 			pinCount = 0;	/* these two initialized to suppress falose gcc -O3
+						   warnings */
+    uint32_t 			pinLimit = 0;
+    int				inData = FALSE;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    unsigned char 		*readBuffer = NULL; 
+    uint32_t 			nvBufferMax;
+    uint16_t 			bytesRead;			/* bytes read so far */
+    int				done = FALSE;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hia") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyAuthChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hia\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sz") == 0) {
+	    i++;
+	    if (i < argc) {
+		ireadLength = atoi(argv[i]);
+		readLengthSet  = TRUE;
+	    }
+	    else {
+		printf("-sz option needs a value\n");
+		printUsage();
+	    }
+	    if ((ireadLength >= 0) && (ireadLength <= 0xffff)) {
+		readLength = (uint16_t)ireadLength;
+	    }
+	    else {
+		printf("-sz %d out of range\n", ireadLength);
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-cert",argv[i])) {
+	    cert = TRUE;
+	}
+	else if (strcmp(argv[i],"-ocert") == 0) {
+	    i++;
+	    if (i < argc) {
+		certificateFilename = argv[i];
+	    }
+	    else {
+		printf("-ocert option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-id")  == 0) {
+	    i++;
+	    if (i < argc) {
+		pinCount = atoi(argv[i]);
+		i++;
+		if (i < argc) {
+		    pinLimit = atoi(argv[i]);
+		    inData = TRUE;
+		}
+		else {
+		    printf("-id option needs two values\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-id option needs two values\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    /* Authorization handle */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;  
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;  
+	}
+	else if (hierarchyAuthChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("\n");
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* Determine the readLength from the NV index type.  This is just for the utility.  An
+       application would already know the index type. */
+    if (!readLengthSet) {	/* if caller specifies a read length, use it */
+	NV_ReadPublic_In 		in;
+	NV_ReadPublic_Out		out;
+	if (rc == 0) {
+	    in.nvIndex = nvIndex;
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_NV_ReadPublic,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    TPMI_ALG_HASH nameAlg;
+	    uint32_t nvType = (out.nvPublic.nvPublic.attributes.val & TPMA_NVA_TPM_NT_MASK) >> 4;
+	    switch (nvType) {
+	      case TPM_NT_ORDINARY:
+		readLength = out.nvPublic.nvPublic.dataSize;
+		break;
+	      case TPM_NT_COUNTER:
+	      case TPM_NT_BITS:
+	      case TPM_NT_PIN_FAIL:
+	      case TPM_NT_PIN_PASS:
+		readLength = 8;
+		break;
+	      case TPM_NT_EXTEND:
+		nameAlg = out.nvPublic.nvPublic.nameAlg;
+		readLength = TSS_GetDigestSize(nameAlg);
+		break;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (readLength > 0) {	
+	    readBuffer = malloc(readLength);		/* freed @1 */
+	    if (readBuffer == NULL) {
+		printf("Cannot malloc %u bytes for read buffer\n", readLength);
+		exit(1);	
+	    }
+	}
+	else {
+	    readBuffer = NULL;
+	}
+    }
+    if ((rc == 0) && inData) {
+	if (readLength != 8) {
+	    printf("-id needs read length 8, is %u\n", readLength);
+	    exit(1);	
+	}
+    }
+    /* data may have to be read in chunks.  Read the TPM_PT_NV_BUFFER_MAX, the chunk size */
+    if (rc == 0) {
+	rc = readNvBufferMax(tssContext,
+			     &nvBufferMax);
+    }    
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+	in.offset = offset;	/* start at supplied offset */
+	bytesRead = 0;		/* bytes read so far */
+    }
+    /* call TSS to execute the command */
+    while ((rc == 0) && !done) {
+	if (rc == 0) {
+	    /* read a chunk */
+	    in.offset = offset + bytesRead;
+	    if ((uint32_t)(readLength - bytesRead) < nvBufferMax) {
+		in.size = readLength - bytesRead;	/* last chunk */
+	    }
+	    else {
+		in.size = nvBufferMax;		/* next chunk */
+	    }
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) printf("nvread: reading %u bytes\n", in.size);
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_NV_Read,
+			     sessionHandle0, nvPassword, sessionAttributes0,
+			     sessionHandle1, NULL, sessionAttributes1,
+			     sessionHandle2, NULL, sessionAttributes2,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	/* copy the results to the read buffer */
+	if ((rc == 0) && (readBuffer != NULL)) {	/* check to handle 0 size read */
+	    memcpy(readBuffer + bytesRead, out.data.b.buffer, out.data.b.size);
+	}
+	if (rc == 0) {
+	    bytesRead += out.data.b.size;
+	    if (bytesRead == readLength) {
+		done = TRUE;
+	    }
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (datafilename != NULL) && (readBuffer != NULL)) {
+	rc = TSS_File_WriteBinaryFile(readBuffer, readLength, datafilename);
+    }
+    if (rc == 0) {
+	/* if not tracing the certificate, trace the result */
+	if (!cert) {
+	    if (tssUtilsVerbose) printf("nvread: success\n");
+	    TSS_PrintAll("nvread: data", readBuffer, readLength);
+	}
+	if (cert || (certificateFilename != NULL)) {
+	    void *x509Certificate = NULL;	/* opaque structure */
+	    /* convert the DER stream to crypto library structure */
+	    rc = convertDerToX509(&x509Certificate,	/* freed @2 */
+				  readLength,
+				  readBuffer);
+	    /* if cert, trace the certificate using openssl print function */
+	    if ((rc == 0) && cert) {
+		x509PrintStructure(x509Certificate);
+	    }
+	    /* if a file name was specified, write the certificate in PEM format */
+	    if ((rc == 0) && (certificateFilename != NULL)) {
+		rc = convertX509ToPem(certificateFilename,
+				      x509Certificate);
+	    }
+	    x509FreeStructure(x509Certificate);   	/* @2 */
+	}
+    }
+    /* PIN index regression test aid, compare expected to actual */
+    if (rc == 0) {
+	if (inData) {
+	    uint32_t tmpSize = 8;		/* readLength was checked previously */
+	    uint8_t *tmpBuffer = readBuffer;
+	    uint32_t actual;		/* data comes off TPM big endian (nbo) */
+
+	    TSS_UINT32_Unmarshalu(&actual, &tmpBuffer, &tmpSize);
+	    if (pinCount != actual) {
+		printf("Error: Expected pinCount %u Actual %u\n", pinCount, actual);
+		rc = TSS_RC_BAD_READ_VALUE;
+	    }
+	    TSS_UINT32_Unmarshalu(&actual, &tmpBuffer, &tmpSize);
+	    if (pinLimit != actual) {
+		printf("Error: Expected pinLimit %u Actual %u\n", pinLimit, actual);
+		rc = TSS_RC_BAD_READ_VALUE;
+	    }
+	}
+    }
+    if (rc != 0) {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvread: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(readBuffer);	/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvread\n");
+    printf("\n");
+    printf("Runs TPM2_NV_Read\n");
+    printf("\n");
+    printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdn\tpassword for NV index (default empty)]\n");
+    printf("\t[-sz\tdata size (default to size of index)]\n");
+    printf("\t\tcounter, bits, pin read 8 bytes, extend reads based on hash algorithm\n");
+    printf("\t[-cert\tdumps the certificate\n");
+    printf("\t01c00002\tRSA EK certificate\n");
+    printf("\t01c0000a\tECC EK certificate\n");
+    printf("\t[-ocert\t certificate file name, writes in PEM format\n");
+    printf("\t[-off\t offset (default 0)]\n");
+    printf("\t[-of\t data file (default do not save)]\n");
+    printf("\t[-id\tdata values for pinCount and pinLimit verification, (4 bytes each)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/nvreadlock.c b/utils/nvreadlock.c
new file mode 100644
index 000000000..94e7f3ff2
--- /dev/null
+++ b/utils/nvreadlock.c
@@ -0,0 +1,260 @@
+/********************************************************************************/
+/*										*/
+/*			    NV ReadLock	 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: nvreadlock.c 1290 2018-08-01 14:45:24Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_ReadLock_In 		in;
+    char 			hierarchyAuthChar = 0;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hia") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyAuthChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hia\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    /* Authorization handle */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;  
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;  
+	}
+	else if (hierarchyAuthChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_ReadLock,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvreadlock: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvreadlock: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvreadlock\n");
+    printf("\n");
+    printf("Runs TPM2_NV_ReadLock\n");
+    printf("\n");
+    printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdn\tpassword for NV index (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvreadpublic.c b/utils/nvreadpublic.c
new file mode 100644
index 000000000..3fba9bc55
--- /dev/null
+++ b/utils/nvreadpublic.c
@@ -0,0 +1,351 @@
+/********************************************************************************/
+/*										*/
+/*			    NV ReadPublic					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* for endian conversion */
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscrypto.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_ReadPublic_In 		in;
+    NV_ReadPublic_Out		out;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    TPMI_ALG_HASH		nalg = TPM_ALG_NULL;
+    TPMI_ALG_HASH 		nameHashAlg;
+    const char			*nvPublicFilename = NULL;
+    const char			*nameFilename = NULL;
+    int				noSpace = FALSE;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opu") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPublicFilename = argv[i];
+	    }
+	    else {
+		printf("-opu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-on") == 0) {
+	    i++;
+	    if (i < argc) {
+		nameFilename = argv[i];
+	    }
+	    else {
+		printf("-on option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_ReadPublic,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* NOTE: The caller validates the result to the extent that it does not trust the NV index to be
+       defined properly */
+    
+    /* Table 197 - Definition of TPM2B_NV_PUBLIC Structure - nvPublic*/
+    /* Table 196 - Definition of TPMS_NV_PUBLIC Structure */
+    /* Table 83 - Definition of TPM2B_NAME Structure t */
+
+    /* TPMS_NV_PUBLIC hash alg vs expected */
+    if (rc == 0) {
+	if ((nalg != TPM_ALG_NULL) && (out.nvPublic.nvPublic.nameAlg != nalg)) {
+	    printf("nvreadpublic: TPM2B_NV_PUBLIC hash algorithm does not match expected\n");
+	    rc = TSS_RC_MALFORMED_NV_PUBLIC;
+	}
+    }
+    /* TPM2B_NAME hash algorithm vs expected */
+    if (rc == 0) {
+	uint16_t tmp16;
+	memcpy(&tmp16, out.nvName.t.name, sizeof(uint16_t));
+	/* nameHashAlg = ntohs(*(TPMI_ALG_HASH *)(out.nvName.t.name)); */
+	nameHashAlg = ntohs(tmp16);
+	if ((nalg != TPM_ALG_NULL) && (nameHashAlg != nalg)) {
+	    printf("nvreadpublic: TPM2B_NAME hash algorithm does not match expected\n");
+	    rc = TSS_RC_MALFORMED_NV_PUBLIC;
+	}
+    }
+    /* TPMS_NV_PUBLIC index vs expected */
+    if (rc == 0) {
+	if (out.nvPublic.nvPublic.nvIndex != in.nvIndex) {
+	    printf("nvreadpublic: TPM2B_NV_PUBLIC index does not match expected\n");
+	    rc = TSS_RC_MALFORMED_NV_PUBLIC;
+	}
+    }
+    /* save the public key */
+    if ((rc == 0) && (nvPublicFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.nvPublic,
+				     (MarshalFunction_t)TSS_TPM2B_NV_PUBLIC_Marshal,
+				     nvPublicFilename);
+    }
+    /* save the Name */
+    if ((rc == 0) && (nameFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.nvName.b.buffer,
+				      out.nvName.b.size,
+				      nameFilename);
+    }
+    if (rc == 0) {
+	printf("nvreadpublic: name algorithm %04x\n", out.nvPublic.nvPublic.nameAlg);
+	printf("nvreadpublic: data size %u\n", out.nvPublic.nvPublic.dataSize);
+	printf("nvreadpublic: attributes %08x\n", out.nvPublic.nvPublic.attributes.val);
+	TSS_TPMA_NV_Print(out.nvPublic.nvPublic.attributes, 0);
+	TSS_PrintAll("nvreadpublic: policy",
+		     out.nvPublic.nvPublic.authPolicy.t.buffer,
+		     out.nvPublic.nvPublic.authPolicy.t.size);
+	TSS_PrintAll("nvreadpublic: name",
+		     out.nvName.t.name, out.nvName.t.size);
+	if (noSpace) {
+	    unsigned int b;
+	    for (b = 0 ; b < out.nvName.t.size ; b++) {
+		printf("%02x", out.nvName.t.name[b]);
+	    }
+	    printf("\n");
+	}
+	if (tssUtilsVerbose) printf("nvreadpublic: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvreadpublic: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvreadpublic\n");
+    printf("\n");
+    printf("Runs TPM2_NV_ReadPublic\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-nalg\texpected name hash algorithm (sha1, sha256, sha384 sha512)\n"
+	   "\t\t(default no check)]\n");
+    printf("\t[-opu\tNV public file name (default do not save)]\n");
+    printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n");
+    printf("\t[-on\tbinary format Name file name]\n");
+    printf("\t\tUseful to paste into policy\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t40\tresponse encrypt\n");
+    printf("\t80\taudit\n");
+    exit(1);	
+}
diff --git a/utils/nvsetbits.c b/utils/nvsetbits.c
new file mode 100644
index 000000000..a13d5c410
--- /dev/null
+++ b/utils/nvsetbits.c
@@ -0,0 +1,254 @@
+/********************************************************************************/
+/*										*/
+/*			    NV SetBits		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_SetBits_In 		in;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    in.bits = 0;	/* default no bits */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-bit") == 0) {
+	    unsigned int bit;
+	    i++;
+	    if (i < argc) {
+		bit = atoi(argv[i]);
+		if (bit < 64) {
+		    in.bits |= (uint64_t)1 << bit;
+		}
+		else {
+		    printf("-bit out of range\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-bit option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.authHandle = nvIndex;
+	in.nvIndex = nvIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_SetBits,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvsetbits: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvsetbits: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvsetbits\n");
+    printf("\n");
+    printf("Runs TPM2_NV_SetBits\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdn\tpassword for NV index (default empty)\n");
+    printf("\t-bit\tbit to set, can be specified multiple times\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvundefinespace.c b/utils/nvundefinespace.c
new file mode 100644
index 000000000..32071dfc8
--- /dev/null
+++ b/utils/nvundefinespace.c
@@ -0,0 +1,258 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Undefine Space	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_UndefineSpace_In 	in;
+    char 			hierarchyChar = 0;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*parentPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;	/* the NV Index to remove from NV space */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_UndefineSpace,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvundefinespace: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvundefinespace: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvundefinespace\n");
+    printf("\n");
+    printf("Runs TPM2_NV_UndefineSpace\n");
+    printf("\n");
+    printf("\t-hi\thierarchy (o, p)\n");
+    printf("\t\to owner, p platform\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdp\tpassword for hierarchy (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvundefinespacespecial.c b/utils/nvundefinespacespecial.c
new file mode 100644
index 000000000..408799eb7
--- /dev/null
+++ b/utils/nvundefinespacespecial.c
@@ -0,0 +1,244 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Undefine Space Special 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_UndefineSpaceSpecial_In 	in;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    const char			*platformPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RS_PW;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		platformPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.platform = TPM_RH_PLATFORM;
+	in.nvIndex = nvIndex;	/* the NV Index to remove from NV space */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_UndefineSpaceSpecial,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 sessionHandle1, platformPassword, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvundefinespacespecial: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvundefinespacespecial: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvundefinespacespecial\n");
+    printf("\n");
+    printf("Runs TPM2_NV_UndefineSpaceSpecial\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdp\tpassword for platform (default empty)]\n");
+    printf("\t[-pwdn\tpassword for NV index (default empty)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvwrite.c b/utils/nvwrite.c
new file mode 100644
index 000000000..0d508a6a5
--- /dev/null
+++ b/utils/nvwrite.c
@@ -0,0 +1,415 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Write		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include "ekutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_Write_In 		in;
+    uint16_t 			offset = 0;			/* default 0 */
+    uint32_t 			pinPass = 0;	/* these two initialized to suppress falose gcc -O3
+						   warnings */
+    uint32_t 			pinLimit = 0;
+    int				inData = FALSE;
+    unsigned int		dataSource = 0;
+    const char 			*commandData = NULL;
+    const char 			*datafilename = NULL;
+    char 			hierarchyAuthChar = 0;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    uint32_t 			nvBufferMax;
+    size_t 			writeLength;		/* file bytes to write */
+    unsigned char 		*writeBuffer = NULL; 	/* file buffer to write */
+    uint16_t 			bytesWritten;		/* bytes written so far */
+    int				done = FALSE;
+ 
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hia") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyAuthChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hia\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		commandData = argv[i];
+		dataSource++;
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+		dataSource++;
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-id")  == 0) {
+	    i++;
+	    if (i < argc) {
+		pinPass = atoi(argv[i]);
+		i++;
+		if (i < argc) {
+		    pinLimit = atoi(argv[i]);
+		    dataSource++;
+		    inData = TRUE;
+		}
+		else {
+		    printf("-id option needs two values\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-id option needs two values\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    if (dataSource > 1) {
+	printf("More than one input data source (-if, -ic, -id\n");
+	printUsage();
+    }
+    /* Authorization handle */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;  
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;  
+	}
+	else if (hierarchyAuthChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("\n");
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* data may have to be written in chunks.  Read the chunk size */
+    if (rc == 0) {
+	rc = readNvBufferMax(tssContext,
+			     &nvBufferMax);
+    }
+    /* if there is no input data source, default to 0 byte write */
+    if ((rc == 0) && (dataSource == 0)) {
+	in.data.b.size = 0;
+    }
+    /* -if, file data can be written in chunks */
+    if ((rc == 0) && (datafilename != NULL)) {
+	rc = TSS_File_ReadBinaryFile(&writeBuffer,     /* freed @1 */
+				     &writeLength,
+				     datafilename);
+    }
+    if ((rc == 0) && (datafilename != NULL)) {
+	if (writeLength > 0xffff) {	/* overflow TPM2B uint16_t */
+	    printf("nvwrite: size %u greater than 0xffff\n", (unsigned int)writeLength);	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* -id, for pin pass or pin fail */
+    if ((rc == 0) && (inData)) {
+	uint32_t tmpData;
+	in.data.b.size = sizeof(uint32_t) + sizeof(uint32_t);
+	tmpData = htonl(pinPass);
+	memcpy(in.data.b.buffer, &tmpData, sizeof(tmpData));
+	tmpData = htonl(pinLimit);
+	memcpy(in.data.b.buffer + sizeof(tmpData), &tmpData, sizeof(tmpData));
+    }
+    /* -ic, command line data must fit in one write */
+    if ((rc == 0) && (commandData != NULL)) {
+	rc = TSS_TPM2B_StringCopy(&in.data.b, commandData, nvBufferMax);
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+	in.offset = offset;		/* beginning offset */
+	bytesWritten = 0;
+    }
+    while ((rc == 0) && !done) {
+	uint16_t writeBytes = 0;		/* bytes to write in this pass, initialized to
+						   suppress false gcc -O3 warning */
+	if (rc == 0) {
+	    /* for data from file, write a chunk */
+	    if (datafilename != NULL) {
+		in.offset = offset + bytesWritten;
+		if ((uint32_t)(writeLength - bytesWritten) < nvBufferMax) {
+		    writeBytes = (uint16_t)writeLength - bytesWritten;	/* last chunk */
+		}
+		else {
+		    writeBytes = nvBufferMax;	/* next chunk */
+		}
+		rc = TSS_TPM2B_Create(&in.data.b, writeBuffer + bytesWritten, writeBytes,
+				      sizeof(in.data.t.buffer));
+	    }
+	}
+	/* call TSS to execute the command */
+	if (rc == 0) {
+	    if (tssUtilsVerbose) printf("nvwrite: writing %u bytes\n", in.data.b.size);
+	    rc = TSS_Execute(tssContext,
+			     NULL,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_NV_Write,
+			     sessionHandle0, nvPassword, sessionAttributes0,
+			     sessionHandle1, NULL, sessionAttributes1,
+			     sessionHandle2, NULL, sessionAttributes2,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	/* data file can be written in chunks, other options are single write */
+	if (rc == 0) {
+	    if (datafilename == NULL) {
+		done = TRUE;
+	    }
+	    else {
+		bytesWritten += writeBytes;
+		if (bytesWritten == writeLength) {
+		    done = TRUE;
+		}
+	    }
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvwrite: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvwrite: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	if (rc == TSS_RC_FILE_OPEN) {
+	    printf("Possible cause: missing nvreadpublic before nvwrite\n");
+	}
+	rc = EXIT_FAILURE;
+    }
+    free(writeBuffer);	/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvwrite\n");
+    printf("\n");
+    printf("Runs TPM2_NV_Write\n");
+    printf("\n");
+    printf("\t[-hia\thierarchy authorization (o, p)(default index authorization)]\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdn\tauthorization password (default empty)]\n");
+    printf("\t\thierarchy or NV index password\n");
+    printf("\t[-ic\tdata string]\n");
+    printf("\t[-if\tdata file]\n");
+    printf("\t[-id\tdata values, pinPass and pinLimit (4 bytes each)]\n");
+    printf("\t\tif none is specified, a 0 byte write occurs\n");
+    printf("\t\t-id is normally used for pin pass or pin fail indexes\n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/nvwritelock.c b/utils/nvwritelock.c
new file mode 100644
index 000000000..9d6c8cfff
--- /dev/null
+++ b/utils/nvwritelock.c
@@ -0,0 +1,259 @@
+/********************************************************************************/
+/*										*/
+/*			    NV WriteLock	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_WriteLock_In 		in;
+    char 			hierarchyAuthChar = 0;
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    const char			*nvPassword = NULL; 		/* default no password */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hia") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyAuthChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hia\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((nvIndex >> 24) != TPM_HT_NV_INDEX) {
+	printf("NV index handle not specified or out of range, MSB not 01\n");
+	printUsage();
+    }
+    /* Authorization handle */
+    if (rc == 0) {
+	if (hierarchyAuthChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;  
+	}
+	else if (hierarchyAuthChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;  
+	}
+	else if (hierarchyAuthChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_WriteLock,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvwritelock: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvwritelock: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvwritelock\n");
+    printf("\n");
+    printf("Runs TPM2_NV_WriteLock\n");
+    printf("\n");
+    printf("\t[-hia\thierarchy authorization (o, p) (default index authorization)]\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t-pwdn\tpassword for NV index (default empty)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/objectchangeauth.c b/utils/objectchangeauth.c
new file mode 100644
index 000000000..1d7c15742
--- /dev/null
+++ b/utils/objectchangeauth.c
@@ -0,0 +1,328 @@
+/********************************************************************************/
+/*										*/
+/*			    ObjectChangeAuth	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ObjectChangeAuth_In 	in;
+    ObjectChangeAuth_Out 	out;
+    TPMI_DH_OBJECT		parentHandle = TPM_RH_NULL;
+    TPMI_DH_OBJECT		objectHandle = TPM_RH_NULL;
+    const char			*objectPassword = NULL; 
+    const char			*newPassword = NULL;
+    const char			*newPasswordFilename = NULL;
+    uint8_t			*newPasswordBuffer = NULL;
+    size_t 			newPasswordBufferLength = 0;
+    const char			*newPasswordPtr = NULL;
+    const char			*privateKeyFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle );
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		objectPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		newPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		newPasswordFilename = argv[i];
+	    }
+	    else {
+		printf("-ipwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opr") == 0) {
+	    i++;
+	    if (i < argc) {
+		privateKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (parentHandle  == TPM_RH_NULL) {
+	printf("Missing or bad parent handle parameter -hp\n");
+	printUsage();
+    }
+    if (objectHandle == TPM_RH_NULL) {
+	printf("Missing or bad object handle parameter -ho\n");
+	printUsage();
+    }
+    if ((newPassword != NULL) && (newPasswordFilename != NULL)) {
+	printf("Only one of -pwdn and -ipwdn can be specified\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.objectHandle = objectHandle;
+	in.parentHandle = parentHandle;
+    }
+    if (rc == 0) {
+	/* use passsword from command line */
+	if (newPassword != NULL) {
+	    newPasswordPtr = newPassword;
+	}
+	/* use password from file */
+	else if (newPasswordFilename != NULL) {
+	    rc = TSS_File_ReadBinaryFile(&newPasswordBuffer,     /* freed @2 */
+					 &newPasswordBufferLength,
+					 newPasswordFilename);
+	    newPasswordPtr = (const char *)newPasswordBuffer;
+	}
+	/* empty password */
+	else {
+	    newPasswordPtr = NULL;
+	}
+    }
+    /* convert password string to TPM2B */
+    if (rc == 0) {
+	if (newPasswordPtr == NULL) {
+	    in.newAuth.t.size = 0;
+	}
+	else {
+	    rc = TSS_TPM2B_StringCopy(&in.newAuth.b,
+				      newPasswordPtr, sizeof(in.newAuth.t.buffer));
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ObjectChangeAuth,
+			 sessionHandle0, objectPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the private key */
+    if ((rc == 0) && (privateKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPrivate,
+				     (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal,
+				     privateKeyFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("objectchangeauth: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("objectchangeauth: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("objectchangeauth\n");
+    printf("\n");
+    printf("Runs TPM2_ObjectChangeAuth\n");
+    printf("\n");
+    printf("\t-hp\tparent handle\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t[-pwdo\tpassword for object (default empty)]\n");
+    printf("\t[-pwdn\tnew password for object (default empty)]\n");
+    printf("\t[-pwdni\tnew password file for object, nul terminated (default empty)]\n");
+    printf("\t[-opr\tprivate key file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/objecttemplates.c b/utils/objecttemplates.c
new file mode 100644
index 000000000..59a716b95
--- /dev/null
+++ b/utils/objecttemplates.c
@@ -0,0 +1,567 @@
+/********************************************************************************/
+/*										*/
+/*			 Object Templates					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: objecttemplates.c 1346 2018-10-09 17:40:01Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* These are templates suitable for creating typical objects.  The functions are shared by create
+   and createprimary
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+#include "objecttemplates.h"
+
+/* asymPublicTemplate() is a template for an ECC or RSA 2048 key.
+
+   It can create these types:
+
+   TYPE_ST:   storage key (decrypt, restricted, RSA NULL scheme, EC NULL scheme)
+   TYPE_DEN:  decryption key (not storage key, RSA NULL scheme, EC NULL scheme)
+   TYPE_DEO:  decryption key (not storage key, RSA OAEP scheme, EC NULL scheme)
+   TYPE_SI:   signing key (unrestricted, RSA NULL schemem EC NULL scheme)
+   TYPE_SIR:  signing key (restricted, RSA RSASSA scheme, EC ECDSA scheme)
+   TYPE_GP:   general purpose key
+   TYPE_DAA:  signing key (unrestricted, ECDAA)
+   TYPE_DAAR: signing key (restricted, ECDAA)
+*/
+
+TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea,	/* output */
+			  TPMA_OBJECT addObjectAttributes,	/* add default, can be overridden
+								   here */
+			  TPMA_OBJECT deleteObjectAttributes,
+			  int keyType,			/* see above */
+			  TPMI_ALG_PUBLIC algPublic,	/* RSA or ECC */	
+			  TPMI_ECC_CURVE curveID,	/* for ECC */
+			  TPMI_ALG_HASH nalg,		/* Name algorithm */
+			  TPMI_ALG_HASH halg,		/* hash algorithm */
+			  const char *policyFilename)	/* binary policy, NULL means empty */
+{
+    TPM_RC			rc = 0;
+
+    if (rc == 0) {
+	publicArea->objectAttributes = addObjectAttributes;
+	/* Table 185 - TPM2B_PUBLIC inPublic */
+	/* Table 184 - TPMT_PUBLIC publicArea */
+	publicArea->type = algPublic;		/* RSA or ECC */
+	publicArea->nameAlg = nalg;
+
+	/* Table 32 - TPMA_OBJECT objectAttributes */
+	publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
+
+	switch (keyType) {
+	  case TYPE_DEN:
+	  case TYPE_DEO:
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN;
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	    break;
+	  case TYPE_ST:
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN;
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	    break;
+	  case TYPE_SI:
+	  case TYPE_DAA:
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN;
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	    break;
+	  case TYPE_SIR:
+	  case TYPE_DAAR:
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN;
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	    break;
+	  case TYPE_GP:
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN;
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	    break;
+	}
+	publicArea->objectAttributes.val &= ~deleteObjectAttributes.val;
+    }
+    if (rc == 0) {
+	/* Table 72 -  TPM2B_DIGEST authPolicy */
+	/* policy set separately */
+
+	/* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */
+	if (algPublic == TPM_ALG_RSA) {
+	    /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS rsaDetail */
+	    /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */
+	    switch (keyType) {
+	      case TYPE_DEN:
+	      case TYPE_DEO:
+	      case TYPE_SI:
+	      case TYPE_SIR:
+	      case TYPE_GP:
+		/* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */
+		publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
+		break;
+	      case TYPE_ST:
+		publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
+		/* Table 125 - TPMU_SYM_KEY_BITS keyBits */
+		publicArea->parameters.rsaDetail.symmetric.keyBits.aes = 128;
+		/* Table 126 - TPMU_SYM_MODE mode */
+		publicArea->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
+		break;
+	    }
+
+	    /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME scheme */
+	    switch (keyType) {
+	      case TYPE_DEN:
+	      case TYPE_GP:
+	      case TYPE_ST:
+	      case TYPE_SI:
+		publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
+		break;
+	      case TYPE_DEO:
+		publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_OAEP;
+		/* Table 152 - Definition of TPMU_ASYM_SCHEME details */
+		/* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */
+		/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+		/* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */
+		publicArea->parameters.rsaDetail.scheme.details.oaep.hashAlg = halg;
+		break;
+	      case TYPE_SIR:
+		publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_RSASSA;
+		/* Table 152 - Definition of TPMU_ASYM_SCHEME details */
+		/* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */
+		/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+		/* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */
+		publicArea->parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg;
+		break;
+	    }
+	
+	    /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type keyBits */
+	    publicArea->parameters.rsaDetail.keyBits = 2048;
+	    publicArea->parameters.rsaDetail.exponent = 0;
+	    /* Table 177 - TPMU_PUBLIC_ID unique */
+	    /* Table 177 - Definition of TPMU_PUBLIC_ID */
+	    publicArea->unique.rsa.t.size = 0;
+	}
+	else {	/* algPublic == TPM_ALG_ECC */
+	    /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure eccDetail */
+	    /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */
+	    switch (keyType) {
+	      case TYPE_DEN:
+	      case TYPE_DEO:
+	      case TYPE_SI:
+	      case TYPE_SIR:
+	      case TYPE_DAA:
+	      case TYPE_DAAR:
+	      case TYPE_GP:
+		/* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */
+		publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
+		break;
+	      case TYPE_ST:
+		publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES;
+		/* Table 125 - TPMU_SYM_KEY_BITS keyBits */
+		publicArea->parameters.eccDetail.symmetric.keyBits.aes = 128;
+		/* Table 126 - TPMU_SYM_MODE mode */
+		publicArea->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB;
+		break;
+	    }
+	    /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure scheme */
+	    /* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type scheme */
+	    switch (keyType) {
+	      case TYPE_GP:
+	      case TYPE_SI:
+	      case TYPE_DEN:
+	      case TYPE_DEO:
+		publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+		/* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */
+		/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */
+		publicArea->parameters.eccDetail.curveID = curveID;
+		/* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */
+		/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */
+		publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+		break;
+	      case TYPE_SIR:
+		publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA;
+		/* Table 152 - Definition of TPMU_ASYM_SCHEME details */
+		/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+		publicArea->parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg;
+		/* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */
+		/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */
+		publicArea->parameters.eccDetail.curveID = curveID;
+		/* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */
+		/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */
+		publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+		/* Table 149 - Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> */
+		/* Table 148 - Definition of Types for KDF Schemes, hash-based key-
+		   or mask-generation functions */
+		/* Table 135 - Definition of TPMS_SCHEME_HASH Structure hashAlg */
+		publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = halg;
+		break;
+	      case TYPE_DAA:
+	      case TYPE_DAAR:
+		publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDAA;
+		publicArea->parameters.eccDetail.scheme.details.ecdaa.hashAlg = halg;
+		publicArea->parameters.eccDetail.scheme.details.ecdaa.count = 1;
+		publicArea->parameters.eccDetail.curveID = curveID;
+		publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+		publicArea->unique.ecc.y.t.size = 0;
+		publicArea->unique.ecc.x.t.size = 0;
+		break;
+	      case TYPE_ST:
+		publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
+		publicArea->parameters.eccDetail.scheme.details.anySig.hashAlg = 0;
+		publicArea->parameters.eccDetail.curveID = TPM_ECC_NIST_P256;
+		publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+		publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0;
+		break;
+	    }
+	    /* Table 177 - TPMU_PUBLIC_ID unique */
+	    /* Table 177 - Definition of TPMU_PUBLIC_ID */
+	    publicArea->unique.ecc.x.t.size = 0;
+	    publicArea->unique.ecc.y.t.size = 0;
+	}
+    }
+    if (rc == 0) {
+	rc = getPolicy(publicArea, policyFilename);
+    }
+    return rc;
+}
+
+/* symmetricCipherTemplate() is a template for an AES 128 CFB key
+
+ */
+
+TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea,		/* output */
+			       TPMA_OBJECT addObjectAttributes,	/* add default, can be overridden
+								   here */
+			       TPMA_OBJECT deleteObjectAttributes,
+			       TPMI_ALG_HASH nalg,		/* Name algorithm */
+			       int rev116,		/* TPM rev 116 compatibility, sets SIGN */
+			       const char *policyFilename)	/* binary policy, NULL means empty */
+{
+    TPM_RC rc = 0;
+    
+    if (rc == 0) {
+	publicArea->objectAttributes = addObjectAttributes;
+
+	/* Table 185 - TPM2B_PUBLIC inPublic */
+	/* Table 184 - TPMT_PUBLIC publicArea */
+	publicArea->type = TPM_ALG_SYMCIPHER;
+	publicArea->nameAlg = nalg;
+	/* Table 32 - TPMA_OBJECT objectAttributes */
+	/* rev 116 used DECRYPT for both decrypt and encrypt.  After 116, encrypt required SIGN */
+	if (!rev116) {
+	    /* actually encrypt */
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN;
+	}
+	publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
+	publicArea->objectAttributes.val &= ~deleteObjectAttributes.val;
+	/* Table 72 -  TPM2B_DIGEST authPolicy */
+	/* policy set separately */
+	/* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */
+	{
+	    /* Table 131 - Definition of TPMS_SYMCIPHER_PARMS symDetail */
+	    {
+		/* Table 129 - Definition of TPMT_SYM_DEF_OBJECT sym */
+		/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */
+		publicArea->parameters.symDetail.sym.algorithm = TPM_ALG_AES;
+		/* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */
+		publicArea->parameters.symDetail.sym.keyBits.aes = 128;
+		/* Table 126 - Definition of TPMU_SYM_MODE Union */
+		publicArea->parameters.symDetail.sym.mode.aes = TPM_ALG_CFB;
+	    }
+	}
+	/* Table 177 - TPMU_PUBLIC_ID unique */
+	/* Table 72 - Definition of TPM2B_DIGEST Structure */
+	publicArea->unique.sym.t.size = 0; 
+    }
+    if (rc == 0) {
+	rc = getPolicy(publicArea, policyFilename);
+    }
+    return rc;
+}
+
+/* keyedHashPublicTemplate() is a template for an HMAC key
+
+   It can create these types:
+
+   TYPE_KH:	HMAC key, unrestricted
+   TYPE_KHR:	HMAC key, restricted
+*/
+
+TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea,		/* output */
+			       TPMA_OBJECT addObjectAttributes,	/* add default, can be overridden
+								   here */
+			       TPMA_OBJECT deleteObjectAttributes,
+			       int keyType,			/* see above */
+			       TPMI_ALG_HASH nalg,		/* Name algorithm */
+			       TPMI_ALG_HASH halg,		/* hash algorithm */
+			       const char *policyFilename)	/* binary policy, NULL means empty */
+{
+    TPM_RC			rc = 0;
+
+    if (rc == 0) {
+	publicArea->objectAttributes = addObjectAttributes;
+
+	/* Table 185 - TPM2B_PUBLIC inPublic */
+	/* Table 184 - TPMT_PUBLIC publicArea */
+	/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+	publicArea->type = TPM_ALG_KEYEDHASH;
+	/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+	publicArea->nameAlg = nalg;
+	/* Table 32 - TPMA_OBJECT objectAttributes */
+	publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
+	switch (keyType) {
+	  case TYPE_KH:
+	    publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	    break;
+	  case TYPE_KHR:
+	    publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	    break;
+	}
+	publicArea->objectAttributes.val &= ~deleteObjectAttributes.val;
+	/* Table 72 -  TPM2B_DIGEST authPolicy */
+	/* policy set separately */
+	{
+	    /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+	    /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+	    /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+	    /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */
+	    publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC;
+	    /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+	    /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg = halg;
+	}
+	/* Table 177 - TPMU_PUBLIC_ID unique */
+	/* Table 72 - Definition of TPM2B_DIGEST Structure */
+	publicArea->unique.sym.t.size = 0; 
+    }
+    if (rc == 0) {
+	rc = getPolicy(publicArea, policyFilename);
+    }
+    return rc;
+}
+
+/* derivationParentPublicTemplate() is a template for a derivation parent
+
+   The key is not restricted
+*/
+
+TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea,		/* output */
+				      TPMA_OBJECT addObjectAttributes,	/* add default, can be
+									   overridden here */
+				      TPMA_OBJECT deleteObjectAttributes,
+				      TPMI_ALG_HASH nalg,		/* Name algorithm */
+				      TPMI_ALG_HASH halg,		/* hash algorithm */
+				      const char *policyFilename)	/* binary policy, NULL means
+									   empty */
+{
+    TPM_RC			rc = 0;
+
+    if (rc == 0) {
+	publicArea->objectAttributes = addObjectAttributes;
+
+	/* Table 185 - TPM2B_PUBLIC inPublic */
+	/* Table 184 - TPMT_PUBLIC publicArea */
+	/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+	publicArea->type = TPM_ALG_KEYEDHASH;
+	/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+	publicArea->nameAlg = nalg;
+	/* Table 32 - TPMA_OBJECT objectAttributes */
+	publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDTPM;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
+	publicArea->objectAttributes.val &= ~deleteObjectAttributes.val;
+	/* Table 72 -  TPM2B_DIGEST authPolicy */
+	/* policy set separately */
+	{
+	    /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+	    /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+	    /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+	    /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */
+	    publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_XOR;
+	    /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+	    /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    publicArea->parameters.keyedHashDetail.scheme.details.xorr.kdf = TPM_ALG_KDF1_SP800_108;
+	    publicArea->parameters.keyedHashDetail.scheme.details.xorr.hashAlg = halg;
+	}
+	/* Table 177 - TPMU_PUBLIC_ID unique */
+	/* Table 72 - Definition of TPM2B_DIGEST Structure */
+	publicArea->unique.sym.t.size = 0; 
+    }
+    if (rc == 0) {
+	rc = getPolicy(publicArea, policyFilename);
+    }
+    return rc;
+}
+
+/* blPublicTemplate() is a template for a sealed data blob.
+
+*/
+
+TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea,	/* output */
+			TPMA_OBJECT addObjectAttributes,	/* add default, can be overridden
+								   here */
+			TPMA_OBJECT deleteObjectAttributes,
+			TPMI_ALG_HASH nalg,		/* Name algorithm */
+			const char *policyFilename)	/* binary policy, NULL means empty */
+{
+    TPM_RC			rc = 0;
+
+    if (rc == 0) {
+	publicArea->objectAttributes = addObjectAttributes;
+
+	/* Table 185 - TPM2B_PUBLIC inPublic */
+	/* Table 184 - TPMT_PUBLIC publicArea */
+	/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+	publicArea->type = TPM_ALG_KEYEDHASH;
+	/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+	publicArea->nameAlg = nalg;
+	/* Table 32 - TPMA_OBJECT objectAttributes */
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
+	publicArea->objectAttributes.val &= ~deleteObjectAttributes.val;
+	/* Table 72 -  TPM2B_DIGEST authPolicy */
+	/* policy set separately */
+	{
+	    /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+	    /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+	    /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+	    /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */
+	    publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
+	    /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+	}
+	/* Table 177 - TPMU_PUBLIC_ID unique */
+	/* Table 72 - Definition of TPM2B_DIGEST Structure */
+	publicArea->unique.sym.t.size = 0; 
+    }
+    if (rc == 0) {
+	rc = getPolicy(publicArea, policyFilename);
+    }
+    return rc;
+}
+
+TPM_RC getPolicy(TPMT_PUBLIC *publicArea,
+		 const char *policyFilename)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	if (policyFilename != NULL) {
+	    rc = TSS_File_Read2B(&publicArea->authPolicy.b,
+				 sizeof(publicArea->authPolicy.t.buffer),
+				 policyFilename);
+	}
+	else {
+	    publicArea->authPolicy.t.size = 0;	/* default empty policy */
+	}
+    }
+    return rc;
+}
+
+void printUsageTemplate(void)
+{
+    printf("\t[Asymmetric Key Algorithm]\n");
+    printf("\n");
+    printf("\t-rsa (default)\n");
+    printf("\t-ecc curve\n");
+    printf("\t\tbnp256\n");
+    printf("\t\tnistp256\n");
+    printf("\t\tnistp384\n");
+    printf("\n");
+    printf("\tKey attributes\n");
+    printf("\n");
+    printf("\t\t-bl\tdata blob for unseal (create only)\n");
+    printf("\t\t\trequires -if\n");
+    printf("\t\t-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n");
+    printf("\t\t-deo\tdecryption, (unrestricted, RSA OAEP, EC NULL scheme)\n");
+    printf("\t\t-des\tencryption/decryption, AES symmetric\n");
+    printf("\t\t\t[-116 for TPM rev 116 compatibility]\n");
+    printf("\t\t-st\tstorage (restricted)\n");
+    printf("\t\t\t[default for primary keys]\n");
+    printf("\t\t-si\tunrestricted signing (RSA and EC NULL scheme)\n");
+    printf("\t\t-sir\trestricted signing (RSA RSASSA, EC ECDSA scheme)\n");
+    printf("\t\t-dau\tunrestricted ECDAA signing key pair\n");
+    printf("\t\t-dar\trestricted ECDAA signing key pair\n");
+    printf("\t\t-kh\tkeyed hash (unrestricted, hmac)\n");
+    printf("\t\t-khr\tkeyed hash (restricted, hmac)\n");
+    printf("\t\t-dp\tderivation parent\n");
+    printf("\t\t-gp\tgeneral purpose, not storage\n");
+    printf("\n");
+    printf("\t\t[-kt\t(can be specified more than once)]\n"
+	   "\t\t\tf\tfixedTPM (default for primary keys and derivation parents)\n"
+	   "\t\t\tp\tfixedParent (default for primary keys and derivation parents)\n"
+	   "\t\t\tnf\tno fixedTPM (default for non-primary keys)\n"
+	   "\t\t\tnp\tno fixedParent (default for non-primary keys)\n"
+	   "\t\t\ted\tencrypted duplication (default not set)\n");
+    printf("\t[-da\tobject subject to DA protection (default no)]\n");
+    printf("\t[-pol\tpolicy file (default empty)]\n");
+    printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n");
+    printf("\t[-if\tdata (inSensitive) file name]\n");
+    printf("\n");
+    printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    return;	
+}
diff --git a/utils/objecttemplates.h b/utils/objecttemplates.h
new file mode 100644
index 000000000..38a16cba6
--- /dev/null
+++ b/utils/objecttemplates.h
@@ -0,0 +1,107 @@
+/********************************************************************************/
+/*										*/
+/*			 Object Templates					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: objecttemplates.h 1340 2018-09-28 18:32:11Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef OBJECTTEMPLATES_H
+#define OBJECTTEMPLATES_H
+
+/* object type */
+
+#define TYPE_BL		1
+#define TYPE_ST		2
+#define TYPE_DEN	3	
+#define TYPE_DEO	4
+#define TYPE_SI		5
+#define TYPE_SIR	6
+#define TYPE_GP		7
+#define TYPE_DES	8
+#define TYPE_KH		9
+#define TYPE_DP		10
+#define TYPE_DAA        11
+#define TYPE_DAAR       12
+#define TYPE_KHR	13
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea,
+			      TPMA_OBJECT addObjectAttributes,
+			      TPMA_OBJECT deleteObjectAttributes,
+			      int type,
+			      TPMI_ALG_PUBLIC algPublic,
+			      TPMI_ECC_CURVE curveID,			       
+			      TPMI_ALG_HASH nalg,
+			      TPMI_ALG_HASH halg,
+			      const char *policyFilename);
+    TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea,
+				   TPMA_OBJECT addObjectAttributes,
+				   TPMA_OBJECT deleteObjectAttributes,
+				   TPMI_ALG_HASH nalg,
+				   int rev116,
+				   const char *policyFilename);
+    TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea,
+				   TPMA_OBJECT addObjectAttributes,
+				   TPMA_OBJECT deleteObjectAttributes,
+				   int type,
+				   TPMI_ALG_HASH nalg,
+				   TPMI_ALG_HASH halg,
+				   const char *policyFilename);
+    TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea,
+					  TPMA_OBJECT addObjectAttributes,
+					  TPMA_OBJECT deleteObjectAttributes,
+					  TPMI_ALG_HASH nalg,
+					  TPMI_ALG_HASH halg,
+					  const char *policyFilename);
+    TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea,
+			    TPMA_OBJECT addObjectAttributes,
+			    TPMA_OBJECT deleteObjectAttributes,
+			    TPMI_ALG_HASH nalg,
+			    const char *policyFilename);
+
+    void printUsageTemplate(void);
+
+    TPM_RC getPolicy(TPMT_PUBLIC *publicArea,
+		     const char *policyFilename);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/pcrallocate.c b/utils/pcrallocate.c
new file mode 100644
index 000000000..70007dc84
--- /dev/null
+++ b/utils/pcrallocate.c
@@ -0,0 +1,342 @@
+/********************************************************************************/
+/*										*/
+/*			    PCR_Allocate	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void setPcrSelect(TPMS_PCR_SELECTION *pcrSelections,
+			 TPM_ALG_ID hashAlg,
+			 uint8_t select);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PCR_Allocate_In 		in;
+    PCR_Allocate_Out 		out;
+    const char			*platformPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    unsigned int		bankNumber = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		platformPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sha1") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA1, 0x00);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"+sha1") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA1, 0xff);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sha256") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA256, 0x00);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"+sha256") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA256, 0xff);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sha384") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA384, 0x00);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"+sha384") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA384, 0xff);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sha512") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA512, 0x00);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"+sha512") == 0) {
+	    if (bankNumber < HASH_COUNT) {
+		setPcrSelect(&in.pcrAllocation.pcrSelections[bankNumber],
+			     TPM_ALG_SHA512, 0xff);
+		bankNumber++;
+	    }
+	    else {
+		printf("%u banks specified, TSS supports %u banks\n",
+		       bankNumber+1, HASH_COUNT);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* at least one bank must be selected */
+    if (rc == 0) {
+	if (bankNumber == 0) {
+	    printf("No PCR algorithm specified\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.authHandle = TPM_RH_PLATFORM;
+	in.pcrAllocation.count = bankNumber;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PCR_Allocate,
+			 sessionHandle0, platformPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("pcrallocate: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrallocate: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void setPcrSelect(TPMS_PCR_SELECTION *pcrSelections,
+			 TPM_ALG_ID hashAlg,
+			 uint8_t select)
+{
+    pcrSelections->hash = hashAlg;
+    pcrSelections->sizeofSelect = 3;
+    pcrSelections->pcrSelect[0] = select;
+    pcrSelections->pcrSelect[1] = select;
+    pcrSelections->pcrSelect[2] = select;
+    return;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("pcrallocate\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Allocate\n");
+    printf("\n");
+    printf("\nAllocates banks for a full set of PCR 0-23.  Not all\n"
+	   "hardware TPMs support multiple banks or all algorithms\n");
+    printf("\n");
+    printf("\t[-pwdp\tplatform hierarchy password (default empty)]\n");
+    printf("\t+sha1   -sha1   allocate / deallocate a SHA-1 bank\n");
+    printf("\t+sha256 -sha256 allocate / deallocate a SHA-256 bank\n");
+    printf("\t+sha384 -sha384 allocate / deallocate a SHA-384 bank\n");
+    printf("\t+sha512 -sha512 allocate / deallocate a SHA-512 bank\n");
+    printf("\t\tMore than one algorithm can be specified\n");
+    exit(1);	
+}
diff --git a/utils/pcrevent.c b/utils/pcrevent.c
new file mode 100644
index 000000000..affd0edf2
--- /dev/null
+++ b/utils/pcrevent.c
@@ -0,0 +1,317 @@
+/********************************************************************************/
+/*										*/
+/*			   PCR_Event 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PCR_Event_In 		in;
+    PCR_Event_Out 		out;
+    TPMI_DH_PCR 		pcrHandle = IMPLEMENTATION_PCR;
+    const char 			*data = NULL;
+    const char 			*datafilename = NULL;
+    const char			*outFilename1 = NULL;	/* for sha1 */
+    const char			*outFilename2 = NULL;	/* for sha256 */
+    const char			*outFilename3 = NULL;	/* for sha384 */
+    const char			*outFilename5 = NULL;	/* for sha512 */
+    int				process1 = FALSE;	/* these catch the case */
+    int				process2 = FALSE;	/* where an output file was */
+    int				process3 = FALSE;	/* specified but the TPM did */
+    int				process5 = FALSE;	/* not return the algorithm */
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		data = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of1")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename1 = argv[i];
+		process1 = TRUE;
+	    } else {
+		printf("-of1 option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of2")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename2 = argv[i];
+		process2 = TRUE;
+	    } else {
+		printf("-of2 option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of3")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename3 = argv[i];
+		process3 = TRUE;
+	    } else {
+		printf("-of3 option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of5")  == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename5 = argv[i];
+		process5 = TRUE;
+	    } else {
+		printf("-of5 option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrHandle >= IMPLEMENTATION_PCR) {
+	printf("Missing or bad PCR handle parameter -ha\n");
+	printUsage();
+    }
+    if ((data == NULL) && (datafilename == NULL)) {
+	printf("Data string or data file must be specified\n");
+	printUsage();
+    }
+    if ((data != NULL) && (datafilename != NULL)) {
+	printf("Data string and data file cannot both be specified\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.pcrHandle = pcrHandle;
+    }
+    if (rc == 0) {
+	if (data != NULL) {
+	    if (tssUtilsVerbose) printf("Event data %u bytes\n", (unsigned int)strlen(data));
+	    rc = TSS_TPM2B_StringCopy(&in.eventData.b, data, sizeof(in.eventData.t.buffer));
+	}
+    }
+    if (datafilename != NULL) {
+	rc = TSS_File_Read2B(&in.eventData.b,
+			     sizeof(in.eventData.t.buffer),
+			     datafilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PCR_Event,
+			 TPM_RS_PW, NULL, 0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint32_t c;
+	printf("pcrevent: success\n");
+	/* Table 100 - Definition of TPML_DIGEST_VALUES Structure */
+	/* Table 71 - Definition of TPMT_HA Structure <IN/OUT> digests[] */
+	/* Table 70 - Definition of TPMU_HA Union <IN/OUT, S> digests */
+	printf("pcrevent: count %u\n", out.digests.count);
+
+	for (c = 0 ;  c < out.digests.count ;c++) {
+	    switch (out.digests.digests[c].hashAlg) {
+	      case TPM_ALG_SHA1:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-1\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.digests.digests[c].digest.sha1,
+					  SHA1_DIGEST_SIZE);
+		if (outFilename1 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha1,
+						  SHA1_DIGEST_SIZE,
+						  outFilename1);
+		    process1 = FALSE;
+		}
+		break;
+	      case TPM_ALG_SHA256:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-256\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.digests.digests[c].digest.sha256,
+					  SHA256_DIGEST_SIZE);
+		if (outFilename2 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha256,
+						  SHA256_DIGEST_SIZE,
+						  outFilename2); 
+		    process2 = FALSE;
+		}
+		break;
+	      case TPM_ALG_SHA384:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-384\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.digests.digests[c].digest.sha384,
+					  SHA384_DIGEST_SIZE);
+		if (outFilename3 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha384,
+						  SHA384_DIGEST_SIZE,
+						  outFilename3); 
+		    process3 = FALSE;
+		}
+		break;
+	      case TPM_ALG_SHA512:
+		if (tssUtilsVerbose) printf("Hash algorithm SHA-512\n");
+		if (tssUtilsVerbose) TSS_PrintAll("Digest",
+					  (uint8_t *)&out.digests.digests[c].digest.sha512,
+					  SHA512_DIGEST_SIZE);
+		if (outFilename5 != NULL) {
+		    rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha512,
+						  SHA512_DIGEST_SIZE,
+						  outFilename5); 
+		    process5 = FALSE;
+		}
+		break;
+	      default:
+		printf("Hash algorithm %04x unknown\n", out.digests.digests[c].hashAlg);
+		break;
+	    }
+	}
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrevent: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    if (rc == 0) {
+	if (process1) {
+	    printf("-of1 specified but TPM did not return SHA-1\n");
+	    rc = EXIT_FAILURE;
+	}
+	if (process2) {
+	    printf("-of2 specified but TPM did not return SHA-256\n");
+	    rc = EXIT_FAILURE;
+	}
+	if (process3) {
+	    printf("-of3 specified but TPM did not return SHA-384\n");
+	    rc = EXIT_FAILURE;
+	}
+	if (process5) {
+	    printf("-of5 specified but TPM did not return SHA-512\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("pcrevent\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Event\n");
+    printf("\n");
+    printf("\t-ha\tpcr handle\n");
+    printf("\t-ic\tdata string\n");
+    printf("\t-if\tdata file\n");
+    printf("\t[-of1\tsha1 output digest file (default do not save)]\n");
+    printf("\t[-of2\tsha256 output digest file (default do not save)]\n");
+    printf("\t[-of3\tsha384 output digest file (default do not save)]\n");
+    printf("\t[-of5\tsha512 output digest file (default do not save)]\n");
+   exit(1);	
+}
diff --git a/utils/pcrextend.c b/utils/pcrextend.c
new file mode 100644
index 000000000..be582099c
--- /dev/null
+++ b/utils/pcrextend.c
@@ -0,0 +1,269 @@
+/********************************************************************************/
+/*										*/
+/*			   PCR_Extend 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    	/* argc iterator */
+    uint32_t			algs;	/* hash algorithm iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PCR_Extend_In 		in;
+    TPMI_DH_PCR 		pcrHandle = IMPLEMENTATION_PCR;
+    const char 			*dataString = NULL;
+    const char 			*datafilename = NULL;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */
+    in.digests.count = 0xffffffff;	/* flag for default hash algorithm */
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */
+	    if (in.digests.count == 0xffffffff) {	/* first time */
+		in.digests.count = 1;			/* extend a bank */
+	    }
+	    else {
+		in.digests.count++;			/* extend a bank */
+	    }
+	    if (in.digests.count > HASH_COUNT) {
+		printf("Too many -halg specifiers, %u permitted\n", HASH_COUNT);
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		/* Table 100 - Definition of TPML_DIGEST_VALUES Structure digests */
+		/* Table 71 - Definition of TPMT_HA Structure <IN/OUT> */
+		/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type hashAlg */
+		if (strcmp(argv[i],"sha1") == 0) {
+		    in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataString = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrHandle >= IMPLEMENTATION_PCR) {
+	printf("Missing or bad PCR handle parameter -ha\n");
+	printUsage();
+    }
+    if ((dataString == NULL) && (datafilename == NULL)) {
+	printf("Data string or data file must be specified\n");
+	printUsage();
+    }
+    if ((dataString != NULL) && (datafilename != NULL)) {
+	printf("Data string and data file cannot both be specified\n");
+	printUsage();
+    }
+    if ((dataString != NULL) && (strlen(dataString) > sizeof(TPMU_HA))) {
+	printf("Data length greater than maximum hash size %lu bytes\n",
+	       (unsigned long)sizeof(TPMU_HA));
+	printUsage();
+    }
+    /* handle default hash algorithm */
+    if (in.digests.count == 0xffffffff) {	/* if none specified */
+	in.digests.count = 1;
+	in.digests.digests[0].hashAlg = TPM_ALG_SHA256;
+    }
+    if (rc == 0) {
+	in.pcrHandle = pcrHandle;
+	/* Table 70 - Definition of TPMU_HA Union <IN/OUT, S> */
+	/* append zero padding to maximum hash algorithm length */
+	for (algs = 0 ; algs < in.digests.count ; algs++) {
+	    memset((uint8_t *)&in.digests.digests[algs].digest, 0, sizeof(TPMU_HA));
+	}
+    }
+    if (rc == 0) {
+	if (dataString != NULL) {
+	    if (tssUtilsVerbose) printf("Extending %u bytes from stream into %u banks\n",
+				(unsigned int)strlen(dataString), in.digests.count);
+	    for (algs = 0 ; algs < in.digests.count ; algs++) {
+		memcpy((uint8_t *)&in.digests.digests[algs].digest,
+		       dataString, strlen(dataString));
+	    }
+	}
+    }
+    if (datafilename != NULL) {
+	unsigned char 	*fileData = NULL;
+	size_t 		length;
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&fileData,			/* freed @1 */
+					 &length, datafilename);
+	}
+	if (rc == 0) {
+	    if (length > sizeof(TPMU_HA)) {
+		printf("Data length greater than maximum hash size %lu bytes\n",
+		       (unsigned long)sizeof(TPMU_HA));
+		rc = EXIT_FAILURE;
+	    } 
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) printf("Extending %u bytes from file into %u banks\n",
+				(unsigned int)length, in.digests.count);
+	    for (algs = 0 ; algs < in.digests.count ; algs++) {
+		memcpy((uint8_t *)&in.digests.digests[algs].digest, fileData, length);
+	    }
+	}
+	free(fileData);		/* @1 */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PCR_Extend,
+			 TPM_RS_PW, NULL, 0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("pcrextend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrextend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("pcrextend\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Extend\n");
+    printf("\n");
+    printf("\t-ha\tpcr handle\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t\t-halg may be specified more than once\n");
+    printf("\n");
+    printf("\t-ic\tdata string, 0 pad appended to halg length\n");
+    printf("\t-if\tdata file, 0 pad appended to halg length\n");
+    exit(1);	
+}
diff --git a/utils/pcrread.c b/utils/pcrread.c
new file mode 100644
index 000000000..768af5046
--- /dev/null
+++ b/utils/pcrread.c
@@ -0,0 +1,437 @@
+/********************************************************************************/
+/*										*/
+/*			   PCR_Read 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+
+static void printPcrRead(PCR_Read_Out *out);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PCR_Read_In 		in;
+    PCR_Read_Out 		out;
+    TPMI_DH_PCR 		pcrHandle = IMPLEMENTATION_PCR;
+    const char 			*datafilename = NULL;
+    TPMI_ALG_HASH		ahalg = TPM_ALG_SHA256;
+    uint32_t 			sizeInBytes = 0;	/* initialized to suppress false gcc -O3
+							   warning */
+    const char 			*sadfilename = NULL;
+    int				noSpace = FALSE;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    in.pcrSelectionIn.count = 0xffffffff;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    if (in.pcrSelectionIn.count == 0xffffffff) {
+		in.pcrSelectionIn.count = 1;
+	    }
+	    else {
+		in.pcrSelectionIn.count++;
+	    }
+	    if (in.pcrSelectionIn.count > HASH_COUNT) {
+		printf("Too many -halg specifiers, %u permitted\n", HASH_COUNT);
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ahalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    ahalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    ahalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    ahalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    ahalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -ahalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i], "-of")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-iosad")  == 0) {
+	    i++;
+	    if (i < argc) {
+		sadfilename = argv[i];
+	    } else {
+		printf("-iosad option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrHandle >= IMPLEMENTATION_PCR) {
+	printf("Missing or bad PCR handle parameter -ha\n");
+	printUsage();
+    }
+    /* handle default hash algorithm */
+    if (in.pcrSelectionIn.count == 0xffffffff) {	/* if none specified */
+	in.pcrSelectionIn.count = 1;
+	in.pcrSelectionIn.pcrSelections[0].hash = TPM_ALG_SHA256;
+    }
+    if (rc == 0) {
+	uint16_t c;
+	/* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+	/* Table 85 - Definition of TPMS_PCR_SELECTION Structure */
+	for (c = 0 ; c < in.pcrSelectionIn.count ; c++) {
+	    in.pcrSelectionIn.pcrSelections[c].sizeofSelect = 3;
+	    in.pcrSelectionIn.pcrSelections[c].pcrSelect[0] = 0;
+	    in.pcrSelectionIn.pcrSelections[c].pcrSelect[1] = 0;
+	    in.pcrSelectionIn.pcrSelections[c].pcrSelect[2] = 0;
+	    in.pcrSelectionIn.pcrSelections[c].pcrSelect[pcrHandle / 8] = 1 << (pcrHandle % 8);
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PCR_Read,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* first hash algorithm, in binary */
+    if (rc != 0) {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrread: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    if ((rc == 0) && (datafilename != NULL) && (out.pcrValues.count != 0)) {
+	rc = TSS_File_WriteBinaryFile(out.pcrValues.digests[0].t.buffer,
+				      out.pcrValues.digests[0].t.size,
+				      datafilename);
+    }
+    /* auth session hash algorithm for cpHash and rpHash */
+    if (rc == 0) {
+        sizeInBytes = TSS_GetDigestSize(ahalg);
+    }
+    /* option to output cpHash and rpHash to test session audit of PCR Read */
+    if (sadfilename != NULL) {
+	TPMT_HA 	cpHash;
+	uint8_t 	cpBuffer [MAX_COMMAND_SIZE];
+	uint16_t 	cpBufferSize = 0;
+	TPMT_HA 	rpHash;
+	uint8_t 	rpBuffer [MAX_RESPONSE_SIZE];
+	uint16_t 	rpBufferSize = 0;
+	uint8_t 	*tmpptr;
+	uint32_t 	tmpsize;
+	TPMT_HA 	sessionDigest;
+	uint8_t		*sessionDigestData = NULL;
+	size_t		sessionDigestSize;
+	/* calculate cpHash from CC || parameters */
+	if (rc == 0) {
+	    tmpptr = cpBuffer;
+	    tmpsize = sizeof(cpBuffer);
+	    rc = TSS_TPML_PCR_SELECTION_Marshalu(&in.pcrSelectionIn,
+						 &cpBufferSize, &tmpptr, &tmpsize);
+	}
+	if (rc == 0) {
+	    TPM_CC commandCode = TPM_CC_PCR_Read;
+	    TPM_CC commandCodeNbo = htonl(commandCode);
+	    cpHash.hashAlg = ahalg;
+	    rc = TSS_Hash_Generate(&cpHash,		/* largest size of a digest */
+				   sizeof(TPM_CC), &commandCodeNbo,
+				   cpBufferSize, cpBuffer,
+				   0, NULL);
+	}
+	if ((rc == 0) && tssUtilsVerbose) {
+#if 0
+	    TSS_PrintAll("cpBuffer", cpBuffer, cpBufferSize);
+	    TSS_PrintAll("cpHash", (uint8_t *)&cpHash.digest, sizeInBytes);
+#endif
+	}
+	/* calculate rpHash from RC || CC || parameters */
+	if (rc == 0) {
+	    tmpptr = rpBuffer;
+	    tmpsize = sizeof(rpBuffer);
+	    rc = TSS_UINT32_Marshalu(&out.pcrUpdateCounter,
+				     &rpBufferSize, &tmpptr, &tmpsize);
+	}
+	if (rc == 0) {
+	    rc = TSS_TPML_PCR_SELECTION_Marshalu(&out.pcrSelectionOut,
+						 &rpBufferSize, &tmpptr, &tmpsize);
+	}
+	if (rc == 0) {
+	    rc = TSS_TPML_DIGEST_Marshalu(&out.pcrValues,
+					  &rpBufferSize, &tmpptr, &tmpsize);
+	}
+	if (rc == 0) {
+	    TPM_CC 		commandCode = TPM_CC_PCR_Read;
+	    TPM_CC 		commandCodeNbo = htonl(commandCode);
+	    rpHash.hashAlg = ahalg;
+	    rc = TSS_Hash_Generate(&rpHash,			/* largest size of a digest */
+				   sizeof(TPM_RC), &rc,	/* RC is always 0, no need to endian
+							   convert */
+				   sizeof(TPM_CC), &commandCodeNbo,
+				   rpBufferSize, rpBuffer,
+				   0, NULL);
+	}
+	if ((rc == 0) && tssUtilsVerbose) {
+#if 0
+	    TSS_PrintAll("rpBuffer", rpBuffer, rpBufferSize);
+	    TSS_PrintAll("rpHash", (uint8_t *)&rpHash.digest, sizeInBytes);
+#endif
+	}
+	/* read the original session digest, must be initialized to all zero */
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&sessionDigestData,	/* freed @1 */
+					 &sessionDigestSize,
+					 sadfilename);
+	}
+	/* sanity check the size against the session digest hash algorithm */
+	if (rc == 0) {
+	    if (sizeInBytes != sessionDigestSize) {
+		printf("pcrread: -ahalg size %u does not match digest size %u from %s\n",
+		       (unsigned int)sizeInBytes, (unsigned int)sessionDigestSize, sadfilename);
+	    }
+	}
+	/* extend cpHash and rpHash */
+	if (rc == 0) {
+	    sessionDigest.hashAlg = ahalg;
+	    rc = TSS_Hash_Generate(&sessionDigest,
+				   sizeInBytes, sessionDigestData, 
+				   sizeInBytes, (uint8_t *)&cpHash.digest,
+				   sizeInBytes, (uint8_t *)&rpHash.digest,
+				   0, NULL);
+	}
+	if ((rc == 0) && tssUtilsVerbose) {
+	    TSS_PrintAll("Session digest old", sessionDigestData, sizeInBytes);
+	    TSS_PrintAll("Session digest new", (uint8_t *)&sessionDigest.digest, sizeInBytes);
+	}
+	if (rc == 0) {
+	    /* write back the result */
+	    rc = TSS_File_WriteBinaryFile((uint8_t *)&sessionDigest.digest,
+					  sizeInBytes,
+					  sadfilename);
+	}
+	free(sessionDigestData);	/* @1 */
+    }
+    if (rc == 0) {
+	/* machine readable format */
+	if (noSpace) {
+	    uint32_t count;
+	    /* TPM can return count 0 if the requested algorithm is not allocated */
+	    if (out.pcrValues.count != 0) {
+		for (count = 0 ; count < out.pcrValues.count ; count++) {
+		    uint32_t bp;
+		    for (bp = 0 ; bp < out.pcrValues.digests[count].t.size ; bp++) {
+			printf("%02x", out.pcrValues.digests[count].t.buffer[bp]);
+		    }
+		    printf("\n");
+		}
+	    }
+	    else {
+		printf("count %u\n", out.pcrValues.count);
+	    }
+	}
+	/* human readable format, all hash algorithms */
+	else {
+	    printPcrRead(&out);
+	    if (tssUtilsVerbose) printf("pcrread: success\n");
+	}
+    }
+    return rc;
+}
+
+static void printPcrRead(PCR_Read_Out *out)
+{
+    uint32_t	i;
+    
+    /* Table 99 - Definition of TPML_DIGEST Structure */
+    printf("count %u pcrUpdateCounter %u \n", out->pcrValues.count, out->pcrUpdateCounter);
+    for (i = 0 ; i < out->pcrValues.count ; i++) {
+	TSS_PrintAll("digest", out->pcrValues.digests[i].t.buffer, out->pcrValues.digests[i].t.size);
+    }
+    return;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("pcrread\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Read\n");
+    printf("\n");
+    printf("\t-ha\tpcr handle\n");
+    printf("\t-halg\t(sha1, sha256, sha384, sha512) (default sha256)\n");
+    printf("\t\t-halg may be specified more than once\n");
+    printf("\t[-of\tdata file for first algorithm specified, in binary]\n");
+    printf("\t[-ahalg\t to extend session audit digest for testing (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-iosad\t file for session audit digest testing]\n");
+    printf("\t[-ns\tno space, no text, no newlines]\n");
+    printf("\t\tUsed for scripting policy construction\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t80\taudit\n");
+    exit(1);	
+}
diff --git a/utils/pcrreset.c b/utils/pcrreset.c
new file mode 100644
index 000000000..f47e673a4
--- /dev/null
+++ b/utils/pcrreset.c
@@ -0,0 +1,144 @@
+/********************************************************************************/
+/*										*/
+/*			   PCR_Reset 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PCR_Reset_In 		in;
+    TPMI_DH_PCR 		pcrHandle = IMPLEMENTATION_PCR;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrHandle >= IMPLEMENTATION_PCR) {
+	printf("Missing or bad PCR handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.pcrHandle = pcrHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PCR_Reset,
+			 TPM_RS_PW, NULL, 0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("pcrreset: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrreset: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("pcrreset\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Reset\n");
+    printf("\n");
+    printf("\t-ha\tpcr handle\n");
+    exit(1);	
+}
diff --git a/utils/policies/Policies.txt b/utils/policies/Policies.txt
new file mode 100644
index 000000000..165bb7c11
--- /dev/null
+++ b/utils/policies/Policies.txt
@@ -0,0 +1,138 @@
+#################################################################################
+#										#
+#			TPM2 regression test Directory of files			#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+Note that PolicySecret uses a double hash, with the second hash being
+the policyRef.  An empty policyRef is represented by a blank line.
+
+aaa					the characters aaa
+bits48321601.bin			uint64 with those bits set
+msgtpmgen.bin				message with TPM_GENERATED
+policyauthorizesha1.txt			policyauthorize using rsapubkey.pem
+policyauthorizesha256.txt		"
+policyauthorizesha384.txt		"
+policyauthorizesha512.txt		"
+policyauthorizenv.txt			policy authorize NV
+policyauthorizenv-unseal.txt		policyauthorizenv + policyccunseal
+policyccactivate.txt			policy command code activate credential
+policycccertify.txt			policy command code certify
+policycccreate-auth.txt			policy command code create + policy authvalue
+policyccduplicate.txt			policy command code duplicate
+policyccnvchangeauth-auth.txt		policy command code nvchangeauth + policy authvalue
+policyccquote.txt			policy command code quote
+policyccsign.txt			policy command code sign
+policyccsign-auth.txt			policy command code sign + policy authvalue
+policyccundefinespacespecial-auth	policy command code undefinespacespecial + policy authvalue
+policycountertimer.txt			policy counter timer
+policycphash.txt			policy cphash
+policycphashhash.txt			policy cphash data
+policydupsel-no.txt			policy duplicatation select no includeObject
+policydupsel-yes.txt			policy duplicatation select with includeObject
+policyiwgek.txt				standard IWG EK policy, and IWG PolicyA (EH auth)
+policyiwgekcsha256.txt			standard IWG EK policyC (auth NV)
+policyiwgekcsha384.txt			standard IWG EK policyC
+policyiwgekcsha512.txt			standard IWG EK policyC
+policyiwgekbsha256.txt			standard IWG EK policyB (policy OR)
+policyiwgekbsha384.txt			standard IWG EK policyB (policy OR)
+policyiwgekbsha512.txt			standard IWG EK policyB (policy OR)
+policynvargs.txt			policy nv arguments
+policynvnv.txt				policy nv has name and args			
+policyor.txt				policy command code sign | quote
+policypcr.txt				policy pcr intermediate file
+policypcr0.txt				20 zeros
+policypcr16aaasha1.txt			sha1   PCR 16 extend of aaa
+policypcr16aaasha256.txt		sha256 PCR 16 extend of aaa
+policypcr16aaasha384.txt		sha384 PCR 16 extend of aaa
+policypcr16aaasha512.txt		sha512 PCR 16 extend of aaa
+policysecretnv.txt			policy secret using nv index
+policysecretnvpf.txt			policy secret using NV PIN fail index
+policysecretnvpp.txt			policy secret using NV PIN pass index
+policysecretp.txt			policy secret using platform auth
+policysecretsha256.txt			policy secret using loaded object
+policysignedsha1.txt			policy signed using pubkey.pem Name
+policysignedsha256.txt			policy signed using pubkey.pem Name
+policysignedsha384.txt			policy signed using pubkey.pem Name
+policysignedsha512.txt			policy signed using pubkey.pem Name
+policytemplate.txt			template hash input to policytemplatehash
+policytemplatehash.txt			policy template for signing key
+policywrittenset.txt			policy nv written with written set
+
+policywrittenclrsigned.txt		policy nv written with written clear + policy signed
+policywrittensetsigned.txt		policy nv written with written set + policy signed
+policyorwrittensigned.txt		policy OR of the above two policies
+
+pnhnamehash.txt				name hash
+
+nvwritecphasha.txt			intermediate value
+nvwriteahasha.txt			intermediate value externally signed	
+nvwritecphashb.txt			intermediate value
+nvwriteahashb.txt			intermediate value externally signed	
+
+privkey.pem				RSA private key for policy signed
+pubkey.pem				RSA public key for policy signed
+p256privkey.pem				ECC private key for policy signed
+p256pubkey.pem				ECC public key for policy signed
+
+sha1.bin		big endian sha1   algorithm ID, for policyAuthorizeNV
+sha256.bin		big endian sha256 algorithm ID, for policyAuthorizeNV
+sha384.bin		big endian sha384 algorithm ID, for policyAuthorizeNV
+sha512.bin		big endian sha512 algorithm ID, for policyAuthorizeNV
+
+sha1aaa.bin		sha1   of aaa
+sha1extaaa.bin		sha1   extend of aaa
+sha1extaaa0.bin		sha1   extend of aaa zero padded	
+sha1exthaaa.bin		sha1   extend of hash of aaa
+
+sha256aaa.bin		sha256 of aaa
+sha256extaaa.bin	sha256 extend of aaa
+sha256extaaa0.bin	sha256 extend of aaa zero padded
+sha256exthaaa.bin	sha256 extend of hash of aaa
+
+sha384aaa.bin		sha384 of aaa
+sha384extaaa.bin	sha384 extend of aaa
+sha384exthaaa.bin	sha384 extend of hash of aaa
+sha384extaaa0.bin	sha384 extend of aaa zero padded
+
+sha512aaa.bin		sha512 of aaa
+sha512extaaa.bin	sha512 extend of aaa
+sha512exthaaa.bin	sha512 extend of hash of aaa
+sha512extaaa0.bin	sha512 extend of aaa zero padded
+
+zero4.bin		4 bytes of zero (e.g., just expiration data for policysigned)
+zero8.bin		8 bytes of zero
+zerosha256.bin		32 bytes of zero
\ No newline at end of file
diff --git a/utils/policies/aaa b/utils/policies/aaa
new file mode 100644
index 000000000..7c4a013e5
--- /dev/null
+++ b/utils/policies/aaa
@@ -0,0 +1 @@
+aaa
\ No newline at end of file
diff --git a/utils/policies/bits48321601.bin b/utils/policies/bits48321601.bin
new file mode 100644
index 0000000000000000000000000000000000000000..97baddd9cce02a3237d33aab4b23cb829b8e2b83
GIT binary patch
literal 8
LcmZQzWB@||02lxT

literal 0
HcmV?d00001

diff --git a/utils/policies/msgtpmgen.bin b/utils/policies/msgtpmgen.bin
new file mode 100644
index 000000000..4caf4d327
--- /dev/null
+++ b/utils/policies/msgtpmgen.bin
@@ -0,0 +1 @@
+ÿTCG1234567890123456
\ No newline at end of file
diff --git a/utils/policies/nvwriteahasha.bin b/utils/policies/nvwriteahasha.bin
new file mode 100644
index 0000000000000000000000000000000000000000..c6c65138fc2cd8a30daa65ea7ebf6c2804e643f6
GIT binary patch
literal 36
scmZQzU|={uL+)J$i}l at iJgfJVZcg53^YfjOR>clAd$#J$p*qV10S-zJ5&!@I

literal 0
HcmV?d00001

diff --git a/utils/policies/nvwriteahasha.txt b/utils/policies/nvwriteahasha.txt
new file mode 100644
index 000000000..1cd347b78
--- /dev/null
+++ b/utils/policies/nvwriteahasha.txt
@@ -0,0 +1 @@
+00000000cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611
diff --git a/utils/policies/nvwriteahashb.bin b/utils/policies/nvwriteahashb.bin
new file mode 100644
index 0000000000000000000000000000000000000000..023e08fce73d8c5ee973a2f8484686df76a38745
GIT binary patch
literal 36
scmZQzU|_f(!SQqTY32H!>nAy7+JtmF@|mvW-3~r+%X0ssYv<XM0SCGe8vp<R

literal 0
HcmV?d00001

diff --git a/utils/policies/nvwriteahashb.txt b/utils/policies/nvwriteahashb.txt
new file mode 100644
index 000000000..1ed56ea5e
--- /dev/null
+++ b/utils/policies/nvwriteahashb.txt
@@ -0,0 +1 @@
+00000000df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763
diff --git a/utils/policies/nvwritecphasha.bin b/utils/policies/nvwritecphasha.bin
new file mode 100644
index 000000000..04cc7e90a
--- /dev/null
+++ b/utils/policies/nvwritecphasha.bin
@@ -0,0 +1 @@
+Ϙîh;Ýî«¼u³c¾<ùî"*x¸&?{³U,¦
\ No newline at end of file
diff --git a/utils/policies/nvwritecphasha.txt b/utils/policies/nvwritecphasha.txt
new file mode 100644
index 000000000..601706be3
--- /dev/null
+++ b/utils/policies/nvwritecphasha.txt
@@ -0,0 +1 @@
+00000137000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000800000000000000000000
diff --git a/utils/policies/nvwritecphashb.bin b/utils/policies/nvwritecphashb.bin
new file mode 100644
index 000000000..b93cd2b90
--- /dev/null
+++ b/utils/policies/nvwritecphashb.bin
@@ -0,0 +1 @@
+ßXù«Ë#Œ×É	†-ˆoÔnÛSÈÚ9¿¢ÖÏc
\ No newline at end of file
diff --git a/utils/policies/nvwritecphashb.txt b/utils/policies/nvwritecphashb.txt
new file mode 100644
index 000000000..a9b1e2329
--- /dev/null
+++ b/utils/policies/nvwritecphashb.txt
@@ -0,0 +1 @@
+00000137000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000861626364656667680000
diff --git a/utils/policies/p256privkey.pem b/utils/policies/p256privkey.pem
new file mode 100644
index 000000000..05cbc54d9
--- /dev/null
+++ b/utils/policies/p256privkey.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIA/5U49bWoIFaq2eZ9P7tTv5PO9rqbQtmEo26MSJ8KtUoAoGCCqGSM49
+AwEHoUQDQgAEjPyIf6kFyFd0qKGZrUFPfNkmVRthSU7L23fESiFJhRRMWptx83xF
+YVW2TrVIgq9tsWwgFbLCDgUgEJX7Ln41aw==
+-----END EC PRIVATE KEY-----
diff --git a/utils/policies/p256pubkey.pem b/utils/policies/p256pubkey.pem
new file mode 100644
index 000000000..054dfbd42
--- /dev/null
+++ b/utils/policies/p256pubkey.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjPyIf6kFyFd0qKGZrUFPfNkmVRth
+SU7L23fESiFJhRRMWptx83xFYVW2TrVIgq9tsWwgFbLCDgUgEJX7Ln41aw==
+-----END PUBLIC KEY-----
diff --git a/utils/policies/pnhnamehash.bin b/utils/policies/pnhnamehash.bin
new file mode 100644
index 000000000..9b72b178d
--- /dev/null
+++ b/utils/policies/pnhnamehash.bin
@@ -0,0 +1 @@
+àbwÙü"=ŠV3~ë}˜(½{Ç)<'?zÄñ
\ No newline at end of file
diff --git a/utils/policies/pnhnamehash.txt b/utils/policies/pnhnamehash.txt
new file mode 100644
index 000000000..5aa06f319
--- /dev/null
+++ b/utils/policies/pnhnamehash.txt
@@ -0,0 +1 @@
+000b631928da162431353a59c03a2ca7dbb70989144042363c7fa83839d9da6c437a
diff --git a/utils/policies/policyauthorizenv-unseal.bin b/utils/policies/policyauthorizenv-unseal.bin
new file mode 100644
index 000000000..f182b547f
--- /dev/null
+++ b/utils/policies/policyauthorizenv-unseal.bin
@@ -0,0 +1 @@
+Í$&þlR5…”" Yi3KˆG‚
ÙŒC÷64]
\ No newline at end of file
diff --git a/utils/policies/policyauthorizenv-unseal.txt b/utils/policies/policyauthorizenv-unseal.txt
new file mode 100644
index 000000000..aec66807c
--- /dev/null
+++ b/utils/policies/policyauthorizenv-unseal.txt
@@ -0,0 +1,2 @@
+00000192000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e
+0000016c0000015e
diff --git a/utils/policies/policyauthorizenv.bin b/utils/policies/policyauthorizenv.bin
new file mode 100644
index 000000000..346792291
--- /dev/null
+++ b/utils/policies/policyauthorizenv.bin
@@ -0,0 +1 @@
+f¡ÛÍÂö a{3 îm•«ö,v´˜²‘
0‘ôú
\ No newline at end of file
diff --git a/utils/policies/policyauthorizenv.txt b/utils/policies/policyauthorizenv.txt
new file mode 100644
index 000000000..1b026e58d
--- /dev/null
+++ b/utils/policies/policyauthorizenv.txt
@@ -0,0 +1 @@
+00000192000b5e8ebdf045819419070c7d5777bfeb61ffac4996ea4b6fbade6da42b632d4918
diff --git a/utils/policies/policyauthorizesha1.bin b/utils/policies/policyauthorizesha1.bin
new file mode 100644
index 000000000..36ba1e024
--- /dev/null
+++ b/utils/policies/policyauthorizesha1.bin
@@ -0,0 +1,2 @@
+‚XÀ2ŒÄå.ÄìÎal
+ôŠ0ˆ
\ No newline at end of file
diff --git a/utils/policies/policyauthorizesha1.txt b/utils/policies/policyauthorizesha1.txt
new file mode 100644
index 000000000..31a494394
--- /dev/null
+++ b/utils/policies/policyauthorizesha1.txt
@@ -0,0 +1,2 @@
+0000016a00044234c24fc1b9de6693a62453417d2734d7538f6f
+
diff --git a/utils/policies/policyauthorizesha256.bin b/utils/policies/policyauthorizesha256.bin
new file mode 100644
index 000000000..bc9d0bb41
--- /dev/null
+++ b/utils/policies/policyauthorizesha256.bin
@@ -0,0 +1 @@
+ë£ùŒ^¯¨ùOQ›M*1ƒîy‡fr9Ž#Ù3ˆ¨å
\ No newline at end of file
diff --git a/utils/policies/policyauthorizesha256.txt b/utils/policies/policyauthorizesha256.txt
new file mode 100644
index 000000000..a6c364664
--- /dev/null
+++ b/utils/policies/policyauthorizesha256.txt
@@ -0,0 +1,2 @@
+0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
diff --git a/utils/policies/policyauthorizesha384.bin b/utils/policies/policyauthorizesha384.bin
new file mode 100644
index 000000000..d0eb35bab
--- /dev/null
+++ b/utils/policies/policyauthorizesha384.bin
@@ -0,0 +1,2 @@
+\Æ4‰þùÈB~þ,_9t¶Ù¨6JÍÙp~ð¹ý&VÚ¥
+›¿ÖfßIÒ[PŽ8
\ No newline at end of file
diff --git a/utils/policies/policyauthorizesha384.txt b/utils/policies/policyauthorizesha384.txt
new file mode 100644
index 000000000..93c6f4723
--- /dev/null
+++ b/utils/policies/policyauthorizesha384.txt
@@ -0,0 +1,2 @@
+0000016a000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+
diff --git a/utils/policies/policyauthorizesha512.bin b/utils/policies/policyauthorizesha512.bin
new file mode 100644
index 000000000..920647407
--- /dev/null
+++ b/utils/policies/policyauthorizesha512.bin
@@ -0,0 +1 @@
+ÉÈ)û¼uT™ÛH·&ˆ$Ñø)r`kÖ_AŽ˜~÷>j~%‚Çm6ChîVQÕ´hLþÑÐj×e#?Â’”ý,Å
\ No newline at end of file
diff --git a/utils/policies/policyauthorizesha512.txt b/utils/policies/policyauthorizesha512.txt
new file mode 100644
index 000000000..0a93611c0
--- /dev/null
+++ b/utils/policies/policyauthorizesha512.txt
@@ -0,0 +1,2 @@
+0000016a000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+
diff --git a/utils/policies/policyccactivate.bin b/utils/policies/policyccactivate.bin
new file mode 100644
index 000000000..8e9ce1cc1
--- /dev/null
+++ b/utils/policies/policyccactivate.bin
@@ -0,0 +1 @@
+å‡Áµ‡0÷!ãþ¤+FÀE[$o–®è]ë;æMfj
\ No newline at end of file
diff --git a/utils/policies/policyccactivate.txt b/utils/policies/policyccactivate.txt
new file mode 100644
index 000000000..51a225a95
--- /dev/null
+++ b/utils/policies/policyccactivate.txt
@@ -0,0 +1 @@
+0000016c00000147
diff --git a/utils/policies/policycccertify.bin b/utils/policies/policycccertify.bin
new file mode 100644
index 000000000..4618ce54d
--- /dev/null
+++ b/utils/policies/policycccertify.bin
@@ -0,0 +1 @@
+Žš:ÎX?yóDÿx[¾©ðzÇú3%³Ôš!ÝQ”ÆXP
\ No newline at end of file
diff --git a/utils/policies/policycccertify.txt b/utils/policies/policycccertify.txt
new file mode 100644
index 000000000..ce2f5ce5e
--- /dev/null
+++ b/utils/policies/policycccertify.txt
@@ -0,0 +1 @@
+0000016c00000148
diff --git a/utils/policies/policycccreate-auth.bin b/utils/policies/policycccreate-auth.bin
new file mode 100644
index 000000000..b1edb1ee9
--- /dev/null
+++ b/utils/policies/policycccreate-auth.bin
@@ -0,0 +1 @@
+KP÷?.øÀ–ÉмkIŠí»†üZTïӐD
\ No newline at end of file
diff --git a/utils/policies/policycccreate-auth.txt b/utils/policies/policycccreate-auth.txt
new file mode 100644
index 000000000..c285110d2
--- /dev/null
+++ b/utils/policies/policycccreate-auth.txt
@@ -0,0 +1,2 @@
+0000016c00000153
+0000016b
diff --git a/utils/policies/policyccduplicate.bin b/utils/policies/policyccduplicate.bin
new file mode 100644
index 000000000..5d2e7fcd3
--- /dev/null
+++ b/utils/policies/policyccduplicate.bin
@@ -0,0 +1 @@
+¾õkŒÈNí×R,Ù“V½+¿R	ÃøJè¢
\ No newline at end of file
diff --git a/utils/policies/policyccduplicate.txt b/utils/policies/policyccduplicate.txt
new file mode 100644
index 000000000..9e7ea4149
--- /dev/null
+++ b/utils/policies/policyccduplicate.txt
@@ -0,0 +1 @@
+0000016c0000014b
diff --git a/utils/policies/policyccnvchangeauth-auth.bin b/utils/policies/policyccnvchangeauth-auth.bin
new file mode 100644
index 000000000..5afe18824
--- /dev/null
+++ b/utils/policies/policyccnvchangeauth-auth.bin
@@ -0,0 +1 @@
+ªƒ¥˜Ù:VÉÊoê|?üNcWÿm“á›J¶ªá+ Þ
\ No newline at end of file
diff --git a/utils/policies/policyccnvchangeauth-auth.txt b/utils/policies/policyccnvchangeauth-auth.txt
new file mode 100644
index 000000000..b41a131c6
--- /dev/null
+++ b/utils/policies/policyccnvchangeauth-auth.txt
@@ -0,0 +1,2 @@
+0000016c0000013b
+0000016b
diff --git a/utils/policies/policyccquote.bin b/utils/policies/policyccquote.bin
new file mode 100644
index 000000000..136ccb5ef
--- /dev/null
+++ b/utils/policies/policyccquote.bin
@@ -0,0 +1 @@
+ 9ÊÕþh‡ˆø#<>>ãÏ'ªÉâïãHjëN0LÍ'
\ No newline at end of file
diff --git a/utils/policies/policyccquote.txt b/utils/policies/policyccquote.txt
new file mode 100644
index 000000000..3b5cb8b43
--- /dev/null
+++ b/utils/policies/policyccquote.txt
@@ -0,0 +1 @@
+0000016c00000158
\ No newline at end of file
diff --git a/utils/policies/policyccsign-auth.bin b/utils/policies/policyccsign-auth.bin
new file mode 100644
index 000000000..29cddc83a
--- /dev/null
+++ b/utils/policies/policyccsign-auth.bin
@@ -0,0 +1 @@
+~¡
àü²DòKÈ÷L(¨¹íñKSêLÏ<ZLãŒun
\ No newline at end of file
diff --git a/utils/policies/policyccsign-auth.txt b/utils/policies/policyccsign-auth.txt
new file mode 100644
index 000000000..5972762a3
--- /dev/null
+++ b/utils/policies/policyccsign-auth.txt
@@ -0,0 +1,2 @@
+0000016c0000015d
+0000016b
diff --git a/utils/policies/policyccsign.bin b/utils/policies/policyccsign.bin
new file mode 100644
index 000000000..54085d3d4
--- /dev/null
+++ b/utils/policies/policyccsign.bin
@@ -0,0 +1,2 @@
+Ìi²&';õ½@mÏ
+}ßØ;wp̼Ѫ€Ø
\ No newline at end of file
diff --git a/utils/policies/policyccsign.txt b/utils/policies/policyccsign.txt
new file mode 100644
index 000000000..943b10148
--- /dev/null
+++ b/utils/policies/policyccsign.txt
@@ -0,0 +1 @@
+0000016c0000015d
\ No newline at end of file
diff --git a/utils/policies/policyccundefinespacespecial-auth.bin b/utils/policies/policyccundefinespacespecial-auth.bin
new file mode 100644
index 000000000..c6d0d7d55
--- /dev/null
+++ b/utils/policies/policyccundefinespacespecial-auth.bin
@@ -0,0 +1 @@
+¹|ÜÁëʲ%aÑúõ“ð=ùe÷À/|Dkõ
\ No newline at end of file
diff --git a/utils/policies/policyccundefinespacespecial-auth.txt b/utils/policies/policyccundefinespacespecial-auth.txt
new file mode 100644
index 000000000..ab6834c17
--- /dev/null
+++ b/utils/policies/policyccundefinespacespecial-auth.txt
@@ -0,0 +1,2 @@
+0000016c0000011f
+0000016b
diff --git a/utils/policies/policycountertimer.bin b/utils/policies/policycountertimer.bin
new file mode 100644
index 000000000..f76744011
--- /dev/null
+++ b/utils/policies/policycountertimer.bin
@@ -0,0 +1 @@
+愁'UÀ9Óhc!È“P%ݪ&Bš
\ No newline at end of file
diff --git a/utils/policies/policycountertimer.txt b/utils/policies/policycountertimer.txt
new file mode 100644
index 000000000..f17744015
--- /dev/null
+++ b/utils/policies/policycountertimer.txt
@@ -0,0 +1 @@
+0000016d000000000000000000000002
diff --git a/utils/policies/policycphash.bin b/utils/policies/policycphash.bin
new file mode 100644
index 000000000..1c357a65c
--- /dev/null
+++ b/utils/policies/policycphash.bin
@@ -0,0 +1 @@
+älùóÇ0|¦ri°„´Ro
\ No newline at end of file
diff --git a/utils/policies/policycphash.txt b/utils/policies/policycphash.txt
new file mode 100644
index 000000000..52edeabd3
--- /dev/null
+++ b/utils/policies/policycphash.txt
@@ -0,0 +1 @@
+0000016eb5f919bbc01f0ebad02010169a67a8c158ec12f3
diff --git a/utils/policies/policycphashhash.bin b/utils/policies/policycphashhash.bin
new file mode 100644
index 000000000..a30627d8b
--- /dev/null
+++ b/utils/policies/policycphashhash.bin
@@ -0,0 +1 @@
+µù»ÀºÐ šg¨ÁXìó
\ No newline at end of file
diff --git a/utils/policies/policycphashhash.txt b/utils/policies/policycphashhash.txt
new file mode 100644
index 0000000000000000000000000000000000000000..23ab2100173df8c22a3096c65848742b5a44c81d
GIT binary patch
literal 9
QcmZQzU^H-GVBlc at 00M{regFUf

literal 0
HcmV?d00001

diff --git a/utils/policies/policydupsel-no.bin b/utils/policies/policydupsel-no.bin
new file mode 100644
index 000000000..1658347c2
--- /dev/null
+++ b/utils/policies/policydupsel-no.bin
@@ -0,0 +1 @@
+_Uº+i°8¬ÿ*†ïef¾¨#hC—L?§67rVì¼E
\ No newline at end of file
diff --git a/utils/policies/policydupsel-no.txt b/utils/policies/policydupsel-no.txt
new file mode 100644
index 000000000..a5099f202
--- /dev/null
+++ b/utils/policies/policydupsel-no.txt
@@ -0,0 +1 @@
+00000188000b1a5df6677533452737bc79a55ab6d9fa91745c033dfe3f82cdf0903ba9d655f100
diff --git a/utils/policies/policydupsel-yes.bin b/utils/policies/policydupsel-yes.bin
new file mode 100644
index 000000000..c851dc6ea
--- /dev/null
+++ b/utils/policies/policydupsel-yes.bin
@@ -0,0 +1 @@
+dL€ËãOõ‚8bC“”ñèŠÆ#MÑ°ÅL÷;
\ No newline at end of file
diff --git a/utils/policies/policydupsel-yes.txt b/utils/policies/policydupsel-yes.txt
new file mode 100644
index 000000000..858ee1b4c
--- /dev/null
+++ b/utils/policies/policydupsel-yes.txt
@@ -0,0 +1 @@
+00000188000b631928da162431353a59c03a2ca7dbb70989144042363c7fa83839d9da6c437a000b1a5df6677533452737bc79a55ab6d9fa91745c033dfe3f82cdf0903ba9d655f101
diff --git a/utils/policies/policyiwgek.txt b/utils/policies/policyiwgek.txt
new file mode 100644
index 000000000..de742064a
--- /dev/null
+++ b/utils/policies/policyiwgek.txt
@@ -0,0 +1,2 @@
+000001514000000B
+
diff --git a/utils/policies/policyiwgekbsha256.bin b/utils/policies/policyiwgekbsha256.bin
new file mode 100644
index 000000000..18a9215e5
--- /dev/null
+++ b/utils/policies/policyiwgekbsha256.bin
@@ -0,0 +1,2 @@
+Ê=
+™¢¹9÷£4$ïϳ£…ÔLÑýE‰Ñ›PqÀ· 
\ No newline at end of file
diff --git a/utils/policies/policyiwgekbsha256.txt b/utils/policies/policyiwgekbsha256.txt
new file mode 100644
index 000000000..e6d319806
--- /dev/null
+++ b/utils/policies/policyiwgekbsha256.txt
@@ -0,0 +1 @@
+00000171837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde
diff --git a/utils/policies/policyiwgekbsha384.bin b/utils/policies/policyiwgekbsha384.bin
new file mode 100644
index 0000000000000000000000000000000000000000..139fc23bd19b034fbe60aaece90e5ae84d2c0aa8
GIT binary patch
literal 48
zcmV-00MGxjZha`x8c at 7b*n+(E{W=;4K}fqb)3oHv917XJ<QdA#N4g1VmPQp1pTGd~
G_zn_J;TKH+

literal 0
HcmV?d00001

diff --git a/utils/policies/policyiwgekbsha384.txt b/utils/policies/policyiwgekbsha384.txt
new file mode 100644
index 000000000..ed9da6b76
--- /dev/null
+++ b/utils/policies/policyiwgekbsha384.txt
@@ -0,0 +1 @@
+000001718bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165
diff --git a/utils/policies/policyiwgekbsha512.bin b/utils/policies/policyiwgekbsha512.bin
new file mode 100644
index 000000000..cc190d36a
--- /dev/null
+++ b/utils/policies/policyiwgekbsha512.bin
@@ -0,0 +1 @@
+¸"¦ž…P¤‘Mãú¦¡Œ,À:’]fÕž÷žI¤)Äk&•qÕ~Û%ûÛ8BV´Íaj_mµ¶ù›ê
\ No newline at end of file
diff --git a/utils/policies/policyiwgekbsha512.txt b/utils/policies/policyiwgekbsha512.txt
new file mode 100644
index 000000000..50d317540
--- /dev/null
+++ b/utils/policies/policyiwgekbsha512.txt
@@ -0,0 +1 @@
+000001711e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8
diff --git a/utils/policies/policyiwgekcsha256.bin b/utils/policies/policyiwgekcsha256.bin
new file mode 100644
index 000000000..a584ce252
--- /dev/null
+++ b/utils/policies/policyiwgekcsha256.bin
@@ -0,0 +1 @@
+7gâíÔ?ôZ:~®üïxd=Ê–F2çªØ,g:0Øc?Þ
\ No newline at end of file
diff --git a/utils/policies/policyiwgekcsha256.txt b/utils/policies/policyiwgekcsha256.txt
new file mode 100644
index 000000000..7af2e54d1
--- /dev/null
+++ b/utils/policies/policyiwgekcsha256.txt
@@ -0,0 +1 @@
+00000192000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f
diff --git a/utils/policies/policyiwgekcsha384.bin b/utils/policies/policyiwgekcsha384.bin
new file mode 100644
index 000000000..bbddab69d
--- /dev/null
+++ b/utils/policies/policyiwgekcsha384.bin
@@ -0,0 +1 @@
+Ö,æ/³Â@ë<ö£27ï+jô)<"´UâaÏý!zÕ´”|-sæ0îÒÜ+5“Ñe
\ No newline at end of file
diff --git a/utils/policies/policyiwgekcsha384.txt b/utils/policies/policyiwgekcsha384.txt
new file mode 100644
index 000000000..6692c3e1b
--- /dev/null
+++ b/utils/policies/policyiwgekcsha384.txt
@@ -0,0 +1 @@
+00000192000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c
diff --git a/utils/policies/policyiwgekcsha512.bin b/utils/policies/policyiwgekcsha512.bin
new file mode 100644
index 000000000..1baa1f6ec
--- /dev/null
+++ b/utils/policies/policyiwgekcsha512.bin
@@ -0,0 +1 @@
+XžááFTGèÞ¯æÛ${¸Ÿœ}ÑkJ¡Y‡I_ºSˆÝêp/5$I3,a¸õ
>ù“¤š8Ã÷?È
\ No newline at end of file
diff --git a/utils/policies/policyiwgekcsha512.txt b/utils/policies/policyiwgekcsha512.txt
new file mode 100644
index 000000000..4e04c86c1
--- /dev/null
+++ b/utils/policies/policyiwgekcsha512.txt
@@ -0,0 +1 @@
+00000192000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560
diff --git a/utils/policies/policyiwgeksha256.bin b/utils/policies/policyiwgeksha256.bin
new file mode 100644
index 000000000..48f4c1630
--- /dev/null
+++ b/utils/policies/policyiwgeksha256.bin
@@ -0,0 +1 @@
+ƒq—gD„³øÌF¥×$ýR×nRdò¡Ú3iª
\ No newline at end of file
diff --git a/utils/policies/policyiwgeksha384.bin b/utils/policies/policyiwgeksha384.bin
new file mode 100644
index 000000000..2e183e6a2
--- /dev/null
+++ b/utils/policies/policyiwgeksha384.bin
@@ -0,0 +1 @@
+‹¿"fS|µn@<MÁÔ¶OC&Ü8noS PÃ'Œ“>‹±8$Ì´18qÆÛS
\ No newline at end of file
diff --git a/utils/policies/policyiwgeksha512.bin b/utils/policies/policyiwgeksha512.bin
new file mode 100644
index 000000000..e75ad1d70
--- /dev/null
+++ b/utils/policies/policyiwgeksha512.bin
@@ -0,0 +1 @@
+;vP,Š%ª{?ÆF¡°úàc°;ShùÄÍÞÊÿ‘Ýh+¬…ÔØ2·êEÞ_Å¿
Ä¡‘|Ô/ Aãù˜àî
\ No newline at end of file
diff --git a/utils/policies/policynamehash.bin b/utils/policies/policynamehash.bin
new file mode 100644
index 0000000000000000000000000000000000000000..fd3224bfb805806266901c77838daff3909a1d89
GIT binary patch
literal 32
qcmV+*0N?+XF!=z(OlAqe#gajI!LmJ{)RXl2!kEY~O5+cgqWwu1-Vwh5

literal 0
HcmV?d00001

diff --git a/utils/policies/policynamehash.txt b/utils/policies/policynamehash.txt
new file mode 100644
index 000000000..9b6841146
--- /dev/null
+++ b/utils/policies/policynamehash.txt
@@ -0,0 +1 @@
+0000017018e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1
diff --git a/utils/policies/policynvargs.txt b/utils/policies/policynvargs.txt
new file mode 100644
index 0000000000000000000000000000000000000000..4f4d97c4a15e2f16ef61e8b3d31182382bc88b6d
GIT binary patch
literal 13
LcmZQzKmaZP02crY

literal 0
HcmV?d00001

diff --git a/utils/policies/policynvnv.bin b/utils/policies/policynvnv.bin
new file mode 100644
index 0000000000000000000000000000000000000000..df080a73e76146d5474cc3d1b2ed1e09fad62e3d
GIT binary patch
literal 20
ccmdlp+sD6}Ax$z`_U4>Pb!)?)%V_-p09oM)7XSbN

literal 0
HcmV?d00001

diff --git a/utils/policies/policynvnv.txt b/utils/policies/policynvnv.txt
new file mode 100644
index 000000000..a124ea9bf
--- /dev/null
+++ b/utils/policies/policynvnv.txt
@@ -0,0 +1 @@
+000001492c513f149e737ec4063fc1d37aee9beabc4b4bbf00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c
\ No newline at end of file
diff --git a/utils/policies/policyor.bin b/utils/policies/policyor.bin
new file mode 100644
index 000000000..a5002edcd
--- /dev/null
+++ b/utils/policies/policyor.bin
@@ -0,0 +1 @@
+kþÂ:¾W°*Î9Ý»`ú9M¬{8–VW„³süa’”)Û
\ No newline at end of file
diff --git a/utils/policies/policyor.txt b/utils/policies/policyor.txt
new file mode 100644
index 000000000..5028df975
--- /dev/null
+++ b/utils/policies/policyor.txt
@@ -0,0 +1 @@
+00000171cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27
\ No newline at end of file
diff --git a/utils/policies/policyorwrittensigned.bin b/utils/policies/policyorwrittensigned.bin
new file mode 100644
index 0000000000000000000000000000000000000000..488b0686012a3f61abdd1f4ca06f9d64a9b8c246
GIT binary patch
literal 32
ocmZQ$SZ7jYup!;-vQg`TGi%*K<dO=%UT76q{-1AxLCCd}0Nnfz&j0`b

literal 0
HcmV?d00001

diff --git a/utils/policies/policyorwrittensigned.txt b/utils/policies/policyorwrittensigned.txt
new file mode 100644
index 000000000..50162e9e7
--- /dev/null
+++ b/utils/policies/policyorwrittensigned.txt
@@ -0,0 +1 @@
+00000171480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f20943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246
diff --git a/utils/policies/policypcr.bin b/utils/policies/policypcr.bin
new file mode 100644
index 000000000..8f6974085
--- /dev/null
+++ b/utils/policies/policypcr.bin
@@ -0,0 +1 @@
+…3ƒõè<`C4oŸ7!vŽ
\ No newline at end of file
diff --git a/utils/policies/policypcr0.bin b/utils/policies/policypcr0.bin
new file mode 100644
index 0000000000000000000000000000000000000000..df879cf49534a5672299e8e57970c3d2ef1be71d
GIT binary patch
literal 20
KcmZQzzytsQ6aWDL

literal 0
HcmV?d00001

diff --git a/utils/policies/policypcr0.txt b/utils/policies/policypcr0.txt
new file mode 100644
index 000000000..b61f288a5
--- /dev/null
+++ b/utils/policies/policypcr0.txt
@@ -0,0 +1 @@
+0000000000000000000000000000000000000000
\ No newline at end of file
diff --git a/utils/policies/policypcr1623aaasha1.bin b/utils/policies/policypcr1623aaasha1.bin
new file mode 100644
index 000000000..88e9157a8
--- /dev/null
+++ b/utils/policies/policypcr1623aaasha1.bin
@@ -0,0 +1 @@
+´íÞ£5‡×C)ö¨Ñ牒dFðL…
\ No newline at end of file
diff --git a/utils/policies/policypcr1623aaasha256.bin b/utils/policies/policypcr1623aaasha256.bin
new file mode 100644
index 000000000..a0cd48b07
--- /dev/null
+++ b/utils/policies/policypcr1623aaasha256.bin
@@ -0,0 +1 @@
+„ÿ/ñ-7Ë#û=ÙfwÊìH”\ƒåꢾ˜éuª!ãÖ
\ No newline at end of file
diff --git a/utils/policies/policypcr1623aaasha384.bin b/utils/policies/policypcr1623aaasha384.bin
new file mode 100644
index 000000000..da4fcb3e2
--- /dev/null
+++ b/utils/policies/policypcr1623aaasha384.bin
@@ -0,0 +1 @@
+Kͳë|I“C¥eî܆"|†6 —¢^4.ÒO~­ a‹^׺»ã^ð«ê™Uß„
\ No newline at end of file
diff --git a/utils/policies/policypcr1623aaasha512.bin b/utils/policies/policypcr1623aaasha512.bin
new file mode 100644
index 000000000..d13ac538a
--- /dev/null
+++ b/utils/policies/policypcr1623aaasha512.bin
@@ -0,0 +1 @@
+„Yv¸ÔØ©¤}u>ÍÂxì•×èï…Ç8.­Fär1£8TåÏ.m#gm9Z“QóðVMfø{üa
\ No newline at end of file
diff --git a/utils/policies/policypcr16aaasha1.bin b/utils/policies/policypcr16aaasha1.bin
new file mode 100644
index 000000000..e5fd0af1f
--- /dev/null
+++ b/utils/policies/policypcr16aaasha1.bin
@@ -0,0 +1 @@
+¶ÝC‚Êä]ОQÑc¤$õò
\ No newline at end of file
diff --git a/utils/policies/policypcr16aaasha1.txt b/utils/policies/policypcr16aaasha1.txt
new file mode 100644
index 000000000..237c93913
--- /dev/null
+++ b/utils/policies/policypcr16aaasha1.txt
@@ -0,0 +1 @@
+1d47f68aced515f7797371b554e32d47981aa0a0
diff --git a/utils/policies/policypcr16aaasha256.bin b/utils/policies/policypcr16aaasha256.bin
new file mode 100644
index 000000000..56600b4e3
--- /dev/null
+++ b/utils/policies/policypcr16aaasha256.bin
@@ -0,0 +1 @@
+vDöê×`Ú¹6Õ…ìۄΚyÝáÇà¢Ù	 
\ No newline at end of file
diff --git a/utils/policies/policypcr16aaasha256.txt b/utils/policies/policypcr16aaasha256.txt
new file mode 100644
index 000000000..78108c462
--- /dev/null
+++ b/utils/policies/policypcr16aaasha256.txt
@@ -0,0 +1 @@
+c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
diff --git a/utils/policies/policypcr16aaasha384.bin b/utils/policies/policypcr16aaasha384.bin
new file mode 100644
index 0000000000000000000000000000000000000000..d10b3e266b5e8ea4ded9aec2cd0cea5d000920bd
GIT binary patch
literal 48
zcmV-00MGyGs*8})X|^%Ig^}dHDWejH1o9Y60`7xq`^3h7D8YY*>LRxQJqG-=SEIGW
G_dJz=0U62w

literal 0
HcmV?d00001

diff --git a/utils/policies/policypcr16aaasha384.txt b/utils/policies/policypcr16aaasha384.txt
new file mode 100644
index 000000000..8deef9b24
--- /dev/null
+++ b/utils/policies/policypcr16aaasha384.txt
@@ -0,0 +1 @@
+292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
diff --git a/utils/policies/policypcr16aaasha512.bin b/utils/policies/policypcr16aaasha512.bin
new file mode 100644
index 000000000..8aa9e595c
--- /dev/null
+++ b/utils/policies/policypcr16aaasha512.bin
@@ -0,0 +1 @@
+W%™dØtð…,pA̾!Âß~æ±™êfF·û#UwK–~«âeÛZR‚œ¯<Àä™6]ì
>m*bm.
\ No newline at end of file
diff --git a/utils/policies/policypcr16aaasha512.txt b/utils/policies/policypcr16aaasha512.txt
new file mode 100644
index 000000000..19f7ca22a
--- /dev/null
+++ b/utils/policies/policypcr16aaasha512.txt
@@ -0,0 +1 @@
+7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
diff --git a/utils/policies/policypcrbm0.bin b/utils/policies/policypcrbm0.bin
new file mode 100644
index 000000000..bd0f292e0
--- /dev/null
+++ b/utils/policies/policypcrbm0.bin
@@ -0,0 +1 @@
+m8I8áÕ‹Vq’U”?if¶ú,#
\ No newline at end of file
diff --git a/utils/policies/policysecretnv.bin b/utils/policies/policysecretnv.bin
new file mode 100644
index 0000000000000000000000000000000000000000..b5fac8d9d06709014a12fffa8abd525219421968
GIT binary patch
literal 32
qcmV+*0N?+{llidk8n+(Gt^lte3-pLLo~stY_zj==ZID4uFUGSV{Sejw

literal 0
HcmV?d00001

diff --git a/utils/policies/policysecretnv.txt b/utils/policies/policysecretnv.txt
new file mode 100644
index 000000000..02facd93e
--- /dev/null
+++ b/utils/policies/policysecretnv.txt
@@ -0,0 +1,2 @@
+00000151000be0651081c2fcda306993da43d1de5b24be426e2d61907b42835469136c97681f
+
diff --git a/utils/policies/policysecretnvpf.bin b/utils/policies/policysecretnvpf.bin
new file mode 100644
index 000000000..912504be7
--- /dev/null
+++ b/utils/policies/policysecretnvpf.bin
@@ -0,0 +1 @@
+VÚR'0ܾ¨­Y¼¥• ÓØ ¨²Ø[Åß
\ No newline at end of file
diff --git a/utils/policies/policysecretnvpf.txt b/utils/policies/policysecretnvpf.txt
new file mode 100644
index 000000000..884fab490
--- /dev/null
+++ b/utils/policies/policysecretnvpf.txt
@@ -0,0 +1,2 @@
+00000151000b8e42e7023c8851a2fabdb3ecffa9d155bc40058b7da1261f2c790442959f8d6e
+
diff --git a/utils/policies/policysecretnvpp.bin b/utils/policies/policysecretnvpp.bin
new file mode 100644
index 000000000..86f9ff20f
--- /dev/null
+++ b/utils/policies/policysecretnvpp.bin
@@ -0,0 +1 @@
+VäÇ&××Ý<½L®À.ƒ<73<ûùÃ_«S#ß}
\ No newline at end of file
diff --git a/utils/policies/policysecretnvpp.txt b/utils/policies/policysecretnvpp.txt
new file mode 100644
index 000000000..51ce1a57b
--- /dev/null
+++ b/utils/policies/policysecretnvpp.txt
@@ -0,0 +1,2 @@
+00000151000bda1cbd54bb81546c1c7630ddd409503a0d6d0305161b1588d66bc8fa17daad81
+
diff --git a/utils/policies/policysecretp.bin b/utils/policies/policysecretp.bin
new file mode 100644
index 000000000..712f412b8
--- /dev/null
+++ b/utils/policies/policysecretp.bin
@@ -0,0 +1 @@
+ȱ).ÿ,ç£ú±®Ù­%O°?Àš¼-јQaºh½Ç
\ No newline at end of file
diff --git a/utils/policies/policysecretp.txt b/utils/policies/policysecretp.txt
new file mode 100644
index 000000000..af4ef622d
--- /dev/null
+++ b/utils/policies/policysecretp.txt
@@ -0,0 +1,2 @@
+000001514000000C
+
diff --git a/utils/policies/policysecretpsha256.bin b/utils/policies/policysecretpsha256.bin
new file mode 100644
index 000000000..712f412b8
--- /dev/null
+++ b/utils/policies/policysecretpsha256.bin
@@ -0,0 +1 @@
+ȱ).ÿ,ç£ú±®Ù­%O°?Àš¼-јQaºh½Ç
\ No newline at end of file
diff --git a/utils/policies/policysecretpsha256ha.bin b/utils/policies/policysecretpsha256ha.bin
new file mode 100644
index 0000000000000000000000000000000000000000..27ef362b96cbe92431cca42b3d99e1f60a39f855
GIT binary patch
literal 34
scmV+-0Nwup3&^o4F8?g&qxuiAuGy_6Pq0709Gbi>(U?(Tx at Zx-$067e6951J

literal 0
HcmV?d00001

diff --git a/utils/policies/policysecretpsha384.bin b/utils/policies/policysecretpsha384.bin
new file mode 100644
index 0000000000000000000000000000000000000000..25fa9b86e0fe9a8a7c5f62f7f9ab9077382a5f2b
GIT binary patch
literal 48
zcmV-00MGxjgp9Olsh3<Ri{zs|DoKQkYfIM^fw)wE)LUB-5VicEfpY$j<UsNBaOMf>
GcK`)cm>6vU

literal 0
HcmV?d00001

diff --git a/utils/policies/policysecretpsha384ha.bin b/utils/policies/policysecretpsha384ha.bin
new file mode 100644
index 0000000000000000000000000000000000000000..cca7c0f544cf47b8b41309287c091f2847842bae
GIT binary patch
literal 50
zcmV-20L}jZ46=lbv}viATquj=qdqE0go|rS*A;=dRDaZ4TM-bo{Gfqy{*UB9@$+!z
I3F>zM1y<%5c>n+a

literal 0
HcmV?d00001

diff --git a/utils/policies/policysecretpsha512.bin b/utils/policies/policysecretpsha512.bin
new file mode 100644
index 000000000..d94cc5386
--- /dev/null
+++ b/utils/policies/policysecretpsha512.bin
@@ -0,0 +1 @@
+Åî
íÏ%˜à@\óœÞaþÕ*tñU#m±€‹MB±JªýúéÈ%jÉåÌ„°&»v%S¿Ž“˜þòÍÒ'ƒ¬ 
\ No newline at end of file
diff --git a/utils/policies/policysecretpsha512ha.bin b/utils/policies/policysecretpsha512ha.bin
new file mode 100644
index 0000000000000000000000000000000000000000..8e34a7647bdf1728434af2c224fbe7f2629fad77
GIT binary patch
literal 66
zcmV-I0KNYJ4aM#a?aw8c;6Pjj8uOgqVgA)Bbn#UqZLu1Fi%mkYN~-<(>BuE&$>q$1
YuqL~9B~!nSlbHVU&C(|s0Ud*^AbUb0X#fBK

literal 0
HcmV?d00001

diff --git a/utils/policies/policysecretsha256.bin b/utils/policies/policysecretsha256.bin
new file mode 100644
index 000000000..38af02870
--- /dev/null
+++ b/utils/policies/policysecretsha256.bin
@@ -0,0 +1 @@
+KÊ·ì¢|\Úœqæu(cÒ‡Ò3ìIz¾ˆñï”]\
\ No newline at end of file
diff --git a/utils/policies/policysecretsha256.txt b/utils/policies/policysecretsha256.txt
new file mode 100644
index 000000000..cdc7ff2ec
--- /dev/null
+++ b/utils/policies/policysecretsha256.txt
@@ -0,0 +1,2 @@
+00000151000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
diff --git a/utils/policies/policysignedsha1.bin b/utils/policies/policysignedsha1.bin
new file mode 100644
index 000000000..12608cc12
--- /dev/null
+++ b/utils/policies/policysignedsha1.bin
@@ -0,0 +1 @@
+zNàvëµÏîÁ‚ÌL³ ^Y©¹e¡Y¯Í=¿Tû
\ No newline at end of file
diff --git a/utils/policies/policysignedsha1.txt b/utils/policies/policysignedsha1.txt
new file mode 100644
index 000000000..bad371553
--- /dev/null
+++ b/utils/policies/policysignedsha1.txt
@@ -0,0 +1,2 @@
+0000016000044234c24fc1b9de6693a62453417d2734d7538f6f
+
diff --git a/utils/policies/policysignedsha256.bin b/utils/policies/policysignedsha256.bin
new file mode 100644
index 000000000..154bcb994
--- /dev/null
+++ b/utils/policies/policysignedsha256.bin
@@ -0,0 +1 @@
+Þ¿ú<˜ñ}ÑÐ{Týá“å@Pžp–ªs'S³ƒ1
\ No newline at end of file
diff --git a/utils/policies/policysignedsha256.txt b/utils/policies/policysignedsha256.txt
new file mode 100644
index 000000000..828550927
--- /dev/null
+++ b/utils/policies/policysignedsha256.txt
@@ -0,0 +1,2 @@
+00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
diff --git a/utils/policies/policysignedsha384.bin b/utils/policies/policysignedsha384.bin
new file mode 100644
index 000000000..becd3c03d
--- /dev/null
+++ b/utils/policies/policysignedsha384.bin
@@ -0,0 +1 @@
+EÅڐv’:poßVêçßÛAâu$IT”f“kÄüˆ«\
\ No newline at end of file
diff --git a/utils/policies/policysignedsha384.txt b/utils/policies/policysignedsha384.txt
new file mode 100644
index 000000000..e903b2e36
--- /dev/null
+++ b/utils/policies/policysignedsha384.txt
@@ -0,0 +1,2 @@
+00000160000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+
diff --git a/utils/policies/policysignedsha512.bin b/utils/policies/policysignedsha512.bin
new file mode 100644
index 000000000..bdef3a847
--- /dev/null
+++ b/utils/policies/policysignedsha512.bin
@@ -0,0 +1 @@
+Í4–9ê@ˆ^ú7‹§!ñxmR»“GœsEˆ<Ü	o
\ No newline at end of file
diff --git a/utils/policies/policysignedsha512.txt b/utils/policies/policysignedsha512.txt
new file mode 100644
index 000000000..dbfdcca55
--- /dev/null
+++ b/utils/policies/policysignedsha512.txt
@@ -0,0 +1,2 @@
+00000160000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+
diff --git a/utils/policies/policytemplate.bin b/utils/policies/policytemplate.bin
new file mode 100644
index 000000000..5eee12049
--- /dev/null
+++ b/utils/policies/policytemplate.bin
@@ -0,0 +1 @@
+ïdÚ‘ü¬‚ô6(„(Sتø}üáEé%ÏþXhª-"¶
\ No newline at end of file
diff --git a/utils/policies/policytemplate.txt b/utils/policies/policytemplate.txt
new file mode 100644
index 000000000..d1e3d4872
--- /dev/null
+++ b/utils/policies/policytemplate.txt
@@ -0,0 +1 @@
+0001000b000404720000001000100800000000000000
diff --git a/utils/policies/policytemplatehash.bin b/utils/policies/policytemplatehash.bin
new file mode 100644
index 000000000..8cd392a52
--- /dev/null
+++ b/utils/policies/policytemplatehash.bin
@@ -0,0 +1 @@
+û”±Cå+•·ìD7y™ÖGp®K$¯Z¸~FòX¯ëÞ
\ No newline at end of file
diff --git a/utils/policies/policytemplatehash.txt b/utils/policies/policytemplatehash.txt
new file mode 100644
index 000000000..a995ed01b
--- /dev/null
+++ b/utils/policies/policytemplatehash.txt
@@ -0,0 +1 @@
+00000190ef64da9118fcac82f4361b28842853d8aaf87dfce145e925cffe5868aa2d22b6
diff --git a/utils/policies/policywrittenclrsigned.bin b/utils/policies/policywrittenclrsigned.bin
new file mode 100644
index 000000000..ce1999976
--- /dev/null
+++ b/utils/policies/policywrittenclrsigned.bin
@@ -0,0 +1 @@
+Hx.‚Â@ˆ2Äßœ¾‡o’T½à[.©RH>·iò
\ No newline at end of file
diff --git a/utils/policies/policywrittenclrsigned.txt b/utils/policies/policywrittenclrsigned.txt
new file mode 100644
index 000000000..407fb2789
--- /dev/null
+++ b/utils/policies/policywrittenclrsigned.txt
@@ -0,0 +1,3 @@
+0000018f00
+00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
diff --git a/utils/policies/policywrittenset.bin b/utils/policies/policywrittenset.bin
new file mode 100644
index 000000000..4f6bb8cff
--- /dev/null
+++ b/utils/policies/policywrittenset.bin
@@ -0,0 +1 @@
+0sHß_ëíe”æý¬„"ã	
\ No newline at end of file
diff --git a/utils/policies/policywrittenset.txt b/utils/policies/policywrittenset.txt
new file mode 100644
index 000000000..89b8feb8b
--- /dev/null
+++ b/utils/policies/policywrittenset.txt
@@ -0,0 +1 @@
+0000018f01
diff --git a/utils/policies/policywrittensetsigned.bin b/utils/policies/policywrittensetsigned.bin
new file mode 100644
index 000000000..4c3623c38
--- /dev/null
+++ b/utils/policies/policywrittensetsigned.bin
@@ -0,0 +1,3 @@
+	Cº<;M±È?×…ùÜ
+‚IöyJ8æE
+PV´ëÒF
\ No newline at end of file
diff --git a/utils/policies/policywrittensetsigned.txt b/utils/policies/policywrittensetsigned.txt
new file mode 100644
index 000000000..9f806068d
--- /dev/null
+++ b/utils/policies/policywrittensetsigned.txt
@@ -0,0 +1,3 @@
+0000018f01
+00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
diff --git a/utils/policies/rsaprivkey.der b/utils/policies/rsaprivkey.der
new file mode 100644
index 0000000000000000000000000000000000000000..de6eeba2893d3075353cb3e2cae4f92db72eb024
GIT binary patch
literal 1191
zcmV;Y1X%kpf&`-i0RRGm0RaHIL$+sX<HXs!5oo;GI#z{wiKCa#e`lvRg0mNXYE;e&
zjfZJe;MPNa`!22CcB<k(QexTFFRFzHHn|_cBZm-i%2{*1`X~6K=?LYALe$LgT*XHt
zW-Fh!z_sCktj^BI(UEc7=84QV at N*VeYfLy5Bxts0JG#kRRZl?-H6U+Y`Vn5Gck4D@
z`OiI)+GieF=LJMyMH9f!TkOn0gC?k3ZT1g-EQ~a7SLfGo>@jZ1UvhQZrf`8V`UFXm
zA&of4J(JHybogUi`fLNrll|6>CD4TA5i=}(rs*019}8 at L>$y-RAAIP{i)ZD7EA7j9
zJ)7cSHg6hHYpjE;OaFla0|5X50)hbm0GP`1)#BLnp{CNI7)cqC-|N!+UyIiFFf>^L
zkV7K&ZVoyM+FZsG{Yxyt9p7Jg&L1On^E&O`^Fa5a<Y|h#K*AS0Nw;5pYIzE<L71~S
z+~ZF+g(QTlL|J#cyFb!_(;gPfIGg-|4FuLXk{b2tkQc|s9oms3s0c&yziC7(RmfPe
zes?R#4YhmEP08KxLDSy~R|QU9?PN>+RLe4)GddOVNm(Jqf)qh9g+IWdcW9 at j<7z0e
z#dpt|<}jJkpI!UXHh-__<cH3cg)%CsrgV-V at x_H{2J$Uen^UR>G1ajLY4vm~1=tOm
zqC4<tLs;I{Ly({Yfd<%VK<A(V0)c at 5?3h4bsxjZe7)1|0 at e>r|oOHmv4El at XKDZvj
z;KO&=o|1<o`vVph1P6C77n~L2Mg=!jY_AhL|1Ki0wa%(t8Eq1~z^}m!dAg!Q+4T^%
z`KP0E9%_SvzGf`s#{`EQ>m$24KMDtRBhUNY>H=F;vHdEmbr1o|+tU&^XgNDU0)c at 5
z$%?NIqOk=Q&&{{EYPObGNJ8SkQ at H$`2Aw{nbqoEFi at z{Rc6J?+F&5ASbp)(fL(pi+
z&Hjt6)~IlmJOtVeZLeHI<oa3sA_00F+YdlJ=#ywMmcoFmz&R1l0_uvC0@`uKJj^Ld
zGGtQExG2g>F(qacOP3eW*&)(E=*sj#0)c at 5ygKz9Cm+7hwJKav%OOueHoSa_AQ?p|
z>OeWz`B4fCK|Fe3rGs-4*y+cdqrd)n?!P~xs_`!HP`J0p>v0@`Ej4BC5(2^}*1+*k
z;v3 at 3a2q=!-&6*L0!{Dnqm-(e3rR*U=|p8>fVX?Twd!IQ at 1JK+Ikz5mz0p%}*=~;k
z0)c>A2eH%nb=@bGiiBO>jYH7#DvQE&&P)QS79#Q^58PskOgo~MX!$4DHAa<;$t05H
zW?#N8wYMKQqH*74 at rMtis2&q&d=FyFbwN{sIvqI~Fk at 0`mc at xp)Hx4?&#dwHYxNN_
zNx-O!q&BB5wf4}J>>qS7L^yPlZY)YS8(cvGfq+!x-RnHbX_213Cv0eTxZmb;G<fti
z>f1nsZF4QwO?%pO)J4?V|1)eE6ic-4z5d*vZ4`3zR;8dGFY7hy>vv)TCosey^i~b{
zd17bDQUfCA$y$$AsieF{AEAm&?a^$lf1=%(BXACYfN)tjteSmv)>9a*fy*(ju}<Fz
Fti^A2K}-Mu

literal 0
HcmV?d00001

diff --git a/utils/policies/rsaprivkey.pem b/utils/policies/rsaprivkey.pem
new file mode 100644
index 000000000..fb87e79d2
--- /dev/null
+++ b/utils/policies/rsaprivkey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,2530131EB712F2DC51A71D0DEB7BFB49
+
+L9oEHVuNLTSmh3KQShMi20qZXgWG1KxpHelQxp1sq7AAMXDDkysT5mRksNv/TfVc
+pD31VlKWTWsoN1tYv6slg2b39EKyo8nLy4h0qQXzsu8TE/tEpd/1ROqnDEZBemfU
+5dJf2OwSYe80qTlgJWVp0Hl15iiKZgq4ADyvWWL4arjyEoZT1bSAOOC9HOHxQAng
+dRl1jM63k5t9VF/PlQVcA4BTWkRahL+6sPswtkxHT1bZtgqo2Y0qnsH9vxln+RT0
+L2AX0mFYvtm0dHTbsNaixfXSQEiCVQC+jrFvxdAi1Bzcqm4GKsfMduTkkYqb962t
+vnBvme7FF81Eu1+5x45krFpIRAIIlYCL5lliEDQDVVbsc26E9uLczU852FQ2aRlW
+XV2U3F+jorlA86Fi3bYcWH8zCrjzOnuaqMQA3S5fHPxN5RzLDV4hTPOmlVJT4xDk
+d3hnuTZm7TNhWQ8e7CR/6eEQ+QN6+7cU8hpFbMoclsbBNLa+8WI81mPVwgZtKXuo
+4+5wTbJalk5AjiKJhoH6pWT6CynTWjs4N5faiQ/u2lp9yESI265hcB8grjz3Bzts
+3feKCbh+uMDA03u6whxkH7roDlBYCwf1OFgbLFXUeefUXnsQwnytmigZ1K9jXcx3
+n/rONzdj4Juh9R55L/bjNCun7scQwr1ksV6NH1LIbIl87yhQJ3zvh6+jDEbvuV/o
+CVlCyHiyL2tGvAMGoVUko6xj+b2KM47fTA/BBvoB6d12aICasYqrF5Kl0o2MApI+
+c116mFS0K+LQ1XddmRNyR0ACswAxN7fy/TuLdbS3N8w47E+5xQ8dbB+qJhuz60jY
+RoUZzYUVf1LNoleShMoB/tEgichf6LZ4yVRO2L0LaFCgFlPsmfvtQ0o4BhgrvmLu
+sRy/iZuENaXKwJ8KInWqJNH4yBWOD9gRo1vva719P261h1IoHvclehLXOs81TBZk
+7uRr2eFH8LXEYuJpa97Dkx4ZmbMBDbxTQGEV+zj/ZJWIY2Sl0Zi/TLSVig54SeUQ
+8L1qQRvOUO3952ynH0YeZfuWhODnoeWXDR4AHveY5vn1DSTlKZerEpMZIjDtqHcL
+BZK4g+4X/yZ3Wtm3zwRhZlI0WNT7nLNGF8d/4QgUP4XydGuDGjK4mt0/5dqYvjtL
+y82gzwwtWiouSAWRdONEtP00IyeMb1m0xjUou/GcEWnG7GUjikJGZft2yOl7o3pZ
+2EX6uY/TLN23B0sfXohyxjTRnK01X1aEnNrEOYcL7cpQ+iipaBa2PQRUtTsAzQf1
+p5UWxHI/BDg8Tlbc9Vka9JmvBiAnsU+2ak4oOiivCDJUrFjTheSND11xIjJrmfX7
+QhwMt+EKJ7Jr6RD3qWzW62G2BB9pdk4jVdGmEtlFupYnZSY/ZqAaJHye/NbCkeSI
+P1c5JEQFnOJRXRWUA2Wo5ZcBR6F1vECp8hsRm6ukBa6WppG7ybsQ5FYmpFvR9MmN
+d8bdlYBR2ou09xc4i+bNjMN+uaRa9T4/WLbc5tsMIcJNrVoUYilBOebuPzAze3Bv
+NVSgeXLgpT5How1WxoDKapn8mRlf4GwhgHjHkFVYOYkFpj5k2uW64s1XXCMuWPMz
+-----END RSA PRIVATE KEY-----
diff --git a/utils/policies/rsapubkey.pem b/utils/policies/rsapubkey.pem
new file mode 100644
index 000000000..85a74bf23
--- /dev/null
+++ b/utils/policies/rsapubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukO2Z2rjxNm7EWi82TpW
+hXmJo5fPf2enN4KzF35qVM4KjYdpVODWQ377Lq3edqriP1Ji2dUvqoUHNrkfwSOH
+EHHKWXO++if4o+kI5YdC1MzwXMVHI2Yrn7fAteGArM7Ox9GRcdzmicw38HMWWGtM
+OBUkaLZnO7rJW1VPQQw1IG9d+hFepXfrNl75zz2S2mceWecFRGBFE8DPW+zMQIMm
+qFtt9g9+LIw0b1fn13DsMW7JX3J126ZwgTH6BEmSIY04xz2Tz0Z0+GNb+mwDypP9
+1o0l0ITkETMsfabpGgEfC2x+67lQJR986MyLZ+WDK+3LeT2b4mA2bxpRa6yDrEv/
+gQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/utils/policies/sha1.bin b/utils/policies/sha1.bin
new file mode 100644
index 0000000000000000000000000000000000000000..d6db588e88905ed0aaaf65a947716182301341c9
GIT binary patch
literal 2
JcmZQz0RR9700jU5

literal 0
HcmV?d00001

diff --git a/utils/policies/sha1aaa.bin b/utils/policies/sha1aaa.bin
new file mode 100644
index 000000000..ddbbf15dc
--- /dev/null
+++ b/utils/policies/sha1aaa.bin
@@ -0,0 +1 @@
+~$
çO±íúÓ€cö¦©b¨
\ No newline at end of file
diff --git a/utils/policies/sha1extaaa.bin b/utils/policies/sha1extaaa.bin
new file mode 100644
index 000000000..8fc7991d0
--- /dev/null
+++ b/utils/policies/sha1extaaa.bin
@@ -0,0 +1 @@
+q9]|À}¥ËzyÄÈÅڝ
\ No newline at end of file
diff --git a/utils/policies/sha1extaaa0.bin b/utils/policies/sha1extaaa0.bin
new file mode 100644
index 000000000..373c118ee
--- /dev/null
+++ b/utils/policies/sha1extaaa0.bin
@@ -0,0 +1 @@
+GöŠÎÕ÷ysqµTã-G˜  
\ No newline at end of file
diff --git a/utils/policies/sha1exthaaa.bin b/utils/policies/sha1exthaaa.bin
new file mode 100644
index 000000000..691387b0e
--- /dev/null
+++ b/utils/policies/sha1exthaaa.bin
@@ -0,0 +1 @@
+«SÇì?þþ!ž‰ÚñŽU>#Ž¦
\ No newline at end of file
diff --git a/utils/policies/sha256.bin b/utils/policies/sha256.bin
new file mode 100644
index 0000000000000000000000000000000000000000..874b07183955f2c0b5622ca7ad8c1fc6ae5537d5
GIT binary patch
literal 2
JcmZSJ1^@sJ01N;C

literal 0
HcmV?d00001

diff --git a/utils/policies/sha256aaa.bin b/utils/policies/sha256aaa.bin
new file mode 100644
index 000000000..4b3b4bf37
--- /dev/null
+++ b/utils/policies/sha256aaa.bin
@@ -0,0 +1 @@
+˜4‡mÏ°\±g¥ÂIS륌JÈ›ßWò/	¯~èð
\ No newline at end of file
diff --git a/utils/policies/sha256extaaa.bin b/utils/policies/sha256extaaa.bin
new file mode 100644
index 000000000..f59fde9c8
--- /dev/null
+++ b/utils/policies/sha256extaaa.bin
@@ -0,0 +1 @@
+wËïâÜ$ĶE_†Qb…’f‹+çA¤ÕËÞÛšJI
\ No newline at end of file
diff --git a/utils/policies/sha256extaaa0.bin b/utils/policies/sha256extaaa0.bin
new file mode 100644
index 000000000..a69594742
--- /dev/null
+++ b/utils/policies/sha256extaaa0.bin
@@ -0,0 +1 @@
+—dÑ¿·âÃ_“s+Jã6´5N¼èÐÖ>¾»
\ No newline at end of file
diff --git a/utils/policies/sha256exthaaa.bin b/utils/policies/sha256exthaaa.bin
new file mode 100644
index 000000000..53c667bfa
--- /dev/null
+++ b/utils/policies/sha256exthaaa.bin
@@ -0,0 +1 @@
+߁ Ó=æ{±Ç&¦ \Тëa·Éî‘fëÏÜÛ«
\ No newline at end of file
diff --git a/utils/policies/sha384.bin b/utils/policies/sha384.bin
new file mode 100644
index 0000000000000000000000000000000000000000..6f60177722d463e0554349cfe3f89f714468e7cf
GIT binary patch
literal 2
JcmZSJ0RR9F01W^D

literal 0
HcmV?d00001

diff --git a/utils/policies/sha384aaa.bin b/utils/policies/sha384aaa.bin
new file mode 100644
index 000000000..3131cd6a5
--- /dev/null
+++ b/utils/policies/sha384aaa.bin
@@ -0,0 +1,2 @@
+Žå½ÖJ£u6ÁòW¦´IcÌ2{}}Ë,´z"=3ADb¿¡„H|órÎ
+ßÈ?ƒ6Ø
\ No newline at end of file
diff --git a/utils/policies/sha384extaaa.bin b/utils/policies/sha384extaaa.bin
new file mode 100644
index 000000000..873c7a777
--- /dev/null
+++ b/utils/policies/sha384extaaa.bin
@@ -0,0 +1 @@
+ñ樖¤_uËï‰ÇN³š“Iß5NÆþ*囏Vˆ
˜˜Ž;ã`Èi2·ßY
\ No newline at end of file
diff --git a/utils/policies/sha384extaaa0.bin b/utils/policies/sha384extaaa0.bin
new file mode 100644
index 0000000000000000000000000000000000000000..59599c543f8864b139ca9e573d0eb3c409ea00c8
GIT binary patch
literal 48
zcmV-00MGv^DP!XtG{SPd>L(RIl&_Ldt(V#7L~Da>I&*xG%17TUIglaF-2jC?@PwDe
Gq$7kV%ok7q

literal 0
HcmV?d00001

diff --git a/utils/policies/sha384exthaaa.bin b/utils/policies/sha384exthaaa.bin
new file mode 100644
index 000000000..65bbe15aa
--- /dev/null
+++ b/utils/policies/sha384exthaaa.bin
@@ -0,0 +1 @@
+a¼p9┇°±F]dæ­2¦ÕÂ[E§K¼§Ì$%6Ê@ù6DðØ°˜ê¦P—M
\ No newline at end of file
diff --git a/utils/policies/sha512.bin b/utils/policies/sha512.bin
new file mode 100644
index 0000000000000000000000000000000000000000..c4b6c7e46931d6999241c775954d471456a16372
GIT binary patch
literal 2
JcmZSJ1pojK01f~E

literal 0
HcmV?d00001

diff --git a/utils/policies/sha512aaa.bin b/utils/policies/sha512aaa.bin
new file mode 100644
index 000000000..81f23f001
--- /dev/null
+++ b/utils/policies/sha512aaa.bin
@@ -0,0 +1 @@
+ÖöD±˜é{]‡XÖÓ@ÍG‡ú뛉Áç`‚ˆfKçrWJXÐ3¼ñ à”_ðdhëå>-ÿ6âHBLrs}¬	
\ No newline at end of file
diff --git a/utils/policies/sha512extaaa.bin b/utils/policies/sha512extaaa.bin
new file mode 100644
index 000000000..b26d4de43
--- /dev/null
+++ b/utils/policies/sha512extaaa.bin
@@ -0,0 +1 @@
+eOÉËÙ³¸YA¢ëºw"³?r)ÄÈ#ǧò
L¥T³5	Æ™R™ö9Äñ:¯gȁ½å‰ÅêBà›o<ê¡PœÕ
\ No newline at end of file
diff --git a/utils/policies/sha512extaaa0.bin b/utils/policies/sha512extaaa0.bin
new file mode 100644
index 0000000000000000000000000000000000000000..a9135d89edad2c6fa33797b3a93da0f728b323f6
GIT binary patch
literal 64
zcmV-G0Kfl#;pEQ&Qj-&F at h})LIku)o>Hv#%uh95LYMcI38u+cKXQo&v&(26-cT%2I
W at q-Ganzw*fE3TxRXQ*>D|L1re=piEj

literal 0
HcmV?d00001

diff --git a/utils/policies/sha512exthaaa.bin b/utils/policies/sha512exthaaa.bin
new file mode 100644
index 000000000..316b842d5
--- /dev/null
+++ b/utils/policies/sha512exthaaa.bin
@@ -0,0 +1 @@
+˾³)a$LœG€„
´:v?º–ïÁÙRôãà,Š1Šå? §¡tè#ãÍÆRo¶wm6G'M¦)Ûɧl*
\ No newline at end of file
diff --git a/utils/policies/zero4.bin b/utils/policies/zero4.bin
new file mode 100644
index 0000000000000000000000000000000000000000..593f4708db84ac8fd0f5cc47c634f38c013fe9e4
GIT binary patch
literal 4
LcmZQzU|;|M00aO5

literal 0
HcmV?d00001

diff --git a/utils/policies/zero8.bin b/utils/policies/zero8.bin
new file mode 100644
index 0000000000000000000000000000000000000000..1b1cb4d44c57c2d7a5122870fa6ac3e62ff7e94e
GIT binary patch
literal 8
KcmZQzfB*mh2mk>9

literal 0
HcmV?d00001

diff --git a/utils/policies/zerosha1.bin b/utils/policies/zerosha1.bin
new file mode 100644
index 0000000000000000000000000000000000000000..df879cf49534a5672299e8e57970c3d2ef1be71d
GIT binary patch
literal 20
KcmZQzzytsQ6aWDL

literal 0
HcmV?d00001

diff --git a/utils/policies/zerosha256.bin b/utils/policies/zerosha256.bin
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/utils/policies/zerosha384.bin b/utils/policies/zerosha384.bin
new file mode 100644
index 0000000000000000000000000000000000000000..2a560968cf1f21e1b2d29af08f907797bf3b9038
GIT binary patch
literal 48
LcmZQzAPoQj05AXn

literal 0
HcmV?d00001

diff --git a/utils/policies/zerosha512.bin b/utils/policies/zerosha512.bin
new file mode 100644
index 0000000000000000000000000000000000000000..9017fd98b5f67d928cc64c59b2c025472ce74f8c
GIT binary patch
literal 64
LcmZQzpbP*206+i%

literal 0
HcmV?d00001

diff --git a/utils/policyauthorize.c b/utils/policyauthorize.c
new file mode 100644
index 000000000..73c40dd61
--- /dev/null
+++ b/utils/policyauthorize.c
@@ -0,0 +1,307 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyAuthorize	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyAuthorize_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*approvedPolicyFilename = NULL;
+    const char			*policyRefFilename = NULL;
+    const char			*signingKeyNameFilename = NULL;
+    const char			*ticketFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-appr") == 0) {
+	    i++;
+	    if (i < argc) {
+		approvedPolicyFilename = argv[i];
+	    }
+	    else {
+		printf("-appr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pref") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyRefFilename = argv[i];
+	    }
+	    else {
+		printf("-pref option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-skn") == 0) {
+	    i++;
+	    if (i < argc) {
+		signingKeyNameFilename = argv[i];
+	    }
+	    else {
+		printf("-skn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* validate command line parameters */
+    if (policySession == 0) {
+	printf("Missing parameter -ha\n");
+	printUsage();
+    }
+    if (approvedPolicyFilename == NULL) {
+	printf("Missing parameter -appr\n");
+	printUsage();
+    }
+    if (policyRefFilename == NULL) {
+	in.policyRef.b.size = 0;	/* default empty buffer */
+    }
+    if (signingKeyNameFilename == NULL) {
+	printf("Missing parameter -skn\n");
+	printUsage();
+    }
+    if (ticketFilename == NULL) {
+	printf("Missing parameter -tk\n");
+	printUsage();
+    }
+    /* set in parameters */
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.approvedPolicy.b,
+			     sizeof(in.approvedPolicy.t.buffer),
+			     approvedPolicyFilename);
+    }
+    if ((rc == 0) && (policyRefFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.policyRef.b,
+			     sizeof(in.policyRef.t.buffer),
+			     policyRefFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.keySign.b,
+			     sizeof(in.keySign.t.name),
+			     signingKeyNameFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.checkTicket,
+				    (UnmarshalFunction_t)TSS_TPMT_TK_VERIFIED_Unmarshalu,
+				    ticketFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyAuthorize,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyauthorize: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyauthorize: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyauthorize\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyAuthorize\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-appr\tfile name of digest of the policy being approved\n");
+    printf("\t[-pref\tpolicyRef file] (default none)\n");
+    printf("\t-skn\tsigning key Name file name\n");
+    printf("\t-tk\tticket file name\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/policyauthorizenv.c b/utils/policyauthorizenv.c
new file mode 100644
index 000000000..0c5dbbff0
--- /dev/null
+++ b/utils/policyauthorizenv.c
@@ -0,0 +1,279 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyAuthorizeNV					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyAuthorizeNV_In 	in;
+    char 			hierarchyChar = 0;
+    const char			*authPassword = NULL; 		/* default no password */
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    TPMI_SH_POLICY		policySession = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -hs\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0) {
+	printf("Missing NV index handle parameter -ha\n");
+	printUsage();
+    }
+    if (policySession == 0) {
+	printf("Missing policy session handle parameter -hs\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (hierarchyChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else if (hierarchyChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+	in.policySession = policySession;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyAuthorizeNV,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyauthorizenv: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyauthorizenv: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyauthorizenv\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyAuthorizeNV\n");
+    printf("\n");
+    printf("\t[-hi\thierarchy authHandle (o, p)]\n");
+    printf("\t\tdefault NV index\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwda\tpassword for authorization (default empty)]\n");
+    printf("\t-hs\tpolicy session handle\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    exit(1);	
+}
diff --git a/utils/policyauthvalue.c b/utils/policyauthvalue.c
new file mode 100644
index 000000000..99cfdad3f
--- /dev/null
+++ b/utils/policyauthvalue.c
@@ -0,0 +1,142 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyAuthValue	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    TPMI_SH_POLICY		policySession = 0;
+    PolicyAuthValue_In 		in;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyAuthValue,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyauthvalue: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyauthvalue: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyauthvalue\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyAuthValue\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    exit(1);	
+}
diff --git a/utils/policycommandcode.c b/utils/policycommandcode.c
new file mode 100644
index 000000000..e5a43b545
--- /dev/null
+++ b/utils/policycommandcode.c
@@ -0,0 +1,161 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyCommandCode	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    TPMI_SH_POLICY		policySession = 0;
+    TPM_CC			commandCode = 0;
+    PolicyCommandCode_In 	in;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-cc") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &commandCode);
+	    }
+	    else {
+		printf("Missing parameter for -cc\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (commandCode == 0) {
+	printf("Missing parameter -cc\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+	in.code = commandCode;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyCommandCode,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policycommandcode: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policycommandcode: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policycommandcode\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyCommandCode\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-cc\tcommand code\n");
+    exit(1);	
+}
diff --git a/utils/policycountertimer.c b/utils/policycountertimer.c
new file mode 100644
index 000000000..ab0ec41f9
--- /dev/null
+++ b/utils/policycountertimer.c
@@ -0,0 +1,302 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyCounterTimer	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void   printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyCounterTimer_In 	in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*operandBData = NULL;
+    const char 			*operandBFilename = NULL;
+    uint16_t 			offset = 0;			/* default 0 */
+    TPM_EO			operation = 0;			/* default A = B */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		operandBData = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		operandBFilename = argv[i];
+	    } else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-op") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%hx", &operation);
+	    }
+	    else {
+		printf("Missing parameter for -op\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing policy session handle parameter -hs\n");
+	printUsage();
+    }
+    if ((operandBData == NULL) && (operandBFilename == NULL)) {
+	printf("operandB data string or data file must be specified\n");
+	printUsage();
+     }
+    if ((operandBData != NULL) && (operandBFilename != NULL)) {
+	printf("operandB data string and data file cannot both be specified\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+	in.offset = offset;
+	in.operation = operation;
+    }
+    if (operandBData != NULL) {
+	rc = TSS_TPM2B_StringCopy(&in.operandB.b,
+				  operandBData, sizeof(in.operandB.t.buffer));
+	
+    }
+    if (operandBFilename != NULL) {
+	rc = TSS_File_Read2B(&in.operandB.b,
+			     sizeof(in.operandB.t.buffer),
+			     operandBFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyCounterTimer,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policycountertimer: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policycountertimer: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policycountertimer\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyCounterTimer\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-ic\tdata string (operandB)\n");
+    printf("\t-if\tdata file (operandB) \n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\t-op\toperation (default A = B)\n");
+    printf("\n");
+    printf("\t\t0	A = B \n");
+    printf("\t\t1	A != B \n");
+    printf("\t\t2	A > B signed	 \n");
+    printf("\t\t3	A > B unsigned	 \n");
+    printf("\t\t4	A < B signed	 \n");
+    printf("\t\t5	A < B unsigned	 \n");
+    printf("\t\t6	A >= B signed	 \n");
+    printf("\t\t7	A >= B unsigned	 \n");
+    printf("\t\t8	A <= B signed	 \n");
+    printf("\t\t9	A <= B unsigned	 \n");
+    printf("\t\tA	All bits SET in B are SET in A. ((A&B)=B) \n");
+    printf("\t\tB	All bits SET in B are CLEAR in A. ((A&B)=0) \n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/policycphash.c b/utils/policycphash.c
new file mode 100644
index 000000000..3936a745d
--- /dev/null
+++ b/utils/policycphash.c
@@ -0,0 +1,245 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyCpHash	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void   printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyCpHash_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*cpHashAFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-cp") == 0) {
+	    i++;
+	    if (i < argc) {
+		cpHashAFilename = argv[i];
+	    }
+	    else {
+		printf("-cp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (cpHashAFilename == NULL) {
+	printf("Missing handle parameter -cp\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.cpHashA.b,
+			     sizeof(in.cpHashA.t.buffer),
+			     cpHashAFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyCpHash,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policycphash: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policycphash: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policycphash\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyCpHash\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-cp\tcpHash file\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/policyduplicationselect.c b/utils/policyduplicationselect.c
new file mode 100644
index 000000000..06f9fcc23
--- /dev/null
+++ b/utils/policyduplicationselect.c
@@ -0,0 +1,272 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyDuplicationSelect 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void   printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyDuplicationSelect_In 	in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*newParentNameFilename = NULL;
+    const char 			*objectNameFilename = NULL;
+    TPMI_YES_NO			includeObject = NO;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-inpn") == 0) {
+	    i++;
+	    if (i < argc) {
+		newParentNameFilename = argv[i];
+	    }
+	    else {
+		printf("-inpn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ion") == 0) {
+	    i++;
+	    if (i < argc) {
+		objectNameFilename = argv[i];
+	    }
+	    else {
+		printf("-ion option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-io") == 0) {
+	    includeObject = YES;
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (newParentNameFilename == NULL) {
+	printf("Missing handle parameter -inpn\n");
+	printUsage();
+    }
+    if (objectNameFilename == NULL) {
+	printf("include object -io requires object Name -ion\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+	in.includeObject = includeObject;
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.newParentName.b,
+			     sizeof(in.newParentName.t.name),
+			     newParentNameFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.objectName.b,
+			     sizeof(in.objectName.t.name),
+			     objectNameFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyDuplicationSelect,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyduplicationselect: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyduplicationselect: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyduplicationselect\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyDuplicationSelect\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-inpn\tnew parent Name file\n");
+    printf("\t-ion\tobject Name file\n");
+    printf("\t[-io\tinclude object (default no)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/policygetdigest.c b/utils/policygetdigest.c
new file mode 100644
index 000000000..25a6ed38d
--- /dev/null
+++ b/utils/policygetdigest.c
@@ -0,0 +1,162 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyGetDigest	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyGetDigest_In 		in;
+    PolicyGetDigest_Out 	out;
+    TPMI_SH_POLICY		policySession = 0;
+    const char			*digestFilename = NULL;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		digestFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyGetDigest,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (digestFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.policyDigest.t.buffer,
+				      out.policyDigest.t.size,
+				      digestFilename );
+    }
+    if (rc == 0) {
+	TSS_PrintAll("policyDigest", out.policyDigest.t.buffer, out.policyDigest.t.size);
+	if (tssUtilsVerbose) printf("policygetdigest: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policygetdigest: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policygetdigest\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyGetDigest\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t[-of\tbinary digest file name (default do not save)]\n");
+    exit(1);	
+}
diff --git a/utils/policymaker.c b/utils/policymaker.c
new file mode 100644
index 000000000..7290ed722
--- /dev/null
+++ b/utils/policymaker.c
@@ -0,0 +1,354 @@
+/********************************************************************************/
+/*										*/
+/*			   policymaker						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   policymaker calculates a TPM2 policy hash
+
+   Inputs are:
+
+   a hash algorithm
+   a file with lines in hexascii, to be extended into the policy digest, big endian
+
+   NOTE: Empty lines (lines with just a newline character) are permitted and cause a double hash.
+   This is useful for e.g. TPM2_PolicySigned when the policyRef is empty.
+
+   Outputs are:
+
+   if specified, a file with a binary digest
+   if specified, a print of the hash
+
+   Example input: policy command code with a command code of NV write
+
+   0000016c00000137
+
+   TPM2_PolicyCounterTimer is handled as a special case, where there is a double hash.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <errno.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+
+static void printUsage(void);
+static int Format_FromHexascii(unsigned char *binary,
+			       const char *string,
+			       size_t length);
+static int Format_ByteFromHexascii(unsigned char *byte,
+				   const char *string);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC		rc = 0;
+    int			i;    			/* argc iterator */
+    char 		*prc = NULL;		/* pointer return code */
+    const char 		*inFilename = NULL;
+    const char 		*outFilename = NULL;
+    int			pr = FALSE;
+    int			nz = FALSE;
+    int			noSpace = FALSE;
+    TPMT_HA 		digest;
+    /* initialized to suppress false gcc -O3 warning */
+    uint32_t           	sizeInBytes = 0;	/* hash algorithm mapped to size */
+    uint32_t           	startSizeInBytes = 0;	/* starting buffer for extend */
+    FILE 		*inFile = NULL;
+    FILE 		*outFile = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line defaults */
+    digest.hashAlg = TPM_ALG_SHA256;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pr") == 0) {
+	    pr = TRUE;
+	}
+	else if (strcmp(argv[i],"-nz") == 0) {
+	    nz = TRUE;
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (inFilename == NULL) {
+	printf("Missing input file parameter -if\n");
+	printUsage();
+    }
+    /* open the input file */
+    if (rc == 0) {
+	inFile = fopen(inFilename, "r");
+	if (inFile == NULL) {
+	    printf("Error opening %s for %s, %s\n", inFilename, "r", strerror(errno));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(digest.hashAlg);
+	/* startauthsession sets session digest to zero */
+	if (!nz) {
+	    startSizeInBytes = sizeInBytes;
+	    memset((uint8_t *)&digest.digest, 0, sizeInBytes);
+	}
+	else {	/* nz TRUE, start with empty buffer */
+	    startSizeInBytes = 0;
+	}
+    }
+    /* iterate through each line */
+    do {
+	char 		lineString[10240];		/* returned line in hex ascii */
+	unsigned char 	lineBinary[5120];		/* returned line in binary */
+	size_t		lineLength;			
+
+	if (rc == 0) {
+	    prc = fgets(lineString, sizeof(lineString), inFile);
+	}
+	if (prc != NULL) {
+	    /* convert hex ascii to binary */ 
+	    if (rc == 0) {
+		lineLength = strlen(lineString);
+		rc = Format_FromHexascii(lineBinary,
+					 lineString, lineLength/2);
+	    }
+	    if (rc == 0) {
+		/* not TPM2_PolicyCounterTimer */
+		if (memcmp(lineString, "0000016d", 8) != 0) {
+		    /* hash extend digest.digest with line */
+		    if (rc == 0) {
+			rc = TSS_Hash_Generate(&digest,
+					       startSizeInBytes, (uint8_t *)&digest.digest,
+					       lineLength /2, lineBinary,
+					       0, NULL);
+		    }
+		}
+		/* TPM2_PolicyCounterTimer is a special case - double hash */
+		else {
+		    TPMT_HA	args;
+		    args.hashAlg = digest.hashAlg;
+		    if (rc == 0) {
+			/* args is a hash of the arguments excluding the command code */
+			rc = TSS_Hash_Generate(&args,
+					       (lineLength /2) -4, lineBinary +4,
+					       0, NULL);
+		    }
+		    if (rc == 0) {
+			uint8_t commandCode[] = {0x00, 0x00, 0x01, 0x6d};
+			rc = TSS_Hash_Generate(&digest,
+					       startSizeInBytes, (uint8_t *)&digest.digest,
+					       sizeof(commandCode), commandCode,
+					       startSizeInBytes, (uint8_t *)&args.digest,
+					       0, NULL);
+		    }
+		}
+	    }
+	    if (rc == 0) {
+		if (tssUtilsVerbose) TSS_PrintAll("intermediate policy digest",
+					  (uint8_t *)&digest.digest, sizeInBytes);
+	    }
+	}
+    }
+    while ((rc == 0) && (prc != NULL));
+
+    if ((rc == 0) && pr) {
+	TSS_PrintAll("policy digest", (uint8_t *)&digest.digest, sizeInBytes);
+    }
+    if ((rc == 0) && noSpace) {
+	unsigned int b;
+	printf("policy digest:\n");
+	for (b = 0 ; b < sizeInBytes ; b++) {
+	    printf("%02x", *(((uint8_t *)&digest.digest) + b));
+	}
+	printf("\n");
+    }
+    /* open the output file */
+    if ((rc == 0) && (outFilename != NULL)) {
+	outFile = fopen(outFilename, "wb");
+	if (outFile == NULL) {
+	    printf("Error opening %s for %s, %s\n", outFilename , "W", strerror(errno));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (outFilename != NULL)) {
+	fwrite((uint8_t *)&digest.digest, 1, sizeInBytes, outFile);
+    }
+    if (inFile != NULL) {
+	fclose(inFile);
+    }
+    if (outFile != NULL) {
+	fclose(outFile);
+    }
+    if (rc != 0) {
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* Format_FromHexAscii() converts 'string' in hex ascii to 'binary' of 'length'
+
+   It assumes that the string has enough bytes to accommodate the length.
+*/
+
+static int Format_FromHexascii(unsigned char *binary,
+			       const char *string,
+			       size_t length)
+{
+    int 	rc = 0;
+    size_t	i;
+
+    for (i = 0 ; (rc == 0) && (i < length) ; i++) {
+	rc = Format_ByteFromHexascii(binary + i,
+				     string + (i * 2));
+	
+    }
+    return rc;
+}
+
+/* Format_ByteFromHexAscii() converts two bytes of hex ascii to one byte of binary
+ */
+
+static int Format_ByteFromHexascii(unsigned char *byte,
+				   const char *string)
+{
+    int 	rc = 0;
+    size_t	i;
+    char	c;
+    *byte 	= 0;
+    
+    for (i = 0 ; (rc == 0) && (i < 2) ; i++) {
+	(*byte) <<= 4;		/* big endian, shift up the nibble */
+	c = *(string + i);	/* extract the next character from the string */
+
+	if ((c >= '0') && (c <= '9')) {
+	    *byte += c - '0';
+	}
+	else if ((c >= 'a') && (c <= 'f')) {
+	    *byte += c + 10 - 'a';
+	}
+	else if ((c >= 'A') && (c <= 'F')) {
+	    *byte += c + 10 - 'A';
+	}
+	else {
+	    printf("Format_ByteFromHexascii: "
+		   "Error: Line has non hex ascii character: %02x %c\n", c, c);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policymaker\n");
+    printf("\n");
+    printf("\t[-halg\thash algorithm (sha1 sha256 sha384 sha512) (default sha256)]\n");
+    printf("\t[-nz\tdo not extend starting with zeros, just hash the last line]\n");
+    printf("\t-if\tinput policy statements in hex ascii\n");
+    printf("\t[-of\toutput file - policy hash in binary]\n");
+    printf("\t[-pr\tstdout - policy hash in hex ascii]\n");
+    printf("\t[-ns\tadditionally print policy hash in hex ascii on one line]\n");
+    printf("\t\tUseful to paste into policy OR\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils/policymakerpcr.c b/utils/policymakerpcr.c
new file mode 100644
index 000000000..41f8faf69
--- /dev/null
+++ b/utils/policymakerpcr.c
@@ -0,0 +1,439 @@
+/********************************************************************************/
+/*										*/
+/*			   policymakerpcr					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   policymakerpcr calculates a policyPCR term suitable for input to policymaker
+
+   Inputs are:
+
+   a hash algorithm
+
+   a byte mask, totally big endian, e.g. 010000 is PCR 16 
+
+   a file with lines in hexascii representing PCRs, e.g., the output of pcrread -ns
+   removed
+
+   This assumes that the byte mask and PCR value file are consistent.
+   
+   Outputs are:
+
+   if specified, a file with a hex ascii policyPCR line suitable for input to policymaker
+
+   if specified, a print of the hash
+
+   Example: 
+
+   policymakerpcr -halg sha1 -bm 010000 -if policies/policypcr16aaasha1.txt -v -pr -of policies/policypcr.txt
+
+   Where policypcr16aaasha1.txt is represents the SHA-1 value of PCR 16
+   
+   e.g., 1d47f68aced515f7797371b554e32d47981aa0a0
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <errno.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+static void printPolicyPCR(FILE *out,
+			   uint32_t           	sizeInBytes,         		
+			   TPML_PCR_SELECTION	*pcrs,
+			   TPMT_HA 		*digest);
+static int Format_FromHexascii(unsigned char *binary,
+			       const char *string,
+			       size_t length);
+static int Format_ByteFromHexascii(unsigned char *byte,
+				   const char *string);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC		rc = 0;
+    int			i;    			/* argc iterator */
+    char 		*prc = NULL;		/* pointer return code */
+    const char 		*inFilename = NULL;
+    const char 		*outFilename = NULL;
+    FILE 		*inFile = NULL;
+    FILE 		*outFile = NULL;
+    /* initialized to suppress false gcc -O3 warning */
+    uint32_t           	sizeInBytes = 0;	/* hash algorithm mapped to size */
+    uint32_t	  	pcrmask = 0xffffffff;	/* pcr register mask */
+    TPML_PCR_SELECTION	pcrs;
+    unsigned int 	pcrCount = 0;
+    TPMU_HA		pcr[IMPLEMENTATION_PCR];	/* all the PCRs */
+    int			pr = FALSE;
+    TPMT_HA 		digest;
+    uint8_t		pcrBytes[IMPLEMENTATION_PCR * sizeof(TPMU_HA)];
+    uint16_t		pcrLength;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line defaults */
+    digest.hashAlg = TPM_ALG_SHA256;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-bm") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (1 != sscanf(argv[i], "%x", &pcrmask)) {
+		    printf("Invalid -bm argument '%s'\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-bm option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pr") == 0) {
+	    pr = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrmask == 0xffffffff) {
+	printf("Missing or illegal pcr byte mask parameter -bm\n");
+	printUsage();
+    }
+    if ((pcrmask != 0) && (inFilename == NULL)) {
+	printf("Missing file name parameter -if\n");
+	printUsage();
+    }
+    if ((pcrmask == 0) && (inFilename != NULL)) {
+	printf("Unnecessary file name parameter -if\n");
+	printUsage();
+    }
+    /* open the input file if needed */
+    if ((rc == 0) && (pcrmask != 0)) {
+	inFile = fopen(inFilename, "r");
+	if (inFile == NULL) {
+	    printf("Error opening %s for %s, %s\n", inFilename, "r", strerror(errno));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(digest.hashAlg);
+    }
+    /* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+    if (rc == 0) {
+	pcrs.count = 1;		/* hard code one hash algorithm */
+	/* Table 85 - Definition of TPMS_PCR_SELECTION Structure - pcrSelections */
+	pcrs.pcrSelections[0].hash = digest.hashAlg;
+	pcrs.pcrSelections[0].sizeofSelect= 3;	/* hard code 24 PCRs */
+	/* TCG always marshals lower PCR first */
+	pcrs.pcrSelections[0].pcrSelect[0] = (pcrmask >>  0) & 0xff;
+	pcrs.pcrSelections[0].pcrSelect[1] = (pcrmask >>  8) & 0xff;
+	pcrs.pcrSelections[0].pcrSelect[2] = (pcrmask >> 16) & 0xff;
+    }
+    /* read the input file to the PCR array, assumes the PCR select bm has the correct number of
+       bits */
+    /* iterate through each line */
+    for (pcrCount = 0 ;
+	 (rc == 0) && (pcrCount < IMPLEMENTATION_PCR) && (inFile != NULL) ;
+	 pcrCount++) {
+	
+	char 		lineString[256];		/* returned line in hex ascii */
+	uint32_t	lineLength;			
+
+	if (rc == 0) {
+	    prc = fgets(lineString, sizeof(lineString), inFile);
+	}
+	/* no more lines, pcrCount is number of PCRs processed */
+	if (rc == 0) {
+	    if (prc == NULL) {
+		break;
+	    }
+	}
+	if (rc == 0) {
+	    lineLength = strlen(lineString);
+	    if (lineLength == 0) {
+		break;
+	    }
+	    if (lineString[lineLength-1] == '\n') {
+		lineString[lineLength-1] = '0';
+		lineLength--;
+	    }
+	}
+	if (rc == 0) {
+	    if (lineLength != (sizeInBytes *2)) {
+		printf("Line length %u is not twice digest size %u\n", lineLength, sizeInBytes);
+		rc = -1;
+	    }
+	}	
+	/* convert hex ascii to binary */ 
+	if ((rc == 0) && (prc != NULL)) {
+	    rc = Format_FromHexascii((uint8_t *)&pcr[pcrCount],
+				     lineString, lineLength/2);
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) printf("PCR %u\n", pcrCount);
+	    if (tssUtilsVerbose) TSS_PrintAll("PCR", (uint8_t *)&pcr[pcrCount], sizeInBytes);
+	}
+    }
+    /* serialize PCRs */
+    if (rc == 0) {
+	unsigned int pc;
+	uint8_t *buffer = pcrBytes;
+	uint32_t size = IMPLEMENTATION_PCR * sizeof(TPMU_HA);
+	pcrLength = 0;
+	for (pc = 0 ; (rc == 0) && (pc < pcrCount) ; pc++) {
+	    rc = TSS_Array_Marshalu((uint8_t *)&pcr[pc], sizeInBytes, &pcrLength, &buffer, &size);
+	}
+    }
+    /* hash the marshaled PCR array */
+    if (rc == 0) {
+	rc = TSS_Hash_Generate(&digest,
+			       pcrLength, pcrBytes,
+			       0, NULL);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("PCR composite digest", (uint8_t *)&digest.digest, sizeInBytes);
+    }
+    if ((rc == 0) && pr) {
+	printPolicyPCR(stdout,
+		       sizeInBytes,
+		       &pcrs,
+		       &digest);
+    }
+    if (outFilename != NULL) {
+	if (rc == 0) {
+	    outFile = fopen(outFilename, "wb");
+	    if (outFile == NULL) {
+		printf("Error opening %s for %s, %s\n", outFilename , "W", strerror(errno));
+		rc = EXIT_FAILURE;
+	    }
+	}
+	if (rc == 0) {
+	    printPolicyPCR(outFile,
+			   sizeInBytes,
+			   &pcrs,
+			   &digest);
+	}
+    }
+    if (inFile != NULL) {
+	fclose(inFile);
+    }
+    if (outFile != NULL) {
+	fclose(outFile);
+    }
+    if (rc != 0) {
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printPolicyPCR(FILE 		*out,
+			   uint32_t           	sizeInBytes,         		
+			   TPML_PCR_SELECTION	*pcrs,
+			   TPMT_HA 		*digest)
+{
+    unsigned int i;
+    uint8_t *pcrDigest = (uint8_t *)&digest->digest;
+
+    fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 24));
+    fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 16));
+    fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >>  8));
+    fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >>  0));
+    /* NOTE only handles count of 1, 1 hash algorithm */
+    fprintf(out, "%08x", pcrs->count);
+
+    fprintf(out, "%02x", 0xff & (pcrs->pcrSelections[0].hash >> 8));
+    fprintf(out, "%02x", 0xff & (pcrs->pcrSelections[0].hash >> 0));
+
+    fprintf(out, "%02x", pcrs->pcrSelections[0].sizeofSelect);
+    
+    fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[0]);
+    fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[1]);
+    fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[2]);
+
+    for (i = 0 ; i < sizeInBytes ; i++) {
+	fprintf(out, "%02x", pcrDigest[i]);
+    }
+    fprintf(out, "\n");
+    return;
+}
+
+/* Format_FromHexAscii() converts 'string' in hex ascii to 'binary' of 'length'
+
+   It assumes that the string has enough bytes to accommodate the length.
+*/
+
+static int Format_FromHexascii(unsigned char *binary,
+			       const char *string,
+			       size_t length)
+{
+    int 	rc = 0;
+    size_t	i;
+
+    for (i = 0 ; (rc == 0) && (i < length) ; i++) {
+	rc = Format_ByteFromHexascii(binary + i,
+				     string + (i * 2));
+	
+    }
+    return rc;
+}
+
+/* Format_ByteFromHexAscii() converts two bytes of hex ascii to one byte of binary
+ */
+
+static int Format_ByteFromHexascii(unsigned char *byte,
+				   const char *string)
+{
+    int 	rc = 0;
+    size_t	i;
+    char	c;
+    *byte 	= 0;
+    
+    for (i = 0 ; (rc == 0) && (i < 2) ; i++) {
+	(*byte) <<= 4;		/* big endian, shift up the nibble */
+	c = *(string + i);	/* extract the next character from the string */
+
+	if ((c >= '0') && (c <= '9')) {
+	    *byte += c - '0';
+	}
+	else if ((c >= 'a') && (c <= 'f')) {
+	    *byte += c + 10 - 'a';
+	}
+	else if ((c >= 'A') && (c <= 'F')) {
+	    *byte += c + 10 - 'A';
+	}
+	else {
+	    printf("Format_ByteFromHexascii: "
+		   "Error: Line has non hex ascii character: %c\n", c);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policymakerpcr\n");
+    printf("\n");
+    printf("Creates a policyPCR term suitable for input to policymaker (hex ascii)\n");
+    printf("\n");
+    printf("Assumes that the byte mask and PCR values are consistent\n");
+    printf("\n");
+    printf("\t[-halg\thash algorithm  (sha1 sha256 sha384 sha512) (default sha256)]\n");
+    printf("\t-bm\tpcr byte mask in hex, big endian\n");
+    printf("\n");
+    printf("\te.g. 010000 selects PCR 16\n");
+    printf("\te.g. ffffff selects all 24 PCRs\n");
+    printf("\n");
+    printf("\t-if input file - PCR values, hex ascii, one per line, %u max\n", IMPLEMENTATION_PCR);
+    printf("\trequired unless pcr mask is 0\n");
+    printf("\n");
+    printf("\t[-of\toutput file - policy hash in binary]\n");
+    printf("\t[-pr\tstdout - policy hash in hex ascii]\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils/policynamehash.c b/utils/policynamehash.c
new file mode 100644
index 000000000..e1263d25b
--- /dev/null
+++ b/utils/policynamehash.c
@@ -0,0 +1,256 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyNameHash 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void   printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyNameHash_In	 	in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*nameHashFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    uint8_t 			*buffer = NULL;
+    size_t 			length = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nh") == 0) {
+	    i++;
+	    if (i < argc) {
+		nameHashFilename = argv[i];
+	    }
+	    else {
+		printf("-inpn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (nameHashFilename == NULL) {
+	printf("Missing handle parameter -nh\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     nameHashFilename);
+    }
+    if (rc == 0) {
+	if (length <= sizeof(in.nameHash.t.buffer)) {
+	    in.nameHash.t.size = (uint16_t)length;
+	    memcpy(&in.nameHash.t.buffer, buffer, length);
+	}
+	else {
+	    printf("Name length %u too large\n", (unsigned int)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyNameHash,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policynamehash: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policynamehash: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(buffer);		/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policynamehash\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyNameHash\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-nh\tNameHash file - TPM2B_DIGEST\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/policynv.c b/utils/policynv.c
new file mode 100644
index 000000000..002751f32
--- /dev/null
+++ b/utils/policynv.c
@@ -0,0 +1,360 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyNV	 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyNV_In 		in;
+    char 			hierarchyChar = 0;
+    const char			*authPassword = NULL; 		/* default no password */
+    TPMI_RH_NV_INDEX		nvIndex = 0;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*operandBData = NULL;
+    const char 			*operandBFilename = NULL;
+    uint16_t 			offset = 0;			/* default 0 */
+    TPM_EO			operation = 0;			/* default A = B */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -hs\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		operandBData = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		operandBFilename = argv[i];
+	    } else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-op") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%hx", &operation);
+	    }
+	    else {
+		printf("Missing parameter for -op\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0) {
+	printf("Missing NV index handle parameter -ha\n");
+	printUsage();
+    }
+    if (policySession == 0) {
+	printf("Missing policy session handle parameter -hs\n");
+	printUsage();
+    }
+    if ((operandBData == NULL) && (operandBFilename == NULL)) {
+	printf("operandB data string or data file must be specified\n");
+	printUsage();
+     }
+    if ((operandBData != NULL) && (operandBFilename != NULL)) {
+	printf("operandB data string and data file cannot both be specified\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (hierarchyChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else if (hierarchyChar == 0) {
+	    in.authHandle = nvIndex;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+	in.policySession = policySession;
+	in.offset = offset;
+	in.operation = operation;
+    }
+    if (operandBData != NULL) {
+	rc = TSS_TPM2B_StringCopy(&in.operandB.b,
+				  operandBData, sizeof(in.operandB.t.buffer));
+	
+    }
+    if (operandBFilename != NULL) {
+	rc = TSS_File_Read2B(&in.operandB.b,
+			     sizeof(in.operandB.t.buffer),
+			     operandBFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyNV,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policynv: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policynv: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policynv\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyNV\n");
+    printf("\n");
+    printf("\t[-hi\thierarchy authHandle (o, p)]\n");
+    printf("\t\tdefault NV index\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle (operand A)\n");
+    printf("\t[-pwda\tpassword for authorization (default empty)]\n");
+    printf("\t-hs\tpolicy session handle\n");
+    printf("\t-ic\tdata string (operandB)\n");
+    printf("\t-if\tdata file (operandB) \n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\t-op\toperation (default A = B)\n");
+    printf("\n");
+    printf("\t\t0	A = B \n");
+    printf("\t\t1	A != B \n");
+    printf("\t\t2	A > B signed	 \n");
+    printf("\t\t3	A > B unsigned	 \n");
+    printf("\t\t4	A < B signed	 \n");
+    printf("\t\t5	A < B unsigned	 \n");
+    printf("\t\t6	A >= B signed	 \n");
+    printf("\t\t7	A >= B unsigned	 \n");
+    printf("\t\t8	A <= B signed	 \n");
+    printf("\t\t9	A <= B unsigned	 \n");
+    printf("\t\tA	All bits SET in B are SET in A. ((A&B)=B) \n");
+    printf("\t\tB	All bits SET in B are CLEAR in A. ((A&B)=0) \n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/policynvwritten.c b/utils/policynvwritten.c
new file mode 100644
index 000000000..1e688bee9
--- /dev/null
+++ b/utils/policynvwritten.c
@@ -0,0 +1,247 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyNvWritten 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyNvWritten_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    char 			writtenSetChar = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ws") == 0) {
+	    i++;
+	    if (i < argc) {
+		writtenSetChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -ws\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -hs\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing policy session handle parameter -hs\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (writtenSetChar == 'y') {
+	    in.writtenSet = YES;
+	}
+	else if (writtenSetChar == 'n') {
+	    in.writtenSet = NO;
+	}
+	else {
+	    printf("Missing or illegal -ws\n");
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyNvWritten,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policynvwritten: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policynvwritten: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policynvwritten\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyNvWritten\n");
+    printf("\n");
+    printf("\t-hs\tpolicy session handle\n");
+    printf("\t-ws\twritten set (y, n)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t80\taudit\n");
+    exit(1);	
+}
diff --git a/utils/policyor.c b/utils/policyor.c
new file mode 100644
index 000000000..692ce4f16
--- /dev/null
+++ b/utils/policyor.c
@@ -0,0 +1,251 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyOR	 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    uint32_t			j;
+    PolicyOR_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*pHashListFilename[8];
+    uint32_t			count = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (count < 8) {
+		    pHashListFilename[count] = argv[i];
+		    count++;
+		}
+		else {
+		    printf("-if can only be specified up to 8 times\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (count < 2) {
+	printf("-if must be specified 2 to 8 times\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+	in.pHashList.count = count;
+    }
+    /* -if is specified 2-8 times and fills the pHashListFilename array of policy AND term file names */
+    for (j = 0 ; ((j < count) && (rc == 0)) ; j++) {
+	rc = TSS_File_Read2B(&in.pHashList.digests[j].b,
+			     sizeof(in.pHashList.digests[j].t.buffer),
+			     pHashListFilename[j]);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyOR,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyor: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyor: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyor\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyOR\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-if\tpolicy digest file (2-8 -if specifiers required)\n");
+    exit(1);	
+}
diff --git a/utils/policypassword.c b/utils/policypassword.c
new file mode 100644
index 000000000..d9b806dd6
--- /dev/null
+++ b/utils/policypassword.c
@@ -0,0 +1,142 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyPassword	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    TPMI_SH_POLICY		policySession = 0;
+    PolicyPassword_In 		in;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyPassword,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policypassword: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policypassword: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policypassword\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyPassword\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    exit(1);	
+}
diff --git a/utils/policypcr.c b/utils/policypcr.c
new file mode 100644
index 000000000..adbc0a85a
--- /dev/null
+++ b/utils/policypcr.c
@@ -0,0 +1,276 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyPCR	 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyPCR_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    uint32_t	  		pcrmask = 0xffffffff;		/* pcr register mask */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-bm") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (1 != sscanf(argv[i], "%x", &pcrmask)) {
+		    printf("Invalid -bm argument '%s'\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-bm option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (pcrmask == 0xffffffff) {
+	printf("Missing handle parameter -bm\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+	/* NOTE not implemented yet */
+	in.pcrDigest.b.size = 0;
+	/* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+	in.pcrs.count = 1;		/* hard code one hash algorithm */
+	/* Table 85 - Definition of TPMS_PCR_SELECTION Structure - pcrSelections */
+	in.pcrs.pcrSelections[0].hash = halg;
+	in.pcrs.pcrSelections[0].sizeofSelect= 3;	/* hard code 24 PCRs */
+	/* TCG always marshals lower PCR first */
+	in.pcrs.pcrSelections[0].pcrSelect[0] = (pcrmask >>  0) & 0xff;
+	in.pcrs.pcrSelections[0].pcrSelect[1] = (pcrmask >>  8) & 0xff;
+	in.pcrs.pcrSelections[0].pcrSelect[2] = (pcrmask >> 16) & 0xff;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyPCR,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policypcr: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policypcr: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policypcr\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyPCR\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t-bm\tpcr mask in hex\n");
+    printf("\t\te.g., -bm 10000 is PCR 16, 000001 is PCR 0\n");
+    exit(1);	
+}
diff --git a/utils/policyrestart.c b/utils/policyrestart.c
new file mode 100644
index 000000000..4978ba41b
--- /dev/null
+++ b/utils/policyrestart.c
@@ -0,0 +1,218 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyRestart	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyRestart_In 		in;
+    TPMI_SH_POLICY		sessionHandle = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (sessionHandle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.sessionHandle = sessionHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyRestart,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyrestart: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyrestart: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyrestart\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyRestart\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    exit(1);	
+}
diff --git a/utils/policysecret.c b/utils/policysecret.c
new file mode 100644
index 000000000..737b51d8e
--- /dev/null
+++ b/utils/policysecret.c
@@ -0,0 +1,358 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicySecret	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicySecret_In 		in;
+    PolicySecret_Out 		out;
+    TPMI_DH_ENTITY		authHandle = 0;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*nonceTPMFilename = NULL;
+    const char 			*cpHashAFilename = NULL;
+    const char			*policyRefFilename = NULL;
+    int32_t			expiration = 0;
+    const char			*ticketFilename = NULL;
+    const char			*timeoutFilename = NULL;
+    const char			*entityPassword = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    in.nonceTPM.b.size = 0;
+    in.cpHashA.b.size = 0;
+    in.policyRef.b.size = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &authHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -hs\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-in") == 0) {
+	    i++;
+	    if (i < argc) {
+		nonceTPMFilename = argv[i];
+	    }
+	    else {
+		printf("-in option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-cp") == 0) {
+	    i++;
+	    if (i < argc) {
+		cpHashAFilename = argv[i];
+	    }
+	    else {
+		printf("-cp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pref") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyRefFilename = argv[i];
+	    }
+	    else {
+		printf("-pref option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-exp") == 0) {
+	    i++;
+	    if (i < argc) {
+		expiration = atoi(argv[i]);
+	    }
+	    else {
+		printf("Missing parameter for -exp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwde") == 0) {
+	    i++;
+	    if (i < argc) {
+		entityPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-to") == 0) {
+	    i++;
+	    if (i < argc) {
+		timeoutFilename = argv[i];
+	    }
+	    else {
+		printf("-to option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (authHandle == 0) {
+	printf("Missing authorizing entity handle parameter -hs\n");
+	printUsage();
+    }
+    if (policySession == 0) {
+	printf("Missing policy session handle parameter -hs\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.authHandle = authHandle;
+	in.policySession = policySession;
+    }
+    if ((rc == 0) && (nonceTPMFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.nonceTPM.b,
+			     sizeof(in.nonceTPM.t.buffer),
+			     nonceTPMFilename);
+    }
+    if ((rc == 0) && (cpHashAFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.cpHashA.b,
+			     sizeof(in.cpHashA.t.buffer),
+			     cpHashAFilename);
+    }
+    if ((rc == 0) && (policyRefFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.policyRef.b,
+			     sizeof(in.policyRef.t.buffer),
+			     policyRefFilename);
+    }
+    if (rc == 0) {
+	in.expiration = expiration;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicySecret,
+			 sessionHandle0, entityPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (ticketFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.policyTicket,
+				     (MarshalFunction_t)TSS_TPMT_TK_AUTH_Marshal,
+				     ticketFilename);
+    }
+    if ((rc == 0) && (timeoutFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.timeout.b.buffer,
+				      out.timeout.b.size,
+				      timeoutFilename); 
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policysecret: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policysecret: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policysecret\n");
+    printf("\n");
+    printf("Runs TPM2_PolicySecret\n");
+    printf("\n");
+    printf("\t-ha\tauthorizing entity handle\n");
+    printf("\t-hs\tpolicy session handle\n");
+    printf("\t[-in\tnonceTPM file (default none)]\n");
+    printf("\t[-cp\tcpHash file (default none)]\n");
+    printf("\t[-pref\tpolicyRef file (default none)]\n");
+    printf("\t[-exp\texpiration (default none)]\n");
+    printf("\t[-pwde\tauthorizing entity password (default empty)]\n");
+    printf("\t[-tk\tticket file name]\n");
+    printf("\t[-to\ttimeout file name]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/policysigned.c b/utils/policysigned.c
new file mode 100644
index 000000000..bf7e5851c
--- /dev/null
+++ b/utils/policysigned.c
@@ -0,0 +1,456 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicySigned	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+#include "cryptoutils.h"
+
+static void printUsage(void);
+static TPM_RC signAHash(TPM2B_PUBLIC_KEY_RSA *signature,
+			TPMT_HA *aHash,
+			const char *signingKeyFilename,
+			const char *signingKeyPassword);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicySigned_In 		in;
+    PolicySigned_Out 		out;
+    TPMI_DH_OBJECT		authObject = 0;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*nonceTPMFilename = NULL;
+    const char 			*cpHashAFilename = NULL;
+    const char			*policyRefFilename = NULL;
+    const char			*ticketFilename = NULL;
+    const char			*timeoutFilename = NULL;
+    int32_t			expiration = 0;
+    const char			*signingKeyFilename = NULL;
+    const char			*signingKeyPassword = NULL;
+    const char			*signatureFilename = NULL;
+    uint8_t			*signature = NULL;
+    size_t			signatureLength;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMT_HA 			aHash;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    in.nonceTPM.b.size = 0;	/* three of the components to aHash are optional */
+    in.cpHashA.b.size = 0;
+    in.policyRef.b.size = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &authObject);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-in") == 0) {
+	    i++;
+	    if (i < argc) {
+		nonceTPMFilename = argv[i];
+	    }
+	    else {
+		printf("-in option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-cp") == 0) {
+	    i++;
+	    if (i < argc) {
+		cpHashAFilename = argv[i];
+	    }
+	    else {
+		printf("-cp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pref") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyRefFilename = argv[i];
+	    }
+	    else {
+		printf("-pref option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-exp") == 0) {
+	    i++;
+	    if (i < argc) {
+		expiration = atoi(argv[i]);
+	    }
+	    else {
+		printf("Missing parameter for -exp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sk") == 0) {
+	    i++;
+	    if (i < argc) {
+		signingKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-sk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-is") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-is option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-to") == 0) {
+	    i++;
+	    if (i < argc) {
+		timeoutFilename = argv[i];
+	    }
+	    else {
+		printf("-to option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		signingKeyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (authObject == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if ((signingKeyFilename == NULL) && (signatureFilename == NULL)) {
+	printf("Missing signing key -sk or signature -is\n");
+	printUsage();
+    }
+    if ((signingKeyFilename != NULL) && (signatureFilename != NULL)) {
+	printf("Cannot have both signing key -sk and signature -is\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.authObject = authObject;
+	in.policySession = policySession;
+    }
+    /* read the optional components - nonceTPM, cpHashA, policyRef */ 
+    if ((rc == 0) && (nonceTPMFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.nonceTPM.b,
+			     sizeof(in.nonceTPM.t.buffer),
+			     nonceTPMFilename);
+    }
+    if ((rc == 0) && (cpHashAFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.cpHashA.b,
+			     sizeof(in.cpHashA.t.buffer),
+			     cpHashAFilename);
+    }
+    if ((rc == 0) && (policyRefFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.policyRef.b,
+			     sizeof(in.policyRef.t.buffer),
+			     policyRefFilename);
+    }
+    if (rc == 0) {
+	in.expiration = expiration;
+	in.auth.sigAlg = TPM_ALG_RSASSA;	/* sample uses RSASSA */
+	in.auth.signature.rsassa.hash = halg;
+    }
+    /* sample code using a PEM key to sign */
+    if (signingKeyFilename != NULL) {
+	/* calculate the digest from the 4 components according to the TPM spec Part 3. */
+	/* aHash = HauthAlg(nonceTPM || expiration || cpHashA || policyRef)	(13) */
+	if (rc == 0) {
+	    int32_t expirationNbo = htonl(in.expiration);
+	    aHash.hashAlg = halg;
+	    /* This varargs function takes length / array pairs.  It skips pairs with a length of
+	       zero.  This handles the three optional components (default length zero) with no
+	       special handling. */
+	    rc = TSS_Hash_Generate(&aHash,		/* largest size of a digest */
+				   in.nonceTPM.t.size, in.nonceTPM.t.buffer,
+				   sizeof(int32_t), &expirationNbo,
+				   in.cpHashA.t.size, in.cpHashA.t.buffer,
+				   in.policyRef.t.size, in.policyRef.t.buffer,
+				   0, NULL);
+	}
+	/* sign aHash */
+	if (rc == 0) {
+	    rc = signAHash(&in.auth.signature.rsassa.sig,	/* sample uses RSASSA */
+			   &aHash,
+			   signingKeyFilename, signingKeyPassword);
+	}
+    }
+    /* sample code where the signature has been generated externally */
+    if (signatureFilename != NULL) {
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile((unsigned char **)&signature,     /* freed @1 */
+					 &signatureLength,
+					 signatureFilename);
+	}
+	if (rc == 0) {
+	    if (signatureLength > sizeof(in.auth.signature.rsassa.sig.t.buffer)) {
+		printf("Signature length %lu is greater than buffer %lu\n",
+		       (unsigned long)signatureLength,
+		       (unsigned long)sizeof(in.auth.signature.rsassa.sig.t.buffer));
+		rc = TSS_RC_RSA_SIGNATURE;
+	    }
+	}
+	if (rc == 0) {
+	    in.auth.signature.rsassa.sig.t.size = (uint16_t)signatureLength;
+	    memcpy(&in.auth.signature.rsassa.sig.t.buffer, signature, signatureLength); 
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicySigned,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (ticketFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.policyTicket,
+				     (MarshalFunction_t)TSS_TPMT_TK_AUTH_Marshal,
+				     ticketFilename);
+    }
+    if ((rc == 0) && (timeoutFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.timeout.b.buffer,
+				      out.timeout.b.size,
+				      timeoutFilename); 
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policysigned: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policysigned: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(signature);	/* @1 */
+    return rc;
+}
+
+/* signAHash() signs digest, returns signature.  The signature TPM2B_PUBLIC_KEY_RSA is a member of
+   the TPMT_SIGNATURE command parameter.
+
+   This sample signer uses a pem file signingKeyFilename with signingKeyPassword.
+
+*/
+
+TPM_RC signAHash(TPM2B_PUBLIC_KEY_RSA *signature,
+		 TPMT_HA *aHash,
+		 const char *signingKeyFilename,
+		 const char *signingKeyPassword)
+{
+    TPM_RC		rc = 0;
+    void		*rsaKey = NULL;
+    uint32_t  		sizeInBytes;		/* hash algorithm mapped to size */
+    size_t	 	signatureLength;	/* RSA_Sign() output */
+
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(aHash->hashAlg);
+#if 0
+	if (tssUtilsVerbose) {
+	    TSS_PrintAll("signAHash: aHash",
+			 (uint8_t *)(&aHash->digest), sizeInBytes);
+	}
+#endif
+    }
+    /* read the PEM format private key into the private key structure */
+    if (rc == 0) {
+	rc = convertPemToRsaPrivKey((void **)&rsaKey,	/* freed @1 */
+				    signingKeyFilename, (void *)signingKeyPassword);
+    }
+    /* sign aHash */
+    if (rc == 0) {
+	rc = signRSAFromRSA(signature->t.buffer, &signatureLength,
+			    sizeof(signature->t.buffer),
+			    (uint8_t *)(&aHash->digest), sizeInBytes,
+			    aHash->hashAlg,
+			    rsaKey);
+    }
+    if (rc == 0) {
+	signature->t.size = (uint16_t)signatureLength;	/* length of RSA key checked above */
+#if 0
+	if (tssUtilsVerbose) TSS_PrintAll("signAHash: signature",
+				  signature->t.buffer, signature->t.size);
+#endif
+    }
+    TSS_RsaFree(rsaKey);	/* @1 *//* FIXME may be wrong for mbedtls */
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policysigned\n");
+    printf("\n");
+    printf("Runs TPM2_PolicySigned\n");
+    printf("\n");
+    printf("\t-hk\tsignature verification key handle\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t[-in\tnonceTPM file (default none)]\n");
+    printf("\t[-cp\tcpHash file (default none)]\n");
+    printf("\t[-pref\tpolicyRef file (default none)]\n");
+    printf("\t[-exp\texpiration in decimal (default none)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t-sk\tRSA signing key file name (PEM format)\n");
+    printf("\t\tUse this signing key.\n");
+    printf("\t-is\tsignature file name\n");
+    printf("\t\tUse this signature from e.g., a smart card or other HSM.\n");
+    printf("\t[-pwdk\tsigning key password (default null)]\n");
+    printf("\t[-tk\tticket file name]\n");
+    printf("\t[-to\ttimeout file name]\n");
+    exit(1);	
+}
diff --git a/utils/policytemplate.c b/utils/policytemplate.c
new file mode 100644
index 000000000..97c739f66
--- /dev/null
+++ b/utils/policytemplate.c
@@ -0,0 +1,166 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyTemplate	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyTemplate_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*templateFilename = NULL;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-te") == 0) {
+	    i++;
+	    if (i < argc) {
+		templateFilename = argv[i];
+	    }
+	    else {
+		printf("-te option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (templateFilename == NULL) {
+	printf("Missing handle parameter -te\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.templateHash.b,
+			     sizeof(in.templateHash.t.buffer),
+			     templateFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyTemplate,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policytemplate: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policytemplate: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policytemplate\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyTemplate\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-te\ttemplate file\n");
+    exit(1);	
+}
diff --git a/utils/policyticket.c b/utils/policyticket.c
new file mode 100644
index 000000000..d41d00d16
--- /dev/null
+++ b/utils/policyticket.c
@@ -0,0 +1,354 @@
+/********************************************************************************/
+/*										*/
+/*			    PolicyTicket	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PolicyTicket_In 		in;
+    TPMI_SH_POLICY		policySession = 0;
+    const char 			*timeoutFilename = NULL;
+    const char 			*cpHashAFilename = NULL;
+    const char			*policyRefFilename = NULL;
+    const char 			*authNameFilename = NULL;
+    char 			hierarchyChar = 0;
+    TPMI_RH_HIERARCHY		primaryHandle = TPM_RH_NULL;
+    const char			*ticketFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    in.cpHashA.b.size = 0;
+    in.policyRef.b.size = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &policySession);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-to") == 0) {
+	    i++;
+	    if (i < argc) {
+		timeoutFilename = argv[i];
+	    }
+	    else {
+		printf("-to option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-cp") == 0) {
+	    i++;
+	    if (i < argc) {
+		cpHashAFilename = argv[i];
+	    }
+	    else {
+		printf("-cp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pref") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyRefFilename = argv[i];
+	    }
+	    else {
+		printf("-pref option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-na") == 0) {
+	    i++;
+	    if (i < argc) {
+		authNameFilename = argv[i];
+	    }
+	    else {
+		printf("-na option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policySession == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (timeoutFilename == NULL) {
+	printf("Missing timeout file name parameter -to\n");
+	printUsage();
+    }
+    if (ticketFilename == NULL) {
+	printf("Missing ticket file name parameter -tk\n");
+	printUsage();
+    }
+    if ((authNameFilename == NULL) && (hierarchyChar == 0)) {
+	printf("Missing parameter -na or -hi\n");
+	printUsage();
+    }
+    if ((authNameFilename != NULL) && (hierarchyChar != 0)) {
+	printf("Cannot specify both -na and -hi\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.policySession = policySession;
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.timeout.b,
+			     sizeof(in.timeout.t.buffer),
+			     timeoutFilename);
+    }
+    if ((rc == 0) && (cpHashAFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.cpHashA.b,
+			     sizeof(in.cpHashA.t.buffer),
+			     cpHashAFilename);
+    }
+    if ((rc == 0) && (policyRefFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.policyRef.b,
+			     sizeof(in.policyRef.t.buffer),
+			     policyRefFilename);
+    }
+    /* if the authorizing entity was an object */
+    if ((rc == 0) && (authNameFilename != NULL)) {
+	rc = TSS_File_Read2B(&in.authName.b,
+			     sizeof(in.authName.t.name),
+			     authNameFilename);
+    }
+    /* if the authorizing object was a hierarchy */
+    if ((rc == 0) && (hierarchyChar != 0)) {
+	if (hierarchyChar == 'e') {
+	    primaryHandle = TPM_RH_ENDORSEMENT;
+	}
+	else if (hierarchyChar == 'o') {
+	    primaryHandle = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    primaryHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Bad parameter %c for -hi\n", hierarchyChar);
+	    printUsage();
+	}
+	rc = TSS_TPM2B_CreateUint32(&in.authName.b, primaryHandle, sizeof(in.authName.t.name));
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.ticket,
+				    (UnmarshalFunction_t)TSS_TPMT_TK_AUTH_Unmarshalu,
+				    ticketFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_PolicyTicket,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("policyticket: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("policyticket: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policyticket\n");
+    printf("\n");
+    printf("Runs TPM2_PolicyTicket\n");
+    printf("\n");
+    printf("\t-ha\tpolicy session handle\n");
+    printf("\t-to\ttimeout file name\n");
+    printf("\t[-cp\tcpHash file (default none)]\n");
+    printf("\t[-pref\tpolicyRef file (default none)]\n");
+    printf("\t-na\tauthName file (not hierarchy)\n");
+    printf("\t-hi\thierarchy (e, o, p) (authName is hierarchy)\n");
+    printf("\t\te endorsement, o owner, p platform\n");
+    printf("\t-tk\tticket file name\n");
+    exit(1);	
+}
diff --git a/utils/powerup.c b/utils/powerup.c
new file mode 100644
index 000000000..164b20c85
--- /dev/null
+++ b/utils/powerup.c
@@ -0,0 +1,128 @@
+/********************************************************************************/
+/*										*/
+/*			    Simulator Power up	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* FIXME should really be in tpmtcpprotocol.h */
+#ifdef TPM_WINDOWS
+#include <winsock2.h>		/* for simulator startup */
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsstransmit.h>	/* for simulator power up */
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 		rc = 0;
+    int			i;				/* argc iterator */
+    TSS_CONTEXT		*tssContext = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /*
+      Start a TSS context
+    */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* power off platform */
+    if (rc == 0) {
+	rc = TSS_TransmitPlatform(tssContext, TPM_SIGNAL_POWER_OFF, "TPM2_PowerOffPlatform");
+    }
+    /* power on platform */
+    if (rc == 0) {
+	rc = TSS_TransmitPlatform(tssContext, TPM_SIGNAL_POWER_ON, "TPM2_PowerOnPlatform");
+    }
+    /* power on NV */
+    if (rc == 0) {
+	rc = TSS_TransmitPlatform(tssContext, TPM_SIGNAL_NV_ON, "TPM2_NvOnPlatform");
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("powerup: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("powerup: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("powerup\n");
+    printf("\n");
+    printf("Powers the simulator off and on, and powers up NV\n");
+    printf("\n");
+    exit(1);	
+}
+
diff --git a/utils/printattr.c b/utils/printattr.c
new file mode 100644
index 000000000..b3404245d
--- /dev/null
+++ b/utils/printattr.c
@@ -0,0 +1,139 @@
+/********************************************************************************/
+/*										*/
+/*			         Print Attributes				*/
+/*		      Written by Ken Goldman					*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Re-distributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Re-distributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssprint.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    unsigned int		tmpSession;
+    TPMA_OBJECT 		object;
+    TPMA_SESSION 		session;
+    TPMA_STARTUP_CLEAR 		startup;
+    TPMA_NV 			nv;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ob") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%8x", &object.val);
+		TSS_TPMA_OBJECT_Print("TPMA_OBJECT", object, 0);
+	    }
+	    else {
+		printf("Missing parameter for -ob\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%2x", &tmpSession);
+		session.val = tmpSession;
+		TSS_TPMA_SESSION_Print(session, 0);
+	    }
+	    else {
+		printf("Missing parameter for -se\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-st") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%8x", &startup.val);
+		TSS_TPMA_STARTUP_CLEAR_Print(startup, 0);
+	    }
+	    else {
+		printf("Missing parameter for -st\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nv") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%8x", &nv.val);
+		TSS_TPMA_NV_Print(nv, 0);
+	    }
+	    else {
+		printf("Missing parameter for -nv\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("printattr\n");
+    printf("\n");
+    printf("Prints TPMA attributes as text\n");
+    printf("\n");
+    printf("\t-ob TPMA_OBJECT\n");
+    printf("\t-se TPMA_SESSION \n");
+    printf("\t-st TPMA_STARTUP_CLEAR \n");
+    printf("\t-nv TPMA_NV\n"); 
+    exit(1);
+}
diff --git a/utils/publicname.c b/utils/publicname.c
new file mode 100644
index 000000000..3b71da77f
--- /dev/null
+++ b/utils/publicname.c
@@ -0,0 +1,452 @@
+/********************************************************************************/
+/*										*/
+/*			         Public Name  					*/
+/*		      Written by Mark Marshall & Ken Goldman			*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tsscryptoh.h>
+#include "objecttemplates.h"
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    int				noSpace = FALSE;
+    TPM2B_PUBLIC		inPublic;
+    TPM2B_NV_PUBLIC		nvPublic;
+    int				keyType = TYPE_SI;
+    TPMI_ALG_SIG_SCHEME 	scheme = TPM_ALG_RSASSA;
+    uint32_t 			keyTypeSpecified = 0;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		nalg = TPM_ALG_SHA256;
+    const char			*nvPublicFilename = NULL;
+    const char			*publicKeyFilename = NULL;
+    const char			*derKeyFilename = NULL;
+    const char			*pemKeyFilename = NULL;
+    const char			*nameFilename = NULL;
+    int				userWithAuth = TRUE;
+    int				object = TRUE;		/* TPM object, false if NV index */
+    unsigned int		inputCount = 0;
+    TPM2B_TEMPLATE		marshaled;
+    uint16_t			written;
+    uint32_t			size;
+    uint8_t			*buffer;
+    TPMT_HA			name;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-nalg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    nalg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    nalg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    nalg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    nalg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -nalg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-nalg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	}
+	else if (strcmp(argv[i],"-scheme") == 0) {
+	    if (keyType == TYPE_SI) {
+		i++;
+		if (i < argc) {
+		    if (strcmp(argv[i],"rsassa") == 0) {
+			scheme = TPM_ALG_RSASSA;
+		    }
+		    else if (strcmp(argv[i],"rsapss") == 0) {
+			scheme = TPM_ALG_RSAPSS;
+		    }
+		    else if (strcmp(argv[i],"null") == 0) {
+			scheme = TPM_ALG_NULL;
+		    }
+		    else {
+			printf("Bad parameter %s for -scheme\n", argv[i]);
+			printUsage();
+		    }
+		}
+	    }
+	    else {
+		printf("-scheme can only be specified for signing key\n");
+		printUsage();
+	    }
+        }
+	else if (strcmp(argv[i], "-st") == 0) {
+	    keyType = TYPE_ST;
+	    scheme = TPM_ALG_NULL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-den") == 0) {
+	    keyType = TYPE_DEN;
+	    scheme = TPM_ALG_NULL;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i], "-si") == 0) {
+	    keyType = TYPE_SI;
+	    keyTypeSpecified++;
+	}
+	else if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+		inputCount++;
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-invpu") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPublicFilename = argv[i];
+		object = FALSE;
+		inputCount++;
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemKeyFilename = argv[i];
+		inputCount++;
+	    }
+	    else {
+		printf("-ipem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ider") == 0) {
+	    i++;
+	    if (i < argc) {
+		derKeyFilename = argv[i];
+		inputCount++;
+	    }
+	    else {
+		printf("-ider option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-uwa") == 0) {
+	    userWithAuth = FALSE;
+	}
+	else if (strcmp(argv[i],"-on") == 0) {
+	    i++;
+	    if (i < argc) {
+		nameFilename = argv[i];
+	    }
+	    else {
+		printf("-on option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (inputCount != 1) {
+	printf("Missing or too many parameters -ipu, -ipem, -ider, -invpu\n");
+	printUsage();
+    }
+    if (keyTypeSpecified > 1) {
+	printf("Too many key attributes\n");
+	printUsage();
+    }
+    if ((publicKeyFilename != NULL) && (!userWithAuth)) {
+	printf("userWithAuth unused for TPM2B_PUBLIC input\n");
+	printUsage();
+	
+    }
+    /* loadexternal key pair cannot be restricted (storage key) and must have NULL symmetric
+       scheme*/
+    if (derKeyFilename != NULL) {
+	if (keyType == TYPE_ST) {
+	    keyType = TYPE_DEN;
+	}
+    }
+    if (rc == 0) {
+	/* TPM format key, output from create */
+	if (publicKeyFilename != NULL) {
+	    rc = TSS_File_ReadStructureFlag(&inPublic,
+					    (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					    TRUE,			/* NULL permitted */
+					    publicKeyFilename);
+	}
+	/* NV Index public area */
+	else if (nvPublicFilename != 0) {
+	    rc = TSS_File_ReadStructure(&nvPublic,
+					(UnmarshalFunction_t)TSS_TPM2B_NV_PUBLIC_Unmarshalu,
+					nvPublicFilename);
+	    
+	}
+	/* PEM format, output from e.g. openssl, readpublic, createprimary, create */
+	else if (pemKeyFilename != NULL) {
+	    switch (algPublic) {
+	      case TPM_ALG_RSA:
+		rc = convertRsaPemToPublic(&inPublic,
+					   keyType,
+					   scheme,
+					   nalg,
+					   halg,
+					   pemKeyFilename);
+		break;
+#ifndef TPM_TSS_NOECC
+	      case TPM_ALG_ECC:
+		rc = convertEcPemToPublic(&inPublic,
+					  keyType,
+					  scheme,
+					  nalg,
+					  halg,
+					  pemKeyFilename);
+		break;
+#endif	/* TPM_TSS_NOECC */
+	      default:
+		printf("-rsa algorithm %04x not supported\n", algPublic);
+		rc = TPM_RC_ASYMMETRIC;
+	    }
+	}
+	/* DER format key pair */
+	else if (derKeyFilename != NULL) {
+	    switch (algPublic) {
+	      case TPM_ALG_RSA:
+		rc = convertRsaDerToPublic(&inPublic,
+					   keyType,
+					   scheme,
+					   nalg,
+					   halg,
+					   derKeyFilename);
+		break;
+#ifndef TPM_TSS_NOECC
+	      case TPM_ALG_ECC:
+		rc = convertEcDerToPublic(&inPublic,
+					  keyType,
+					  scheme,
+					  nalg,
+					  halg,
+					  derKeyFilename);
+		break;
+#endif	/* TPM_TSS_NOECC */
+	      default:
+		printf("-rsa algorithm %04x not supported\n", algPublic);
+		rc = TPM_RC_ASYMMETRIC;
+	    }
+	}
+	else {
+	    printf("Failure parsing -ipu, -ipem, -ider\n");
+	    printUsage();
+	}
+    }
+    /* TPM object */
+    if (object) {
+	if (rc == 0) {
+	    name.hashAlg = inPublic.publicArea.nameAlg;
+	    if (!userWithAuth) {
+		inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_USERWITHAUTH;
+	    }
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) TSS_TPMT_PUBLIC_Print(&inPublic.publicArea, 2);
+	}
+	if (rc == 0) {
+	    written = 0;
+	    size = sizeof(marshaled.t.buffer);
+	    buffer = marshaled.t.buffer;
+
+	    rc = TSS_TPMT_PUBLIC_Marshalu(&inPublic.publicArea, &written, &buffer, &size);
+	    marshaled.t.size = written;
+	}
+    }
+    /* TPM NV Index */
+    else {
+	if (rc == 0) {
+	    name.hashAlg = nvPublic.nvPublic.nameAlg;
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) TSS_TPMS_NV_PUBLIC_Print(&nvPublic.nvPublic, 2);
+	}
+	if (rc == 0) {
+	    written = 0;
+	    size = sizeof(marshaled.t.buffer);
+	    buffer = marshaled.t.buffer;
+
+	    rc = TSS_TPMS_NV_PUBLIC_Marshalu(&nvPublic.nvPublic, &written, &buffer, &size);
+	    marshaled.t.size = written;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Hash_Generate(&name,
+			       marshaled.t.size, marshaled.t.buffer,
+			       0, NULL);
+    }
+    /* trace the Name */
+    if ((rc == 0) && noSpace) {
+	printf("%02X%02x", name.hashAlg >> 8, name.hashAlg & 0xff);
+	for (i = 0; i < TSS_GetDigestSize(name.hashAlg); i++) {
+	    printf("%02x", name.digest.tssmax[i]);
+	}
+	printf("\n");
+    }
+    /* save the Name */
+    if ((rc == 0) && (nameFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&name,
+				     (MarshalFunction_t)TSS_TPMT_HA_Marshal,
+				     nameFilename);
+    }
+    if (rc != 0) {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("publicname: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+ 
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("publicname\n");
+    printf("\n");
+    printf("Calculates the public name of an entity. There are times that a policy creator\n"
+	   "has TPM, PEM, or DER format information, but does not have access to a TPM.\n"
+	   "This utility accepts these inputs and outputs the name in the 'no spaces'\n"
+	   "format suitable for pasting into a policy.  The binary format is used in the\n"
+	   "regression test\n");
+    printf("\n");
+    printf("\t-invpu\tTPM2B_NV_PUBLIC public key file name\n");
+    printf("\t-ipu\tTPM2B_PUBLIC public key file name\n");
+    printf("\t-ipem\tPEM format public key file name\n");
+    printf("\t-ider\tDER format plaintext key pair file name]\n");
+    printf("\t[-on\tbinary format Name file name]\n");
+    printf("\t[-ns\tprint Name in hexacsii]\n");
+    printf("\n");
+    printf("\t\t-pem and -ider optional arguments\n");
+    printf("\n");
+    printf("\t[-rsa\t(default)]\n");
+    printf("\t[-ecc\t]\n");
+    printf("\t[-scheme  for signing key (default RSASSA scheme)]\n");
+    printf("\t\trsassa\n");
+    printf("\t\trsapss\n");
+    printf("\t\tnull\n");
+    printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n");
+    printf("\t[-si\tsigning (default) RSA]\n");
+    printf("\t[-st\tstorage (default NULL scheme)]\n");
+    printf("\t[-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n");
+    printf("\n");
+    exit(1);
+}
diff --git a/utils/quote.c b/utils/quote.c
new file mode 100644
index 000000000..a93554a34
--- /dev/null
+++ b/utils/quote.c
@@ -0,0 +1,437 @@
+/********************************************************************************/
+/*										*/
+/*			    Quote						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Quote_In 			in;
+    Quote_Out 			out;
+    TPMI_DH_OBJECT		signHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_HASH		palg = TPM_ALG_SHA256;
+    const char			*keyPassword = NULL; 
+    TPMI_DH_PCR 		pcrHandle = IMPLEMENTATION_PCR;
+    const char			*signatureFilename = NULL;
+    const char			*attestInfoFilename = NULL;
+    const char			*qualifyingDataFilename = NULL;
+    TPM_ALG_ID			sigAlg = TPM_ALG_RSA;
+    TPMS_ATTEST 		tpmsAttest;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+  
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    in.PCRselect.pcrSelections[0].sizeofSelect = 3;
+    in.PCRselect.pcrSelections[0].pcrSelect[0] = 0;
+    in.PCRselect.pcrSelections[0].pcrSelect[1] = 0;
+    in.PCRselect.pcrSelections[0].pcrSelect[2] = 0;
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrHandle);
+		if (pcrHandle > 23) {
+		    printf("Bad PCR handle parameter %u for -hp\n",pcrHandle);
+		    printUsage();
+		}
+		/* accumulate PCR select bits */
+		else {
+		    in.PCRselect.pcrSelections[0].pcrSelect[pcrHandle / 8] |= 1 << (pcrHandle % 8);
+		}
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &signHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-palg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    palg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    palg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    palg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    palg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -palg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-palg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    sigAlg = TPM_ALG_RSA;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    sigAlg = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    sigAlg = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oa") == 0) {
+	    i++;
+	    if (i < argc) {
+		attestInfoFilename = argv[i];
+	    }
+	    else {
+		printf("-oa option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-qd") == 0) {
+	    i++;
+	    if (i < argc) {
+		qualifyingDataFilename = argv[i];
+	    }
+	    else {
+		printf("-qd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (signHandle == 0) {
+	printf("Missing sign handle parameter -hk\n");
+	printUsage();
+    }
+    if (pcrHandle >= IMPLEMENTATION_PCR) {
+	printf("Missing PCR handle parameter -hp\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform quoting */
+	in.signHandle = signHandle;
+	/* data supplied by the caller */
+	if (sigAlg == TPM_ALG_RSA) {
+	    /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+	    in.inScheme.scheme = TPM_ALG_RSASSA;	
+	    /* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+	    /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	    /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else if (sigAlg == TPM_ALG_ECDSA) {
+	    in.inScheme.scheme = TPM_ALG_ECDSA;	
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+	else {	/* HMAC */
+	    in.inScheme.scheme = TPM_ALG_HMAC;	
+	    in.inScheme.details.hmac.hashAlg = halg;
+	}
+	/* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+	in.PCRselect.count = 1;
+	/* Table 85 - Definition of TPMS_PCR_SELECTION Structure */
+	in.PCRselect.pcrSelections[0].hash = palg;
+    }
+    if (rc == 0) {
+	if (qualifyingDataFilename != NULL) {
+	    rc = TSS_File_Read2B(&in.qualifyingData.b,
+				 sizeof(in.qualifyingData.t.buffer),
+				 qualifyingDataFilename);
+	}
+	else {
+	    in.qualifyingData.t.size = 0;
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Quote,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	uint8_t *tmpBuffer = out.quoted.t.attestationData;
+	uint32_t tmpSize = out.quoted.t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&tpmsAttest, &tmpBuffer, &tmpSize);
+	if (tssUtilsVerbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0);
+    }
+    if (rc == 0) {
+	int match;
+	match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b);
+	if (!match) {
+	    printf("quote: failed, extraData != qualifyingData\n");
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }
+    if ((rc == 0) && (attestInfoFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.quoted.t.attestationData,
+				      out.quoted.t.size,
+				      attestInfoFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0);
+	if (tssUtilsVerbose) printf("quote: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("quote: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("quote\n");
+    printf("\n");
+    printf("Runs TPM2_Quote\n");
+    printf("\n");
+    printf("\t-hp\tpcr handle (may be specified more than once)\n");
+    printf("\t-hk\tquoting key handle\n");
+    printf("\t[-pwdk\tpassword for quoting key (default empty)]\n");
+    printf("\t[-halg\tfor signing (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-palg\tfor PCR bank selection (sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n");
+    printf("\t[-qd\tqualifying data file name]\n");
+    printf("\t[-os\tquote signature file name (default do not save)]\n");
+    printf("\t[-oa\tattestation output file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/readclock.c b/utils/readclock.c
new file mode 100644
index 000000000..dba92a898
--- /dev/null
+++ b/utils/readclock.c
@@ -0,0 +1,161 @@
+/********************************************************************************/
+/*										*/
+/*			   ReadClock						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ReadClock_Out 		out;
+    const char			*timeFilename = NULL;
+    const char			*clockFilename = NULL;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-otime") == 0) {
+	    i++;
+	    if (i < argc) {
+		timeFilename = argv[i];
+	    }
+	    else {
+		printf("-otime option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oclock") == 0) {
+	    i++;
+	    if (i < argc) {
+		clockFilename = argv[i];
+	    }
+	    else {
+		printf("-oclock option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 NULL,
+			 NULL,
+			 TPM_CC_ReadClock,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* write the fields in binary host byte order */
+    if ((rc == 0) && (timeFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile((uint8_t *)&out.currentTime.time,
+				      sizeof(((TPMS_TIME_INFO *)NULL)->time),
+				      timeFilename) ;
+    }
+    if ((rc == 0) && (clockFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile((uint8_t *)&out.currentTime.clockInfo.clock,
+				      sizeof(((TPMS_TIME_INFO *)NULL)->clockInfo.clock),
+				      clockFilename);
+    }
+    if (rc == 0) {
+	TSS_TPMS_TIME_INFO_Print(&out.currentTime, 0);
+	if (tssUtilsVerbose) printf("readclock: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("readclock: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("readclock\n");
+    printf("\n");
+    printf("Runs TPM2_ReadClock\n");
+    printf("\n");
+    printf("\t[-otime    time file name (default do not save)]\n");
+    printf("\t[-oclock   clock file name (default do not save)]\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils/readpublic.c b/utils/readpublic.c
new file mode 100644
index 000000000..91d319149
--- /dev/null
+++ b/utils/readpublic.c
@@ -0,0 +1,284 @@
+/********************************************************************************/
+/*										*/
+/*			   ReadPublic 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+#include "cryptoutils.h"
+
+static void printReadPublic(ReadPublic_Out *out);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ReadPublic_In 		in;
+    ReadPublic_Out 		out;
+    TPMI_DH_PCR 		objectHandle = TPM_RH_NULL;
+    const char			*publicKeyFilename = NULL;
+    const char			*pemFilename = NULL;
+    int				noSpace = FALSE;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &objectHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-opu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemFilename = argv[i];
+	    }
+	    else {
+		printf("-opem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (objectHandle == TPM_RH_NULL) {
+	printf("Missing or bad object handle parameter -ho\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.objectHandle = objectHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ReadPublic,
+			 sessionHandle0, NULL, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the public key */
+    if ((rc == 0) && (publicKeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outPublic,
+				     (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal,
+				     publicKeyFilename);
+    }
+    /* save the optional PEM public key */
+    if ((rc == 0) && (pemFilename != NULL)) {
+	rc = convertPublicToPEM(&out.outPublic,
+				pemFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printReadPublic(&out);
+	if (noSpace) {
+	    unsigned int b;
+	    for (b = 0 ; b < out.name.t.size ; b++) {
+		printf("%02x", out.name.t.name[b]);
+	    }
+	    printf("\n");
+	}
+	if (tssUtilsVerbose) printf("readpublic: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("readpublic: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printReadPublic(ReadPublic_Out *out)
+{
+    TSS_TPMT_PUBLIC_Print(&out->outPublic.publicArea, 0);
+    TSS_PrintAll("name",
+		 out->name.t.name,
+		 out->name.t.size);
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("readpublic\n");
+    printf("\n");
+    printf("Runs TPM2_ReadPublic\n");
+    printf("\n");
+    printf("\t-ho\tobject handle\n");
+    printf("\t[-opu\tpublic key file name (default do not save)]\n");
+    printf("\t[-opem\tpublic key PEM format file name (default do not save)]\n");
+    printf("\t[-ns\tadditionally print Name in hex ascii on one line]\n");
+    printf("\t\tUseful to paste into policy\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t40\tresponse encrypt\n");
+    printf("\t80\taudit\n");
+    exit(1);	
+}
diff --git a/utils/reg.bat b/utils/reg.bat
new file mode 100644
index 000000000..1ec795acb
--- /dev/null
+++ b/utils/reg.bat
@@ -0,0 +1,383 @@
+ at echo off
+
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+set soc=
+set mssim=
+if "%TPM_INTERFACE_TYPE%" == "" (
+   set soc=1
+)
+if "%TPM_INTERFACE_TYPE%" == "socsim" (
+   set soc=1
+)
+if defined soc (
+   if "%TPM_SERVER_TYPE%" == "" (
+       set mssim=1
+   )
+   if "%TPM_SERVER_TYPE%" == "mssim" (
+      set mssim=1
+   )
+)
+
+set ITERATE_ALGS=sha1 sha256 sha384 sha512
+set BAD_ITERATE_ALGS=sha256 sha384 sha512 sha1
+
+if defined mssim (
+   call regtests\inittpm.bat
+   IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed inittpm.bat"
+      exit /B 1
+   )
+)
+
+for /f %%i in ('%TPM_EXE_PATH%getrandom -by 16 -ns') do set TPM_SESSION_ENCKEY=%%i
+echo "Session state encryption key"
+echo %TPM_SESSION_ENCKEY%
+
+call regtests\initkeys.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed initkeys.bat"
+   exit /B 1
+)
+
+call regtests\testrng.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testrng.bat"
+   exit /B 1
+)
+
+call regtests\testpcr.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testpcr.bat"
+   exit /B 1
+)
+
+call regtests\testprimary.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testprimary.bat"
+   exit /B 1
+)
+
+call regtests\testcreateloaded.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testcreateloaded.bat"
+   exit /B 1
+)
+
+call regtests\testhmacsession.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testhmacsession.bat"
+   exit /B 1
+)
+
+call regtests\testbind.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testbind.bat"
+   exit /B 1
+)
+
+call regtests\testsalt.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testsalt.bat"
+   exit /B 1
+)
+
+call regtests\testhierarchy.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testhierarchy.bat"
+   exit /B 1
+)
+
+call regtests\teststorage.bat
+IF !ERRORLEVEL! NEQ 0 (
+  echo ""
+  echo "Failed teststorage.bat"
+  exit /B 1
+)
+
+call regtests\testchangeauth.bat
+   IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testchangeauth.bat"
+   exit /B 1
+)
+
+call regtests\testencsession.bat
+IF !ERRORLEVEL! NEQ 0 (
+  echo ""
+  echo "Failed testencsession.bat"
+  exit /B 1
+)
+
+call regtests\testsign.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testsign.bat"
+   exit /B 1
+)
+
+call regtests\testnv.bat
+IF !ERRORLEVEL! NEQ 0 (
+  echo ""
+  echo "Failed testnv.bat"
+  exit /B 1
+)
+
+call regtests\testnvpin.bat
+ IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testnvpin.bat"
+   exit /B 1
+ )
+
+call regtests\testevict.bat
+IF !ERRORLEVEL! NEQ 0 (
+  echo ""
+  echo "Failed testevict.bat"
+  exit /B 1
+)
+
+call regtests\testrsa.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testrsa.bat"
+   exit /B 1
+)
+
+call regtests\testaes.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testaes.bat"
+   exit /B 1
+)
+
+call regtests\testaes138.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testaes138.bat"
+   exit /B 1
+)
+
+call regtests\testhmac.bat
+IF !ERRORLEVEL! NEQ 0 (
+  echo ""
+  echo "Failed testhmac.bat"
+  exit /B 1
+)
+
+call regtests\testattest.bat
+IF !ERRORLEVEL! NEQ 0 (
+  echo ""
+  echo "Failed testattest.bat"
+  exit /B 1
+)
+
+call regtests\testpolicy.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testpolicy.bat"
+   exit /B 1
+)
+
+call regtests\testpolicy138.bat
+IF !ERRORLEVEL! NEQ 0 (
+   echo ""
+   echo "Failed testpolicy138.bat"
+   exit /B 1
+)
+
+call regtests\testcontext.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testcontext.bat"
+  exit /B 1
+)
+
+call regtests\testclocks.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testclocks.bat"
+  exit /B 1
+)
+
+call regtests\testda.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testda.bat"
+  exit /B 1
+)
+
+call regtests\testunseal.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testunseal.bat"
+  exit /B 1
+)
+
+call regtests\testdup.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testdup.bat"
+  exit /B 1
+)
+
+call regtests\testecc.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testecc.bat"
+  exit /B 1
+)
+
+call regtests\testcredential.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testcredential.bat"
+  exit /B 1
+)
+
+call regtests\testattest155.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testattest155.bat"
+  exit /B 1
+)
+
+call regtests\testx509.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testx509.bat"
+  exit /B 1
+)
+
+call regtests\testgetcap.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testgetcap.bat"
+  exit /B 1
+)
+
+call regtests\testshutdown.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testshutdown.bat"
+  exit /B 1
+)
+
+call regtests\testchangeseed.bat
+IF !ERRORLEVEL! NEQ 0 (
+      echo ""
+      echo "Failed testchangeseed.bat"
+  exit /B 1
+)
+
+REM cleanup
+
+%TPM_EXE_PATH%flushcontext -ha 80000000
+
+rm -f dec.bin
+rm -f derpriv.bin
+rm -f derpub.bin
+rm -f despriv.bin
+rm -f despub.bin
+rm -f empty.bin
+rm -f enc.bin
+rm -f khprivsha1.bin
+rm -f khprivsha256.bin
+rm -f khprivsha384.bin
+rm -f khprivsha512.bin
+rm -f khpubsha1.bin
+rm -f khpubsha256.bin
+rm -f khpubsha384.bin
+rm -f khpubsha512.bin
+rm -f msg.bin
+rm -f noncetpm.bin
+rm -f policyapproved.bin
+rm -f prich.bin
+rm -f pritk.bin
+rm -f pssig.bin
+rm -f run.out
+rm -f sig.bin
+rm -f signeccpriv.bin
+rm -f signeccpub.bin
+rm -f signeccpub.pem
+rm -f signpriv.bin
+rm -f signpub.bin
+rm -f signpub.pem
+rm -f signpub.pem
+rm -f signrpriv.bin
+rm -f signrpub.bin
+rm -f signrpub.pem
+rm -f stoch.bin
+rm -f storeeccpriv.bin
+rm -f storeeccpub.bin
+rm -f storepriv.bin
+rm -f storepub.bin
+rm -f stotk.bin
+rm -f tkt.bin
+rm -f tmp.bin
+rm -f tmp1.bin
+rm -f tmp2.bin
+rm -f tmppriv.bin
+rm -f tmppub.bin
+rm -f tmpsha1.bin
+rm -f tmpsha256.bin
+rm -f tmpsha384.bin
+rm -f tmpsha512.bin
+rm -f tmpspriv.bin
+rm -f tmpspub.bin
+rm -f to.bin
+rm -f zero.bin
+
+echo ""
+echo "Success"
+
+exit /B 0
diff --git a/utils/reg.sh b/utils/reg.sh
new file mode 100755
index 000000000..76730ce64
--- /dev/null
+++ b/utils/reg.sh
@@ -0,0 +1,594 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2014 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# handles are
+# 80000000 platform hierarchy primary storage key
+#    password pps
+# storage key under primary
+#    password sto
+#    storepriv.bin
+# signing key under primary
+#    password sig
+#    signpriv.bin
+# RSA encryption key under primary
+#    password dec
+#    decpriv.bin
+
+# at test entry and exit, there is a platform primary key at 80000000 and
+# storage and signing keys under them, ready to load.
+# The exception is the last test case, which rolls the seeds.
+
+# This is a namespace prefix 
+# For the basic tarball, PREFIX is set to ./   (the current directory)
+
+PREFIX=./
+
+# The distro releases prefix all the TPM 2.0 utility names with tss,
+# so PREFIX is set to tss
+
+# PREFIX=tss
+
+#PREFIX="valgrind ./"
+
+# hash algorithms to be used for testing
+
+export ITERATE_ALGS="sha1 sha256 sha384 sha512"
+export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
+
+printUsage ()
+{
+    echo ""
+    echo ""
+    echo "-h help"
+    echo "-a all tests"
+    echo "-1 random number generator"
+    echo "-2 PCR"
+    echo "-3 primary keys"
+    echo "-4 createloaded - rev 146"
+    echo "-5 HMAC session - no bind or salt"
+    echo "-6 HMAC session - bind"
+    echo "-7 HMAC session - salt"
+    echo "-8 Hierarchy"
+    echo "-9 Storage"
+    echo "-10 Object Change Auth"
+    echo "-11 Encrypt and decrypt sessions"
+    echo "-12 Sign"
+    echo "-13 NV"
+    echo "-14 NV PIN Index - rev 138"
+    echo "-15 Evict control"
+    echo "-16 RSA encrypt decrypt"
+    echo "-17 AES encrypt decrypt"
+    echo "-18 AES encrypt decrypt - rev 138"
+    echo "-19 HMAC and Hash"
+    echo "-20 Attestation"
+    echo "-21 Policy"
+    echo "-22 Policy - rev 138"
+    echo "-23 Context"
+    echo "-24 Clocks and Timers"
+    echo "-25 DA logic"
+    echo "-26 Unseal"
+    echo "-27 Duplication"
+    echo "-28 ECC"
+    echo "-29 Credential"
+    echo "-30 Attestation - rev 155" 
+    echo "-31 X509 - rev 155" 
+    echo "-32 Get Capability"
+    echo "-35 Shutdown (only run for simulator)"
+    echo "-40 Tests under development (not part of all)"
+    echo ""
+    echo "-50 Change seed"
+}
+
+checkSuccess()
+{
+if [ $1 -ne 0 ]; then
+    echo " ERROR:"
+    cat run.out
+    exit 255
+else
+    echo " INFO:"
+fi
+
+}
+
+# FIXME should not increment past 254
+
+checkWarning()
+{
+if [ $1 -ne 0 ]; then
+    echo " WARN: $2"
+    ((WARN++))
+else
+    echo " INFO:"
+fi
+}
+
+checkFailure()
+{
+if [ $1 -eq 0 ]; then
+    echo " ERROR:"
+    cat run.out
+    exit 255
+else
+    echo " INFO:"
+fi
+}
+
+cleanup()
+{
+# stdout
+    rm -f run.out
+# general purpose keys
+    rm -f derpriv.bin
+    rm -f derpub.bin
+    rm -f despriv.bin
+    rm -f despub.bin
+    rm -f khprivsha1.bin
+    rm -f khprivsha256.bin
+    rm -f khprivsha384.bin
+    rm -f khprivsha512.bin
+    rm -f khpubsha1.bin
+    rm -f khpubsha256.bin
+    rm -f khpubsha384.bin
+    rm -f khpubsha512.bin
+    rm -f khrprivsha1.bin
+    rm -f khrprivsha256.bin
+    rm -f khrprivsha384.bin
+    rm -f khrprivsha512.bin
+    rm -f khrpubsha1.bin
+    rm -f khrpubsha256.bin
+    rm -f khrpubsha384.bin
+    rm -f khrpubsha512.bin
+    rm -f prich.bin
+    rm -f pritk.bin
+    rm -f signeccnfpriv.bin
+    rm -f signeccnfpub.bin
+    rm -f signeccnfpub.pem
+    rm -f signeccpriv.bin
+    rm -f signeccpub.bin
+    rm -f signeccpub.pem
+    rm -f signeccrpriv.bin
+    rm -f signeccrpub.bin
+    rm -f signeccrpub.pem
+    rm -f signrsanfpriv.bin
+    rm -f signrsanfpub.bin
+    rm -f signrsanfpub.pem
+    rm -f signrsapriv.bin
+    rm -f signrsapub.bin
+    rm -f signrsapub.pem
+    rm -f signrsarpriv.bin
+    rm -f signrsarpub.bin
+    rm -f signrsarpub.pem
+    rm -f stoch.bin
+    rm -f storeeccpriv.bin
+    rm -f storeeccpub.bin
+    rm -f storsach.bin
+    rm -f storsatk.bin
+    rm -f stotk.bin
+    rm -r storersapriv.bin
+    rm -r storersapub.bin
+
+# misc
+    rm -f dec.bin
+    rm -f enc.bin
+    rm -f msg.bin
+    rm -f noncetpm.bin
+    rm -f policyapproved.bin
+    rm -f pssig.bin
+    rm -f sig.bin
+    rm -f tkt.bin
+    rm -f tmp.bin
+    rm -f tmp1.bin
+    rm -f tmp2.bin
+    rm -f tmpsha1.bin
+    rm -f tmpsha256.bin
+    rm -f tmpsha384.bin
+    rm -f tmpsha512.bin
+    rm -f tmppriv.bin
+    rm -f tmppub.bin
+    rm -f tmpspriv.bin
+    rm -f tmpspub.bin
+    rm -f to.bin
+    rm -f zero.bin
+}
+
+initprimary()
+{
+    echo "Create a platform primary RSA storage key"
+    ${PREFIX}createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out
+    checkSuccess $?
+}
+
+
+export -f checkSuccess
+export -f checkWarning
+export -f checkFailure
+export WARN
+export PREFIX
+export -f initprimary
+# hack because the mbedtls port is incomplete
+export CRYPTOLIBRARY=`${PREFIX}getcryptolibrary`
+
+# example for running scripts with encrypted sessions, see TPM_SESSION_ENCKEY=getrandom below
+export TPM_SESSION_ENCKEY
+
+main ()
+{
+    RC=0
+    I=0
+    ((WARN=0))
+
+    if [ "$1" == "-h" ]; then
+	printUsage
+	echo ""
+	echo "crypto library is ${CRYPTOLIBRARY}"
+	echo ""
+	exit 0
+    else
+	# the MS simulator needs power up and startup
+	if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ];  then
+	    if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then
+		./regtests/inittpm.sh
+	    fi
+	fi
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	# example for running scripts with encrypted sessions, see TPM_ENCRYPT_SESSIONS above
+	# getrandom must wait until after inittpm.sh (powerup and startup)
+	TPM_SESSION_ENCKEY=`${PREFIX}getrandom -by 16 -ns`
+	./regtests/initkeys.sh
+	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((WARN=$RC))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-1" ]; then
+    	./regtests/testrng.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-2" ]; then
+    	./regtests/testpcr.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-3" ]; then
+    	./regtests/testprimary.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-4" ]; then
+    	./regtests/testcreateloaded.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+    	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-5" ]; then
+    	./regtests/testhmacsession.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-6" ]; then
+    	./regtests/testbind.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-7" ]; then
+    	./regtests/testsalt.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-8" ]; then
+    	./regtests/testhierarchy.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-9" ]; then
+    	./regtests/teststorage.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-10" ]; then
+    	./regtests/testchangeauth.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-11" ]; then
+    	./regtests/testencsession.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-12" ]; then
+    	./regtests/testsign.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-13" ]; then
+    	./regtests/testnv.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-14" ]; then
+    	./regtests/testnvpin.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-15" ]; then
+    	./regtests/testevict.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-16" ]; then
+    	./regtests/testrsa.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-17" ]; then
+    	./regtests/testaes.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-18" ]; then
+    	./regtests/testaes138.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-19" ]; then
+    	./regtests/testhmac.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-20" ]; then
+    	./regtests/testattest.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+	((WARN=$RC))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-21" ]; then
+    	./regtests/testpolicy.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-22" ]; then
+    	./regtests/testpolicy138.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-23" ]; then
+    	./regtests/testcontext.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-24" ]; then
+    	./regtests/testclocks.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-25" ]; then
+    	./regtests/testda.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-26" ]; then
+    	./regtests/testunseal.sh
+    	RC=$?
+    	if [ $RC -ne 0 ]; then
+    	    exit 255
+    	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-27" ]; then
+    	./regtests/testdup.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-28" ]; then
+    	./regtests/testecc.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-29" ]; then
+    	./regtests/testcredential.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-30" ]; then
+    	./regtests/testattest155.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-31" ]; then
+    	./regtests/testx509.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-32" ]; then
+    	./regtests/testgetcap.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-a" ] || [ "$1" == "-35" ]; then
+	# the MS simulator supports power cycling
+	if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ];  then
+	    if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then
+		./regtests/testshutdown.sh
+	    fi
+	fi
+   	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ "$1" == "-40" ]; then
+     	./regtests/testdevel.sh
+     	RC=$?
+     	if [ $RC -ne 0 ]; then
+     	    exit 255
+     	fi
+     	((I++))
+     	((WARN=$RC))
+    fi
+# this must be the last test
+    if [ "$1" == "-a" ] || [ "$1" == "-50" ]; then
+    	./regtests/testchangeseed.sh
+    	RC=$?
+	if [ $RC -ne 0 ]; then
+	    exit 255
+	fi
+	((I++))
+    fi
+    if [ $RC -ne 0 ]; then
+	echo ""
+	echo "Failed"
+	echo ""
+	exit 255
+    else
+	# -0 is a debug mode that initializes and does not clean up
+	if [ "$1" != "-0" ]; then
+	    ${PREFIX}flushcontext -ha 80000000
+	    cleanup
+	fi
+
+	echo ""
+	echo "Success - ${I} Tests ${WARN} Warnings"
+	echo ""
+    fi
+}
+
+
+main "$@"
diff --git a/utils/regtests/.cvsignore b/utils/regtests/.cvsignore
new file mode 100644
index 000000000..8ea2fe2e2
--- /dev/null
+++ b/utils/regtests/.cvsignore
@@ -0,0 +1 @@
+testdevel.sh
diff --git a/utils/regtests/initkeys.bat b/utils/regtests/initkeys.bat
new file mode 100644
index 000000000..05c386a67
--- /dev/null
+++ b/utils/regtests/initkeys.bat
@@ -0,0 +1,143 @@
+REM #############################################################################
+REM										#
+REM			TPM2 regression test					#
+REM			     Written by Ken Goldman				#
+REM		       IBM Thomas J. Watson Research Center			#
+REM										#
+REM (c) Copyright IBM Corporation 2015 - 2019					#
+REM 										#
+REM All rights reserved.							#
+REM 										#
+REM Redistribution and use in source and binary forms, with or without		#
+REM modification, are permitted provided that the following conditions are	#
+REM met:									#
+REM 										#
+REM Redistributions of source code must retain the above copyright notice,	#
+REM this list of conditions and the following disclaimer.			#
+REM 										#
+REM Redistributions in binary form must reproduce the above copyright		#
+REM notice, this list of conditions and the following disclaimer in the		#
+REM documentation and/or other materials provided with the distribution.	#
+REM 										#
+REM Neither the names of the IBM Corporation nor the names of its		#
+REM contributors may be used to endorse or promote products derived from	#
+REM this software without specific prior written permission.			#
+REM 										#
+REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+ 
+echo | set /p="1234567890123456" > msg.bin
+touch zero.bin
+
+REM try to undefine any NV index left over from a previous test.  Do not check for errors.
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 -pwdp ppp > run.out
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000003 > run.out
+
+REM same for persistent objects
+%TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
+
+echo ""
+echo "Initialize Regression Test Keys"
+echo ""
+
+echo "Create a platform primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create an RSA storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pol policies/policycccreate-auth.bin -opr storersapriv.bin -opu storersapub.bin -tk storsatk.bin -ch storsach.bin -pwdp sto -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create an ECC storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -st -kt f -kt p -opr storeeccpriv.bin -opu storeeccpub.bin -pwdp sto -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create an unrestricted RSA signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr signrsapriv.bin -opu signrsapub.bin -opem signrsapub.pem -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create an unrestricted ECC signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -si -kt f -kt p -opr signeccpriv.bin -opu signeccpub.bin -opem signeccpub.pem -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a restricted RSA signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -sir -kt f -kt p -opr signrsarpriv.bin -opu signrsarpub.bin -opem signrsarpub.pem -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a restricted ECC signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -sir -kt f -kt p -opr signeccrpriv.bin -opu signeccrpub.bin -opem signeccrpub.pem -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a not fixedTPM RSA signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -sir -opr signrsanfpriv.bin -opu signrsanfpub.bin -opem signrsanfpub.pem -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a not fixedTPM ECC signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -sir -opr signeccnfpriv.bin -opu signeccnfpub.bin -opem signeccnfpub.pem -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create an RSA decryption key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -den -kt f -kt p -opr derpriv.bin -opu derpub.bin -pwdp sto -pwdk dec > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a symmetric cipher key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -des -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp sto -pwdk aes > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create a %%H unrestricted keyed hash key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000000 -kh -kt f -kt p -opr khpriv%%H.bin -opu khpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a %%H restricted keyed hash key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000000 -khr -kt f -kt p -opr khrpriv%%H.bin -opu khrpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+exit /B 0
+
+
diff --git a/utils/regtests/initkeys.sh b/utils/regtests/initkeys.sh
new file mode 100755
index 000000000..2fb5f93de
--- /dev/null
+++ b/utils/regtests/initkeys.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo -n "1234567890123456" > msg.bin
+touch zero.bin
+
+# try to undefine any NV index left over from a previous test.  Do not check for errors.
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+${PREFIX}nvundefinespace -hi p -ha 01000000 -pwdp ppp > run.out
+${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out
+${PREFIX}nvundefinespace -hi o -ha 01000002 > run.out
+${PREFIX}nvundefinespace -hi o -ha 01000003 > run.out
+# same for persistent objects
+${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
+
+echo ""
+echo "Initialize Regression Test Keys"
+echo ""
+
+# Create a platform primary RSA storage key
+initprimary
+
+echo "Create an RSA storage key under the primary key"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pol policies/policycccreate-auth.bin -opr storersapriv.bin -opu storersapub.bin -tk storsatk.bin -ch storsach.bin -pwdp sto -pwdk sto > run.out
+checkSuccess $?
+
+echo "Create an ECC storage key under the primary key"
+${PREFIX}create -hp 80000000 -ecc nistp256 -st -kt f -kt p -opr storeeccpriv.bin -opu storeeccpub.bin -pwdp sto -pwdk sto > run.out
+checkSuccess $?
+
+echo "Create an unrestricted RSA signing key under the primary key"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr signrsapriv.bin -opu signrsapub.bin -opem signrsapub.pem -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Create an unrestricted ECC signing key under the primary key"
+${PREFIX}create -hp 80000000 -ecc nistp256 -si -kt f -kt p -opr signeccpriv.bin -opu signeccpub.bin -opem signeccpub.pem -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Create a restricted RSA signing key under the primary key"
+${PREFIX}create -hp 80000000 -sir -kt f -kt p -opr signrsarpriv.bin -opu signrsarpub.bin -opem signrsarpub.pem -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Create an restricted ECC signing key under the primary key"
+${PREFIX}create -hp 80000000 -ecc nistp256 -sir -kt f -kt p -opr signeccrpriv.bin -opu signeccrpub.bin -opem signeccrpub.pem -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Create a not fixedTPM RSA signing key under the primary key"
+${PREFIX}create -hp 80000000 -sir -opr signrsanfpriv.bin -opu signrsanfpub.bin -opem signrsanfpub.pem -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Create a not fixedTPM ECC signing key under the primary key"
+${PREFIX}create -hp 80000000 -ecc nistp256 -sir -opr signeccnfpriv.bin -opu signeccnfpub.bin -opem signeccnfpub.pem -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Create an RSA decryption key under the primary key"
+${PREFIX}create -hp 80000000 -den -kt f -kt p -opr derpriv.bin -opu derpub.bin -pwdp sto -pwdk dec > run.out
+checkSuccess $?
+
+echo "Create a symmetric cipher key under the primary key"
+${PREFIX}create -hp 80000000 -des -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp sto -pwdk aes > run.out
+RC=$?
+checkWarning $RC "Symmetric cipher key may not support sign attribute"
+
+if [ $RC -ne 0 ]; then
+    echo "Create a rev 116 symmetric cipher key under the primary key"
+    ${PREFIX}create -hp 80000000 -des -116 -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp sto -pwdk aes > run.out
+    checkSuccess $?
+fi
+
+for HALG in ${ITERATE_ALGS}
+
+do
+
+    echo "Create a ${HALG} unrestricted keyed hash key under the primary key"
+    ${PREFIX}create -hp 80000000 -kh -kt f -kt p -opr khpriv${HALG}.bin -opu khpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "Create a ${HALG} restricted keyed hash key under the primary key"
+    ${PREFIX}create -hp 80000000 -khr -kt f -kt p -opr khrpriv${HALG}.bin -opu khrpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out
+    checkSuccess $?
+
+
+
+done
+
+exit ${WARN}
diff --git a/utils/regtests/inittpm.bat b/utils/regtests/inittpm.bat
new file mode 100644
index 000000000..bfd094213
--- /dev/null
+++ b/utils/regtests/inittpm.bat
@@ -0,0 +1,79 @@
+REM #############################################################################
+REM										#
+REM			TPM2 regression test					#
+REM			     Written by Ken Goldman				#
+REM		       IBM Thomas J. Watson Research Center			#
+REM		$Id: inittpm.bat 1276 2018-07-23 19:25:13Z kgoldman $		#
+REM										#
+REM (c) Copyright IBM Corporation 2015, 2018					#
+REM 										#
+REM All rights reserved.							#
+REM 										#
+REM Redistribution and use in source and binary forms, with or without		#
+REM modification, are permitted provided that the following conditions are	#
+REM met:									#
+REM 										#
+REM Redistributions of source code must retain the above copyright notice,	#
+REM this list of conditions and the following disclaimer.			#
+REM 										#
+REM Redistributions in binary form must reproduce the above copyright		#
+REM notice, this list of conditions and the following disclaimer in the		#
+REM documentation and/or other materials provided with the distribution.	#
+REM 										#
+REM Neither the names of the IBM Corporation nor the names of its		#
+REM contributors may be used to endorse or promote products derived from	#
+REM this software without specific prior written permission.			#
+REM 										#
+REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo "Power cycle"
+%TPM_EXE_PATH%powerup -v > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Startup"
+%TPM_EXE_PATH%startup -c -v > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Get Test Result"
+%TPM_EXE_PATH%gettestresult > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Allocate PCRs for SHA-1, SHA-256, SHA-384 SHA-512 PCRs"
+%TPM_EXE_PATH%pcrallocate +sha1 +sha256 +sha384 +sha512 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Power cycle"
+%TPM_EXE_PATH%powerup -v > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Startup"
+%TPM_EXE_PATH%startup -c -v > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+exit /B 0
diff --git a/utils/regtests/inittpm.sh b/utils/regtests/inittpm.sh
new file mode 100755
index 000000000..eaefab4cc
--- /dev/null
+++ b/utils/regtests/inittpm.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: inittpm.sh 1277 2018-07-23 20:30:23Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Initialize TPM"
+echo ""
+
+echo "Power cycle"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup"
+${PREFIX}startup -c > run.out
+checkSuccess $?
+
+echo "Get Test Result"
+${PREFIX}gettestresult > run.out
+checkSuccess $?
+
+echo "Allocate initial SHA-1, SHA-256, SHA-384 SHA-512 PCRs"
+${PREFIX}pcrallocate +sha1 +sha256 +sha384 +sha512 > run.out
+checkSuccess $?
+    
+echo "Power cycle"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup"
+${PREFIX}startup -c > run.out
+checkSuccess $?
+
diff --git a/utils/regtests/testaes.bat b/utils/regtests/testaes.bat
new file mode 100644
index 000000000..9220824f1
--- /dev/null
+++ b/utils/regtests/testaes.bat
@@ -0,0 +1,143 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testaes.bat 1301 2018-08-15 21:46:19Z kgoldman $		#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "AES symmetric key"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+
+    echo "Load the symmetric cipher key under the primary key %%~S"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Encrypt using the symmetric cipher key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Decrypt using the symmetric cipher key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Encrypt using the symmetric cipher key 0 length message %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if zero.bin -of enc.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Decrypt using the symmetric cipher key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    diff zero.bin dec.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Flush the symmetric cipher key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Create a primary symmetric cipher key %%~S"
+    %TPM_EXE_PATH%createprimary -des -pwdk aesp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+ 
+    echo "Encrypt using the symmetric cipher primary key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Decrypt using the symmetric cipher primary key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Flush the symmetric cipher key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+REM getcapability -cap 1 -pr 80000000
+REM getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testaes.sh b/utils/regtests/testaes.sh
new file mode 100755
index 000000000..dd0d5580b
--- /dev/null
+++ b/utils/regtests/testaes.sh
@@ -0,0 +1,114 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testaes.sh 1301 2018-08-15 21:46:19Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "AES symmetric key"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Load the symmetric cipher key under the primary key ${SESS}"
+    ${PREFIX}load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Encrypt using the symmetric cipher key ${SESS}"
+    ${PREFIX}encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Decrypt using the symmetric cipher key ${SESS}"
+    ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    checkSuccess $?
+
+    echo "Encrypt using the symmetric cipher key 0 length message ${SESS}"
+    ${PREFIX}encryptdecrypt -hk 80000001 -if zero.bin -of enc.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Decrypt using the symmetric cipher key ${SESS}"
+    ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    diff zero.bin dec.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the symmetric cipher key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Create a primary symmetric cipher key ${SESS}"
+    ${PREFIX}createprimary -des -pwdk aesp ${SESS} > run.out
+    checkSuccess $?
+ 
+    echo "Encrypt using the symmetric cipher primary key ${SESS}"
+    ${PREFIX}encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp ${SESS}> run.out
+    checkSuccess $?
+
+    echo "Decrypt using the symmetric cipher primary key ${SESS}"
+    ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp ${SESS}> run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the symmetric cipher key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testaes138.bat b/utils/regtests/testaes138.bat
new file mode 100644
index 000000000..a2d17b120
--- /dev/null
+++ b/utils/regtests/testaes138.bat
@@ -0,0 +1,142 @@
+REM #################################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #	$Id: testaes.sh 714 2016-08-11 21:46:03Z kgoldman $			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015, 2016					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "AES symmetric key"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Load the symmetric cipher key under the primary key %%~S"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Encrypt using the symmetric cipher key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Decrypt using the symmetric cipher key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Encrypt using the symmetric cipher key 0 length message %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if zero.bin -of enc.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Decrypt using the symmetric cipher key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    diff zero.bin dec.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+    
+    echo "Flush the symmetric cipher key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary symmetric cipher key %%~S"
+    %TPM_EXE_PATH%createprimary -des -pwdk aesp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+ 
+    echo "Encrypt using the symmetric cipher primary key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp %%~S> run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Decrypt using the symmetric cipher primary key %%~S"
+    %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp %%~S> run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the symmetric cipher key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000
+REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testaes138.sh b/utils/regtests/testaes138.sh
new file mode 100755
index 000000000..49eb6fed8
--- /dev/null
+++ b/utils/regtests/testaes138.sh
@@ -0,0 +1,114 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testaes.sh 714 2016-08-11 21:46:03Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "AES symmetric key"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Load the symmetric cipher key under the primary key ${SESS}"
+    ${PREFIX}load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp sto ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Encrypt using the symmetric cipher key ${SESS}"
+    ${PREFIX}encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Decrypt using the symmetric cipher key ${SESS}"
+    ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    checkSuccess $?
+
+    echo "Encrypt using the symmetric cipher key 0 length message ${SESS}"
+    ${PREFIX}encryptdecrypt -2 -hk 80000001 -if zero.bin -of enc.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Decrypt using the symmetric cipher key ${SESS}"
+    ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    diff zero.bin dec.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the symmetric cipher key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Create a primary symmetric cipher key ${SESS}"
+    ${PREFIX}createprimary -des -pwdk aesp ${SESS} > run.out
+    checkSuccess $?
+ 
+    echo "Encrypt using the symmetric cipher primary key ${SESS}"
+    ${PREFIX}encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp ${SESS}> run.out
+    checkSuccess $?
+
+    echo "Decrypt using the symmetric cipher primary key ${SESS}"
+    ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp ${SESS}> run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    diff msg.bin dec.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the symmetric cipher key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testattest.bat b/utils/regtests/testattest.bat
new file mode 100644
index 000000000..5db9991bf
--- /dev/null
+++ b/utils/regtests/testattest.bat
@@ -0,0 +1,580 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2018 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Attestation"
+echo ""
+
+echo "Load the RSA signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the ECC signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Define Space"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read Public, unwritten Name"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    for %%H in (%ITERATE_ALGS%) do (
+
+    	for %%A in (rsa ecc) do (
+
+		IF "%%A" == "rsa" (
+		   set K=80000001
+		)
+		IF "%%A" == "ecc" (
+		   set K=80000002
+		)		
+
+		echo "Signing Key Self Certify %%H %%A %%~S"
+		%TPM_EXE_PATH%certify -hk !K! -ho 80000001 -halg %%H -pwdk sig -pwdo sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Verify the %%A signature %%H"
+		%TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Quote %%H %%A %%~S"
+		%TPM_EXE_PATH%quote -hp 0 -hk !K! -halg %%H -palg %%H -pwdk sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Verify the %%A signature %%H"
+		%TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Get Time %%H %%A %%~S"
+		%TPM_EXE_PATH%gettime -hk !K! -halg %%H -pwdk sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Verify the %%A signature %%H"
+		%TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "NV Certify %%H %%A %%~S"
+		%TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk !K! -pwdk sig -halg %%H -sz 16 %%~S -os sig.bin -oa tmp.bin -salg %%A > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Verify the %%A signature %%H"
+		%TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Set command audit digest ${HALG}"
+		%TPM_EXE_PATH%setcommandcodeauditstatus -hi p -halg null -clr 00000144 > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+
+		echo "Get command audit digest %%H %%A %%~S"
+		%TPM_EXE_PATH%getcommandauditdigest -hk !K! -halg %%H %%~S -pwdk sig -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	
+		echo "Verify the %%A signature"
+		%TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		exit /B 1
+		)
+	)
+    )
+)
+
+echo "Flush the RSA attestation key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the ECC attestation key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Attestation with an HMAC key"
+echo ""
+
+echo "Generate an HMAC key"
+%TPM_EXE_PATH%getrandom -by 32 -of tmphkey.bin -ns > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create a %%H HMAC key"
+    %TPM_EXE_PATH%create -hp 80000000 -pwdp sto -kh -halg %%H -if tmphkey.bin -opu tmppub.bin -opr tmppriv.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Load the %%H HMAC key"
+    %TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Signing Key Self Certify with an HMAC key %%H"
+    %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using TPM"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using OpenSSL"
+    %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Quote with an HMAC key %%H"
+    %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using TPM"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using OpenSSL"
+    %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Gettime signed with an HMAC key %%H"
+    %TPM_EXE_PATH%gettime -hk 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using TPM"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using OpenSSL"
+    %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Certify with an HMAC key %%H"
+    %TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk 80000001 -halg %%H -salg hmac -sz 16 -os sig.bin -oa tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using TPM"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using OpenSSL"
+    %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Get command audit digest with an HMAC key %%H"
+    %TPM_EXE_PATH%getcommandauditdigest -hk 80000001 -halg %%H -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using TPM"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature %%H using OpenSSL"
+    %TPM_EXE_PATH%verifysignature -halg %%H -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the %%H HMAC key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Audit"
+echo ""
+
+REM 80000001 signing key
+REM 02000000 hmac and audit session
+
+echo ""
+echo "Audit with one session"
+echo ""
+
+echo "Load the audit signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%B in ("" "-bi 80000001 -pwdb sig") do (
+
+    for %%H in (%ITERATE_ALGS%) do (
+    
+
+    echo "Start an HMAC auth session %%H %%~B"
+    %TPM_EXE_PATH%startauthsession -se h -halg %%H %%~B > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest %%H"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin -se0 02000000 81 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest %%H"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin -se0 02000000 81  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get Session Audit Digest %%H"
+    %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -hk 80000001 -pwdk sig -halg %%H -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the signature %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the session"
+    %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    )
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM 80000001 signing key
+REM 02000000 hmac session
+REM 02000001 audit session
+
+echo ""
+echo "Audit with HMAC and audit sessions"
+echo ""
+
+echo "Load the audit signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    for %%H in (%ITERATE_ALGS%) do (
+
+       echo "Start an audit session %%H"
+       %TPM_EXE_PATH%startauthsession -se h -halg %%H > run.out
+       IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+       )
+    
+       echo "Sign a digest %%H"
+       %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin -se0 02000001 81 > run.out
+       IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+       )
+    
+       echo "Get Session Audit Digest %%~S"
+       %TPM_EXE_PATH%getsessionauditdigest -hs 02000001 -hk 80000001 -pwdk sig -os sig.bin -oa tmp.bin %%~S -qd policies/aaa > run.out
+       IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+       )
+    
+       echo "Verify the signature"
+       %TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out
+       IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+       )
+    
+       echo "Flush the session"
+       %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out
+       IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+       )
+    
+    )
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Certify Creation"
+echo ""
+
+echo "Load the RSA signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Certify the creation data for the primary key 80000000"
+%TPM_EXE_PATH%certifycreation -ho 80000000 -hk 80000001 -pwdk sig -tk pritk.bin -ch prich.bin -os sig.bin -oa tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the RSA storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Certify the creation data for the storage key 80000002"
+%TPM_EXE_PATH%certifycreation -ho 80000002 -hk 80000001 -pwdk sig -tk storsatk.bin -ch storsach.bin -os sig.bin -oa tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Audit a PCR Read"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Start an audit session %%H"
+    %TPM_EXE_PATH%startauthsession -se h -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR 16 reset"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    cp policies/zero%%H.bin tmpdigestr.bin
+
+    echo "PCR 16 read %%H"
+    %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -se0 02000000 81 -ahalg %%H -iosad tmpdigestr.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get session audit digest"
+    %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Check session audit digest"
+    diff tmpdigestr.bin tmpdigestg.bin
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Extend PCR 16"
+    %TPM_EXE_PATH%pcrextend -ha 16 -halg %%H -ic aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR 16 read %%H"
+    %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -se0 02000000 81 -ahalg %%H -iosad tmpdigestr.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+     echo "Get session audit digest"
+    %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Check session audit digest"
+    diff tmpdigestr.bin tmpdigestg.bin
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the audit session"
+    %TPM_EXE_PATH%flushcontext -ha 02000000
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+REM cleanup
+
+rm -f tmppriv.bin
+rm -f tmppub.bin
+rm -f tmpdigestr.bin
+rm -f tmpdigestg.bin
+rm -f sig.bin
+rm -f tmp.bin
+
+exit /B 0
+
+REM getcapability -cap 1 -pr 80000000
+REM getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testattest.sh b/utils/regtests/testattest.sh
new file mode 100755
index 000000000..d75855a1f
--- /dev/null
+++ b/utils/regtests/testattest.sh
@@ -0,0 +1,442 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Attestation"
+echo ""
+
+
+# 80000001 RSA signing key
+# 80000002 ECC signing key
+
+echo "Load the RSA signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Load the ECC signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "NV Define Space"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out
+checkSuccess $?
+
+echo "NV Read Public, unwritten Name"
+${PREFIX}nvreadpublic -ha 01000000 > run.out
+checkSuccess $?
+
+echo "NV write"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out
+checkSuccess $?
+
+echo "Start an HMAC session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	for SALG in rsa ecc
+	do
+
+	    if [ ${SALG} == rsa ]; then
+		HANDLE=80000001
+	    else
+		HANDLE=80000002
+	    fi
+
+	    echo "Signing Key Self Certify ${HALG} ${SALG} ${SESS}"
+	    ${PREFIX}certify -hk ${HANDLE} -ho 80000001 -halg ${HALG} -pwdk sig -pwdo sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out
+	    checkSuccess $?
+
+	    echo "Verify the ${SALG} signature ${HALG}"
+	    ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	    checkSuccess $?
+
+	    echo "Quote ${HALG} ${SALG} ${SALG} ${SESS}"
+	    ${PREFIX}quote -hp 0 -hk ${HANDLE} -halg ${HALG} -palg ${HALG} -pwdk sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out
+	    checkSuccess $?
+
+	    echo "Verify the ${SALG} signature ${HALG}"
+	    ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	    checkSuccess $?
+
+	    echo "Get Time ${HALG} ${SALG} ${SESS}"
+	    ${PREFIX}gettime -hk ${HANDLE} -halg ${HALG} -pwdk sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out
+	    checkSuccess $?
+
+	    echo "Verify the ${SALG} signature ${HALG}"
+	    ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	    checkSuccess $?
+
+	    echo "NV Certify ${HALG} ${SALG} ${SESS}"
+	    ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk ${HANDLE} -pwdk sig -halg ${HALG} -sz 16 ${SESS} -os sig.bin -oa tmp.bin -salg ${SALG} > run.out
+	    checkSuccess $?
+
+	    echo "Verify the ${SALG} signature ${HALG}"
+	    ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	    checkSuccess $?
+
+	    echo "Set command audit digest ${HALG}"
+	    ${PREFIX}setcommandcodeauditstatus -hi p -halg null -clr 00000144 > run.out
+	    checkSuccess $?
+
+	    echo "Get command audit digest ${HALG} ${SALG} ${SESS}"
+	    ${PREFIX}getcommandauditdigest -hk ${HANDLE} -halg ${HALG} ${SESS} -pwdk sig -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out
+	    checkSuccess $?
+
+	    echo "Verify the ${SALG} signature ${HALG}"
+	    ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	    checkSuccess $?
+
+	done
+    done
+done
+
+echo "Flush the RSA attestation key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the ECC attestation key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Attestation with an HMAC key"
+echo ""
+
+echo "Generate an HMAC key"
+${PREFIX}getrandom -by 32 -of tmphkey.bin -ns > run.out
+checkSuccess $?
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Create a ${HALG} HMAC key ${HMACKEY}"
+    ${PREFIX}create -hp 80000000 -pwdp sto -kh -halg ${HALG} -if tmphkey.bin -opu tmppub.bin -opr tmppriv.bin > run.out
+    checkSuccess $?
+
+    echo "Load the ${HALG} HMAC key"
+    ${PREFIX}load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+    checkSuccess $?
+
+    echo "Signing Key Self Certify with an HMAC key ${HALG}"
+    ${PREFIX}certify -hk 80000001 -ho 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using TPM"
+    ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using OpenSSL"
+    ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    checkSuccess $?
+
+    echo "Quote with an HMAC key ${HALG}"
+    ${PREFIX}quote -hp 0 -hk 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using TPM"
+    ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using OpenSSL"
+    ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    checkSuccess $?
+
+    echo "Gettime signed with an HMAC key ${HALG}"
+    ${PREFIX}gettime -hk 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using TPM"
+    ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using OpenSSL"
+    ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    checkSuccess $?
+
+    echo "NV Certify with an HMAC key ${HALG}"
+    ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk 80000001 -halg ${HALG} -salg hmac -sz 16 -os sig.bin -oa tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using TPM"
+    ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using OpenSSL"
+    ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    checkSuccess $?
+
+    echo "Get command audit digest with an HMAC key ${HALG}"
+    ${PREFIX}getcommandauditdigest -hk 80000001 -halg ${HALG} -salg hmac -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using TPM"
+    ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature ${HALG} using OpenSSL"
+    ${PREFIX}verifysignature -halg ${HALG} -if tmp.bin -is sig.bin -ihmac tmphkey.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the ${HALG} HMAC key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Audit"
+echo ""
+
+# 80000001 signing key
+# 02000000 hmac and audit session
+
+echo ""
+echo "Audit with one session"
+echo ""
+
+echo "Load the audit signing key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+for BIND in "" "-bi 80000001 -pwdb sig"
+do
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	echo "Start an HMAC auth session ${HALG} ${BIND}"
+	${PREFIX}startauthsession -se h -halg ${HALG} ${BIND} > run.out
+	checkSuccess $?
+
+	echo "Sign a digest ${HALG}"
+	${PREFIX}sign -hk 80000001 -halg ${HALG} -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin -se0 02000000 81 > run.out
+	checkSuccess $?
+
+	echo "Sign a digest ${HALG}"
+	${PREFIX}sign -hk 80000001 -halg ${HALG} -if policies/aaa -os sig.bin -pwdk sig -se0 02000000 81 -ipu signrsapub.bin > run.out
+	checkWarning $? "Interaction between bind and audit session response HMAC may not be fixed"
+
+	echo "Get Session Audit Digest ${HALG}"
+	${PREFIX}getsessionauditdigest -hs 02000000 -hk 80000001 -pwdk sig -halg ${HALG} -os sig.bin -oa tmp.bin -qd policies/aaa > run.out
+	checkSuccess $?
+
+	echo "Verify the signature ${HALG}"
+	${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the session"
+	${PREFIX}flushcontext -ha 02000000 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# 80000001 signing key
+# 02000000 hmac session
+# 02000001 audit session
+
+echo ""
+echo "Audit with HMAC and audit sessions"
+echo ""
+
+echo "Load the audit signing key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	echo "Start an audit session ${HALG}"
+	${PREFIX}startauthsession -se h -halg ${HALG} > run.out
+	checkSuccess $?
+
+	echo "Sign a digest ${HALG}"
+	${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin -se0 02000001 81 > run.out
+	checkSuccess $?
+
+	echo "Get Session Audit Digest ${SESS}"
+	${PREFIX}getsessionauditdigest -hs 02000001 -hk 80000001 -pwdk sig -os sig.bin -oa tmp.bin ${SESS} -qd policies/aaa > run.out
+	checkSuccess $?
+
+	echo "Verify the signature"
+	${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the session"
+	${PREFIX}flushcontext -ha 02000001 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Certify Creation"
+echo ""
+
+echo "Load the RSA signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Certify the creation data for the primary key 80000000"
+${PREFIX}certifycreation -ho 80000000 -hk 80000001 -pwdk sig -tk pritk.bin -ch prich.bin -os sig.bin -oa tmp.bin > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out
+checkSuccess $?
+
+echo "Load the RSA storage key under the primary key"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Certify the creation data for the storage key 80000002"
+${PREFIX}certifycreation -ho 80000002 -hk 80000001 -pwdk sig -tk storsatk.bin -ch storsach.bin -os sig.bin -oa tmp.bin > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out
+checkSuccess $?
+
+echo "Flush the storage key 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the signing key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Audit a PCR Read"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Start an audit session ${HALG}"
+    ${PREFIX}startauthsession -se h -halg  ${HALG} > run.out
+    checkSuccess $?
+
+    echo "PCR 16 reset"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    cp policies/zero${HALG}.bin tmpdigestr.bin
+
+    echo "PCR 16 read ${HALG}"
+    ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${HALG} -iosad tmpdigestr.bin > run.out
+    checkSuccess $?
+
+    echo "Get session audit digest"
+    ${PREFIX}getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out
+    checkSuccess $?
+
+    echo "Check session audit digest"
+    diff tmpdigestr.bin tmpdigestg.bin
+    checkSuccess $?
+
+    echo "Extend PCR 16"
+    ${PREFIX}pcrextend -ha 16 -halg ${HALG} -ic aaa > run.out
+    checkSuccess $?
+
+    echo "PCR 16 read ${HALG}"
+    ${PREFIX}pcrread -ha 16 -halg ${HALG} -se0 02000000 81 -ahalg ${HALG} -iosad tmpdigestr.bin > run.out
+    checkSuccess $?
+
+     echo "Get session audit digest"
+    ${PREFIX}getsessionauditdigest -hs 02000000 -od tmpdigestg.bin > run.out
+    checkSuccess $?
+
+    echo "Check session audit digest"
+    diff tmpdigestr.bin tmpdigestg.bin
+    checkSuccess $?
+
+    echo "Flush the audit session"
+    ${PREFIX}flushcontext -ha 02000000
+    checkSuccess $?
+
+done
+
+# cleanup
+
+rm -f tmppriv.bin
+rm -f tmppub.bin
+rm -f tmpdigestr.bin
+rm -f tmpdigestg.bin
+rm -f sig.bin
+rm -f tmp.bin
+rm -f tmphkey.bin
+
+exit ${WARN}
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testattest155.bat b/utils/regtests/testattest155.bat
new file mode 100644
index 000000000..8f4de889c
--- /dev/null
+++ b/utils/regtests/testattest155.bat
@@ -0,0 +1,162 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Attestation - rev 155"
+echo ""
+
+rem # 80000001 RSA signing key
+rem # 80000002 ECC signing key
+
+echo "Load the RSA signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the ECC signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Define Space"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read Public, unwritten Name"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if msg.bin -v > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    for %%H in (%ITERATE_ALGS%) do (
+
+	for %%A in (rsa ecc) do (
+
+		IF "%%A" == "rsa" (
+		   set K=80000001
+		)
+		IF "%%A" == "ecc" (
+		   set K=80000002
+		)		
+
+	    echo "NV Certify a digest %%H %%A %%~S"
+	    %TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk !K! -pwdk sig -halg %%H -sz 0 %%~S -os sig.bin -oa tmp.bin -salg %%A -od tmpdigest1.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Verify the %%A signature %%H"
+	    %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "NV read"
+	    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -of tmpdata.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Digest the hashed and certified NV data %%H"
+	    %TPM_EXE_PATH%hash -halg %%H -if tmpdata.bin -oh tmpdigest2.bin
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Check the digest %%H results"
+	    diff tmpdigest1.bin tmpdigest2.bin
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	)
+    )
+)
+
+echo "Flush the RSA attestation key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the ECC attestation key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+rem # cleanup
+
+rm tmpdigest1.bin
+rm tmpdata.bin
+rm tmpdigest2.bin
+
+exit /B 0
diff --git a/utils/regtests/testattest155.sh b/utils/regtests/testattest155.sh
new file mode 100755
index 000000000..7ef5e41d8
--- /dev/null
+++ b/utils/regtests/testattest155.sh
@@ -0,0 +1,132 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2019						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Attestation - rev 155"
+echo ""
+
+# 80000001 RSA signing key
+# 80000002 ECC signing key
+
+echo "Load the RSA signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Load the ECC signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "NV Define Space"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out
+checkSuccess $?
+
+echo "NV Read Public, unwritten Name"
+${PREFIX}nvreadpublic -ha 01000000 > run.out
+checkSuccess $?
+
+echo "NV write"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out
+checkSuccess $?
+
+echo "Start an HMAC session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	for SALG in rsa ecc
+	do
+
+	    if [ ${SALG} == rsa ]; then
+		HANDLE=80000001
+	    else
+		HANDLE=80000002
+	    fi
+
+	    echo "NV Certify a digest ${HALG} ${SALG} ${SESS}"
+	    ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk ${HANDLE} -pwdk sig -halg ${HALG} -sz 0 ${SESS} -os sig.bin -oa tmp.bin -salg ${SALG} -od tmpdigest1.bin > run.out
+	    checkSuccess $?
+
+	    echo "Verify the ${SALG} signature ${HALG}"
+	    ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out
+	    checkSuccess $?
+
+	    echo "NV read"
+	    ${PREFIX}nvread -ha 01000000 -pwdn nnn -of tmpdata.bin > run.out
+	    checkSuccess $?
+
+	    echo "Digest the hashed and certified NV data ${HALG}"
+	    ${PREFIX}hash -halg ${HALG} -if tmpdata.bin -oh tmpdigest2.bin
+	    checkSuccess $?
+
+	    echo "Check the digest ${HALG} results"
+	    diff tmpdigest1.bin tmpdigest2.bin
+	    checkSuccess $?
+
+	done
+    done
+done
+
+echo "Flush the RSA attestation key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the ECC attestation key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# cleanup
+
+rm -f tmpdigest1.bin
+rm -f tmpdata.bin
+rm -f tmpdigest2.bin
diff --git a/utils/regtests/testbind.bat b/utils/regtests/testbind.bat
new file mode 100644
index 000000000..8bbad8374
--- /dev/null
+++ b/utils/regtests/testbind.bat
@@ -0,0 +1,658 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #	$Id: testbind.bat 1278 2018-07-23 21:20:42Z kgoldman $			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+REM 
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Bind session"
+echo ""
+
+echo ""
+echo "Bind session to Primary Key"
+echo ""
+
+echo "Bind session bound to primary key at 80000000"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000000 -pwdb sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create storage key using that bind session, same object 80000000"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create storage key using that bind session, same object 80000000, wrong password does not matter"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create second primary key with different password 000 and Name"
+%TPM_EXE_PATH%createprimary -hi o -pwdk 000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Bind session bound to second primary key at 80000001, correct password"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb 000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session, different object 80000000"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session, different object 80000000, wrong password - should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 1 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+       )
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Bind session bound to primary key at 80000000, wrong password"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000000 -pwdb xxx > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session, same object 80000000 - should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+       )
+
+echo "Flush the failing session"
+%TPM_EXE_PATH%flushcontext -ha 02000000  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the second primary key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo ""
+echo "Bind session to Hierarchy"
+echo ""
+
+echo "Change platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Bind session bound to platform hierarchy"
+%TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session, wrong password - should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Bind session bound to platform hierarchy, wrong password"
+%TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb xxx > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session - should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+       )
+
+echo "Change platform hierarchy auth back to null"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo ""
+echo "Bind session to NV"
+echo ""
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+
+echo "NV Define Space"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 3 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "NV Read Public, unwritten Name"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Bind session bound to unwritten NV index at 01000000"
+%TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "NV write HMAC using bind session to set written"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Bind session bound to written NV index at 01000000"
+%TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "NV Write HMAC using bind session"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 1  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "NV Read HMAC using bind session"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 -se0 02000000 1  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "NV Read HMAC using bind session, wrong password does not matter"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn xxx -sz 3 -se0 02000000 1  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create storage key using that bind session"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo ""
+echo "Encrypt with bind to same object"
+echo ""
+
+for %%M in (xor aes) do (
+
+    echo "Start an HMAC auth session with %%M encryption and bind to primary key at 80000000"
+    %TPM_EXE_PATH%startauthsession -se h -sym %%M -bi 80000000 -pwdb sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Create storage key using bind session, same object, wrong password"
+    %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Create storage key using bind session, same object 80000000"
+    %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Load the key, with %%M encryption"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush the sealed object"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush the %%M session"
+    %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+)
+
+echo ""
+echo "Encrypt with bind to different object"
+echo ""
+
+for %%M in (xor aes) do (
+
+    echo "Start an HMAC auth session with %%M encryption and bind to platform auth"
+    %TPM_EXE_PATH%startauthsession -se h -sym %%M -bi 4000000c > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Create storage key using bind session, different object, wrong password, should fail"
+    %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+      exit /B 1
+        )
+
+    echo "Create storage key using bind session, different object"
+    %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Load the key, with %%M encryption"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush the sealed object"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush the %%M session"
+    %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+)
+
+echo ""
+echo "Encrypt with bind to different object, xor"
+echo ""
+
+echo "Start an HMAC auth session with xor encryption and bind to platform auth"
+%TPM_EXE_PATH%startauthsession -se h -sym xor -bi 4000000c > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Create storage key using bind session, different object, wrong password, should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+    )
+
+echo "Create storage key using bind session, different object"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Load the key, with xor encryption"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Flush the sealed object"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Flush the xor session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo ""
+echo "Encrypt with bind to different object, aes"
+echo ""
+
+echo "Start an HMAC auth session with aes encryption and bind to platform auth"
+%TPM_EXE_PATH%startauthsession -se h -sym aes -bi 4000000c > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Create storage key using bind session, different object, wrong password, should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+    )
+
+echo "Create storage key using bind session, different object"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Load the key, with aes encryption"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Flush the sealed object"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo "Flush the aes session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+   )
+
+echo ""
+echo "PolicyAuthValue and bind to different object, command encryption"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign, auth"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Start a policy session, bind to primary key"
+%TPM_EXE_PATH%startauthsession -se p -bi 80000000 -pwdb sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy authvalue"
+%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Sign a digest - policy, command encrypt"
+%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo ""
+echo "PolicyAuthValue and bind to same object, command encryption"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign, auth"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sig > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy authvalue"
+%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Sign a digest - policy, command encrypt"
+%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo ""
+echo "PolicyAuthValue and bind to different object, response encryption"
+echo ""
+
+echo "Create a storage key under the primary key - policy command code - create, auth"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Start a policy session, bind to primary key"
+%TPM_EXE_PATH%startauthsession -se p -bi 80000000 -pwdb sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy command code - create"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy authvalue"
+%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create a signing key with response encryption"
+%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Load the signing key to verify response encryption"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo ""
+echo "PolicyAuthValue and bind to same object, response encryption"
+echo ""
+
+echo "Create a storage key under the primary key - policy command code - create, auth"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Start a policy session, bind to storage key"
+%TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy command code - create"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Policy authvalue"
+%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Create a signing key with response encryption"
+%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Load the signing key to verify response encryption"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+exit /B 0
+
+REM # getcapability -cap 1 -pr 80000000
+REM # getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testbind.sh b/utils/regtests/testbind.sh
new file mode 100755
index 000000000..6af2408d7
--- /dev/null
+++ b/utils/regtests/testbind.sh
@@ -0,0 +1,427 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testbind.sh 1277 2018-07-23 20:30:23Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Bind session"
+echo ""
+
+echo ""
+echo "Bind session to Primary Key"
+echo ""
+
+echo "Bind session bound to primary key at 80000000"
+${PREFIX}startauthsession -se h -bi 80000000 -pwdb sto > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session, same object 80000000"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session, same object 80000000, wrong password does not matter"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Create second primary key with different password 000 and Name"
+${PREFIX}createprimary -hi o -pwdk 000 > run.out
+checkSuccess $?
+
+echo "Bind session bound to second primary key at 80000001, correct password"
+${PREFIX}startauthsession -se h -bi 80000001 -pwdb 000 > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session, different object 80000000"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session, different object 80000000, wrong password - should fail"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 1 > run.out
+checkFailure $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Bind session bound to primary key at 80000000, wrong password"
+${PREFIX}startauthsession -se h -bi 80000000 -pwdb xxx > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session, same object 80000000 - should fail"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+checkFailure $?
+
+echo "Flush the failing session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Flush the second primary key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Bind session to Hierarchy"
+echo ""
+
+echo "Change platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Bind session bound to platform hierarchy"
+${PREFIX}startauthsession -se h -bi 4000000c -pwdb ppp > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session, wrong password - should fail"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out
+checkFailure $?
+
+echo "Create storage key using that bind session"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Bind session bound to platform hierarchy, wrong password"
+${PREFIX}startauthsession -se h -bi 4000000c -pwdb xxx > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session - should fail"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+checkFailure $?
+
+echo "Change platform hierarchy auth back to null"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Bind session to NV"
+echo ""
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+
+echo "NV Define Space"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 3 > run.out
+checkSuccess $?
+
+echo "NV Read Public, unwritten Name"
+${PREFIX}nvreadpublic -ha 01000000 > run.out
+checkSuccess $?
+
+echo "Bind session bound to unwritten NV index at 01000000"
+${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out
+checkSuccess $?
+
+echo "NV write HMAC using bind session to set written"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Bind session bound to written NV index at 01000000"
+${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out
+checkSuccess $?
+
+echo "NV Write HMAC using bind session"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "NV Read HMAC using bind session"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "NV Read HMAC using bind session, wrong password does not matter"
+${PREFIX}nvread -ha 01000000 -pwdn xxx -sz 3 -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Create storage key using that bind session"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk 222 -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Encrypt with bind to same object"
+echo ""
+
+for MODE0 in xor aes
+
+do
+
+    echo "Start an HMAC auth session with $MODE0 encryption and bind to primary key at 80000000"
+    ${PREFIX}startauthsession -se h -sym $MODE0 -bi 80000000 -pwdb sto > run.out
+    checkSuccess $?
+
+    echo "Create storage key using bind session, same object, wrong password"
+    ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    checkSuccess $?
+
+    echo "Create storage key using bind session, same object 80000000"
+    ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    checkSuccess $?
+
+    echo "Load the key, with $MODE0 encryption"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out
+    checkSuccess $?
+
+    echo "Flush the sealed object"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the $MODE0 session"
+    ${PREFIX}flushcontext -ha 02000000 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Encrypt with bind to different object"
+echo ""
+
+for MODE0 in xor aes
+
+do
+
+    echo "Start an HMAC auth session with $MODE0 encryption and bind to platform auth"
+    ${PREFIX}startauthsession -se h -sym $MODE0 -bi 4000000c > run.out
+    checkSuccess $?
+
+    echo "Create storage key using bind session, different object, wrong password, should fail"
+    ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    checkFailure $?
+
+    echo "Create storage key using bind session, different object"
+    ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp sto -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out
+    checkSuccess $?
+
+    echo "Load the key, with $MODE0 encryption"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto -se0 02000000 61 > run.out
+    checkSuccess $?
+
+    echo "Flush the sealed object"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the $MODE0 session"
+    ${PREFIX}flushcontext -ha 02000000 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "PolicyAuthValue and bind to different object, command encryption"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign, auth"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session, bind to primary key"
+${PREFIX}startauthsession -se p -bi 80000000 -pwdb sto > run.out
+checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Policy authvalue"
+${PREFIX}policyauthvalue -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, command encrypt"
+${PREFIX}sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out 
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "PolicyAuthValue and bind to same object, command encryption"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign, auth"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Policy authvalue"
+${PREFIX}policyauthvalue -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, command encrypt"
+${PREFIX}sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "PolicyAuthValue and bind to different object, response encryption"
+echo ""
+
+#intermediate policy digest length 32
+# 54 a0 de 17 1d 03 c6 9b 17 b3 61 22 33 a5 e8 b2 
+# d8 ee e0 87 f9 c6 ea 85 8c 9c 2e 51 05 52 8b 14 
+# policy
+# 4b 50 04 f7 3f 2e f8 c0 96 c9 18 d0 bc 18 0e 6b 
+# 49 0c 8a ed 14 bb 8f 86 fc 5a 54 ef 0c d3 90 44 
+
+echo "Create a storage key under the primary key - policy command code - create, auth"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session, bind to primary key"
+${PREFIX}startauthsession -se p -bi 80000000 -pwdb sto > run.out
+checkSuccess $?
+
+echo "Policy command code - create"
+${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out
+checkSuccess $?
+
+echo "Policy authvalue"
+${PREFIX}policyauthvalue -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Create a signing key with response encryption"
+${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out
+checkSuccess $?
+
+echo "Load the signing key to verify response encryption"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000002 > run.out 
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "PolicyAuthValue and bind to same object, response encryption"
+echo ""
+
+echo "Create a storage key under the primary key - policy command code - create, auth"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp sto -pwdk sto -pol policies/policycccreate-auth.bin > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session, bind to storage key"
+${PREFIX}startauthsession -se p -bi 80000001 -pwdb sto > run.out
+checkSuccess $?
+
+echo "Policy command code - create"
+${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out
+checkSuccess $?
+
+echo "Policy authvalue"
+${PREFIX}policyauthvalue -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Create a signing key with response encryption"
+${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out
+checkSuccess $?
+
+echo "Load the signing key to verify response encryption"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out 
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000002 > run.out 
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testchangeauth.bat b/utils/regtests/testchangeauth.bat
new file mode 100644
index 000000000..72241e145
--- /dev/null
+++ b/utils/regtests/testchangeauth.bat
@@ -0,0 +1,179 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Object Change Auth"
+echo ""
+
+for %%B in ("" "-bi 80000001 -pwdb sig") do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+	echo "Load the signing key under the primary key"
+	%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Start an HMAC session %%~B"
+	%TPM_EXE_PATH%startauthsession -se h %%~B > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Object change auth, change password to xxx %%~S"
+	%TPM_EXE_PATH%objectchangeauth -ho 80000001 -pwdo sig -pwdn xxx -hp 80000000 -opr tmppriv.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Load the signing key with the changed auth %%~S"
+	%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu signrsapub.bin -pwdp sto %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Sign a digest with the original key %%~S"
+	%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Sign a digest with the changed key"
+	%TPM_EXE_PATH%sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Flush the key"
+	%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Flush the key"
+	%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	echo "Flush the auth session"
+	%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	   )
+
+	)
+)
+
+echo ""
+echo "Object Change Auth with password from file"
+echo ""
+
+echo "Load the decryption key under the primary key 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr derpriv.bin -ipu derpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Generate a random password"
+%TPM_EXE_PATH%getrandom -by 16 -ns -nz -of tmppwd.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Object change auth, change password"
+%TPM_EXE_PATH%objectchangeauth -hp 80000000 -ho 80000001 -pwdo dec -ipwdn tmppwd.bin -opr tmppriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the decryption key with the changed auth 800000002"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr tmppriv.bin -ipu derpub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Encrypt the message"
+%TPM_EXE_PATH%rsaencrypt -hk 80000002 -id policies/aaa -oe tmpenc.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Decrypt the message"
+%TPM_EXE_PATH%rsadecrypt -hk 80000002 -ipwdk tmppwd.bin -ie tmpenc.bin -od tmpdec.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Compare the result"
+tail --bytes=3 tmpdec.bin > tmp.bin
+diff policies/aaa tmp.bin
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the keypair 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the keypair 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM cleanup
+
+rm tmppwd.bin
+rm tmpenc.bin
+rm tmpdec.bin
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+
+REM flushcontext -ha 80000001
+REM flushcontext -ha 80000002
+REM flushcontext -ha 02000000
diff --git a/utils/regtests/testchangeauth.sh b/utils/regtests/testchangeauth.sh
new file mode 100755
index 000000000..96d0b99d4
--- /dev/null
+++ b/utils/regtests/testchangeauth.sh
@@ -0,0 +1,144 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Object Change Auth"
+echo ""
+
+for BIND in "" "-bi 80000001 -pwdb sig"
+do
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Load the signing key under the primary key"
+	${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+	checkSuccess $?
+
+	echo "Start an HMAC session ${BIND}"
+	${PREFIX}startauthsession -se h ${BIND} > run.out
+	checkSuccess $?
+
+	echo "Object change auth, change password to xxx ${SESS}"
+	${PREFIX}objectchangeauth -ho 80000001 -pwdo sig -pwdn xxx -hp 80000000 -opr tmppriv.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Load the signing key with the changed auth ${SESS}"
+	${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu signrsapub.bin -pwdp sto ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Sign a digest with the original key ${SESS}"
+	${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Sign a digest with the changed key"
+	${PREFIX}sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out
+	checkSuccess $?
+
+	echo "Flush the key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+	echo "Flush the key"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+	echo "Flush the auth session"
+	${PREFIX}flushcontext -ha 02000000 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo ""
+echo "Object Change Auth with password from file"
+echo ""
+
+echo "Load the decryption key under the primary key 80000001"
+${PREFIX}load -hp 80000000 -ipr derpriv.bin -ipu derpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Generate a random password"
+RANDOM_PASSWORD=`${PREFIX}getrandom -by 16 -ns -nz -of tmppwd.bin`
+echo " INFO: Random password ${RANDOM_PASSWORD}"
+
+echo "Object change auth, change password to ${RANDOM_PASSWORD}"
+${PREFIX}objectchangeauth -hp 80000000 -ho 80000001 -pwdo dec -ipwdn tmppwd.bin -opr tmppriv.bin > run.out
+checkSuccess $?
+
+echo "Load the decryption key with the changed auth 800000002"
+${PREFIX}load -hp 80000000 -pwdp sto -ipr tmppriv.bin -ipu derpub.bin > run.out
+checkSuccess $?
+
+echo "Encrypt the message"
+${PREFIX}rsaencrypt -hk 80000002 -id policies/aaa -oe tmpenc.bin > run.out
+checkSuccess $?
+
+echo "Decrypt the message"
+${PREFIX}rsadecrypt -hk 80000002 -ipwdk tmppwd.bin -ie tmpenc.bin -od tmpdec.bin > run.out
+checkSuccess $?
+
+echo "Compare the result"
+tail -c 3 tmpdec.bin > tmp.bin
+diff policies/aaa tmp.bin
+checkSuccess $?
+
+echo "Flush the keypair 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the keypair 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+# cleanup
+
+rm -f tmppwd.bin
+rm -f tmpenc.bin
+rm -f tmpdec.bin
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
+
+# ${PREFIX}flushcontext -ha 80000001
+# ${PREFIX}flushcontext -ha 80000002
+# ${PREFIX}flushcontext -ha 02000000
diff --git a/utils/regtests/testchangeseed.bat b/utils/regtests/testchangeseed.bat
new file mode 100644
index 000000000..22d5e79bf
--- /dev/null
+++ b/utils/regtests/testchangeseed.bat
@@ -0,0 +1,208 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testchangeseed.bat 1278 2018-07-23 21:20:42Z kgoldman $	#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015-2018					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Change PPS"
+echo ""
+
+echo "Flush the primary key"
+%TPM_EXE_PATH%flushcontext -ha 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change STO, no password"
+%TPM_EXE_PATH%changepps > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change PPS, bad password"
+%TPM_EXE_PATH%changepps > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Change PPS, good password"
+%TPM_EXE_PATH%changepps -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary key - platform hierarchy"
+%TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change PPS - flushes primary key"
+%TPM_EXE_PATH%changepps > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key under the flushed primary key, should fail"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Create a different primary key - new PPS"
+%TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key under the new primary key, should fail"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+
+echo ""
+echo "Change EPS"
+echo ""
+
+echo "Flush the primary key"
+%TPM_EXE_PATH%flushcontext -ha 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change EPS, no password"
+%TPM_EXE_PATH%changeeps > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary key - endorsement hierarchy"
+%TPM_EXE_PATH%createprimary -hi e -pwdk 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change EPS, no password"
+%TPM_EXE_PATH%changeeps > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key under the flushed primary key, should fail"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Create a different primary key - new EPS"
+%TPM_EXE_PATH%createprimary -hi e -pwdk 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load the storage key under the new primary key, should fail"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Create a storage key under the new primary key"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load the storage key under the new primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+
diff --git a/utils/regtests/testchangeseed.sh b/utils/regtests/testchangeseed.sh
new file mode 100755
index 000000000..22ec2dcce
--- /dev/null
+++ b/utils/regtests/testchangeseed.sh
@@ -0,0 +1,157 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: testchangeseed.sh 1277 2018-07-23 20:30:23Z kgoldman $	#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Change PPS"
+echo ""
+
+echo "Flush the primary key"
+${PREFIX}flushcontext -ha 80000000 > run.out
+checkSuccess $?
+
+echo "Change PPS, no password"
+${PREFIX}changepps > run.out
+checkSuccess $?
+
+echo "Set platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Change PPS, bad password"
+${PREFIX}changepps > run.out
+checkFailure $?
+
+echo "Change PPS, good password"
+${PREFIX}changepps -pwda ppp > run.out
+checkSuccess $?
+
+echo "Clear platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out
+checkSuccess $?
+
+echo "Create a primary key - platform hierarchy"
+${PREFIX}createprimary -hi p -pwdk 111 > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkSuccess $?
+
+echo "Change PPS - flushes primary key"
+${PREFIX}changepps > run.out
+checkSuccess $?
+
+echo "Load the storage key under the flushed primary key, should fail"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkFailure $?
+
+echo "Create a different primary key - new PPS"
+${PREFIX}createprimary -hi p -pwdk 111 > run.out
+checkSuccess $?
+
+echo "Load the storage key under the new primary key, should fail"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkFailure $?
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+
+echo ""
+echo "Change EPS"
+echo ""
+
+echo "Flush the primary key"
+${PREFIX}flushcontext -ha 80000000 > run.out
+checkSuccess $?
+
+echo "Change EPS, no password"
+${PREFIX}changeeps > run.out
+checkSuccess $?
+
+echo "Create a primary key - endorsement hierarchy"
+${PREFIX}createprimary -hi e -pwdk 111 > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkSuccess $?
+
+echo "Change EPS, no password"
+${PREFIX}changeeps > run.out
+checkSuccess $?
+
+echo "Load the storage key under the flushed primary key, should fail"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkFailure $?
+
+echo "Create a different primary key - new EPS"
+${PREFIX}createprimary -hi e -pwdk 111 > run.out
+checkSuccess $?
+
+echo "Load the storage key under the new primary key, should fail"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkFailure $?
+
+echo "Create a storage key under the new primary key"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out
+checkSuccess $?
+
+echo "Load the storage key under the new primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+
diff --git a/utils/regtests/testclocks.bat b/utils/regtests/testclocks.bat
new file mode 100644
index 000000000..b9aa750fb
--- /dev/null
+++ b/utils/regtests/testclocks.bat
@@ -0,0 +1,104 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testclocks.bat 1292 2018-08-01 17:27:24Z kgoldman $	#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2018					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Clocks"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Read Clock"
+    %TPM_EXE_PATH%readclock -oclock tmpclk.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Clock set, time 0 %%~S - should fail"
+    %TPM_EXE_PATH%clockset -iclock tmpclk.bin %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+        exit /B 1
+    )
+
+    echo "Clock set, time plus 20 sec %%~S"
+    %TPM_EXE_PATH%clockset -iclock tmpclk.bin -addsec 20 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    for %%A in (-3 0 3) do (
+
+	echo "Clock rate adjust %%A %%~S"
+	%TPM_EXE_PATH%clockrateadjust -adj %%A %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+
+    )
+
+    for %%A in (-4 4) do (
+
+	echo "Clock rate adjust %%A %%~S - should fail"
+	%TPM_EXE_PATH%clockrateadjust -adj %%A %%~S > run.out
+    	IF !ERRORLEVEL! EQU 0 (
+       	    exit /B 1
+    	)
+
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+rm -f tmpclk.bin
+
+exit /B 0
+
diff --git a/utils/regtests/testclocks.sh b/utils/regtests/testclocks.sh
new file mode 100755
index 000000000..4f58a7ec8
--- /dev/null
+++ b/utils/regtests/testclocks.sh
@@ -0,0 +1,91 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testclocks.sh 1115 2017-12-13 23:35:20Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015, 2016					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Clocks"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Read Clock"
+    ${PREFIX}readclock -oclock tmpclk.bin > run.out
+    checkSuccess $?
+
+    echo "Clock set, current time ${SESS} - should fail"
+    ${PREFIX}clockset -iclock tmpclk.bin ${SESS} > run.out
+    checkFailure $?
+
+    echo "Clock set, time plus 20 sec ${SESS}"
+    ${PREFIX}clockset -iclock tmpclk.bin -addsec 20 ${SESS} > run.out
+    checkSuccess $?
+
+    for ADJ in -3 0 3
+    do
+
+	echo "Clock rate adjust ${ADJ} ${SESS}"
+	${PREFIX}clockrateadjust -adj ${ADJ} ${SESS} > run.out
+	checkSuccess $?
+
+    done
+
+    for ADJ in -4 4
+    do
+
+	echo "Clock rate adjust ${ADJ} ${SESS} - should fail"
+	${PREFIX}clockrateadjust -adj ${ADJ} ${SESS} > run.out
+	checkFailure $?
+
+    done
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+rm -f tmpclk.bin
diff --git a/utils/regtests/testcontext.bat b/utils/regtests/testcontext.bat
new file mode 100644
index 000000000..16c214013
--- /dev/null
+++ b/utils/regtests/testcontext.bat
@@ -0,0 +1,237 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Basic Context"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if msg.bin -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save context for the key"
+%TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign to verify that the original key is not flushed"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the original key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign with original key  - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Load context"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign with the loaded context"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save context for the session"
+%TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign with the saved session context - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Load context for the session"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Sign with the saved session context"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the loaded context"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo ""
+echo "Context Public Key for Salt"
+echo ""
+
+echo "Load the storage key at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Save context for the storage key at 80000001"
+%TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load context at 80000002"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the original key at 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Start an HMAC auth session at 02000000 using the storage key 80000002 salt"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load the signing key under the primary key at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the signing key at 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the salt key at 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo ""
+echo "Context Primary Key"
+echo ""
+
+echo "Save context for the primary key at 80000000"
+%TPM_EXE_PATH%contextsave -ha 80000000 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load context primary key at 80000001"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load the signing key at 80000002 under the primary key at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the signing key at 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the primary key at 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testcontext.sh b/utils/regtests/testcontext.sh
new file mode 100755
index 000000000..fca171206
--- /dev/null
+++ b/utils/regtests/testcontext.sh
@@ -0,0 +1,182 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Context"
+echo ""
+
+echo ""
+echo "Basic Context"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -halg sha256 -if msg.bin -is sig.bin > run.out
+checkSuccess $?
+
+echo "Save context for the key"
+${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Sign to verify that the original key is not flushed"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Flush the original key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Sign with original key  - should fail"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+checkFailure $?
+
+echo "Load context"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Sign with the loaded context"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Save context for the session"
+${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Sign with the saved session context - should fail"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+checkFailure $?
+
+echo "Load context for the session"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Sign with the saved session context"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Flush the loaded context"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Context Public Key for Salt"
+echo ""
+
+echo "Load the storage key at 80000001"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Save context for the storage key at 80000001"
+${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Load context at 80000002"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Flush the original key at 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Start an HMAC auth session at 02000000 using the storage key 80000002 salt"
+${PREFIX}startauthsession -se h -hs 80000002 > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key at 80000001"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the signing key at 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the salt key at 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo ""
+echo "Context Primary Key"
+echo ""
+
+echo "Save context for the primary key at 80000000"
+${PREFIX}contextsave -ha 80000000 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Load context primary key at 80000001"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key at 80000002 under the primary key at 80000001"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the signing key at 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the primary key at 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testcreateloaded.bat b/utils/regtests/testcreateloaded.bat
new file mode 100644
index 000000000..b03400a9f
--- /dev/null
+++ b/utils/regtests/testcreateloaded.bat
@@ -0,0 +1,299 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "CreateLoaded"
+echo ""
+
+echo ""
+echo "CreateLoaded Primary Key, Hierarchy Parent"
+echo ""
+
+for %%H in ("40000001" "4000000c" "4000000b") do (
+
+    echo "CreateLoaded primary key, parent %%~H"
+    %TPM_EXE_PATH%createloaded -hp %%~H -st -kt f -kt p -pwdk ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Create a storage key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Load the storage key under the primary key"
+    %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Flush the storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Flush the primary storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Load the storage key under the primary key - should fail"
+    %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+    IF !ERRORLEVEL! EQU 0 (
+        exit /B 1
+    )
+
+    echo "CreateLoaded recreate owner primary key"
+    %TPM_EXE_PATH%createloaded -hp %%~H -st -kt f -kt p -pwdk ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Load the storage key under the primary key"
+    %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Flush the storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+    echo "Flush the primary storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       	exit /B 1
+    )
+
+)
+
+echo ""
+echo "CreateLoaded Child Key, Primary Parent"
+echo ""
+
+echo "CreateLoaded child storage key at 80000001, parent 80000000"
+%TPM_EXE_PATH%createloaded -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk ppp  -opu tmpppub.bin -opr tmpppriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key under the child storage key 80000001"
+%TPM_EXE_PATH%create -hp 80000001 -si -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key at 80000002 under the child storage key 80000001"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the child storage key 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the child signing key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Reload the createloaded child storage key at 80000001, parent 80000000"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmpppriv.bin -ipu tmpppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Reload the child signing key at 80000002 under the child storage key 80000001"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the child storage key 80000002 "
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the child signing key 80000001 "
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "CreateLoaded Primary Derived Key, Hierarchy Parent"
+echo ""
+
+for %%H in ("e" "o" "p") do (
+
+    echo "Create a primary %%~H derivation parent 80000001"
+    %TPM_EXE_PATH%createprimary -hi %%~H -dp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a derived key 80000002"
+    %TPM_EXE_PATH%createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the derived key 80000002"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a derived key 80000002"
+    %TPM_EXE_PATH%createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub1.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the derived key 80000002"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify that the two derived keys are the same"
+    diff tmppub.bin tmppub1.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the derivation parent"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo ""
+echo "CreateLoaded Child Derived Key, Primary Parent"
+echo ""
+
+echo "Create a derivation parent under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -dp -opr tmpdppriv.bin -opu tmpdppub.bin -pwdp sto -pwdk dp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the derivation parent to 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmpdppriv.bin -ipu tmpdppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create an EC signing key under the derivation parent key"
+%TPM_EXE_PATH%createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -opem tmppub.pem  -pwdp dp -ecc nistp256 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -salg ecc -if policies/aaa -os sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the ECC signature using the TPM"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -ecc -if policies/aaa -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature using PEM"
+%TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg sha256 -if policies/aaa -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create another EC signing key 80000002 under the derivation parent key"
+%TPM_EXE_PATH%createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv1.bin -opu tmppub1.bin -opem tmppub1.pem -pwdp dp -ecc nistp256 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify that the two derived keys are the same"
+diff tmppub.bin tmppub1.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the derivation parent"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+rm -f tmpdppriv.bin
+rm -f tmpdppub.bin
+rm -f tmpppriv.bin
+rm -f tmpppub.bin
+rm -f tmppub.pem
+rm -f tmppriv1.bin
+rm -f tmppub1.bin
+rm -f tmppub1.pem
diff --git a/utils/regtests/testcreateloaded.sh b/utils/regtests/testcreateloaded.sh
new file mode 100755
index 000000000..99d3753d3
--- /dev/null
+++ b/utils/regtests/testcreateloaded.sh
@@ -0,0 +1,231 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "CreateLoaded"
+echo ""
+
+echo ""
+echo "CreateLoaded Primary Key, Hierarchy Parent"
+echo ""
+
+for HIER in "40000001" "4000000c" "4000000b"
+do
+
+    echo "CreateLoaded primary key, parent ${HIER}"
+    ${PREFIX}createloaded -hp ${HIER} -st -kt f -kt p -pwdk ppp > run.out
+    checkSuccess $?
+
+    echo "Create a storage key under the primary key"
+    ${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out
+    checkSuccess $?
+
+    echo "Load the storage key under the primary key"
+    ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+    checkSuccess $?
+
+    echo "Flush the storage key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+    echo "Flush the primary storage key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Load the storage key under the primary key - should fail"
+    ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+    checkFailure $?
+
+    echo "CreateLoaded recreate owner primary key"
+    ${PREFIX}createloaded -hp ${HIER} -st -kt f -kt p -pwdk ppp > run.out
+    checkSuccess $?
+
+    echo "Load the storage key under the primary key"
+    ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+    checkSuccess $?
+
+    echo "Flush the storage key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+    echo "Flush the primary storage key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "CreateLoaded Child Key, Primary Parent"
+echo ""
+
+echo "CreateLoaded child storage key at 80000001, parent 80000000"
+${PREFIX}createloaded -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk ppp -opu tmpppub.bin -opr tmpppriv.bin > run.out
+checkSuccess $?
+
+echo "Create a signing key under the child storage key 80000001"
+${PREFIX}create -hp 80000001 -si -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out
+checkSuccess $?
+
+echo "Load the signing key at 80000002 under the child storage key 80000001"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+checkSuccess $?
+
+echo "Flush the child storage key 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the child signing key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Reload the createloaded child storage key at 80000001, parent 80000000"
+${PREFIX}load -hp 80000000 -ipr tmpppriv.bin -ipu tmpppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Reload the child signing key at 80000002 under the child storage key 80000001"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out
+checkSuccess $?
+
+echo "Flush the child storage key 80000002 "
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the child signing key 80000001 "
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "CreateLoaded Primary Derived Key, Hierarchy Parent"
+echo ""
+
+for HIER in "e" "o" "p"
+do
+
+    echo "Create a primary ${HIER} derivation parent 80000001"
+    ${PREFIX}createprimary -hi ${HIER} -dp > run.out
+    checkSuccess $?
+
+    echo "Create a derived key 80000002"
+    ${PREFIX}createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the derived key 80000002"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+    echo "Create a derived key 80000002"
+    ${PREFIX}createloaded -hp 80000001 -der -ecc bnp256 -den -kt f -kt p -opu tmppub1.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the derived key 80000002"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+    echo "Verify that the two derived keys are the same"
+    diff tmppub.bin tmppub1.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the derivation parent"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "CreateLoaded Child Derived Key, Primary Parent"
+echo ""
+
+echo "Create a derivation parent under the primary key"
+${PREFIX}create -hp 80000000 -dp -opr tmpdppriv.bin -opu tmpdppub.bin -pwdp sto -pwdk dp > run.out
+checkSuccess $?
+
+echo "Load the derivation parent to 80000001"
+${PREFIX}load -hp 80000000 -ipr tmpdppriv.bin -ipu tmpdppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Create an EC signing key 80000002 under the derivation parent key"
+${PREFIX}createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -opem tmppub.pem -pwdp dp -ecc nistp256 > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -halg sha256 -salg ecc -if policies/aaa -os sig.bin > run.out
+checkSuccess $?
+
+echo "Verify the ECC signature using the TPM"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -ecc -if policies/aaa -is sig.bin > run.out
+checkSuccess $?
+
+echo "Verify the signature using PEM"
+${PREFIX}verifysignature -ipem tmppub.pem -halg sha256 -if policies/aaa -is sig.bin > run.out
+checkSuccess $?
+
+echo "Flush the signing key 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Create another EC signing key 80000002 under the derivation parent key"
+${PREFIX}createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv1.bin -opu tmppub1.bin -opem tmppub1.pem -pwdp dp -ecc nistp256 > run.out
+checkSuccess $?
+
+echo "Verify that the two derived keys are the same"
+diff tmppub.bin tmppub1.bin > run.out
+checkSuccess $?
+
+echo "Flush the signing key 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the derivation parent"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+rm -f tmpppriv.bin
+rm -f tmpppub.bin
+rm -f tmpppub1.bin
+rm -f tmpppub.pem
+rm -f tmppub.pem
+rm -f tmppub1.pem
+rm -f tmppriv.bin
+rm -f tmppriv1.bin
+rm -f tmppub1.bin
+rm -f tmpdppriv.bin
+rm -f tmpdppub.bin
diff --git a/utils/regtests/testcredential.bat b/utils/regtests/testcredential.bat
new file mode 100644
index 000000000..6cd1ad52a
--- /dev/null
+++ b/utils/regtests/testcredential.bat
@@ -0,0 +1,504 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+REM 
+REM # primary key 80000000
+REM # storage key 80000001
+REM # signing key 80000002test
+REM # policy session 03000000
+REM # e5 87 c1 1a b5 0f 9d 87 30 f7 21 e3 fe a4 2b 46 
+REM # c0 45 5b 24 6f 96 ae e8 5d 18 eb 3b e6 4d 66 6a 
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Credential"
+echo ""
+
+echo "Use a random number as the credential input"
+%TPM_EXE_PATH%getrandom -by 32 -of tmpcredin.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key under the primary key, 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a restricted signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -sir -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk sig -pol policies/policyccactivate.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key, 80000002"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Encrypt the credential using makecredential"
+%TPM_EXE_PATH%makecredential -ha 80000001 -icred tmpcredin.bin -in h80000002.bin -ocred tmpcredenc.bin -os tmpsecret.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - activatecredential"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 00000147 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Activate credential"
+%TPM_EXE_PATH%activatecredential -ha 80000002 -hk 80000001 -icred tmpcredenc.bin -is tmpsecret.bin -pwdk sto -ocred tmpcreddec.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Check the decrypted result"
+diff tmpcredin.bin tmpcreddec.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "EK Certificate"
+echo ""
+
+echo "Set platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%A in (rsa ecc) do (
+
+    echo "Create an %%A EK certificate"
+    %TPM_EXE_PATH%createekcert -alg %%A -cakey cakey.pem -capwd rrrr -pwdp ppp -of tmp.der > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Read the %%A EK certificate"
+    %TPM_EXE_PATH%createek -alg %%A -ce > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Read the %%A template - should fail"
+    %TPM_EXE_PATH%createek -alg %%A -te > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Read the %%A nonce - should fail"
+    %TPM_EXE_PATH%createek -alg %%A -no > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "CreatePrimary and validate the %%A EK against the EK certificate"
+    %TPM_EXE_PATH%createek -alg %%A -cp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Validate the %%A EK certificate against the root"
+REM     %TPM_EXE_PATH%createek -alg %%A -root certificates/rootcerts.windows.txt > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+echo "Clear platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo ""
+echo "EK Policies using optional policy in NV"
+echo ""
+
+REM # Section B.8.2	Computing PolicyA - the standard IWG PolicySecret with endorsement auth
+REM # policyiwgek.txt
+REM # 000001514000000B
+REM # (blank line for policyRef)
+REM #
+REM # policymaker -if policies/policyiwgek.txt -ns -halg sha256 -of policies/policyiwgeksha256.bin
+REM # policymaker -if policies/policyiwgek.txt -ns -halg sha384 -of policies/policyiwgeksha384.bin
+REM # policymaker -if policies/policyiwgek.txt -ns -halg sha512 -of policies/policyiwgeksha512.bin
+REM 
+REM # 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa
+REM # 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53
+REM # 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee
+REM 
+REM # Section B.8.3	Computing Policy Index Names - attributes 220F1008
+REM 
+REM # For test, put PolicySecret + platform auth in NV Index.  This is NOT the IWG standard, just for test.
+REM 
+REM # for prepending the hash algorithm identifier to make the TPMT_HA structure
+REM # printf "%b" '\x00\x0b' > policies/sha256.bin
+REM # printf "%b" '\x00\x0c' > policies/sha384.bin
+REM # printf "%b" '\x00\x0d' > policies/sha512.bin
+REM 
+REM # policymaker -if policies/policysecretp.txt -halg sha256  -pr -of policies/policysecretpsha256.bin -pr
+REM # policymaker -if policies/policysecretp.txt -halg sha384  -pr -of policies/policysecretpsha384.bin -pr
+REM # policymaker -if policies/policysecretp.txt -halg sha512  -pr -of policies/policysecretpsha512.bin -pr
+REM 
+REM # prepend the algorithm identifiers
+REM # cat policies/sha256.bin policies/policysecretpsha256.bin >! policies/policysecretpsha256ha.bin
+REM # cat policies/sha384.bin policies/policysecretpsha384.bin >! policies/policysecretpsha384ha.bin
+REM # cat policies/sha512.bin policies/policysecretpsha512.bin >! policies/policysecretpsha512ha.bin
+REM 
+REM # NV Index Name calculation
+REM
+
+set HALG=sha256 sha384 sha512
+set IDX=01c07f01 01c07f02 01c07f03
+set SIZ=34 50 66
+REM # algorithms from Algorithm Registry
+set HBIN=000b 000c 000d
+REM # Name from Table 14: Policy Index Names
+set NVNAME=000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f 000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c 000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560
+)
+
+set j=0
+for %%h in (!HALG!)   do set /A j+=1 & set HALG[!j!]=%%h
+set j=0
+for %%i in (!IDX!)    do set /A j+=1 & set IDX[!j!]=%%i
+set j=0
+for %%z in (!SIZ!)    do set /A j+=1 & set SIZ[!j!]=%%z
+set j=0
+for %%b in (!HBIN!)   do set /A j+=1 & set HBIN[!j!]=%%b
+set j=0
+for %%n in (!NVNAME!) do set /A j+=1 & set NVNAME[!j!]=%%n
+set L=!j!
+
+for /L %%j in (1,1,!L!) do (
+
+    echo "Undefine optional !HALG[%%j]! NV index !IDX[%%j]!"
+    %TPM_EXE_PATH%nvundefinespace -ha !IDX[%%j]! -hi o > run.out 
+
+    echo "Define optional !HALG[%%j]! NV index !IDX[%%j]! size !SIZ[%%j]! with PolicySecret for TPM_RH_ENDORSEMENT"
+    %TPM_EXE_PATH%nvdefinespace -ha !IDX[%%j]! -nalg !HALG[%%j]! -hi o -pol policies/policyiwgek!HALG[%%j]!.bin -sz !SIZ[%%j]! +at wa +at or +at ppr +at ar -at aw > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Start a !HALG[%%j]! policy session"
+    %TPM_EXE_PATH%startauthsession -se p -halg !HALG[%%j]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Satisfy the policy"
+    %TPM_EXE_PATH%policysecret -hs 03000000 -ha 4000000B > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get the session digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Write the !HALG[%%j]! index !IDX[%%j]! to set the written bit before reading the Name"
+    %TPM_EXE_PATH%nvwrite -ha !IDX[%%j]! -if policies/policysecretp!HALG[%%j]!ha.bin  -se0 03000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Read the !HALG[%%j]! Name"
+    %TPM_EXE_PATH%nvreadpublic -ha !IDX[%%j]! -ns > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the !HALG[%%j]! !HBIN[%%j]! Name"
+    grep !HBIN[%%j]! run.out > tmp.txt
+    grep -v nvreadpublic tmp.txt > tmpactual.txt
+    echo !NVNAME[%%j]! > tmpexpect.txt
+    diff -w tmpactual.txt tmpexpect.txt > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+REM # B.8.4	Computing PolicyC - TPM_CC_PolicyAuthorizeNV || nvIndex->Name)
+REM 
+REM # policyiwgekcsha256.txt 
+REM # 00000192000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f
+REM 
+REM # policyiwgekcsha384.txt 
+REM # 00000192000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c
+REM 
+REM # policyiwgekcsha512.txt 
+REM # 00000192000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560
+REM 
+REM # policymaker -if policies/policyiwgekcsha256.txt -ns -halg sha256 -pr -of policies/policyiwgekcsha256.bin
+REM # 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde
+REM 
+REM # policymaker -if policies/policyiwgekcsha384.txt -ns -halg sha384 -pr -of policies/policyiwgekcsha384.bin
+REM # d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165
+REM 
+REM # policymaker -if policies/policyiwgekcsha512.txt -ns -halg sha512 -pr -of policies/policyiwgekcsha512.bin
+REM # 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8
+REM 
+REM # B.8.5	Computing PolicyB - TPM_CC_PolicyOR || digests
+REM 
+REM # policyiwgekbsha256.txt
+REM # 00000171
+REM # 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa
+REM # 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde
+REM # policymaker -if policies/policyiwgekbsha256.txt -halg sha256 -pr -of policies/policyiwgekbsha256.bin
+REM  # ca 3d 0a 99 a2 b9 39 06 f7 a3 34 24 14 ef cf b3 
+REM  # a3 85 d4 4c d1 fd 45 90 89 d1 9b 50 71 c0 b7 a0 
+REM 
+REM # policyiwgekbsha384.txt
+REM # 00000171
+REM # 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53
+REM # d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165
+REM # policymaker -if policies/policyiwgekbsha384.txt -halg sha384 -pr -of policies/policyiwgekbsha384.bin
+REM  # b2 6e 7d 28 d1 1a 50 bc 53 d8 82 bc f5 fd 3a 1a 
+REM  # 07 41 48 bb 35 d3 b4 e4 cb 1c 0a d9 bd e4 19 ca 
+REM  # cb 47 ba 09 69 96 46 15 0f 9f c0 00 f3 f8 0e 12 
+REM 
+REM # policyiwgekbsha512.txt
+REM # 00000171
+REM # 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee
+REM # 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8
+REM # policymaker -if policies/policyiwgekbsha512.txt -halg sha512 -pr -of policies/policyiwgekbsha512.bin
+REM  # b8 22 1c a6 9e 85 50 a4 91 4d e3 fa a6 a1 8c 07 
+REM  # 2c c0 12 08 07 3a 92 8d 5d 66 d5 9e f7 9e 49 a4 
+REM  # 29 c4 1a 6b 26 95 71 d5 7e db 25 fb db 18 38 42 
+REM  # 56 08 b4 13 cd 61 6a 5f 6d b5 b6 07 1a f9 9b ea 
+ 
+echo ""
+echo "Test the EK policies"
+echo ""
+
+REM # Change endorsement and platform hierarchy passwords for testing
+
+echo "Change endorsement hierarchy password"
+%TPM_EXE_PATH%hierarchychangeauth -hi e -pwdn eee
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Change platform hierarchy password"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+for /L %%j in (1,1,!L!) do (
+
+    echo "Create an RSA primary key !HALG[%%j]! 80000001"
+    %TPM_EXE_PATH%createprimary -si -nalg !HALG[%%j]! -pwdk kkk -pol policies/policyiwgekb!HALG[%%j]!.bin -rsa > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Start a policy session !HALG[%%j]! 03000000"
+    %TPM_EXE_PATH%startauthsession -se p -halg !HALG[%%j]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Satisfy Policy A - Policy Secret with PWAP session and endorsement hierarchy auth"
+    %TPM_EXE_PATH%policysecret -ha 4000000b -hs 03000000 -pwde eee > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get the session digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy OR !HALG[%%j]!"
+    %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyiwgek!HALG[%%j]!.bin -if policies/policyiwgekc!HALG[%%j]!.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get the !HALG[%%j]! session digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest - policy A"
+    %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy restart !HALG[%%j]! 03000000"
+    %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Satisfy NV Index Policy - Policy Secret with PWAP session and platform hierarchy auth"
+    %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get the !HALG[%%j]! session digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Satisfy Policy C - Policy Authorize NV"
+    %TPM_EXE_PATH%policyauthorizenv -ha !IDX[%%j]! -hs 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get the !HALG[%%j]! session digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy OR !HALG[%%j]!"
+    %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyiwgek!HALG[%%j]!.bin -if policies/policyiwgekc!HALG[%%j]!.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get the !HALG[%%j]! session digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest - policy A"
+    %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the policy session !HALG[%%j]! 03000000"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+ 
+    echo "Flush the primary key !HALG[%%j]! 80000001"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+echo ""
+echo "Cleanup"
+echo ""
+
+echo "Reset endorsement hierarchy password"
+%TPM_EXE_PATH%hierarchychangeauth -hi e -pwda eee
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Reset platform hierarchy password"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+set L=!j!
+
+for /L %%j in (1,1,!L!) do (
+
+    echo "Undefine optional !HALG[%%j]! NV index !IDX[%%j]!"
+    %TPM_EXE_PATH%nvundefinespace -ha !IDX[%%j]! -hi o > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+rm run.out
+rm sig.bin
+rm tmp.der
+rm tmpcreddec.bin
+rm tmpcredenc.bin
+rm tmpcredin.bin
+rm tmprpriv.bin
+rm tmprpub.bin
+rm tmpsecret.bin
+rm tmp.txt
+rm tmpactual.txt
+rm tmpexpect.txt
+
+
+REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000
+REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000
+
+exit /B 0
diff --git a/utils/regtests/testcredential.sh b/utils/regtests/testcredential.sh
new file mode 100755
index 000000000..35a1c7c52
--- /dev/null
+++ b/utils/regtests/testcredential.sh
@@ -0,0 +1,404 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# primary key 80000000
+# storage key 80000001
+# signing key 80000002
+# policy session 03000000
+# e5 87 c1 1a b5 0f 9d 87 30 f7 21 e3 fe a4 2b 46 
+# c0 45 5b 24 6f 96 ae e8 5d 18 eb 3b e6 4d 66 6a 
+
+echo ""
+echo "Make and Activate Credential"
+echo ""
+
+echo "Use a random number as the credential input"
+${PREFIX}getrandom -by 32 -of tmpcredin.bin > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key, 80000001"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Create a restricted signing key under the primary key"
+${PREFIX}create -hp 80000000 -sir -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk sig -pol policies/policyccactivate.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key, 80000002"
+${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Encrypt the credential using makecredential"
+${PREFIX}makecredential -ha 80000001 -icred tmpcredin.bin -in h80000002.bin -ocred tmpcredenc.bin -os tmpsecret.bin > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy command code - activatecredential"
+${PREFIX}policycommandcode -ha 03000000 -cc 00000147 > run.out
+checkSuccess $?
+
+echo "Activate credential"
+${PREFIX}activatecredential -ha 80000002 -hk 80000001 -icred tmpcredenc.bin -is tmpsecret.bin -pwdk sto -ocred tmpcreddec.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Check the decrypted result"
+diff tmpcredin.bin tmpcreddec.bin > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo ""
+echo "EK Certificate"
+echo ""
+
+# The mbedtls port does not support EC certificate creation yet */
+
+if [ ${CRYPTOLIBRARY} == "openssl" ]; then
+
+    echo "Set platform hierarchy auth"
+    ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+    checkSuccess $?
+
+    for ALG in "rsa" "ecc"
+    do 
+
+	echo "Create an ${ALG} EK certificate"
+	${PREFIX}createekcert -alg ${ALG} -cakey cakey.pem -capwd rrrr -pwdp ppp -of tmp.der > run.out
+	checkSuccess $?
+
+	echo "Read the ${ALG} EK certificate"
+	${PREFIX}createek -alg ${ALG} -ce > run.out
+	checkSuccess $?
+
+	echo "Read the ${ALG} template - should fail"
+	${PREFIX}createek -alg ${ALG} -te > run.out
+	checkFailure $?
+
+	echo "Read the ${ALG} nonce - should fail"
+	${PREFIX}createek -alg ${ALG} -no > run.out
+	checkFailure $?
+
+	echo "CreatePrimary and validate the ${ALG} EK against the EK certificate"
+	${PREFIX}createek -alg ${ALG} -cp > run.out
+	checkSuccess $?
+
+	echo "Validate the ${ALG} EK certificate against the root"
+# 	${PREFIX}createek -alg ${ALG} -root certificates/rootcerts.txt > run.out
+	checkSuccess $?
+
+    done
+
+    echo "Clear platform hierarchy auth"
+    ${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out
+    checkSuccess $?
+
+# openssl vs mbedtls
+fi
+
+echo ""
+echo "EK Policies using optional policy in NV"
+echo ""
+
+# Section B.8.2	Computing PolicyA - the standard IWG PolicySecret with endorsement auth
+# policyiwgek.txt
+# 000001514000000B
+# (blank line for policyRef)
+#
+# policymaker -if policies/policyiwgek.txt -ns -halg sha256 -of policies/policyiwgeksha256.bin
+# policymaker -if policies/policyiwgek.txt -ns -halg sha384 -of policies/policyiwgeksha384.bin
+# policymaker -if policies/policyiwgek.txt -ns -halg sha512 -of policies/policyiwgeksha512.bin
+
+# 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa
+# 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53
+# 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee
+
+# Section B.8.3	Computing Policy Index Names - attributes 220F1008
+
+# For test, put PolicySecret + platform auth in NV Index.  This is NOT the IWG standard, just for test.
+
+# for prepending the hash algorithm identifier to make the TPMT_HA structure
+# printf "%b" '\x00\x0b' > policies/sha256.bin
+# printf "%b" '\x00\x0c' > policies/sha384.bin
+# printf "%b" '\x00\x0d' > policies/sha512.bin
+
+# policymaker -if policies/policysecretp.txt -halg sha256  -pr -of policies/policysecretpsha256.bin -pr
+# policymaker -if policies/policysecretp.txt -halg sha384  -pr -of policies/policysecretpsha384.bin -pr
+# policymaker -if policies/policysecretp.txt -halg sha512  -pr -of policies/policysecretpsha512.bin -pr
+
+# prepend the algorithm identifiers
+# cat policies/sha256.bin policies/policysecretpsha256.bin >! policies/policysecretpsha256ha.bin
+# cat policies/sha384.bin policies/policysecretpsha384.bin >! policies/policysecretpsha384ha.bin
+# cat policies/sha512.bin policies/policysecretpsha512.bin >! policies/policysecretpsha512ha.bin
+
+# NV Index Name calculation
+
+HALG=(sha256 sha384 sha512)
+IDX=(01c07f01 01c07f02 01c07f03) 
+SIZ=(34 50 66)
+# algorithms from Algorithm Registry
+HBIN=(000b 000c 000d)
+# Name from Table 14: Policy Index Names
+NVNAME=(
+    000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f
+    000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c
+    000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560
+)
+
+for ((i = 0 ; i < 3; i++))
+do 
+
+    echo "Undefine optional ${HALG[i]} NV index ${IDX[i]}"
+    ${PREFIX}nvundefinespace -ha ${IDX[i]} -hi o > run.out 
+    echo " INFO:"
+
+    echo "Define optional ${HALG[i]} NV index ${IDX[i]} with PolicySecret for TPM_RH_ENDORSEMENT"
+    ${PREFIX}nvdefinespace -ha ${IDX[i]} -nalg ${HALG[i]} -hi o -pol policies/policyiwgek${HALG[i]}.bin -sz ${SIZ[i]} +at wa +at or +at ppr +at ar -at aw > run.out
+    checkSuccess $?
+
+    echo "Start a ${HALG[i]} policy session"
+    ${PREFIX}startauthsession -se p -halg ${HALG[i]} > run.out
+    checkSuccess $?
+
+    echo "Satisfy the policy"
+    ${PREFIX}policysecret -hs 03000000 -ha 4000000B > run.out
+    checkSuccess $?
+
+    echo "Get the session digest for debug"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Write the ${HALG[i]} ${IDX[i]} index to set the written bit before reading the Name"
+    ${PREFIX}nvwrite -ha ${IDX[i]} -if policies/policysecretp${HALG[i]}ha.bin  -se0 03000000 0 > run.out
+    checkSuccess $?
+
+    echo "Read the ${HALG[i]} Name"
+    ${PREFIX}nvreadpublic -ha ${IDX[i]} -ns > run.out
+    checkSuccess $?
+
+    echo "Verify the ${HALG[i]} Name"
+    ACTUAL=`grep ${HBIN[i]} run.out |grep -v nvreadpublic`
+    diff <(echo "${ACTUAL}" ) <(echo "${NVNAME[i]}" )
+    checkSuccess $?
+
+done
+
+# B.8.4	Computing PolicyC - TPM_CC_PolicyAuthorizeNV || nvIndex->Name)
+
+# policyiwgekcsha256.txt 
+# 00000192000b0c9d717e9c3fe69fda41769450bb145957f8b3610e084dbf65591a5d11ecd83f
+
+# policyiwgekcsha384.txt 
+# 00000192000cdb62fca346612c976732ff4e8621fb4e858be82586486504f7d02e621f8d7d61ae32cfc60c4d120609ed6768afcf090c
+
+# policyiwgekcsha512.txt 
+# 00000192000d1c47c0bbcbd3cf7d7cae6987d31937c171015dde3b7f0d3c869bca1f7e8a223b9acfadb49b7c9cf14d450f41e9327de34d9291eece2c58ab1dc10e9059cce560
+
+# policymaker -if policies/policyiwgekcsha256.txt -ns -halg sha256 -pr -of policies/policyiwgekcsha256.bin
+# 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde
+
+# policymaker -if policies/policyiwgekcsha384.txt -ns -halg sha384 -pr -of policies/policyiwgekcsha384.bin
+# d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165
+
+# policymaker -if policies/policyiwgekcsha512.txt -ns -halg sha512 -pr -of policies/policyiwgekcsha512.bin
+# 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8
+
+# B.8.5	Computing PolicyB - TPM_CC_PolicyOR || digests
+
+# policyiwgekbsha256.txt
+# 00000171
+# 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa
+# 3767e2edd43ff45a3a7e1eaefcef78643dca964632e7aad82c673a30d8633fde
+# policymaker -if policies/policyiwgekbsha256.txt -halg sha256 -pr -of policies/policyiwgekbsha256.bin
+ # ca 3d 0a 99 a2 b9 39 06 f7 a3 34 24 14 ef cf b3 
+ # a3 85 d4 4c d1 fd 45 90 89 d1 9b 50 71 c0 b7 a0 
+
+# policyiwgekbsha384.txt
+# 00000171
+# 8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53
+# d6032ce61f2fb3c240eb3cf6a33237ef2b6a16f4293c22b455e261cffd217ad5b4947c2d73e63005eed2dc2b3593d165
+# policymaker -if policies/policyiwgekbsha384.txt -halg sha384 -pr -of policies/policyiwgekbsha384.bin
+ # b2 6e 7d 28 d1 1a 50 bc 53 d8 82 bc f5 fd 3a 1a 
+ # 07 41 48 bb 35 d3 b4 e4 cb 1c 0a d9 bd e4 19 ca 
+ # cb 47 ba 09 69 96 46 15 0f 9f c0 00 f3 f8 0e 12 
+
+# policyiwgekbsha512.txt
+# 00000171
+# 1e3b76502c8a1425aa0b7b3fc646a1b0fae063b03b5368f9c4cddecaff0891dd682bac1a85d4d832b781ea451915de5fc5bf0dc4a1917cd42fa041e3f998e0ee
+# 589ee1e146544716e8deafe6db247b01b81e9f9c7dd16b814aa159138749105fba5388dd1dea702f35240c184933121e2c61b8f50d3ef91393a49a38c3f73fc8
+# policymaker -if policies/policyiwgekbsha512.txt -halg sha512 -pr -of policies/policyiwgekbsha512.bin
+ # b8 22 1c a6 9e 85 50 a4 91 4d e3 fa a6 a1 8c 07 
+ # 2c c0 12 08 07 3a 92 8d 5d 66 d5 9e f7 9e 49 a4 
+ # 29 c4 1a 6b 26 95 71 d5 7e db 25 fb db 18 38 42 
+ # 56 08 b4 13 cd 61 6a 5f 6d b5 b6 07 1a f9 9b ea 
+
+echo ""
+echo "Test the EK policies"
+echo ""
+
+# test message to be signed
+echo -n "1234567890123456" > msg.bin
+
+# Change endorsement and platform hierarchy passwords for testing
+
+echo "Change endorsement hierarchy password"
+${PREFIX}hierarchychangeauth -hi e -pwdn eee
+checkSuccess $?
+
+echo "Change platform hierarchy password"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp
+checkSuccess $?
+
+for ((i = 0 ; i < 3; i++))
+do 
+
+    echo "Create an RSA primary key ${HALG[i]} 80000001"
+    ${PREFIX}createprimary -si -nalg ${HALG[i]} -pwdk kkk -pol policies/policyiwgekb${HALG[i]}.bin -rsa > run.out 
+    checkSuccess $?
+
+    echo "Start a policy session ${HALG[i]} 03000000"
+    ${PREFIX}startauthsession -se p -halg ${HALG[i]} > run.out
+    checkSuccess $?
+
+    echo "Satisfy Policy A - Policy Secret with PWAP session and endorsement hierarchy auth"
+    ${PREFIX}policysecret -ha 4000000b -hs 03000000 -pwde eee > run.out
+    checkSuccess $?
+
+    echo "Get the session digest for debug"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Policy OR ${HALG[i]}"
+    ${PREFIX}policyor -ha 03000000 -if policies/policyiwgek${HALG[i]}.bin -if policies/policyiwgekc${HALG[i]}.bin > run.out
+    checkSuccess $?
+
+    echo "Get the ${HALG[i]} session digest for debug"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy A"
+    ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Policy restart ${HALG[i]} 03000000"
+    ${PREFIX}policyrestart -ha 03000000 > run.out 
+    checkSuccess $?
+
+    echo "Satisfy NV Index Policy - Policy Secret with PWAP session and platform hierarchy auth"
+    ${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out
+    checkSuccess $?
+
+    echo "Get the ${HALG[i]} session digest for debug"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Satisfy Policy C - Policy Authorize NV"
+    ${PREFIX}policyauthorizenv -ha ${IDX[i]} -hs 03000000 > run.out
+    checkSuccess $?
+
+    echo "Get the ${HALG[i]} session digest for debug"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Policy OR ${HALG[i]}"
+    ${PREFIX}policyor -ha 03000000 -if policies/policyiwgek${HALG[i]}.bin -if policies/policyiwgekc${HALG[i]}.bin > run.out
+    checkSuccess $?
+
+    echo "Get the ${HALG[i]} session digest for debug"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy A"
+    ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Flush the policy session ${HALG[i]} 03000000"
+    ${PREFIX}flushcontext -ha 03000000 > run.out
+    checkSuccess $?
+    
+    echo "Flush the primary key ${HALG[i]} 80000001"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Cleanup"
+echo ""
+
+echo "Reset endorsement hierarchy password"
+${PREFIX}hierarchychangeauth -hi e -pwda eee
+checkSuccess $?
+
+echo "Reset platform hierarchy password"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp
+checkSuccess $?
+
+for ((i = 0 ; i < 3; i++))
+do 
+
+    echo "Undefine optional ${HALG[i]} NV index ${IDX[i]}"
+    ${PREFIX}nvundefinespace -ha ${IDX[i]} -hi o > run.out
+    checkSuccess $?
+
+done
+
+rm -f run.out
+rm -f sig.bin
+rm -f tmprpub.bin
+rm -f tmprpriv.bin
+rm -f tmpcredin.bin
+rm -f tmpcredenc.bin
+rm -f tmpcreddec.bin
+rm -f tmpsecret.bin
+rm -f tmp.der
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testda.bat b/utils/regtests/testda.bat
new file mode 100644
index 000000000..f991bfe98
--- /dev/null
+++ b/utils/regtests/testda.bat
@@ -0,0 +1,203 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testda.bat 1278 2018-07-23 21:20:42Z kgoldman $		#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "DA Logic"
+echo ""
+
+echo "Create an signing key with DA protection"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -da > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set DA recovery time to 0, disables DA"
+%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with bad password - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Sign a digest with good password, no lockout"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set DA recovery time to 120 sec, enables DA"
+%TPM_EXE_PATH%dictionaryattackparameters -nrt 120 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with bad password - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Sign a digest with good password, lockout - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Reset DA lock"
+%TPM_EXE_PATH%dictionaryattacklockreset > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with good password"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set DA recovery time to 120 sec, enables DA, max tries 2"
+%TPM_EXE_PATH%dictionaryattackparameters -nrt 120 -nmt 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Sign a digest with bad password - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Sign a digest with good password, no lockout yet"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Sign a digest with bad password - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Sign a digest with good password, lockout - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Reset DA lock"
+%TPM_EXE_PATH%dictionaryattacklockreset > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with good password, no lockout"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set DA recovery time to 0, disables DA"
+%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Lockout Auth"
+echo ""
+
+echo "Change lockout auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi l -pwdn lll > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Reset DA lock with good password"
+%TPM_EXE_PATH%dictionaryattacklockreset -pwd lll > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set DA recovery time to 0 with good password"
+%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 -pwd lll > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear lockout auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi l -pwda lll > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set DA recovery time to 0"
+%TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Reset DA lock"
+%TPM_EXE_PATH%dictionaryattacklockreset > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+exit /B 0
+
+REM getcapability -cap 1 -pr 80000000
diff --git a/utils/regtests/testda.sh b/utils/regtests/testda.sh
new file mode 100755
index 000000000..7cfa9a3b7
--- /dev/null
+++ b/utils/regtests/testda.sh
@@ -0,0 +1,152 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: testda.sh 1277 2018-07-23 20:30:23Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "DA Logic"
+echo ""
+
+echo "Create an signing key with DA protection"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -da > run.out
+checkSuccess $?
+
+echo "Load the signing key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Set DA recovery time to 0, disables DA"
+${PREFIX}dictionaryattackparameters -nrt 0 > run.out
+checkSuccess $?
+
+echo "Sign a digest with bad password - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+checkFailure $?
+
+echo "Sign a digest with good password, no lockout"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Set DA recovery time to 120 sec, enables DA"
+${PREFIX}dictionaryattackparameters -nrt 120 > run.out
+checkSuccess $?
+
+echo "Sign a digest with bad password - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+checkFailure $?
+
+echo "Sign a digest with good password, lockout - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Reset DA lock"
+${PREFIX}dictionaryattacklockreset > run.out
+checkSuccess $?
+
+echo "Sign a digest with good password"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Set DA recovery time to 120 sec, enables DA, max tries 2"
+${PREFIX}dictionaryattackparameters -nrt 120 -nmt 2 > run.out
+checkSuccess $?
+
+echo "Sign a digest with bad password - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+checkFailure $?
+
+echo "Sign a digest with good password, no lockout yet"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Sign a digest with bad password - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out
+checkFailure $?
+
+echo "Sign a digest with good password, lockout - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Reset DA lock"
+${PREFIX}dictionaryattacklockreset > run.out
+checkSuccess $?
+
+echo "Sign a digest with good password, no lockout"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Set DA recovery time to 0, disables DA"
+${PREFIX}dictionaryattackparameters -nrt 0 > run.out
+checkSuccess $?
+
+echo ""
+echo "Lockout Auth"
+echo ""
+
+echo "Change lockout auth"
+${PREFIX}hierarchychangeauth -hi l -pwdn lll > run.out
+checkSuccess $?
+
+echo "Reset DA lock with good password"
+${PREFIX}dictionaryattacklockreset -pwd lll > run.out
+checkSuccess $?
+
+echo "Set DA recovery time to 0 with good password"
+${PREFIX}dictionaryattackparameters -nrt 0 -pwd lll > run.out
+checkSuccess $?
+
+echo "Clear lockout auth"
+${PREFIX}hierarchychangeauth -hi l -pwda lll > run.out
+checkSuccess $?
+
+echo "Set DA recovery time to 0"
+${PREFIX}dictionaryattackparameters -nrt 0 > run.out
+checkSuccess $?
+
+echo "Reset DA lock"
+${PREFIX}dictionaryattacklockreset > run.out
+checkSuccess $?
+
+echo "Flush signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
diff --git a/utils/regtests/testdup.bat b/utils/regtests/testdup.bat
new file mode 100644
index 000000000..11a206dbf
--- /dev/null
+++ b/utils/regtests/testdup.bat
@@ -0,0 +1,777 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+REM 80000001 K1 storage key
+REM 80000002 K2 signing key to be duplicated
+REM 80000002 K2 duplicated
+REM 03000000 policy session
+
+REM policy
+REM be f5 6b 8c 1c c8 4e 11 ed d7 17 52 8d 2c d9 93 
+REM 56 bd 2b bf 8f 01 52 09 c3 f8 4a ee ab a8 e8 a2 
+
+REM used for the name in rewrap
+
+echo ""
+echo "Duplication"
+echo ""
+
+echo ""
+echo "Duplicate Child Key"
+echo ""
+
+REM # primary key		80000000
+REM # target storage key K1 	80000001
+REM #	originally under primary key
+REM #	duplicate to K1
+REM #	import to K1
+REM # signing key        K2	80000002
+
+for %%A in ("rsa" "ecc") do (
+    
+    for %%E in ("" "-salg aes -ik tmprnd.bin") do (
+
+    	for %%H in (%ITERATE_ALGS%) do (
+
+	    echo "Create a signing key K2 under the primary key, with policy"
+	    %TPM_EXE_PATH%create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Load the %%~A storage key K1"
+	    %TPM_EXE_PATH%load -hp 80000000 -ipr store%%~Apriv.bin -ipu store%%~Apub.bin -pwdp sto > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Load the signing key K2"
+	    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Sign a digest, %%H"
+	    %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig  > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Verify the signature, %%H"
+	    %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Start a policy session"
+	    %TPM_EXE_PATH%startauthsession -se p > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Policy command code, duplicate"
+	    %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Get policy digest"
+	    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out 
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Get random AES encryption key"
+	    %TPM_EXE_PATH%getrandom -by 16 -of tmprnd.bin > run.out 
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+	    
+	    echo "Duplicate K2 under %%~A K1, %%~E"
+	    %TPM_EXE_PATH%duplicate -ho 80000002 -pwdo sig -hp 80000001 -od tmpdup.bin -oss tmpss.bin %%~E -se0 03000000 1 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Flush the original K2 to free object slot for import"
+	    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Import K2 under %%~A K1, %%~E"
+	    %TPM_EXE_PATH%import -hp 80000001 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin %%~E -opr tmppriv.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Sign under K2, %%H - should fail"
+	    %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out
+    	    IF !ERRORLEVEL! EQU 0 (
+       	       exit /B 1
+    	    )
+
+	    echo "Load the duplicated signing key K2"
+	    %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Sign using duplicated K2, %%H"
+	    %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Verify the signature, %%H"
+	    %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Flush the duplicated K2"
+	    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Flush the parent K1"
+	    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Flush the session"
+	    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	)
+    )
+)
+
+echo ""
+echo "Duplicate Primary Key"
+echo ""
+
+echo "Create a platform primary signing key K2 80000001"
+%TPM_EXE_PATH%createprimary -hi p -si -kt nf -kt np -pol policies/policyccduplicate.bin -opu tmppub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Policy command code, duplicate"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Duplicate K2 under storage key"
+%TPM_EXE_PATH%duplicate -ho 80000001 -hp 80000000 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Import K2 under storage key"
+%TPM_EXE_PATH%import -hp 80000000 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load the duplicated signing key K2 80000002"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the primary key 8000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the duplicated key 80000002 "
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the session 03000000 "
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo ""
+echo "Import PEM RSA signing key under RSA and ECC storage key"
+echo ""
+
+echo "generate the signing key with openssl"
+openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048
+
+echo "load the ECC storage key"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr storeeccpriv.bin -ipu storeeccpub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+    for %%H in (%ITERATE_ALGS%) do (
+        for %%P in (80000000 80000001) do (
+
+	    echo "Import the signing key under the parent key %%P %%H"
+	    %TPM_EXE_PATH%importpem -hp %%P -pwdp sto -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg %%H > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Load the TPM signing key"
+	    %TPM_EXE_PATH%load -hp  %%P -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Sign the message %%H  %%~S"
+	    %TPM_EXE_PATH%sign -hk 80000002 -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg %%H  %%~S > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Verify the signature %%H"
+	    %TPM_EXE_PATH%verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin -halg %%H > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Flush the signing key"
+	    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	)
+    )
+)
+
+echo ""
+echo "Import PEM EC signing key under RSA and ECC storage key"
+echo ""
+
+echo "generate the signing key with openssl"
+openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem
+
+for %%S in ("" "-se0 02000000 1") do (
+    for %%H in (%ITERATE_ALGS%) do (
+        for %%P in (80000000 80000001) do (
+
+	    echo "Import the signing key under the parent key %%P %%H"
+	    %TPM_EXE_PATH%importpem -hp %%P -pwdp sto -ipem tmpecprivkey.pem -ecc -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg %%H > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Load the TPM signing key"
+	    %TPM_EXE_PATH%load -hp %%P -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Sign the message %%H %%~S"
+	    %TPM_EXE_PATH%sign -hk 80000002 -salg ecc -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg %%H %%~S > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1test
+	    )
+
+	    echo "Verify the signature %%H"
+	    %TPM_EXE_PATH%verifysignature -hk 80000002 -ecc -if policies/aaa -is tmpsig.bin -halg %%H > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	    echo "Flush the signing key"
+	    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	        exit /B 1
+	    )
+
+	)
+    )
+)
+
+echo "Flush the ECC storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo ""
+echo "Rewrap"
+echo ""
+
+REM duplicate object O1 to K1 (the outer wrapper, knows inner wrapper)
+REM rewrap O1 from K1 to K2 (does not know inner wrapper)
+REM import O1 to K2 (knows inner wrapper)
+
+REM 03000000 policy session for duplicate
+    
+REM at TPM 1, duplicate object to K1 outer wrapper, AES wrapper
+
+echo "Create a storage key K2"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpk2priv.bin -opu tmpk2pub.bin -pwdp sto -pwdk k2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the storage key K1 80000001 public key "
+%TPM_EXE_PATH%loadexternal -hi p -ipu storersapub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key O1 with policy"
+%TPM_EXE_PATH%create -hp 80000000 -si -opr tmpsignpriv.bin -opu tmpsignpub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key O1 80000002 under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmpsignpriv.bin -ipu tmpsignpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save the signing key O1 name"
+cp h80000002.bin tmpo1name.bin
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code, duplicate"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get random AES encryption key"
+%TPM_EXE_PATH%getrandom -by 16 -of tmprnd.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Duplicate O1 80000002 under K1 80000001 outer wrapper, using AES inner wrapper"
+%TPM_EXE_PATH%duplicate -ho 80000002 -pwdo sig -hp 80000001 -ik tmprnd.bin -od tmpdup.bin -oss tmpss.bin -salg aes -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush signing key O1 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush storage key K1 80000001 public key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM at TPM 2
+
+echo "Load storage key K1 80000001 public and private key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load storage key K2 80000002 public key"
+%TPM_EXE_PATH%loadexternal -hi p -ipu tmpk2pub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Rewrap O1 from K1 80000001 to K2 80000002 "
+%TPM_EXE_PATH%rewrap -ho 80000001 -hn 80000002 -pwdo sto -id tmpdup.bin -in tmpo1name.bin -iss tmpss.bin -od tmpdup.bin -oss tmpss.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush old key K1 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush new key K2 80000002 public key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM at TPM 3
+
+echo "Load storage key K2 80000001 public key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmpk2priv.bin -ipu tmpk2pub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Import rewraped O1 to K2"
+%TPM_EXE_PATH%import -hp 80000001 -pwdp k2 -ipu tmpsignpub.bin -id tmpdup.bin -iss tmpss.bin -salg aes -ik tmprnd.bin -opr tmpsignpriv3.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the imported signing key O1 80000002 under K2 80000001"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmpsignpriv3.bin -ipu tmpsignpub.bin -pwdp k2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign using duplicated K2"
+%TPM_EXE_PATH%sign -hk 80000002  -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -if policies/aaa -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush storage key K2 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush signing key O1 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Duplicate Primary Sealed AES from Source to Target EK"
+echo ""
+
+REM # source creates AES key, sends to target
+
+REM # Real code would send the target EK X509 certificate.  The target could
+REM # defer recreating the EK until later.
+
+REM # Target
+
+for %%A in ("rsa" "ecc") do (
+
+    echo "Target: Provision a target %%A EK certificate"
+    %TPM_EXE_PATH%createekcert -alg %%A -cakey cakey.pem -capwd rrrr > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Recreate the %%A EK at 80000001"
+    %TPM_EXE_PATH%createek -alg %%A -cp -noflush > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Convert the EK public key to PEM format for transmission to source"
+    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmpekpub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Flush the EK"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+REM # Here, target would send the EK PEM public key to the source
+
+REM # The real source would
+REM #
+REM # 1 - walk the EK X509 certificate chain.  I have to add that sample code to createEK or make a new utility.
+REM # 2 - use openssl to convert the X509 EK certificate the the PEM public key file
+REM # 
+REM # for now, the source trusts the target EK PEM public key
+
+REM # Source
+
+    echo "Source: Create an AES 256 bit key"
+    %TPM_EXE_PATH%getrandom -by 32 -ns -of tmpaeskeysrc.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Create primary duplicable sealed AES key 80000001"
+    %TPM_EXE_PATH%createprimary -bl -kt nf -kt np -if tmpaeskeysrc.bin -pol policies/policyccduplicate.bin -opu tmpsdbpub.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Load the target %%A EK public key as a storage key 80000002"
+    %TPM_EXE_PATH%loadexternal -%%A -st -ipem tmpekpub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Start a policy session, duplicate needs a policy 03000000"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Policy command code, duplicate"
+    %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Read policy digest, for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Wrap the sealed AES key with the target EK public key"
+    %TPM_EXE_PATH%duplicate -ho 80000001 -hp 80000002 -od tmpsdbdup.bin -oss tmpss.bin -se0 03000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Flush the sealed AES key 80000001"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Source: Flush the EK public key 80000002"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+REM # Transmit the sealed AEK key wrapped with the target EK back to the target
+REM # tmpsdbdup.bin private part wrapped in EK public key, via symmetric seed
+REM # tmpsdbpub.bin public part 
+REM # tmpss.bin symmetric seed, encrypted with EK public key
+
+REM # Target
+
+REM # NOTE This assumes that the endorsement hierarchy password is Empty.
+REM # This may be a bad assumption if an attacker can get access and
+REM # change it.
+
+    echo "Target: Recreate the -%%A EK at 80000001"
+    %TPM_EXE_PATH%createek -alg %%A -cp -noflush > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Start a policy session, EK use needs a policy"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth"
+    %TPM_EXE_PATH%policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Read policy digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Import the sealed AES key under the EK storage key"
+    %TPM_EXE_PATH%import -hp 80000001 -ipu tmpsdbpub.bin -id tmpsdbdup.bin -iss tmpss.bin -opr tmpsdbpriv.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Restart the policy session"
+    %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth"
+    %TPM_EXE_PATH%policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Read policy digest for debug"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Load the sealed AES key under the EK storage key"
+    %TPM_EXE_PATH%load -hp 80000001 -ipu tmpsdbpub.bin -ipr tmpsdbpriv.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Target: Unseal the AES key"
+    %TPM_EXE_PATH%unseal -ha 80000002 -of tmpaeskeytgt.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+REM # A real target would not have access to tmpaeskeysrc.bin for the compare
+
+    echo "Target: Verify the unsealed result, same at source, for debug"
+    diff tmpaeskeytgt.bin tmpaeskeysrc.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the EK"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the sealed AES key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the policy session"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+REM cleanup
+    
+echo "Undefine the RSA EK certificate index"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01c00002
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Undefine the ECC EK certificate index"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01c0000a
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+rm -f tmpo1name.bin
+rm -f tmpsignpriv.bin
+rm -f tmpsignpub.bin
+rm -f tmprnd.bin
+rm -f tmpdup.bin
+rm -f tmpss.bin
+rm -f tmpsignpriv3.bin
+rm -f tmpsig.bin
+rm -f tmpk2priv.bin
+rm -f tmpk2pub.bin
+rm -f tmposs.bin 
+rm -f tmpprivkey.pem
+rm -f tmpecprivkey.pem
+rm -f tmppub.bin
+rm -f tmppriv.bin
+rm -f tmpekpub.pem
+rm -f tmpaeskeysrc.bin
+rm -f tmpsdbpub.bin
+rm -f tmpsdbdup.bin
+rm -f tmpss.bin
+rm -f tmpsdbpriv.bin
+rm -f tmpaeskeytgt.bin
+
+exit /B 0
+
+REM flushcontext -ha 80000001
+REM flushcontext -ha 80000002
+REM flushcontext -ha 03000000
+
+REM getcapability -cap 1 -pr 80000000
+REM getcapability -cap 1 -pr 03000000
diff --git a/utils/regtests/testdup.sh b/utils/regtests/testdup.sh
new file mode 100755
index 000000000..8f5119cae
--- /dev/null
+++ b/utils/regtests/testdup.sh
@@ -0,0 +1,623 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# 80000001 K1 storage key
+# 80000002 K2 signing key to be duplicated
+# 80000002 K2 duplicated
+# 03000000 policy session
+
+# policy
+# be f5 6b 8c 1c c8 4e 11 ed d7 17 52 8d 2c d9 93 
+# 56 bd 2b bf 8f 01 52 09 c3 f8 4a ee ab a8 e8 a2 
+
+# used for the name in rewrap
+
+if [ -z $TPM_DATA_DIR ]; then
+    TPM_DATA_DIR=.
+fi
+
+echo ""
+echo "Duplication"
+echo ""
+
+echo ""
+echo "Duplicate Child Key"
+echo ""
+
+# primary key		80000000
+# target storage key K1 80000001
+#	originally under primary key
+#	duplicate to K1
+#	import to K1
+# signing key        K2 80000002
+
+for ALG in "rsa" "ecc"
+do
+    for ENC in "" "-salg aes -ik tmprnd.bin"
+    do 
+	for HALG in ${ITERATE_ALGS}
+	do
+
+	    echo "Create a signing key K2 under the primary key, with policy"
+	    ${PREFIX}create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out
+	    checkSuccess $?
+
+	    echo "Load the ${ALG} storage key K1 80000001"
+	    ${PREFIX}load -hp 80000000 -ipr store${ALG}priv.bin -ipu store${ALG}pub.bin -pwdp sto > run.out
+	    checkSuccess $?
+
+	    echo "Load the signing key K2 80000002"
+	    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+	    checkSuccess $?
+
+	    echo "Sign a digest, $HALG"
+	    ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out
+	    checkSuccess $?
+
+	    echo "Verify the signature, $HALG"
+	    ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is tmpsig.bin > run.out
+	    checkSuccess $?
+
+	    echo "Start a policy session"
+	    ${PREFIX}startauthsession -se p > run.out
+	    checkSuccess $?
+
+	    echo "Policy command code, duplicate"
+	    ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out
+	    checkSuccess $?
+
+	    echo "Get policy digest"
+	    ${PREFIX}policygetdigest -ha 03000000 > run.out 
+	    checkSuccess $?
+
+	    echo "Get random AES encryption key"
+	    ${PREFIX}getrandom -by 16 -of tmprnd.bin > run.out 
+	    checkSuccess $?
+
+	    echo "Duplicate K2 under ${ALG} K1, ${ENC}"
+	    ${PREFIX}duplicate -ho 80000002 -pwdo sig -hp 80000001 -od tmpdup.bin -oss tmpss.bin ${ENC} -se0 03000000 1 > run.out
+	    checkSuccess $?
+
+	    echo "Flush the original K2 to free object slot for import"
+	    ${PREFIX}flushcontext -ha 80000002 > run.out
+	    checkSuccess $?
+
+	    echo "Import K2 under ${ALG} K1, ${ENC}"
+	    ${PREFIX}import -hp 80000001 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin ${ENC} -opr tmppriv.bin > run.out
+	    checkSuccess $?
+
+	    echo "Sign under K2, $HALG - should fail"
+	    ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out
+	    checkFailure $?
+
+	    echo "Load the duplicated signing key K2"
+	    ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+	    checkSuccess $?
+
+	    echo "Sign using duplicated K2, $HALG"
+	    ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out
+	    checkSuccess $?
+
+	    echo "Verify the signature, $HALG"
+	    ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is tmpsig.bin > run.out
+	    checkSuccess $?
+
+	    echo "Flush the duplicated K2"
+	    ${PREFIX}flushcontext -ha 80000002 > run.out
+	    checkSuccess $?
+
+	    echo "Flush the parent K1"
+	    ${PREFIX}flushcontext -ha 80000001 > run.out
+	    checkSuccess $?
+
+	    echo "Flush the session"
+	    ${PREFIX}flushcontext -ha 03000000 > run.out
+	    checkSuccess $?
+
+	done
+    done
+done
+
+echo ""
+echo "Duplicate Primary Key"
+echo ""
+
+echo "Create a platform primary signing key K2 80000001"
+${PREFIX}createprimary -hi p -si -kt nf -kt np -pol policies/policyccduplicate.bin -opu tmppub.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000001 -if policies/aaa > run.out
+checkSuccess $?
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy command code, duplicate"
+${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out
+checkSuccess $?
+
+echo "Duplicate K2 under storage key"
+${PREFIX}duplicate -ho 80000001 -hp 80000000 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Import K2 under storage key"
+${PREFIX}import -hp 80000000 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv.bin > run.out
+checkSuccess $?
+
+echo "Load the duplicated signing key K2 80000002"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -if policies/aaa > run.out
+checkSuccess $?
+
+echo "Flush the primary key 8000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the duplicated key 80000002 "
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the session 03000000 "
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Import PEM RSA signing key under RSA and ECC storage key"
+echo ""
+
+echo "generate the signing key with openssl"
+openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048
+
+echo "load the ECC storage key"
+${PREFIX}load -hp 80000000 -pwdp sto -ipr storeeccpriv.bin -ipu storeeccpub.bin > run.out
+checkSuccess $?
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	for PARENT in 80000000 80000001
+	do
+
+		echo "Import the signing key under the parent key ${PARENT} ${HALG}"
+		${PREFIX}importpem -hp ${PARENT} -pwdp sto -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg ${HALG} > run.out
+		checkSuccess $?
+
+		echo "Load the TPM signing key"
+		${PREFIX}load -hp ${PARENT} -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+		checkSuccess $?
+
+		echo "Sign the message ${HALG} ${SESS}"
+		${PREFIX}sign -hk 80000002 -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg ${HALG} ${SESS} > run.out
+		checkSuccess $?
+
+		echo "Verify the signature ${HALG}"
+		${PREFIX}verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin -halg ${HALG} > run.out
+		checkSuccess $?
+
+		echo "Flush the signing key"
+		${PREFIX}flushcontext -ha 80000002 > run.out
+		checkSuccess $?
+
+	done
+    done
+done
+
+echo ""
+echo "Import PEM EC signing key under RSA and ECC storage key"
+echo ""
+
+# mbedtls appears to only support the legacy PEM format
+# -----BEGIN EC PRIVATE KEY-----
+# and not the PKCS8 format
+# -----BEGIN ENCRYPTED PRIVATE KEY-----
+#
+
+echo "generate the signing key with openssl"
+if   [ ${CRYPTOLIBRARY} == "openssl" ]; then
+    openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem
+
+elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then
+# plaintext key pair, legacy plaintext -----BEGIN PRIVATE KEY-----
+    openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -text -out tmpecprivkeydec.pem
+# encrypt key pair, legacy encrypted -----BEGIN EC PRIVATE KEY-----
+    openssl ec -aes128 -passout pass:rrrr -in tmpecprivkeydec.pem -out tmpecprivkey.pem 
+
+else
+    echo "Error: crypto library ${CRYPTOLIBRARY} not supported"
+    exit 255
+fi
+
+for SESS in "" "-se0 02000000 1"
+do
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	for PARENT in 80000000 80000001
+	do
+
+	    echo "Import the signing key under the parent key ${PARENT} ${HALG}"
+	    ${PREFIX}importpem -hp ${PARENT} -pwdp sto -ipem tmpecprivkey.pem -ecc -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg ${HALG} > run.out
+	    checkSuccess $?
+
+	    echo "Load the TPM signing key"
+	    ${PREFIX}load -hp ${PARENT} -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+	    checkSuccess $?
+
+	    echo "Sign the message ${HALG} ${SESS}"
+	    ${PREFIX}sign -hk 80000002 -salg ecc -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg ${HALG} ${SESS} > run.out
+	    checkSuccess $?
+
+	    echo "Verify the signature ${HALG}"
+	    ${PREFIX}verifysignature -hk 80000002 -ecc -if policies/aaa -is tmpsig.bin -halg ${HALG} > run.out
+	    checkSuccess $?
+
+	    echo "Flush the signing key"
+	    ${PREFIX}flushcontext -ha 80000002 > run.out
+	    checkSuccess $?
+
+	done
+    done
+done
+
+echo "Flush the ECC storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Rewrap"
+echo ""
+
+# duplicate object O1 to K1 (the outer wrapper, knows inner wrapper)
+# rewrap O1 from K1 to K2 (does not know inner wrapper)
+# import O1 to K2 (knows inner wrapper)
+
+# 03000000 policy session for duplicate
+
+# at TPM 1, duplicate object to K1 outer wrapper, AES wrapper
+
+echo "Create a storage key K2"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpk2priv.bin -opu tmpk2pub.bin -pwdp sto -pwdk k2 > run.out
+checkSuccess $?
+
+echo "Load the storage key K1 80000001 public key "
+${PREFIX}loadexternal -hi p -ipu storersapub.bin > run.out
+checkSuccess $?
+
+echo "Create a signing key O1 with policy"
+${PREFIX}create -hp 80000000 -si -opr tmpsignpriv.bin -opu tmpsignpub.bin -pwdp sto -pwdk sig -pol policies/policyccduplicate.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key O1 80000002 under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmpsignpriv.bin -ipu tmpsignpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Save the signing key O1 name"
+cp ${TPM_DATA_DIR}/h80000002.bin tmpo1name.bin
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy command code, duplicate"
+${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out
+checkSuccess $?
+
+echo "Get random AES encryption key"
+${PREFIX}getrandom -by 16 -of tmprnd.bin > run.out
+checkSuccess $?
+
+echo "Duplicate O1 80000002 under K1 80000001 outer wrapper, using AES inner wrapper"
+${PREFIX}duplicate -ho 80000002 -pwdo sig -hp 80000001 -ik tmprnd.bin -od tmpdup.bin -oss tmpss.bin -salg aes -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Flush signing key O1 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush storage key K1 80000001 public key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+# at TPM 2
+
+echo "Load storage key K1 80000001 public and private key"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Load storage key K2 80000002 public key"
+${PREFIX}loadexternal -hi p -ipu tmpk2pub.bin > run.out
+checkSuccess $?
+
+echo "Rewrap O1 from K1 80000001 to K2 80000002 "
+${PREFIX}rewrap -ho 80000001 -hn 80000002 -pwdo sto -id tmpdup.bin -in tmpo1name.bin -iss tmpss.bin -od tmpdup.bin -oss tmpss.bin > run.out
+checkSuccess $?
+
+echo "Flush old key K1 80000001"
+${PREFIX}flushcontext -ha 80000002 > run.out 
+checkSuccess $?
+
+echo "Flush new key K2 80000002 public key"
+${PREFIX}flushcontext -ha 80000001 > run.out 
+checkSuccess $?
+
+# at TPM 3
+
+echo "Load storage key K2 80000001 public key"
+${PREFIX}load -hp 80000000 -ipr tmpk2priv.bin -ipu tmpk2pub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Import rewraped O1 to K2"
+${PREFIX}import -hp 80000001 -pwdp k2 -ipu tmpsignpub.bin -id tmpdup.bin -iss tmpss.bin -salg aes -ik tmprnd.bin -opr tmpsignpriv3.bin > run.out
+checkSuccess $?
+
+echo "Load the imported signing key O1 80000002 under K2 80000001"
+${PREFIX}load -hp 80000001 -ipr tmpsignpriv3.bin -ipu tmpsignpub.bin -pwdp k2 > run.out
+checkSuccess $?
+
+echo "Sign using duplicated K2"
+${PREFIX}sign -hk 80000002  -if policies/aaa -os tmpsig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Flush storage key K2 80000001"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush signing key O1 80000002"
+${PREFIX}flushcontext -ha 80000001 > run.out 
+checkSuccess $?
+
+echo ""
+echo "Duplicate Primary Sealed AES from Source to Target EK"
+echo ""
+
+# source creates AES key, sends to target
+
+# Real code would send the target EK X509 certificate.  The target could
+# defer recreating the EK until later.
+
+# Target
+
+# The mbedtls port does not support EC certificate creation yet */
+
+if   [ ${CRYPTOLIBRARY} == "openssl" ]; then
+    for ALG in "rsa" "ecc" 
+    do
+
+	echo "Target: Provision a target ${ALG} EK certificate"
+	${PREFIX}createekcert -alg ${ALG} -cakey cakey.pem -capwd rrrr > run.out
+	checkSuccess $?
+
+	echo "Target: Recreate the ${ALG} EK at 80000001"
+	${PREFIX}createek -alg ${ALG} -cp -noflush > run.out
+	checkSuccess $?
+
+	echo "Target: Convert the EK public key to PEM format for transmission to source"
+	${PREFIX}readpublic -ho 80000001 -opem tmpekpub.pem > run.out
+	checkSuccess $?
+
+	echo "Target: Flush the EK"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+# Here, target would send the EK PEM public key to the source
+
+# The real source would
+#
+# 1 - walk the EK X509 certificate chain.  I have to add that sample code to createEK or make a new utility.
+# 2 - use openssl to convert the X509 EK certificate the the PEM public key file
+# 
+# for now, the source trusts the target EK PEM public key
+
+# Source
+
+	echo "Source: Create an AES 256 bit key"
+	${PREFIX}getrandom -by 32 -ns -of tmpaeskeysrc.bin > run.out
+	checkSuccess $?
+
+	echo "Source: Create primary duplicable sealed AES key 80000001"
+	${PREFIX}createprimary -bl -kt nf -kt np -if tmpaeskeysrc.bin -pol policies/policyccduplicate.bin -opu tmpsdbpub.bin > run.out
+	checkSuccess $?
+
+	echo "Source: Load the target ${ALG} EK public key as a storage key 80000002"
+	${PREFIX}loadexternal -${ALG} -st -ipem tmpekpub.pem > run.out
+	checkSuccess $?
+
+	echo "Source: Start a policy session, duplicate needs a policy 03000000"
+	${PREFIX}startauthsession -se p > run.out
+	checkSuccess $?
+
+	echo "Source: Policy command code, duplicate"
+	${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out
+	checkSuccess $?
+
+	echo "Source: Read policy digest, for debug"
+	${PREFIX}policygetdigest -ha 03000000 > run.out
+	checkSuccess $?
+
+	echo "Source: Wrap the sealed AES key with the target EK public key"
+	${PREFIX}duplicate -ho 80000001 -hp 80000002 -od tmpsdbdup.bin -oss tmpss.bin -se0 03000000 0 > run.out
+	checkSuccess $?
+
+	echo "Source: Flush the sealed AES key 80000001"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+	echo "Source: Flush the EK public key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+# Transmit the sealed AEK key wrapped with the target EK back to the target
+# tmpsdbdup.bin private part wrapped in EK public key, via symmetric seed
+# tmpsdbpub.bin public part 
+# tmpss.bin symmetric seed, encrypted with EK public key
+
+# Target
+
+# NOTE This assumes that the endorsement hierarchy password is Empty.
+# This may be a bad assumption if an attacker can get access and
+# change it.
+
+	echo "Target: Recreate the -${ALG} EK at 80000001"
+	${PREFIX}createek -alg ${ALG} -cp -noflush > run.out
+	checkSuccess $?
+
+	echo "Target: Start a policy session, EK use needs a policy"
+	${PREFIX}startauthsession -se p > run.out
+	checkSuccess $?
+
+	echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth"
+	${PREFIX}policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out
+	checkSuccess $?
+
+	echo "Target: Read policy digest for debug"
+	${PREFIX}policygetdigest -ha 03000000 > run.out
+	checkSuccess $?
+
+	echo "Target: Import the sealed AES key under the EK storage key"
+	${PREFIX}import -hp 80000001 -ipu tmpsdbpub.bin -id tmpsdbdup.bin -iss tmpss.bin -opr tmpsdbpriv.bin -se0 03000000 1 > run.out
+	checkSuccess $?
+
+	echo "Target: Restart the policy session"
+	${PREFIX}policyrestart -ha 03000000 > run.out
+	checkSuccess $?
+
+	echo "Target: Policy Secret with PWAP session and (Empty) endorsement auth"
+	${PREFIX}policysecret -ha 4000000b -hs 03000000 -pwde "" > run.out
+	checkSuccess $?
+
+	echo "Target: Read policy digest for debug"
+	${PREFIX}policygetdigest -ha 03000000 > run.out
+	checkSuccess $?
+
+	echo "Target: Load the sealed AES key under the EK storage key"
+	${PREFIX}load -hp 80000001 -ipu tmpsdbpub.bin -ipr tmpsdbpriv.bin -se0 03000000 1 > run.out
+	checkSuccess $?
+
+	echo "Target: Unseal the AES key"
+	${PREFIX}unseal -ha 80000002 -of tmpaeskeytgt.bin > run.out
+	checkSuccess $?
+
+# A real target would not have access to tmpaeskeysrc.bin for the compare
+
+	echo "Target: Verify the unsealed result, same at source, for debug"
+	diff tmpaeskeytgt.bin tmpaeskeysrc.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the EK"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+	echo "Flush the sealed AES key"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+	echo "Flush the policy session"
+	${PREFIX}flushcontext -ha 03000000 > run.out
+	checkSuccess $?
+
+    done
+
+# cleanup
+    
+echo "Undefine the RSA EK certificate index"
+${PREFIX}nvundefinespace -hi p -ha 01c00002
+checkSuccess $?
+
+echo "Undefine the ECC EK certificate index"
+${PREFIX}nvundefinespace -hi p -ha 01c0000a
+checkSuccess $?
+
+fi
+
+rm -f tmpo1name.bin
+rm -f tmpsignpriv.bin
+rm -f tmpsignpub.bin
+rm -f tmprnd.bin
+rm -f tmpdup.bin
+rm -f tmpss.bin
+rm -f tmpsignpriv3.bin
+rm -f tmpsig.bin
+rm -f tmpk2priv.bin
+rm -f tmpk2pub.bin
+rm -f tmposs.bin 
+rm -f tmpprivkey.pem
+rm -f tmpecprivkey.pem
+rm -f tmpecprivkeydec.pem
+rm -f tmppub.bin
+rm -f tmppriv.bin
+rm -f tmpekpub.pem
+rm -f tmpaeskeysrc.bin
+rm -f tmpsdbpub.bin
+rm -f tmpsdbdup.bin
+rm -f tmpss.bin
+rm -f tmpsdbpriv.bin
+rm -f tmpaeskeytgt.bin
+
+# ${PREFIX}flushcontext -ha 80000001
+# ${PREFIX}flushcontext -ha 80000002
+# ${PREFIX}flushcontext -ha 03000000
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 03000000
diff --git a/utils/regtests/testecc.bat b/utils/regtests/testecc.bat
new file mode 100644
index 000000000..5de54d60d
--- /dev/null
+++ b/utils/regtests/testecc.bat
@@ -0,0 +1,324 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019.				#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "ECC Ephemeral"
+echo ""
+
+echo ""
+echo "ECC Parameters and Ephemeral"
+echo ""
+
+for %%C in (bnp256 nistp256 nistp384) do (
+
+    echo "ECC Parameters for curve %%C"
+    %TPM_EXE_PATH%eccparameters -cv %%C > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    for %%A in (-si -sir) do (
+
+	echo "Create %%A for curve %%C"
+	%TPM_EXE_PATH%create -hp 80000000 -pwdp sto %%A -ecc %%C > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+
+    )
+
+    echo "EC Ephemeral for curve %%C"
+    %TPM_EXE_PATH%ecephemeral -ecc %%C > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+)
+
+echo ""
+echo "ECC Commit"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+for %%K in ("-dau" "-dar") do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+	echo "Create a %%~K ECDAA signing key under the primary key"
+	%TPM_EXE_PATH%create -hp 80000000 -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk siga > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+	echo "Load the signing key 80000001 under the primary key 80000000"
+	%TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+    	REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001
+    	
+    	REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters
+    	REM which means no P1, no s2 and no y2. 
+    	REM and output the result and get the efile.bin
+    	REM feed back the point in efile.bin as the new p1 because it is on the curve.
+	
+    	REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm.
+	REM example of normal command    
+    	REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out
+	
+	echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S"
+	%TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -pwdk siga  %%~S > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+        REM copy efile as new p1 - for hash operation
+        cp efile.bin p1.bin
+
+        REM We have a point on the curve - in efile.bin.  Use E as P1 and feed it back in
+		
+	REM All this does is simulate the commit that the FIDO alliance wants to
+	REM use in its TPM Join operation.
+		
+	echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S"
+	%TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga %%~S > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+        cat efile.bin p1.bin tmprpub.bin > hashinput.bin
+
+        echo "Hash the E, P1, and Q to create the ticket to use in signing"
+        %TPM_EXE_PATH%hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+        
+        echo "Sign the hash of the points made from commit"
+        %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+        
+	echo "Flush the signing key"
+	%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+    )
+)
+
+REM save old counterfile for off nominal error check
+cp counterfile.bin counterfileold.bin
+
+
+for %%K in ("-dau" "-dar") do (
+    for %%S in ("" "-se0 02000000 1") do (
+
+        echo "Create a %%~K ECDAA signing primary key"
+        %TPM_EXE_PATH%createprimary -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+        
+        REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001
+        
+        REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters
+        REM which means no P1, no s2 and no y2. 
+        REM and output the result and get the efile.bin
+        REM feed back the point in efile.bin as the new p1 because it is on the curve.
+        
+        REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm.
+        REM example of normal command    
+        REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out
+        
+        echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S"
+        %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -cf counterfile.bin -pwdk siga %%~S > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+        
+	REM copy efile as new p1 - for hash operation
+        cp efile.bin p1.bin
+       
+        REM We have a point on the curve - in efile.bin.  Use E as P1 and feed it back in
+        
+        REM All this does is simulate the commit that the FIDO alliance wants to
+        REM use in its TPM Join operation.
+        
+        echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S"
+        %TPM_EXE_PATH%commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga %%~S > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+        cat efile.bin p1.bin tmprpub.bin > hashinput.bin
+
+        echo "Hash the E, P1, and Q to create the ticket to use in signing"
+        %TPM_EXE_PATH%hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+        echo "Check error case bad counter"
+        %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfileold.bin -if hashinput.bin -os sig.bin -tk tfile.bin  > run.out
+    	IF !ERRORLEVEL! EQU 0 (
+           exit /B 1
+    	)
+
+        echo "Sign the hash of the points made from commit"
+        %TPM_EXE_PATH%sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin  > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+        echo "Flush the signing key"
+        %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+    )
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "ECC zgen2phase"
+echo ""
+
+echo "ECC Parameters for curve nistp256"
+%TPM_EXE_PATH%eccparameters -cv nistp256 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM This is just a script for a B "remote" side to create a static key
+REM pair and ephemeral for use in demonstrating (on the local side) a
+REM two-phase operation involving ecephemeral and zgen2phase
+
+echo "Create decryption key for curve nistp256"
+%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -den -ecc nistp256 -opu QsBpub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "EC Ephemeral for curve nistp256"
+%TPM_EXE_PATH%ecephemeral -ecc nistp256 -oq QeBpt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM local side
+REM 
+REM scp or cp the QsBpub.bin and QeBpt.bin from the B side over to the
+REM A side. This assumes QsBpub is a TPM2B_PUBLIC from a create command
+REM on B side.  QeBpt is already in TPM2B_ECC_POINT form since it was
+REM created by ecephemeral on B side QsBpub.bin is presumed in a form
+REM produced by a create commamnd using another TPM
+
+echo "Create decryption key for curve nistp256"
+%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -den -ecc nistp256 -opr QsApriv.bin -opu QsApub.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the decryption key under the primary key, 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr QsApriv.bin -ipu QsApub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "EC Ephemeral for curve nistp256"
+%TPM_EXE_PATH%ecephemeral -ecc nistp256 -oq QeApt.bin -cf counter.bin  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Convert public raw to TPM2B_ECC_POINT"
+%TPM_EXE_PATH%tpmpublic2eccpoint -ipu QsBpub.bin -pt QsBpt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Execute zgen2phase for curve nistp256"
+%TPM_EXE_PATH%zgen2phase -hk 80000001 -scheme ecdh -qsb QsBpt.bin -qeb QeBpt.bin -cf counter.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+rm -rf efile.bin
+rm -rf tmprpub.bin
+rm -rf tmprpriv.bin
+rm -rf counterfile.bin
+rm -rf counterfileold.bin
+rm -rf p1.bin
+rm -rf hashinput.bin
+rm -rf outhash.bin
+rm -rf sig.bin
+rm -rf tfile.bin
+
+rm -rf QsBpub.bin
+rm -rf QeBpt.bin
+rm -rf QsApriv.bin
+rm -rf QsApub.bin
+rm -rf QeApt.bin
+rm -rf counter.bin
+rm -rf QsBpt.bin
+
+REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000
+REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000
+exit /B 0
diff --git a/utils/regtests/testecc.sh b/utils/regtests/testecc.sh
new file mode 100755
index 000000000..9ece33e29
--- /dev/null
+++ b/utils/regtests/testecc.sh
@@ -0,0 +1,279 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testecc.sh 1277 2018-07-23 20:30:23Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "ECC Ephemeral"
+echo ""
+
+echo ""
+echo "ECC Parameters and Ephemeral"
+echo ""
+
+for CURVE in "bnp256" "nistp256" "nistp384"
+do
+
+    echo "ECC Parameters for curve ${CURVE}"
+    ${PREFIX}eccparameters -cv ${CURVE} > run.out
+    checkSuccess $?
+
+    for ATTR in "-si" "-sir"
+    do
+
+	echo "Create ${ATTR} for curve ${CURVE}"
+	${PREFIX}create -hp 80000000 -pwdp sto ${ATTR} -ecc ${CURVE} > run.out
+	checkSuccess $?
+
+    done
+
+    echo "EC Ephemeral for curve ${CURVE}"
+    ${PREFIX}ecephemeral -ecc ${CURVE} > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "ECC Commit"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for KEYTYPE in "-dau" "-dar"
+do 
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Create a $KEYTYPE ECDAA signing key under the primary key"
+	${PREFIX}create -hp 80000000 -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp sto -pwdk siga > run.out
+	checkSuccess $?
+
+	echo "Load the signing key 80000001 under the primary key 80000000"
+	${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp sto > run.out
+	checkSuccess $?
+
+    	#${PREFIX}getcapability -cap 1 -pr 80000001
+    	
+    	# The trick with commit is first use - empty ECC point and no s2 and y2 parameters
+    	# which means no P1, no s2 and no y2. 
+    	# and output the result and get the efile.bin
+    	# feed back the point in efile.bin as the new p1 because it is on the curve.
+	
+    	# There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm.
+    	# example of normal command    
+    	# ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out
+    	# checkSuccess $?
+	
+	echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}"
+	${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out
+	checkSuccess $?
+
+        # copy efile as new p1 - for hash operation
+        cp efile.bin p1.bin
+
+        # We have a point on the curve - in efile.bin.  Use E as P1 and feed it back in
+		
+	# All this does is simulate the commit that the FIDO alliance wants to
+	# use in its TPM Join operation.
+		
+	echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}"
+	${PREFIX}commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga ${SESS} > run.out
+	checkSuccess $?
+
+        cat efile.bin p1.bin tmprpub.bin > hashinput.bin
+
+        echo "Hash the E, P1, and Q to create the ticket to use in signing"
+        ${PREFIX}hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out
+        checkSuccess $?
+        
+        echo "Sign the hash of the points made from commit"
+        ${PREFIX}sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin > run.out
+        checkSuccess $?
+        
+	echo "Flush the signing key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+    done
+done
+
+# save old counterfile for off nominal error check
+cp counterfile.bin counterfileold.bin
+
+for KEYTYPE in "-dau" "-dar"
+do 
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+        echo "Create a $KEYTYPE ECDAA signing primary key"
+        ${PREFIX}createprimary -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out
+        checkSuccess $?
+        
+        #${PREFIX}getcapability -cap 1 -pr 80000001
+        
+        # The trick with commit is first use - empty ECC point and no s2 and y2 parameters
+        # which means no P1, no s2 and no y2. 
+        # and output the result and get the efile.bin
+        # feed back the point in efile.bin as the new p1 because it is on the curve.
+        
+        # There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm.
+        # example of normal command    
+        # ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -cf counterfile.bin -pwdk siga > run.out
+        # checkSuccess $?
+        
+        echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}"
+        ${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out
+        checkSuccess $?
+        
+        # copy efile as new p1 - for hash operation
+        cp efile.bin p1.bin
+       
+        # We have a point on the curve - in efile.bin.  Use E as P1 and feed it back in
+        
+        # All this does is simulate the commit that the FIDO alliance wants to
+        # use in its TPM Join operation.
+        
+        echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}"
+        ${PREFIX}commit -hk 80000001 -pt p1.bin -Ef efile.bin -cf counterfile.bin -pwdk siga ${SESS} > run.out
+        checkSuccess $?
+        
+        cat efile.bin p1.bin tmprpub.bin > hashinput.bin
+
+        echo "Hash the E, P1, and Q to create the ticket to use in signing"
+        ${PREFIX}hash -hi p -halg sha256 -if hashinput.bin -oh outhash.bin -tk tfile.bin > run.out
+        checkSuccess $?
+
+        echo "Check error case bad counter"
+        ${PREFIX}sign -hk 80000001 -pwdk siga -ecdaa -cf counterfileold.bin -if hashinput.bin -os sig.bin -tk tfile.bin  > run.out
+        checkFailure $?
+
+        echo "Sign the hash of the points made from commit"
+        ${PREFIX}sign -hk 80000001 -pwdk siga -salg ecc -scheme ecdaa -cf counterfile.bin -if hashinput.bin -os sig.bin -tk tfile.bin  > run.out
+        checkSuccess $?
+
+        echo "Flush the signing key"
+        ${PREFIX}flushcontext -ha 80000001 > run.out
+        checkSuccess $?
+
+    done
+done
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "ECC zgen2phase"
+echo ""
+
+echo "ECC Parameters for curve nistp256"
+${PREFIX}eccparameters -cv nistp256 > run.out
+checkSuccess $?
+
+# This is just a script for a B "remote" side to create a static key
+# pair and ephemeral for use in demonstrating (on the local side) a
+# two-phase operation involving ecephemeral and zgen2phase
+
+echo "Create decryption key for curve nistp256"
+${PREFIX}create -hp 80000000 -pwdp sto -den -ecc nistp256 -opu QsBpub.bin > run.out
+checkSuccess $?
+
+echo "EC Ephemeral for curve nistp256"
+${PREFIX}ecephemeral -ecc nistp256 -oq QeBpt.bin > run.out
+checkSuccess $?
+
+# local side
+
+# scp or cp the QsBpub.bin and QeBpt.bin from the B side over to the
+# A side. This assumes QsBpub is a TPM2B_PUBLIC from a create command
+# on B side.  QeBpt is already in TPM2B_ECC_POINT form since it was
+# created by ecephemeral on B side QsBpub.bin is presumed in a form
+# produced by a create commamnd using another TPM
+
+echo "Create decryption key for curve nistp256"
+${PREFIX}create -hp 80000000 -pwdp sto -den -ecc nistp256 -opr QsApriv.bin -opu QsApub.bin > run.out
+checkSuccess $?
+
+echo "Load the decryption key under the primary key, 80000001"
+${PREFIX}load -hp 80000000 -ipr QsApriv.bin -ipu QsApub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "EC Ephemeral for curve nistp256"
+${PREFIX}ecephemeral -ecc nistp256 -oq QeApt.bin -cf counter.bin  > run.out
+checkSuccess $?
+
+echo "Convert public raw to TPM2B_ECC_POINT"
+${PREFIX}tpmpublic2eccpoint -ipu QsBpub.bin -pt QsBpt.bin > run.out
+checkSuccess $?
+
+echo "Execute zgen2phase for curve ${CURVE}"
+${PREFIX}zgen2phase -hk 80000001 -scheme ecdh -qsb QsBpt.bin -qeb QeBpt.bin -cf counter.bin > run.out
+checkSuccess $?
+
+echo "Flush the key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+rm -rf efile.bin
+rm -rf tmprpub.bin
+rm -rf tmprpriv.bin
+rm -rf counterfile.bin
+rm -rf counterfileold.bin
+rm -rf p1.bin
+rm -rf hashinput.bin
+rm -rf outhash.bin
+rm -rf sig.bin
+rm -rf tfile.bin
+
+rm -rf QsBpub.bin
+rm -rf QeBpt.bin
+rm -rf QsApriv.bin
+rm -rf QsApub.bin
+rm -rf QeApt.bin
+rm -rf counter.bin
+rm -rf QsBpt.bin
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
diff --git a/utils/regtests/testencsession.bat b/utils/regtests/testencsession.bat
new file mode 100644
index 000000000..80ae49d24
--- /dev/null
+++ b/utils/regtests/testencsession.bat
@@ -0,0 +1,483 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+set TWOAUTH0=01 01 01 01 21 21 41 41 61
+set TWOAUTH1=01 21 41 61 01 41 01 21 01
+
+set THREEAUTH0=01 01 01 01 01 21 41
+set THREEAUTH1=01 01 01 21 41 01 01
+set THREEAUTH2=21 41 61 41 21 41 21
+
+echo ""
+echo "Parameter Encryption"
+echo ""
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%M in (xor aes) do (
+
+    for %%N in (xor aes) do (
+
+	for %%P in (xor aes) do (
+
+
+	    echo "Start an HMAC auth session with %%M encryption"
+	    %TPM_EXE_PATH%startauthsession -se h -sym %%M > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Start an HMAC auth session with %%N encryption"
+	    %TPM_EXE_PATH%startauthsession -se h -sym %%N > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Start an HMAC auth session with %%P encryption"
+	    %TPM_EXE_PATH%startauthsession -se h -sym %%P > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    REM one auth
+
+	    for %%A in (21 41 61) do (
+
+		echo "Signing Key Self Certify, one auth %%A"
+		%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^
+		    -se0 02000000 %%A > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		   exit /B 1
+		)
+
+	    )
+
+	    REM two auth
+
+	    set i=0
+	    for %%a in (!TWOAUTH0!) do set /A i+=1 & set TWOAUTH0[!i!]=%%a
+	    set i=0
+	    for %%b in (!TWOAUTH1!) do set /A i+=1 & set TWOAUTH1[!i!]=%%b
+	    set L=!i!
+
+	    for /L %%i in (1,1,!L!) do (
+
+ 		echo "Signing Key Self Certify, two auth !TWOAUTH0[%%i]! !TWOAUTH1[%%i]!"
+		%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^
+		    -se0 02000000 !TWOAUTH0[%%i]! -se1 02000001 !TWOAUTH1[%%i]!  > run.out
+		IF !ERRORLEVEL! NEQ 0 (
+		   exit /B 1
+		)
+
+ 	    )
+
+	    REM three auth, first 01
+
+	    set i=0
+	    for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a
+	    set i=0
+	    for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b
+	    set i=0
+	    for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c
+	    set L=!i!
+
+	    for /L %%i in (1,1,!L!) do (
+
+		echo "Signing Key Self Certify, three auth !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!"
+		%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^
+		    -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out
+	        IF !ERRORLEVEL! NEQ 0 (
+	   	   exit /B 1
+	   	)
+	    )
+
+	    echo "Flush the sessions"
+	    %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Flush the sessions"
+	    %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	    echo "Flush the sessions"
+	    %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+
+	)
+    )
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key, policy command code certify"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policycccertify.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Salt encrypt and decrypt HMAC sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an auth session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an auth session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an encrypt session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+set i=0
+for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a
+set i=0
+for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b
+set i=0
+for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!"
+    %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^
+        -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Bind encrypt and decrypt HMAC sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an auth session"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an auth session"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an encrypt session"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+set i=0
+for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a
+set i=0
+for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b
+set i=0
+for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!"
+    %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^
+        -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+
+REM # policycccertify.txt 0000016c00000148
+REM # policymaker -if policies/policycccertify.txt -of policies/policycccertify.bin -v -pr 
+REM # 04 8e 9a 3a ce 08 58 3f 79 f3 44 ff 78 5b be a9 
+REM # f0 7a c7 fa 33 25 b3 d4 9a 21 dd 51 94 c6 58 50 
+
+echo ""
+echo "Salt encrypt and decrypt policy sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an auth session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an encrypt session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+set i=0
+for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a
+set i=0
+for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b
+set i=0
+for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    echo "Policy restart"
+    %TPM_EXE_PATH%policyrestart -ha 03000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Policy command code - certify"
+    %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 148 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!"
+    %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk sig -qd policies/aaa -os sig.bin -oa tmp.bin ^
+        -se0 02000000 !THREEAUTH0[%%i]! -se1 03000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions "
+%TPM_EXE_PATH%flushcontext -ha 03000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions "
+%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Bind encrypt and decrypt policy sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an auth session"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an encrypt session"
+%TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+set i=0
+for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a
+set i=0
+for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b
+set i=0
+for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    echo "Policy restart"
+    %TPM_EXE_PATH%policyrestart -ha 03000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Policy command code - certify"
+    %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 148 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!"
+    %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk xxx -qd policies/aaa -os sig.bin -oa tmp.bin ^
+        -se0 02000000 !THREEAUTH0[%%i]! -se1 03000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo "Flush the sessions"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions "
+%TPM_EXE_PATH%flushcontext -ha 03000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sessions "
+%TPM_EXE_PATH%flushcontext -ha 02000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testencsession.sh b/utils/regtests/testencsession.sh
new file mode 100755
index 000000000..88e40cc81
--- /dev/null
+++ b/utils/regtests/testencsession.sh
@@ -0,0 +1,340 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+TWOAUTH0=(01 01 01 01 21 21 41 41 61)
+TWOAUTH1=(01 21 41 61 01 41 01 21 01)
+
+THREEAUTH0=(01 01 01 01 01 21 41)
+THREEAUTH1=(01 01 01 21 41 01 01)
+THREEAUTH2=(21 41 61 41 21 41 21)
+
+echo ""
+echo "Parameter Encryption - Basic"
+echo ""
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+for MODE0 in xor aes
+do 
+
+    for MODE1 in xor aes
+    do
+
+	for MODE2 in xor aes
+	do
+
+	    echo "Start an HMAC auth session with $MODE0 encryption"
+	    ${PREFIX}startauthsession -se h -sym $MODE0 > run.out
+	    checkSuccess $?
+
+	    echo "Start an HMAC auth session with $MODE1 encryption"
+	    ${PREFIX}startauthsession -se h -sym $MODE1 > run.out
+	    checkSuccess $?
+
+	    echo "Start an HMAC auth session with $MODE2 encryption"
+	    ${PREFIX}startauthsession -se h -sym $MODE2 > run.out
+	    checkSuccess $?
+
+	    # one auth
+
+	    for AUTH0 in 21 41 61
+	    do
+
+		echo "Signing Key Self Certify, one auth $AUTH0"
+		${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 $AUTH0 > run.out
+		checkSuccess $?
+
+	    done
+
+	    # two auth
+		
+	    for ((i = 0 ; i < 9; i++))
+	    do
+
+		echo "Signing Key Self Certify, two auth ${TWOAUTH0[i]} ${TWOAUTH1[i]}"
+		${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${TWOAUTH0[i]} -se1 02000001 ${TWOAUTH1[i]} > run.out
+		checkSuccess $?
+
+	    done
+
+	    # three auth
+
+	    for ((i = 0 ; i < 7; i++))
+	    do
+
+		echo "Signing Key Self Certify, three auth ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}"
+		${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out
+		checkSuccess $?
+
+	    done
+
+	    echo "Flush the sessions"
+	    ${PREFIX}flushcontext -ha 02000000 > run.out
+	    checkSuccess $?
+
+	    echo "Flush the sessions"
+	    ${PREFIX}flushcontext -ha 02000001 > run.out
+	    checkSuccess $?
+
+	    echo "Flush the sessions"
+	    ${PREFIX}flushcontext -ha 02000002 > run.out
+	    checkSuccess $?
+	done
+    done
+done
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Create a signing key, policy command code certify"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policycccertify.bin > run.out
+checkSuccess $?
+
+echo ""
+echo "Salt encrypt and decrypt HMAC sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an auth session"
+${PREFIX}startauthsession -se h -hs 80000000 > run.out
+checkSuccess $?
+
+echo "Start an auth session"
+${PREFIX}startauthsession -se h -hs 80000000 > run.out
+checkSuccess $?
+
+echo "Start an encrypt session"
+${PREFIX}startauthsession -se h -hs 80000000 > run.out
+checkSuccess $?
+
+for ((i = 0 ; i < 7 ; i++))
+do
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}"
+    ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000001 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000002 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Bind encrypt and decrypt HMAC sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an auth session"
+${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+echo "Start an auth session"
+${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+echo "Start an encrypt session"
+${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+for ((i = 0 ; i < 7 ; i++))
+do
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}"
+    ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000001 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000002 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+
+# policycccertify.txt 0000016c00000148
+# policymaker -if policies/policycccertify.txt -of policies/policycccertify.bin -v -pr 
+# 04 8e 9a 3a ce 08 58 3f 79 f3 44 ff 78 5b be a9 
+# f0 7a c7 fa 33 25 b3 d4 9a 21 dd 51 94 c6 58 50 
+
+echo ""
+echo "Salt encrypt and decrypt policy sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an auth session"
+${PREFIX}startauthsession -se h -hs 80000000 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -hs 80000000 > run.out
+checkSuccess $?
+
+echo "Start an encrypt session"
+${PREFIX}startauthsession -se h -hs 80000000 > run.out
+checkSuccess $?
+
+for ((i = 0 ; i < 7 ; i++))
+do
+
+    echo "Policy restart"
+    ${PREFIX}policyrestart -ha 03000001 > run.out
+    checkSuccess $?
+
+    echo "Policy command code - certify"
+    ${PREFIX}policycommandcode -ha 03000001 -cc 148 > run.out
+    checkSuccess $?
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}"
+    ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk sig -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 03000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 03000001 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000002 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Bind encrypt and decrypt policy sessions"
+echo ""
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an auth session"
+${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+echo "Start an encrypt session"
+${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out
+checkSuccess $?
+
+for ((i = 0 ; i < 7 ; i++))
+do
+
+    echo "Policy restart"
+    ${PREFIX}policyrestart -ha 03000001 > run.out
+    checkSuccess $?
+
+    echo "Policy command code - certify"
+    ${PREFIX}policycommandcode -ha 03000001 -cc 148 > run.out
+    checkSuccess $?
+
+    echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}"
+    ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk xxx -qd policies/aaa -os sig.bin -oa tmp.bin -se0 02000000 ${THREEAUTH0[i]} -se1 03000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 03000001 > run.out
+checkSuccess $?
+
+echo "Flush the sessions"
+${PREFIX}flushcontext -ha 02000002 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testevict.bat b/utils/regtests/testevict.bat
new file mode 100644
index 000000000..d81a61598
--- /dev/null
+++ b/utils/regtests/testevict.bat
@@ -0,0 +1,125 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testevict.bat 1278 2018-07-23 21:20:42Z kgoldman $		#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Evict Control"
+echo ""
+
+echo "Create an unrestricted signing key"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Make the signing key persistent"
+%TPM_EXE_PATH%evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with the transient key"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with the persistent key"
+%TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the transient key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the persistent key - should fail"
+%TPM_EXE_PATH%flushcontext -ha 81800000 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with the transient key- should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with the persistent key"
+%TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the persistent key"
+%TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with the persistent key - should fail"
+%TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with the transient key - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! EQU 0 (
+   echo TP1 failed
+   exit /B 1
+)
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 81000000
+REM getcapability  -cap 1 -pr 02000000
+REM getcapability  -cap 1 -pr 01000000
diff --git a/utils/regtests/testevict.sh b/utils/regtests/testevict.sh
new file mode 100755
index 000000000..761eaa8c9
--- /dev/null
+++ b/utils/regtests/testevict.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: testevict.sh 1277 2018-07-23 20:30:23Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Evict Control"
+echo ""
+
+echo "Create an unrestricted signing key"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig > run.out
+checkSuccess $?
+
+echo "Load the signing key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Make the signing key persistent"
+${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out
+checkSuccess $?
+
+echo "Sign a digest with the transient key"
+${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Sign a digest with the persistent key"
+${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Flush the transient key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the persistent key - should fail"
+${PREFIX}flushcontext -ha 81800000 > run.out
+checkFailure $?
+
+echo "Sign a digest with the transient key- should fail"
+${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Sign a digest with the persistent key"
+${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Flush the persistent key"
+${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
+checkSuccess $?
+
+echo "Sign a digest with the persistent key - should fail"
+${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Sign a digest with the transient key - should fail"
+${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 81000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
+# ${PREFIX}getcapability  -cap 1 -pr 01000000
diff --git a/utils/regtests/testgetcap.bat b/utils/regtests/testgetcap.bat
new file mode 100644
index 000000000..d454cdab3
--- /dev/null
+++ b/utils/regtests/testgetcap.bat
@@ -0,0 +1,158 @@
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2019                                            #
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+setlocal enableDelayedExpansion
+
+# used for the name in policy authorize
+
+echo ""
+echo "Get Capability"
+echo ""
+
+echo "Get Capability TPM_CAP_ALGS"
+%TPM_EXE_PATH%getcapability -cap 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Get Capability TPM_CAP_HANDLES"
+echo ""
+
+echo "TPM_HT_PCR"
+%TPM_EXE_PATH%getcapability -cap 1 -pr 00000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "TPM_HT_NV_INDEX"
+%TPM_EXE_PATH%getcapability -cap 1 -pr 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "TPM_HT_LOADED_SESSION"
+%TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "TPM_HT_SAVED_SESSION"			  
+%TPM_EXE_PATH%getcapability -cap 1 -pr 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "TPM_HT_PERMANENT"			  
+%TPM_EXE_PATH%getcapability -cap 1 -pr 40000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "TPM_HT_TRANSIENT"			  
+%TPM_EXE_PATH%getcapability -cap 1 -pr 80000000  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "TPM_HT_PERSISTENT"			  
+%TPM_EXE_PATH%getcapability -cap 1 -pr 81000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_COMMANDS"
+%TPM_EXE_PATH%getcapability -cap 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_PP_COMMANDS"
+%TPM_EXE_PATH%getcapability -cap 3 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_AUDIT_COMMANDS"
+%TPM_EXE_PATH%getcapability -cap 4 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get Capability TPM_CAP_PCRS"
+%TPM_EXE_PATH%getcapability -cap 5 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo ""
+echo "Get Capability TPM_CAP_TPM_PROPERTIES"
+echo ""
+
+echo "Get Capability TPM_CAP_TPM_PROPERTIES 100"
+%TPM_EXE_PATH%getcapability -cap 6 -pr 100 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_TPM_PROPERTIES 200"
+%TPM_EXE_PATH%getcapability -cap 6 -pr 200 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_PCR_PROPERTIES "
+%TPM_EXE_PATH%getcapability -cap 7 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_ECC_CURVES"
+%TPM_EXE_PATH%getcapability -cap 8 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+echo "Get Capability TPM_CAP_AUTH_POLICIES"
+%TPM_EXE_PATH%getcapability -cap 9 -pr 40000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+				  
+exit /B 0
diff --git a/utils/regtests/testgetcap.sh b/utils/regtests/testgetcap.sh
new file mode 100755
index 000000000..f8994d51f
--- /dev/null
+++ b/utils/regtests/testgetcap.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2019                                            #
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Get Capability"
+echo ""
+
+echo "Get Capability TPM_CAP_ALGS"
+${PREFIX}getcapability -cap 0 > run.out
+checkSuccess $?
+
+echo ""
+echo "Get Capability TPM_CAP_HANDLES"
+echo ""
+
+echo "TPM_HT_PCR"
+${PREFIX}getcapability -cap 1 -pr 00000000 > run.out
+checkSuccess $?
+
+echo "TPM_HT_NV_INDEX"
+${PREFIX}getcapability -cap 1 -pr 01000000 > run.out
+checkSuccess $?
+
+echo "TPM_HT_LOADED_SESSION"
+${PREFIX}getcapability -cap 1 -pr 02000000 > run.out
+checkSuccess $?			  
+				  
+echo "TPM_HT_SAVED_SESSION"			  
+${PREFIX}getcapability -cap 1 -pr 03000000 > run.out
+checkSuccess $?			  
+				  
+echo "TPM_HT_PERMANENT"			  
+${PREFIX}getcapability -cap 1 -pr 40000000 > run.out
+checkSuccess $?			  
+				  
+echo "TPM_HT_TRANSIENT"			  
+${PREFIX}getcapability -cap 1 -pr 80000000  > run.out
+checkSuccess $?			  
+				  
+echo "TPM_HT_PERSISTENT"			  
+${PREFIX}getcapability -cap 1 -pr 81000000 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_COMMANDS"
+${PREFIX}getcapability -cap 2 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_PP_COMMANDS"
+${PREFIX}getcapability -cap 3 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_AUDIT_COMMANDS"
+${PREFIX}getcapability -cap 4 > run.out
+checkSuccess $?			  
+
+echo "Get Capability TPM_CAP_PCRS"
+${PREFIX}getcapability -cap 5 > run.out
+checkSuccess $?			  
+				  
+echo ""
+echo "Get Capability TPM_CAP_TPM_PROPERTIES"
+echo ""
+
+echo "Get Capability TPM_CAP_TPM_PROPERTIES 100"
+${PREFIX}getcapability -cap 6 -pr 100 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_TPM_PROPERTIES 200"
+${PREFIX}getcapability -cap 6 -pr 200 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_PCR_PROPERTIES "
+${PREFIX}getcapability -cap 7 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_ECC_CURVES"
+${PREFIX}getcapability -cap 8 > run.out
+checkSuccess $?			  
+				  
+echo "Get Capability TPM_CAP_AUTH_POLICIES"
+${PREFIX}getcapability -cap 9 -pr 40000000 > run.out
+checkSuccess $?			  
+				  
+
+
+
diff --git a/utils/regtests/testhierarchy.bat b/utils/regtests/testhierarchy.bat
new file mode 100644
index 000000000..fa3e65566
--- /dev/null
+++ b/utils/regtests/testhierarchy.bat
@@ -0,0 +1,369 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testhierarchy.bat 507 2016-03-08 22:35:47Z kgoldman $	#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Hierarchy Change Auth"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Generate a random authorization value"
+%TPM_EXE_PATH%getrandom -by 32 -nz -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Change platform hierarchy auth %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary storage key - should fail"
+    %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary storage key"
+    %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdp ppp > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the primary key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Change platform hierarchy auth back to null %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary storage key"
+    %TPM_EXE_PATH%createprimary -pwdk 111 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the primary key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo ""
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Change platform hierarchy auth, new auth from file %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdni tmp.bin %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary storage key - should fail"
+    %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary storage key, auth from file"
+    %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdpi tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the primary key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Change platform hierarchy auth back to null, auth from file %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdai tmp.bin %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary storage key"
+    %TPM_EXE_PATH%createprimary -pwdk 111 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the primary key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Hierarchy Change Auth with bind"
+echo ""
+
+echo "Change platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary storage key - should fail"
+%TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Create a primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdp ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the primary key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC auth session, bind to platform hierarchy"
+%TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change platform hierarchy auth back to null"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary storage key"
+%TPM_EXE_PATH%createprimary -pwdk 111 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the primary key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Hierarchy Control"
+echo ""
+
+echo "Enable the owner hierarchy"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he o > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change the platform hierarchy password"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Enable the owner hierarchy - no platform hierarchy password, should fail"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he o > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Enable the owner hierarchy using platform hierarchy password"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary key in the owner hierarchy - bad password, should fail"
+%TPM_EXE_PATH%createprimary -hi o -pwdp xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Create a primary key in the owner hierarchy"
+%TPM_EXE_PATH%createprimary -hi o > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Disable the owner hierarchy using platform hierarchy password"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp -state 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary key in the owner hierarchy, disabled, should fail"
+%TPM_EXE_PATH%createprimary -hi o > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Enable the owner hierarchy using platform hierarchy password"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp -state 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary key in the owner hierarchy"
+%TPM_EXE_PATH%createprimary -hi o > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Remove the platform hierarchy password"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the primary key in the owner hierarchy"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Clear"
+echo ""
+
+echo "Set storage hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi o -pwdn ooo > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a primary key - storage hierarchy"
+%TPM_EXE_PATH%createprimary -hi o -pwdp ooo > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read the public part"
+%TPM_EXE_PATH%readpublic -ho 80000001  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "ClearControl disable"
+%TPM_EXE_PATH%clearcontrol -hi p -state 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear - should fail"
+%TPM_EXE_PATH%clear -hi p > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "ClearControl enable"
+%TPM_EXE_PATH%clearcontrol -hi p -state 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear"
+%TPM_EXE_PATH%clear -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read the public part - should fail"
+%TPM_EXE_PATH%readpublic -ho 80000001  > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Create a primary key - old owner password should fail"
+%TPM_EXE_PATH%createprimary -hi o -pwdp ooo > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Create a primary key"
+%TPM_EXE_PATH%createprimary -hi o > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the primary key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM cleanup
+rm -f tmp.bin
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testhierarchy.sh b/utils/regtests/testhierarchy.sh
new file mode 100755
index 000000000..a3b170662
--- /dev/null
+++ b/utils/regtests/testhierarchy.sh
@@ -0,0 +1,244 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: testhierarchy.sh 990 2017-04-19 13:31:24Z kgoldman $	#
+#										#
+# (c) Copyright IBM Corporation 2015, 2016					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Hierarchy Change Auth"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Generate a random authorization value"
+${PREFIX}getrandom -by 32 -nz -of tmp.bin > run.out
+checkSuccess $?
+
+AUTH=("" "-pwda ppp " "" "-pwdai tmp.bin ")
+NEWAUTH=("-pwdn ppp " "" "-pwdni tmp.bin " "")
+CPAUTH=("-pwdp ppp " "" "-pwdpi tmp.bin " "")
+
+for ((i = 0 ; i < 4 ; i+=2))
+do 
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Change platform hierarchy auth ${AUTH[i]} ${NEWAUTH[i]} ${SESS}"
+	${PREFIX}hierarchychangeauth -hi p ${AUTH[i]} ${NEWAUTH[i]} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Create a primary storage key - should fail"
+	${PREFIX}createprimary -hi p -pwdk 111 > run.out
+	checkFailure $?
+
+	echo "Create a primary storage key ${CPAUTH[i]}"
+	${PREFIX}createprimary -hi p -pwdk 111 ${CPAUTH[i]} > run.out
+	checkSuccess $?
+
+	echo "Flush the primary key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+	echo "Change platform hierarchy auth back to null ${AUTH[i+1]} ${NEWAUTH[i+1]} ${SESS}"
+	${PREFIX}hierarchychangeauth -hi p ${AUTH[i+1]} ${NEWAUTH[i+1]} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Create a primary storage key"
+	${PREFIX}createprimary -pwdk 111 > run.out
+	checkSuccess $?
+
+	echo "Flush the primary key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Hierarchy Change Auth with bind"
+echo ""
+
+echo "Change platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Create a primary storage key - should fail"
+${PREFIX}createprimary -hi p -pwdk 111 > run.out
+checkFailure $?
+
+echo "Create a primary storage key"
+${PREFIX}createprimary -hi p -pwdk 111 -pwdp ppp > run.out
+checkSuccess $?
+
+echo "Flush the primary key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Start an HMAC auth session, bind to platform hierarchy"
+${PREFIX}startauthsession -se h -bi 4000000c -pwdb ppp > run.out
+checkSuccess $?
+
+echo "Change platform hierarchy auth back to null"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Create a primary storage key"
+${PREFIX}createprimary -pwdk 111 > run.out
+checkSuccess $?
+
+echo "Flush the primary key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Hierarchy Control"
+echo ""
+
+echo "Enable the owner hierarchy"
+${PREFIX}hierarchycontrol -hi p -he o > run.out
+checkSuccess $?
+
+echo "Change the platform hierarchy password"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Enable the owner hierarchy - no platform hierarchy password, should fail"
+${PREFIX}hierarchycontrol -hi p -he o > run.out
+checkFailure $?
+
+echo "Enable the owner hierarchy using platform hierarchy password"
+${PREFIX}hierarchycontrol -hi p -he o -pwda ppp > run.out
+checkSuccess $?
+
+echo "Create a primary key in the owner hierarchy - bad password, should fail"
+${PREFIX}createprimary -hi o -pwdp xxx > run.out
+checkFailure $?
+
+echo "Create a primary key in the owner hierarchy"
+${PREFIX}createprimary -hi o > run.out
+checkSuccess $?
+
+echo "Disable the owner hierarchy using platform hierarchy password"
+${PREFIX}hierarchycontrol -hi p -he o -pwda ppp -state 0 > run.out
+checkSuccess $?
+
+echo "Create a primary key in the owner hierarchy, disabled, should fail"
+${PREFIX}createprimary -hi o > run.out
+checkFailure $?
+
+echo "Enable the owner hierarchy using platform hierarchy password"
+${PREFIX}hierarchycontrol -hi p -he o -pwda ppp -state 1 > run.out
+checkSuccess $?
+
+echo "Create a primary key in the owner hierarchy"
+${PREFIX}createprimary -hi o > run.out
+checkSuccess $?
+
+echo "Remove the platform hierarchy password"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out
+checkSuccess $?
+
+echo "Flush the primary key in the owner hierarchy"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Clear"
+echo ""
+
+echo "Set storage hierarchy auth"
+${PREFIX}hierarchychangeauth -hi o -pwdn ooo > run.out
+checkSuccess $?
+
+echo "Create a primary key - storage hierarchy"
+${PREFIX}createprimary -hi o -pwdp ooo > run.out
+checkSuccess $?
+
+echo "Read the public part"
+${PREFIX}readpublic -ho 80000001 > run.out
+checkSuccess $?
+
+echo "ClearControl disable"
+${PREFIX}clearcontrol -hi p -state 1 > run.out
+checkSuccess $?
+
+echo "Clear - should fail"
+${PREFIX}clear -hi p > run.out
+checkFailure $?
+
+echo "ClearControl enable"
+${PREFIX}clearcontrol -hi p -state 0 > run.out
+checkSuccess $?
+
+echo "Clear"
+${PREFIX}clear -hi p > run.out
+checkSuccess $?
+
+echo "Read the public part - should fail"
+${PREFIX}readpublic -ho 80000001 > run.out
+checkFailure $?
+
+echo "Create a primary key - old owner password should fail"
+${PREFIX}createprimary -hi o -pwdp ooo > run.out
+checkFailure $?
+
+echo "Create a primary key"
+${PREFIX}createprimary -hi o > run.out
+checkSuccess $?
+
+echo "Flush the primary key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+
+# cleanup
+rm -f tmp.bin
diff --git a/utils/regtests/testhmac.bat b/utils/regtests/testhmac.bat
new file mode 100644
index 000000000..8411a93e6
--- /dev/null
+++ b/utils/regtests/testhmac.bat
@@ -0,0 +1,331 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2018 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Keyed hash HMAC key"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM session 02000000
+REM loaded HMAC key 80000001
+REM primary HMAC key 80000001
+REM sequence object 80000002
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+    	echo "Load the %%H keyed hash key under the primary key"
+    	%TPM_EXE_PATH%load -hp 80000000 -ipr khpriv%%H.bin -ipu khpub%%H.bin -pwdp sto > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+    	)
+
+	echo "HMAC %%H using the keyed hash key, message from file %%~S"
+	%TPM_EXE_PATH%hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khk -halg %%H %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H start using the keyed hash key %%~S"
+	%TPM_EXE_PATH%hmacstart -hk 80000001 -pwdk khk -pwda aaa %%~S -halg %%H > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H sequence update %%~S"
+	%TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H sequence complete %%~S"
+	%TPM_EXE_PATH%sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the HMAC %%H using the two methods"
+	diff sig.bin tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H using the keyed hash key, message from command line %%~S"
+	%TPM_EXE_PATH%hmac -hk 80000001 -ic 1234567890123456 -os sig.bin -pwdk khk -halg %%H %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the HMAC %%H using the two methods"
+	diff sig.bin tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Flush the %%H HMAC key"
+	%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Create primary HMAC key - %%H"
+	%TPM_EXE_PATH%createprimary -kh -halg %%H -pwdk khp > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H using the keyed hash primary key %%~S"
+	%TPM_EXE_PATH%hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khp -halg %%H %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H start using the keyed hash primary key %%~S"
+	%TPM_EXE_PATH%hmacstart -hk 80000001 -pwdk khp -pwda aaa %%~S -halg %%H > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H sequence update %%~S"
+	%TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "HMAC %%H sequence complete %%~S"
+	%TPM_EXE_PATH%sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the HMAC %%H using the two methods"
+	diff sig.bin tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Flush the %%H primary HMAC key"
+	%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+    )
+)
+
+echo ""
+echo "Hash"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+	echo "Hash %%H in one call, data from file"
+	%TPM_EXE_PATH%hash -hi p -halg %%H -if policies/aaa -oh tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the hash %%H"
+	diff tmp.bin policies/%%Haaa.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Hash %%H in one cal, data on command linel"
+	%TPM_EXE_PATH%hash -hi p -halg %%H -ic aaa -oh tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the hash %%H"
+	diff tmp.bin policies/%%Haaa.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Hash %%H sequence start"
+	%TPM_EXE_PATH%hashsequencestart -halg %%H -pwda aaa > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Hash %%H sequence update %%~S"
+	%TPM_EXE_PATH%sequenceupdate -hs 80000001 -pwds aaa -if policies/aaa %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Hash %%H sequence complete %%~S"
+	%TPM_EXE_PATH%sequencecomplete -hi p -hs 80000001 -pwds aaa -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the %%H hash"
+	diff tmp.bin policies/%%Haaa.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+    )
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM getcapability -cap 1 -pr 80000000
+REM getcapability -cap 1 -pr 02000000
+
+echo ""
+echo "Sign with ticket"
+echo ""
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsarpriv.bin -ipu signrsarpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash and create ticket"
+%TPM_EXE_PATH%hash -hi p -halg sha256 -if msg.bin -oh sig.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with a restricted signing key and no ticket - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig  > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with a restricted signing key and ticket"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash and create null ticket, msg with TPM_GENERATED"
+%TPM_EXE_PATH%hash -hi p -halg sha256 -if policies/msgtpmgen.bin -oh sig.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with a restricted signing key and ticket - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig  > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Hash sequence start"
+%TPM_EXE_PATH%hashsequencestart -halg sha256 -pwda aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash sequence update "
+%TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash sequence complete"
+%TPM_EXE_PATH%sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with a restricted signing key and no ticket - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg  sha256 -if msg.bin -os sig.bin -pwdk sig  > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with a restricted signing key and ticket"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash sequence start"
+%TPM_EXE_PATH%hashsequencestart -halg sha256 -pwda aaa -halg sha256 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash sequence update, msg with TPM_GENERATED"
+%TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if policies/msgtpmgen.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Hash sequence complete"
+%TPM_EXE_PATH%sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest with a restricted signing key and ticket - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig  > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+exit /B 0
+
+REM getcapability -cap 1 -pr 80000000
+REM getcapability -cap 1 -pr 02000000
+
diff --git a/utils/regtests/testhmac.sh b/utils/regtests/testhmac.sh
new file mode 100755
index 000000000..4e80fbb6a
--- /dev/null
+++ b/utils/regtests/testhmac.sh
@@ -0,0 +1,254 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Keyed hash HMAC key"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+# session 02000000
+# loaded HMAC key 80000001
+# primary HMAC key 80000001
+# sequence object 80000002
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Load the ${HALG} keyed hash key under the primary key"
+	${PREFIX}load -hp 80000000 -ipr khpriv${HALG}.bin -ipu khpub${HALG}.bin -pwdp sto > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} using the keyed hash key, message from file ${SESS}"
+	${PREFIX}hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khk -halg ${HALG} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} start using the keyed hash key ${SESS}"
+	${PREFIX}hmacstart -hk 80000001 -pwdk khk -pwda aaa ${SESS} -halg ${HALG} > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} sequence update ${SESS}"
+	${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} sequence complete ${SESS}"
+	${PREFIX}sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Verify the HMAC ${HALG} using the two methods"
+	diff sig.bin tmp.bin > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} using the keyed hash key, message from command line ${SESS}"
+	${PREFIX}hmac -hk 80000001 -ic 1234567890123456 -os sig.bin -pwdk khk -halg ${HALG} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Verify the HMAC ${HALG} using the two methods"
+	diff sig.bin tmp.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the ${HALG} HMAC key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+	echo "Create primary HMAC key - $HALG"
+	${PREFIX}createprimary -kh -halg ${HALG} -pwdk khp > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} using the keyed hash primary key ${SESS}"
+	${PREFIX}hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khp -halg ${HALG} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} start using the keyed hash primary key ${SESS}"
+	${PREFIX}hmacstart -hk 80000001 -pwdk khp -pwda aaa ${SESS} -halg ${HALG} > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} sequence update ${SESS}"
+	${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "HMAC ${HALG} sequence complete ${SESS}"
+	${PREFIX}sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Verify the HMAC ${HALG} using the two methods"
+	diff sig.bin tmp.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the ${HALG} primary HMAC key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo ""
+echo "Hash"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Hash ${HALG} in one call, data from file"
+	${PREFIX}hash -hi p -halg ${HALG} -if policies/aaa -oh tmp.bin > run.out
+	checkSuccess $?
+
+	echo "Verify the hash ${HALG}"
+	diff tmp.bin policies/${HALG}aaa.bin > run.out
+	checkSuccess $?
+
+	echo "Hash ${HALG} in one call, data on command line"
+	${PREFIX}hash -hi p -halg ${HALG} -ic aaa -oh tmp.bin > run.out
+	checkSuccess $?
+
+	echo "Verify the hash ${HALG}"
+	diff tmp.bin policies/${HALG}aaa.bin > run.out
+	checkSuccess $?
+
+	echo "Hash ${HALG} sequence start"
+	${PREFIX}hashsequencestart -halg ${HALG} -pwda aaa > run.out
+	checkSuccess $?
+
+	echo "Hash ${HALG} sequence update ${SESS}"
+	${PREFIX}sequenceupdate -hs 80000001 -pwds aaa -if policies/aaa ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Hash ${HALG} sequence complete ${SESS}"
+	${PREFIX}sequencecomplete -hi p -hs 80000001 -pwds aaa -of tmp.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Verify the ${HALG} hash"
+	diff tmp.bin policies/${HALG}aaa.bin > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
+
+echo ""
+echo "Sign with ticket"
+echo ""
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsarpriv.bin -ipu signrsarpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Hash and create ticket"
+${PREFIX}hash -hi p -halg sha256 -if msg.bin -oh sig.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest with a restricted signing key and no ticket - should fail"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Sign a digest with a restricted signing key and ticket"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Hash and create null ticket, msg with TPM_GENERATED"
+${PREFIX}hash -hi p -halg sha256 -if policies/msgtpmgen.bin -oh sig.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest with a restricted signing key and ticket - should fail"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Hash sequence start"
+${PREFIX}hashsequencestart -halg sha256 -pwda aaa > run.out
+checkSuccess $?
+
+echo "Hash sequence update "
+${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin > run.out
+checkSuccess $?
+
+echo "Hash sequence complete"
+${PREFIX}sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest with a restricted signing key and no ticket - should fail"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Sign a digest with a restricted signing key and ticket"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Hash sequence start"
+${PREFIX}hashsequencestart -halg sha256 -pwda aaa -halg sha256 > run.out
+checkSuccess $?
+
+echo "Hash sequence update, msg with TPM_GENERATED"
+${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if policies/msgtpmgen.bin > run.out
+checkSuccess $?
+
+echo "Hash sequence complete"
+${PREFIX}sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest with a restricted signing key and ticket - should fail"
+${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out
+checkFailure $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+rm -f tmp.bin
+rm -f tmp1.bin
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
+
diff --git a/utils/regtests/testhmacsession.bat b/utils/regtests/testhmacsession.bat
new file mode 100644
index 000000000..01bcc9c60
--- /dev/null
+++ b/utils/regtests/testhmacsession.bat
@@ -0,0 +1,111 @@
+REM #############################################################################
+REM										#
+REM			TPM2 regression test					#
+REM			     Written by Ken Goldman				#
+REM		       IBM Thomas J. Watson Research Center			#
+REM		$Id: testhmacsession.bat 1278 2018-07-23 21:20:42Z kgoldman $	#
+REM										#
+REM (c) Copyright IBM Corporation 2015, 2017					#
+REM 										#
+REM All rights reserved.							#
+REM 										#
+REM Redistribution and use in source and binary forms, with or without		#
+REM modification, are permitted provided that the following conditions are	#
+REM met:									#
+REM 										#
+REM Redistributions of source code must retain the above copyright notice,	#
+REM this list of conditions and the following disclaimer.			#
+REM 										#
+REM Redistributions in binary form must reproduce the above copyright		#
+REM notice, this list of conditions and the following disclaimer in the		#
+REM documentation and/or other materials provided with the distribution.	#
+REM 										#
+REM Neither the names of the IBM Corporation nor the names of its		#
+REM contributors may be used to endorse or promote products derived from	#
+REM this software without specific prior written permission.			#
+REM 										#
+REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "HMAC Session"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a storage key under the primary key - continue true"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a storage key under the primary key - continue false"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Create a storage key under the primary key - should fail"
+%TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo ""
+echo "User with Auth Clear"
+echo ""
+
+echo "Create a signing key under the primary key"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -uwa -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Sign a digest - should fail with HMAC session"
+%TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -se0 02000000 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Flush the session, not flushed on failure"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+exit /B 0
\ No newline at end of file
diff --git a/utils/regtests/testhmacsession.sh b/utils/regtests/testhmacsession.sh
new file mode 100755
index 000000000..377158909
--- /dev/null
+++ b/utils/regtests/testhmacsession.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: testhmacsession.sh 1277 2018-07-23 20:30:23Z kgoldman $	#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "HMAC Session"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key - continue true"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 1 > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key - continue false"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key - should fail"
+${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp sto -pwdk sto -se0 02000000 0 > run.out
+checkFailure $?
+
+echo ""
+echo "User with Auth Clear"
+echo ""
+
+echo "Create a signing key under the primary key"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -uwa -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Sign a digest - should fail with HMAC session"
+${PREFIX}sign -hk 80000001 -if policies/aaa -se0 02000000 0 > run.out
+checkFailure $?
+
+echo "Flush the session, not flushed on failure"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
diff --git a/utils/regtests/testnv.bat b/utils/regtests/testnv.bat
new file mode 100644
index 000000000..f272214db
--- /dev/null
+++ b/utils/regtests/testnv.bat
@@ -0,0 +1,963 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testnv.bat 1301 2018-08-15 21:46:19Z kgoldman $		#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2018					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "NV"
+echo ""
+
+echo ""
+echo "NV Ordinary Index"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+set NALG=%ITERATE_ALGS%
+set BADNALG=%BAD_ITERATE_ALGS%
+
+set i=0
+for %%N in (!NALG!) do set /A i+=1 & set NALG[!i!]=%%N
+set i=0
+for %%B in (!BADNALG!) do set /A i+=1 & set BADNALG[!i!]=%%B
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+	echo "NV Define Space !NALG[%%i]!"
+	%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -nalg !NALG[%%i]! > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "NV Read Public, unwritten Name  bad Name algorithm !BADNALG[%%i]! - should fail"
+	%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg !BADNALG[%%i]! > run.out
+    	IF !ERRORLEVEL! EQU 0 (
+       	  exit /B 1
+    	)
+
+	echo "NV read - should fail before write %%~S"
+	%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+	IF !ERRORLEVEL! EQU 0 (
+	  exit /B 1
+	)
+
+	echo "NV write %%~S"
+	%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "NV read %%~S"
+	%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "Verify the read data"
+	diff policies/aaa tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+	echo "NV read, invalid offset - should fail %%~S"
+	%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 -off 1 -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! EQU 0 (
+	   exit /B 1
+	)
+
+	echo "NV read, invalid size - should fail %%~S"
+	%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 17 -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! EQU 0 (
+	   exit /B 1
+	)
+
+	echo "NV Undefine Space"
+	%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+
+    )
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space again should fail"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+    
+echo "NV Define Space out of range - should fail"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 02000000 -pwdn nnn  -sz 16 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV Set Bits Index"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "NV Define Space"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty b > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read - should fail before write %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16  %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Set bits 0, 16, 32, 48 %%~S" 
+    %TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn -bit 0 -bit 16 -bit 32 -bit 48 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Read the set bits %%~S" 
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the read data"
+    diff policies/bits48321601.bin tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine Space"
+    %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV Counter Index"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "NV Define Space"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty c > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read Public, unwritten Name"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Read the count - should fail before write %%~S" 
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin  %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Increment the count %%~S" 
+    %TPM_EXE_PATH%nvincrement -ha 01000000 -pwdn nnn  %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Read the count %%~S" 
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin  %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+REM FIXME need some way to verify the count
+
+    echo "NV Undefine Space"
+    %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV Extend Index"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    set SZ=20 32 48 64
+    set HALG=%ITERATE_ALGS%
+
+    set i=0
+    for %%a in (!SZ!) do set /A i+=1 & set SZ[!i!]=%%a
+    set i=0
+    for %%b in (!HALG!) do set /A i+=1 & set HALG[!i!]=%%b
+    set L=!i!
+
+    for /L %%i in (1,1,!L!) do (
+
+	echo "NV Define Space !HALG[%%i]!"
+	%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty e -nalg !HALG[%%i]! > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	   exit /B 1
+	)
+
+	echo "NV Read Public !HALG[%%i]!"
+	%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg !HALG[%%i]! > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	   exit /B 1
+	)
+
+	echo "NV read, unwritten Name - should fail before write %%~S"
+	%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 32 -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! EQU 0 (
+   	   exit /B 1
+	)
+
+	echo "NV extend %%~S"
+	%TPM_EXE_PATH%nvextend -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	   exit /B 1
+	)
+
+	echo "NV read size !SZ[%%i]!} %%~S"
+	%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz !SZ[%%i]! -of tmp.bin %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	   exit /B 1
+	)
+
+	echo "Verify the read data !HALG[%%i]!"
+	diff policies/!HALG[%%i]!extaaa.bin tmp.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	   exit /B 1
+	)
+
+	echo "NV Undefine Space"
+	%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	   exit /B 1
+	)
+
+    )
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+REM getcapability  -cap 1 -pr 01000000
+
+echo ""
+echo "NV Owner auth"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Set owner auth %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi o -pwdn ooo %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Define an NV index with owner auth %%~S"
+    %TPM_EXE_PATH%nvdefinespace -hi o -hia o -ha 01000000 -pwdp ooo %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read public, get Name, not written"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write with NV password %%~S - should fail"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn  %%~S> run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV write with owner password %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -hia o -pwdn ooo  %%~S> run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read with NV password %%~S - should fail"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV read with owner password %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -hia o -pwdn ooo %%~S > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine authorizing index %%~S"
+    %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 -pwdp ooo %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Clear owner auth %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi o -pwda ooo %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+REM getcapability  -cap 1 -pr 01000000
+
+echo ""
+echo "NV Platform auth"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Set platform auth %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp  %%~S> run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Define an NV index with platform auth %%~S"
+    %TPM_EXE_PATH%nvdefinespace -hi p -hia p -ha 01000000 -pwdp ppp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read public, get Name, not written"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write with NV password %%~S - should fail"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV write with platform password %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -pwdn ppp %%~S > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read with NV password %%~S - should fail"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV write with platform password %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -hia p -pwdn ppp %%~S > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine authorizing index %%~S"
+    %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 -pwdp ppp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Clear platform auth %%~S"
+    %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Write Lock"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "NV Define Space with write define"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at wd > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read Public, unwritten Name"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Write lock %%~S"
+    %TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn %%~S > run.out  
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S - should fail"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine Space"
+    %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Read Lock"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "NV Define Space with read stclear"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read Public, unwritten Name"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+     echo "Read lock %%~S"
+    %TPM_EXE_PATH%nvreadlock -ha 01000000 -pwdn nnn %%~S > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S - should fail"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine Space"
+    %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Global Lock"
+echo ""
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "NV Define Space 01000000 with global lock"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at gl > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Define Space 01000001 with global lock"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at gl > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write 01000000 %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write 01000001 %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV global lock"
+    %TPM_EXE_PATH%nvglobalwritelock -hia p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read Public, 01000000, locked"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read Public, 01000001, locked"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write 01000000 %%~S - should fail"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV write 01000001 %%~S - should fail"
+    %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV read 01000000 %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read 01000001 %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000001 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine Space 01000000"
+    %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine Space 01000001"
+    %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV Change Authorization"
+echo ""
+
+REM policy is policycommandcode + policyauthvalue
+REM aa 83 a5 98 d9 3a 56 c9 ca 6f ea 7c 3f fc 4e 10 
+REM 63 57 ff 6d 93 e1 1a 9b 4a c2 b6 aa e1 2b a0 de 
+
+echo "NV Define Space with POLICY_DELETE and no policy - should fail"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 +at pold > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "NV Define Space 0100000"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Read Public, unwritten Name"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Start a policy session"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Policy command code"    
+    %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 0000013b > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Policy authvalue"    
+    %TPM_EXE_PATH%policyauthvalue -ha 03000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Change authorization"
+    %TPM_EXE_PATH%nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S, old auth - should fail"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S, old auth - should fail"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "NV write %%~S"
+    %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn xxx -if policies/aaa %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV read %%~S"
+    %TPM_EXE_PATH%nvread -ha 01000000 -pwdn xxx -sz 3 %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "NV Undefine Space"
+    %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the auth session"
+    %TPM_EXE_PATH%flushcontext -ha 03000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV Change Authorization with bind"
+echo ""
+
+echo "NV Define Space 0100000"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session, bind to NV index"
+%TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code"    
+%TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 0000013b > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy authvalue"    
+%TPM_EXE_PATH%policyauthvalue -ha 03000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Change authorization"
+%TPM_EXE_PATH%nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 03000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV Undefine space special"
+echo ""
+
+REM policy is policy command code + policy password
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%P in (policyauthvalue policypassword) do (
+
+    echo "NV Define Space 0100000"
+    %TPM_EXE_PATH%nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 +at pold -pol policies/policyccundefinespacespecial-auth.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Undefine space special - should fail"
+    %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -pwdn nnn > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Undefine space special - should fail"
+    %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Policy command code, NV undefine space special"
+    %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 11f > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Undefine space special - should fail"
+    %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "Policy %%P"
+    %TPM_EXE_PATH%%%P -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Undefine space special"
+    %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+REM getcapability  -cap 1 -pr 01000000
diff --git a/utils/regtests/testnv.sh b/utils/regtests/testnv.sh
new file mode 100755
index 000000000..b941f2eba
--- /dev/null
+++ b/utils/regtests/testnv.sh
@@ -0,0 +1,707 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#		$Id: testnv.sh 1301 2018-08-15 21:46:19Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "NV"
+echo ""
+
+echo ""
+echo "NV Ordinary Index"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+NALG=(${ITERATE_ALGS})
+BADNALG=(${BAD_ITERATE_ALGS})
+
+for ((i = 0 ; i < 4; i++))
+do
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "NV Define Space ${NALG[$i]}"
+	${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -nalg ${NALG[$i]} > run.out
+	checkSuccess $?
+
+	echo "NV Read Public, unwritten Name  bad Name algorithm ${BADNALG[$i]} - should fail"
+	${PREFIX}nvreadpublic -ha 01000000 -nalg ${BADNALG[$i]} > run.out
+	checkFailure $?
+
+	echo "NV read - should fail before write ${SESS}"
+	${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+	checkFailure $?
+
+	echo "NV write ${SESS}"
+	${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+	checkSuccess $?
+
+	echo "NV read ${SESS}"
+	${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 -of tmp.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Verify the read data"
+	diff policies/aaa tmp.bin > run.out
+	checkSuccess $?
+
+	echo "NV read, invalid offset - should fail ${SESS}"
+	${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 -off 1 -of tmp.bin ${SESS} > run.out
+	checkFailure $?
+
+	echo "NV read, invalid size - should fail ${SESS}"
+	${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 17 -of tmp.bin ${SESS} > run.out
+	checkFailure $?
+
+	echo "NV Undefine Space"
+	${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space again should fail"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+checkFailure $?
+
+echo "NV Define Space out of range - should fail"
+${PREFIX}nvdefinespace -hi o -ha 02000000 -pwdn nnn  -sz 16 > run.out
+checkFailure $?
+
+echo ""
+echo "NV Set Bits Index"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "NV Define Space"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty b > run.out
+    checkSuccess $?
+
+    echo "NV read - should fail before write ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16  ${SESS} > run.out
+    checkFailure $?
+
+    echo "Set bits 0, 16, 32, 48 ${SESS}" 
+    ${PREFIX}nvsetbits -ha 01000000 -pwdn nnn -bit 0 -bit 16 -bit 32 -bit 48 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Read the set bits ${SESS}" 
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the read data"
+    diff policies/bits48321601.bin tmp.bin > run.out
+    checkSuccess $?
+
+    echo "NV Undefine Space"
+    ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV Counter Index"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "NV Define Space"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty c > run.out
+    checkSuccess $?
+
+    echo "NV Read Public, unwritten Name"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "Read the count - should fail before write ${SESS}" 
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin  ${SESS} > run.out
+    checkFailure $?
+
+    echo "Increment the count ${SESS}" 
+    ${PREFIX}nvincrement -ha 01000000 -pwdn nnn  ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Read the count ${SESS}" 
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin  ${SESS} > run.out
+    checkSuccess $?
+
+# FIXME need some way to verify the count
+
+    echo "NV Undefine Space"
+    ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# The test data was created using policymaker with a text file 616161
+# (three a's).  pcrexted cannot be used because it zero extends the
+# input to the hash size
+
+echo ""
+echo "NV Extend Index"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    SZ=(20 32 48 64)
+    HALG=(${ITERATE_ALGS})
+
+    for ((i = 0 ; i < 4; i++))
+    do
+
+	echo "NV Define Space ${HALG[$i]}"
+	${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty e -nalg ${HALG[$i]} > run.out
+	checkSuccess $?
+
+	echo "NV Read Public ${HALG[$i]}"
+	${PREFIX}nvreadpublic -ha 01000000 -nalg ${HALG[$i]} > run.out
+	checkSuccess $?
+
+	echo "NV read, unwritten Name - should fail before write ${SESS}"
+	${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 32 -of tmp.bin ${SESS} > run.out
+	checkFailure $?
+
+	echo "NV extend ${SESS}"
+	${PREFIX}nvextend -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+	checkSuccess $?
+
+	echo "NV read size ${SZ[$i]} ${SESS}"
+	${PREFIX}nvread -ha 01000000 -pwdn nnn -sz ${SZ[$i]} -of tmp.bin ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Verify the read data ${HALG[$i]}"
+	diff policies/${HALG[$i]}extaaa.bin tmp.bin > run.out
+	checkSuccess $?
+
+	echo "NV Undefine Space"
+	${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+# getcapability  -cap 1 -pr 01000000
+
+echo ""
+echo "NV Owner auth"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Set owner auth ${SESS}"
+    ${PREFIX}hierarchychangeauth -hi o -pwdn ooo ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Define an NV index with owner auth ${SESS}"
+    ${PREFIX}nvdefinespace -hi o -hia o -ha 01000000 -pwdp ooo ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV Read public, get Name, not written"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV write with NV password ${SESS} - should fail"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn ${SESS}> run.out
+    checkFailure $?
+
+    echo "NV write with owner password ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -hia o -pwdn ooo  ${SESS}> run.out 
+    checkSuccess $?
+
+    echo "NV read with NV password ${SESS} - should fail"
+    ${PREFIX}nvread -ha 01000000 ${SESS} -pwdn nnn > run.out
+    checkFailure $?
+
+    echo "NV read with owner password ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -hia o -pwdn ooo ${SESS} > run.out 
+    checkSuccess $?
+
+    echo "NV Undefine authorizing index ${SESS}"
+    ${PREFIX}nvundefinespace -hi o -ha 01000000 -pwdp ooo ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Clear owner auth ${SESS}"
+    ${PREFIX}hierarchychangeauth -hi o -pwda ooo ${SESS} > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+# getcapability  -cap 1 -pr 01000000
+
+echo ""
+echo "NV Platform auth"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Set platform auth ${SESS}"
+    ${PREFIX}hierarchychangeauth -hi p -pwdn ppp  ${SESS}> run.out
+    checkSuccess $?
+
+    echo "Define an NV index with platform auth ${SESS}"
+    ${PREFIX}nvdefinespace -hi p -hia p -ha 01000000 -pwdp ppp ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV Read public, get Name, not written"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV write with NV password ${SESS} - should fail"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV write with platform password ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -hia p -pwdn ppp ${SESS} > run.out 
+    checkSuccess $?
+
+    echo "NV read with NV password ${SESS} - should fail"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV write with platform password ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -hia p -pwdn ppp ${SESS} > run.out 
+    checkSuccess $?
+
+    echo "NV Undefine authorizing index ${SESS}"
+    ${PREFIX}nvundefinespace -hi p -ha 01000000 -pwdp ppp ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Clear platform auth ${SESS}"
+    ${PREFIX}hierarchychangeauth -hi p -pwda ppp ${SESS} > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Write Lock"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "NV Define Space with write define"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at wd > run.out
+    checkSuccess $?
+
+    echo "NV Read Public, unwritten Name"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV write ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV read ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Write lock ${SESS}"
+    ${PREFIX}nvwritelock -ha 01000000 -pwdn nnn ${SESS} > run.out  
+    checkSuccess $?
+
+    echo "NV write ${SESS} - should fail"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV read ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV Undefine Space"
+    ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Read Lock"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "NV Define Space with read stclear"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst > run.out
+    checkSuccess $?
+
+    echo "NV Read Public, unwritten Name"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV write ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV read ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkSuccess $?
+
+     echo "Read lock ${SESS}"
+    ${PREFIX}nvreadlock -ha 01000000 -pwdn nnn ${SESS} > run.out 
+    checkSuccess $?
+
+    echo "NV write ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV read ${SESS} - should fail"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV Undefine Space"
+    ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Global Lock"
+echo ""
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "NV Define Space 01000000 with global lock"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at gl > run.out
+    checkSuccess $?
+
+    echo "NV Define Space 01000001 with global lock"
+    ${PREFIX}nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at gl > run.out
+    checkSuccess $?
+
+    echo "NV write 01000000 ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV write 01000001 ${SESS}"
+    ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV global lock"
+    ${PREFIX}nvglobalwritelock -hia p > run.out
+    checkSuccess $?
+
+    echo "NV Read Public, 01000000, locked"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV Read Public, 01000001, locked"
+    ${PREFIX}nvreadpublic -ha 01000001 > run.out
+    checkSuccess $?
+
+    echo "NV write 01000000 ${SESS} - should fail"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV write 01000001 ${SESS} - should fail"
+    ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV read 01000000 ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV read 01000001 ${SESS}"
+    ${PREFIX}nvread -ha 01000001 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV Undefine Space 01000000"
+    ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV Undefine Space 01000001"
+    ${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+# policy is policycommandcode + policyauthvalue
+# aa 83 a5 98 d9 3a 56 c9 ca 6f ea 7c 3f fc 4e 10 
+# 63 57 ff 6d 93 e1 1a 9b 4a c2 b6 aa e1 2b a0 de 
+
+echo "NV Define Space with POLICY_DELETE and no policy - should fail"
+${PREFIX}nvdefinespace -hi o -ha 01000000 +at pold > run.out
+checkFailure $?
+
+echo ""
+echo "NV Change Authorization"
+echo ""
+
+echo "Start an HMAC session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "NV Define Space 0100000"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out
+    checkSuccess $?
+
+    echo "NV Read Public, unwritten Name"
+    ${PREFIX}nvreadpublic -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "NV write ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV read ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Start a policy session"
+    ${PREFIX}startauthsession -se p > run.out
+    checkSuccess $?
+
+    echo "Policy command code"    
+    ${PREFIX}policycommandcode -ha 03000001 -cc 0000013b > run.out
+    checkSuccess $?
+
+    echo "Policy authvalue"    
+    ${PREFIX}policyauthvalue -ha 03000001 > run.out
+    checkSuccess $?
+
+    echo "NV Change authorization"
+    ${PREFIX}nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out 
+    checkSuccess $?
+
+    echo "NV write ${SESS}, old auth - should fail"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV read ${SESS}, old auth - should fail"
+    ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 ${SESS} > run.out
+    checkFailure $?
+
+    echo "NV write ${SESS}"
+    ${PREFIX}nvwrite -ha 01000000 -pwdn xxx -if policies/aaa ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV read ${SESS}"
+    ${PREFIX}nvread -ha 01000000 -pwdn xxx -sz 3 ${SESS} > run.out
+    checkSuccess $?
+
+    echo "NV Undefine Space"
+    ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+    checkSuccess $?
+
+    echo "Flush the auth session"
+    ${PREFIX}flushcontext -ha 03000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV Change Authorization with bind"
+echo ""
+
+echo "NV Define Space 0100000"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out
+checkSuccess $?
+
+echo "Start an HMAC session, bind to NV index"
+${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy command code"    
+${PREFIX}policycommandcode -ha 03000001 -cc 0000013b > run.out
+checkSuccess $?
+
+echo "Policy authvalue"    
+${PREFIX}policyauthvalue -ha 03000001 > run.out
+checkSuccess $?
+
+echo "NV Change authorization"
+${PREFIX}nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out 
+checkSuccess $?
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 03000001 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV Undefine space special"
+echo ""
+
+# policy is policy command code + policy password
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+for POL in "policyauthvalue" "policypassword"
+do
+
+    echo "NV Define Space 0100000"
+    ${PREFIX}nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 +at pold -pol policies/policyccundefinespacespecial-auth.bin > run.out
+    checkSuccess $?
+
+    echo "Undefine space special - should fail"
+    ${PREFIX}nvundefinespacespecial -ha 01000000 -pwdn nnn > run.out
+    checkFailure $?
+
+    echo "Undefine space special - should fail"
+    ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out
+    checkFailure $?
+
+    echo "Policy command code, NV undefine space special"
+    ${PREFIX}policycommandcode -ha 03000000 -cc 11f > run.out
+    checkSuccess $?
+
+    echo "Undefine space special - should fail"
+    ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out
+    checkFailure $?
+
+    echo "Policy ${POL}"
+    ${PREFIX}${POL} -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Undefine space special"
+    ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
+# ${PREFIX}getcapability  -cap 1 -pr 01000000
diff --git a/utils/regtests/testnvpin.bat b/utils/regtests/testnvpin.bat
new file mode 100644
index 000000000..a113434c4
--- /dev/null
+++ b/utils/regtests/testnvpin.bat
@@ -0,0 +1,1029 @@
+REM #################################################################################
+REM #										    #
+REM #			TPM2 regression test					    #
+REM #			     Written by Ken Goldman				    #
+REM #		       IBM Thomas J. Watson Research Center			    #
+REM #										    #
+REM # (c) Copyright IBM Corporation 2016 - 2019					    #
+REM # 										    #
+REM # All rights reserved.							    #
+REM # 										    #
+REM # Redistribution and use in source and binary forms, with or without	    #
+REM # modification, are permitted provided that the following conditions are	    #
+REM # met:									    #
+REM # 									    	    #
+REM # Redistributions of source code must retain the above copyright notice,	    #
+REM # this list of conditions and the following disclaimer.			    #
+REM # 										    #
+REM # Redistributions in binary form must reproduce the above copyright		    #
+REM # notice, this list of conditions and the following disclaimer in the	    #
+REM # documentation and/or other materials provided with the distribution.	    #
+REM # 										    #
+REM # Neither the names of the IBM Corporation nor the names of its		    #
+REM # contributors may be used to endorse or promote products derived from	    #
+REM # this software without specific prior written permission.			    #
+REM # 										    #
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	    #
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		    #
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	    #
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	    #
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	    #
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		    #
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	    #
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	    #
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	    #
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	    #
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	    #
+REM #										    #
+REM #################################################################################
+
+setlocal enableDelayedExpansion
+
+REM # PIN Pass index name is
+REM 
+REM # 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 
+REM # 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da 
+REM # ad 81 
+REM 
+REM # Policy Secret using PIN Pass index is
+REM 
+REM # 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 
+REM # 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d 
+REM 
+REM # PIN Fail index name is
+REM 
+REM # 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 
+REM # b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 
+REM # c4 be 
+REM 
+REM # Policy Secret using PIN Fail index is
+REM 
+REM # 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c 
+REM # 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df 
+REM 
+REM 
+REM # 01000000 is PIN pass or PIN fail index
+REM # 01000001 is ordinary index with PIN pass policy
+REM # 01000002 is ordinary index with PIN fail policy
+
+
+echo ""
+echo "NV PIN Index"
+echo ""
+
+echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000"
+%TPM_EXE_PATH%nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write to set written bit"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -hia p -ic 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Define Space, 01000002, ordinary index, with policysecret for pin fail index 01000000"
+%TPM_EXE_PATH%nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write to set written bit"
+%TPM_EXE_PATH%nvwrite -ha 01000002 -hia p -ic 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Pass Index"
+echo ""
+
+echo "Set phEnableNV"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he n > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, not written - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform read does not affect count"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform read does not affect count, should succeed"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8  -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, platform auth"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy write, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, platform auth"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy read should not increment pin count"
+%TPM_EXE_PATH%nvread -ha 01000000  -id 0 1 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Index read should increment pin count"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 1 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Index read, no uses - should fail"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform read, no uses"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 1 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Pass Index in Policy Secret"
+echo ""
+
+echo "Policy Secret with PWAP session, bad password - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Secret with PWAP session, should consume pin couunt"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Get Digest, 50 b9 63 d6 ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read ordinary index using PIN pass policy secret"
+%TPM_EXE_PATH%nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 01000000, 1 use, 1 / 2"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 0 uses, 0 / 0"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 1 use. 1 / 1, already used"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 0 uses. 2 / 1, already used"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 2 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo ""
+echo "NV PIN Pass Index with Write Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write lock, 01000000"
+%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 01000000, locked - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Reboot"
+%TPM_EXE_PATH%powerup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Startup"
+%TPM_EXE_PATH%startup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Pass Index with Read Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read lock, 01000000"
+%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform read, locked - should fail"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Secret with PWAP session, read locked"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Pass Index with phEnableNV clear"
+echo ""
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear phEnableNV"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, phEnableNV disabled - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Set phEnableNV"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Cleanup NV PIN Pass"
+echo ""
+
+echo "NV Undefine Space, 01000000 "
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the policy session, 03000000 "
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Fail Index"
+echo ""
+
+echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, not written - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 1 failure, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform read"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform read with bad password - should fail"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, platform auth"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy write, 01000000, platform auth"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, platform auth"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy read, 01000000"
+%TPM_EXE_PATH%nvread -ha 01000000 -sz 8 -id 0 1 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 01000000, 0/ 1 failure"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Index read, 01000000, correct password"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Index read, 01000000, bad password - should fail"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nn -sz 8  > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Index read, 01000000, correct password - should fail because tries used"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 01000000, 0 / 1 failure"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Index read, 01000000"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Fail Index in Policy Secret"
+echo ""
+
+echo "Platform write, 2 failures, 0 / 2"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, good password"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Secret with PWAP session, good password, resets pinCount"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Secret with PWAP session, good password - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Platform write, 1 failure use, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, good password, resets pinCount"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 0 failures, 1 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, good password, resets pinCount"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo ""
+echo "NV PIN Fail Index with Write Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 fail, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write lock, 01000000"
+%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 01000000, locked - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Reboot"
+%TPM_EXE_PATH%powerup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Startup"
+%TPM_EXE_PATH%startup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Fail Index with Read Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 failure, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read lock 01000000"
+%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform read, locked - should fail"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Policy Secret with PWAP session, read locked"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN Fail Index with phEnableNV clear"
+echo ""
+
+echo "Platform write, 01000000, 1 failure, 0 / 1"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear phEnableNV"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, phEnableNV disabled - should fail"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Set phEnableNV"
+%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Cleanup"
+echo ""
+
+echo "NV Undefine Space 01000000"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space 01000001"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space 01000002"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Recreate the primary key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "NV PIN define space"
+echo ""
+
+echo "NV Define Space, 01000000, no write auth - should fail"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "NV Define Space, 01000000, no read auth - should fail"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "NV Define Space, 01000000, PIN Pass, auth write - should fail"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "NV Define Space, 01000000, PIN Fail, auth write - should fail"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+rem #
+rem # Additional test for pinCount update when NV auth is not used.  This
+rem # tests for a bug fix
+rem #
+
+rem #
+rem # policy calculation
+rem #
+
+echo "Create the policy digest that will be used for the NvIndex write term"
+%TPM_EXE_PATH%startauthsession -se t > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "policycommandcode TPM_CC_NV_Write"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Get the policycommandcode write term"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppw.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Restart the trial policy session"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "policycommandcode TPM_CC_NV_Read"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Get the policycommandcode read term"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Restart the trial policy session"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Trial Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Get the policyor result"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmpor.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Flush the trial policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rem #
+rem # Test PIN fail
+rem #
+
+rem # Write the PIN fail index
+
+echo "Creating the NvIndex as PIN Fail, remove authwrite, authread, add ownerread"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty f -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Start policy sesion"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "policycommandcode TPM_CC_NV_Write"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Writing count 0, limit 2"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rem # test the PIN fail index
+
+echo "Using with PolicySecret, first failure case, increments count"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "policycommandcode TPM_CC_NV_Read"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Read the index, should be 1 2"
+%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 01 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Using with PolicySecret, second failure case"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+)
+
+echo "Read the index, owner auth, should be 2 2"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 2 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rem # cleanup
+
+echo "Undefine the PIN fail index"
+%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rem #
+rem # Test PIN pass
+rem #
+
+rem # Write the PIN pass index
+
+echo "Creating the NvIndex as PIN Pass, remove authwrite, authread, add ownerread"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty p -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "policycommandcode TPM_CC_NV_Write"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Writing count 0, limit 2"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rem # test the PIN pass index
+
+echo "policycommandcode TPM_CC_NV_Read"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Read the index, should be 0 2"
+%TPM_EXE_PATH%nvread -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Read the index, owner auth, should be 0 2"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 0 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Using with PolicySecret, success, increments count"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pass > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Restart the policy session"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "policycommandcode TPM_CC_NV_Read"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Read the index, should be 1 2"
+%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 00 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Read the index, owner auth, should be 1 2"
+%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 1 2 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rem # cleanup
+
+echo "Undefine the PIN fail index"
+%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+rm -r tmppw.bin
+rm -r tmppr.bin
+rm -r tmpor.bin
+
+rem # %TPM_EXE_PATH%getcapability  -cap 1 -pr 80000000
+rem # %TPM_EXE_PATH%getcapability  -cap 1 -pr 02000000
+rem # %TPM_EXE_PATH%getcapability  -cap 1 -pr 03000000
+rem # %TPM_EXE_PATH%getcapability  -cap 1 -pr 01000000
+
+exit /B 0
+
diff --git a/utils/regtests/testnvpin.sh b/utils/regtests/testnvpin.sh
new file mode 100755
index 000000000..89d14a7de
--- /dev/null
+++ b/utils/regtests/testnvpin.sh
@@ -0,0 +1,739 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2016 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# PIN Pass index name is
+
+# 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 
+# 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da 
+# ad 81 
+
+# Policy Secret using PIN Pass index is
+
+# 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 
+# 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d 
+
+# PIN Fail index name is
+
+# 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 
+# b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 
+# c4 be 
+
+# Policy Secret using PIN Fail index is
+ 
+# 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c 
+# 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df 
+
+# 01000000 is PIN pass or PIN fail index
+# 01000001 is ordinary index with PIN pass policy
+# 01000002 is ordinary index with PIN fail policy
+
+
+echo ""
+echo "NV PIN Index"
+echo ""
+
+echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000"
+${PREFIX}nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out
+checkSuccess $?
+
+echo "Platform write to set written bit"
+${PREFIX}nvwrite -ha 01000001 -hia p -ic 0 > run.out
+checkSuccess $?
+
+echo "NV Define Space, 01000002, ordinary index, with policysecret for pin fail index 01000000"
+${PREFIX}nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out
+checkSuccess $?
+
+echo "Platform write to set written bit"
+${PREFIX}nvwrite -ha 01000002 -hia p -ic 0 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Pass Index"
+echo ""
+
+echo "Set phEnableNV"
+${PREFIX}hierarchycontrol -hi p -he n > run.out
+checkSuccess $?
+
+echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, not written - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Platform write, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Platform read does not affect count"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
+checkSuccess $?
+
+echo "Platform read does not affect count, should succeed"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, platform auth"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Policy write, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, platform auth"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Policy read should not increment pin count"
+${PREFIX}nvread -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Platform write, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Index read should increment pin count"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -id 1 1 > run.out
+checkSuccess $?
+
+echo "Index read, no uses - should fail"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+checkFailure $?
+
+echo "Platform read, no uses"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 1 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Pass Index in Policy Secret"
+echo ""
+
+echo "Policy Secret with PWAP session, bad password - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+checkFailure $?
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, should consume pin couunt"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Policy Get Digest, 50 b9 63 d6 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Read ordinary index using PIN pass policy secret"
+${PREFIX}nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Platform write, 01000000, 1 use, 1 / 2"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 1 2 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Platform write, 0 uses, 0 / 0"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 0 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Platform write, 1 use. 1 / 1, already used"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 1 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Platform write, 0 uses. 2 / 1, already used"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 2 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo ""
+echo "NV PIN Pass Index with Write Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Write lock, 01000000"
+${PREFIX}nvwritelock -ha 01000000 -hia p > run.out 
+checkSuccess $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, pinCount used - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Platform write, 01000000, locked - should fail"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkFailure $?
+
+echo "Reboot"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup"
+${PREFIX}startup > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Pass Index with Read Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Read lock, 01000000"
+${PREFIX}nvreadlock -ha 01000000 -hia p > run.out
+checkSuccess $?
+
+echo "Platform read, locked - should fail"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, read locked"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Pass Index with phEnableNV clear"
+echo ""
+
+echo "Platform write, 01000000, 1 use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Clear phEnableNV"
+${PREFIX}hierarchycontrol -hi p -he n -state 0 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, phEnableNV disabled - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Set phEnableNV"
+${PREFIX}hierarchycontrol -hi p -he n -state 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "Cleanup NV PIN Pass"
+echo ""
+
+echo "NV Undefine Space, 01000000 "
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+echo "Flush the policy session, 03000000 "
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Fail Index"
+echo ""
+
+echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, not written - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Platform write, 1 failure, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Platform read"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
+checkSuccess $?
+
+echo "Platform read with bad password - should fail"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out
+checkFailure $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, platform auth"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Policy write, 01000000, platform auth"
+${PREFIX}nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, platform auth"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Policy read, 01000000"
+${PREFIX}nvread -ha 01000000 -sz 8 -id 0 1 -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Platform write, 01000000, 0 / 1 failure"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Index read, 01000000, correct password"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out
+checkSuccess $?
+
+echo "Index read, 01000000, bad password - should fail"
+${PREFIX}nvread -ha 01000000 -pwdn nn -sz 8 > run.out
+checkFailure $?
+
+echo "Index read, 01000000, correct password - fail because tries used"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+checkFailure $?
+
+echo "Platform write, 01000000, 0 / 1 failure"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Index read, 01000000"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Fail Index in Policy Secret"
+echo ""
+
+echo "Platform write, 2 failures, 0 / 2"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 2 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, good password"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, good password, resets pinCount"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, good password - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Platform write, 1 failure use, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, good password, resets pinCount"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Platform write, 0 failures, 1 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 1 1 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, good password, resets pinCount"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo ""
+echo "NV PIN Fail Index with Write Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 fail, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Write lock, 01000000"
+${PREFIX}nvwritelock -ha 01000000 -hia p > run.out 
+checkSuccess $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo "Platform write, 01000000, locked - should fail"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkFailure $?
+
+echo "Reboot"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup"
+${PREFIX}startup > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Fail Index with Read Lock"
+echo ""
+
+echo "Platform write, 01000000, 1 failure, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Read lock 01000000"
+${PREFIX}nvreadlock -ha 01000000 -hia p > run.out 
+checkSuccess $?
+
+echo "Platform read, locked - should fail"
+${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, read locked"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkSuccess $?
+
+echo ""
+echo "NV PIN Fail Index with phEnableNV clear"
+echo ""
+
+echo "Platform write, 01000000, 1 failure, 0 / 1"
+${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out
+checkSuccess $?
+
+echo "Clear phEnableNV"
+${PREFIX}hierarchycontrol -hi p -he n -state 0 > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session, phEnableNV disabled - should fail"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
+checkFailure $?
+
+echo "Set phEnableNV"
+${PREFIX}hierarchycontrol -hi p -he n -state 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "Cleanup"
+echo ""
+
+echo "NV Undefine Space 01000000"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out 
+checkSuccess $?
+
+echo "NV Undefine Space 01000001"
+${PREFIX}nvundefinespace -hi o -ha 01000001 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space 01000002"
+${PREFIX}nvundefinespace -hi o -ha 01000002 > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out > run.out
+checkSuccess $?
+
+# Recreate the primary key
+initprimary
+checkSuccess $?
+
+echo ""
+echo "NV PIN define space"
+echo ""
+
+echo "NV Define Space, 01000000, no write auth - should fail"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out
+checkFailure $?
+
+echo "NV Define Space, 01000000, no read auth - should fail"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out
+checkFailure $?
+
+echo "NV Define Space, 01000000, PIN Pass, auth write - should fail"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out
+checkFailure $?
+
+echo "NV Define Space, 01000000, PIN Fail, auth write - should fail"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out
+checkFailure $?
+
+echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out
+checkFailure $?
+
+#
+# Additional test for pinCount update when NV auth is not used.  This
+# tests for a bug fix
+#
+
+#
+# policy calculation
+#
+
+echo "Create the policy digest that will be used for the NvIndex write term"
+${PREFIX}startauthsession -se t > run.out
+checkSuccess $?
+
+echo "policycommandcode TPM_CC_NV_Write"
+${PREFIX}policycommandcode -ha 03000000 -cc 137 > run.out
+checkSuccess $?
+
+echo "Get the policycommandcode write term"
+${PREFIX}policygetdigest -ha 03000000 -of tmppw.bin > run.out
+checkSuccess $?
+
+echo "Restart the trial policy session"
+${PREFIX}policyrestart -ha 03000000 > run.out
+checkSuccess $?
+
+echo "policycommandcode TPM_CC_NV_Read"
+${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out
+checkSuccess $?
+
+echo "Get the policycommandcode read term"
+${PREFIX}policygetdigest -ha 03000000 -of tmppr.bin > run.out
+checkSuccess $?
+
+echo "Restart the trial policy session"
+${PREFIX}policyrestart -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Trial Policy OR"
+${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+checkSuccess $?
+
+echo "Get the policyor result"
+${PREFIX}policygetdigest -ha 03000000 -of tmpor.bin > run.out
+checkSuccess $?
+
+echo "Flush the trial policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+#
+# Test PIN fail
+#
+
+# Write the PIN fail index
+
+echo "Creating the NvIndex as PIN Fail, remove authwrite, authread, add ownerread"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -ty f -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out
+checkSuccess $?
+
+echo "Start policy sesion"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "policycommandcode TPM_CC_NV_Write"
+${PREFIX}policycommandcode -ha 03000000 -cc 137 > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+checkSuccess $?
+
+echo "Writing count 0, limit 2"
+${PREFIX}nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
+checkSuccess $?
+
+# test the PIN fail index
+
+echo "Using with PolicySecret, first failure case, increments count"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out
+checkFailure $?
+
+echo "policycommandcode TPM_CC_NV_Read"
+${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+checkSuccess $?
+
+echo "Read the index, should be 1 2"
+${PREFIX}nvread -ha 01000000 -id 1 2 -se0 03000000 01 > run.out
+checkSuccess $?
+
+echo "Using with PolicySecret, second failure case"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out
+checkFailure $?
+
+echo "Read the index, owner auth, should be 2 2"
+${PREFIX}nvread -ha 01000000 -hia o -id 2 2 > run.out
+checkSuccess $?
+
+# cleanup
+
+echo "Undefine the PIN fail index"
+${PREFIX}nvundefinespace -ha 01000000 -hi o > run.out
+checkSuccess $?
+
+#
+# Test PIN pass
+#
+
+# Write the PIN pass index
+
+echo "Creating the NvIndex as PIN Pass, remove authwrite, authread, add ownerread"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -ty p -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out
+checkSuccess $?
+
+echo "policycommandcode TPM_CC_NV_Write"
+${PREFIX}policycommandcode -ha 03000000 -cc 137 > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+checkSuccess $?
+
+echo "Writing count 0, limit 2"
+${PREFIX}nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
+checkSuccess $?
+
+# test the PIN pass index
+
+echo "policycommandcode TPM_CC_NV_Read"
+${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+checkSuccess $?
+
+echo "Read the index, should be 0 2"
+${PREFIX}nvread -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
+checkSuccess $?
+
+echo "Read the index, owner auth, should be 0 2"
+${PREFIX}nvread -ha 01000000 -hia o -id 0 2 > run.out
+checkSuccess $?
+
+echo "Using with PolicySecret, success, increments count"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde pass > run.out
+checkSuccess $?
+
+echo "Restart the policy session"
+${PREFIX}policyrestart -ha 03000000 > run.out
+checkSuccess $?
+
+echo "policycommandcode TPM_CC_NV_Read"
+${PREFIX}policycommandcode -ha 03000000 -cc 14e > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
+checkSuccess $?
+
+echo "Read the index, should be 1 2"
+${PREFIX}nvread -ha 01000000 -id 1 2 -se0 03000000 00 > run.out
+checkSuccess $?
+
+echo "Read the index, owner auth, should be 1 2"
+${PREFIX}nvread -ha 01000000 -hia o -id 1 2 > run.out
+checkSuccess $?
+
+# cleanup
+
+echo "Undefine the PIN fail index"
+${PREFIX}nvundefinespace -ha 01000000 -hi o > run.out
+checkSuccess $?
+
+rm -r tmppw.bin
+rm -r tmppr.bin
+rm -r tmpor.bin
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
+# ${PREFIX}getcapability  -cap 1 -pr 03000000
+# ${PREFIX}getcapability  -cap 1 -pr 01000000
+
diff --git a/utils/regtests/testpcr.bat b/utils/regtests/testpcr.bat
new file mode 100644
index 000000000..e840fc2db
--- /dev/null
+++ b/utils/regtests/testpcr.bat
@@ -0,0 +1,348 @@
+REM #############################################################################
+REM										#
+REM			TPM2 regression test					#
+REM			     Written by Ken Goldman				#
+REM		       IBM Thomas J. Watson Research Center			#
+REM										#
+REM (c) Copyright IBM Corporation 2015 - 2019					#
+REM 										#
+REM All rights reserved.							#
+REM 										#
+REM Redistribution and use in source and binary forms, with or without		#
+REM modification, are permitted provided that the following conditions are	#
+REM met:									#
+REM 										#
+REM Redistributions of source code must retain the above copyright notice,	#
+REM this list of conditions and the following disclaimer.			#
+REM 										#
+REM Redistributions in binary form must reproduce the above copyright		#
+REM notice, this list of conditions and the following disclaimer in the		#
+REM documentation and/or other materials provided with the distribution.	#
+REM 										#
+REM Neither the names of the IBM Corporation nor the names of its		#
+REM contributors may be used to endorse or promote products derived from	#
+REM this software without specific prior written permission.			#
+REM 										#
+REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+REM #
+REM # for pcrextend
+REM #
+REM 
+REM # extend of aaa + 0 pad to digest length using pcrextend, use resettable PCR 16
+REM 
+REM # sha1extaaa0.bin
+REM # 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 
+REM # 98 1a a0 a0 
+REM 
+REM # sha256extaaa0.bin
+REM # c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 
+REM # 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb 
+REM 
+REM # sha384extaaa0.bin
+REM # 29 29 63 e3 1c 34 c2 72 bd ea 27 15 40 94 af 92 
+REM # 50 ad 97 d9 e7 44 6b 83 6d 3a 73 7c 90 ca 47 df 
+REM # 2c 39 90 21 ce dd 00 85 3e f0 84 97 c5 a4 23 84 
+REM 
+REM # sha512extaaa0.bin
+REM # 7f e1 e4 cf 01 52 93 13 6b f1 30 18 30 39 b6 a6 
+REM # 46 ea 00 8b 75 af d0 f8 46 6a 9b fe 53 1a f8 ad 
+REM # a8 67 a6 58 28 cf ce 48 60 77 52 9e 54 f1 83 0a 
+REM # a4 9a b7 80 56 2b ae a4 9c 67 a8 73 34 ff e7 78 
+REM 
+REM #
+REM # for pcrevent
+REM #
+REM 
+REM # first hash using hash -ic aaa -ns
+REM # then extend using policymaker
+REM 
+REM # sha1 of aaa
+REM # 7e240de74fb1ed08fa08d38063f6a6a91462a815
+REM # extend
+REM # ab 53 c7 ec 3f fe fe 21 9e 9d 89 da f1 8e 16 55 
+REM # 3e 23 8e a6 
+REM 
+REM # sha256 of aaa
+REM # 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0
+REM # extend
+REM # df 81 1e 9d 19 a0 d3 3d e6 7b b1 c7 26 a6 20 5c 
+REM # d0 a2 eb 0f 61 b7 c9 ee 91 66 eb cf dc 17 db ab 
+REM 
+REM # sha384 of aaa
+REM # 8e07e5bdd64aa37536c1f257a6b44963cc327b7d7dcb2cb47a22073d33414462bfa184487cf372ce0a19dfc83f8336d8
+REM # extend of that
+REM # 61 bc 70 39 e2 94 87 c2 17 b0 b1 46 10 5d 64 e6 
+REM # ad 32 a6 d5 c2 5b 45 01 a7 4b bc a7 7f cc 24 25 
+REM # 36 ca 1a 40 f9 36 44 f0 d8 b0 98 ea a6 50 97 4d 
+REM 
+REM # sha512 of aaa
+REM # d6f644b19812e97b5d871658d6d3400ecd4787faeb9b8990c1e7608288664be77257104a58d033bcf1a0e0945ff06468ebe53e2dff36e248424c7273117dac09 
+REM # extend of that (using policymaker)
+REM # cb 7f be b3 1c 29 61 24 4c 9c 47 80 84 0d b4 3a 
+REM # 76 3f ba 96 ef c1 d9 52 f4 e3 e0 2c 06 8a 31 8a 
+REM # e5 3f a0 a7 a1 74 e8 23 e3 07 1a cd c6 52 6f b6 
+REM # 77 6d 07 0f 36 47 27 4d a6 29 db c9 10 a7 6c 2a 
+REM 
+REM # all these variables are related
+REM 
+REM # bank algorithm test pattern is
+
+set BANKS=^
+    "sha1"			^
+    "sha256"			^
+    "sha384"			^
+    "sha512"			^
+    "sha1   sha256"		^
+    "sha1   sha384"		^
+    "sha1   sha512"		^
+    "sha256 sha384"		^
+    "sha256 sha512"		^
+    "sha384 sha512"		^
+    "sha1   sha256 sha384"	^
+    "sha1   sha256 sha512"	^
+    "sha1   sha384 sha512"	^
+    "sha256 sha384 sha512"	^
+    "sha1   sha256 sha384 sha512"
+
+REM # bank extend algorithm test pattern is
+
+set EXTEND=^
+    "-halg sha1"				^
+    "-halg sha256"				^
+    "-halg sha384"				^
+    "-halg sha512"				^
+    "-halg sha1   -halg sha256"			^
+    "-halg sha1   -halg sha384"			^
+    "-halg sha1   -halg sha512"			^
+    "-halg sha256 -halg sha384"			^
+    "-halg sha256 -halg sha512"			^
+    "-halg sha384 -halg sha512"			^
+    "-halg sha1   -halg sha256 -halg sha384"	^
+    "-halg sha1   -halg sha256 -halg sha512"	^
+    "-halg sha1   -halg sha384 -halg sha512"	^
+    "-halg sha256 -halg sha384 -halg sha512"	^
+    "-halg sha1   -halg sha256 -halg sha384 -halg sha512"
+
+REM # bank event file test pattern is
+
+set EVENT=^
+    "-of1 tmpsha1.bin"						^
+    "-of2 tmpsha256.bin"					^
+    "-of3 tmpsha384.bin"					^
+    "-of5 tmpsha512.bin"					^
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin"			^
+    "-of1 tmpsha1.bin   -of3 tmpsha384.bin"			^
+    "-of1 tmpsha1.bin   -of5 tmpsha512.bin"			^
+    "-of2 tmpsha256.bin -of3 tmpsha384.bin"			^
+    "-of2 tmpsha256.bin -of5 tmpsha512.bin"			^
+    "-of3 tmpsha384.bin -of5 tmpsha512.bin"			^
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin -of3 tmpsha384.bin"	^
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin -of5 tmpsha512.bin"	^
+    "-of1 tmpsha1.bin   -of3 tmpsha384.bin -of5 tmpsha512.bin"	^
+    "-of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin"	^
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin"
+)
+
+REM # assuming starts with starts with sha1 sha256 sha384 sha512
+
+set ALLOC=^
+    "-sha256 -sha384 -sha512"		^
+    "-sha1   +sha256"			^
+    "-sha256 +sha384"			^
+    "-sha384 +sha512"			^
+    "+sha1   +sha256 -sha512"		^
+    "-sha256 +sha384"			^
+    "-sha384 +sha512"			^
+    "-sha1   +sha256 +sha384 -sha512"	^
+    "-sha384 +sha512"			^
+    "-sha256 +sha384"			^
+    "+sha1   +sha256 -sha512"		^
+    "-sha384 +sha512"			^
+    "-sha256 +sha384"			^
+    "-sha1   +sha256"			^
+    "+sha1"
+)
+
+REM i is iterator over PCR bank allocation patterns
+set i=0
+for %%a in (!BANKS!) do set /A i+=1 & set BANKS[!i!]=%%~a
+set i=0
+for %%a in (!EXTEND!) do set /A i+=1 & set EXTEND[!i!]=%%~a
+set i=0
+for %%a in (!EVENT!) do set /A i+=1 & set EVENT[!i!]=%%~a
+set i=0
+for %%a in (!ALLOC!) do set /A i+=1 & set ALLOC[!i!]=%%~a
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    echo ""
+    echo "pcrallocate !BANKS[%%i]!"
+    echo ""
+    %TPM_EXE_PATH%pcrallocate !ALLOC[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+      exit /B 1
+    )
+
+    echo "powerup"
+    %TPM_EXE_PATH%powerup > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+      exit /B 1
+    )
+
+    echo "startup"
+    %TPM_EXE_PATH%startup > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+      exit /B 1
+    )
+
+    echo "display PCR banks"
+    %TPM_EXE_PATH%getcapability -cap 5 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+      exit /B 1
+    )
+    
+    echo ""
+    echo "PCR Extend"
+    echo ""
+
+    echo "PCR Reset"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+      exit /B 1
+      )
+
+    echo "PCR Extend !EXTEND[%%i]!"
+    %TPM_EXE_PATH%pcrextend -ha 16 !EXTEND[%%i]! -if policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+      exit /B 1
+      )
+
+    for %%H in (!BANKS[%%i]!) do (
+
+    	echo "PCR Read %%H"
+    	%TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp.bin > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+      	    exit /B 1
+      	)
+
+    	echo "Verify the read data %%H"
+    	diff policies/%%Hextaaa0.bin tmp.bin > run.out
+    	IF !ERRORLEVEL! NEQ 0 (
+      	    exit /B 1
+      	)
+    )
+
+    echo ""
+    echo "PCR Event"
+    echo ""
+
+    echo "PCR Reset"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR Event !EVENT[%%i]!"
+    %TPM_EXE_PATH%pcrevent -ha 16 -if policies/aaa !EVENT[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    for %%H in (!BANKS[%%i]!) do (
+
+    	echo "Verify Digest %%H"
+    	diff policies/%%Haaa.bin tmp%%H.bin > run.out > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+
+	echo "PCR Read %%H"
+	%TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+
+	echo "Verify Digest %%H"
+	diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+    )
+
+    echo ""
+    echo "Event Sequence Complete"
+    echo ""
+
+    echo "PCR Reset"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Event sequence start, alg null"
+    %TPM_EXE_PATH%hashsequencestart -halg null -pwda aaa > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Event Sequence Complete"
+    %TPM_EXE_PATH%eventsequencecomplete -hs 80000000 -pwds aaa -ha 16 -if policies/aaa !EVENT[%%i]! > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    for %%H in (!BANKS[%%i]!) do (
+
+    	echo "Verify Digest %%H"
+	diff policies/%%Haaa.bin tmp%%H.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+	
+	echo "PCR Read %%H"
+	%TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+
+	echo "Verify Digest %%H"
+	diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	    exit /B 1
+	)
+
+    )
+
+)
+
+echo "PCR Reset"
+%TPM_EXE_PATH%pcrreset -ha 16 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+REM # recreate the primary key that was flushed on the powerup
+
+echo "Create a platform primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+exit /B 0
diff --git a/utils/regtests/testpcr.sh b/utils/regtests/testpcr.sh
new file mode 100755
index 000000000..ef8fa2c20
--- /dev/null
+++ b/utils/regtests/testpcr.sh
@@ -0,0 +1,300 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+#
+# for pcrextend
+#
+
+# extend of aaa + 0 pad to digest length using pcrextend, use resettable PCR 16
+
+# sha1extaaa0.bin
+# 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 
+# 98 1a a0 a0 
+
+# sha256extaaa0.bin
+# c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 
+# 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb 
+
+# sha384extaaa0.bin
+# 29 29 63 e3 1c 34 c2 72 bd ea 27 15 40 94 af 92 
+# 50 ad 97 d9 e7 44 6b 83 6d 3a 73 7c 90 ca 47 df 
+# 2c 39 90 21 ce dd 00 85 3e f0 84 97 c5 a4 23 84 
+
+# sha512extaaa0.bin
+# 7f e1 e4 cf 01 52 93 13 6b f1 30 18 30 39 b6 a6 
+# 46 ea 00 8b 75 af d0 f8 46 6a 9b fe 53 1a f8 ad 
+# a8 67 a6 58 28 cf ce 48 60 77 52 9e 54 f1 83 0a 
+# a4 9a b7 80 56 2b ae a4 9c 67 a8 73 34 ff e7 78 
+
+#
+# for pcrevent
+#
+
+# first hash using hash -ic aaa -ns
+# then extend using policymaker
+
+# sha1 of aaa
+# 7e240de74fb1ed08fa08d38063f6a6a91462a815
+# extend
+# ab 53 c7 ec 3f fe fe 21 9e 9d 89 da f1 8e 16 55 
+# 3e 23 8e a6 
+
+# sha256 of aaa
+# 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0
+# extend
+# df 81 1e 9d 19 a0 d3 3d e6 7b b1 c7 26 a6 20 5c 
+# d0 a2 eb 0f 61 b7 c9 ee 91 66 eb cf dc 17 db ab 
+
+# sha384 of aaa
+# 8e07e5bdd64aa37536c1f257a6b44963cc327b7d7dcb2cb47a22073d33414462bfa184487cf372ce0a19dfc83f8336d8
+# extend of that
+# 61 bc 70 39 e2 94 87 c2 17 b0 b1 46 10 5d 64 e6 
+# ad 32 a6 d5 c2 5b 45 01 a7 4b bc a7 7f cc 24 25 
+# 36 ca 1a 40 f9 36 44 f0 d8 b0 98 ea a6 50 97 4d 
+
+# sha512 of aaa
+# d6f644b19812e97b5d871658d6d3400ecd4787faeb9b8990c1e7608288664be77257104a58d033bcf1a0e0945ff06468ebe53e2dff36e248424c7273117dac09 
+# extend of that (using policymaker)
+# cb 7f be b3 1c 29 61 24 4c 9c 47 80 84 0d b4 3a 
+# 76 3f ba 96 ef c1 d9 52 f4 e3 e0 2c 06 8a 31 8a 
+# e5 3f a0 a7 a1 74 e8 23 e3 07 1a cd c6 52 6f b6 
+# 77 6d 07 0f 36 47 27 4d a6 29 db c9 10 a7 6c 2a 
+
+# all these variables are related
+
+# bank algorithm test pattern is
+
+BANKS=( \
+    "sha1"			\
+    "sha256"			\
+    "sha384"			\
+    "sha512"			\
+    "sha1   sha256"		\
+    "sha1   sha384"		\
+    "sha1   sha512"		\
+    "sha256 sha384"		\
+    "sha256 sha512"		\
+    "sha384 sha512"		\
+    "sha1   sha256 sha384"	\
+    "sha1   sha256 sha512"	\
+    "sha1   sha384 sha512"	\
+    "sha256 sha384 sha512"	\
+    "sha1   sha256 sha384 sha512"
+)
+
+# bank extend algorithm test pattern is
+
+EXTEND=( \
+    "-halg sha1"			\
+    "-halg sha256"			\
+    "-halg sha384"			\
+    "-halg sha512"			\
+    "-halg sha1   -halg sha256"		\
+    "-halg sha1   -halg sha384"		\
+    "-halg sha1   -halg sha512"		\
+    "-halg sha256 -halg sha384"		\
+    "-halg sha256 -halg sha512"		\
+    "-halg sha384 -halg sha512"		\
+    "-halg sha1   -halg sha256 -halg sha384"	
+    "-halg sha1   -halg sha256 -halg sha512"	\
+    "-halg sha1   -halg sha384 -halg sha512"	\
+    "-halg sha256 -halg sha384 -halg sha512"	\
+    "-halg sha1   -halg sha256 -halg sha384 -halg sha512"	\
+)
+
+# bank event file test pattern is
+
+EVENT=( \
+    "-of1 tmpsha1.bin"			\
+    "-of2 tmpsha256.bin"			\
+    "-of3 tmpsha384.bin"			\
+    "-of5 tmpsha512.bin"			\
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin"		\
+    "-of1 tmpsha1.bin   -of3 tmpsha384.bin"		\
+    "-of1 tmpsha1.bin   -of5 tmpsha512.bin"		\
+    "-of2 tmpsha256.bin -of3 tmpsha384.bin"		\
+    "-of2 tmpsha256.bin -of5 tmpsha512.bin"		\
+    "-of3 tmpsha384.bin -of5 tmpsha512.bin"		\
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin -of3 tmpsha384.bin"	\
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin -of5 tmpsha512.bin"	\
+    "-of1 tmpsha1.bin   -of3 tmpsha384.bin -of5 tmpsha512.bin"	\
+    "-of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin"	\
+    "-of1 tmpsha1.bin   -of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin"
+)
+
+# assuming starts with starts with sha1 sha256 sha384 sha512
+
+ALLOC=( \
+    "-sha256 -sha384 -sha512"		\
+    "-sha1   +sha256"			\
+    "-sha256 +sha384"			\
+    "-sha384 +sha512"			\
+    "+sha1   +sha256 -sha512"		\
+    "-sha256 +sha384"			\
+    "-sha384 +sha512"			\
+    "-sha1   +sha256 +sha384 -sha512"	\
+    "-sha384 +sha512"			\
+    "-sha256 +sha384"			\
+    "+sha1   +sha256 -sha512"		\
+    "-sha384 +sha512"			\
+    "-sha256 +sha384"			\
+    "-sha1   +sha256"			\
+    "+sha1"
+)
+
+# i is iterator over PCR bank allocation patterns
+for ((i = 0 ; i < 15 ; i++))
+do
+    echo ""
+    echo "pcrallocate ${BANKS[i]}"
+    echo ""
+    ${PREFIX}pcrallocate ${ALLOC[i]} > run.out
+    checkSuccess $?
+
+    echo "powerup"
+    ${PREFIX}powerup > run.out
+    checkSuccess $?
+
+    echo "startup"
+    ${PREFIX}startup > run.out
+    checkSuccess $?
+
+    echo "display PCR banks"
+    ${PREFIX}getcapability -cap 5 > run.out
+    checkSuccess $?
+    
+    echo ""
+    echo "PCR Extend"
+    echo ""
+
+    echo "PCR Reset banks ${BANKS[i]}"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    echo "PCR Extend ${EXTEND[i]}"
+    ${PREFIX}pcrextend -ha 16 ${EXTEND[i]} -if policies/aaa > run.out
+    checkSuccess $?
+
+    for HALG in ${BANKS[i]}
+    do
+    
+	echo "PCR Read ${HALG}"
+	${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp.bin > run.out
+	checkSuccess $?
+
+	echo "Verify the read data ${HALG}"
+	diff policies/${HALG}extaaa0.bin tmp.bin > run.out
+	checkSuccess $?
+
+    done
+    
+    echo ""
+    echo "PCR Event"
+    echo ""
+
+    echo "PCR Reset"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    echo "PCR Event ${EVENT[i]}"
+    ${PREFIX}pcrevent -ha 16 -if policies/aaa ${EVENT[i]} > run.out
+    checkSuccess $?
+
+    for HALG in ${BANKS[i]}
+    do
+
+    	echo "Verify Digest ${HALG}"
+    	diff policies/${HALG}aaa.bin tmp${HALG}.bin > run.out
+    	checkSuccess $?
+
+    	echo "PCR Read ${HALG}"
+    	${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp${HALG}.bin > run.out
+    	checkSuccess $?
+
+    	echo "Verify Digest ${HALG}"
+    	diff policies/${HALG}exthaaa.bin tmp${HALG}.bin > run.out
+    	checkSuccess $?
+
+    done
+
+    echo ""
+    echo "Event Sequence Complete"
+    echo ""
+
+    echo "PCR Reset"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    echo "Event sequence start, alg null"
+    ${PREFIX}hashsequencestart -halg null -pwda aaa > run.out
+    checkSuccess $?
+
+    echo "Event Sequence Complete"
+    ${PREFIX}eventsequencecomplete -hs 80000000 -pwds aaa -ha 16 -if policies/aaa ${EVENT[i]} > run.out
+    checkSuccess $?
+
+    for HALG in ${BANKS[i]}
+    do
+
+	echo "Verify Digest ${HALG}"
+	diff policies/${HALG}aaa.bin tmp${HALG}.bin > run.out
+	checkSuccess $?
+	
+	echo "PCR Read ${HALG}"
+	${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp${HALG}.bin > run.out
+	checkSuccess $?
+
+	echo "Verify Digest ${HALG}"
+	diff policies/${HALG}exthaaa.bin tmp${HALG}.bin > run.out
+	checkSuccess $?
+
+    done
+
+done
+
+echo "PCR Reset"
+${PREFIX}pcrreset -ha 16 > run.out
+checkSuccess $?
+
+# recreate the primary key that was flushed on the powerup
+
+initprimary
diff --git a/utils/regtests/testpolicy.bat b/utils/regtests/testpolicy.bat
new file mode 100644
index 000000000..75ac3318e
--- /dev/null
+++ b/utils/regtests/testpolicy.bat
@@ -0,0 +1,2715 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2018					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+REM # used for the name in policy ticket
+
+REM if [ -z $TPM_DATA_DIR ]; then
+REM     TPM_DATA_DIR=.
+REM fi
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Policy Command Code"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM sign with correct policy command code
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy and wrong password"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, should fail, session used "
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+REM quote with bad policy or bad command 
+
+REM echo "Start a policy session"
+REM ./startauthsession -se p > run.out
+REM     IF !ERRORLEVEL! NEQ 0 (
+REM exit /B 1
+REM )
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Quote - PWAP"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Quote - policy, should fail"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # echo "Flush the session"
+REM # ./flushcontext -ha 03000000 > run.out
+REM #     IF !ERRORLEVEL! NEQ 0 (
+REM exit /B 1
+REM )
+
+
+REM # echo "Start a policy session"
+REM # ./startauthsession -se p > run.out
+REM #     IF !ERRORLEVEL! NEQ 0 (
+REM exit /B 1
+REM )
+
+echo "Policy command code - quote"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 158 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+echo "Quote - policy, should fail"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+
+REM # echo "Flush the session"
+REM # ./flushcontext -ha 03000000 > run.out
+REM #     IF !ERRORLEVEL! NEQ 0 (
+REM exit /B 1
+REM )
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Command Code and Policy Password / Authvalue"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign, auth"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # policypassword
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy password"
+%TPM_EXE_PATH%policypassword -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, no password should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, password"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # policyauthvalue
+
+REM # echo "Start a policy session"
+REM # startauthsession -se p > run.out
+REM #     IF !ERRORLEVEL! NEQ 0 (
+REM    exit /B 1
+REM    )
+
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy authvalue"
+%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, no password should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, password"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Password and Policy Authvalue flags"
+echo ""
+
+for %%C in (policypassword policyauthvalue) do (
+
+
+    echo "Create a signing key under the primary key - policy command code - sign, auth"
+    %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Load the signing key under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Start a policy session"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Policy command code - sign"
+    %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Policy %%C"
+    %TPM_EXE_PATH%%%C -ha 03000000 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Sign a digest - policy, password"
+    %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Create a signing key under the primary key - policy command code - sign"
+    %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Load the signing key under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Policy command code - sign"
+    %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Sign a digest - policy and wrong password"
+    %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+    echo "Flush policy session"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+       )
+
+)
+
+echo ""
+echo "Policy Signed"
+echo ""
+
+REM # create rsaprivkey.pem
+REM # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048
+REM # extract the public key
+REM # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem 
+REM # sign a test message msg.bin
+REM # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+REM #
+REM # create the policy:
+REM # use loadexternal -ns to get the name
+REM 
+REM # sha1
+REM # 00044234c24fc1b9de6693a62453417d2734d7538f6f
+REM # sha256
+REM # 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM # sha384
+REM # 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+REM # sha512
+REM # 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+REM 
+REM # 00000160 plus the above name as text, add a blank line for empty policyRef
+REM # to create policies/policysigned$HALG.txt
+REM #
+REM # 0000016000044234c24fc1b9de6693a62453417d2734d7538f6f
+REM # 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM # 00000160000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+REM # 00000160000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+REM #
+REM # use sha256 policies, policymaker default (policy session digest
+REM # algorithm is separate from Name and signature hash algorithm)
+REM #
+REM # > policymaker -if policies/policysigned$HALG.txt -of policies/policysigned$HALG.bin -pr
+REM #
+REM # sha1
+REM # 9d 81 7a 4e e0 76 eb b5 cf ee c1 82 05 cc 4c 01 
+REM # b3 a0 5e 59 a9 b9 65 a1 59 af 1e cd 3d bf 54 fb 
+REM # sha256
+REM # de bf 9d fa 3c 98 08 0b f1 7d d1 d0 7b 54 fd e1 
+REM # 07 93 7f e5 40 50 9e 70 96 aa 73 27 53 b3 83 31 
+REM # sha384
+REM # 45 c5 da 90 76 92 3a 70 03 6f df 56 ea e7 df db 
+REM # 41 e2 01 75 24 49 54 94 66 93 6b c4 fc 88 ab 5c 
+REM # sha512
+REM # cd 34 96 08 39 ea 40 88 5e fa 7f 37 8b a7 21 f1 
+REM # 78 6d 52 bb 93 47 9c 73 45 88 3c dc 1f 09 06 6f 
+REM #
+REM # 80000000 primary key
+REM # 80000001 verification public key
+REM # 80000002 signing key with policy
+REM # 03000000 policy session
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Load external just the public part of PEM at 80000001 - %%H"
+    %TPM_EXE_PATH%loadexternal -halg %%H -nalg %%H -ipem policies/rsapubkey.pem -ns > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign a test message with openssl - %%H"
+    openssl dgst -%%H -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+
+    echo "Verify the signature with 80000001 - %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if msg.bin -is pssig.bin -raw > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Create a signing key under the primary key - policy signed - %%H"
+    %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysigned%%H.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Load the signing key under the primary key at 80000002"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Start a policy session"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign a digest - policy, should fail"
+    %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+    )
+
+    echo "Policy signed - sign with PEM key - %%H"
+    %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg %%H -pwdk rrrr > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Get policy digest"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppol.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign a digest - policy signed"
+    %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+     echo "Policy restart, set back to zero"
+    %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign just expiration (uint32_t 4 zeros) with openssl - %%H"
+    openssl dgst -%%H -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/zero4.bin
+
+    echo "Policy signed, signature generated externally - %%H"
+    %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -halg %%H -is pssig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign a digest - policy signed"
+    %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Start a policy session - save nonceTPM"
+    %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Policy signed with nonceTPM and expiration, create a ticket - %%H"
+    %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg %%H -pwdk rrrr -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign a digest - policy signed"
+    %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Start a policy session"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Policy ticket"
+    %TPM_EXE_PATH%policyticket -ha 03000000 -to to.bin -na h80000001.bin -tk tkt.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Sign a digest - policy ticket"
+    %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Flush the verification public key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+    echo "Flush the signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+    )
+
+)
+
+REM # getcapability  -cap 1 -pr 80000000
+REM # getcapability  -cap 1 -pr 02000000
+REM # getcapability  -cap 1 -pr 03000000
+
+REM # exit 0
+
+echo ""
+echo "Policy Secret"
+echo ""
+
+REM # 4000000c platform
+REM # 80000000 primary key
+REM # 80000001 signing key with policy
+REM # 03000000 policy session
+REM # 02000001 hmac session
+
+echo "Change platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key under the primary key - policy secret using platform auth"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session, create a ticket"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy secret"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret using primary key, create a ticket"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy secret"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy ticket"
+%TPM_EXE_PATH%policyticket -ha 03000000 -to to.bin -hi p -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy ticket"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with HMAC session"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -se0 02000001 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy secret"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change platform hierarchy auth back to null"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Secret with NV Auth"
+echo ""
+
+REM Name is 
+REM 00 0b e0 65 10 81 c2 fc da 30 69 93 da 43 d1 de 
+REM 5b 24 be 42 6e 2d 61 90 7b 42 83 54 69 13 6c 97 
+REM 68 1f 
+REM
+REM Policy is
+REM c6 93 f9 b0 ef 1a b7 1e ca ae 00 af 1f 0b f4 88 
+REM 37 9e ab 16 c1 f8 0d 9f f9 6d 90 41 4e 2f c6 b3 
+
+echo "NV Define Space 0100000"
+%TPM_EXE_PATH%nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key under the primary key - policy secret NV auth"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretnv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy, should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn -in noncetpm.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy secret"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space 0100000"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Secret with Object"
+echo ""
+
+REM # Use a externally generated object so that the Name is known and thus
+REM # the policy can be precalculated
+
+REM # Name
+REM # 00 0b 64 ac 92 1a 03 5c 72 b3 aa 55 ba 7d b8 b5 
+REM # 99 f1 72 6f 52 ec 2f 68 20 42 fc 0e 0d 29 fa e8 
+REM # 17 99 
+
+REM # 000001151 plus the above name as text, add a blank line for empty policyRef
+REM # to create policies/policysecretsha256.txt
+REM # 00000151000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
+REM # 4b 7f ca c2 b7 c3 ac a2 7c 5c da 9c 71 e6 75 28 
+REM # 63 d2 87 d2 33 ec 49 0e 7a be 88 f1 ef 94 5d 5c 
+
+echo "Load the RSA openssl key pair in the NULL hierarchy 80000001"
+%TPM_EXE_PATH%loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key under the primary key - policy secret of object 80000001"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -uwa -pol policies/policysecretsha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key 80000002"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - password auth - should fail"
+%TPM_EXE_PATH%sign -hk 80000002 -if policies/aaa -pwdk sig > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy secret"
+%TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the policysecret key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the RSA openssl key pair in the NULL hierarchy, userWithAuth false 80000001"
+%TPM_EXE_PATH%loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr -uwa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session - should fail"
+%TPM_EXE_PATH%policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush the policysecret key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Authorize"
+echo ""
+
+REM # 80000000 primary
+REM # 80000001 verification public key, openssl
+REM # 80000002 signing key
+REM # 03000000 policy session
+
+REM # Name for 80000001 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f
+REM #
+REM # policyauthorizesha256.txt
+REM # 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM #
+REM # (need blank line for policyRef)
+REM #
+REM # > policymaker -if policies/policyauthorizesha256.txt -of policies/policyauthorizesha256.bin -pr
+REM #
+REM # eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+REM # ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+
+echo "Create a signing key with policy authorize"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizesha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load external just the public part of PEM authorizing key"
+%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be zero"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be policy to approve, aHash input"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Openssl generate aHash"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policyapproved.bin
+
+echo "Verify the signature to generate ticket"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policyapproved.bin -is pssig.bin -raw -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy authorize using the ticket"
+%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policyapproved.bin -skn h80000001.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be policy authorize"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the verification public key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # getcapability  -cap 1 -pr 80000000
+REM # getcapability  -cap 1 -pr 02000000
+REM # getcapability  -cap 1 -pr 03000000
+
+REM # exit 0
+
+echo ""
+echo "Set Primary Policy"
+echo ""
+
+echo "Platform policy empty"
+%TPM_EXE_PATH%setprimarypolicy -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform policy empty, bad password"
+%TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Set platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform policy empty, bad password"
+%TPM_EXE_PATH%setprimarypolicy -hi p > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Platform policy empty"
+%TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Platform policy to policy secret platform auth"
+%TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp -halg sha256 -pol policies/policysecretp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Secret with PWAP session"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Change platform hierarchy auth to null with policy secret"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy PCR no select"
+echo ""
+
+REM # create AND term for policy PCR
+REM # > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt
+REM # 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709
+REM 
+REM # convert to binary policy
+REM # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v
+REM 
+REM # 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66 
+REM # b6 fa 2c 23 
+
+echo "Create a signing key with policy PCR no select"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -halg sha1 -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy PCR, update with the correct digest"
+%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be 6d 38 49 38 ... "
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign, should succeed"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy PCR, update with the correct digest"
+%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR extend PCR 0, updates pcr counter"
+%TPM_EXE_PATH%pcrextend -ha 0 -halg sha1 -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign, should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush the policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # policypcr0.txt has 20 * 00
+
+REM # create AND term for policy PCR
+REM # > policymakerpcr -halg sha1 -bm 10000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt
+
+REM # convert to binary policy
+REM # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr.bin -pr -v
+
+echo ""
+echo "Policy PCR"
+echo ""
+
+echo "Create a signing key with policy PCR PCR 16 zero"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Reset PCR 16 back to zero"
+%TPM_EXE_PATH%pcrreset -ha 16 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read PCR 16, should be 00 00 00 00 ..."
+%TPM_EXE_PATH%pcrread -ha 16 -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign, policy not satisfied - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy PCR, update with the correct digest"
+%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be 85 33 11 83"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign, should succeed"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR extend PCR 16"
+%TPM_EXE_PATH%pcrextend -ha 16 -halg sha1 -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read PCR 0, should be 1d 47 f6 8a ..."
+%TPM_EXE_PATH%pcrread -ha 16 -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy PCR, update with the wrong digest"
+%TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be 66 dd e5 e3"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush the policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # 01000000 authorizing ndex
+REM # 01000001 authorized index
+REM # 03000000 policy session
+REM #
+REM # 4 byte NV index
+REM # policynv.txt
+REM # policy CC_PolicyNV || args || Name
+REM #
+REM # policynvargs.txt (binary)
+REM # args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==)
+REM # hash -hi n -halg sha1 -if policies/policynvargs.txt -v
+REM # openssl dgst -sha1  policies/policynvargs.txt
+REM # 2c513f149e737ec4063fc1d37aee9beabc4b4bbf
+REM #
+REM # NV authorizing index
+REM #
+REM # after defining index and NV write to set written, use 
+REM # nvreadpublic -ha 01000000 -nalg sha1
+REM # to get name
+REM # 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c
+REM #
+REM # append Name to policynvnv.txt
+REM #
+REM # convert to binary policy
+REM # > policymaker -halg sha1 -if policies/policynvnv.txt -of policies/policynvnv.bin -pr -v
+REM # bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc 
+REM #
+REM # file zero8.bin has 8 bytes of hex zero
+
+echo ""
+echo "Policy NV, NV index authorizing"
+echo ""
+
+echo "Define a setbits index, authorizing index"
+%TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read public, get Name, not written"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV setbits to set written"
+%TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read public, get Name, written"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read, should be zero"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Define an ordinary index, authorized index, policyNV"
+%TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read public, get Name, not written"
+%TPM_EXE_PATH%nvreadpublic -ha 01000001 -nalg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write to set written"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+ 
+echo "NV write, policy not satisfied  - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy get digest, should be 0"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy NV to satisfy the policy"
+%TPM_EXE_PATH%policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest, should be bc 9b 4c 4f ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write, policy satisfied"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Set bit in authorizing NV index"
+%TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn -bit 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read, should be 1"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy NV to satisfy the policy - should fail"
+%TPM_EXE_PATH%policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy get digest, should be 00 00 00 00 ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine authorizing index"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine authorized index"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy NV Written"
+echo ""
+
+echo "Define an ordinary index, authorized index, policyNV"
+%TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read public, get Name, not written"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+ 
+echo "NV write, policy not satisfied  - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out  
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy NV Written no, does not satisfy policy"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write, policy not satisfied - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out  
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy NV Written yes, satisfy policy"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write, policy satisfied but written clear - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write using password, set written"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy NV Written yes, satisfy policy"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write, policy satisfied"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy NV Written no"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy NV Written yes - should fail"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out  
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine authorizing index"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Signed externally signed cpHash"
+echo ""
+
+REM # NV Index 01000000 has policy OR
+REM 
+REM # Policy A - provisioning: policy written false + policysigned
+REM #	demo: authorizer signs NV write all zero
+REM 
+REM # Policy B - application: policy written true + policysigned
+REM #	demo: authorizer signs NV write abcdefgh
+
+echo "Load external just the public part of PEM at 80000001"
+%TPM_EXE_PATH%loadexternal -ipem policies/rsapubkey.pem > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get the Name of the signing key at 80000001"
+%TPM_EXE_PATH%readpublic -ho 80000001 -ns > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM 
+REM # construct policy A
+REM 
+REM # policies/policywrittenclrsigned.txt
+REM # 0000018f00
+REM # 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM # Add the extra blank line here for policyRef
+REM 
+REM # policymaker -if policies/policywrittenclrsigned.txt -of policies/policywrittenclrsigned.bin -pr -ns -v
+REM # intermediate policy digest length 32
+REM #  3c 32 63 23 67 0e 28 ad 37 bd 57 f6 3b 4c c3 4d 
+REM #  26 ab 20 5e f2 2f 27 5c 58 d4 7f ab 24 85 46 6e 
+REM #  intermediate policy digest length 32
+REM #  6b 0d 2d 2b 55 4d 68 ec bc 6c d5 b8 c0 96 c1 70 
+REM #  57 5a 95 25 37 56 38 7e 83 d7 76 d9 5b 1b 8e f3 
+REM #  intermediate policy digest length 32
+REM #  48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 
+REM #  18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 
+REM #  policy digest length 32
+REM #  48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 
+REM #  18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 
+REM # policy digest:
+REM # 480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f2
+REM 
+REM # construct policy B
+REM 
+REM # policies/policywrittensetsigned.txt
+REM # 0000018f01
+REM # 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM # Add the extra blank line here for policyRef
+REM 
+REM # policymaker -if policies/policywrittensetsigned.txt -of policies/policywrittensetsigned.bin -pr -ns -v
+REM #  intermediate policy digest length 32
+REM #  f7 88 7d 15 8a e8 d3 8b e0 ac 53 19 f3 7a 9e 07 
+REM #  61 8b f5 48 85 45 3c 7a 54 dd b0 c6 a6 19 3b eb 
+REM #  intermediate policy digest length 32
+REM #  7d c2 8f b0 dd 4f ee 97 78 2b 55 43 b1 dc 6b 1e 
+REM #  e2 bc 79 05 d4 a1 f6 8d e2 97 69 5f a9 aa 78 5f 
+REM #  intermediate policy digest length 32
+REM #  09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 
+REM #  49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 
+REM #  policy digest length 32
+REM #  09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 
+REM #  49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 
+REM # policy digest:
+REM # 0943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246
+REM 
+REM # construct the Policy OR of A and B
+REM 
+REM # policyorwrittensigned.txt - command code plus two policy digests
+REM # 00000171480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f20943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246
+REM # policymaker -if policies/policyorwrittensigned.txt -of policies/policyorwrittensigned.bin -pr 
+REM #  policy digest length 32
+REM #  06 00 ae 34 7a 30 b0 67 36 d3 32 85 a0 cc ad 46 
+REM #  54 1e 62 71 f5 d0 85 10 a7 ff 0e 90 30 54 d6 c9 
+
+echo "Define index 01000000 with the policy OR"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi o -sz 8 -pwdn "" -pol policies/policyorwrittensigned.bin -at aw > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get the Name of the NV index not written, should be 00 0b ... bb 0b"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -ns > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # 000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy A - not written"
+echo ""
+
+REM # construct cpHash for Policy A - not written, writing zeros
+REM  
+REM # (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of 0's at offset 0000
+REM # For index auth, authHandle Name and index Name are the same
+REM # policies/nvwritecphasha.txt
+REM # 00000137000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000800000000000000000000
+REM # policymaker -nz -if policies/nvwritecphasha.txt -of policies/nvwritecphasha.bin -pr -ns
+REM #  policy digest length 32
+REM #  cf 98 1e ee 68 04 3b dd ee 0c ab bc 75 b3 63 be 
+REM #  3c f9 ee 22 2a 78 b8 26 3f 06 7b b3 55 2c a6 11 
+REM # policy digest:
+REM # cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611
+REM 
+REM # construct aHash for Policy A
+REM 
+REM # expiration + cpHashA
+REM # policies/nvwriteahasha.txt
+REM # 00000000cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611
+REM # just convert to binary, because openssl does the hash before signing
+REM # xxd -r -p policies/nvwriteahasha.txt policies/nvwriteahasha.bin
+
+echo "Policy NV Written no, satisfy policy"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Should be policy A first intermediate value 3c 32 63 23 ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign aHash with openssl 8813 6530 ..."
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahasha.bin
+echo ""
+
+echo "Policy signed, signature generated externally"
+%TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphasha.bin -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Should be policy A final value 48 0b 78 2e ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Should be policy OR final value 06 00 ae 34 "
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write to set written"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -if policies/zero8.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy B - written"
+echo ""
+
+echo "Get the new (written) Name of the NV index not written, should be 00 0b f5 75"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -ns > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # 000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8
+REM 
+REM # construct cpHash for Policy B
+REM  
+REM # (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of abcdefgh at offset 00000
+REM # For index auth, authHandle Name and index Name are the same
+REM # policies/nvwritecphashb.txt
+REM # 00000137000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000861626364656667680000
+REM # policymaker -nz -if policies/nvwritecphashb.txt -of policies/nvwritecphashb.bin -pr -ns
+REM #  policy digest length 32
+REM #  df 58 08 f9 ab cb 23 7f 8c d7 c9 09 1c 86 12 2d 
+REM #  88 6f 02 d4 6e db 53 c8 da 39 bf a2 d6 cf 07 63 
+REM # policy digest:
+REM # df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763
+REM 
+REM # construct aHash for Policy B
+REM 
+REM # expiration + cpHashA
+REM # policies/nvwriteahashb.txt
+REM # 00000000df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763
+REM # just convert to binary, because openssl does the hash before signing
+REM # xxd -r -p policies/nvwriteahashb.txt policies/nvwriteahashb.bin
+
+echo "Policy NV Written yes, satisfy policy"
+%TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Should be policy A first intermediate value f7 88 7d 15 ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign aHash with openssl 3700 0a91 ..."
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahashb.bin > run.out
+echo ""
+
+echo "Policy signed, signature generated externally"
+%TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphashb.bin -is sig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Should be policy B final value 09 43 ba 3c ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Should be policy OR final value 06 00 ae 34 "
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write new data"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -ic abcdefgh -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Cleanup"
+echo ""
+
+echo "Flush the policy session 03000000"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signature verification key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Undefine the NV Index 01000000"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # test using clockrateadjust
+REM # policycphashhash.txt is (hex) 00000130 4000000c 000
+REM # hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v
+REM # openssl dgst -sha1 policycphashhash.txt
+REM # cpHash is
+REM # b5f919bbc01f0ebad02010169a67a8c158ec12f3
+REM # append to policycphash.txt 00000163 + cpHash
+REM # policymaker -halg sha1 -if policies/policycphash.txt -of policies/policycphash.bin -pr
+REM #  06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f 
+
+echo ""
+echo "Policy cpHash"
+echo ""
+
+echo "Set the platform policy to policy cpHash"
+%TPM_EXE_PATH%setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust using wrong password - should fail"
+%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0  > run.out 
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust, policy not satisfied - should fail"
+%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy cpHash, satisfy policy"
+%TPM_EXE_PATH%policycphash -ha 03000000 -cp policies/policycphashhash.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+ 
+echo "Policy get digest, should be 06 e4 6c f9"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust, policy satisfied but bad command params - should fail"
+%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 1 -se0 03000000 1 > run.out 
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust, policy satisfied"
+%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear the platform policy"
+%TPM_EXE_PATH%setprimarypolicy -hi p > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Duplication Select with includeObject FALSE"
+echo ""
+
+REM # These tests uses a new parent and object to be duplicated generated
+REM # externally.  This makes the Names repeatable and permits the
+REM # policy to be pre-calculated and static.
+REM 
+REM # command code 00000188
+REM # newParentName
+REM # 000b 1a5d f667 7533 4527 37bc 79a5 5ab6 
+REM # d9fa 9174 5c03 3dfe 3f82 cdf0 903b a9d6
+REM # 55f1
+REM # includeObject 00
+REM # policymaker -if policies/policydupsel-no.txt -of policies/policydupsel-no.bin -pr -v
+REM # 5f 55 ba 2b 69 0f b0 38 ac 15 ff 2a 86 ef 65 66 
+REM # be a8 23 68 43 97 4c 3f a7 36 37 72 56 ec bc 45 
+REM 
+REM # 80000000 SK storage primary key
+REM # 80000001 NP new parent, the target of the duplication
+REM # 80000002 SI signing key, duplicate from SK to NP
+REM # 03000000 policy session
+
+echo "Import the new parent storage key NP under the primary key"
+%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -st -pwdk rrrr -opu tmpstpub.bin -opr tmpstpriv.bin -halg sha256 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+	
+echo "Load the new parent TPM storage key NP at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpstpub.bin -ipr tmpstpriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Import a signing key SI under the primary key 80000000, with policy duplication select"
+%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policydupsel-no.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key SI at 80000002"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy duplication select, object SI 80000002 to new parent NP 80000001"
+%TPM_EXE_PATH%policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be 5f 55 ba 2b ...."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001"
+%TPM_EXE_PATH%duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the original SI at 80000002 to free object slot for import"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Import signing key SI under new parent TPM storage key NP 80000001"
+%TPM_EXE_PATH%import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key SI at 80000002"
+%TPM_EXE_PATH%load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the duplicated SI at 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Duplication Select with includeObject TRUE"
+echo ""
+
+REM # command code 00000188
+REM # SI objectName
+REM # 000b 6319 28da 1624 3135 3a59 c03a 2ca7
+REM # dbb7 0989 1440 4236 3c7f a838 39d9 da6c
+REM # 437a
+REM # HP newParentName
+REM # 000b 
+REM # 1a5d f667 7533 4527 37bc 79a5 5ab6 d9fa 
+REM # 9174 5c03 3dfe 3f82 cdf0 903b a9d6 55f1
+REM # includeObject 01
+REM
+REM # policymaker -if policies/policydupsel-yes.txt -of policies/policydupsel-yes.bin -pr -v
+REM # 14 64 06 4c 80 cb e3 4f f5 03 82 15 38 62 43 17 
+REM # 93 94 8f f1 e8 8a c6 23 4d d1 b0 c5 4c 05 f7 3b 
+REM 
+REM # 80000000 SK storage primary key
+REM # 80000001 NP new parent, the target of the duplication
+REM # 80000002 SI signing key, duplicate from SK to NP
+REM # 03000000 policy session
+
+echo "Import a signing key SI under the primary key 80000000, with policy authorize"
+%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key SI  with objectName 000b 6319 28da at 80000002"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy duplication select, object SI 80000002 to new parent NP 80000001 with includeObject"
+%TPM_EXE_PATH%policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin -io > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest,should be policy to approve, aHash input 14 64 06 4c same as policies/policydupsel-yes.bin"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the original SI at 80000002 to free object slot for loadexternal "
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Openssl generate and sign aHash (empty policyRef)"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policydupsel-yes.bin
+
+echo "Load external just the public part of PEM authorizing key 80000002"
+%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature against 80000002 to generate ticket"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/policydupsel-yes.bin -is pssig.bin -raw -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy authorize using the ticket"
+%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policydupsel-yes.bin -skn h80000002.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the PEM authorizing verification key at 80000002 to free object slot for import"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the original signing key SI at 80000002"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001 000b 1a5d f667"
+%TPM_EXE_PATH%duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the original SI at 80000002 to free object slot for import"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Import signing key SI under new parent TPM storage key NP 80000001"
+%TPM_EXE_PATH%import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key SI at 80000002"
+%TPM_EXE_PATH%load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest"
+%TPM_EXE_PATH%sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the duplicated SI at 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the new parent TPM storage key NP 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Name Hash"
+echo ""
+
+REM # signing key SI Name
+REM # 000b 
+REM # 6319 28da 1624 3135 3a59 c03a 2ca7 dbb7 
+REM # 0989 1440 4236 3c7f a838 39d9 da6c 437a 
+REM 
+REM # compute nameHash
+REM 
+REM # nameHash - just a hash, not an extend
+REM # policymaker -if policies/pnhnamehash.txt -of policies/pnhnamehash.bin -nz -pr -v -ns
+REM # 18 e0 0c 62 77 18 d9 fc 81 22 3d 8a 56 33 7e eb 
+REM # 0e 7d 98 28 bd 7b c7 29 1d 3c 27 3f 7a c4 04 f1 
+REM # 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1
+REM 
+REM # compute policy (based on 
+REM 
+REM # 00000170 TPM_CC_PolicyNameHash
+REM # signing key SI Name
+REM # 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1
+REM 
+REM # policymaker -if policies/policynamehash.txt -of policies/policynamehash.bin -pr -v
+REM # 96 30 f9 00 c3 4c 66 09 c1 c5 92 41 78 c1 b2 3d 
+REM # 9f d4 93 f4 f9 c2 98 c8 30 4a e3 0f 97 a2 fd 49 
+REM 
+REM # 80000000 SK storage primary key
+REM # 80000001 SI signing key
+REM # 80000002 Authorizing public key
+REM # 03000000 policy session
+
+echo "Import a signing key SI under the primary key 80000000, with policy authorize"
+%TPM_EXE_PATH%importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key SI at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest using the password"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy name hash, object SI 80000001"
+%TPM_EXE_PATH%policynamehash -ha 03000000 -nh policies/pnhnamehash.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be policy to approve, 96 30 f9 00"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Openssl generate and sign aHash (empty policyRef)"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policynamehash.bin
+
+echo "Load external just the public part of PEM authorizing key 80000002"
+%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature against 80000002 to generate ticket"
+%TPM_EXE_PATH%verifysignature -hk 80000002 -halg sha256 -if policies/policynamehash.bin -is pssig.bin -raw -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy authorize using the ticket"
+%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policynamehash.bin -skn h80000002.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be eb a3 f9 8c ...."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest using the policy"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key at 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the authorizing key 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # test using clockrateadjust and platform policy
+
+REM # operand A time is 64 bits at offset 0, operation GT (2)
+REM # 0000016d 0000 0000 0000 0000 | 0000 | 0002
+REM # 
+REM # convert to binary policy
+REM # > policymaker -halg sha1 -if policies/policycountertimer.txt -of policies/policycountertimer.bin -pr -v
+REM # e6 84 81 27 55 c0 39 d3 68 63 21 c8 93 50 25 dd 
+REM # aa 26 42 9a 
+
+echo ""
+echo "Policy Counter Timer"
+echo ""
+
+echo "Set the platform policy to policy "
+%TPM_EXE_PATH%setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust using wrong password - should fail"
+%TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust, policy not satisfied - should fail"
+%TPM_EXE_PATH%clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy counter timer, zero operandB, op EQ satisfy policy - should fail"
+%TPM_EXE_PATH%policycountertimer -ha 03000000 -if policies/zero8.bin -op 0 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+ 
+echo "Policy counter timer, zero operandB, op GT satisfy policy"
+%TPM_EXE_PATH%policycountertimer -ha 03000000 -if policies/zero8.bin -op 2 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+ 
+echo "Policy get digest, should be e6 84 81 27"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clockrate adjust, policy satisfied"
+%TPM_EXE_PATH%clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Clear the platform policy"
+%TPM_EXE_PATH%setprimarypolicy -hi p > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # policyccsign.txt  0000016c 0000015d (policy command code | sign)
+REM # policyccquote.txt 0000016c 00000158 (policy command code | quote)
+REM #
+REM # > policymaker -if policies/policyccsign.txt -of policies/policyccsign.bin -pr -v
+REM # cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811
+REM #
+REM # > policymaker -if policies/policyccquote.txt -of policies/policyccquote.bin -pr -v
+REM # a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27
+REM #
+REM # policyor.txt is CC_PolicyOR || digests
+REM # 00000171 | cc69 ... | a039 ...
+REM # > policymaker -if policies/policyor.txt -of policies/policyor.bin -pr -v
+REM # 6b fe c2 3a be 57 b0 2a ce 39 dd 13 bb 60 fa 39 
+REM # 4d ac 7b 38 96 56 57 84 b3 73 fc 61 92 94 29 db 
+
+echo ""
+echo "PolicyOR"
+echo ""
+
+echo "Create an unrestricted signing key, policy command code sign or quote"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyor.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - should fail"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Quote - should fail"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Get time - should fail, policy not set"
+%TPM_EXE_PATH%gettime -hk 80000001 -qd policies/aaa -se1 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy OR - should fail"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy Command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest, should be cc 69 18 b2"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest, should be 6b fe c2 3a"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign with policy OR"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy OR"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Quote - should fail, wrong command code"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Command code - quote, digest a0 39 ca d5"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 00000158 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy OR, digest 6b fe c2 3a"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Quote with policy OR"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Command code - gettime 7a 3e bd aa"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000014c > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy OR, gettime not an AND term - should fail"
+%TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # There are times that a policy creator has TPM, PEM, or DER format
+REM # information, but does not have access to a TPM.  The publicname
+REM # utility accepts these inputs and outputs the name in the 'no spaces'
+REM # format suitable for pasting into a policy.
+
+echo ""
+echo "publicname RSA"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create an rsa %%H key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000000 -rsa -nalg %%H -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the rsa %%H key 80000001"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Compute the TPM2B_PUBLIC Name"
+    %TPM_EXE_PATH%publicname -ipu tmppub.bin -on tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the TPM2B_PUBLIC result"
+    diff tmp.bin h80000001.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Convert the rsa public key to PEM format"
+    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the rsa %%H key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "loadexternal the rsa PEM public key"
+    %TPM_EXE_PATH%loadexternal -ipem tmppub.pem -si -rsa -nalg %%H -halg %%H -scheme rsassa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Compute the PEM Name"
+    %TPM_EXE_PATH%publicname -ipem tmppub.pem -rsa -si -nalg %%H -halg %%H -on tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the PEM result"
+    diff tmp.bin h80000001.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Convert the TPM PEM key to DER"
+    openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin
+    echo "INFO:"
+
+    echo "Compute the DER Name"
+    %TPM_EXE_PATH%publicname -ider tmppub.der -rsa -si -nalg %%H -halg %%H -on tmp.bin -v > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the DER result"
+    diff tmp.bin h80000001.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the rsa %%H key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+echo ""
+echo "publicname ECC"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create an ecc nistp256 %%H key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -nalg %%H -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the ecc %%H key 80000001"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Compute the TPM2B_PUBLIC Name"
+    %TPM_EXE_PATH%publicname -ipu tmppub.bin -on tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the TPM2B_PUBLIC result"
+    diff tmp.bin h80000001.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Convert the ecc public key to PEM format"
+    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the ecc %%H key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "loadexternal the ecc PEM public key"
+    %TPM_EXE_PATH%loadexternal -ipem tmppub.pem -si -ecc -nalg %%H -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Compute the PEM Name"
+    %TPM_EXE_PATH%publicname -ipem tmppub.pem -ecc -si -nalg %%H -halg %%H -on tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the PEM result"
+    diff tmp.bin h80000001.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Convert the TPM PEM key to DER"
+    openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin -pubout
+    echo "INFO:"
+
+    echo "Compute the DER Name"
+    %TPM_EXE_PATH%publicname -ider tmppub.der -ecc -si -nalg %%H -halg %%H -on tmp.bin -v > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the DER result"
+    diff tmp.bin h80000001.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the ecc %%H key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+echo ""
+echo "publicname NV"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "NV Define Space %%H"
+    %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -sz 16 -nalg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "NV Read Public"
+    %TPM_EXE_PATH%nvreadpublic -ha 01000000 -opu tmppub.bin -on tmpname.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Compute the NV Index Name"
+    %TPM_EXE_PATH%publicname -invpu tmppub.bin -on tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the NV Index result"
+    diff tmp.bin tmpname.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "NV Undefine Space"
+    %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+rm pssig.bin
+rm run.out
+rm sig.bin
+rm tkt.bin
+rm tmp.bin
+rm tmpdup.bin
+rm tmphkey.bin
+rm tmpname.bin
+rm tmppol.bin
+rm tmppriv.bin
+rm tmppub.bin
+rm tmppub.der
+rm tmppub.pem
+rm tmpsig.bin
+rm tmpsipriv.bin
+rm tmpsipriv1.bin
+rm tmpsipub.bin
+rm tmpss.bin
+rm tmpstpriv.bin
+rm tmpstpub.bin
+
+exit /B 0
+
+REM # getcapability -cap 1 -pr 80000000
+REM # getcapability -cap 1 -pr 01000000
+REM # getcapability -cap 1 -pr 02000000
+REM # getcapability -cap 1 -pr 03000000
diff --git a/utils/regtests/testpolicy.sh b/utils/regtests/testpolicy.sh
new file mode 100755
index 000000000..0be8d0ae1
--- /dev/null
+++ b/utils/regtests/testpolicy.sh
@@ -0,0 +1,2031 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# used for the name in policy ticket
+
+if [ -z $TPM_DATA_DIR ]; then
+    TPM_DATA_DIR=.
+fi
+
+
+echo ""
+echo "Policy Command Code"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+# sign with correct policy command code
+# cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16
+# 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be cc69 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy and wrong password"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, should fail, session used "
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+# quote with bad policy or bad command 
+
+# echo "Start a policy session"
+# ${PREFIX}startauthsession -se p > run.out
+# checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Quote - PWAP"
+${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Quote - policy, should fail"
+${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+# echo "Flush the session"
+# ${PREFIX}flushcontext -ha 03000000 > run.out
+# checkSuccess $?
+
+# echo "Start a policy session"
+# ${PREFIX}startauthsession -se p > run.out
+# checkSuccess $?
+
+echo "Policy command code - quote"
+${PREFIX}policycommandcode -ha 03000000 -cc 158 > run.out
+checkSuccess $?
+
+echo "Quote - policy, should fail"
+${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+# echo "Flush the session"
+# ${PREFIX}flushcontext -ha 03000000 > run.out
+# checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Command Code and Policy Password / Authvalue"
+echo ""
+
+echo "Create a signing key under the primary key - policy command code - sign, auth"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+# policypassword
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Sign a digest - policy, should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy password"
+${PREFIX}policypassword -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, no password should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Sign a digest - policy, password"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out
+checkSuccess $?
+
+# policyauthvalue
+
+# echo "Start a policy session"
+# ${PREFIX}startauthsession -se p > run.out
+# checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Policy authvalue"
+${PREFIX}policyauthvalue -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, no password should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Sign a digest - policy, password"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 -pwdk sig > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Password and Policy Authvalue flags"
+echo ""
+
+for COMMAND in policypassword policyauthvalue 
+
+do
+
+    echo "Create a signing key under the primary key - policy command code - sign, auth"
+    ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign-auth.bin > run.out
+    checkSuccess $?
+
+    echo "Load the signing key under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Start a policy session"
+    ${PREFIX}startauthsession -se p > run.out
+    checkSuccess $?
+
+    echo "Policy command code - sign"
+    ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+    checkSuccess $?
+
+    echo "Policy ${COMMAND}"
+    ${PREFIX}${COMMAND} -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy, password"
+    ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out
+    checkSuccess $?
+
+    echo "Flush signing key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Create a signing key under the primary key - policy command code - sign"
+    ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyccsign.bin > run.out
+    checkSuccess $?
+
+    echo "Load the signing key under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Policy command code - sign"
+    ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy and wrong password"
+    ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out
+    checkSuccess $?
+
+    echo "Flush signing key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush policy session"
+    ${PREFIX}flushcontext -ha 03000000 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Policy Signed"
+echo ""
+
+# create rsaprivkey.pem
+# > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048
+# extract the public key
+# > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem 
+# sign a test message msg.bin
+# > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+#
+# create the policy:
+# use loadexternal -ns to get the name
+
+# sha1
+# 00044234c24fc1b9de6693a62453417d2734d7538f6f
+# sha256
+# 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+# sha384
+# 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+# sha512
+# 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+
+# 00000160 plus the above name as text, add a blank line for empty policyRef
+# to create policies/policysigned$HALG.txt
+#
+# 0000016000044234c24fc1b9de6693a62453417d2734d7538f6f
+# 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+# 00000160000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+# 00000160000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+#
+# use sha256 policies, policymaker default (policy session digest
+# algorithm is separate from Name and signature hash algorithm)
+#
+# > policymaker -if policies/policysigned$HALG.txt -of policies/policysigned$HALG.bin -pr
+#
+# sha1
+# 9d 81 7a 4e e0 76 eb b5 cf ee c1 82 05 cc 4c 01 
+# b3 a0 5e 59 a9 b9 65 a1 59 af 1e cd 3d bf 54 fb 
+# sha256
+# de bf 9d fa 3c 98 08 0b f1 7d d1 d0 7b 54 fd e1 
+# 07 93 7f e5 40 50 9e 70 96 aa 73 27 53 b3 83 31 
+# sha384
+# 45 c5 da 90 76 92 3a 70 03 6f df 56 ea e7 df db 
+# 41 e2 01 75 24 49 54 94 66 93 6b c4 fc 88 ab 5c 
+# sha512
+# cd 34 96 08 39 ea 40 88 5e fa 7f 37 8b a7 21 f1 
+# 78 6d 52 bb 93 47 9c 73 45 88 3c dc 1f 09 06 6f 
+#
+# 80000000 primary key
+# 80000001 verification public key
+# 80000002 signing key with policy
+# 03000000 policy session
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Load external just the public part of PEM at 80000001 - $HALG"
+    ${PREFIX}loadexternal -halg $HALG -nalg $HALG -ipem policies/rsapubkey.pem -ns > run.out
+    checkSuccess $?
+
+    echo "Sign a test message with openssl - $HALG"
+    openssl dgst -$HALG -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+
+    echo "Verify the signature with 80000001 - $HALG"
+    ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if msg.bin -is pssig.bin -raw > run.out
+    checkSuccess $?
+
+    echo "Create a signing key under the primary key - policy signed - $HALG"
+    ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysigned$HALG.bin > run.out
+    checkSuccess $?
+
+    echo "Load the signing key under the primary key, at 80000002"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Start a policy session"
+    ${PREFIX}startauthsession -se p > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy, should fail"
+    ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    checkFailure $?
+
+    echo "Policy signed, sign with PEM key - $HALG"
+    ${PREFIX}policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg $HALG -pwdk rrrr > run.out
+    checkSuccess $?
+
+    echo "Get policy digest"
+    ${PREFIX}policygetdigest -ha 03000000 -of tmppol.bin > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy signed"
+    ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Policy restart, set back to zero"
+    ${PREFIX}policyrestart -ha 03000000 > run.out 
+    checkSuccess $?
+
+    echo "Sign just expiration (uint32_t 4 zeros) with openssl - $HALG"
+    openssl dgst -$HALG -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/zero4.bin
+
+    echo "Policy signed, signature generated externally - $HALG"
+    ${PREFIX}policysigned -hk 80000001 -ha 03000000 -halg $HALG -is pssig.bin > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy signed"
+    ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+    checkSuccess $?
+
+    echo "Start a policy session - save nonceTPM"
+    ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out
+    checkSuccess $?
+
+    echo "Policy signed with nonceTPM and expiration, create a ticket - $HALG"
+    ${PREFIX}policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg $HALG -pwdk rrrr -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy signed"
+    ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+    checkSuccess $?
+
+    echo "Start a policy session"
+    ${PREFIX}startauthsession -se p > run.out
+    checkSuccess $?
+
+    echo "Policy ticket"
+    ${PREFIX}policyticket -ha 03000000 -to to.bin -na ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out
+    checkSuccess $?
+
+    echo "Sign a digest - policy ticket"
+    ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+    checkSuccess $?
+
+    echo "Flush the verification public key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the signing key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+done
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+# getcapability  -cap 1 -pr 03000000
+
+# exit 0
+
+echo ""
+echo "Policy Secret with Platform Auth"
+echo ""
+
+# 4000000c platform
+# 80000000 primary key
+# 80000001 signing key with policy
+# 03000000 policy session
+# 02000001 hmac session
+
+echo "Change platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Create a signing key under the primary key - policy secret using platform auth"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretp.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -on noncetpm.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session, create a ticket"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy secret"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -on noncetpm.bin > run.out
+checkSuccess $?
+
+echo "Policy Secret using primary key, create a ticket"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy secret"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy ticket"
+${PREFIX}policyticket -ha 03000000 -to to.bin -hi p -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy ticket"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -on noncetpm.bin > run.out
+checkSuccess $?
+
+echo "Start an HMAC session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Policy Secret with HMAC session"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -se0 02000001 0 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy secret"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Change platform hierarchy auth back to null"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Secret with NV Auth"
+echo ""
+
+# Name is 
+# 00 0b e0 65 10 81 c2 fc da 30 69 93 da 43 d1 de 
+# 5b 24 be 42 6e 2d 61 90 7b 42 83 54 69 13 6c 97 
+# 68 1f 
+
+# Policy is
+# c6 93 f9 b0 ef 1a b7 1e ca ae 00 af 1f 0b f4 88 
+# 37 9e ab 16 c1 f8 0d 9f f9 6d 90 41 4e 2f c6 b3 
+
+echo "NV Define Space 0100000"
+${PREFIX}nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 -pwdn nnn > run.out
+checkSuccess $?
+
+echo "Create a signing key under the primary key - policy secret NV auth"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policysecretnv.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -on noncetpm.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy, should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn -in noncetpm.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy secret"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space 0100000"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+
+echo ""
+echo "Policy Secret with Object"
+echo ""
+
+# Use a externally generated object so that the Name is known and thus
+# the policy can be precalculated
+
+# Name
+# 00 0b 64 ac 92 1a 03 5c 72 b3 aa 55 ba 7d b8 b5 
+# 99 f1 72 6f 52 ec 2f 68 20 42 fc 0e 0d 29 fa e8 
+# 17 99 
+
+# 000001151 plus the above name as text, add a blank line for empty policyRef
+# to create policies/policysecretsha256.txt
+# 00000151000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
+# 4b 7f ca c2 b7 c3 ac a2 7c 5c da 9c 71 e6 75 28 
+# 63 d2 87 d2 33 ec 49 0e 7a be 88 f1 ef 94 5d 5c 
+
+echo "Load the RSA openssl key pair in the NULL hierarchy 80000001"
+${PREFIX}loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr > run.out
+checkSuccess $?
+
+echo "Create a signing key under the primary key - policy secret of object 80000001"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -uwa -pol policies/policysecretsha256.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key 80000002"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Sign a digest - password auth - should fail"
+${PREFIX}sign -hk 80000002 -if policies/aaa -pwdk sig > run.out
+checkFailure $?
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy secret"
+${PREFIX}sign -hk 80000002 -if msg.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Flush the policysecret key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Load the RSA openssl key pair in the NULL hierarchy, userWithAuth false 80000001"
+${PREFIX}loadexternal -rsa -ider policies/rsaprivkey.der -pwdk rrrr -uwa > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session - should fail"
+${PREFIX}policysecret -ha 80000001 -hs 03000000 -pwde rrrr > run.out
+checkFailure $?
+
+echo "Flush the policysecret key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Authorize"
+echo ""
+
+# 80000000 primary
+# 80000001 verification public key, openssl
+# 80000002 signing key
+# 03000000 policy session
+
+# Name for 80000001 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f
+#
+# policyauthorizesha256.txt
+# 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+#
+# (need blank line for policyRef)
+#
+# > policymaker -if policies/policyauthorizesha256.txt -of policies/policyauthorizesha256.bin -pr
+#
+# eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+# ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+
+echo "Create a signing key with policy authorize"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizesha256.bin > run.out
+checkSuccess $?
+
+echo "Load external just the public part of PEM authorizing key 80000001"
+${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key 80000002 "
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be zero"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be policy to approve, aHash input, same as policies/policyccsign.bin"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Openssl generate and sign aHash (empty policyRef)"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policyccsign.bin
+
+echo "Verify the signature to generate ticket 80000001"
+${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/policyccsign.bin -is pssig.bin -raw -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Policy authorize using the ticket"
+${PREFIX}policyauthorize -ha 03000000 -appr policies/policyccsign.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be policy authorize"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the verification public key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+# getcapability  -cap 1 -pr 80000000
+# getcapability  -cap 1 -pr 02000000
+# getcapability  -cap 1 -pr 03000000
+
+# exit 0
+
+echo ""
+echo "Set Primary Policy"
+echo ""
+
+echo "Platform policy empty"
+${PREFIX}setprimarypolicy -hi p > run.out
+checkSuccess $?
+
+echo "Platform policy empty, bad password"
+${PREFIX}setprimarypolicy -hi p -pwda ppp > run.out
+checkFailure $?
+
+echo "Set platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Platform policy empty, bad password"
+${PREFIX}setprimarypolicy -hi p > run.out
+checkFailure $?
+
+echo "Platform policy empty"
+${PREFIX}setprimarypolicy -hi p -pwda ppp > run.out
+checkSuccess $?
+
+echo "Platform policy to policy secret platform auth"
+${PREFIX}setprimarypolicy -hi p -pwda ppp -halg sha256 -pol policies/policysecretp.bin > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy Secret with PWAP session"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out
+checkSuccess $?
+
+echo "Change platform hierarchy auth to null with policy secret"
+${PREFIX}hierarchychangeauth -hi p -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy PCR no select"
+echo ""
+
+# create AND term for policy PCR
+# > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt
+# 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709
+
+# convert to binary policy
+# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v
+
+# 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66 
+# b6 fa 2c 23 
+
+echo "Create a signing key with policy PCR no select"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -halg sha1 -se p > run.out
+checkSuccess $?
+
+echo "Policy PCR, update with the correct digest"
+${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be 6d 38 49 38 ... "
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign, should succeed"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy PCR, update with the correct digest"
+${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out
+checkSuccess $?
+
+echo "PCR extend PCR 0, updates pcr counter"
+${PREFIX}pcrextend -ha 0 -halg sha1 -if policies/aaa > run.out
+checkSuccess $?
+
+echo "Sign, should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Flush the policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the key"
+${PREFIX}flushcontext -ha 80000001 > run.out 
+checkSuccess $?
+
+echo ""
+echo "Policy PCR 16"
+echo ""
+
+# policypcr0.txt has 20 * 00
+
+# create AND term for policy PCR
+# > policymakerpcr -halg sha1 -bm 010000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt
+# 0000017f000000010004030000016768033e216468247bd031a0a2d9876d79818f8f
+
+# convert to binary policy
+# > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr.bin -pr -v
+
+# 85 33 11 83 19 03 12 f5 e8 3c 60 43 34 6f 9f 37
+# 21 04 76 8e
+
+echo "Create a signing key with policy PCR PCR 16 zero"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Reset PCR 16 back to zero"
+${PREFIX}pcrreset -ha 16 > run.out
+checkSuccess $?
+
+echo "Read PCR 16, should be 00 00 00 00 ..."
+${PREFIX}pcrread -ha 16 -halg sha1 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+
+echo "Sign, policy not satisfied - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkFailure $?
+
+echo "Policy PCR, update with the correct digest"
+${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be 85 33 11 83 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign, should succeed"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "PCR extend PCR 16"
+${PREFIX}pcrextend -ha 16 -halg sha1 -if policies/aaa > run.out
+checkSuccess $?
+
+echo "Read PCR 0, should be 1d 47 f6 8a ..."
+${PREFIX}pcrread -ha 16 -halg sha1 > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+
+echo "Policy PCR, update with the wrong digest"
+${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be 66 dd e5 e3"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out
+checkFailure $?
+
+echo "Flush the policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the key"
+${PREFIX}flushcontext -ha 80000001 > run.out 
+checkSuccess $?
+
+# 01000000 authorizing index
+# 01000001 authorized index
+# 03000000 policy session
+#
+# 4 byte NV index
+# policynv.txt
+# policy CC_PolicyNV || args || Name
+#
+# policynvargs.txt (binary)
+# args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==)
+# hash -hi n -halg sha1 -if policies/policynvargs.txt -v
+# openssl dgst -sha1 policies/policynvargs.txt
+# 2c513f149e737ec4063fc1d37aee9beabc4b4bbf
+#
+# NV authorizing index
+#
+# after defining index and NV write to set written, use 
+# ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1
+# to get name
+# 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c
+#
+# append Name to policynvnv.txt
+#
+# convert to binary policy
+# > policymaker -halg sha1 -if policies/policynvnv.txt -of policies/policynvnv.bin -pr -v
+# bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc 
+#
+# file zero8.bin has 8 bytes of hex zero
+
+echo ""
+echo "Policy NV, NV index authorizing"
+echo ""
+
+echo "Define a setbits index, authorizing index"
+${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out
+checkSuccess $?
+
+echo "NV Read public, get Name, not written"
+${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out
+checkSuccess $?
+
+echo "NV setbits to set written"
+${PREFIX}nvsetbits -ha 01000000 -pwdn nnn > run.out
+checkSuccess $?
+
+echo "NV Read public, get Name, written"
+${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out
+checkSuccess $?
+
+echo "NV Read, should be zero"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+checkSuccess $?
+
+echo "Define an ordinary index, authorized index, policyNV"
+${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out
+checkSuccess $?
+
+echo "NV Read public, get Name, not written"
+${PREFIX}nvreadpublic -ha 01000001 -nalg sha1 > run.out
+checkSuccess $?
+
+echo "NV write to set written"
+${PREFIX}nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out
+checkSuccess $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+ 
+echo "NV write, policy not satisfied  - should fail"
+${PREFIX}nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy get digest, should be 0"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Policy NV to satisfy the policy"
+${PREFIX}policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out
+checkSuccess $?
+
+echo "Policy get digest, should be bc 9b 4c 4f ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "NV write, policy satisfied"
+${PREFIX}nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Set bit in authorizing NV index"
+${PREFIX}nvsetbits -ha 01000000 -pwdn nnn -bit 0 > run.out
+checkSuccess $?
+
+echo "NV Read, should be 1"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
+checkSuccess $?
+
+echo "Policy NV to satisfy the policy - should fail"
+${PREFIX}policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out
+checkFailure $?
+
+echo "Policy get digest, should be 00 00 00 00 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "NV Undefine authorizing index"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+echo "NV Undefine authorized index"
+${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out 
+checkSuccess $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out  
+checkSuccess $?
+
+echo ""
+echo "Policy NV Written"
+echo ""
+
+echo "Define an ordinary index, authorized index, policyNV"
+${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out  
+checkSuccess $?
+
+echo "NV Read public, get Name, not written"
+${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out  
+checkSuccess $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+ 
+echo "NV write, policy not satisfied  - should fail"
+${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out  
+checkFailure $?
+
+echo "Policy NV Written no, does not satisfy policy"
+${PREFIX}policynvwritten -hs 03000000 -ws n > run.out  
+checkSuccess $?
+
+echo "NV write, policy not satisfied - should fail"
+${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out  
+checkFailure $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out  
+checkSuccess $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+
+echo "Policy NV Written yes, satisfy policy"
+${PREFIX}policynvwritten -hs 03000000 -ws y > run.out
+checkSuccess $?
+
+echo "NV write, policy satisfied but written clear - should fail"
+${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out  
+checkSuccess $?
+
+echo "NV write using password, set written"
+${PREFIX}nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out
+checkSuccess $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+
+echo "Policy NV Written yes, satisfy policy"
+${PREFIX}policynvwritten -hs 03000000 -ws y > run.out
+checkSuccess $?
+
+echo "NV write, policy satisfied"
+${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out  
+checkSuccess $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+
+echo "Policy NV Written no"
+${PREFIX}policynvwritten -hs 03000000 -ws n > run.out
+checkSuccess $?
+
+echo "Policy NV Written yes - should fail"
+${PREFIX}policynvwritten -hs 03000000 -ws y > run.out
+checkFailure $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out  
+checkSuccess $?
+
+echo "NV Undefine authorizing index"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Signed externally signed cpHash"
+echo ""
+
+# NV Index 01000000 has policy OR
+
+# Policy A - provisioning: policy written false + policysigned
+#	demo: authorizer signs NV write all zero
+
+# Policy B - application: policy written true + policysigned
+#	demo: authorizer signs NV write abcdefgh
+
+echo "Load external just the public part of PEM at 80000001"
+${PREFIX}loadexternal -ipem policies/rsapubkey.pem > run.out
+checkSuccess $?
+
+echo "Get the Name of the signing key at 80000001"
+${PREFIX}readpublic -ho 80000001 -ns > run.out
+checkSuccess $?
+# 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+
+# construct policy A
+
+# policies/policywrittenclrsigned.txt
+# 0000018f00
+# 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+# Add the extra blank line here for policyRef
+
+# policymaker -if policies/policywrittenclrsigned.txt -of policies/policywrittenclrsigned.bin -pr -ns -v
+# intermediate policy digest length 32
+#  3c 32 63 23 67 0e 28 ad 37 bd 57 f6 3b 4c c3 4d 
+#  26 ab 20 5e f2 2f 27 5c 58 d4 7f ab 24 85 46 6e 
+#  intermediate policy digest length 32
+#  6b 0d 2d 2b 55 4d 68 ec bc 6c d5 b8 c0 96 c1 70 
+#  57 5a 95 25 37 56 38 7e 83 d7 76 d9 5b 1b 8e f3 
+#  intermediate policy digest length 32
+#  48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 
+#  18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 
+#  policy digest length 32
+#  48 0b 78 2e 02 82 c2 40 88 32 c4 df 9c 0e be 87 
+#  18 6f 92 54 bd e0 5b 0c 2e a9 52 48 3e b7 69 f2 
+# policy digest:
+# 480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f2
+
+# construct policy B
+
+# policies/policywrittensetsigned.txt
+# 0000018f01
+# 00000160000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+# Add the extra blank line here for policyRef
+
+# policymaker -if policies/policywrittensetsigned.txt -of policies/policywrittensetsigned.bin -pr -ns -v
+#  intermediate policy digest length 32
+#  f7 88 7d 15 8a e8 d3 8b e0 ac 53 19 f3 7a 9e 07 
+#  61 8b f5 48 85 45 3c 7a 54 dd b0 c6 a6 19 3b eb 
+#  intermediate policy digest length 32
+#  7d c2 8f b0 dd 4f ee 97 78 2b 55 43 b1 dc 6b 1e 
+#  e2 bc 79 05 d4 a1 f6 8d e2 97 69 5f a9 aa 78 5f 
+#  intermediate policy digest length 32
+#  09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 
+#  49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 
+#  policy digest length 32
+#  09 43 ba 3c 3b 4d b1 c8 3f c3 97 85 f9 dc 0a 82 
+#  49 f6 79 4a 04 38 e6 45 0a 50 56 8f b4 eb d2 46 
+# policy digest:
+# 0943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246
+
+# construct the Policy OR of A and B
+
+# policyorwrittensigned.txt - command code plus two policy digests
+# 00000171480b782e0282c2408832c4df9c0ebe87186f9254bde05b0c2ea952483eb769f20943ba3c3b4db1c83fc39785f9dc0a8249f6794a0438e6450a50568fb4ebd246
+# policymaker -if policies/policyorwrittensigned.txt -of policies/policyorwrittensigned.bin -pr 
+#  policy digest length 32
+#  06 00 ae 34 7a 30 b0 67 36 d3 32 85 a0 cc ad 46 
+#  54 1e 62 71 f5 d0 85 10 a7 ff 0e 90 30 54 d6 c9 
+
+echo "Define index 01000000 with the policy OR"
+${PREFIX}nvdefinespace -ha 01000000 -hi o -sz 8 -pwdn "" -pol policies/policyorwrittensigned.bin -at aw > run.out
+checkSuccess $?
+
+echo "Get the Name of the NV index not written, should be 00 0b ... bb 0b"
+${PREFIX}nvreadpublic -ha 01000000 -ns > run.out
+checkSuccess $?
+
+# 000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy A - not written"
+echo ""
+
+# construct cpHash for Policy A - not written, writing zeros
+ 
+# (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of 0's at offset 0000
+# For index auth, authHandle Name and index Name are the same
+# policies/nvwritecphasha.txt
+# 00000137000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000b366258674dcf8aa16d344f24dde1c799fc60f9427a7286bb8cd1e4e9fd1fbb0b000800000000000000000000
+# policymaker -nz -if policies/nvwritecphasha.txt -of policies/nvwritecphasha.bin -pr -ns
+#  policy digest length 32
+#  cf 98 1e ee 68 04 3b dd ee 0c ab bc 75 b3 63 be 
+#  3c f9 ee 22 2a 78 b8 26 3f 06 7b b3 55 2c a6 11 
+# policy digest:
+# cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611
+
+# construct aHash for Policy A
+
+# expiration + cpHashA
+# policies/nvwriteahasha.txt
+# 00000000cf981eee68043bddee0cabbc75b363be3cf9ee222a78b8263f067bb3552ca611
+# just convert to binary, because openssl does the hash before signing
+# xxd -r -p policies/nvwriteahasha.txt policies/nvwriteahasha.bin
+
+echo "Policy NV Written no, satisfy policy"
+${PREFIX}policynvwritten -hs 03000000 -ws n > run.out
+checkSuccess $?
+
+echo "Should be policy A first intermediate value 3c 32 63 23 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Sign aHash with openssl 8813 6530 ..."
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahasha.bin
+echo ""
+
+echo "Policy signed, signature generated externally"
+${PREFIX}policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphasha.bin -is sig.bin > run.out
+checkSuccess $?
+
+echo "Should be policy A final value 48 0b 78 2e ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out
+checkSuccess $?
+
+echo "Should be policy OR final value 06 00 ae 34 "
+${PREFIX}policygetdigest -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "NV write to set written"
+${PREFIX}nvwrite -ha 01000000 -if policies/zero8.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy B - written"
+echo ""
+
+echo "Get the new (written) Name of the NV index not written, should be 00 0b f5 75"
+${PREFIX}nvreadpublic -ha 01000000 -ns > run.out
+checkSuccess $?
+
+# 000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8
+
+# construct cpHash for Policy B
+ 
+# (commandCode || authHandle Name || NV Index Name || data + offset) - data 8 bytes of abcdefgh at offset 00000
+# For index auth, authHandle Name and index Name are the same
+# policies/nvwritecphashb.txt
+# 00000137000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000bf575f09107d38c4cb82e8ec054b1aca9a91e40a06ec074b578bdd9cdaf4b76c8000861626364656667680000
+# policymaker -nz -if policies/nvwritecphashb.txt -of policies/nvwritecphashb.bin -pr -ns
+#  policy digest length 32
+#  df 58 08 f9 ab cb 23 7f 8c d7 c9 09 1c 86 12 2d 
+#  88 6f 02 d4 6e db 53 c8 da 39 bf a2 d6 cf 07 63 
+# policy digest:
+# df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763
+
+# construct aHash for Policy B
+
+# expiration + cpHashA
+# policies/nvwriteahashb.txt
+# 00000000df5808f9abcb237f8cd7c9091c86122d886f02d46edb53c8da39bfa2d6cf0763
+# just convert to binary, because openssl does the hash before signing
+# xxd -r -p policies/nvwriteahashb.txt policies/nvwriteahashb.bin
+
+echo "Policy NV Written yes, satisfy policy"
+${PREFIX}policynvwritten -hs 03000000 -ws y > run.out
+checkSuccess $?
+
+echo "Should be policy A first intermediate value f7 88 7d 15 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign aHash with openssl 3700 0a91 ..."
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out sig.bin policies/nvwriteahashb.bin > run.out
+echo ""
+
+echo "Policy signed, signature generated externally"
+${PREFIX}policysigned -hk 80000001 -ha 03000000 -halg sha256 -cp policies/nvwritecphashb.bin -is sig.bin > run.out
+checkSuccess $?
+
+echo "Should be policy B final value 09 43 ba 3c ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if policies/policywrittenclrsigned.bin -if policies/policywrittensetsigned.bin > run.out
+checkSuccess $?
+
+echo "Should be policy OR final value 06 00 ae 34 "
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "NV write new data"
+${PREFIX}nvwrite -ha 01000000 -ic abcdefgh -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "Cleanup"
+echo ""
+
+echo "Flush the policy session 03000000"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the signature verification key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Undefine the NV Index 01000000"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out 
+checkSuccess $?
+
+# test using clockrateadjust
+# policycphashhash.txt is (hex) 00000130 4000000c 000
+# hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v
+# openssl dgst -sha1 policycphashhash.txt
+# cpHash is
+# b5f919bbc01f0ebad02010169a67a8c158ec12f3
+# append to policycphash.txt 00000163 + cpHash
+# policymaker -halg sha1 -if policies/policycphash.txt -of policies/policycphash.bin -pr
+#  06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f 
+
+echo ""
+echo "Policy cpHash"
+echo ""
+
+echo "Set the platform policy to policy cpHash"
+${PREFIX}setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out
+checkSuccess $?
+
+echo "Clockrate adjust using wrong password - should fail"
+${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out 
+checkFailure $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out 
+checkSuccess $?
+
+echo "Clockrate adjust, policy not satisfied - should fail"
+${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy cpHash, satisfy policy"
+${PREFIX}policycphash -ha 03000000 -cp policies/policycphashhash.bin > run.out
+checkSuccess $?
+ 
+echo "Policy get digest, should be 06 e4 6c f9"
+${PREFIX}policygetdigest -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Clockrate adjust, policy satisfied but bad command params - should fail"
+${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 1 -se0 03000000 1 > run.out 
+checkFailure $?
+
+echo "Clockrate adjust, policy satisfied"
+${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out 
+checkSuccess $?
+
+echo "Clear the platform policy"
+${PREFIX}setprimarypolicy -hi p > run.out 
+checkSuccess $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out 
+checkSuccess $?
+
+echo ""
+echo "Policy Duplication Select with includeObject FALSE"
+echo ""
+
+# These tests uses a new parent and object to be duplicated generated
+# externally.  This makes the Names repeatable and permits the
+# policy to be pre-calculated and static.
+
+# command code 00000188
+# newParentName
+# 000b 1a5d f667 7533 4527 37bc 79a5 5ab6 
+# d9fa 9174 5c03 3dfe 3f82 cdf0 903b a9d6
+# 55f1
+# includeObject 00
+# policymaker -if policies/policydupsel-no.txt -of policies/policydupsel-no.bin -pr -v
+# 5f 55 ba 2b 69 0f b0 38 ac 15 ff 2a 86 ef 65 66 
+# be a8 23 68 43 97 4c 3f a7 36 37 72 56 ec bc 45 
+
+# 80000000 SK storage primary key
+# 80000001 NP new parent, the target of the duplication
+# 80000002 SI signing key, duplicate from SK to NP
+# 03000000 policy session
+
+echo "Import the new parent storage key NP under the primary key"
+${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -st -pwdk rrrr -opu tmpstpub.bin -opr tmpstpriv.bin -halg sha256 > run.out
+checkSuccess $?
+	
+echo "Load the new parent TPM storage key NP at 80000001"
+${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpstpub.bin -ipr tmpstpriv.bin > run.out
+checkSuccess $?
+
+echo "Import a signing key SI under the primary key 80000000, with policy duplication select"
+${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policydupsel-no.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key SI at 80000002"
+${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy duplication select, object SI 80000002 to new parent NP 80000001"
+${PREFIX}policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be 5f 55 ba 2b ...."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001"
+${PREFIX}duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the original SI at 80000002 to free object slot for import"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Import signing key SI under new parent TPM storage key NP 80000001"
+${PREFIX}import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key SI at 80000002"
+${PREFIX}load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Flush the duplicated SI at 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Duplication Select with includeObject TRUE"
+echo ""
+
+# command code 00000188
+# SI objectName
+# 000b 6319 28da 1624 3135 3a59 c03a 2ca7
+# dbb7 0989 1440 4236 3c7f a838 39d9 da6c
+# 437a
+# HP newParentName
+# 000b 
+# 1a5d f667 7533 4527 37bc 79a5 5ab6 d9fa 
+# 9174 5c03 3dfe 3f82 cdf0 903b a9d6 55f1
+# includeObject 01
+#
+# policymaker -if policies/policydupsel-yes.txt -of policies/policydupsel-yes.bin -pr -v
+# 14 64 06 4c 80 cb e3 4f f5 03 82 15 38 62 43 17 
+# 93 94 8f f1 e8 8a c6 23 4d d1 b0 c5 4c 05 f7 3b 
+
+# 80000000 SK storage primary key
+# 80000001 NP new parent, the target of the duplication
+# 80000002 SI signing key, duplicate from SK to NP
+# 03000000 policy session
+
+echo "Import a signing key SI under the primary key 80000000, with policy authorize"
+${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key SI with objectName 000b 6319 28da at 80000002"
+${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy duplication select, object SI 80000002 to new parent NP 80000001 with includeObject"
+${PREFIX}policyduplicationselect -ha 03000000 -inpn h80000001.bin -ion h80000002.bin -io > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be policy to approve, aHash input 14 64 06 4c same as policies/policydupsel-yes.bin"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the original SI at 80000002 to free object slot for loadexternal "
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Openssl generate and sign aHash (empty policyRef)"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policydupsel-yes.bin
+
+echo "Load external just the public part of PEM authorizing key 80000002"
+${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
+checkSuccess $?
+
+echo "Verify the signature against 80000002 to generate ticket"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/policydupsel-yes.bin -is pssig.bin -raw -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Policy authorize using the ticket"
+${PREFIX}policyauthorize -ha 03000000 -appr policies/policydupsel-yes.bin -skn ${TPM_DATA_DIR}/h80000002.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Get policy digest"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the PEM authorizing verification key at 80000002 to free object slot for import"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Load the original signing key SI at 80000002"
+${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+checkSuccess $?
+
+echo "Duplicate signing key SI at 80000002 under new parent TPM storage key NP 80000001 000b 1a5d f667"
+${PREFIX}duplicate -ho 80000002 -hp 80000001 -od tmpdup.bin -oss tmpss.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the original SI at 80000002 to free object slot for import"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Import signing key SI under new parent TPM storage key NP 80000001"
+${PREFIX}import -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -id tmpdup.bin -iss tmpss.bin -opr tmpsipriv1.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key SI at 80000002"
+${PREFIX}load -hp 80000001 -pwdp rrrr -ipu tmpsipub.bin -ipr tmpsipriv1.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest"
+${PREFIX}sign -hk 80000002 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Flush the duplicated SI at 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the new parent TPM storage key NP 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Name Hash"
+echo ""
+
+# signing key SI Name
+# 000b
+# 6319 28da 1624 3135 3a59 c03a 2ca7 dbb7 
+# 0989 1440 4236 3c7f a838 39d9 da6c 437a 
+
+# compute nameHash
+
+# nameHash - just a hash, not an extend
+# policymaker -if policies/pnhnamehash.txt -of policies/pnhnamehash.bin -nz -pr -v -ns
+# 18 e0 0c 62 77 18 d9 fc 81 22 3d 8a 56 33 7e eb 
+# 0e 7d 98 28 bd 7b c7 29 1d 3c 27 3f 7a c4 04 f1 
+# 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1
+
+# compute policy (based on 
+
+# 00000170 TPM_CC_PolicyNameHash
+# signing key SI Name
+# 18e00c627718d9fc81223d8a56337eeb0e7d9828bd7bc7291d3c273f7ac404f1
+
+# policymaker -if policies/policynamehash.txt -of policies/policynamehash.bin -pr -v
+# 96 30 f9 00 c3 4c 66 09 c1 c5 92 41 78 c1 b2 3d 
+# 9f d4 93 f4 f9 c2 98 c8 30 4a e3 0f 97 a2 fd 49 
+
+# 80000000 SK storage primary key
+# 80000001 SI signing key
+# 80000002 Authorizing public key
+# 03000000 policy session
+
+echo "Import a signing key SI under the primary key 80000000, with policy authorize"
+${PREFIX}importpem -hp 80000000 -pwdp sto -ipem policies/rsaprivkey.pem -si -pwdk rrrr -opr tmpsipriv.bin -opu tmpsipub.bin -pol policies/policyauthorizesha256.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key SI at 80000001"
+${PREFIX}load -hp 80000000 -pwdp sto -ipu tmpsipub.bin -ipr tmpsipriv.bin > run.out
+checkSuccess $?
+
+echo "Sign a digest using the password"
+${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -pwdk rrrr > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy name hash, object SI 80000001"
+${PREFIX}policynamehash -ha 03000000 -nh policies/pnhnamehash.bin > run.out
+checkSuccess $?
+
+echo "Get policy digest,should be policy to approve, 96 30 f9 00"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Openssl generate and sign aHash (empty policyRef)"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policynamehash.bin
+
+echo "Load external just the public part of PEM authorizing key 80000002"
+${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem > run.out
+checkSuccess $?
+
+echo "Verify the signature against 80000002 to generate ticket"
+${PREFIX}verifysignature -hk 80000002 -halg sha256 -if policies/policynamehash.bin -is pssig.bin -raw -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Policy authorize using the ticket"
+${PREFIX}policyauthorize -ha 03000000 -appr policies/policynamehash.bin -skn ${TPM_DATA_DIR}/h80000002.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be eb a3 f9 8c ...."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest using the policy"
+${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os tmpsig.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Verify the signature"
+${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/aaa -is tmpsig.bin > run.out
+checkSuccess $?
+
+echo "Flush the signing key at 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the authorizing key 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+# test using clockrateadjust and platform policy
+
+# operand A time is 64 bits at offset 0, operation GT (2)
+# 0000016d 0000 0000 0000 0000 | 0000 | 0002
+# 
+# convert to binary policy
+# > policymaker -halg sha1 -if policies/policycountertimer.txt -of policies/policycountertimer.bin -pr -v
+# e6 84 81 27 55 c0 39 d3 68 63 21 c8 93 50 25 dd 
+# aa 26 42 9a 
+
+echo ""
+echo "Policy Counter Timer"
+echo ""
+
+echo "Set the platform policy to policy "
+${PREFIX}setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out
+checkSuccess $?
+
+echo "Clockrate adjust using wrong password - should fail"
+${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out
+checkFailure $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p -halg sha1 > run.out
+checkSuccess $?
+
+echo "Clockrate adjust, policy not satisfied - should fail"
+${PREFIX}clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy counter timer, zero operandB, op EQ satisfy policy - should fail"
+${PREFIX}policycountertimer -ha 03000000 -if policies/zero8.bin -op 0 > run.out
+checkFailure $?
+ 
+echo "Policy counter timer, zero operandB, op GT satisfy policy"
+${PREFIX}policycountertimer -ha 03000000 -if policies/zero8.bin -op 2 > run.out 
+checkSuccess $?
+ 
+echo "Policy get digest, should be e6 84 81 27"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Clockrate adjust, policy satisfied"
+${PREFIX}clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out 
+checkSuccess $?
+
+echo "Clear the platform policy"
+${PREFIX}setprimarypolicy -hi p > run.out 
+checkSuccess $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out 
+checkSuccess $?
+
+
+# policyccsign.txt  0000016c 0000015d (policy command code | sign)
+# policyccquote.txt 0000016c 00000158 (policy command code | quote)
+#
+# > policymaker -if policies/policyccsign.txt -of policies/policyccsign.bin -pr -v
+# cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811
+#
+# > policymaker -if policies/policyccquote.txt -of policies/policyccquote.bin -pr -v
+# a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27
+#
+# policyor.txt is CC_PolicyOR || digests
+# 00000171 | cc69 ... | a039 ...
+# > policymaker -if  policies/policyor.txt -of  policies/policyor.bin -pr -v
+# 6b fe c2 3a be 57 b0 2a ce 39 dd 13 bb 60 fa 39 
+# 4d ac 7b 38 96 56 57 84 b3 73 fc 61 92 94 29 db 
+
+echo ""
+echo "PolicyOR"
+echo ""
+
+echo "Create an unrestricted signing key, policy command code sign or quote"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyor.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy get digest"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - should fail"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Quote - should fail"
+${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Get time - should fail, policy not set"
+${PREFIX}gettime -hk 80000001 -qd policies/aaa -se1 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy OR - should fail"
+${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+checkFailure $?
+
+echo "Policy Command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 0000015d > run.out
+checkSuccess $?
+
+echo "Policy get digest, should be cc 69 18 b2"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+checkSuccess $?
+
+echo "Policy get digest, should be 6b fe c2 3a"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign with policy OR"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Policy Command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 0000015d > run.out
+checkSuccess $?
+
+echo "Policy OR"
+${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+checkSuccess $?
+
+echo "Quote - should fail, wrong command code"
+${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy Command code - quote, digest a0 39 ca d5"
+${PREFIX}policycommandcode -ha 03000000 -cc 00000158 > run.out
+checkSuccess $?
+
+echo "Policy OR, digest 6b fe c2 3a"
+${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+checkSuccess $?
+
+echo "Quote with policy OR"
+${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Policy Command code - gettime 7a 3e bd aa"
+${PREFIX}policycommandcode -ha 03000000 -cc 0000014c > run.out
+checkSuccess $?
+
+echo "Policy OR, gettime not an AND term - should fail"
+${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out
+checkFailure $?
+
+echo "Flush policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# There are times that a policy creator has TPM, PEM, or DER format
+# information, but does not have access to a TPM.  The publicname
+# utility accepts these inputs and outputs the name in the 'no spaces'
+# format suitable for pasting into a policy.
+
+echo ""
+echo "publicname RSA"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Create an rsa ${HALG} key under the primary key"
+    ${PREFIX}create -hp 80000000 -rsa -nalg ${HALG} -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the rsa ${HALG} key 80000001"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Compute the TPM2B_PUBLIC Name"
+    ${PREFIX}publicname -ipu tmppub.bin -on tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the TPM2B_PUBLIC result"
+    diff tmp.bin h80000001.bin > run.out
+    checkSuccess $?
+
+    echo "Convert the rsa public key to PEM format"
+    ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Flush the rsa ${HALG} key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "loadexternal the rsa PEM public key"
+    ${PREFIX}loadexternal -ipem tmppub.pem -si -rsa -nalg ${HALG} -halg ${HALG} -scheme rsassa > run.out
+    checkSuccess $?
+
+    echo "Compute the PEM Name"
+    ${PREFIX}publicname -ipem tmppub.pem -rsa -si -nalg ${HALG} -halg ${HALG} -on tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the PEM result"
+    diff tmp.bin h80000001.bin > run.out
+    checkSuccess $?
+
+    echo "Convert the TPM PEM key to DER"
+    openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin
+    echo "INFO:"
+
+    echo "Compute the DER Name"
+    ${PREFIX}publicname -ider tmppub.der -rsa -si -nalg ${HALG} -halg ${HALG} -on tmp.bin -v > run.out
+    checkSuccess $?
+
+    echo "Verify the DER result"
+    diff tmp.bin h80000001.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the rsa ${HALG} key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "publicname ECC"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Create an ecc nistp256 ${HALG} key under the primary key"
+    ${PREFIX}create -hp 80000000 -ecc nistp256 -nalg ${HALG} -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the ecc ${HALG} key 80000001"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Compute the TPM2B_PUBLIC Name"
+    ${PREFIX}publicname -ipu tmppub.bin -on tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the TPM2B_PUBLIC result"
+    diff tmp.bin h80000001.bin > run.out
+    checkSuccess $?
+
+    echo "Convert the ecc public key to PEM format"
+    ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Flush the ecc ${HALG} key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "loadexternal the ecc PEM public key"
+    ${PREFIX}loadexternal -ipem tmppub.pem -si -ecc -nalg ${HALG} -halg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "Compute the PEM Name"
+    ${PREFIX}publicname -ipem tmppub.pem -ecc -si -nalg ${HALG} -halg ${HALG} -on tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the PEM result"
+    diff tmp.bin h80000001.bin > run.out
+    checkSuccess $?
+
+    echo "Convert the TPM PEM key to DER"
+    openssl pkey -inform pem -outform der -in tmppub.pem -out tmppub.der -pubin -pubout
+    echo "INFO:"
+
+    echo "Compute the DER Name"
+    ${PREFIX}publicname -ider tmppub.der -ecc -si -nalg ${HALG} -halg ${HALG} -on tmp.bin -v > run.out
+    checkSuccess $?
+
+    echo "Verify the DER result"
+    diff tmp.bin h80000001.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the ecc ${HALG} key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "publicname NV"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "NV Define Space ${HALG}"
+    ${PREFIX}nvdefinespace -hi o -ha 01000000 -sz 16 -nalg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "NV Read Public"
+    ${PREFIX}nvreadpublic -ha 01000000 -opu tmppub.bin -on tmpname.bin > run.out
+    checkSuccess $?
+
+    echo "Compute the NV Index Name"
+    ${PREFIX}publicname -invpu tmppub.bin -on tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the NV Index result"
+    diff tmp.bin tmpname.bin > run.out
+    checkSuccess $?
+
+    echo "NV Undefine Space"
+    ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+    checkSuccess $?
+
+done
+
+# cleanup
+
+rm -f pssig.bin
+rm -f run.out
+rm -f sig.bin
+rm -f tkt.bin
+rm -f tmp.bin
+rm -f tmpdup.bin
+rm -f tmphkey.bin
+rm -f tmpname.bin
+rm -f tmppol.bin
+rm -f tmppriv.bin
+rm -f tmppriv.bin 
+rm -f tmppub.bin
+rm -f tmppub.der
+rm -f tmppub.pem
+rm -f tmpsig.bin
+rm -f tmpsipriv.bin
+rm -f tmpsipriv1.bin
+rm -f tmpsipub.bin
+rm -f tmpss.bin
+rm -f tmpstpriv.bin
+rm -f tmpstpub.bin
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 01000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
+# ${PREFIX}getcapability -cap 1 -pr 03000000
diff --git a/utils/regtests/testpolicy138.bat b/utils/regtests/testpolicy138.bat
new file mode 100644
index 000000000..08a45d7b7
--- /dev/null
+++ b/utils/regtests/testpolicy138.bat
@@ -0,0 +1,600 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #		$Id: testpolicy138.sh 793 2016-11-10 21:27:40Z kgoldman $	#
+REM #										#
+REM # (c) Copyright IBM Corporation 2016					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+REM 
+REM # Policy command code - sign
+REM 
+REM # cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16
+REM # 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811
+REM 
+REM # NV index name after written
+REM 
+REM # 000b 
+REM # 5e8e bdf0 4581 9419 070c 7d57 77bf eb61 
+REM # ffac 4996 ea4b 6fba de6d a42b 632d 4918   
+REM 
+REM # Policy Authorize NV with above Name
+REM                               
+REM # 66 1f a1 02 db cd c2 f6 a0 61 7b 33 a0 ee 6d 95 
+REM # ab f6 2c 76 b4 98 b2 91 10 0d 30 91 19 f4 11 fa 
+REM 
+REM # Policy in NV index 01000000
+REM # signing key 80000001 
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Policy Authorize NV"
+echo ""
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key, policyauthnv"
+%TPM_EXE_PATH%create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizenv.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Define Space"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -sz 50 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+    
+echo "NV not written, policyauthorizenv - should fail"
+%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Write algorithm ID into NV index 01000000"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -off 0 -if policies/sha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write policy command code sign into NV index 01000000"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -off 2 -if policies/policyccsign.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be cc 69 ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Authorize NV against 01000000"
+%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be 66 1f ..."
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - policy and wrong password"
+%TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - sign"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Authorize NV against 01000000"
+%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Quote - policy, should fail"
+%TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - quote"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 158 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Authorize NV against 01000000 - should fail"
+%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the policy session 03000000"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key 80000001 "
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Template"
+echo ""
+
+REM # create template hash
+REM 
+REM # run createprimary -si -v, extract template 
+REM 
+REM # policies/policytemplate.txt
+REM 
+REM # 00 01 00 0b 00 04 04 72 00 00 00 10 00 10 08 00 
+REM # 00 00 00 00 00 00
+REM 
+REM # policymaker -if policies/policytemplate.txt -pr -of policies/policytemplate.bin -nz
+REM # -nz says do not extend, just hash the hexascii line
+REM # yields a template hash for policytemplate
+REM 
+REM # ef 64 da 91 18 fc ac 82 f4 36 1b 28 84 28 53 d8 
+REM # aa f8 7d fc e1 45 e9 25 cf fe 58 68 aa 2d 22 b6 
+REM 
+REM # prepend the command code 00000190 to ef 64 ... and construct the actual object policy
+REM # policymaker -if policies/policytemplatehash.txt -pr -of policies/policytemplatehash.bin
+REM 
+REM # fb 94 b1 43 e5 2b 07 95 b7 ec 44 37 79 99 d6 47 
+REM # 70 1c ae 4b 14 24 af 5a b8 7e 46 f2 58 af eb de 
+
+echo ""
+echo "Policy Template with TPM2_Create"
+echo ""
+
+echo "Create a primary storage key policy template, 80000001"
+%TPM_EXE_PATH%createprimary -hi p -pol policies/policytemplatehash.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a policy session 03000000"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Template"
+%TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be fb 94 ... "
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create signing key under primary key"
+%TPM_EXE_PATH%create -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Template with TPM2_CreateLoaded"
+echo ""
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Template"
+%TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be fb 94 ... "
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create loaded signing key under primary key"
+%TPM_EXE_PATH%createloaded -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the primary key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the created key 80000002"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Policy Template with TPM2_CreatePrimary"
+echo ""
+
+echo "Set primary policy for platform hierarchy"
+%TPM_EXE_PATH%setprimarypolicy -hi p -halg sha256 -pol policies/policytemplatehash.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy restart, set back to zero"
+%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Template"
+%TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be fb 94 ... "
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create loaded primary signing key policy template, 80000001"
+%TPM_EXE_PATH%createprimary -si -hi p -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the primary key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM #
+REM # Use case of the PCR brittleness solution using PolicyAuthorize, but
+REM # where the authorizing public key is not hard coded in the sealed
+REM # blob policy.  Rather, it's in an NV Index, so that the authorizing
+REM # key can be changed.  Here, the authorization to change is platform
+REM # auth.  The NV index is locked until reboot as a second level of
+REM # protection.
+REM #
+
+REM # Policy design
+
+REM # PolicyAuthorizeNV and Name of NV index AND Unseal
+REM # where the NV index holds PolicyAuthorize with the Name of the authorizing signing key
+REM # where PolicyAuthorize will authorize command Unseal AND PCR values
+
+REM # construct Policies
+
+REM # Provision the NV Index data first.  The NV Index Name is needed for the policy
+REM # PolicyAuthorize with the Name of the authorizing signing key.  
+
+REM # The authorizing signing key Name can be obtained using the TPM from
+REM # loadexternal below.  It can also be calculated off line using this
+REM # utility
+
+REM # > publicname -ipem policies/rsapubkey.pem -halg sha256 -nalg sha256 -v -ns
+
+REM # policyauthorize and CA public key
+REM # policies/policyauthorizesha256.txt
+REM # 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM # (need blank line for policyRef)
+REM # > policymaker -halg sha256 -if policies/policyauthorizesha256.txt -pr -v -ns -of policies/policyauthorizesha256.bin
+REM #  intermediate policy digest length 32
+REM #  fc 17 cd 86 c0 4f be ca d7 17 5f ef c7 75 5b 63 
+REM #  a8 90 49 12 c3 2e e6 9a 4c 99 1a 7b 5a 59 bd 82 
+REM #  intermediate policy digest length 32
+REM #  eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+REM #  ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+REM #  policy digest length 32
+REM #  eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+REM #  ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+REM # policy digest:
+REM # eba3f98c5eaf1ea8f94f519b4d2a3183ee79876672398e2315d933c288a8e503
+
+REM # Once the NV Index Name is known, calculated the sealed blob policy.
+
+REM # PolicyAuthorizeNV and Name of NV Index AND Unseal
+REM #
+REM # get NV Index Name from nvreadpublic after provisioning
+REM # 000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e
+REM #
+REM # policies/policyauthorizenv-unseal.txt
+REM # 
+REM # policyauthorizenv and Name of NV Index
+REM # 00000192000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e
+REM # policy command code unseal
+REM # 0000016c0000015e
+REM #
+REM # > policymaker -halg sha256 -if policies/policyauthorizenv-unseal.txt -of policies/policyauthorizenv-unseal.bin -pr -v -ns
+REM # intermediate policy digest length 32
+REM #  2f 7a d9 b7 53 26 35 e5 03 8c e7 7b 8f 63 5e 4c 
+REM #  f9 96 c8 62 18 13 98 94 c2 71 45 e7 7d d5 e8 e8 
+REM #  intermediate policy digest length 32
+REM #  cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 
+REM #  33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d 
+REM #  policy digest length 32
+REM #  cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 
+REM #  33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d 
+REM # policy digest:
+REM # cd1b2426fe10086c5235859422a05969334b8847820d0bd98c431f7ff736345d
+
+REM # The authorizing signer signs the PCR white list, here just PCR 16 extended with aaa
+REM # PCR 16 is the resettable debug PCR, convenient for development
+
+echo ""
+echo "PolicyAuthorizeNV -> PolicyAuthorize -> PolicyPCR"
+echo ""
+
+REM # Initial provisioning (NV Index)
+
+echo "NV Define Space"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -hia p -sz 34 +at wst +at ar > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write algorithm ID into NV index 01000000"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -off 0 -if policies/sha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write the NV index at offset 2 with policy authorize and the Name of the CA signing key"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -off 2 -if policies/policyauthorizesha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Lock the NV Index"
+%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read the NV Index Name to be used above in Policy"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -ns > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # Initial provisioning (Sealed Data)
+
+echo "Create a sealed data object"
+%TPM_EXE_PATH%create -hp 80000000 -nalg sha256 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto  -uwa -if msg.bin -pol policies/policyauthorizenv-unseal.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # Once per new PCR approved values, signer authorizing PCRs in policysha256.bin
+
+echo "Openssl generate and sign aHash (empty policyRef)"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaasha256.bin
+
+REM # Once per boot, simulating setting PCRs to authorized values, lock
+REM # the NV index, which is unloaded at reboot to permit platform auth to
+REM # roll the authorized signing key
+
+echo "Lock the NV Index"
+%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR 16 Reset"
+%TPM_EXE_PATH%pcrreset -ha 16 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Extend PCR 16 to correct value"
+%TPM_EXE_PATH%pcrextend -halg sha256 -ha 16 -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # At each unseal, or reuse the ticket tkt.bin for its lifetime
+
+echo "Load external just the public part of PEM authorizing key sha256 80000001"
+%TPM_EXE_PATH%loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem -ns > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the signature to generate ticket 80000001 sha256"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if policies/policypcr16aaasha256.bin -is pssig.bin -raw -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # Run time unseal
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p -halg sha256 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy PCR, update with the correct PCR 16 value"
+%TPM_EXE_PATH%policypcr -halg sha256 -ha 03000000 -bm 10000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy get digest - should be policies/policypcr16aaasha256.bin"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # policyauthorize process
+
+echo "Policy authorize using the ticket"
+%TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policypcr16aaasha256.bin -skn h80000001.bin -tk tkt.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be policies/policyauthorizesha256.bin"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the authorizing public key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy Authorize NV against NV Index 01000000"
+%TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin intermediate"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - unseal"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015e > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin final"
+%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the sealed data object"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Unseal the data blob"
+%TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the sealed object"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM cleanup 
+
+rm -f tmppriv.bin
+rm -f tmppub.bin
+
diff --git a/utils/regtests/testpolicy138.sh b/utils/regtests/testpolicy138.sh
new file mode 100755
index 000000000..91bd86c08
--- /dev/null
+++ b/utils/regtests/testpolicy138.sh
@@ -0,0 +1,477 @@
+#!/bin/bash
+
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2016 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# used for the name in policy ticket
+
+if [ -z $TPM_DATA_DIR ]; then
+    TPM_DATA_DIR=.
+fi
+
+# PolicyCommandCode - sign
+
+# cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16
+# 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811
+
+# NV index name after written
+
+# 000b 
+# 5e8e bdf0 4581 9419 070c 7d57 77bf eb61 
+# ffac 4996 ea4b 6fba de6d a42b 632d 4918   
+
+# PolicyAuthorizeNV with above Name
+                              
+# 66 1f a1 02 db cd c2 f6 a0 61 7b 33 a0 ee 6d 95 
+# ab f6 2c 76 b4 98 b2 91 10 0d 30 91 19 f4 11 fa 
+
+# Policy in NV index 01000000
+# signing key 80000001 
+
+echo ""
+echo "Policy Authorize NV"
+echo ""
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Create a signing key, policyauthnv"
+${PREFIX}create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -pol policies/policyauthorizenv.bin > run.out
+checkSuccess $?
+
+echo "Load the signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "NV Define Space"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -sz 50 > run.out
+checkSuccess $?
+    
+echo "NV not written, policyauthorizenv - should fail"
+${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+checkFailure $?
+
+echo "Write algorithm ID into NV index 01000000"
+${PREFIX}nvwrite -ha 01000000 -off 0 -if policies/sha256.bin > run.out
+checkSuccess $?
+
+echo "Write policy command code sign into NV index 01000000"
+${PREFIX}nvwrite -ha 01000000 -off 2 -if policies/policyccsign.bin > run.out
+checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be cc 69 ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Policy Authorize NV against 01000000"
+${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be 66 1f ..."
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Sign a digest - policy and wrong password"
+${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out
+checkSuccess $?
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy command code - sign"
+${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out
+checkSuccess $?
+
+echo "Policy Authorize NV against 01000000"
+${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Quote - policy, should fail"
+${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy command code - quote"
+${PREFIX}policycommandcode -ha 03000000 -cc 158 > run.out
+checkSuccess $?
+
+echo "Policy Authorize NV against 01000000 - should fail"
+${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+checkFailure $?
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out
+checkSuccess $?
+
+echo "Flush the policy session 03000000"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the signing key 80000001 "
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Template"
+echo ""
+
+# create template hash
+
+# run createprimary -si -v, extract template 
+
+# policies/policytemplate.txt
+
+# 00 01 00 0b 00 04 04 72 00 00 00 10 00 10 08 00 
+# 00 00 00 00 00 00
+
+# policymaker -if policies/policytemplate.txt -pr -of policies/policytemplate.bin -nz
+# -nz says do not extend, just hash the hexascii line
+# yields a template hash for policytemplate
+
+# ef 64 da 91 18 fc ac 82 f4 36 1b 28 84 28 53 d8 
+# aa f8 7d fc e1 45 e9 25 cf fe 58 68 aa 2d 22 b6 
+
+# prepend the command code 00000190 to ef 64 ... and construct the actual object policy
+# policymaker -if policies/policytemplatehash.txt -pr -of policies/policytemplatehash.bin
+
+# fb 94 b1 43 e5 2b 07 95 b7 ec 44 37 79 99 d6 47 
+# 70 1c ae 4b 14 24 af 5a b8 7e 46 f2 58 af eb de 
+
+echo ""
+echo "Policy Template with TPM2_Create"
+echo ""
+
+echo "Create a primary storage key policy template, 80000001"
+${PREFIX}createprimary -hi p -pol policies/policytemplatehash.bin > run.out
+checkSuccess $?
+
+echo "Start a policy session 03000000"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Policy Template"
+${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be fb 94 ... "
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Create signing key under primary key"
+${PREFIX}create -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Template with TPM2_CreateLoaded"
+echo ""
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy Template"
+${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be fb 94 ... "
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Create loaded signing key under primary key"
+${PREFIX}createloaded -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Flush the primary key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the created key 80000002"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo ""
+echo "Policy Template with TPM2_CreatePrimary"
+echo ""
+
+echo "Set primary policy for platform hierarchy"
+${PREFIX}setprimarypolicy -hi p -halg sha256 -pol policies/policytemplatehash.bin > run.out
+checkSuccess $?
+
+echo "Policy restart, set back to zero"
+${PREFIX}policyrestart -ha 03000000 > run.out 
+checkSuccess $?
+
+echo "Policy Template"
+${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be fb 94 ... "
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Create loaded primary signing key policy template, 80000001"
+${PREFIX}createprimary -si -hi p -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the primary key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+#
+# Use case of the PCR brittleness solution using PolicyAuthorize, but
+# where the authorizing public key is not hard coded in the sealed
+# blob policy.  Rather, it's in an NV Index, so that the authorizing
+# key can be changed.  Here, the authorization to change is platform
+# auth.  The NV index is locked until reboot as a second level of
+# protection.
+#
+
+# Policy design
+
+# PolicyAuthorizeNV and Name of NV index AND Unseal
+# where the NV index holds PolicyAuthorize with the Name of the authorizing signing key
+# where PolicyAuthorize will authorize command Unseal AND PCR values
+
+# construct Policies
+
+# Provision the NV Index data first.  The NV Index Name is needed for the policy
+# PolicyAuthorize with the Name of the authorizing signing key.  
+
+# The authorizing signing key Name can be obtained using the TPM from
+# loadexternal below.  It can also be calculated off line using this
+# utility
+
+# > publicname -ipem policies/rsapubkey.pem -halg sha256 -nalg sha256 -v -ns
+
+# policyauthorize and CA public key
+# policies/policyauthorizesha256.txt
+# 0000016a000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+# (need blank line for policyRef)
+# > policymaker -halg sha256 -if policies/policyauthorizesha256.txt -pr -v -ns -of policies/policyauthorizesha256.bin
+#  intermediate policy digest length 32
+#  fc 17 cd 86 c0 4f be ca d7 17 5f ef c7 75 5b 63 
+#  a8 90 49 12 c3 2e e6 9a 4c 99 1a 7b 5a 59 bd 82 
+#  intermediate policy digest length 32
+#  eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+#  ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+#  policy digest length 32
+#  eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+#  ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+# policy digest:
+# eba3f98c5eaf1ea8f94f519b4d2a3183ee79876672398e2315d933c288a8e503
+
+# Once the NV Index Name is known, calculated the sealed blob policy.
+
+# PolicyAuthorizeNV and Name of NV Index AND Unseal
+#
+# get NV Index Name from nvreadpublic after provisioning
+# 000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e
+#
+# policies/policyauthorizenv-unseal.txt
+# 
+# policyauthorizenv and Name of NV Index
+# 00000192000b56e16f0b810a6418daab06822be142858beaf9a79d66f66ad7e8e541f142498e
+# policy command code unseal
+# 0000016c0000015e
+#
+# > policymaker -halg sha256 -if policies/policyauthorizenv-unseal.txt -of policies/policyauthorizenv-unseal.bin -pr -v -ns
+# intermediate policy digest length 32
+#  2f 7a d9 b7 53 26 35 e5 03 8c e7 7b 8f 63 5e 4c 
+#  f9 96 c8 62 18 13 98 94 c2 71 45 e7 7d d5 e8 e8 
+#  intermediate policy digest length 32
+#  cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 
+#  33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d 
+#  policy digest length 32
+#  cd 1b 24 26 fe 10 08 6c 52 35 85 94 22 a0 59 69 
+#  33 4b 88 47 82 0d 0b d9 8c 43 1f 7f f7 36 34 5d 
+# policy digest:
+# cd1b2426fe10086c5235859422a05969334b8847820d0bd98c431f7ff736345d
+
+# The authorizing signer signs the PCR white list, here just PCR 16 extended with aaa
+# PCR 16 is the resettable debug PCR, convenient for development
+
+echo ""
+echo "PolicyAuthorizeNV -> PolicyAuthorize -> PolicyPCR"
+echo ""
+
+# Initial provisioning (NV Index)
+
+echo "NV Define Space"
+${PREFIX}nvdefinespace -ha 01000000 -hi p -hia p -sz 34 +at wst +at ar > run.out
+checkSuccess $?
+
+echo "Write algorithm ID into NV index 01000000"
+${PREFIX}nvwrite -ha 01000000 -hia p -off 0 -if policies/sha256.bin > run.out
+checkSuccess $?
+
+echo "Write the NV index at offset 2 with policy authorize and the Name of the CA signing key"
+${PREFIX}nvwrite -ha 01000000 -hia p -off 2 -if policies/policyauthorizesha256.bin > run.out
+checkSuccess $?
+
+echo "Lock the NV Index"
+${PREFIX}nvwritelock -ha 01000000 -hia p
+checkSuccess $?
+
+echo "Read the NV Index Name to be used above in Policy"
+${PREFIX}nvreadpublic -ha 01000000 -ns > run.out
+checkSuccess $?
+
+# Initial provisioning (Sealed Data)
+
+echo "Create a sealed data object"
+${PREFIX}create -hp 80000000 -nalg sha256 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto  -uwa -if msg.bin -pol policies/policyauthorizenv-unseal.bin > run.out
+checkSuccess $?
+
+# Once per new PCR approved values, signer authorizing PCRs in policysha256.bin
+
+echo "Openssl generate and sign aHash (empty policyRef) ${HALG}"
+openssl dgst -sha256 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaasha256.bin
+echo " INFO:"
+
+# Once per boot, simulating setting PCRs to authorized values, lock
+# the NV index, which is unloaded at reboot to permit platform auth to
+# roll the authorized signing key
+
+echo "Lock the NV Index"
+${PREFIX}nvwritelock -ha 01000000 -hia p
+checkSuccess $?
+
+echo "PCR 16 Reset"
+${PREFIX}pcrreset -ha 16 > run.out
+checkSuccess $?
+
+echo "Extend PCR 16 to correct value"
+${PREFIX}pcrextend -halg sha256 -ha 16 -if policies/aaa > run.out
+checkSuccess $?
+
+# At each unseal, or reuse the ticket tkt.bin for its lifetime
+
+echo "Load external just the public part of PEM authorizing key sha256 80000001"
+${PREFIX}loadexternal -hi p -halg sha256 -nalg sha256 -ipem policies/rsapubkey.pem -ns > run.out
+checkSuccess $?
+
+echo "Verify the signature to generate ticket 80000001 sha256"
+${PREFIX}verifysignature -hk 80000001 -halg sha256 -if policies/policypcr16aaasha256.bin -is pssig.bin -raw -tk tkt.bin > run.out
+checkSuccess $?
+
+# Run time unseal
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p -halg sha256 > run.out
+checkSuccess $?
+
+echo "Policy PCR, update with the correct PCR 16 value"
+${PREFIX}policypcr -halg sha256 -ha 03000000 -bm 10000 > run.out
+checkSuccess $?
+
+echo "Policy get digest - should be policies/policypcr16aaasha256.bin"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+# policyauthorize process
+
+echo "Policy authorize using the ticket"
+${PREFIX}policyauthorize -ha 03000000 -appr policies/policypcr16aaasha256.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be policies/policyauthorizesha256.bin"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Flush the authorizing public key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Policy Authorize NV against NV Index 01000000"
+${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin intermediate"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Policy command code - unseal"
+${PREFIX}policycommandcode -ha 03000000 -cc 0000015e > run.out
+checkSuccess $?
+
+echo "Get policy digest, should be policies/policyauthorizenv-unseal.bin final"
+${PREFIX}policygetdigest -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Load the sealed data object"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Unseal the data blob"
+${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+checkSuccess $?
+
+echo "Flush the sealed object"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+# cleanup 
+
+
+rm -f tmppriv.bin
+rm -f tmppub.bin
+
diff --git a/utils/regtests/testprimary.bat b/utils/regtests/testprimary.bat
new file mode 100644
index 000000000..ab8d9856e
--- /dev/null
+++ b/utils/regtests/testprimary.bat
@@ -0,0 +1,224 @@
+REM #############################################################################
+REM										#
+REM			TPM2 regression test					#
+REM			     Written by Ken Goldman				#
+REM		       IBM Thomas J. Watson Research Center			#
+REM		$Id: testprimary.bat 1278 2018-07-23 21:20:42Z kgoldman $	#
+REM										#
+REM (c) Copyright IBM Corporation 2015						#
+REM 										#
+REM All rights reserved.							#
+REM 										#
+REM Redistribution and use in source and binary forms, with or without		#
+REM modification, are permitted provided that the following conditions are	#
+REM met:									#
+REM 										#
+REM Redistributions of source code must retain the above copyright notice,	#
+REM this list of conditions and the following disclaimer.			#
+REM 										#
+REM Redistributions in binary form must reproduce the above copyright		#
+REM notice, this list of conditions and the following disclaimer in the		#
+REM documentation and/or other materials provided with the distribution.	#
+REM 										#
+REM Neither the names of the IBM Corporation nor the names of its		#
+REM contributors may be used to endorse or promote products derived from	#
+REM this software without specific prior written permission.			#
+REM 										#
+REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Primary key - CreatePrimary"
+echo ""
+
+echo "Create a primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Read the public part"
+%TPM_EXE_PATH%readpublic -ho 80000001  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Create a storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the primary storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the storage key under the primary key - should fail"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+  )
+
+echo ""
+echo "Primary key - CreatePrimary with no unique field"
+echo ""
+
+REM no unique 
+
+echo "Create a primary storage key with no unique field"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Create a storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the primary storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+REM empty unique
+
+echo "Create a primary storage key with no unique field"
+touch empty.bin
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -iu empty.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the original storage key under the primary key with empty unique field"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the primary storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo ""
+echo "Primary key - CreatePrimary with unique field"
+echo ""
+
+REM unique
+
+echo "Create a primary storage key with unique field"
+touch empty.bin
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -iu policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the original storage key under the primary key - should fail"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! EQU 0 (
+  exit /B 1
+  )
+
+echo "Create a storage key under the primary key"
+%TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the primary storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+REM same unique
+
+echo "Create a primary storage key with same unique field"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -iu policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Load the previous storage key under the primary key"
+%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+echo "Flush the primary storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+  )
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+
diff --git a/utils/regtests/testprimary.sh b/utils/regtests/testprimary.sh
new file mode 100755
index 000000000..073d04f44
--- /dev/null
+++ b/utils/regtests/testprimary.sh
@@ -0,0 +1,175 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testprimary.sh 1277 2018-07-23 20:30:23Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Primary key - CreatePrimary"
+echo ""
+
+echo "Create a primary storage key"
+${PREFIX}createprimary -hi p -pwdk sto > run.out
+checkSuccess $?
+
+echo "Read the public part"
+${PREFIX}readpublic -ho 80000001 > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key"
+${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the primary storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key - should fail"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkFailure $?
+
+echo ""
+echo "Primary key - CreatePrimary with no unique field"
+echo ""
+
+# no unique 
+
+echo "Create a primary storage key with no unique field"
+${PREFIX}createprimary -hi p -pwdk sto > run.out
+checkSuccess $?
+
+echo "Create a storage key under the primary key"
+${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the primary storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# empty unique
+
+echo "Create a primary storage key with empty unique field"
+touch empty.bin
+${PREFIX}createprimary -hi p -pwdk sto -iu empty.bin > run.out
+checkSuccess $?
+
+echo "Load the original storage key under the primary key with empty unique field"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the primary storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Primary key - CreatePrimary with unique field"
+echo ""
+
+# unique
+
+echo "Create a primary storage key with unique field"
+touch empty.bin
+${PREFIX}createprimary -hi p -pwdk sto -iu policies/aaa > run.out
+checkSuccess $?
+
+echo "Load the original storage key under the primary key - should fail"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkFailure $?
+
+echo "Create a storage key under the primary key"
+${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sto > run.out
+checkSuccess $?
+
+echo "Load the storage key under the primary key"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the primary storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# same unique
+
+echo "Create a primary storage key with same unique field"
+${PREFIX}createprimary -hi p -pwdk sto -iu policies/aaa > run.out
+checkSuccess $?
+
+echo "Load the previous storage key under the primary key"
+${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000002 > run.out
+checkSuccess $?
+
+echo "Flush the primary storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# cleanup
+
+rm -f empty.bin
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+
diff --git a/utils/regtests/testrng.bat b/utils/regtests/testrng.bat
new file mode 100644
index 000000000..5422a7841
--- /dev/null
+++ b/utils/regtests/testrng.bat
@@ -0,0 +1,59 @@
+REM #############################################################################
+REM										#
+REM			TPM2 regression test					#
+REM			     Written by Ken Goldman				#
+REM		       IBM Thomas J. Watson Research Center			#
+REM		$Id: testrng.bat 480 2015-12-29 22:41:45Z kgoldman $	#
+REM										#
+REM (c) Copyright IBM Corporation 2015						#
+REM 										#
+REM All rights reserved.							#
+REM 										#
+REM Redistribution and use in source and binary forms, with or without		#
+REM modification, are permitted provided that the following conditions are	#
+REM met:									#
+REM 										#
+REM Redistributions of source code must retain the above copyright notice,	#
+REM this list of conditions and the following disclaimer.			#
+REM 										#
+REM Redistributions in binary form must reproduce the above copyright		#
+REM notice, this list of conditions and the following disclaimer in the		#
+REM documentation and/or other materials provided with the distribution.	#
+REM 										#
+REM Neither the names of the IBM Corporation nor the names of its		#
+REM contributors may be used to endorse or promote products derived from	#
+REM this software without specific prior written permission.			#
+REM 										#
+REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Random Number Generator"
+echo ""
+
+echo "Stir Random"
+%TPM_EXE_PATH%stirrandom -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+echo "Get Random"
+%TPM_EXE_PATH%getrandom -by 64 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+  exit /B 1
+)
+
+exit /B 0
diff --git a/utils/regtests/testrng.sh b/utils/regtests/testrng.sh
new file mode 100755
index 000000000..5da840df0
--- /dev/null
+++ b/utils/regtests/testrng.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testrng.sh 979 2017-04-04 17:57:18Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015, 2016					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Random Number Generator"
+echo ""
+
+echo "Stir Random"
+${PREFIX}stirrandom -if policies/aaa > run.out
+checkSuccess $?
+
+echo "Get Random"
+${PREFIX}getrandom -by 64 > run.out
+checkSuccess $?
diff --git a/utils/regtests/testrsa.bat b/utils/regtests/testrsa.bat
new file mode 100644
index 000000000..06e137fe9
--- /dev/null
+++ b/utils/regtests/testrsa.bat
@@ -0,0 +1,302 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "RSA decryption key"
+echo ""
+
+echo "Load the decryption key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr derpriv.bin -ipu derpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "RSA encrypt with the encryption key"
+%TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "RSA decrypt with the decryption key"
+%TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin -pwdk dec > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the decrypt result"
+tail --bytes=3 dec.bin > tmp.bin
+diff policies/aaa tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the decryption key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "RSA decryption key to sign with OID"
+echo ""
+
+echo "Load the RSA decryption key"
+%TPM_EXE_PATH%load -hp 80000000 -ipu derpub.bin -ipr derpriv.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+set HSIZ=20 32 48 64
+set HALG=%ITERATE_ALGS%
+
+set i=0
+for %%a in (!HSIZ!) do set /A i+=1 & set HSIZ[!i!]=%%a
+set i=0
+for %%b in (!HALG!) do set /A i+=1 & set HALG[!i!]=%%b
+set L=!i!
+
+for /L %%i in (1,1,!L!) do (
+
+    echo "Decrypt/Sign with a caller specified OID - !HALG[%%i]!"
+    %TPM_EXE_PATH%rsadecrypt -hk 80000001 -pwdk dec -ie policies/!HALG[%%i]!aaa.bin -od tmpsig.bin -oid !HALG[%%i]! > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Encrypt/Verify - !HALG[%%i]!"
+    %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id tmpsig.bin -oe tmpmsg.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify Result - !HALG[%%i]! !HSIZ[%%i]! bytes"
+    tail --bytes=!HSIZ[%%i]! tmpmsg.bin > tmpdig.bin
+    diff tmpdig.bin policies/!HALG[%%i]!aaa.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+echo "Flush the RSA signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Import PEM RSA encryption key"
+echo ""
+test
+echo "generate the signing key with openssl"
+openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Import the encryption key under the primary key"
+    %TPM_EXE_PATH%importpem -hp 80000000 -den -pwdp sto -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Load the TPM encryption key"
+    %TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Sign the message %%~S - should fail"
+    %TPM_EXE_PATH%sign -hk 80000001 -pwdk rrrr -if policies/aaa -os tmpsig.bin %%~S > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+
+    echo "RSA encrypt with the encryption key"
+    %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "RSA decrypt with the decryption key %%~S"
+    %TPM_EXE_PATH%rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    tail --bytes=3 dec.bin > tmp.bin
+    diff policies/aaa tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the encryption key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Loadexternal DER encryption key"
+echo ""
+
+echo "generate the signing key with openssl"
+openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048
+
+echo "Convert key pair to plaintext DER format"
+
+openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%S in ("" "-se0 02000000 1") do (
+
+    echo "Load the openssl key pair in the NULL hierarchy 80000001"
+    %TPM_EXE_PATH%loadexternal -den -ider tmpkeypair.der -pwdk rrrr > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "RSA encrypt with the encryption key"
+    %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "RSA decrypt with the decryption key %%~S"
+    %TPM_EXE_PATH%rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin %%~S > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the decrypt result"
+    tail --bytes=3 dec.bin > tmp.bin
+    diff policies/aaa tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the encryption key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Encrypt with OpenSSL OAEP, decrypt with TPM"
+echo ""
+
+echo "Create OAEP encryption key"
+%TPM_EXE_PATH%create -hp 80000000 -pwdp sto -deo -kt f -kt p -halg sha1 -opr tmpprivkey.bin -opu tmppubkey.bin -opem tmppubkey.pem > run.out	
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load encryption key at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -pwdp sto -ipr tmpprivkey.bin -ipu tmppubkey.bin  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Encrypt using OpenSSL and the PEM public key"
+openssl rsautl -oaep -encrypt -inkey tmppubkey.pem -pubin -in policies/aaa -out enc.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Decrypt using TPM key at 80000001"
+%TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the decrypt result"
+diff policies/aaa dec.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the encryption key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+rm -f tmpmsg.bin
+rm -f tmpdig.bin
+rm -f tmpsig.bin
+rm -f tmpprivkey.bin 
+rm -f tmppubkey.bin
+rm -f tmppubkey.pem
+rm -f tmpprivkey.pem
+rm -f tmpkeypair.pem
+rm -f tmpkeypair.der
+
+exit /B 0
+
+REM  getcapability -cap 1 -pr 80000000
+REM  getcapability -cap 1 -pr 02000000
+REM 
+REM  flushcontext -ha 80000001
diff --git a/utils/regtests/testrsa.sh b/utils/regtests/testrsa.sh
new file mode 100755
index 000000000..9beb20644
--- /dev/null
+++ b/utils/regtests/testrsa.sh
@@ -0,0 +1,237 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	$Id: testrsa.sh 1307 2018-08-20 19:43:29Z kgoldman $			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2018					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "RSA decryption key"
+echo ""
+
+echo "Load the decryption key under the primary key"
+${PREFIX}load -hp 80000000 -ipr derpriv.bin -ipu derpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "RSA encrypt with the encryption key"
+${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out
+checkSuccess $?
+
+echo "RSA decrypt with the decryption key"
+${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin -pwdk dec > run.out
+checkSuccess $?
+
+echo "Verify the decrypt result"
+tail -c 3 dec.bin > tmp.bin
+diff policies/aaa tmp.bin > run.out
+checkSuccess $?
+
+echo "Flush the decryption key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "RSA decryption key to sign with OID"
+echo ""
+
+echo "Load the RSA decryption key"
+${PREFIX}load -hp 80000000 -ipu derpub.bin -ipr derpriv.bin -pwdp sto > run.out
+checkSuccess $?
+
+HALG=(${ITERATE_ALGS})
+HSIZ=("20" "32" "48" "64")
+
+for ((i = 0 ; i < 4 ; i++))
+do
+
+    echo "Decrypt/Sign with a caller specified OID - ${HALG[i]}"
+    ${PREFIX}rsadecrypt -hk 80000001 -pwdk dec -ie policies/${HALG[i]}aaa.bin -od tmpsig.bin -oid ${HALG[i]} > run.out
+    checkSuccess $?
+
+    echo "Encrypt/Verify - ${HALG[i]}"
+    ${PREFIX}rsaencrypt -hk 80000001 -id tmpsig.bin -oe tmpmsg.bin > run.out
+    checkSuccess $?
+
+    echo "Verify Result - ${HALG[i]} ${HSIZ[i]} bytes"
+    tail -c ${HSIZ[i]} tmpmsg.bin > tmpdig.bin
+    diff tmpdig.bin policies/${HALG[i]}aaa.bin > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the RSA signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Import PEM RSA encryption key"
+echo ""
+
+echo "generate the signing key with openssl"
+openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Import the encryption key under the primary key"
+    ${PREFIX}importpem -hp 80000000 -den -pwdp sto -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin > run.out
+    checkSuccess $?
+
+    echo "Load the TPM encryption key"
+    ${PREFIX}load -hp 80000000 -pwdp sto -ipu tmppub.bin -ipr tmppriv.bin > run.out
+    checkSuccess $?
+
+    echo "Sign the message ${SESS} - should fail"
+    ${PREFIX}sign -hk 80000001 -pwdk rrrr -if policies/aaa -os tmpsig.bin ${SESS} > run.out
+    checkFailure $?
+
+    echo "RSA encrypt with the encryption key"
+    ${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out
+    checkSuccess $?
+
+    echo "RSA decrypt with the decryption key ${SESS}"
+    ${PREFIX}rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    tail -c 3 dec.bin > tmp.bin
+    diff policies/aaa tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the encryption key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Loadexternal DER encryption key"
+echo ""
+
+echo "generate the signing key with openssl"
+openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048
+
+echo "Convert key pair to plaintext DER format"
+
+openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for SESS in "" "-se0 02000000 1"
+do
+
+    echo "Load the openssl key pair in the NULL hierarchy 80000001"
+    ${PREFIX}loadexternal -den -ider tmpkeypair.der -pwdk rrrr > run.out
+    checkSuccess $?
+
+    echo "RSA encrypt with the encryption key"
+    ${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out
+    checkSuccess $?
+
+    echo "RSA decrypt with the decryption key ${SESS}"
+    ${PREFIX}rsadecrypt -hk 80000001 -pwdk rrrr -ie enc.bin -od dec.bin ${SESS} > run.out
+    checkSuccess $?
+
+    echo "Verify the decrypt result"
+    tail -c 3 dec.bin > tmp.bin
+    diff policies/aaa tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the encryption key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo ""
+echo "Encrypt with OpenSSL OAEP, decrypt with TPM"
+echo ""
+
+echo "Create OAEP encryption key"
+${PREFIX}create -hp 80000000 -pwdp sto -deo -kt f -kt p -halg sha1 -opr tmpprivkey.bin -opu tmppubkey.bin -opem tmppubkey.pem > run.out	
+checkSuccess $?
+
+echo "Load encryption key at 80000001"
+${PREFIX}load -hp 80000000 -pwdp sto -ipr tmpprivkey.bin -ipu tmppubkey.bin  > run.out
+checkSuccess $?
+
+echo "Encrypt using OpenSSL and the PEM public key"
+openssl rsautl -oaep -encrypt -inkey tmppubkey.pem -pubin -in policies/aaa -out enc.bin > run.out
+checkSuccess $?
+
+echo "Decrypt using TPM key at 80000001"
+${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin > run.out
+checkSuccess $?
+
+echo "Verify the decrypt result"
+diff policies/aaa dec.bin > run.out
+checkSuccess $?
+
+echo "Flush the encryption key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+rm -f tmpmsg.bin
+rm -f tmpdig.bin
+rm -f tmpsig.bin
+rm -f tmpprivkey.bin 
+rm -f tmppubkey.bin
+rm -f tmppubkey.pem
+rm -f tmpprivkey.pem
+rm -f tmpkeypair.pem
+rm -f tmpkeypair.der
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+# ${PREFIX}getcapability -cap 1 -pr 02000000
+
+# ${PREFIX}flushcontext -ha 80000001
diff --git a/utils/regtests/testsalt.bat b/utils/regtests/testsalt.bat
new file mode 100644
index 000000000..785d7ffd1
--- /dev/null
+++ b/utils/regtests/testsalt.bat
@@ -0,0 +1,433 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Salt Session - Load"
+echo ""
+
+for %%A in ("-rsa" "-ecc nistp256") do (
+
+    for %%H in (%ITERATE_ALGS%) do (
+
+	REM In general a storage key can be used.  A decryption key is
+	REM used here because the hash algorithm doesn't have to match
+	REM that of the parent.
+
+    	echo "Create a %%A %%H storage key under the primary key "
+	%TPM_EXE_PATH%create -hp 80000000 -nalg %%H -halg %%H %%~A -deo -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 222 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+	
+	echo "Load the %%A storage key 80000001 under the primary key"
+	%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+	
+	echo "Start a %%A salted HMAC auth session"
+	%TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+	
+	echo "Create a signing key using the salt"
+	%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+	
+	echo "Flush the storage key"
+	%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+	   exit /B 1
+	)
+    )
+)
+
+echo ""
+echo "Salt Session - Load External"
+echo ""
+
+echo "Create RSA and ECC key pairs in PEM format using openssl"
+  
+openssl genrsa -out tmpkeypairrsa.pem -aes256 -passout pass:rrrr 2048 > run.out
+openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out
+
+echo "Convert key pair to plaintext DER format"
+
+openssl rsa -inform pem -outform der -in tmpkeypairrsa.pem -out tmpkeypairrsa.der -passin pass:rrrr > run.out
+openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Load the RSA openssl key pair in the NULL hierarchy 80000001 - %%H"
+    %TPM_EXE_PATH%loadexternal -halg %%H -st -ider tmpkeypairrsa.der > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Start a salted HMAC auth session"
+    %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a signing key using the salt"
+    %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Load the ECC openssl key pair in the NULL hierarchy 80000001 - %%H"
+    %TPM_EXE_PATH%loadexternal -ecc -halg %%H -st -ider tmpkeypairecc.der > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Start a salted HMAC auth session"
+    %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a signing key using the salt"
+    %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo ""
+echo "Salt Session - CreatePrimary storage key"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+    
+    echo "Create a primary storage key - %%H"
+    %TPM_EXE_PATH%createprimary -nalg %%H -hi p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Start a salted HMAC auth session"
+    %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a signing key using the salt"
+    %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the storage key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo ""
+echo "Salt Session - CreatePrimary RSA key"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+    
+    echo "Create a primary RSA key - %%H"
+    %TPM_EXE_PATH%createprimary -nalg %%H -halg %%H -hi p -deo > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Start a salted HMAC auth session"
+    %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Create a primary HMAC key using the salt"
+    %TPM_EXE_PATH%createprimary -kh -se0 02000000 0 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the HMAC key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the RSA key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo ""
+echo "Salt Session - EvictControl"
+echo ""
+
+echo "Load the storage key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Make the storage key persistent"
+%TPM_EXE_PATH%evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a salted HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h -hs 81800000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key using the salt"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key from transient memory"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key from persistent memory"
+%TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Salt Session - ContextSave and ContextLoad"
+echo ""
+
+echo "Load the storage key at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save context for the key at 80000001"
+%TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key at 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load context, new storage key at 80000001"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a salted HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key using the salt"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the context loaded key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Salt Audit Session - PCR Read, Read Public, NV Read Public"
+echo ""
+
+echo "Load the storage key at 80000001"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a salted HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR read with salted audit session"
+%TPM_EXE_PATH%pcrread -ha 16 -se0 02000000 81 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read public with salted audit session"
+%TPM_EXE_PATH%readpublic -ho 80000001 -se0 02000000 81 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV define space"
+%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Read public with salted audit session"
+%TPM_EXE_PATH%nvreadpublic -ha 01000000 -se0 02000000 81 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the salt session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV undefine space"
+%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+
+echo ""
+echo "Salt Policy Session with policyauthvalue"
+echo ""
+
+echo "Load RSA the storage key 80000001 under the primary key 80000000"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start a salted policy session"
+%TPM_EXE_PATH%startauthsession -se p -hs 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy command code - create"
+%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Policy authvalue"
+%TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key using the salt"
+%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the storage key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Salt Policy Session with no policyauthvalue"
+echo ""
+
+echo "Start a salted policy session"
+%TPM_EXE_PATH%startauthsession -se p -hs 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create a signing key using the salt"
+%TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -se0 03000000 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+rm -f tmpkeypairrsa.pem
+rm -f tmpkeypairecc.pem
+rm -f tmpkeypairrsa.der
+rm -f tmpkeypairecc.der
+
+exit /B 0
+
+REM getcapability -cap 1 -pr 80000000
+
diff --git a/utils/regtests/testsalt.sh b/utils/regtests/testsalt.sh
new file mode 100755
index 000000000..cf1959622
--- /dev/null
+++ b/utils/regtests/testsalt.sh
@@ -0,0 +1,347 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "Salt Session - Load"
+echo ""
+
+# mbedtls port does not support ECC salted sessions yet
+
+if   [ ${CRYPTOLIBRARY} == "openssl" ]; then
+    SALTALGS=("-rsa" "-ecc nistp256")
+elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then
+    SALTALGS=("-rsa")
+else
+    echo "Error: crypto library ${CRYPTOLIBRARY} not supported"
+    exit 255
+fi
+
+for ASY in "${SALTALGS[@]}"
+do
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	# In general a storage key can be used.  A decryption key is
+	# used here because the hash algorithm doesn't have to match
+	# that of the parent.
+
+	echo "Create a ${ASY} ${HALG} decryption key under the primary key "
+	${PREFIX}create -hp 80000000 -nalg ${HALG} -halg ${HALG} ${ASY} -deo -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 222 > run.out
+	checkSuccess $?
+
+	echo "Load the ${ASY} storage key 80000001 under the primary key"
+	${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+	checkSuccess $?
+
+	echo "Start a ${ASY} salted HMAC auth session"
+	${PREFIX}startauthsession -se h -hs 80000001 > run.out
+	checkSuccess $?
+
+	echo "Create a signing key using the salt"
+	${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+	checkSuccess $?
+
+	echo "Flush the storage key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+    done
+done
+
+echo ""
+echo "Salt Session - Load External"
+echo ""
+
+echo "Create RSA and ECC key pairs in PEM format using openssl"
+  
+openssl genrsa -out tmpkeypairrsa.pem -aes256 -passout pass:rrrr 2048 > run.out
+openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out
+
+echo "Convert key pair to plaintext DER format"
+
+openssl rsa -inform pem -outform der -in tmpkeypairrsa.pem -out tmpkeypairrsa.der -passin pass:rrrr > run.out
+openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Load the RSA openssl key pair in the NULL hierarchy 80000001 - ${HALG}"
+    ${PREFIX}loadexternal -rsa -halg ${HALG} -st -ider tmpkeypairrsa.der > run.out
+    checkSuccess $?
+
+    echo "Start a salted HMAC auth session"
+    ${PREFIX}startauthsession -se h -hs 80000001 > run.out
+    checkSuccess $?
+
+    echo "Create a signing key using the salt"
+    ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+    checkSuccess $?
+
+    echo "Flush the storage key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+if [ ${CRYPTOLIBRARY} == "openssl" ]; then
+    for HALG in ${ITERATE_ALGS}
+    do
+
+	echo "Load the ECC openssl key pair in the NULL hierarchy 80000001 - ${HALG}"
+	${PREFIX}loadexternal -ecc -halg ${HALG} -st -ider tmpkeypairecc.der > run.out
+	checkSuccess $?
+
+	echo "Start a salted HMAC auth session"
+	${PREFIX}startauthsession -se h -hs 80000001 > run.out
+	checkSuccess $?
+
+	echo "Create a signing key using the salt"
+	${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+	checkSuccess $?
+
+	echo "Flush the storage key"
+	${PREFIX}flushcontext -ha 80000001 > run.out
+	checkSuccess $?
+
+    done
+fi
+
+echo ""
+echo "Salt Session - CreatePrimary storage key"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+    
+    echo "Create a primary storage key - $HALG"
+    ${PREFIX}createprimary -nalg $HALG -hi p > run.out
+    checkSuccess $?
+
+    echo "Start a salted HMAC auth session"
+    ${PREFIX}startauthsession -se h -hs 80000001 > run.out
+    checkSuccess $?
+
+    echo "Create a signing key using the salt"
+    ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+    checkSuccess $?
+
+    echo "Flush the storage key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Salt Session - CreatePrimary RSA key"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+    
+    echo "Create a primary RSA key - $HALG"
+    ${PREFIX}createprimary -nalg $HALG -halg $HALG -hi p -deo > run.out
+    checkSuccess $?
+
+    echo "Start a salted HMAC auth session"
+    ${PREFIX}startauthsession -se h -hs 80000001 > run.out
+    checkSuccess $?
+
+    echo "Create a primary HMAC key using the salt"
+    ${PREFIX}createprimary -kh -se0 02000000 0 > run.out
+    checkSuccess $?
+
+    echo "Flush the HMAC key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+    echo "Flush the RSA key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Salt Session - EvictControl"
+echo ""
+
+echo "Load the storage key"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Make the storage key persistent"
+${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out
+checkSuccess $?
+
+echo "Start a salted HMAC auth session"
+${PREFIX}startauthsession -se h -hs 81800000 > run.out
+checkSuccess $?
+
+echo "Create a signing key using the salt"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the storage key from transient memory"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the storage key from persistent memory"
+${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out
+checkSuccess $?
+
+echo ""
+echo "Salt Session - ContextSave and ContextLoad"
+echo ""
+
+echo "Load the storage key at 80000001"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Save context for the key at 80000001"
+${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Flush the storage key at 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Load context, new storage key at 80000001"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Start a salted HMAC auth session"
+${PREFIX}startauthsession -se h -hs 80000001 > run.out
+checkSuccess $?
+
+echo "Create a signing key using the salt"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 333 -se0 02000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the context loaded key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Salt Audit Session - PCR Read, Read Public, NV Read Public"
+echo ""
+
+echo "Load the storage key at 80000001"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a salted HMAC auth session"
+${PREFIX}startauthsession -se h -hs 80000001 > run.out
+checkSuccess $?
+
+echo "PCR read with salted audit session"
+${PREFIX}pcrread -ha 16 -se0 02000000 81 > run.out
+checkSuccess $?
+
+echo "Read public with salted audit session"
+${PREFIX}readpublic -ho 80000001 -se0 02000000 81 > run.out
+checkSuccess $?
+
+echo "NV define space"
+${PREFIX}nvdefinespace -ha 01000000 -hi p > run.out
+checkSuccess $?
+
+echo "NV Read public with salted audit session"
+${PREFIX}nvreadpublic -ha 01000000 -se0 02000000 81 > run.out
+checkSuccess $?
+
+echo "Flush the storage key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the salt session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "NV undefine space"
+${PREFIX}nvundefinespace -ha 01000000 -hi p > run.out
+checkSuccess $?
+
+echo ""
+echo "Salt Policy Session with policyauthvalue"
+echo ""
+
+echo "Load RSA the storage key 80000001 under the primary key 80000000"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a salted policy session"
+${PREFIX}startauthsession -se p -hs 80000001 > run.out
+checkSuccess $?
+
+echo "Policy command code - create"
+${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out
+checkSuccess $?
+
+echo "Policy authvalue"
+${PREFIX}policyauthvalue -ha 03000000 > run.out
+checkSuccess $?
+
+echo "Create a signing key using the salt"
+${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -se0 03000000 0 > run.out
+checkSuccess $?
+
+echo "Flush the storage key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Salt Policy Session with no policyauthvalue"
+echo ""
+
+echo "Start a salted policy session"
+${PREFIX}startauthsession -se p -hs 80000000 > run.out
+checkSuccess $?
+
+echo "Create a signing key using the salt"
+${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -se0 03000000 0 > run.out
+checkSuccess $?
+
+rm -f tmpkeypairrsa.pem
+rm -f tmpkeypairecc.pem
+rm -f tmpkeypairrsa.der
+rm -f tmpkeypairecc.der
+# ${PREFIX}getcapability -cap 1 -pr 80000000
+
diff --git a/utils/regtests/testshutdown.bat b/utils/regtests/testshutdown.bat
new file mode 100644
index 000000000..fe7138e77
--- /dev/null
+++ b/utils/regtests/testshutdown.bat
@@ -0,0 +1,541 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+REM 01000000    WST
+REM 01000001 WD WST
+REM 01000002 GL
+REM 01000003 GL WD
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "TPM Resume (state/state) - suspend"
+echo ""
+
+echo "PCR 0 Extend"
+%TPM_EXE_PATH%pcrextend -ha 0 -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR 0 Read"
+%TPM_EXE_PATH%pcrread -ha 0 -of tmp1.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save the session context"
+%TPM_EXE_PATH%contextsave -ha 02000001 -of tmp.bin > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Context save the signing key"
+%TPM_EXE_PATH%contextsave -ha 80000001 -of tmpsk.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Define index 01000000 with write stclear, read stclear"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst +at wst > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Define index 01000001 with write stclear, read stclear"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at rst +at wst +at wd > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Define index 01000002 with write stclear, read stclear"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000002 -pwdn nnn -sz 16 +at rst +at gl > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Define index 01000003 with write stclear, read stclear"
+%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000003 -pwdn nnn -sz 16 +at rst +at gl +at wd > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000000"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000001"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000002"
+%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000003"
+%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Read lock"
+%TPM_EXE_PATH%nvreadlock -ha 01000000 -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write lock 01000000"
+%TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write lock 01000001"
+%TPM_EXE_PATH%nvwritelock -ha 01000001 -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV global lock (01000002 and 01000003)"
+%TPM_EXE_PATH%nvglobalwritelock -hia p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000001 - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000002 - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000003 - should fail"
+%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Shutdown state"
+%TPM_EXE_PATH%shutdown -s > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Power cycle"
+%TPM_EXE_PATH%powerup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Startup state"
+%TPM_EXE_PATH%startup -s > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR 0 Read"
+%TPM_EXE_PATH%pcrread -ha 0 -of tmp2.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify that PCR 0 is restored"
+diff tmp1.bin tmp2.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Context load the signing key"
+%TPM_EXE_PATH%contextload -if tmpsk.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Signing Key Self Certify"
+%TPM_EXE_PATH%certify -hk 80000000 -ho 80000000 -pwdk sig -pwdo sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Signing Key Self Certify - should fail, signing key missing"
+%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Load the signing key - should fail, primary key missing"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Create a platform primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Signing Key Self Certify - should fail, signing key missing"
+%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Load the signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Signing Key Self Certify - should fail, session missing"
+%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Load the saved session context"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Signing Key Self Certify"
+%TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000001 0 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000000 - should fail, still locked after TPM Resume"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000001 - should fail, still locked after TPM Resume"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000002 - should fail, still locked after TPM Resume"
+%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000003 - should fail, still locked after TPM Resume"
+%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV read - should fail, still locked"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "TPM Restart (state/clear) - hibernate"
+echo ""
+
+echo "Load the signing key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Context save the signing key"
+%TPM_EXE_PATH%contextsave -ha 80000001 -of tmpsk.bin > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Start a session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save the session"
+%TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Shutdown state"
+%TPM_EXE_PATH%shutdown -s > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Power cycle"
+%TPM_EXE_PATH%powerup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Startup clear"
+%TPM_EXE_PATH%startup -c > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the session"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Context load the signing key"
+%TPM_EXE_PATH%contextload -if tmpsk.bin > run.out 
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "PCR 0 Read"
+%TPM_EXE_PATH%pcrread -ha 0 -halg sha1 -of tmp2.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify that PCR 0 is reset"
+diff policies/policypcr0.bin tmp2.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000000 - unlocked after TPM Restart"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000001 - should fail, still locked after TPM Restart"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000002 - unlocked after TPM Restart"
+%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000003 - should fail, still locked after TPM Restart"
+%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV read"
+%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Write lock 01000000"
+%TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV global lock (01000002 and 01000003)"
+%TPM_EXE_PATH%nvglobalwritelock -hia p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Recreate a platform primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "TPM Reset (clear/clear) - cold boot"
+echo ""
+
+echo "Start a session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Save the session"
+%TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Shutdown clear"
+%TPM_EXE_PATH%shutdown -c > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Power cycle"
+%TPM_EXE_PATH%powerup > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Startup clear"
+%TPM_EXE_PATH%startup -c > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the session - should fail"
+%TPM_EXE_PATH%contextload -if tmp.bin > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Recreate a platform primary storage key"
+%TPM_EXE_PATH%createprimary -hi p -pwdk sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000000 - unlocked after TPM Reset"
+%TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000001 - should fail, still locked after TPM Reset"
+%TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV write 01000002 - unlocked after TPM Reset"
+%TPM_EXE_PATH%nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV write 01000003 - should fail, still locked after TPM Reset"
+%TPM_EXE_PATH%nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "NV Undefine Space 01000000"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space 01000001"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space 01000002"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000002 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "NV Undefine Space 01000003"
+%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000003 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM shutdown removes the session
+rm h02000000.bin
+rm tmpsk.bin
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
+REM getcapability  -cap 1 -pr 01000000
diff --git a/utils/regtests/testshutdown.sh b/utils/regtests/testshutdown.sh
new file mode 100755
index 000000000..6b9041a3e
--- /dev/null
+++ b/utils/regtests/testshutdown.sh
@@ -0,0 +1,396 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# NV Index
+# 01000000    WST
+# 01000001 WD WST
+# 01000002 GL
+# 01000003 GL WD
+
+echo ""
+echo "TPM Resume (state/state) - suspend"
+echo ""
+
+echo "PCR 0 Extend"
+${PREFIX}pcrextend -ha 0 -if policies/aaa > run.out
+checkSuccess $?
+
+echo "PCR 0 Read"
+${PREFIX}pcrread -ha 0 -of tmp1.bin > run.out
+checkSuccess $?
+
+echo "Start an HMAC session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Start an HMAC session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Save the session context"
+${PREFIX}contextsave -ha 02000001 -of tmp.bin > run.out 
+checkSuccess $?
+
+echo "Load the signing key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Context save the signing key"
+${PREFIX}contextsave -ha 80000001 -of tmpsk.bin > run.out 
+checkSuccess $?
+
+echo "Define index 01000000 with write stclear, read stclear"
+${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst +at wst > run.out
+checkSuccess $?
+
+echo "Define index 01000001 with write stclear, read stclear"
+${PREFIX}nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at rst +at wst +at wd > run.out
+checkSuccess $?
+
+echo "Define index 01000002 with write stclear, read stclear"
+${PREFIX}nvdefinespace -hi o -ha 01000002 -pwdn nnn -sz 16 +at rst +at gl > run.out
+checkSuccess $?
+
+echo "Define index 01000003 with write stclear, read stclear"
+${PREFIX}nvdefinespace -hi o -ha 01000003 -pwdn nnn -sz 16 +at rst +at gl +at wd > run.out
+checkSuccess $?
+
+echo "NV write 01000000"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000001"
+${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000002"
+${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000003"
+${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "Read lock"
+${PREFIX}nvreadlock -ha 01000000 -pwdn nnn > run.out
+checkSuccess $?
+
+echo "Write lock 01000000"
+${PREFIX}nvwritelock -ha 01000000 -pwdn nnn > run.out
+checkSuccess $?
+
+echo "Write lock 01000001"
+${PREFIX}nvwritelock -ha 01000001 -pwdn nnn > run.out
+checkSuccess $?
+
+echo "NV global lock (01000002 and 01000003)"
+${PREFIX}nvglobalwritelock -hia p > run.out
+checkSuccess $?
+
+echo "NV write 01000000 - should fail"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000001 - should fail"
+${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000002 - should fail"
+${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000003 - should fail"
+${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "Shutdown state"
+${PREFIX}shutdown -s > run.out
+checkSuccess $?
+
+echo "Power cycle"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup state"
+${PREFIX}startup -s > run.out
+checkSuccess $?
+
+echo "PCR 0 Read"
+${PREFIX}pcrread -ha 0 -of tmp2.bin > run.out
+checkSuccess $?
+
+echo "Verify that PCR 0 is restored"
+diff tmp1.bin tmp2.bin > run.out
+checkSuccess $?
+
+echo "Context load the signing key"
+${PREFIX}contextload -if tmpsk.bin > run.out 
+checkSuccess $?
+
+echo "Signing Key Self Certify"
+${PREFIX}certify -hk 80000000 -ho 80000000 -pwdk sig -pwdo sig > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000000 > run.out
+checkSuccess $?
+
+echo "Signing Key Self Certify - should fail, signing key missing"
+${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out
+checkFailure $?
+
+echo "Load the signing key - should fail, primary key missing"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkFailure $?
+
+# Create a platform primary storage key
+initprimary
+checkSuccess $?
+
+echo "Signing Key Self Certify - should fail, signing key missing"
+${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out
+checkFailure $?
+
+echo "Load the signing key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Signing Key Self Certify - should fail, session missing"
+${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out
+checkFailure $?
+
+echo "Load the saved session context"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Signing Key Self Certify"
+${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000001 0 > run.out
+checkSuccess $?
+
+echo "NV write 01000000 - should fail, still locked after TPM Resume"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000001 - should fail, still locked after TPM Resume"
+${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000002 - should fail, still locked after TPM Resume"
+${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000003 - should fail, still locked after TPM Resume"
+${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV read - should fail, still locked"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 > run.out
+checkFailure $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "TPM Restart (state/clear) - hibernate"
+echo ""
+
+echo "Load the signing key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Context save the signing key"
+${PREFIX}contextsave -ha 80000001 -of tmpsk.bin > run.out 
+checkSuccess $?
+
+echo "Start a session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Save the session"
+${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Shutdown state"
+${PREFIX}shutdown -s > run.out
+checkSuccess $?
+
+echo "Power cycle"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup clear"
+${PREFIX}startup -c > run.out
+checkSuccess $?
+
+echo "Load the session"
+${PREFIX}contextload -if tmp.bin > run.out
+checkSuccess $?
+
+echo "Flush the session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+echo "Context load the signing key"
+${PREFIX}contextload -if tmpsk.bin > run.out 
+checkSuccess $?
+
+echo "PCR 0 Read"
+${PREFIX}pcrread -ha 0 -halg sha1 -of tmp2.bin > run.out
+checkSuccess $?
+
+echo "Verify that PCR 0 is reset"
+diff policies/policypcr0.bin tmp2.bin > run.out
+checkSuccess $?
+
+echo "NV write 01000000 - unlocked after TPM Restart"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000001 - should fail, still locked after TPM Restart"
+${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000002 - unlocked after TPM Restart"
+${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000003 - should fail, still locked after TPM Restart"
+${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV read"
+${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 > run.out
+checkSuccess $?
+
+echo "Write lock 01000000"
+${PREFIX}nvwritelock -ha 01000000 -pwdn nnn > run.out
+checkSuccess $?
+
+echo "NV global lock (01000002 and 01000003)"
+${PREFIX}nvglobalwritelock -hia p > run.out
+checkSuccess $?
+
+echo "Recreate a platform primary storage key"
+${PREFIX}createprimary -hi p -pwdk sto > run.out
+checkSuccess $?
+
+echo ""
+echo "TPM Reset (clear/clear) - cold boot"
+echo ""
+
+echo "Start a session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+echo "Save the session"
+${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Shutdown clear"
+${PREFIX}shutdown -c > run.out
+checkSuccess $?
+
+echo "Power cycle"
+${PREFIX}powerup > run.out
+checkSuccess $?
+
+echo "Startup clear"
+${PREFIX}startup -c > run.out
+checkSuccess $?
+
+echo "Load the session - should fail"
+${PREFIX}contextload -if tmp.bin > run.out
+checkFailure $?
+
+echo "Recreate a platform primary storage key"
+${PREFIX}createprimary -hi p -pwdk sto > run.out
+checkSuccess $?
+
+echo "NV write - unlocked after TPM Reset"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000000 - unlocked after TPM Reset"
+${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000001 - should fail, still locked after TPM Reset"
+${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+echo "NV write 01000002 - unlocked after TPM Reset"
+${PREFIX}nvwrite -ha 01000002 -pwdn nnn -if policies/aaa > run.out
+checkSuccess $?
+
+echo "NV write 01000003 - should fail, still locked after TPM Reset"
+${PREFIX}nvwrite -ha 01000003 -pwdn nnn -if policies/aaa > run.out
+checkFailure $?
+
+# cleanup 
+
+echo "NV Undefine Space 01000000"
+${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space 01000001"
+${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space 01000002"
+${PREFIX}nvundefinespace -hi p -ha 01000002 > run.out
+checkSuccess $?
+
+echo "NV Undefine Space 01000003"
+${PREFIX}nvundefinespace -hi p -ha 01000003 > run.out
+checkSuccess $?
+
+# shutdown removes the session
+rm h02000000.bin
+rm tmpsk.bin
+
+exit
+
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
+# ${PREFIX}getcapability  -cap 1 -pr 01000000
diff --git a/utils/regtests/testsign.bat b/utils/regtests/testsign.bat
new file mode 100644
index 000000000..008f97a9a
--- /dev/null
+++ b/utils/regtests/testsign.bat
@@ -0,0 +1,503 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "RSA Signing key"
+echo ""
+
+REM # loop over unrestricted hash algorithms
+
+echo "Load the RSA signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Create an RSA key pair in PEM format using openssl"
+  
+openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048 > run.out
+
+echo "Convert key pair to plaintext DER format"
+
+openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out
+
+for %%H in (%ITERATE_ALGS%) do (
+    for %%S in (rsassa rsapss) do (
+
+	    echo "Sign a digest - %%H"
+	    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -scheme %%S -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin  > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Verify the signature signature using the TPM - %%H"
+	    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Verify the signature using PEM - %%H"
+	    %TPM_EXE_PATH%verifysignature -ipem signrsapub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Read the public part"
+	    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Verify the signature using readpublic PEM - %%H"
+	    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Load the openssl key pair in the NULL hierarchy - %%H"
+	    %TPM_EXE_PATH%loadexternal -halg %%H -scheme %%S -ider tmpkeypair.der > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Use the TPM as a crypto coprocessor to sign - %%H" 
+	    %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -scheme %%S -if policies/aaa -os sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Verify the signature - %%H"
+	    %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+	
+	    echo "Flush the openssl signing key"
+	    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	    IF !ERRORLEVEL! NEQ 0 (
+	       exit /B 1
+	    )
+    )
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "ECC Signing key"
+echo ""
+
+echo "Create an ECC key pair in PEM format using openssl"
+  
+openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out
+
+echo "Convert key pair to plaintext DER format"
+
+openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out
+
+echo "Load the ECC signing key under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Sign a digest - %%H"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the ECC signature using the TPM - %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -ecc -if policies/aaa -is sig.bin  > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using PEM - %%H"
+    %TPM_EXE_PATH%verifysignature -ipem signeccpub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+   
+    echo "Read the public part"
+    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using readpublic PEM - %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Load the openssl key pair in the NULL hierarchy 80000002 - %%H"
+    %TPM_EXE_PATH%loadexternal -halg %%H -ecc -ider tmpkeypairecc.der > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Use the TPM as a crypto coprocessor to sign - %%H" 
+    %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -salg ecc -if policies/aaa -os sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature - %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -ecc -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Flush the openssl signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+)
+
+echo "Flush the ECC signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+echo ""
+echo "Primary RSA Signing Key 80000001"
+echo ""
+
+echo "Create primary signing key - RSA"
+%TPM_EXE_PATH%createprimary -si -opu tmppub.bin -opem tmppub.pem -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%H in (%ITERATE_ALGS%) do (
+    
+    echo "Sign a digest - %%H"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature - %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using PEM - %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Read the public part"
+    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using readpublic PEM - %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Convert TPM public key to PEM"
+    %TPM_EXE_PATH%tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using createprimary converted PEM -  %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg  %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the primary signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Primary ECC Signing Key"
+echo ""
+
+echo "Create primary signing key - ECC 80000001"
+%TPM_EXE_PATH%createprimary -si -opu tmppub.bin -opem tmppub.pem -ecc nistp256 -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%H in (%ITERATE_ALGS%) do (
+    
+    echo "Sign a digest - %%H"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature - %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using PEM - %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Read the public part"
+    %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using readpublic PEM - %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+    echo "Convert TPM public key to PEM"
+    %TPM_EXE_PATH%tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+    echo "Verify the signature using createprimary converted PEM -  %%H"
+    %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg  %%H -if policies/aaa -is sig.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+       exit /B 1
+    )
+
+)
+
+echo "Flush the primary signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Restricted Signing Key"
+echo ""
+
+echo "Create primary signing key - restricted"
+%TPM_EXE_PATH%createprimary -sir -opu tmppub.bin -pwdk sig > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a digest - SHA256 - should fail TPM_RC_TICKET"
+%TPM_EXE_PATH%sign -hk 80000001 -halg sha256  -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out
+IF !ERRORLEVEL! EQU 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "External Verification Key"
+echo ""
+
+REM # create rsaprivkey.pem
+REM # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048
+REM # extract the public key
+REM # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem 
+REM # sign a test message msg.bin
+REM # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+
+echo "Load external just the public part of PEM RSA"
+%TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a test message with openssl RSA"
+openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+
+echo "Verify the RSA signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+REM # generate the p256 key
+REM # > openssl ecparam -name prime256v1 -genkey -noout -out p256privkey.pem
+REM # extract public key
+REM # > openssl pkey -inform pem -outform pem -in p256privkey.pem -pubout -out p256pubkey.pem
+
+echo "Load external just the public part of PEM ECC"
+%TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/p256pubkey.pem -ecc > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Sign a test message with openssl ECC"
+openssl dgst -sha1 -sign policies/p256privkey.pem -out pssig.bin msg.bin
+
+echo "Verify the ECC signature"
+%TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Flush the signing key"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "Sign with restricted HMAC key"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create a %%H restricted keyed hash key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000000 -khr -kt f -kt p -opr khrpriv%%H.bin -opu khrpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the signing key under the primary key 80000001"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr  khrpriv%%H.bin -ipu khrpub%%H.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Hash and create ticket"
+    %TPM_EXE_PATH%hash -hi p -halg %%H -if msg.bin -tk tkt.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest with a restricted signing key and ticket"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg hmac -if msg.bin -tk tkt.bin -os sig.bin -pwdk khk > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest with a restricted signing key and no ticket - should fail"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out
+    IF !ERRORLEVEL! EQU 0 (
+        exit /B 1
+    )
+    
+    echo "Flush the signing key 80000001 "
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+)
+
+echo ""
+echo "Sign with unrestricted HMAC key"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create a %%H unrestricted keyed hash key under the primary key"
+    %TPM_EXE_PATH%create -hp 80000000 -kh -kt f -kt p -opr khpriv%%H.bin -opu khpub%%H.bin -pwdp sto -pwdk khk -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the signing key under the primary key 80000001"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr  khpriv%%H.bin -ipu khpub%%H.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Hash"
+    %TPM_EXE_PATH%hash -hi p -halg %%H -if msg.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Sign a digest with an unrestricted signing key"
+    %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+    
+    echo "Flush the signing key 80000001 "
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+rm tmpkeypair.pem
+rm tmpkeypair.der
+rm tmpkeypairecc.pem
+rm tmpkeypairecc.der
+rm pssig.bin
+rm tmppub.bin
+rm tmppub.pem
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testsign.sh b/utils/regtests/testsign.sh
new file mode 100755
index 000000000..5650a2771
--- /dev/null
+++ b/utils/regtests/testsign.sh
@@ -0,0 +1,400 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+echo ""
+echo "RSA Signing key"
+echo ""
+
+# loop over unrestricted hash algorithms
+
+echo "Load the RSA signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signrsapriv.bin -ipu signrsapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Create an RSA key pair in PEM format using openssl"
+  
+openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048 > run.out
+
+echo "Convert key pair to plaintext DER format"
+
+openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    for SCHEME in rsassa rsapss
+    do
+
+	echo "Sign a digest - $HALG $SCHEME"
+	${PREFIX}sign -hk 80000001 -halg $HALG -scheme $SCHEME -if policies/aaa -os sig.bin -pwdk sig -ipu signrsapub.bin > run.out
+	checkSuccess $?
+
+	echo "Verify the signature using the TPM - $HALG"
+	${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out
+	checkSuccess $?
+
+	echo "Verify the signature using PEM - $HALG"
+	${PREFIX}verifysignature -ipem signrsapub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+	checkSuccess $?
+
+	echo "Read the public part"
+	${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out
+	checkSuccess $?
+
+	echo "Verify the signature using readpublic PEM - $HALG"
+	${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+	checkSuccess $?
+
+	echo "Load the openssl key pair in the NULL hierarchy 80000002 - $HALG $SCHEME"
+	${PREFIX}loadexternal -halg $HALG -scheme $SCHEME -ider tmpkeypair.der > run.out
+	checkSuccess $?
+
+	echo "Use the TPM as a crypto coprocessor to sign - $HALG $SCHEME" 
+	${PREFIX}sign -hk 80000002 -halg $HALG -scheme $SCHEME -if policies/aaa -os sig.bin > run.out
+	checkSuccess $?
+
+	echo "Verify the signature - $HALG"
+	${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is sig.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the openssl signing key"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+    
+    done
+
+done
+
+echo "Flush the RSA signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "ECC Signing key"
+echo ""
+
+echo "Load the ECC signing key under the primary key"
+${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Create an ECC key pair in PEM format using openssl"
+  
+openssl ecparam -name prime256v1 -genkey -noout -out tmpkeypairecc.pem > run.out
+
+echo "Convert key pair to plaintext DER format"
+
+openssl ec -inform pem -outform der -in tmpkeypairecc.pem -out tmpkeypairecc.der -passin pass:rrrr > run.out
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Sign a digest - $HALG"
+    ${PREFIX}sign -hk 80000001 -halg $HALG -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out
+    checkSuccess $?
+
+    echo "Verify the ECC signature using the TPM - $HALG"
+    ${PREFIX}verifysignature -hk 80000001 -halg $HALG -ecc -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using PEM - $HALG"
+    ${PREFIX}verifysignature -ipem signeccpub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Read the public part"
+    ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using readpublic PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Load the openssl key pair in the NULL hierarchy 80000002 - $HALG"
+    ${PREFIX}loadexternal -halg $HALG -ecc -ider tmpkeypairecc.der > run.out
+    checkSuccess $?
+
+    echo "Use the TPM as a crypto coprocessor to sign - $HALG" 
+    ${PREFIX}sign -hk 80000002 -halg $HALG -salg ecc -if policies/aaa -os sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature - $HALG"
+    ${PREFIX}verifysignature -hk 80000002 -halg $HALG -ecc -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the openssl signing key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the ECC signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Primary RSA Signing Key"
+echo ""
+
+echo "Create primary signing key - RSA 80000001"
+${PREFIX}createprimary -si -opu tmppub.bin -opem tmppub.pem -pwdk sig > run.out
+checkSuccess $?
+
+for HALG in ${ITERATE_ALGS}
+do
+    
+    echo "Sign a digest - $HALG"
+    ${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature - $HALG"
+    ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Read the public part and convert to PEM"
+    ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using readpublic PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Convert TPM public key to PEM"
+    ${PREFIX}tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using createprimary converted PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the primary signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Primary ECC Signing Key"
+echo ""
+
+echo "Create primary signing key - ECC 80000001"
+${PREFIX}createprimary -si -opu tmppub.bin -opem tmppub.pem -ecc nistp256 -pwdk sig > run.out
+checkSuccess $?
+
+for HALG in ${ITERATE_ALGS}
+do
+    
+    echo "Sign a digest - $HALG"
+    ${PREFIX}sign -hk 80000001 -halg $HALG -salg ecc -if policies/aaa -os sig.bin -pwdk sig > run.out 
+    checkSuccess $?
+
+    echo "Verify the signature - $HALG"
+    ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Read the public part"
+    ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using readpublic PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+    echo "Convert TPM public key to PEM"
+    ${PREFIX}tpm2pem -ipu tmppub.bin -opem tmppub.pem > run.out
+    checkSuccess $?
+
+    echo "Verify the signature using createprimary converted PEM - $HALG"
+    ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out
+    checkSuccess $?
+
+done
+
+echo "Flush the primary signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Restricted Signing Key"
+echo ""
+
+echo "Create primary signing key - restricted"
+${PREFIX}createprimary -sir -opu tmppub.bin -pwdk sig > run.out
+checkSuccess $?
+
+echo "Sign a digest - SHA256 - should fail TPM_RC_TICKET"
+${PREFIX}sign -hk 80000001 -halg sha256  -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out
+checkFailure $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "External Verification Key"
+echo ""
+
+# create rsaprivkey.pem
+# > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048
+# convert to der
+# > openssl rsa -inform pem -outform der -in rsaprivkey.pem -out rsaprivkey.der -passin pass:rrrr
+# extract the public key
+# > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem 
+# sign a test message msg.bin
+# > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+
+echo "Load external just the public part of PEM RSA"
+${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out
+checkSuccess $?
+
+echo "Sign a test message with openssl RSA"
+openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin
+
+echo "Verify the RSA signature"
+${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+# generate the p256 key
+# > openssl ecparam -name prime256v1 -genkey -noout -out p256privkey.pem
+# extract public key
+# > openssl pkey -inform pem -outform pem -in p256privkey.pem -pubout -out p256pubkey.pem
+
+echo "Load external just the public part of PEM ECC"
+${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/p256pubkey.pem -ecc > run.out
+checkSuccess $?
+
+echo "Sign a test message with openssl ECC"
+openssl dgst -sha1 -sign policies/p256privkey.pem -out pssig.bin msg.bin
+
+echo "Verify the ECC signature"
+${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out
+checkSuccess $?
+
+echo "Flush the signing key"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Sign with restricted HMAC key"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+
+do
+
+    echo "Create a ${HALG} restricted keyed hash key under the primary key"
+    ${PREFIX}create -hp 80000000 -khr -kt f -kt p -opr khrpriv${HALG}.bin -opu khrpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "Load the signing key under the primary key 80000001"
+    ${PREFIX}load -hp 80000000 -ipr  khrpriv${HALG}.bin -ipu khrpub${HALG}.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Hash and create ticket"
+    ${PREFIX}hash -hi p -halg ${HALG} -if msg.bin -tk tkt.bin > run.out
+    checkSuccess $?
+
+    echo "Sign a digest with a restricted signing key and ticket"
+    ${PREFIX}sign -hk 80000001 -halg ${HALG} -salg hmac -if msg.bin -tk tkt.bin -os sig.bin -pwdk khk > run.out
+    checkSuccess $?
+
+    echo "Sign a digest with a restricted signing key and no ticket - should fail"
+    ${PREFIX}sign -hk 80000001 -halg ${HALG} -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out
+    checkFailure $?
+    
+    echo "Flush the signing key 80000001 "
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Sign with unrestricted HMAC key"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+
+do
+
+    echo "Create a ${HALG} unrestricted keyed hash key under the primary key"
+    ${PREFIX}create -hp 80000000 -kh -kt f -kt p -opr khpriv${HALG}.bin -opu khpub${HALG}.bin -pwdp sto -pwdk khk -halg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "Load the signing key under the primary key 80000001"
+    ${PREFIX}load -hp 80000000 -ipr  khpriv${HALG}.bin -ipu khpub${HALG}.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Hash"
+    ${PREFIX}hash -hi p -halg ${HALG} -if msg.bin > run.out
+    checkSuccess $?
+
+    echo "Sign a digest with an unrestricted signing key"
+    ${PREFIX}sign -hk 80000001 -halg ${HALG} -salg hmac -if msg.bin -os sig.bin -pwdk khk > run.out
+    checkSuccess $?
+    
+    echo "Flush the signing key 80000001 "
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+done
+
+
+rm -f tmpkeypair.pem
+rm -f tmpkeypair.der
+rm -f tmpkeypairecc.pem
+rm -f tmpkeypairecc.der
+rm -r pssig.bin
+rm -r tmppub.bin
+rm -r tmppub.pem
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/teststorage.bat b/utils/regtests/teststorage.bat
new file mode 100644
index 000000000..c4073d083
--- /dev/null
+++ b/utils/regtests/teststorage.bat
@@ -0,0 +1,205 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+REM Primary storage key at 80000000 password sto
+REM storage key at 80000001 password sto
+
+echo ""
+echo "RSA Storage key"
+echo ""
+
+echo "Load RSA the storage key 80000001 under the primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Start an HMAC auth session"
+%TPM_EXE_PATH%startauthsession -se h > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%N in (%ITERATE_ALGS%) do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+        echo "Create an unrestricted signing key under the RSA storage key 80000001 %%N %%~S"
+        %TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg %%N %%~S > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+    
+        echo "Load the signing key 80000002 under the storage key 80000001 %%~S"
+        %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto %%~S > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+    
+	echo "Read the signing key 80000002 public area"
+	%TPM_EXE_PATH%readpublic -ho 80000002 -opu tmppub2.bin > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+
+        echo "Flush the signing key 80000002"
+        %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+    
+        echo "Load external just the storage key public part 80000002 %%N"
+        %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu storersapub.bin > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+    
+        echo "Flush the public key 80000002"
+        %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+    
+	echo "Load external, signing key public part 80000002 %%N"
+	%TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu tmppub2.bin > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+
+	echo "Flush the public key 80000002"
+	%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+        IF !ERRORLEVEL! NEQ 0 (
+           exit /B 1
+        )
+    )
+)
+
+echo "Flush the RSA storage key 80000001"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo ""
+echo "ECC Storage key"
+echo ""
+
+echo "Load ECC the storage key 80000001 under the primary key 80000000"
+%TPM_EXE_PATH%load -hp 80000000 -ipr storeeccpriv.bin -ipu storeeccpub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+for %%N in (%ITERATE_ALGS%) do (
+
+    for %%S in ("" "-se0 02000000 1") do (
+
+	echo "Create an unrestricted signing key under the ECC storage key 80000001 %%N %%~S"
+	%TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -ecc nistp256 -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg %%N %%~S > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Load the ECC signing key 80000002 under the ECC storage key 80000001 %%~S"
+	%TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto %%~S> run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Read the signing key 80000002 public area"
+	%TPM_EXE_PATH%readpublic -ho 80000002 -opu tmppub2.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Flush the signing key 80000002"
+	%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Load external, storage key public part 80000002 %%N"
+	%TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu storeeccpub.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Flush the public key 80000002"
+	%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Load external, signing key public part 80000002 %%N"
+	%TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu tmppub2.bin > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+
+	echo "Flush the signing key 80000002"
+	%TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+	IF !ERRORLEVEL! NEQ 0 (
+   	    exit /B 1
+	)
+    )
+)
+
+echo "Flush the ECC storage key 80000001 "
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the auth session"
+%TPM_EXE_PATH%flushcontext -ha 02000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+rm -f tmppub2.bin
+rm -f tmppub.bin
+rm -f tmppriv.bin
+rm -f tmpsig.bin
+
+exit /B 0
+
+REM getcapability  -cap 1 -pr 80000000
+REM getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/teststorage.sh b/utils/regtests/teststorage.sh
new file mode 100755
index 000000000..62da38691
--- /dev/null
+++ b/utils/regtests/teststorage.sh
@@ -0,0 +1,164 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# Primary storage key at 80000000 password sto
+# storage key at 80000001 password sto
+
+echo ""
+echo "RSA Storage key"
+echo ""
+
+echo "Load RSA the storage key 80000001 under the primary key 80000000"
+${PREFIX}load -hp 80000000 -ipr storersapriv.bin -ipu storersapub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start an HMAC auth session"
+${PREFIX}startauthsession -se h > run.out
+checkSuccess $?
+
+for NALG in ${ITERATE_ALGS}
+do
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Create an unrestricted signing key under the RSA storage key 80000001 ${NALG} ${SESS}"
+	${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg ${NALG} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Load the signing key 80000002 under the storage key 80000001 ${SESS}"
+	${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Read the signing key 80000002 public area"
+	${PREFIX}readpublic -ho 80000002 -opu tmppub2.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the signing key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+	echo "Load external, storage key public part 80000002 ${NALG}"
+	${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu storersapub.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the public key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+	echo "Load external, signing key public part 80000002 ${NALG}"
+	${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu tmppub2.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the public key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+    done
+done
+
+echo "Flush the RSA storage key 80000001"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "ECC Storage key"
+echo ""
+
+echo "Load ECC the storage key 80000001 under the primary key 80000000"
+${PREFIX}load -hp 80000000 -ipr storeeccpriv.bin -ipu storeeccpub.bin -pwdp sto > run.out
+checkSuccess $?
+
+for NALG in ${ITERATE_ALGS}
+do
+
+    for SESS in "" "-se0 02000000 1"
+    do
+
+	echo "Create an unrestricted signing key under the ECC storage key 80000001 ${NALG} ${SESS}"
+	${PREFIX}create -hp 80000001 -si -kt f -kt p -ecc nistp256 -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg ${NALG} ${SESS} > run.out
+	checkSuccess $?
+
+	echo "Load the ECC signing key 80000002 under the ECC storage key 80000001 ${SESS}"
+	${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto ${SESS}> run.out
+	checkSuccess $?
+
+	echo "Read the signing key 80000002 public area"
+	${PREFIX}readpublic -ho 80000002 -opu tmppub2.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the signing key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+	echo "Load external, storage key public part 80000002 ${NALG}"
+	${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu storeeccpub.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the public key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+
+	echo "Load external, signing key public part 80000002 ${NALG}"
+	${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu tmppub2.bin > run.out
+	checkSuccess $?
+
+	echo "Flush the signing key 80000002"
+	${PREFIX}flushcontext -ha 80000002 > run.out
+	checkSuccess $?
+    done
+done
+
+echo "Flush the ECC storage key 80000001 "
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the auth session"
+${PREFIX}flushcontext -ha 02000000 > run.out
+checkSuccess $?
+
+rm -f tmppub2.bin
+rm -f tmppub.bin
+rm -f tmppriv.bin
+rm -f tmpsig.bin
+
+# ${PREFIX}getcapability  -cap 1 -pr 80000000
+# ${PREFIX}getcapability  -cap 1 -pr 02000000
diff --git a/utils/regtests/testunseal.bat b/utils/regtests/testunseal.bat
new file mode 100644
index 000000000..dadde77d4
--- /dev/null
+++ b/utils/regtests/testunseal.bat
@@ -0,0 +1,765 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2015 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "Seal and Unseal to Password"
+echo ""
+
+echo "Create a sealed data object"
+%TPM_EXE_PATH%create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Load the sealed data object"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Unseal the data blob"
+%TPM_EXE_PATH%unseal -ha 80000001 -pwd sea -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+   exit /B 1
+)
+
+echo "Unseal with bad password - should fail"
+%TPM_EXE_PATH%unseal -ha 80000001 -pwd xxx > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Flush the sealed object"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Create a primary sealed data object"
+%TPM_EXE_PATH%createprimary -bl -kt f -kt p -pwdk seap -if msg.bin  > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Unseal the primary data blob"
+%TPM_EXE_PATH%unseal -ha 80000001 -pwd seap -of tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the primary sealed object"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo ""
+echo "Seal and Unseal to PolicySecret Platform Auth"
+echo ""
+
+REM # policy is policy secret pointing to platform auth
+REM # 000001514000000C plus newline for policyRef
+
+echo "Change platform hierarchy auth"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Create a sealed data object with policysecret platform auth under primary key"
+%TPM_EXE_PATH%create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policysecretp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Load the sealed data object under primary key"
+%TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Start a policy session"
+%TPM_EXE_PATH%startauthsession -se p > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Unseal the data blob - policy failure, policysecret not run"
+%TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! EQU 0 (
+    exit /B 1
+)
+
+echo "Policy Secret with PWAP session and platform auth"
+%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Unseal the data blob"
+%TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Change platform hierarchy auth back to null"
+%TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the sealed object"
+%TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+echo "Flush the policy session"
+%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+IF !ERRORLEVEL! NEQ 0 (
+    exit /B 1
+)
+
+REM # extend of aaa + 0 pad to digest length
+REM # pcrreset -ha 16
+REM # pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa
+REM # pcrread   -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns
+REM #
+REM # 1d47f68aced515f7797371b554e32d47981aa0a0
+REM # c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
+REM # 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
+REM # 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
+REM #
+REM # paste that with no white space to file policypcr16aaasha1.txt, etc.
+REM #
+REM # create AND term for policy PCR, PCR 16
+REM # and then convert to binary policy
+REM 
+REM # > policymakerpcr -halg sha1   -bm 10000 -if policies/policypcr16aaasha1.txt   -v -pr -of policies/policypcr.txt
+REM # 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d
+REM # convert to binary policy
+REM # > policymaker -halg sha1   -if policies/policypcr.txt -of policies/policypcr16aaasha1.bin -pr -v
+REM # 12 b6 dd 16 43 82 ca e4 5d 0e d0 7f 9e 51 d1 63 
+REM # a4 24 f5 f2 
+REM 
+REM # > policymakerpcr -halg sha256 -bm 10000 -if policies/policypcr16aaasha256.txt -v -pr -of policies/policypcr.txt
+REM # 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13
+REM # > policymaker -halg sha256 -if policies/policypcr.txt -of policies/policypcr16aaasha256.bin -pr -v
+REM # 76 44 f6 11 ea 10 d7 60 da b9 36 c3 95 1e 1d 85 
+REM # ec db 84 ce 9a 79 03 dd e1 c7 e0 a2 d9 09 a0 13 
+REM 
+REM # > policymakerpcr -halg sha384 -bm 10000 -if policies/policypcr16aaasha384.txt -v -pr -of policies/policypcr.txt
+REM # 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932
+REM # > policymaker -halg sha384 -if policies/policypcr.txt -of policies/policypcr16aaasha384.bin -pr -v
+REM # ea aa 8b 90 d2 69 b6 31 c0 85 91 e4 bf 29 a3 12 
+REM # 87 04 f2 18 4c 02 ee 83 6a fb c4 c6 7f 28 c1 7f 
+REM # 86 ea 22 b7 00 3d 06 fc b4 57 a3 b5 c4 f7 3c 95 
+REM 
+REM # > policymakerpcr -halg sha512 -bm 10000 -if policies/policypcr16aaasha512.txt -v -pr -of policies/policypcr.txt
+REM # 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f
+REM # policymaker -halg sha512 -if policies/policypcr.txt -of policies/policypcr16aaasha512.bin -pr -v
+REM # 1a 57 25 8d 99 64 d8 74 f0 85 0f 2c 8d 70 41 cc 
+REM # be 21 c2 0f df 7e 07 e6 b1 99 ea 05 66 46 b7 fb 
+REM # 23 55 77 4b 96 7e ab e2 65 db 5a 52 82 08 9c af 
+REM # 3c c0 10 e4 99 36 5d ec 7f 0d 3e 6d 2a 62 6d 2e 
+
+REM sealed blob    80000001
+REM policy session 03000000
+
+echo ""
+echo "Seal and Unseal to PCR 16"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create a sealed data object %%H"
+    %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr16aaa%%H.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the sealed data object"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Start a policy session %%H"
+    %TPM_EXE_PATH%startauthsession -se p -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR 16 Reset"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Unseal the data blob - policy failure, policypcr not run"
+    %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+        exit /B 1
+    )
+
+    echo "Policy PCR, update with the wrong PCR 16 value"
+    %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 10000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Unseal the data blob - policy failure, PCR 16 incorrect"
+    %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! EQU 0 (
+        exit /B 1
+    )
+
+    echo "Extend PCR 16 to correct value"
+    %TPM_EXE_PATH%pcrextend -halg %%H -ha 16 -if policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy restart, set back to zero"
+    %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy PCR, update with the correct PCR 16 value"
+    %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 10000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Unseal the data blob"
+    %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the sealed object"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+    
+    echo "Flush the policy session"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+rem # This test uses the same values for PCR 16 and PCR 23 for simplicity.
+rem # For different values, calculate the PCR white list value and change
+rem # the cat line to use two different values.
+
+rem # extend of aaa + 0 pad to digest length
+rem # pcrreset -ha 16
+rem # pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa
+rem # pcrread   -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns
+rem #
+rem # 1d47f68aced515f7797371b554e32d47981aa0a0
+rem # c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
+rem # 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
+rem # 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
+rem #
+rem # paste that with no white space to file policypcr16aaasha1.txt, etc.
+rem #
+rem # create AND term for policy PCR, PCR 16 and 23
+rem # and then convert to binary policy
+
+rem # > cat policies/policypcr16aaasha1.txt policies/policypcr16aaasha1.txt >! policypcra.txt
+rem # > policymakerpcr -halg sha1   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+rem #0000017f0000000100040300008173820c1f0f279933a5a58629fe44d081e740d4ae
+rem # > policymaker -halg sha1   -if policypcr.txt -of policies/policypcr1623aaasha1.bin -pr -v
+rem  # policy digest length 20
+rem  # b4 ed de a3 35 87 d7 43 29 f6 a8 d1 e7 89 92 64 
+rem  # 46 f0 4c 85 
+
+rem # > cat policies/policypcr16aaasha256.txt policies/policypcr16aaasha256.txt >! policypcra.txt
+rem # > policymakerpcr -halg sha256   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+rem # 0000017f00000001000b030000815a9f104273886b7ec8919a449d440d107d0da5df367e28c6ac145c9023cb5e76
+rem # > policymaker -halg sha256   -if policypcr.txt -of policies/policypcr1623aaasha256.bin -pr -v
+rem  # policy digest length 32
+rem  # 84 ff 2f f1 2d 37 cb 23 fb 3d 14 d9 66 77 ca ec 
+rem  # 48 94 5c 0b 83 e5 ea a2 be 98 e9 75 aa 21 e3 d6 
+
+rem # > cat policies/policypcr16aaasha384.txt policies/policypcr16aaasha384.txt >! policypcra.txt
+rem # > policymakerpcr -halg sha384   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+rem # 0000017f00000001000c0300008105f7f12c86c3b0ed988d369a96d401bb4a58b74f982eb03e8474cb66076114ba2b933dd95cde1c7ea69d0a797abc99d4
+rem # > policymaker -halg sha384   -if policypcr.txt -of policies/policypcr1623aaasha384.bin -pr -v
+rem  # policy digest length 48
+rem  # 4b 03 cd b3 eb 07 15 14 7c 49 93 43 a5 65 ee dc 
+rem  # 86 22 7c 86 36 20 97 a2 5e 0f 34 2e d2 4f 7e ad 
+rem  # a0 61 8b 5e d7 ba bb e3 5e f0 ab ea 99 55 df 84 
+
+rem # > cat policies/policypcr16aaasha512.txt policies/policypcr16aaasha512.txt >! policypcra.txt
+rem # > policymakerpcr -halg sha512   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+rem # 0000017f00000001000d03000081266ae24c92f63b30322e9c22e44e9540313a2223ae79b27eafe798168bef373ac55de22a0ca78ec8b2e9402aa1f8b47b6ef40e9e53aebaa694af58f240efa0fd
+rem # > policymaker -halg sha512   -if policypcr.txt -of policies/policypcr1623aaasha512.bin -pr -v
+rem  # policy digest length 64
+rem  # 13 84 59 76 b8 d4 d8 a9 a4 7d 75 0e 3e 81 cd c2 
+rem  # 78 08 ec 95 d7 13 e8 ef 0c 0b 85 c7 38 2e ad 46 
+rem  # e4 72 31 1d 11 a3 38 17 54 e5 cf 2e 6d 23 67 6d 
+rem  # 39 5a 93 51 9d f3 f0 90 56 4d 66 f8 7b 90 fc 61 
+
+rem # sealed blob    80000001
+rem # policy session 03000000
+
+echo ""
+echo "Seal and Unseal to PCR 16 and 23"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    echo "Create a sealed data object %%H"
+    %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr1623aaa%%H.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the sealed data object"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Start a policy session %%H"
+    %TPM_EXE_PATH%startauthsession -se p -halg %%H > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR 16 Reset"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR 23 Reset"
+    %TPM_EXE_PATH%pcrreset -ha 23 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Extend PCR 16 to correct value"
+    %TPM_EXE_PATH%pcrextend -halg %%H -ha 16 -if policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Extend PCR 23 to correct value"
+    %TPM_EXE_PATH%pcrextend -halg %%H -ha 23 -if policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy PCR, update with the correct PCR 16 and 23 values"
+    %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 810000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Unseal the data blob"
+    %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the sealed object"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the policy session"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+)
+
+
+REM #
+REM # Sample application to demonstrate the policy authorize solution to
+REM # the PCR brittleness problem when sealing.  Rather than sealing
+REM # directly to the PCRs, the blob is sealed to an authorizing public
+REM # key.  The authorizing private key signs the approved policy PCR
+REM # digest.
+REM #
+REM # Name for 80000001 authorizing key (output of loadexternal below) is
+REM # used to calculate the policy authorize policy
+REM #
+REM # 00044234c24fc1b9de6693a62453417d2734d7538f6f
+REM # 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+REM # 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+REM # 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+REM #
+REM # Use 0000016a || the above Name, with a following blank line for
+REM # policyRef to make policies/policyauthorizesha[].txt. Use policymaker
+REM # to create the binary policy.  This will be the session digest after
+REM # the policyauthorize command.
+REM #
+REM # > policymaker -halg sha[] -if policies/policyauthorizesha[].txt -of policies/policyauthorizesha[].bin -pr
+REM # 16 82 10 58 c0 32 8c c4 e5 2e c4 ec ce 61 6c 0a 
+REM # f4 8a 30 88 
+REM #
+REM # eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+REM # ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+REM #
+REM # 5c c6 34 89 fe f9 c8 42 7e fe 2c 5f 08 39 74 b6 
+REM # d9 a8 36 02 4a cd d9 70 7e f0 b9 fd 15 26 56 da 
+REM # a5 07 0a 9b bf d6 66 df 49 d2 5b 8d 50 8e 16 38 
+REM #
+REM # c9 c8 29 fb bc 75 54 99 db 48 b7 26 88 24 d1 f8 
+REM # 29 72 01 60 6b d6 5f 41 8e 06 98 7e f7 3e 6a 7e 
+REM # 25 82 c7 6d 8f 1c 36 43 68 01 ee 56 51 d5 06 b4 
+REM # 68 4c fe d1 d0 6a d7 65 23 3f c2 92 94 fd 2c c5 
+
+REM # setup and policy PCR calculations
+REM #
+REM # 16 is the debug PCR, a typical application may seal to PCR 0-7
+REM # > pcrreset -ha 16
+REM #
+REM # policies/aaa represents the new 'BIOS' measurement hash extended
+REM # into all PCR banks
+REM #
+REM # > pcrextend -ha 16 -halg [] -if policies/aaa
+REM #
+REM # These are the new PCR values to be authorized.  Typically, these are
+REM # calculated by other software based on the enterprise.  Here, they're
+REM # just read from the TPM.
+REM #
+REM # > pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns
+REM #
+REM # 1d47f68aced515f7797371b554e32d47981aa0a0
+REM # c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
+REM # 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
+REM # 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
+REM #
+REM # Put the above authorized PCR value in an intermediate file
+REM # policies/policypcr16aaasha1.txt for policymakerpcr, and create the
+REM # policypcr AND term policies/policypcr.txt.  policymakerpcr prepends the command code and
+REM # PCR select bit mask.
+REM #
+REM # > policymakerpcr -halg sha[] -bm 010000 -if policies/policypcr16aaasha1.txt -of policies/policypcr.txt -pr -v
+REM #
+REM # 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d
+REM # 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13
+REM # 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932
+REM # 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f
+REM #
+REM # Send the policymakerpcr AND term result to policymaker to create the
+REM # Policy PCR digest.  This is the authorized policy signed by the
+REM # authorizing private key.
+REM #
+REM # > policymaker -halg sha[] -if policies/policypcr.txt -of policies/policypcr16aaasha[].bin -v -pr -ns
+REM #
+REM # 12b6dd164382cae45d0ed07f9e51d163a424f5f2
+REM # 7644f611ea10d760dab936c3951e1d85ecdb84ce9a7903dde1c7e0a2d909a013
+REM # eaaa8b90d269b631c08591e4bf29a3128704f2184c02ee836afbc4c67f28c17f86ea22b7003d06fcb457a3b5c4f73c95
+REM # 1a57258d9964d874f0850f2c8d7041ccbe21c20fdf7e07e6b199ea056646b7fb2355774b967eabe265db5a5282089caf3cc010e499365dec7f0d3e6d2a626d2e
+
+echo ""
+echo "Policy PCR with Policy Authorize (PCR brittleness solution)"
+echo ""
+
+for %%H in (%ITERATE_ALGS%) do (
+
+    REM # One time task, create sealed blob with policy of policyauthorize
+    REM # with Name of authorizing key
+
+    echo "Create a sealed data object %%H"
+    %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -if msg.bin -pol policies/policyauthorize%%H.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    REM # Once per new PCR approved values, authorizing PCRs in policy%%H.bin
+
+    echo "Openssl generate and sign aHash (empty policyRef) %%H"
+    openssl dgst -%%H -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaa%%H.bin
+
+    REM # Once per boot, simulating setting PCRs to authorized values
+
+    echo "Reset PCR 16 back to zero"
+    %TPM_EXE_PATH%pcrreset -ha 16 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "PCR extend PCR 16 %%H"
+    %TPM_EXE_PATH%pcrextend -ha 16 -halg %%H -if policies/aaa > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    REM # beginning of unseal process, policy PCR
+
+    echo "Start a policy session %%H"
+    %TPM_EXE_PATH%startauthsession -halg %%H -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy PCR, update with the correct digest %%H"
+    %TPM_EXE_PATH%policypcr -ha 03000000 -halg %%H -bm 10000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy get digest, should be policies/policypcr16aaa%%H.bin"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    REM # policyauthorize process
+
+    echo "Load external just the public part of PEM authorizing key %%H 80000001"
+    %TPM_EXE_PATH%loadexternal -hi p -halg %%H -nalg %%H -ipem policies/rsapubkey.pem -ns > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the signature to generate ticket 80000001 %%H"
+    %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/policypcr16aaa%%H.bin -is pssig.bin -raw -tk tkt.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy authorize using the ticket"
+    %TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policies/policypcr16aaa%%H.bin -skn h80000001.bin -tk tkt.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get policy digest, should be policies/policyauthorize%%H.bin"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the verification public key 80000001"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    REM # load the sealed blob and unseal
+
+    echo "Load the sealed data object 80000001"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Unseal the data blob using the policy session"
+    %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the sealed object"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the policy session"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+echo ""
+echo "Import and Unseal"
+echo ""
+
+REM # primary key P1 80000000
+REM # sealed data S1 80000001 originally under 80000000
+REM # target storage key K1 80000002
+
+for %%A in ("rsa" "ecc") do (
+
+    echo "Create a sealed data object S1 under the primary key P1 80000000"
+    %TPM_EXE_PATH%create -hp 80000000 -bl -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policyccduplicate.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the sealed data object S1 at 80000001"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the %%~A storage key K1 80000002"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr store%%~Apriv.bin -ipu store%%~Apub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Start a policy session 03000000"
+    %TPM_EXE_PATH%startauthsession -se p > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Policy command code, duplicate"
+    %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Get policy digest"
+    %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out 
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Duplicate sealed data object S1 80000001 under %%~A K1 80000002"
+    %TPM_EXE_PATH%duplicate -ho 80000001 -pwdo sig -hp 80000002 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the original S1 to free object slot for import"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Import S1 under %%~A K1 80000002"
+    %TPM_EXE_PATH%import -hp 80000002 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv1.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Load the duplicated sealed data object S1 at 80000001 under %%~A K1 80000002"
+    %TPM_EXE_PATH%load -hp 80000002 -ipr tmppriv1.bin -ipu tmppub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Unseal the data blob"
+    %TPM_EXE_PATH%unseal -ha 80000001 -pwd sea -of tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the sealed data object at 80000001"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the storage key at 80000002"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+    echo "Flush the session"
+    %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+        exit /B 1
+    )
+
+)
+
+rm tmppriv.bin
+rm tmppub.bin
+rm tmp.bin
+rm tmpdup.bin
+rm tmpss.bin
+rm tmppriv1.bin
+
+exit /B 0
+
+REM getcapability -cap 1 -pr 80000000
diff --git a/utils/regtests/testunseal.sh b/utils/regtests/testunseal.sh
new file mode 100755
index 000000000..6b9cedc7c
--- /dev/null
+++ b/utils/regtests/testunseal.sh
@@ -0,0 +1,619 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2015 - 2019					#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# used for the name in policy authorize
+
+if [ -z $TPM_DATA_DIR ]; then
+    TPM_DATA_DIR=.
+fi
+
+echo ""
+echo "Seal and Unseal to Password"
+echo ""
+
+echo "Create a sealed data object"
+${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin > run.out
+checkSuccess $?
+
+echo "Load the sealed data object"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Unseal the data blob"
+${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+checkSuccess $?
+
+echo "Unseal with bad password - should fail"
+${PREFIX}unseal -ha 80000001 -pwd xxx > run.out
+checkFailure $?
+
+echo "Flush the sealed object"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Create a primary sealed data object"
+${PREFIX}createprimary -bl -kt f -kt p -pwdk seap -if msg.bin > run.out
+checkSuccess $?
+
+echo "Unseal the primary data blob"
+${PREFIX}unseal -ha 80000001 -pwd seap -of tmp.bin > run.out
+checkSuccess $?
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+checkSuccess $?
+
+echo "Flush the primary sealed object"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo ""
+echo "Seal and Unseal to PolicySecret Platform Auth"
+echo ""
+
+# policy is policy secret pointing to platform auth
+# 000001514000000C plus newline for policyRef
+
+echo "Change platform hierarchy auth"
+${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out
+checkSuccess $?
+
+echo "Create a sealed data object with policysecret platform auth under primary key"
+${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policysecretp.bin > run.out
+checkSuccess $?
+
+echo "Load the sealed data object under primary key"
+${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+checkSuccess $?
+
+echo "Start a policy session"
+${PREFIX}startauthsession -se p > run.out
+checkSuccess $?
+
+echo "Unseal the data blob - policy failure, policysecret not run"
+${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+checkFailure $?
+
+echo "Policy Secret with PWAP session and platform auth"
+${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out
+checkSuccess $?
+
+echo "Unseal the data blob"
+${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+checkSuccess $?
+
+echo "Verify the unsealed result"
+diff msg.bin tmp.bin > run.out
+checkSuccess $?
+
+echo "Change platform hierarchy auth back to null"
+${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out
+checkSuccess $?
+
+echo "Flush the sealed object"
+${PREFIX}flushcontext -ha 80000001 > run.out
+checkSuccess $?
+
+echo "Flush the policy session"
+${PREFIX}flushcontext -ha 03000000 > run.out
+checkSuccess $?
+
+# extend of aaa + 0 pad to digest length
+# pcrreset -ha 16
+# pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa
+# pcrread   -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns
+#
+# 1d47f68aced515f7797371b554e32d47981aa0a0
+# c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
+# 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
+# 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
+#
+# paste that with no white space to file policypcr16aaasha1.txt, etc.
+#
+# create AND term for policy PCR, PCR 16
+# and then convert to binary policy
+
+# > policymakerpcr -halg sha1   -bm 10000 -if policies/policypcr16aaasha1.txt   -v -pr -of policies/policypcr.txt
+# 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d
+# convert to binary policy
+# > policymaker -halg sha1   -if policies/policypcr.txt -of policies/policypcr16aaasha1.bin -pr -v
+# 12 b6 dd 16 43 82 ca e4 5d 0e d0 7f 9e 51 d1 63 
+# a4 24 f5 f2 
+
+# > policymakerpcr -halg sha256 -bm 10000 -if policies/policypcr16aaasha256.txt -v -pr -of policies/policypcr.txt
+# 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13
+# > policymaker -halg sha256 -if policies/policypcr.txt -of policies/policypcr16aaasha256.bin -pr -v
+# 76 44 f6 11 ea 10 d7 60 da b9 36 c3 95 1e 1d 85 
+# ec db 84 ce 9a 79 03 dd e1 c7 e0 a2 d9 09 a0 13 
+
+# > policymakerpcr -halg sha384 -bm 10000 -if policies/policypcr16aaasha384.txt -v -pr -of policies/policypcr.txt
+# 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932
+# > policymaker -halg sha384 -if policies/policypcr.txt -of policies/policypcr16aaasha384.bin -pr -v
+# ea aa 8b 90 d2 69 b6 31 c0 85 91 e4 bf 29 a3 12 
+# 87 04 f2 18 4c 02 ee 83 6a fb c4 c6 7f 28 c1 7f 
+# 86 ea 22 b7 00 3d 06 fc b4 57 a3 b5 c4 f7 3c 95 
+
+# > policymakerpcr -halg sha512 -bm 10000 -if policies/policypcr16aaasha512.txt -v -pr -of policies/policypcr.txt
+# 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f
+# policymaker -halg sha512 -if policies/policypcr.txt -of policies/policypcr16aaasha512.bin -pr -v
+# 1a 57 25 8d 99 64 d8 74 f0 85 0f 2c 8d 70 41 cc 
+# be 21 c2 0f df 7e 07 e6 b1 99 ea 05 66 46 b7 fb 
+# 23 55 77 4b 96 7e ab e2 65 db 5a 52 82 08 9c af 
+# 3c c0 10 e4 99 36 5d ec 7f 0d 3e 6d 2a 62 6d 2e 
+
+# sealed blob    80000001
+# policy session 03000000
+
+echo ""
+echo "Seal and Unseal to PCR 16"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Create a sealed data object ${HALG}"
+    ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr16aaa${HALG}.bin > run.out
+    checkSuccess $?
+
+    echo "Load the sealed data object"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Start a policy session ${HALG}"
+    ${PREFIX}startauthsession -se p -halg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "PCR 16 Reset"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    echo "Unseal the data blob - policy failure, policypcr not run"
+    ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    checkFailure $?
+
+    echo "Policy PCR, update with the wrong PCR 16 value"
+    ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 10000 > run.out
+    checkSuccess $?
+
+    echo "Unseal the data blob - policy failure, PCR 16 incorrect"
+    ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    checkFailure $?
+
+    echo "Extend PCR 16 to correct value"
+    ${PREFIX}pcrextend -halg ${HALG} -ha 16 -if policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Policy restart, set back to zero"
+    ${PREFIX}policyrestart -ha 03000000 > run.out 
+    checkSuccess $?
+
+    echo "Policy PCR, update with the correct PCR 16 value"
+    ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 10000 > run.out
+    checkSuccess $?
+
+    echo "Unseal the data blob"
+    ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the sealed object"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the policy session"
+    ${PREFIX}flushcontext -ha 03000000 > run.out
+    checkSuccess $?
+
+done
+
+# This test uses the same values for PCR 16 and PCR 23 for simplicity.
+# For different values, calculate the PCR white list value and change
+# the cat line to use two different values.
+
+# extend of aaa + 0 pad to digest length
+# pcrreset -ha 16
+# pcrextend -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ic aaa
+# pcrread   -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns
+#
+# 1d47f68aced515f7797371b554e32d47981aa0a0
+# c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
+# 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
+# 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
+#
+# paste that with no white space to file policypcr16aaasha1.txt, etc.
+#
+# create AND term for policy PCR, PCR 16 and 23
+# and then convert to binary policy
+
+# > cat policies/policypcr16aaasha1.txt policies/policypcr16aaasha1.txt >! policypcra.txt
+# > policymakerpcr -halg sha1   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+#0000017f0000000100040300008173820c1f0f279933a5a58629fe44d081e740d4ae
+# > policymaker -halg sha1   -if policypcr.txt -of policies/policypcr1623aaasha1.bin -pr -v
+ # policy digest length 20
+ # b4 ed de a3 35 87 d7 43 29 f6 a8 d1 e7 89 92 64 
+ # 46 f0 4c 85 
+
+# > cat policies/policypcr16aaasha256.txt policies/policypcr16aaasha256.txt >! policypcra.txt
+# > policymakerpcr -halg sha256   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+# 0000017f00000001000b030000815a9f104273886b7ec8919a449d440d107d0da5df367e28c6ac145c9023cb5e76
+# > policymaker -halg sha256   -if policypcr.txt -of policies/policypcr1623aaasha256.bin -pr -v
+ # policy digest length 32
+ # 84 ff 2f f1 2d 37 cb 23 fb 3d 14 d9 66 77 ca ec 
+ # 48 94 5c 0b 83 e5 ea a2 be 98 e9 75 aa 21 e3 d6 
+
+# > cat policies/policypcr16aaasha384.txt policies/policypcr16aaasha384.txt >! policypcra.txt
+# > policymakerpcr -halg sha384   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+# 0000017f00000001000c0300008105f7f12c86c3b0ed988d369a96d401bb4a58b74f982eb03e8474cb66076114ba2b933dd95cde1c7ea69d0a797abc99d4
+# > policymaker -halg sha384   -if policypcr.txt -of policies/policypcr1623aaasha384.bin -pr -v
+ # policy digest length 48
+ # 4b 03 cd b3 eb 07 15 14 7c 49 93 43 a5 65 ee dc 
+ # 86 22 7c 86 36 20 97 a2 5e 0f 34 2e d2 4f 7e ad 
+ # a0 61 8b 5e d7 ba bb e3 5e f0 ab ea 99 55 df 84 
+
+# > cat policies/policypcr16aaasha512.txt policies/policypcr16aaasha512.txt >! policypcra.txt
+# > policymakerpcr -halg sha512   -bm 810000 -if policypcra.txt -v -pr -of policypcr.txt
+# 0000017f00000001000d03000081266ae24c92f63b30322e9c22e44e9540313a2223ae79b27eafe798168bef373ac55de22a0ca78ec8b2e9402aa1f8b47b6ef40e9e53aebaa694af58f240efa0fd
+# > policymaker -halg sha512   -if policypcr.txt -of policies/policypcr1623aaasha512.bin -pr -v
+ # policy digest length 64
+ # 13 84 59 76 b8 d4 d8 a9 a4 7d 75 0e 3e 81 cd c2 
+ # 78 08 ec 95 d7 13 e8 ef 0c 0b 85 c7 38 2e ad 46 
+ # e4 72 31 1d 11 a3 38 17 54 e5 cf 2e 6d 23 67 6d 
+ # 39 5a 93 51 9d f3 f0 90 56 4d 66 f8 7b 90 fc 61 
+
+# sealed blob    80000001
+# policy session 03000000
+
+echo ""
+echo "Seal and Unseal to PCR 16 and 23"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+
+    echo "Create a sealed data object ${HALG}"
+    ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policypcr1623aaa${HALG}.bin > run.out
+    checkSuccess $?
+
+    echo "Load the sealed data object"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Start a policy session ${HALG}"
+    ${PREFIX}startauthsession -se p -halg ${HALG} > run.out
+    checkSuccess $?
+
+    echo "PCR 16 Reset"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    echo "PCR 23 Reset"
+    ${PREFIX}pcrreset -ha 23 > run.out
+    checkSuccess $?
+
+    echo "Extend PCR 16 to correct value"
+    ${PREFIX}pcrextend -halg ${HALG} -ha 16 -if policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Extend PCR 23 to correct value"
+    ${PREFIX}pcrextend -halg ${HALG} -ha 23 -if policies/aaa > run.out
+    checkSuccess $?
+
+    echo "Policy PCR, update with the correct PCR 16 and 23 values"
+    ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 810000 > run.out
+    checkSuccess $?
+
+    echo "Unseal the data blob"
+    ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the sealed object"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the policy session"
+    ${PREFIX}flushcontext -ha 03000000 > run.out
+    checkSuccess $?
+
+done
+
+#
+# Sample application to demonstrate the policy authorize solution to
+# the PCR brittleness problem when sealing.  Rather than sealing
+# directly to the PCRs, the blob is sealed to an authorizing public
+# key.  The authorizing private key signs the approved policy PCR
+# digest.
+#
+# Name for 80000001 authorizing key (output of loadexternal below) is
+# used to calculate the policy authorize policy
+#
+# 00044234c24fc1b9de6693a62453417d2734d7538f6f
+# 000b64ac921a035c72b3aa55ba7db8b599f1726f52ec2f682042fc0e0d29fae81799
+# 000ca8bfb42e75b4c22b366b372cd9994bafe8558aa182cf12c258406d197dab63ac46f5a5255b1deb2993a4e9fc92b1e26c
+# 000d0c36b2a951eccc7e3e12d03175a71304dc747f222a02af8fa2ac8b594ef973518d20b9a5452d0849e325710f587d8a55082e7ae321173619bc12122f3ad71466
+#
+# Use 0000016a || the above Name, with a following blank line for
+# policyRef to make policies/policyauthorizesha[].txt. Use policymaker
+# to create the binary policy.  This will be the session digest after
+# the policyauthorize command.
+#
+# > policymaker -halg sha[] -if policies/policyauthorizesha[].txt -of policies/policyauthorizesha[].bin -pr
+# 16 82 10 58 c0 32 8c c4 e5 2e c4 ec ce 61 6c 0a 
+# f4 8a 30 88 
+#
+# eb a3 f9 8c 5e af 1e a8 f9 4f 51 9b 4d 2a 31 83 
+# ee 79 87 66 72 39 8e 23 15 d9 33 c2 88 a8 e5 03 
+#
+# 5c c6 34 89 fe f9 c8 42 7e fe 2c 5f 08 39 74 b6 
+# d9 a8 36 02 4a cd d9 70 7e f0 b9 fd 15 26 56 da 
+# a5 07 0a 9b bf d6 66 df 49 d2 5b 8d 50 8e 16 38 
+#
+# c9 c8 29 fb bc 75 54 99 db 48 b7 26 88 24 d1 f8 
+# 29 72 01 60 6b d6 5f 41 8e 06 98 7e f7 3e 6a 7e 
+# 25 82 c7 6d 8f 1c 36 43 68 01 ee 56 51 d5 06 b4 
+# 68 4c fe d1 d0 6a d7 65 23 3f c2 92 94 fd 2c c5 
+
+# setup and policy PCR calculations
+#
+# 16 is the debug PCR, a typical application may seal to PCR 0-7
+# > pcrreset -ha 16
+#
+# policies/aaa represents the new 'BIOS' measurement hash extended
+# into all PCR banks
+#
+# > pcrextend -ha 16 -halg [] -if policies/aaa
+#
+# These are the new PCR values to be authorized.  Typically, these are
+# calculated by other software based on the enterprise.  Here, they're
+# just read from the TPM.
+#
+# > pcrread -ha 16 -halg sha1 -halg sha256 -halg sha384 -halg sha512 -ns
+#
+# 1d47f68aced515f7797371b554e32d47981aa0a0
+# c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb
+# 292963e31c34c272bdea27154094af9250ad97d9e7446b836d3a737c90ca47df2c399021cedd00853ef08497c5a42384
+# 7fe1e4cf015293136bf130183039b6a646ea008b75afd0f8466a9bfe531af8ada867a65828cfce486077529e54f1830aa49ab780562baea49c67a87334ffe778
+#
+# Put the above authorized PCR value in an intermediate file
+# policies/policypcr16aaasha1.txt for policymakerpcr, and create the
+# policypcr AND term policies/policypcr.txt.  policymakerpcr prepends the command code and
+# PCR select bit mask.
+#
+# > policymakerpcr -halg sha[] -bm 010000 -if policies/policypcr16aaasha1.txt -of policies/policypcr.txt -pr -v
+#
+# 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d
+# 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13
+# 0000017f00000001000c0300000132edb1c501cb0af4f958c9d7f04a8f3122c1025067e3832a5137234ee0d875e9fa99d8d400ca4a37fe13a6f53aeb4932
+# 0000017f00000001000d03000001ea5218788d9d3a79e6f58608e321880aeb33e2282a3a0a87fb5b8868e7c6b3eedb9b66019409d8ea52d77e0dbfee5822c10ad0de3fd5cc776813a60423a7531f
+#
+# Send the policymakerpcr AND term result to policymaker to create the
+# Policy PCR digest.  This is the authorized policy signed by the
+# authorizing private key.
+#
+# > policymaker -halg sha[] -if policies/policypcr.txt -of policies/policypcr16aaasha[].bin -v -pr -ns
+#
+# 12b6dd164382cae45d0ed07f9e51d163a424f5f2
+# 7644f611ea10d760dab936c3951e1d85ecdb84ce9a7903dde1c7e0a2d909a013
+# eaaa8b90d269b631c08591e4bf29a3128704f2184c02ee836afbc4c67f28c17f86ea22b7003d06fcb457a3b5c4f73c95
+# 1a57258d9964d874f0850f2c8d7041ccbe21c20fdf7e07e6b199ea056646b7fb2355774b967eabe265db5a5282089caf3cc010e499365dec7f0d3e6d2a626d2e
+
+echo ""
+echo "Policy PCR with Policy Authorize (PCR brittleness solution)"
+echo ""
+
+for HALG in ${ITERATE_ALGS}
+do
+    # One time task, create sealed blob with policy of policyauthorize
+    # with Name of authorizing key
+
+    echo "Create a sealed data object ${HALG}"
+    ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -if msg.bin -pol policies/policyauthorize${HALG}.bin > run.out
+    checkSuccess $?
+
+    # Once per new PCR approved values, authorizing PCRs in policy${HALG}.bin
+
+    echo "Openssl generate and sign aHash (empty policyRef) ${HALG}"
+    openssl dgst -${HALG} -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policies/policypcr16aaa${HALG}.bin
+
+    # Once per boot, simulating setting PCRs to authorized values
+
+    echo "Reset PCR 16 back to zero"
+    ${PREFIX}pcrreset -ha 16 > run.out
+    checkSuccess $?
+
+    echo "PCR extend PCR 16 ${HALG}"
+    ${PREFIX}pcrextend -ha 16 -halg ${HALG} -if policies/aaa > run.out
+    checkSuccess $?
+
+    # beginning of unseal process, policy PCR
+
+    echo "Start a policy session ${HALG}"
+    ${PREFIX}startauthsession -halg ${HALG} -se p > run.out
+    checkSuccess $?
+
+    echo "Policy PCR, update with the correct digest ${HALG}"
+    ${PREFIX}policypcr -ha 03000000 -halg ${HALG} -bm 10000 > run.out
+    checkSuccess $?
+
+    echo "Policy get digest, should be policies/policypcr16aaa${HALG}.bin"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    # policyauthorize process
+
+    echo "Load external just the public part of PEM authorizing key ${HALG} 80000001"
+    ${PREFIX}loadexternal -hi p -halg ${HALG} -nalg ${HALG} -ipem policies/rsapubkey.pem -ns > run.out
+    checkSuccess $?
+
+    echo "Verify the signature to generate ticket 80000001 ${HALG}"
+    ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if policies/policypcr16aaa${HALG}.bin -is pssig.bin -raw -tk tkt.bin > run.out
+    checkSuccess $?
+
+    echo "Policy authorize using the ticket"
+    ${PREFIX}policyauthorize -ha 03000000 -appr policies/policypcr16aaa${HALG}.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out
+    checkSuccess $?
+
+    echo "Get policy digest, should be policies/policyauthorize${HALG}.bin"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out
+    checkSuccess $?
+
+    echo "Flush the verification public key 80000001"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    # load the sealed blob and unseal
+
+    echo "Load the sealed data object 80000001"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Unseal the data blob using the policy session"
+    ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the sealed object"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the policy session"
+    ${PREFIX}flushcontext -ha 03000000 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "Import and Unseal"
+echo ""
+
+# primary key P1 80000000
+# sealed data S1 80000001 originally under 80000000
+# target storage key K1 80000002
+
+for ALG in "rsa" "ecc"
+do 
+
+    echo "Create a sealed data object S1 under the primary key P1 80000000"
+    ${PREFIX}create -hp 80000000 -bl -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sea -if msg.bin -pol policies/policyccduplicate.bin > run.out
+    checkSuccess $?
+
+    echo "Load the sealed data object S1 at 80000001"
+    ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the ${ALG} storage key K1 80000002"
+    ${PREFIX}load -hp 80000000 -ipr store${ALG}priv.bin -ipu store${ALG}pub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Start a policy session 03000000"
+    ${PREFIX}startauthsession -se p > run.out
+    checkSuccess $?
+
+    echo "Policy command code, duplicate"
+    ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out
+    checkSuccess $?
+
+    echo "Get policy digest"
+    ${PREFIX}policygetdigest -ha 03000000 > run.out 
+    checkSuccess $?
+
+    echo "Duplicate sealed data object S1 80000001 under ${ALG} K1 80000002"
+    ${PREFIX}duplicate -ho 80000001 -pwdo sig -hp 80000002 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 > run.out
+    checkSuccess $?
+
+    echo "Flush the original S1 to free object slot for import"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Import S1 under ${ALG} K1 80000002"
+    ${PREFIX}import -hp 80000002 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv1.bin > run.out
+    checkSuccess $?
+
+    echo "Load the duplicated sealed data object S1 at 80000001 under ${ALG} K1 80000002"
+    ${PREFIX}load -hp 80000002 -ipr tmppriv1.bin -ipu tmppub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Unseal the data blob"
+    ${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Verify the unsealed result"
+    diff msg.bin tmp.bin > run.out
+    checkSuccess $?
+
+    echo "Flush the sealed data object at 80000001"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+    echo "Flush the storage key at 80000002"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the session"
+    ${PREFIX}flushcontext -ha 03000000 > run.out
+    checkSuccess $?
+
+done
+
+rm -r tmppriv.bin
+rm -r tmppub.bin
+rm -r tmp.bin
+rm -f tmpdup.bin
+rm -f tmpss.bin
+rm -f tmppriv1.bin
+rm -f pssig.bin
+rm -f tkt.bin
+
+# ${PREFIX}getcapability -cap 1 -pr 80000000
diff --git a/utils/regtests/testx509.bat b/utils/regtests/testx509.bat
new file mode 100644
index 000000000..df6811bb0
--- /dev/null
+++ b/utils/regtests/testx509.bat
@@ -0,0 +1,417 @@
+REM #############################################################################
+REM #										#
+REM #			TPM2 regression test					#
+REM #			     Written by Ken Goldman				#
+REM #		       IBM Thomas J. Watson Research Center			#
+REM #										#
+REM # (c) Copyright IBM Corporation 2018 - 2019					#
+REM # 										#
+REM # All rights reserved.							#
+REM # 										#
+REM # Redistribution and use in source and binary forms, with or without	#
+REM # modification, are permitted provided that the following conditions are	#
+REM # met:									#
+REM # 										#
+REM # Redistributions of source code must retain the above copyright notice,	#
+REM # this list of conditions and the following disclaimer.			#
+REM # 										#
+REM # Redistributions in binary form must reproduce the above copyright		#
+REM # notice, this list of conditions and the following disclaimer in the	#
+REM # documentation and/or other materials provided with the distribution.	#
+REM # 										#
+REM # Neither the names of the IBM Corporation nor the names of its		#
+REM # contributors may be used to endorse or promote products derived from	#
+REM # this software without specific prior written permission.			#
+REM # 										#
+REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS	#
+REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	#
+REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT	#
+REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	#
+REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	#
+REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	#
+REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	#
+REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	#
+REM #										#
+REM #############################################################################
+
+setlocal enableDelayedExpansion
+
+echo ""
+echo "TPM2_CertifyX509"
+echo ""
+
+rem # basic test
+
+rem # sign%%Arpriv.bin is a restricted signing key
+rem # sign%%Apriv.bin is an unrestricted signing key
+
+for %%A in (rsa ecc) do (
+
+    echo "Load the %%A issuer key 80000001 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Arpriv.bin -ipu sign%%Arpub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Load the %%A subject key 80000002 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Apriv.bin -ipu sign%%Apub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Self Certify CA Root %%A"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000001 -halg sha256 -pwdk sig -pwdo sig -opc tmppart1.bin -os tmpsig1.bin -oa tmpadd1.bin -otbs tmptbs1.bin -ocert tmpx5091.bin -salg %%A -sub -v -iob 00050472 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+
+    rem # dumpasn1 -a -l -d     tmpx509i.bin > tmpx509i1.dump
+    rem # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i1.dumphh
+    rem # dumpasn1 -a -l -d     tmppart1.bin > tmppart1.dump
+    rem # dumpasn1 -a -l -d -hh tmppart1.bin > tmppart1.dumphh
+    rem # dumpasn1 -a -l -d     tmpadd1.bin  > tmpadd1.dump
+    rem # dumpasn1 -a -l -d -hh tmpadd1.bin  > tmpadd1.dumphh
+    rem # dumpasn1 -a -l -d     tmpx5091.bin > tmpx5091.dump
+    rem # dumpasn1 -a -l -d -hh tmpx5091.bin > tmpx5091.dumphh
+    rem # openssl x509 -text -inform der -in tmpx5091.bin -noout > tmpx5091.txt
+
+    echo "Convert issuer X509 DER to PEM"
+    openssl x509 -inform der -in tmpx5091.bin -out tmpx5091.pem
+
+    echo "Verify %%A self signed issuer root" 
+    openssl verify -CAfile tmpx5091.pem tmpx5091.pem
+
+    echo "Signing Key Certify %%A"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -iob 00040472 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+rem     # dumpasn1 -a -l -d     tmpx509i.bin > tmpx509i2.dump
+rem     # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i2.dumphh
+rem     # dumpasn1 -a -l -d     tmppart2.bin > tmppart2.dump
+rem     # dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe 
+rem     # dumpasn1 -a -l -d     tmpadd2.bin  > tmpadd2.dump
+rem     # dumpasn1 -a -l -d -hh tmpadd2.bin  > tmpadd2.dumphh
+rem     # dumpasn1 -a -l -d     tmpx5092.bin > tmpx5092.dump
+rem     # dumpasn1 -a -l -d -hh tmpx5092.bin > tmpx5092.dumphh
+rem     # openssl x509 -text -inform der -in tmpx5092.bin -noout > tmpx5092.txt
+
+    echo "Convert subject X509 DER to PEM"
+    openssl x509 -inform der -in tmpx5092.bin -out tmpx5092.pem
+
+    echo "Verify %%A subject against issuer" 
+    openssl verify -CAfile tmpx5091.pem tmpx5092.pem
+
+
+    echo "Signing Key Certify %%A with bad OID"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -iob ffffffff > run.out
+    IF !ERRORLEVEL! EQU 0 (
+       exit /B 1
+    )
+rem # bad der, test bits for 250 bytes
+rem # better to get size from tmppart2.bin
+
+rem     # for bit in {0..2}
+rem     # do
+rem     # 	echo "Signing Key Certify %%A testing bit $bit"
+rem     # 	%TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -bit $bit > run.out
+    rem IF !ERRORLEVEL! NEQ 0 (
+    rem 	exit /B 1
+    rem )
+
+    echo "Flush the root CA issuer signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Flush the subject signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+)
+
+rem # bad extensions for key type
+
+echo ""
+echo "TPM2_CertifyX509 Key Usage Extension for fixedTPM signing key"
+echo ""
+
+for %%A in (rsa ecc) do (
+
+    echo "Load the %%A issuer key 80000001 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Arpriv.bin -ipu sign%%Arpub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Load the %%A subject key 80000002 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Apriv.bin -ipu sign%%Apub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A digitalSignature"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,digitalSignature > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A nonRepudiation"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,nonRepudiation > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyEncipherment"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyEncipherment > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+   echo "Signing Key Certify %%A dataEncipherment"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,dataEncipherment > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyAgreement"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyAgreement > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyCertSign"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyCertSign > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A cRLSign"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,cRLSign > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A encipherOnly"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,encipherOnly > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A decipherOnly"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,decipherOnly > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Flush the root CA issuer signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Flush the subject signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+)
+
+echo ""
+echo "TPM2_CertifyX509 Key Usage Extension for not fixedTPM signing key"
+echo ""
+
+for %%A in (rsa ecc) do (
+
+    echo "Load the %%A issuer key 80000001 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Anfpriv.bin -ipu sign%%Anfpub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Load the %%A subject key 80000002 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Anfpriv.bin -ipu sign%%Anfpub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A digitalSignature"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,digitalSignature > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A nonRepudiation"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,nonRepudiation > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyEncipherment"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyEncipherment > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+   echo "Signing Key Certify %%A dataEncipherment"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,dataEncipherment > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyAgreement"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyAgreement > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyCertSign"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyCertSign > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A cRLSign"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,cRLSign > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A encipherOnly"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,encipherOnly > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A decipherOnly"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,decipherOnly > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Flush the root CA issuer signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Flush the subject signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+)
+
+echo ""
+echo "TPM2_CertifyX509 Key Usage Extension for fixedTpm restricted encryption key"
+echo ""
+
+for %%A in (rsa ecc) do (
+
+    echo "Load the %%A issuer key 80000001 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr sign%%Arpriv.bin -ipu sign%%Arpub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Load the %%A subject key 80000002 under the primary key"
+    %TPM_EXE_PATH%load -hp 80000000 -ipr store%%Apriv.bin -ipu store%%Apub.bin -pwdp sto > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A digitalSignature"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,digitalSignature > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A nonRepudiation"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,nonRepudiation > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyEncipherment"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyEncipherment > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A dataEncipherment"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,dataEncipherment > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyAgreement"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyAgreement > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A keyCertSign"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,keyCertSign > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A cRLSign"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,cRLSign > run.out
+    IF !ERRORLEVEL! EQU 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A encipherOnly"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,encipherOnly > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Signing Key Certify %%A decipherOnly"
+    %TPM_EXE_PATH%certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg %%A -ku critical,decipherOnly > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Flush the root CA issuer signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+    echo "Flush the subject signing key"
+    %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out
+    IF !ERRORLEVEL! NEQ 0 (
+	exit /B 1
+    )
+
+)
+
+rem # cleanup
+
+rm tmppart1.bin
+rm tmpadd1.bin
+rm tmptbs1.bin
+rm tmpsig1.bin
+rm tmpx5091.bin
+rm tmpx5091.pem
+rm tmpx5092.pem
+rm tmpx509i.bin
+rm tmppart2.bin
+rm tmpadd2.bin
+rm tmptbs2.bin
+rm tmpsig2.bin
+rm tmpx5092.bin
+
+exit /B 0
diff --git a/utils/regtests/testx509.sh b/utils/regtests/testx509.sh
new file mode 100755
index 000000000..beb1f89bc
--- /dev/null
+++ b/utils/regtests/testx509.sh
@@ -0,0 +1,339 @@
+#!/bin/bash
+#
+
+#################################################################################
+#										#
+#			TPM2 regression test					#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2019						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# The mbedtls port does not support TPM2_CertifyX509 yet */
+
+if [ ${CRYPTOLIBRARY} == "openssl" ]; then
+
+echo ""
+echo "TPM2_CertifyX509"
+echo ""
+
+# basic test
+
+# sign${SALG}rpriv.bin is a restricted signing key
+# sign${SALG}priv.bin is an unrestricted signing key
+
+for SALG in rsa ecc
+do
+
+    echo "Load the ${SALG} issuer key 80000001 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}rpriv.bin -ipu sign${SALG}rpub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the ${SALG} subject key 80000002 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}priv.bin -ipu sign${SALG}pub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Signing Key Self Certify CA Root ${SALG}"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000001 -halg sha256 -pwdk sig -pwdo sig -opc tmppart1.bin -os tmpsig1.bin -oa tmpadd1.bin -otbs tmptbs1.bin -ocert tmpx5091.bin -salg ${SALG} -sub -v -iob 00050472 > run.out
+    checkSuccess $?
+
+
+    # dumpasn1 -a -l -d     tmpx509i.bin > tmpx509i1.dump
+    # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i1.dumphh
+    # dumpasn1 -a -l -d     tmppart1.bin > tmppart1.dump
+    # dumpasn1 -a -l -d -hh tmppart1.bin > tmppart1.dumphh
+    # dumpasn1 -a -l -d     tmpadd1.bin  > tmpadd1.dump
+    # dumpasn1 -a -l -d -hh tmpadd1.bin  > tmpadd1.dumphh
+    # dumpasn1 -a -l -d     tmpx5091.bin > tmpx5091.dump
+    # dumpasn1 -a -l -d -hh tmpx5091.bin > tmpx5091.dumphh
+    # openssl x509 -text -inform der -in tmpx5091.bin -noout > tmpx5091.txt
+
+    echo "Convert issuer X509 DER to PEM"
+    openssl x509 -inform der -in tmpx5091.bin -out tmpx5091.pem
+    echo " INFO:"
+
+    echo "Verify ${SALG} self signed issuer root" 
+    echo -n " INFO: "
+    openssl verify -CAfile tmpx5091.pem tmpx5091.pem
+
+    echo "Signing Key Certify ${SALG}"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -iob 00040472 > run.out
+    checkSuccess $?
+
+    # dumpasn1 -a -l -d     tmpx509i.bin > tmpx509i2.dump
+    # dumpasn1 -a -l -d -hh tmpx509i.bin > tmpx509i2.dumphh
+    # dumpasn1 -a -l -d     tmppart2.bin > tmppart2.dump
+    # dumpasn1 -a -l -d -hh tmppart2.bin > tmppart2.dumphhe 
+    # dumpasn1 -a -l -d     tmpadd2.bin  > tmpadd2.dump
+    # dumpasn1 -a -l -d -hh tmpadd2.bin  > tmpadd2.dumphh
+    # dumpasn1 -a -l -d     tmpx5092.bin > tmpx5092.dump
+    # dumpasn1 -a -l -d -hh tmpx5092.bin > tmpx5092.dumphh
+    # openssl x509 -text -inform der -in tmpx5092.bin -noout > tmpx5092.txt
+
+    echo "Convert subject X509 DER to PEM"
+    openssl x509 -inform der -in tmpx5092.bin -out tmpx5092.pem
+    echo " INFO:"
+
+    echo "Verify ${SALG} subject against issuer" 
+    echo -n " INFO: "
+    openssl verify -CAfile tmpx5091.pem tmpx5092.pem
+
+
+    echo "Signing Key Certify ${SALG} with bad OID"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -iob ffffffff > run.out
+    checkFailure $?
+
+# bad der, test bits for 250 bytes
+# better to get size from tmppart2.bin
+
+    # for bit in {0..2}
+    # do
+    # 	echo "Signing Key Certify ${SALG} testing bit $bit"
+    # 	${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -bit $bit > run.out
+    # 	checkSuccess0 $?
+    # done
+
+    echo "Flush the root CA issuer signing key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the subject signing key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+done
+
+# bad extensions for key type
+
+echo ""
+echo "TPM2_CertifyX509 Key Usage Extension for fixedTPM signing key"
+echo ""
+
+for SALG in rsa ecc
+do
+
+    echo "Load the ${SALG} issuer key 80000001 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}rpriv.bin -ipu sign${SALG}rpub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the ${SALG} subject key 80000002 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}priv.bin -ipu sign${SALG}pub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} digitalSignature"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,digitalSignature > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} nonRepudiation"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,nonRepudiation > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} keyEncipherment"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyEncipherment > run.out
+    checkFailure $?
+
+   echo "Signing Key Certify ${SALG} dataEncipherment"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,dataEncipherment > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} keyAgreement"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyAgreement > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} keyCertSign"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyCertSign > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} cRLSign"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,cRLSign > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} encipherOnly"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,encipherOnly > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} decipherOnly"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,decipherOnly > run.out
+    checkFailure $?
+
+    echo "Flush the root CA issuer signing key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the subject signing key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "TPM2_CertifyX509 Key Usage Extension for not fixedTPM signing key"
+echo ""
+
+for SALG in rsa ecc
+do
+
+    echo "Load the ${SALG} issuer key 80000001 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}nfpriv.bin -ipu sign${SALG}nfpub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the ${SALG} subject key 80000002 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}nfpriv.bin -ipu sign${SALG}nfpub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} digitalSignature"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,digitalSignature > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} nonRepudiation"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,nonRepudiation > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} keyEncipherment"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyEncipherment > run.out
+    checkFailure $?
+
+   echo "Signing Key Certify ${SALG} dataEncipherment"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,dataEncipherment > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} keyAgreement"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyAgreement > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} keyCertSign"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyCertSign > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} cRLSign"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,cRLSign > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} encipherOnly"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,encipherOnly > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} decipherOnly"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sig -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,decipherOnly > run.out
+    checkFailure $?
+
+    echo "Flush the root CA issuer signing key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the subject signing key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+done
+
+echo ""
+echo "TPM2_CertifyX509 Key Usage Extension for fixedTpm restricted encryption key"
+echo ""
+
+for SALG in rsa ecc
+do
+
+    echo "Load the ${SALG} issuer key 80000001 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr sign${SALG}rpriv.bin -ipu sign${SALG}rpub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Load the ${SALG} subject key 80000002 under the primary key"
+    ${PREFIX}load -hp 80000000 -ipr store${SALG}priv.bin -ipu store${SALG}pub.bin -pwdp sto > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} digitalSignature"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,digitalSignature > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} nonRepudiation"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,nonRepudiation > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} keyEncipherment"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyEncipherment > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} dataEncipherment"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,dataEncipherment > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} keyAgreement"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyAgreement > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} keyCertSign"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,keyCertSign > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} cRLSign"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,cRLSign > run.out
+    checkFailure $?
+
+    echo "Signing Key Certify ${SALG} encipherOnly"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,encipherOnly > run.out
+    checkSuccess $?
+
+    echo "Signing Key Certify ${SALG} decipherOnly"
+    ${PREFIX}certifyx509 -hk 80000001 -ho 80000002 -halg sha256 -pwdk sig -pwdo sto -opc tmppart2.bin -os tmpsig2.bin -oa tmpadd2.bin -otbs tmptbs2.bin -ocert tmpx5092.bin -salg ${SALG} -ku critical,decipherOnly > run.out
+    checkSuccess $?
+
+    echo "Flush the root CA issuer signing key"
+    ${PREFIX}flushcontext -ha 80000001 > run.out
+    checkSuccess $?
+
+    echo "Flush the subject signing key"
+    ${PREFIX}flushcontext -ha 80000002 > run.out
+    checkSuccess $?
+
+done
+
+# cleanup
+
+rm -r tmppart1.bin
+rm -r tmpadd1.bin
+rm -r tmptbs1.bin
+rm -r tmpsig1.bin
+rm -r tmpx5091.bin
+rm -r tmpx5091.pem
+rm -r tmpx5092.pem
+rm -r tmpx509i.bin
+rm -r tmppart2.bin
+rm -r tmpadd2.bin
+rm -r tmptbs2.bin
+rm -r tmpsig2.bin
+rm -r tmpx5092.bin
+
+# openssl only
+fi
diff --git a/utils/returncode.c b/utils/returncode.c
new file mode 100644
index 000000000..428517637
--- /dev/null
+++ b/utils/returncode.c
@@ -0,0 +1,78 @@
+/********************************************************************************/
+/*										*/
+/*			Return Code Hex to String     				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: returncode.c 1290 2018-08-01 14:45:24Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2017.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+int main(int argc, char *argv[])
+{
+    TPM_RC rc;
+    const char *msg;
+    const char *submsg;
+    const char *num;
+
+    if (argc < 2) {
+	printf("returncode: needs argument\n");
+	return EXIT_FAILURE;
+    }
+    if (strcmp(argv[1], "-h") == 0) {
+	printUsage();
+    }	    
+
+    rc = strtoul(argv[1], NULL, 16);
+    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+    printf("%s%s%s\n", msg, submsg, num);
+    return 0;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("Usage: returncode hex-number\n");
+    printf("\n");
+    printf("Returns the TPM_RC name and text for the return code\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils/rewrap.c b/utils/rewrap.c
new file mode 100644
index 000000000..7a996b2ae
--- /dev/null
+++ b/utils/rewrap.c
@@ -0,0 +1,349 @@
+/********************************************************************************/
+/*										*/
+/*			   Rewrap		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Rewrap_In 			in;
+    Rewrap_Out 			out;
+    TPMI_DH_OBJECT		oldParent = 0;
+    TPMI_DH_OBJECT		newParent = 0;
+    const char			*oldParentPassword = NULL; 
+    const char			*inDuplicateFilename = NULL;
+    const char			*nameFilename = NULL;			
+    const char			*inSymSeedFilename = NULL;
+    const char			*outDuplicateFilename = NULL;
+    const char			*outSymSeedFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ho") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &oldParent);
+	    }
+	    else {
+		printf("Missing parameter for -ho\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		oldParentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hn") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &newParent);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-id") == 0) {
+	    i++;
+	    if (i < argc) {
+		inDuplicateFilename = argv[i];
+	    }
+	    else {
+		printf("-id option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-in") == 0) {
+	    i++;
+	    if (i < argc) {
+		nameFilename = argv[i];
+	    }
+	    else {
+		printf("-in option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-iss") == 0) {
+	    i++;
+	    if (i < argc) {
+		inSymSeedFilename = argv[i];
+	    }
+	    else {
+		printf("-iss option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-od") == 0) {
+	    i++;
+	    if (i < argc) {
+		outDuplicateFilename = argv[i];
+	    }
+	    else {
+		printf("-od option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oss") == 0) {
+	    i++;
+	    if (i < argc) {
+		outSymSeedFilename = argv[i];
+	    }
+	    else {
+		printf("-oss option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (oldParent == 0) {
+	printf("Missing or bad object old parent handle -ho\n");
+	printUsage();
+    }
+    if (newParent == 0) {
+	printf("Missing or bad object new parent handle -hn\n");
+	printUsage();
+    }
+    if (inDuplicateFilename == NULL) {
+	printf("Missing duplicate private area parameter -id\n");
+	printUsage();
+    }
+    if (nameFilename == NULL) {
+	printf("Missing name parameter -in\n");
+	printUsage();
+    }
+    if (inSymSeedFilename == NULL) {
+	printf("Missing input symmetric seed parameter -iss\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.oldParent = oldParent;
+	in.newParent = newParent;
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.inDuplicate.b,
+			     sizeof(in.inDuplicate.t.buffer),
+			     inDuplicateFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.name.b,
+			     sizeof(in.name.t.name),
+			     nameFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_Read2B(&in.inSymSeed.b,
+			     sizeof(in.inSymSeed.t.secret),
+			     inSymSeedFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Rewrap,
+			 sessionHandle0, oldParentPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (outDuplicateFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.outDuplicate.t.buffer,
+				      out.outDuplicate.t.size,
+				      outDuplicateFilename);
+    }
+    if ((rc == 0) && (outSymSeedFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.outSymSeed.t.secret,
+				      out.outSymSeed.t.size,
+				      outSymSeedFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("rewrap: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("rewrap: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("rewrap\n");
+    printf("\n");
+    printf("Runs TPM2_Rewrap\n");
+    printf("\n");
+    printf("\t-ho\thandle of object old parent\n");
+    printf("\t[-pwdo\tpassword for old parent (default empty)]\n");
+    printf("\t-hn\thandle of object new parent\n");
+    printf("\t-id\tduplicate private area file name\n");
+    printf("\t-in\tobject name file name\n");
+    printf("\t-iss\tinput symmetric seed file name");
+    printf("\n");
+    printf("\t[-od\trewrap private area file name (default do not save)]\n");
+    printf("\t[-oss\tsymmetric seed file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/rsadecrypt.c b/utils/rsadecrypt.c
new file mode 100644
index 000000000..5fbe53e10
--- /dev/null
+++ b/utils/rsadecrypt.c
@@ -0,0 +1,471 @@
+/********************************************************************************/
+/*										*/
+/*			   RSA_Decrypt						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+
+static void printRsaDecrypt(RSA_Decrypt_Out *out);
+static TPM_RC padData(uint8_t 		**buffer,
+		      size_t		*padLength,
+		      TPMI_ALG_HASH 	halg,
+		      TPMI_RSA_KEY_BITS	keyBits);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    RSA_Decrypt_In 		in;
+    RSA_Decrypt_Out 		out;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    const char			*encryptFilename = NULL;
+    const char			*decryptFilename = NULL;
+    const char			*keyPassword = NULL;
+    const char			*keyPasswordFilename = NULL;
+    uint8_t			*keyPasswordBuffer = NULL;
+    size_t 			keyPasswordBufferLength = 0;
+    const char			*keyPasswordPtr = NULL;
+    TPMI_ALG_HASH 		halg = TPM_ALG_NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+ 
+    uint16_t			written;
+    size_t			length;			/* input data */
+    uint8_t			*buffer = NULL;		/* for the free */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPasswordFilename = argv[i];
+	    }
+	    else {
+		printf("-ipwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oid") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -oid\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-oid option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ie") == 0) {
+	    i++;
+	    if (i < argc) {
+		encryptFilename = argv[i];
+	    }
+	    else {
+		printf("-ie option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-od") == 0) {
+	    i++;
+	    if (i < argc) {
+		decryptFilename = argv[i];
+	    }
+	    else {
+		printf("-od option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (encryptFilename == NULL) {
+	printf("Missing encrypted message -ie\n");
+	printUsage();
+    }
+    if ((keyPassword != NULL) && (keyPasswordFilename != NULL)) {
+	printf("Only one of -pwdk and -ipwdk can be specified\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* use passsword from command line */
+	if (keyPassword != NULL) {
+	    keyPasswordPtr = keyPassword;
+	}
+	/* use password from file */
+	else if (keyPasswordFilename != NULL) {
+	    rc = TSS_File_ReadBinaryFile(&keyPasswordBuffer,     /* freed @2 */
+					 &keyPasswordBufferLength,
+					 keyPasswordFilename);
+	    keyPasswordPtr = (const char *)keyPasswordBuffer;
+	}
+	/* empty password */
+	else {
+	    keyPasswordPtr = NULL;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     encryptFilename);
+    }
+    if (rc == 0) {
+	if (length > 256) {
+	    printf("Input data too long %u\n", (unsigned int)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* if an OID was requested, treat the encryptFilename as a hash to be signed */
+    if ((rc == 0) && (halg != TPM_ALG_NULL)) {
+	rc = padData(&buffer,		/* realloced to fit */
+		     &length,		/* resized for OID and pad */
+		     halg,
+		     2048);		/* hard coded RSA-2048 */
+	/* FIXME use readpublic and get bit size or maybe byte size */
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform rsa decrypt */
+	in.keyHandle = keyHandle;
+
+	/* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */
+	{
+	    in.cipherText.t.size = (uint16_t)length;	/* cast safe, range tested above */
+	    memcpy(in.cipherText.t.buffer, buffer, length);
+	}
+	/* padding scheme */
+	{
+	    /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */
+	    in.inScheme.scheme = TPM_ALG_NULL;
+	}
+	/* label */
+	{
+	    /* Table 73 - Definition of TPM2B_DATA Structure */
+	    in.label.t.size = 0;
+	}
+    }
+    free(buffer);		/* @1 */
+    buffer = NULL;
+
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_RSA_Decrypt,
+			 sessionHandle0, keyPasswordPtr, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (decryptFilename != NULL)) {
+	rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				   &written,
+				   &out.message,
+				   (MarshalFunction_t)TSS_TPM2B_PUBLIC_KEY_RSA_Marshal);
+    }
+    if ((rc == 0) && (decryptFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t),
+				      written - sizeof(uint16_t),
+				      decryptFilename); 
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printRsaDecrypt(&out);
+	if (tssUtilsVerbose) printf("rsadecrypt: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("rsadecrypt: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(buffer);		/* @1 */
+    free(keyPasswordBuffer);	/* @2 */
+    return rc;
+}
+
+static TPM_RC padData(uint8_t 			**buffer,
+		      size_t			*padLength,
+		      TPMI_ALG_HASH 		halg,
+		      TPMI_RSA_KEY_BITS		keyBits)
+{
+    TPM_RC		rc = 0;
+    uint16_t 		digestSize;
+    const uint8_t	*oid;
+    uint16_t		oidSize;
+    const uint8_t	sha1Oid[] = {SHA1_DER};
+    const uint8_t	sha256Oid[] = {SHA256_DER};
+    const uint8_t	sha384Oid[] = {SHA384_DER};
+    const uint8_t	sha512Oid[] = {SHA512_DER};
+    
+    /* check that the original buffer length matches the hash algorithm */
+    if (rc == 0) {
+	digestSize = TSS_GetDigestSize(halg);
+	if (digestSize == 0) {
+	    printf("padData: Unsupported hash algorithm %04x\n", halg);
+	    rc = TPM_RC_HASH;
+	}
+    }
+    if (rc == 0) {
+	if (digestSize != *padLength) {
+	    unsigned long pl = *padLength;
+	    printf("paddata: hash algorithm length %u not equal data length %lu\n",
+		   digestSize, pl);
+	    rc = TPM_RC_VALUE;
+	}
+    }
+    /* realloc the buffer to the key size in bytes */
+    if (rc == 0) {
+	*padLength = keyBits / 8;
+	rc = TSS_Realloc(buffer, *padLength);
+    }
+    /* determine the OID */
+    if (rc == 0) {
+	switch (halg) {
+	  case TPM_ALG_SHA1:
+	    oid = sha1Oid;
+	    oidSize = SHA1_DER_SIZE;
+	    break;
+	  case TPM_ALG_SHA256:
+	    oid = sha256Oid;
+	    oidSize = SHA256_DER_SIZE;
+	    break;
+	  case TPM_ALG_SHA384:
+	    oid = sha384Oid;
+	    oidSize = SHA384_DER_SIZE;
+	    break;
+	  case TPM_ALG_SHA512:
+	    oid = sha512Oid;
+	    oidSize = SHA512_DER_SIZE;
+	    break;
+	  default:
+	    printf("padData: Unsupported hash algorithm %04x\n", halg);
+	    rc = TPM_RC_HASH;
+	}
+    }
+    if (rc == 0) {
+	/* move the hash to the end */
+	memmove(*buffer + *padLength - digestSize, *buffer, digestSize);
+	/* prepend the OID */
+	memcpy(*buffer + *padLength - digestSize - oidSize, oid, oidSize);
+	/* prepend the PKCS1 pad */
+	(*buffer)[0] = 0x00;
+	(*buffer)[1] = 0x01;
+	memset(&(*buffer)[2], 0xff, *padLength - 3 - oidSize - digestSize);
+	(*buffer)[*padLength - oidSize - digestSize - 1] = 0x00;
+	if (tssUtilsVerbose) TSS_PrintAll("padData: padded data", *buffer, *padLength);
+    }
+    return rc;
+}
+
+static void printRsaDecrypt(RSA_Decrypt_Out *out)
+{
+    TSS_PrintAll("outData", out->message.t.buffer, out->message.t.size);
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("rsadecrypt\n");
+    printf("\n");
+    printf("Runs TPM2_RSA_Decrypt\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)[\n");
+    printf("\t[-ipwdk\tpassword file for key, nul terminated (default empty)]\n");
+    printf("\t-ie\tencrypt file name\n");
+    printf("\t-od\tdecrypt file name (default do not save)\n");
+    printf("\t[-oid\t(sha1, sha256, sha384 sha512)]\n");
+    printf("\t\toptionally add OID and PKCS1 padding to the\n");
+    printf("\t\tencrypt data (demo of signing with arbitrary OID)\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/rsaencrypt.c b/utils/rsaencrypt.c
new file mode 100644
index 000000000..3071827b9
--- /dev/null
+++ b/utils/rsaencrypt.c
@@ -0,0 +1,227 @@
+/********************************************************************************/
+/*										*/
+/*			   RSA_Encrypt						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printRsaEncrypt(RSA_Encrypt_Out *out);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    RSA_Encrypt_In 		in;
+    RSA_Encrypt_Out 		out;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    const char			*decryptFilename = NULL;
+    const char			*encryptFilename = NULL;
+
+    uint16_t			written = 0;
+    size_t 			length = 0;
+    uint8_t			*buffer = NULL;	/* for the free */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-id") == 0) {
+	    i++;
+	    if (i < argc) {
+		decryptFilename = argv[i];
+	    }
+	    else {
+		printf("-id option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-oe") == 0) {
+	    i++;
+	    if (i < argc) {
+		encryptFilename = argv[i];
+	    }
+	    else {
+		printf("-oe option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (decryptFilename == NULL) {
+	printf("Missing decrypted file -id\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     decryptFilename);
+    }
+    if (rc == 0) {
+	if (length > 256) {
+	    printf("Input data too long %u\n", (unsigned int)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform rsaencrypting */
+	in.keyHandle = keyHandle;
+
+	/* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */
+	{
+	    in.message.t.size = (uint16_t)length;	/* cast safe, range tested above */
+	    memcpy(in.message.t.buffer, buffer, length);
+	}
+	/* padding scheme */
+	{
+	    /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */
+	    in.inScheme.scheme = TPM_ALG_NULL;
+	}
+	/* label */
+	{
+	    /* NOTE: label requires the last byte to be zero.  I.e., when implemented, do not set
+	       the in.label.t.size to strlen() */
+	    /* Table 73 - Definition of TPM2B_DATA Structure */
+	    in.label.t.size = 0;
+	}
+    }
+    free (buffer);	/* @1 */
+    buffer = NULL;
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_RSA_Encrypt,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (encryptFilename != NULL)) {
+	rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				   &written,
+				   &out.outData,
+				   (MarshalFunction_t)TSS_TPM2B_PUBLIC_KEY_RSA_Marshal);
+    }
+    if ((rc == 0) && (encryptFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t),
+				      written - sizeof(uint16_t),
+				      encryptFilename); 
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printRsaEncrypt(&out);
+	if (tssUtilsVerbose) printf("rsaencrypt: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("rsaencrypt: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+static void printRsaEncrypt(RSA_Encrypt_Out *out)
+{
+    TSS_PrintAll("outData", out->outData.t.buffer, out->outData.t.size);
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("rsaencrypt\n");
+    printf("\n");
+    printf("Runs TPM2_RSA_Encrypt\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t-id\tdecrypt file name\n");
+    printf("\t[-oe\tencrypt file name (default do not save)]\n");
+    exit(1);	
+}
diff --git a/utils/sequencecomplete.c b/utils/sequencecomplete.c
new file mode 100644
index 000000000..c6f1e729b
--- /dev/null
+++ b/utils/sequencecomplete.c
@@ -0,0 +1,336 @@
+/********************************************************************************/
+/*										*/
+/*			    SequenceComplete					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    SequenceComplete_In 	in;
+    SequenceComplete_Out	out;
+    char 			hierarchyChar = 'n';
+    TPMI_RH_HIERARCHY		hierarchy = TPM_RH_NULL;
+    TPMI_DH_OBJECT		sequenceHandle = 0;
+    const char			*inFilename = NULL;
+    const char			*outFilename = NULL;
+    const char			*ticketFilename = NULL;
+    const char			*sequencePassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    size_t 			length = 0;
+    uint8_t			*buffer = NULL;	/* for the free */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		hierarchyChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else 	if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sequenceHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwds") == 0) {
+	    i++;
+	    if (i < argc) {
+		sequencePassword = argv[i];
+	    }
+	    else {
+		printf("-pwds option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (hierarchyChar == 'e') {
+	    hierarchy = TPM_RH_ENDORSEMENT;
+	}
+	else if (hierarchyChar == 'o') {
+	    hierarchy = TPM_RH_OWNER;
+	}
+	else if (hierarchyChar == 'p') {
+	    hierarchy = TPM_RH_PLATFORM;
+	}
+	else if (hierarchyChar == 'n') {
+	    hierarchy = TPM_RH_NULL;
+	}
+	else {
+	    printf("Bad parameter %c for -hi\n", hierarchyChar);
+	    printUsage();
+	}
+ 	in.hierarchy = hierarchy;
+    }
+    if (sequenceHandle == 0) {
+	printf("Missing sequence handle parameter -hs\n");
+	printUsage();
+    }
+    if ((rc == 0) && (inFilename != NULL)) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     inFilename);
+    }
+    if (rc == 0) {
+	if (length >  sizeof(in.buffer.t.buffer)) {
+	    printf("Input data too long %u\n", (unsigned int)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform update */
+	in.sequenceHandle = sequenceHandle;
+
+	/* data for update */
+	in.buffer.t.size = (uint16_t)length;
+	if (length > 0) {
+	    memcpy(in.buffer.t.buffer, buffer, length);
+	}
+    }
+    free(buffer);	/* @1 */
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_SequenceComplete,
+			 sessionHandle0, sequencePassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (outFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.result.t.buffer,
+				      out.result.t.size,
+				      outFilename); 
+    }    
+    if ((rc == 0) && (ticketFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.validation,
+				     (MarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Marshal,
+				     ticketFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("Result", out.result.t.buffer, out.result.t.size);
+	if (tssUtilsVerbose) printf("sequencecomplete: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("sequencecomplete: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("sequencecomplete\n");
+    printf("\n");
+    printf("Runs TPM2_SequenceComplete\n");
+    printf("\n");
+    printf("\t-hs\tsequence handle\n");
+    printf("\t[-pwds\tpassword for sequence (default empty)]\n");
+    printf("\t[-if\tinput file to be added (default no data)]\n");
+    printf("\t[-of\tresult file name]\n");
+    printf("\t[-tk\tticket file name]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/sequenceupdate.c b/utils/sequenceupdate.c
new file mode 100644
index 000000000..c29698b1c
--- /dev/null
+++ b/utils/sequenceupdate.c
@@ -0,0 +1,268 @@
+/********************************************************************************/
+/*										*/
+/*			    SequenceUpdate					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    SequenceUpdate_In 		in;
+    TPMI_DH_OBJECT		sequenceHandle = 0;
+    const char			*inFilename = NULL;
+    const char			*sequencePassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    size_t 			length = 0;
+    uint8_t			*buffer = NULL;	/* for the free */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sequenceHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwds") == 0) {
+	    i++;
+	    if (i < argc) {
+		sequencePassword = argv[i];
+	    }
+	    else {
+		printf("-pwds option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (sequenceHandle == 0) {
+	printf("Missing sequence handle parameter -hs\n");
+	printUsage();
+    }
+    if (inFilename == NULL) {
+	printf("Missing input file -if\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     inFilename);
+    }
+    if (rc == 0) {
+	if (length > sizeof(in.buffer.t.buffer)) {
+	    printf("Input data too long %u\n", (unsigned int)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform update */
+	in.sequenceHandle = sequenceHandle;
+
+	/* data for update */
+	in.buffer.t.size = (uint16_t)length;
+	memcpy(in.buffer.t.buffer, buffer, length);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_SequenceUpdate,
+			 sessionHandle0, sequencePassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    free(buffer);	/* @1 */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("sequenceupdate: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("sequenceupdate: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("sequenceupdate\n");
+    printf("\n");
+    printf("Runs TPM2_SequenceUpdate\n");
+    printf("\n");
+    printf("\t-hs\tsequence handle\n");
+    printf("\t[-pwds\tpassword for sequence (default empty)]\n");
+    printf("\t-if\tinput file to be HMACed\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t\t01 continue\n");
+    printf("\t\t20 command decrypt\n");
+    exit(1);	
+}
diff --git a/utils/setcommandcodeauditstatus.c b/utils/setcommandcodeauditstatus.c
new file mode 100644
index 000000000..7a880ae7d
--- /dev/null
+++ b/utils/setcommandcodeauditstatus.c
@@ -0,0 +1,298 @@
+/********************************************************************************/
+/*										*/
+/*			    SetCommandCodeAuditStatus				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    SetCommandCodeAuditStatus_In 	in;
+    TPM_CC			commandCode;
+    char 			authHandleChar = 'p';
+    const char			*authPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    in.auditAlg = TPM_ALG_NULL;	/* default, don't change */
+    in.setList.count = 0;
+    in.clearList.count = 0;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		authHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-set") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &commandCode);
+		in.setList.commandCodes[in.setList.count] = commandCode;
+		in.setList.count++;
+	    }
+	    else {
+		printf("-set option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-clr") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &commandCode);
+		in.clearList.commandCodes[in.clearList.count] = commandCode;
+		in.clearList.count++;
+	    }
+	    else {
+		printf("-clr option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    in.auditAlg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    in.auditAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    in.auditAlg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    in.auditAlg = TPM_ALG_SHA512;
+		}
+		else if (strcmp(argv[i],"null") == 0) {
+		    in.auditAlg = TPM_ALG_NULL;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (authHandleChar == 'o') {
+	    in.auth = TPM_RH_OWNER;
+	}
+	else if (authHandleChar == 'p') {
+	    in.auth = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_SetCommandCodeAuditStatus,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("setcommandcodeauditstatus: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("setcommandcodeauditstatus: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("setprimarypolicy\n");
+    printf("\n");
+    printf("Runs TPM2_SetCommandCodeAuditStatus\n");
+    printf("\n");
+    printf("\t[-hi\tauthhandle hierarchy (o, p) (default platform)]\n");
+    printf("\t[-pwda\tauthorization password (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512, null) (default null)]\n");
+    printf("\t[-set\tcommand code to set (may be specified more than once (default none)]\n");
+    printf("\t[-clr\tcommand code to clear (may be specified more than once (default none)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/setprimarypolicy.c b/utils/setprimarypolicy.c
new file mode 100644
index 000000000..619937f83
--- /dev/null
+++ b/utils/setprimarypolicy.c
@@ -0,0 +1,300 @@
+/********************************************************************************/
+/*										*/
+/*			    SetPrimaryPolicy 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2018
+   9.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    SetPrimaryPolicy_In 	in;
+    char 			authHandleChar = 'p';
+    const char			*authPassword = NULL; 
+    const char			*policyFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    in.hashAlg = TPM_ALG_NULL;	/* default */
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hi") == 0) {
+	    i++;
+	    if (i < argc) {
+		authHandleChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwda") == 0) {
+	    i++;
+	    if (i < argc) {
+		authPassword = argv[i];
+	    }
+	    else {
+		printf("-pwda option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pol") == 0) {
+	    i++;
+	    if (i < argc) {
+		policyFilename = argv[i];
+	    }
+	    else {
+		printf("-pol option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha256") == 0) {
+		    in.hashAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha1") == 0) {
+		    in.hashAlg = TPM_ALG_SHA1;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (policyFilename != NULL) {
+	if (in.hashAlg == TPM_ALG_NULL) {
+	    printf("-pol requires -halg\n");
+	    printUsage();
+	}
+    }
+    else {
+	if (in.hashAlg != TPM_ALG_NULL) {
+	    printf("-halg requires -pol\n");
+	    printUsage();
+	}
+    }
+    /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */
+    if (rc == 0) {
+	if (authHandleChar == 'l') {
+	    in.authHandle = TPM_RH_LOCKOUT;
+	}
+	else if (authHandleChar == 'e') {
+	    in.authHandle = TPM_RH_ENDORSEMENT;
+	}
+	else if (authHandleChar == 'o') {
+	    in.authHandle = TPM_RH_OWNER;
+	}
+	else if (authHandleChar == 'p') {
+	    in.authHandle = TPM_RH_PLATFORM;
+	}
+	else {
+	    printf("Missing or illegal -hi\n");
+	    printUsage();
+	}
+    }
+    /* authorization policy */
+    if (policyFilename != NULL) {
+	rc = TSS_File_Read2B(&in.authPolicy.b,
+			     sizeof(in.authPolicy.t.buffer),
+			     policyFilename);
+    }
+    else {
+	in.authPolicy.t.size = 0;	/* default empty policy */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_SetPrimaryPolicy,
+			 sessionHandle0, authPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("setprimarypolicy: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("setprimarypolicy: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("setprimarypolicy\n");
+    printf("\n");
+    printf("Runs TPM2_SetPrimaryPolicy\n");
+    printf("\n");
+    printf("\t[-hi\tauthhandle hierarchy (l, e, o, p) (default platform)]\n");
+    printf("\t[-pwda\tauthorization password (default empty)]\n");
+    printf("\t[-pol\tpolicy file (default empty policy)]\n");
+    printf("\t[-halg\t(sha1, sha256) (default null)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/shutdown.c b/utils/shutdown.c
new file mode 100644
index 000000000..8a3cb634f
--- /dev/null
+++ b/utils/shutdown.c
@@ -0,0 +1,129 @@
+/********************************************************************************/
+/*										*/
+/*			    Shutdown		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+TPM_RC shutdownCommand(TPM_SU shutdownType);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;			/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Shutdown_In 		in;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    in.shutdownType = TPM_SU_CLEAR;			/* default */
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-c") == 0) {
+	    in.shutdownType = TPM_SU_CLEAR;
+	}
+	else if (strcmp(argv[i],"-s") == 0) {
+	    in.shutdownType = TPM_SU_STATE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Shutdown,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("shutdown: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("shutdown: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("shutdown\n");
+    printf("\n");
+    printf("Runs TPM2_Shutdown\n");
+    printf("\n");
+    printf("\t[-c\tshutdown clear (default)]\n");
+    printf("\t[-s\tshutdown state]\n");
+    exit(1);	
+}
+
diff --git a/utils/sign.c b/utils/sign.c
new file mode 100644
index 000000000..4fccc8ebb
--- /dev/null
+++ b/utils/sign.c
@@ -0,0 +1,489 @@
+/********************************************************************************/
+/*										*/
+/*			    Sign						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Sign_In 			in;
+    Sign_Out 			out;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_SIG_SCHEME		scheme = TPM_ALG_RSASSA;
+    const char			*messageFilename = NULL;
+    const char                  *counterFilename = NULL;
+    const char			*ticketFilename = NULL;
+    const char			*publicKeyFilename = NULL;
+    const char			*signatureFilename = NULL;
+    const char			*keyPassword = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+ 
+    unsigned char 		*data = NULL;	/* message */
+    size_t 			length;
+    uint32_t           		sizeInBytes;	/* hash algorithm mapped to size */
+    TPMT_HA 			digest;		/* digest of the message */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdk") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-salg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsa") == 0) {
+		    scheme = TPM_ALG_RSASSA;
+		}
+		else if (strcmp(argv[i],"ecc") == 0) {
+		    scheme = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    scheme = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -salg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-salg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-scheme") == 0) {
+            i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"rsassa") == 0) {
+		    scheme = TPM_ALG_RSASSA;
+		}
+		else if (strcmp(argv[i],"rsapss") == 0) {
+		    scheme = TPM_ALG_RSAPSS;
+		}
+		else if (strcmp(argv[i],"ecdsa") == 0) {
+		    scheme = TPM_ALG_ECDSA;
+		}
+		else if (strcmp(argv[i],"ecdaa") == 0) {
+		    scheme = TPM_ALG_ECDAA;
+		}
+		else if (strcmp(argv[i],"hmac") == 0) {
+		    scheme = TPM_ALG_HMAC;
+		}
+		else {
+		    printf("Bad parameter %s for -scheme\n", argv[i]);
+		    printUsage();
+		}
+	    }
+        }
+	else if (strcmp(argv[i],"-cf") == 0) {
+	    i++;
+	    if (i < argc) {
+	        counterFilename = argv[i];
+	    }
+	    else {
+		printf("-cf option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		messageFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (messageFilename == NULL) {
+	printf("Missing message file name -if\n");
+	printUsage();
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if ((scheme == TPM_ALG_ECDAA) && (counterFilename == NULL)) {
+	printf("Missing counter file name -cf for ECDAA algorithm\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&data,     /* freed @1 */
+				     &length,
+				     messageFilename);
+    }
+    /* hash the file */
+    if (rc == 0) {
+	digest.hashAlg = halg;
+	sizeInBytes = TSS_GetDigestSize(digest.hashAlg);
+	rc = TSS_Hash_Generate(&digest,
+			       length, data,
+			       0, NULL);
+    }
+    if (rc == 0) {
+	/* Handle of key that will perform signing */
+	in.keyHandle = keyHandle;
+
+	/* digest to be signed */
+	in.digest.t.size = sizeInBytes;
+	memcpy(&in.digest.t.buffer, (uint8_t *)&digest.digest, sizeInBytes);
+	/* Table 145 - Definition of TPMT_SIG_SCHEME inScheme */
+	in.inScheme.scheme = scheme;
+	/* Table 144 - Definition of TPMU_SIG_SCHEME details > */
+	/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+	/* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+	/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+	if ((scheme == TPM_ALG_RSASSA) ||
+	    (scheme == TPM_ALG_RSAPSS)) {
+	    in.inScheme.details.rsassa.hashAlg = halg;
+	}
+	else if (scheme == TPM_ALG_ECDAA) {
+	    in.inScheme.details.ecdaa.hashAlg = halg;
+	    rc = TSS_File_ReadStructure(&in.inScheme.details.ecdaa.count, 
+					(UnmarshalFunction_t)TSS_UINT16_Unmarshalu,
+					counterFilename);
+	}
+	else {	/* scheme TPM_ALG_ECDSA */
+	    in.inScheme.details.ecdsa.hashAlg = halg;
+	}
+    }
+    if (rc == 0) {
+	if (ticketFilename == NULL) {
+	    /* proof that digest was created by the TPM (NULL ticket) */
+	    /* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */
+	    in.validation.tag = TPM_ST_HASHCHECK;
+	    in.validation.hierarchy = TPM_RH_NULL;
+	    in.validation.digest.t.size = 0;
+	}
+	else {
+	    rc = TSS_File_ReadStructure(&in.validation,
+					(UnmarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Unmarshalu,
+					ticketFilename);
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Sign,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.signature,
+				     (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal,
+				     signatureFilename);
+    }
+    /* if a public key was specified, use openssl to verify the signature using an openssl RSA
+       format key token */
+    if (publicKeyFilename != NULL) {
+	TPM2B_PUBLIC 	public;
+	void         	*rsaPubKey = NULL;
+	if (rc == 0) {
+	    rc = TSS_File_ReadStructureFlag(&public,
+					    (UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					    TRUE,			/* NULL permitted */
+					    publicKeyFilename);
+	}
+	/* construct the OpenSSL RSA public key token */
+	if (rc == 0) {
+	    unsigned char earr[3] = {0x01, 0x00, 0x01};
+	    rc = TSS_RSAGeneratePublicTokenI
+		 (&rsaPubKey,					/* freed @2 */
+		  public.publicArea.unique.rsa.t.buffer, 	/* public modulus */
+		  public.publicArea.unique.rsa.t.size,
+		  earr,      					/* public exponent */
+		  sizeof(earr));
+	}
+	/*
+	  verify the TPM signature
+	*/
+	if (rc == 0) {
+	    rc = verifyRSASignatureFromRSA((uint8_t *)&in.digest.t.buffer,
+					   in.digest.t.size,
+					   &out.signature,
+					   halg,
+					   rsaPubKey);
+
+	}
+	TSS_RsaFree(rsaPubKey); 		/* @2 */
+    }
+    free(data);					/* @1 */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("sign: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("sign: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+    
+static void printUsage(void)
+{
+    printf("\n");
+    printf("sign\n");
+    printf("\n");
+    printf("Runs TPM2_Sign\n");
+    printf("\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t-if\tinput message to hash and sign\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-salg\tsignature algorithm (rsa, ecc, hmac) (default rsa)]\n");
+    printf("\t[-scheme signing scheme (rsassa, rsapss, ecdsa, ecdaa, hmac)]\n");
+    printf("\t\t(default rsassa, ecdsa, hmac)]\n");
+    printf("\t[-cf\tinput counter file (commit count required for ECDAA scheme]\n");
+    printf("\t[-ipu\tpublic key file name to verify signature (default no verify)]\n");
+    printf("\t\tVerify only supported for RSA now\n");
+    printf("\t[-os\tsignature file name (default do not save)]\n");
+    printf("\t[-tk\tticket file name]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    exit(1);	
+}
diff --git a/utils/signapp.c b/utils/signapp.c
new file mode 100644
index 000000000..29514eb13
--- /dev/null
+++ b/utils/signapp.c
@@ -0,0 +1,836 @@
+/********************************************************************************/
+/*										*/
+/*			    Sign Application					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   Demo application, and test of "no file TSS"
+
+   Prerequisite: A provisioned EK certificate.  Use 'clientek' in the acs directory to provision a
+   software TPM EK certificate.
+
+   Program steps:
+
+   Create an EK.  The EK would not normally be the storage root key, but this demonstrates use of a
+   policy session, creating an EK primary key using the EK template, and validation of the EK
+   against the EK certificate.
+
+   Start a policy session, salt with EK
+
+   Create a signing key, salted policy session
+   
+   Load the signing key, salted policy session
+
+   Start an HMAC session, salt with EK, bind to signing key
+
+   Sign a message, verify the signature
+
+   Flush the signing key
+
+   Flush the EK
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include "ekutils.h"
+#include "objecttemplates.h"
+
+#define KEYPWD	"keypwd" 
+
+static TPM_RC startSession(TSS_CONTEXT *tssContext,
+			   TPMI_SH_AUTH_SESSION *sessionHandle,
+			   TPM_SE sessionType,
+			   TPMI_DH_OBJECT tpmKey,
+			   TPMI_DH_ENTITY bind,
+			   const char *bindPassword);
+static TPM_RC policyRestart(TSS_CONTEXT *tssContext,
+			    TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC policyCommandCode(TSS_CONTEXT *tssContext,
+				TPM_CC	commandCode,
+				TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC policyAuthValue(TSS_CONTEXT *tssContext,
+			      TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC policyPassword(TSS_CONTEXT *tssContext,
+			     TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC policySecret(TSS_CONTEXT *tssContext,
+			   TPMI_DH_ENTITY authHandle,
+			   TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC policyGetDigest(TSS_CONTEXT *tssContext,
+			      TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC createKey(TSS_CONTEXT *tssContext,
+			TPM2B_PRIVATE *outPrivate,
+			TPM2B_PUBLIC *outPublic,
+			TPMI_SH_AUTH_SESSION policySessionHandle,
+			TPM_HANDLE parentHandle,
+			const char *keyPassword,
+			int pwSession);
+static TPM_RC loadKey(TSS_CONTEXT *tssContext,
+		      TPM_HANDLE *keyHandle,
+		      TPM_HANDLE parentHandle,
+		      TPMI_SH_AUTH_SESSION policySessionHandle,
+		      TPM2B_PRIVATE *outPrivate,
+		      TPM2B_PUBLIC *outPublic,
+		      int pwSession);
+static TPM_RC sign(TSS_CONTEXT *tssContext,
+		   TPMT_SIGNATURE *signature,
+		   TPM_HANDLE keyHandle,
+		   TPMI_SH_AUTH_SESSION sessionHandle,
+		   uint32_t sizeInBytes,
+		   TPMT_HA *messageDigest);
+static TPM_RC verify(TSS_CONTEXT *tssContext,
+		     TPM_HANDLE keyHandle,
+		     uint32_t sizeInBytes,
+		     TPMT_HA *messageDigest,
+		     TPMT_SIGNATURE *signature);
+static TPM_RC flush(TSS_CONTEXT *tssContext,
+		    TPMI_DH_CONTEXT flushHandle);
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    int 			pwSession = FALSE;		/* default HMAC session */
+    const char 			*messageString = NULL;
+    uint32_t 			sizeInBytes;
+    TPMT_HA 			messageDigest;			/* digest of the message */
+    TPMI_SH_AUTH_SESSION 	policySessionHandle = TPM_RH_NULL;
+    TPMI_SH_AUTH_SESSION 	sessionHandle = TPM_RH_NULL;
+    TPM_HANDLE 			ekKeyHandle = TPM_RH_NULL;	/* primary key handle */
+    TPM2B_PRIVATE 		outPrivate;
+    TPM2B_PUBLIC 		outPublic;
+    TPM_HANDLE 			keyHandle = TPM_RH_NULL;	/* signing key handle */
+    TPMT_SIGNATURE		signature;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwsess") == 0) {
+	    pwSession = TRUE;
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		messageString = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (messageString == NULL) {
+	printf("Missing message -ic\n");
+	printUsage();
+    }
+    /* hash the message file */
+    if (rc == 0) {
+	messageDigest.hashAlg = TPM_ALG_SHA256;
+	/* hash algorithm mapped to size */
+	sizeInBytes = TSS_GetDigestSize(messageDigest.hashAlg);
+	rc = TSS_Hash_Generate(&messageDigest,
+			       strlen(messageString), messageString,
+			       0, NULL);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Create a TSS context\n");
+	rc = TSS_Create(&tssContext);
+    }
+    /* createprimary first for salt.  processPrimary() also reads the EK certificate and validates
+       it against the primary key.  It doesn't walk the certificate chain.  */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Create a primary EK for the salt\n");
+	rc = processPrimary(tssContext,
+			    &ekKeyHandle,
+			    EK_CERT_RSA_INDEX, EK_NONCE_RSA_INDEX, EK_TEMPLATE_RSA_INDEX,
+			    TRUE, tssUtilsVerbose);		/* do not flush */
+	if (tssUtilsVerbose) printf("INFO: Primary EK handle %08x\n", ekKeyHandle);
+    }
+    /* start a policy session */
+    if (rc == 0) {
+	TPM_HANDLE	saltHandle;
+	if (tssUtilsVerbose) printf("INFO: Start a policy session\n");
+	if (!pwSession) {
+	    saltHandle = ekKeyHandle;
+	}
+	else {
+	    saltHandle = TPM_RH_NULL;	/* primary key handle */
+	}
+	rc = startSession(tssContext,
+			  &policySessionHandle,
+			  TPM_SE_POLICY,
+			  saltHandle, TPM_RH_NULL,	/* salt, no bind */
+			  NULL);			/* no bind password */
+	if (tssUtilsVerbose) printf("INFO: Policy session %08x\n", policySessionHandle);
+    }
+    /* EK needs policy secret with endorsement auth */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Satisfy the policy session %08x\n", policySessionHandle);
+	rc = policySecret(tssContext,
+			  TPM_RH_ENDORSEMENT,
+			  policySessionHandle);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Dump the policy session %08x\n", policySessionHandle);
+	rc = policyGetDigest(tssContext,
+			     policySessionHandle);
+    }
+    /* Create the signing key */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Create a signing key under the EK %08x\n", ekKeyHandle);
+	rc = createKey(tssContext,
+		       &outPrivate,
+		       &outPublic,
+		       policySessionHandle,	/* continue */
+		       ekKeyHandle,		/* parent */
+		       KEYPWD,			/* password for the signing key */
+		       pwSession);
+    }
+    /* reuse the policy session to load the signing key under the EK storage key */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Restart the policy session %08x\n", policySessionHandle);
+	rc = policyRestart(tssContext,
+			   policySessionHandle);
+    }
+    /* EK needs policy secret with endorsement auth */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Satisfy the policy session %08x\n", policySessionHandle);
+	rc = policySecret(tssContext,
+			  TPM_RH_ENDORSEMENT,
+			  policySessionHandle);
+    }
+    /* Load the signing key.  flush the policy session. */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Load a signing key under the EK %08x\n", ekKeyHandle);
+	rc = loadKey(tssContext,
+		     &keyHandle,		/* signing key */
+		     ekKeyHandle,		/* parent */
+		     policySessionHandle,	/* no flush */
+		     &outPrivate,
+		     &outPublic,
+		     pwSession);
+	if (tssUtilsVerbose) printf("INFO: Loaded key handle %08x\n", keyHandle);
+    }
+    /* start an HMAC session, salt with EK, bind with signing key */
+    if (rc == 0) {
+	if (!pwSession) {
+	    if (tssUtilsVerbose) printf("INFO: Start a salt and bind session\n");
+	    rc = startSession(tssContext,
+			      &sessionHandle,	/* salt, bind */
+			      TPM_SE_HMAC,
+			      ekKeyHandle,	/* salt */
+			      keyHandle,	/* bind */
+			      KEYPWD);		/* bind with signing key password */
+
+	    if (tssUtilsVerbose) printf("INFO: Salt and bind session %08x\n", sessionHandle);
+	}
+	else {
+	    sessionHandle = TPM_RS_PW;
+	}
+    }
+    /*
+      sign and verify using an HMAC or password
+    */
+    /* Sign the message digest */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Sign with the signing key %08x\n", keyHandle);
+	rc = sign(tssContext,
+		  &signature,
+		  keyHandle,		/* signing key */
+		  sessionHandle,	/* continue */
+		  sizeInBytes,		/* hash algorithm mapped to size */
+		  &messageDigest);	/* digest of the message */
+    }
+    /* Verify the signature */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Verify the signature %08x\n", keyHandle);
+	rc = verify(tssContext,
+		    keyHandle,		/* verification public key */
+		    sizeInBytes,	/* hash algorithm mapped to size */
+		    &messageDigest,	/* digest of the message */
+		    &signature);
+    }
+    /*
+      sign and verify using a policy session, policy authvalue or policy password
+    */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Restart the policy session %08x\n", policySessionHandle);
+	rc = policyRestart(tssContext,
+			   policySessionHandle);
+    }
+    /* policy command code */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Satisfy the policy session %08x\n", policySessionHandle);
+	rc = policyCommandCode(tssContext,
+			       TPM_CC_Sign,
+			       policySessionHandle);
+    }
+    /* policy authvalue or policypassword */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Satisfy the policy session %08x\n", policySessionHandle);
+	if (!pwSession) {
+	    rc = policyAuthValue(tssContext,
+				 policySessionHandle);
+	}
+	else {
+	    rc = policyPassword(tssContext,
+				policySessionHandle);
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Dump the policy session %08x\n", policySessionHandle);
+	rc = policyGetDigest(tssContext,
+			     policySessionHandle);
+    }
+    /* Sign the message digest */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Sign with the signing key %08x\n", keyHandle);
+	rc = sign(tssContext,
+		  &signature,
+		  keyHandle,		/* signing key */
+		  policySessionHandle,	/* continue */
+		  sizeInBytes,		/* hash algorithm mapped to size */
+		  &messageDigest);	/* digest of the message */
+    }
+    /* Verify the signature */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Verify the signature %08x\n", keyHandle);
+	rc = verify(tssContext,
+		    keyHandle,		/* verification public key */
+		    sizeInBytes,	/* hash algorithm mapped to size */
+		    &messageDigest,	/* digest of the message */
+		    &signature);
+    }
+    /* flush the policy session, normally fails */
+    if (policySessionHandle != TPM_RH_NULL) {
+	if (tssUtilsVerbose) printf("INFO: Flush the policy session %08x\n", policySessionHandle);
+	flush(tssContext, policySessionHandle);
+    }
+    /* flush the salt and bind session */
+    if (!pwSession) {
+	if (sessionHandle != TPM_RH_NULL) {
+	    if (tssUtilsVerbose) printf("INFO: Flush the salt session %08x\n", sessionHandle);
+	    flush(tssContext, sessionHandle);
+	}
+    }
+    /* flush the primary key */
+    if (ekKeyHandle != TPM_RH_NULL) {
+	if (tssUtilsVerbose) printf("INFO: Flush the primary key %08x\n", ekKeyHandle);
+	flush(tssContext, ekKeyHandle);
+    }
+    /* flush the signing key */
+    if (keyHandle != TPM_RH_NULL) {
+	if (tssUtilsVerbose) printf("INFO: Flush the signing key %08x\n", keyHandle);
+	flush(tssContext, keyHandle);
+    }
+    {  
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("signapp: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("signapp: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* startSession() starts either a policy or HMAC session.
+
+   If tpmKey is not null, a salted session is used.
+
+   If bind is not null, a bind session is used.
+*/
+
+static TPM_RC startSession(TSS_CONTEXT *tssContext,
+			   TPMI_SH_AUTH_SESSION *sessionHandle,
+			   TPM_SE sessionType,			/* policy or HMAC */
+			   TPMI_DH_OBJECT tpmKey,		/* salt key, can be null */
+			   TPMI_DH_ENTITY bind,			/* bind object, can be null */
+			   const char *bindPassword)		/* bind object password, can be null */
+{
+    TPM_RC			rc = 0;
+    StartAuthSession_In 	startAuthSessionIn;
+    StartAuthSession_Out 	startAuthSessionOut;
+    StartAuthSession_Extra	startAuthSessionExtra;
+     
+    /*	Start an authorization session */
+    if (rc == 0) {
+	startAuthSessionIn.tpmKey = tpmKey;			/* salt key */
+	startAuthSessionIn.bind = bind;				/* bind object */
+	startAuthSessionExtra.bindPassword = bindPassword;	/* bind object password */
+	startAuthSessionIn.sessionType = sessionType;		/* HMAC or policy session */
+	startAuthSessionIn.authHash = TPM_ALG_SHA256;		/* HMAC algorithm */
+	startAuthSessionIn.symmetric.algorithm = TPM_ALG_AES;	/* parameter encryption */
+	startAuthSessionIn.symmetric.keyBits.aes = 128;
+	startAuthSessionIn.symmetric.mode.aes = TPM_ALG_CFB;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&startAuthSessionOut, 
+			 (COMMAND_PARAMETERS *)&startAuthSessionIn,
+			 (EXTRA_PARAMETERS *)&startAuthSessionExtra,
+			 TPM_CC_StartAuthSession,
+			 TPM_RH_NULL, NULL, 0);
+	*sessionHandle = startAuthSessionOut.sessionHandle;
+    }
+    return rc;
+}
+
+static TPM_RC policyRestart(TSS_CONTEXT *tssContext,
+			    TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC			rc = 0;
+    PolicyRestart_In 		policyRestartIn;
+
+    if (rc == 0) {
+    	policyRestartIn.sessionHandle = sessionHandle;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&policyRestartIn,
+			 NULL,
+			 TPM_CC_PolicyRestart,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static TPM_RC policyCommandCode(TSS_CONTEXT *tssContext,
+				TPM_CC	commandCode,
+				TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC			rc = 0;
+    PolicyCommandCode_In 	policyCommandCodeIn;
+
+    if (rc == 0) {
+ 	policyCommandCodeIn.policySession = sessionHandle;
+	policyCommandCodeIn.code = commandCode;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&policyCommandCodeIn,
+			 NULL,
+			 TPM_CC_PolicyCommandCode,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static TPM_RC policyAuthValue(TSS_CONTEXT *tssContext,
+			      TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC		rc = 0;
+    PolicyAuthValue_In 	policyAuthValueIn;
+
+    if (rc == 0) {
+	policyAuthValueIn.policySession = sessionHandle;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&policyAuthValueIn,
+			 NULL,
+			 TPM_CC_PolicyAuthValue,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static TPM_RC policyPassword(TSS_CONTEXT *tssContext,
+			     TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC		rc = 0;
+    PolicyPassword_In 	policyPasswordIn;
+
+    if (rc == 0) {
+ 	policyPasswordIn.policySession = sessionHandle;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&policyPasswordIn,
+			 NULL,
+			 TPM_CC_PolicyPassword,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+/* policySecret() runs policy secret against the session.  It assumes that the secret (the
+   endorsement authorization in this example) is Empty.
+
+*/
+
+static TPM_RC policySecret(TSS_CONTEXT *tssContext,
+			   TPMI_DH_ENTITY authHandle,
+			   TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC			rc = 0;
+    PolicySecret_In 		policySecretIn;
+    PolicySecret_Out 		policySecretOut;
+     
+    if (rc == 0) {
+	policySecretIn.authHandle = authHandle;
+	policySecretIn.policySession = sessionHandle;
+	policySecretIn.nonceTPM.b.size = 0;
+	policySecretIn.cpHashA.b.size = 0;
+	policySecretIn.policyRef.b.size = 0;
+	policySecretIn.expiration = 0;
+    }   
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&policySecretOut, 
+			 (COMMAND_PARAMETERS *)&policySecretIn,
+			 NULL,
+			 TPM_CC_PolicySecret,
+			 TPM_RS_PW, NULL, 0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+/* policyGetDigest() traces the session policy digest for debugging.  It should be the same as the
+   policy in the EK template.
+   
+*/
+
+static TPM_RC policyGetDigest(TSS_CONTEXT *tssContext,
+			      TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC			rc = 0;
+    PolicyGetDigest_In 		policyGetDigestIn;
+    PolicyGetDigest_Out 	policyGetDigestOut;
+     
+    if (rc == 0) {
+	policyGetDigestIn.policySession = sessionHandle;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&policyGetDigestOut, 
+			 (COMMAND_PARAMETERS *)&policyGetDigestIn,
+			 NULL,
+			 TPM_CC_PolicyGetDigest,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (tssUtilsVerbose) TSS_PrintAll("policyGetDigest",
+			      policyGetDigestOut.policyDigest.t.buffer,
+			      policyGetDigestOut.policyDigest.t.size);
+    return rc;
+}
+
+/* createKey() creates a signing key under the EK storage key parentHandle.
+
+   policySessionHandle is a previously satisfied policy session.  continue is SET.
+
+   A command decrypt session is used to transfer the signing key userAuth encrypted.  A response
+   encrypt session is used just as a demo.
+
+*/
+
+static TPM_RC createKey(TSS_CONTEXT *tssContext,
+			TPM2B_PRIVATE *outPrivate,
+			TPM2B_PUBLIC *outPublic,
+			TPMI_SH_AUTH_SESSION policySessionHandle,
+			TPM_HANDLE parentHandle,
+			const char *keyPassword,
+			int pwSession)
+{
+    TPM_RC	rc = 0;
+    Create_In 	createIn;
+    Create_Out 	createOut;
+    int 	attributes;
+    /* hard code the policy since this test is also used for the no file support case */
+    const uint8_t policy[] = {0x7e, 0xa1, 0x0d, 0xe0, 0x05, 0xfc, 0xb2, 0x1d,
+			      0x44, 0xf2, 0x4b, 0xc8, 0xf7, 0x4c, 0x28, 0xa8,
+			      0xb9, 0xed, 0xf1, 0x4b, 0x1c, 0x53, 0xea, 0x4c,
+			      0xcf, 0x3c, 0x5a, 0x4c, 0xe3, 0x8c, 0x75, 0x6e};
+    if (rc == 0) {
+	createIn.parentHandle = parentHandle;
+	rc = TSS_TPM2B_StringCopy(&createIn.inSensitive.sensitive.userAuth.b,
+				  keyPassword,
+				  sizeof(createIn.inSensitive.sensitive.userAuth.t.buffer));
+    }
+    /* policy command code sign + policy authvalue or policy password */
+    if (rc == 0) {
+	memcpy(&createIn.inPublic.publicArea.authPolicy.b.buffer, policy, sizeof(policy));
+	createIn.inPublic.publicArea.authPolicy.b.size = sizeof(policy);
+    }
+    if (rc == 0) {
+	createIn.inSensitive.sensitive.data.t.size = 0;
+	createIn.inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
+	createIn.inPublic.publicArea.type = TPM_ALG_RSA;	/* for the RSA template */
+	createIn.inPublic.publicArea.objectAttributes.val = 0;
+	createIn.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_NODA;
+	createIn.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+	createIn.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
+	createIn.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY;
+	createIn.inPublic.publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN;
+	createIn.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_DECRYPT;
+	createIn.inPublic.publicArea.objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED;
+	createIn.inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
+	createIn.inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
+	createIn.inPublic.publicArea.parameters.rsaDetail.keyBits = 2048;
+	createIn.inPublic.publicArea.parameters.rsaDetail.exponent = 0;
+	createIn.inPublic.publicArea.unique.rsa.t.size = 0;
+	createIn.outsideInfo.t.size = 0;
+	createIn.creationPCR.count = 0;
+	if (pwSession) {
+	    attributes = TPMA_SESSION_CONTINUESESSION;
+	}
+	else {
+	    attributes = TPMA_SESSION_ENCRYPT | TPMA_SESSION_DECRYPT | TPMA_SESSION_CONTINUESESSION;
+	}
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&createOut,
+			 (COMMAND_PARAMETERS *)&createIn,
+			 NULL,
+			 TPM_CC_Create,
+			 policySessionHandle, NULL, attributes, 
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	*outPrivate = createOut.outPrivate;
+	*outPublic = createOut.outPublic;
+    }
+    return rc;
+}
+
+/* loadKey() loads the signing key under the EK storage key parentHandle.
+
+   policySessionHandle is a previously satisfied policy session.  continue is SET.
+
+   A command decrypt and response encrypt session is used just as a demo.
+*/
+
+static TPM_RC loadKey(TSS_CONTEXT *tssContext,
+		      TPM_HANDLE *keyHandle,
+		      TPM_HANDLE parentHandle,
+		      TPMI_SH_AUTH_SESSION policySessionHandle,
+		      TPM2B_PRIVATE *outPrivate,
+		      TPM2B_PUBLIC *outPublic,
+		      int pwSession)
+{
+    TPM_RC	rc = 0;
+    Load_In 	loadIn;
+    Load_Out 	loadOut;
+    int 	attributes;
+
+    if (rc == 0) {
+	loadIn.parentHandle = parentHandle;
+	loadIn.inPrivate = *outPrivate;
+	loadIn.inPublic = *outPublic;
+	if (pwSession) {
+	    attributes = TPMA_SESSION_CONTINUESESSION;
+	}
+	else {
+	    attributes = TPMA_SESSION_DECRYPT | TPMA_SESSION_CONTINUESESSION;
+	}
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&loadOut,
+			 (COMMAND_PARAMETERS *)&loadIn,
+			 NULL,
+			 TPM_CC_Load,
+			 policySessionHandle, NULL, attributes,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	*keyHandle = loadOut.objectHandle;
+    }
+    return rc;
+}
+
+/* sign() signs messageDigest with the signing key keyHandle.
+
+   sessionHandle is a salt and bind session. continue is SET.
+
+   Note that the signing key password is not supplied here.  It is supplied when the bind session is
+   created.
+
+*/
+
+static TPM_RC sign(TSS_CONTEXT *tssContext,
+		   TPMT_SIGNATURE *signature,
+		   TPM_HANDLE keyHandle,
+		   TPMI_SH_AUTH_SESSION sessionHandle,
+		   uint32_t sizeInBytes,	/* hash algorithm mapped to size */
+		   TPMT_HA *messageDigest)	/* digest of the message */
+{
+    TPM_RC			rc = 0;
+    Sign_In 			signIn;
+    Sign_Out 			signOut;
+    const char 			*pwd;
+    TPM_HT 			handleType = (TPM_HT) ((sessionHandle & HR_RANGE_MASK) >> HR_SHIFT);
+
+    if (rc == 0) {
+	signIn.keyHandle = keyHandle;
+	signIn.digest.t.size = sizeInBytes;
+	memcpy(&signIn.digest.t.buffer, (uint8_t *)&messageDigest->digest, sizeInBytes);
+	signIn.inScheme.scheme = TPM_ALG_RSASSA;
+	signIn.inScheme.details.rsassa.hashAlg = TPM_ALG_SHA256;
+	signIn.validation.tag = TPM_ST_HASHCHECK;	/* optional, to make a ticket */
+	signIn.validation.hierarchy = TPM_RH_NULL;
+	signIn.validation.digest.t.size = 0;
+	/* password session */
+	if (sessionHandle == TPM_RS_PW) {
+	    pwd = KEYPWD;
+	}
+	/* policy session is policy password or policy authvalue */
+	else if (handleType == TPM_HT_POLICY_SESSION) {
+	    pwd = KEYPWD;
+	}
+	/* HMAC session - bound (password ignored) */
+	else {
+	    pwd = NULL;
+	}
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&signOut,
+			 (COMMAND_PARAMETERS *)&signIn,
+			 NULL,
+			 TPM_CC_Sign,
+			 /* bind, observe that no password is required here */
+			 sessionHandle, pwd, TPMA_SESSION_CONTINUESESSION,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	*signature = signOut.signature;
+    }
+    return rc;
+}
+
+/* verify() verifies the signature against the message digest using the previously loaded key in
+   keyHandle.
+
+ */
+
+static TPM_RC verify(TSS_CONTEXT *tssContext,
+		     TPM_HANDLE keyHandle,
+		     uint32_t sizeInBytes,	/* hash algorithm mapped to size */
+		     TPMT_HA *messageDigest,	/* digest of the message */
+		     TPMT_SIGNATURE *signature)
+{
+    TPM_RC			rc = 0;
+    VerifySignature_In 		verifySignatureIn;
+    VerifySignature_Out 	verifySignatureOut;
+
+    if (rc == 0) {
+	verifySignatureIn.keyHandle = keyHandle;
+	verifySignatureIn.digest.t.size = sizeInBytes;
+	memcpy(&verifySignatureIn.digest.t.buffer, (uint8_t *)&messageDigest->digest, sizeInBytes);
+	verifySignatureIn.signature = *signature;
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&verifySignatureOut,
+			 (COMMAND_PARAMETERS *)&verifySignatureIn,
+			 NULL,
+			 TPM_CC_VerifySignature,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+/* flush() flushes some handle, either a session or the signing key in this demo.
+
+ */
+
+static TPM_RC flush(TSS_CONTEXT *tssContext,
+		    TPMI_DH_CONTEXT flushHandle)
+{
+    TPM_RC			rc = 0;
+    FlushContext_In 		in;
+
+    if (rc == 0) {
+	in.flushHandle = flushHandle;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_FlushContext,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("signapp\n");
+    printf("\n");
+    printf("Runs a TPM2_Sign application, including creating a primary storage key\n");
+    printf("and creating and loading a signing key\n");
+    printf("\n");
+    printf("\t-ic\tinput message to hash and sign\n");
+    printf("\n");
+    printf("\t[-pwsess\tUse a password session, no HMAC or parameter encryption]\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils/startauthsession.c b/utils/startauthsession.c
new file mode 100644
index 000000000..d47c731cc
--- /dev/null
+++ b/utils/startauthsession.c
@@ -0,0 +1,301 @@
+/********************************************************************************/
+/*										*/
+/*			    StartAuthSession	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    StartAuthSession_In 	in;
+    StartAuthSession_Out 	out;
+    StartAuthSession_Extra	extra;
+    TPMI_DH_OBJECT		tpmKey = TPM_RH_NULL;		/* salt key */
+    TPMI_DH_ENTITY		bindHandle = TPM_RH_NULL;	/* default */
+    const char 			*bindPassword = NULL;
+    char 			seChar = 0;			/* session type */
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;		/* default */
+    TPMI_ALG_SYM		algorithm = TPM_ALG_XOR;	/* default symmetric algorithm */
+    const char			*nonceTPMFilename = NULL;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-se") == 0) {
+	    i++;
+	    if (i < argc) {
+		seChar = argv[i][0];
+	    }
+	    else {
+		printf("Missing parameter for -se\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-hs") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i], "%x", &tpmKey);
+	    }
+	    else {
+		printf("Bad parameter %s for -hs\n", argv[i]);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-bi") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i], "%x", &bindHandle);
+	    }
+	    else {
+		printf("Bad parameter %s for -bi\n", argv[i]);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sym") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"xor") == 0) {
+		    algorithm = TPM_ALG_XOR;
+		}
+		else if (strcmp(argv[i],"aes") == 0) {
+		    algorithm = TPM_ALG_AES;
+		}
+		else {
+		    printf("Bad parameter %s for -sym\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -sym\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-on") == 0) {
+	    i++;
+	    if (i < argc) {
+		nonceTPMFilename = argv[i];
+	    }
+	    else {
+		printf("-on option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdb") == 0) {
+	    i++;
+	    if (i < argc) {
+		bindPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdb option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((bindHandle == TPM_RH_NULL) && (bindPassword != NULL)) {
+	printf("-pwdb (bind password) unused without -bi (bind handle)\n");
+	printUsage();
+    }
+    /* sessionType */
+    switch (seChar) {
+      case 'h':
+	in.sessionType = TPM_SE_HMAC;
+	break;
+      case 'p':
+	in.sessionType = TPM_SE_POLICY;
+	break;
+      case 't':
+	in.sessionType = TPM_SE_TRIAL;
+	break;
+      default:
+	printf("Missing or illegal parameter for -se\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	/* salt key */
+	in.tpmKey = tpmKey;
+	/* encryptedSalt (not required) */
+	in.encryptedSalt.b.size = 0;
+	/* bind handle */
+	in.bind = bindHandle;
+	/* nonceCaller (not required) */
+	in.nonceCaller.t.size = 0;
+	/* for parameter encryption */
+	in.symmetric.algorithm = algorithm;
+	/* authHash */
+	in.authHash = halg;
+    }
+    /* symmetric */
+    /* Table 128 - Definition of TPMT_SYM_DEF Structure */
+    if (rc == 0) {	/* XOR */
+	if (in.symmetric.algorithm == TPM_ALG_XOR) {
+	    /* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */
+	    /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */
+	    in.symmetric.keyBits.xorr = halg;
+	    /* Table 126 - Definition of TPMU_SYM_MODE Union */
+	    in.symmetric.mode.sym = TPM_ALG_NULL;		/* none for xor */
+	}
+	else {		/* AES */
+	    /* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */
+	    /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */
+	    in.symmetric.keyBits.aes = 128;
+	    /* Table 126 - Definition of TPMU_SYM_MODE Union */
+	    /* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */
+	    in.symmetric.mode.aes = TPM_ALG_CFB;
+	}
+    }
+    /* pass the bind password to the TSS post processor for the session key calculation */
+    if (rc == 0) {
+	extra.bindPassword = bindPassword;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 (EXTRA_PARAMETERS *)&extra,
+			 TPM_CC_StartAuthSession,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* optionally store the nonceTPM for use in policy commands */
+    if ((rc == 0) && (nonceTPMFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile((uint8_t *)&out.nonceTPM.t.buffer,
+				      out.nonceTPM.t.size,
+				      nonceTPMFilename); 
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.sessionHandle);
+	if (tssUtilsVerbose) printf("startauthsession: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("startauthsession: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("startauthsession\n");
+    printf("\n");
+    printf("Runs TPM2_StartAuthSession\n");
+    printf("\n");
+    printf("\t-se\n");
+    printf("\n");
+    printf("\t\th  HMAC session\n");
+    printf("\t\tp  Policy session\n");
+    printf("\t\tt  Trial policy session\n");
+    printf("\n");
+    printf("\t[-halg\t(sha1, sha256, sha384, sha512) (default sha256)]\n");
+    printf("\t[-hs\tsalt handle (default TPM_RH_NULL)]\n");
+    printf("\t[-bi\tbind handle (default TPM_RH_NULL)]\n");
+    printf("\t[-pwdb\tbind password for bind handle (default empty)]\n");
+    printf("\t[-sym\t(xor, aes) symmetric parameter encryption algorithm (default xor)]\n");
+    printf("\t[-on\tnonceTPM file for policy session (default do not save)]\n");
+    exit(1);	
+}
diff --git a/utils/startup.c b/utils/startup.c
new file mode 100644
index 000000000..fe08ed220
--- /dev/null
+++ b/utils/startup.c
@@ -0,0 +1,191 @@
+/********************************************************************************/
+/*										*/
+/*			    Startup		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+TPM_RC selftestCommand(void);
+TPM_RC startupCommand(TPM_SU startupType);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 		rc = 0;
+    int			i;				/* argc iterator */
+    int                 doStartup = TRUE;		/* default startup */
+    int                 doSelftest = FALSE;		/* default no self test */
+    TPM_SU		startupType = TPM_SU_CLEAR;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-c") == 0) {
+	    startupType = TPM_SU_CLEAR;
+	    doStartup = TRUE;
+	}
+	else if (strcmp(argv[i],"-s") == 0) {
+	    doStartup = TRUE;
+	    startupType = TPM_SU_STATE;
+	}
+	else if (strcmp(argv[i],"-st") == 0) {
+	    doSelftest = TRUE;
+	}
+	else if (strcmp(argv[i],"-sto") == 0) {
+	    doStartup = FALSE;
+	    doSelftest = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((rc == 0) && doStartup) {
+	rc = startupCommand(startupType);
+    }
+    if ((rc == 0) && doSelftest ) {
+	rc = selftestCommand();
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startup: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("startup: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+TPM_RC startupCommand(TPM_SU startupType)
+{
+    TPM_RC 		rc = 0;
+    TSS_CONTEXT		*tssContext = NULL;
+    Startup_In 		in;
+
+    /*
+      Start a TSS context
+    */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	in.startupType = startupType;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Startup,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    return rc;
+}
+
+TPM_RC selftestCommand(void)
+{
+    TPM_RC 		rc = 0;
+    TSS_CONTEXT		*tssContext = NULL;
+    SelfTest_In 	in;
+
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	in.fullTest = YES;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_SelfTest,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    /* Delete the TSS context */
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("selftest: success\n");
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("startup\n");
+    printf("\n");
+    printf("Runs TPM2_Startup\n");
+    printf("\n");
+    printf("\t[-c\tstartup clear (default)]\n");
+    printf("\t[-s\tstartup state]\n");
+    printf("\t[-st\trun TPM2_SelfTest]\n");
+    printf("\t[-sto\trun only TPM2_SelfTest (no startup)]\n");
+    exit(1);	
+}
+
diff --git a/utils/stirrandom.c b/utils/stirrandom.c
new file mode 100644
index 000000000..180eca189
--- /dev/null
+++ b/utils/stirrandom.c
@@ -0,0 +1,161 @@
+/********************************************************************************/
+/*										*/
+/*			   StirRandom						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    StirRandom_In 		in;
+    const char			*inputFilename = NULL;
+    
+    uint8_t			*buffer = NULL;		/* for the free */
+    size_t 			length = 0;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inputFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (inputFilename == NULL) {
+	printf("Missing private key parameter -if\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     inputFilename);
+    }
+    if (rc == 0) {
+	if (length > sizeof(in.inData.t.buffer)) {
+	    printf("Input data too long %u\n", (uint32_t)length);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	in.inData.t.size =  (uint16_t)length;	/* cast safe, range tested above */
+	memcpy(in.inData.t.buffer, buffer, length);
+    }
+    free(buffer);	/* @1 */
+    buffer = NULL;
+    
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_StirRandom,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("stirrandom: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("stirrandom: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("stirrandom\n");
+    printf("\n");
+    printf("Runs TPM2_StirRandom\n");
+    printf("\n");
+    printf("\t-if\tinput file name\n");
+    exit(1);	
+}
diff --git a/utils/timepacket.c b/utils/timepacket.c
new file mode 100644
index 000000000..a105d555f
--- /dev/null
+++ b/utils/timepacket.c
@@ -0,0 +1,210 @@
+/********************************************************************************/
+/*										*/
+/*			   Time a TPM Command					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <time.h>
+
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#include <windows.h>
+#endif
+
+#ifdef TPM_POSIX
+#include <unistd.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tsstransmit.h>
+#include <ibmtss/tssfile.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscrypto.h>
+
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    	/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    const char			*commandFilename = NULL;
+    unsigned char 		*commandBufferString = NULL;
+    unsigned char 		*commandBuffer = NULL;
+    size_t 			commandStringLength;
+    size_t 			commandLength;
+    unsigned int 		loops = 1;
+    unsigned int 		count;
+    uint8_t 			responseBuffer[MAX_RESPONSE_SIZE];
+    uint32_t 			responseLength;
+    time_t 			startTime;
+    time_t			endTime;
+    double 			timeDiff = 0;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		commandFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-l") == 0) {
+	    i++;
+	    if (i < argc) {
+		loops = atoi(argv[i]);
+	    }
+	    else {
+		printf("-l option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (commandFilename == NULL) {
+	printf("Missing parameter -if\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&commandBufferString,	/* freed @2 */
+				     &commandStringLength, commandFilename);
+    }
+    if (rc == 0) {
+	if (commandBufferString[commandStringLength-1] != ' ') {
+	    printf("packet string does not end in a space\n");
+	}
+	else {
+	    /* nul terminate the string */
+	    commandBufferString[commandStringLength-1] = '\0';
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Scan(&commandBuffer,		/* freed @1 */
+			    &commandLength, (char *)commandBufferString);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    for (count = 0 ; (rc == 0) && (count < loops) ; count++) {
+	uint32_t usec;
+	if (rc == 0) {
+	    rc = TSS_RandBytes((unsigned char *)&usec, sizeof(uint32_t));
+	}
+	if (rc == 0) {
+	    usec %= 1000000;
+#ifdef TPM_POSIX
+	    usleep(usec);	/* usleep() units are usec */
+#endif
+#ifdef TPM_WINDOWS
+	    Sleep(usec/1000);	/* Sleep units are msec */
+#endif
+	    startTime = time(NULL);
+	    rc = TSS_Transmit(tssContext,
+			      responseBuffer, &responseLength,
+			      commandBuffer, commandLength,
+			      NULL);
+	    endTime = time(NULL);
+	    printf("End Pass %u\n", count +1);
+	    timeDiff += difftime(endTime, startTime);
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Loops %u time %f time per pass %f\n", loops, timeDiff, timeDiff/loops);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("timepacket: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("timepacket: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(commandBufferString);		/* @2 */
+    free(commandBuffer);		/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("timepacket\n");
+    printf("\n");
+    printf("Times the supplied packet\n");
+    printf("\n");
+    printf("\t-if\tpacket in hexascii (requires one space at end of packet)\n");
+    printf("\t[-l\tnumber of loops to time (default 1)]\n");
+    exit(1);	
+}
diff --git a/utils/tpm2pem.c b/utils/tpm2pem.c
new file mode 100644
index 000000000..e01de3a22
--- /dev/null
+++ b/utils/tpm2pem.c
@@ -0,0 +1,150 @@
+/********************************************************************************/
+/*										*/
+/*		    TPM public key TPM2B_PUBLIC to PEM 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* Converts a TPM public key TPM2B_PUBLIC to PEM */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    const char			*publicKeyFilename = NULL;
+    const char			*pemFilename = NULL;
+    TPM2B_PUBLIC 		public;
+
+    tssUtilsVerbose = FALSE;
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-opem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemFilename = argv[i];
+	    }
+	    else {
+		printf("-opem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (publicKeyFilename == NULL) {
+	printf("Missing private key parameter -ipu\n");
+	printUsage();
+    }
+    if (pemFilename == NULL) {
+	printf("Missing PEM file name parameter -opem\n");
+	printUsage();
+    }
+    /* read the TPM public key to a structure */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructureFlag(&public,
+					(UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					TRUE,			/* NULL permitted */
+					publicKeyFilename);
+    }
+    /* convert to PEM format and write file */
+    if (rc == 0) {
+	rc = convertPublicToPEM(&public, pemFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("tpm2pem: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("tpm2pem: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("tpm2pem\n");
+    printf("\n");
+    printf("Converts an RSA or EC TPM2B_PUBLIC to PEM\n");
+    printf("\n");
+    printf("\t-ipu\tpublic key input file in TPM format\n");
+    printf("\t-opem\tpublic key output file in PEM format\n");
+    exit(1);	
+}
diff --git a/utils/tpmcmd.c b/utils/tpmcmd.c
new file mode 100644
index 000000000..d601e7c2c
--- /dev/null
+++ b/utils/tpmcmd.c
@@ -0,0 +1,131 @@
+/********************************************************************************/
+/*										*/
+/*			    Simulator In Band Commands 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* FIXME should really be in tpmtcpprotocol.h */
+#ifdef TPM_WINDOWS
+#include <winsock2.h>		/* for simulator startup */
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsstransmit.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 		rc = 0;
+    int			i;				/* argc iterator */
+    TSS_CONTEXT		*tssContext = NULL;
+    uint32_t 		command = 0;
+    const char 		*message = "";
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-stop") == 0) {
+	    command = TPM_STOP;
+	    message = "TPM Stop";
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (command == 0) {
+	printf("Missing command specifier\n");
+	printUsage();
+    }
+    /*
+      Start a TSS context
+    */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* Send in band command */
+    if (rc == 0) {
+	rc = TSS_TransmitCommand(tssContext, command, message);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("tpmcmd: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("tpmcmd: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("tpmcmd\n");
+    printf("\n");
+    printf("Sends an in-band TPM simulator signal\n");
+    printf("\n");
+    printf("\t-stop\tStop the TPM simulator\n");
+    exit(1);	
+}
+
diff --git a/utils/tpmproxy.c b/utils/tpmproxy.c
new file mode 100644
index 000000000..740c926fa
--- /dev/null
+++ b/utils/tpmproxy.c
@@ -0,0 +1,972 @@
+/********************************************************************************/
+/*										*/
+/*			    Windows 10 TPM Proxy	 			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2006 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+
+/*
+  Use this proxy when using the TSS command line utilities on Windows.  It keeps the connection to
+  the Windows TPM device driver open.  This prevents its resource manager from flushing resources
+  after each utiity exits.
+
+  The server type (mssim or raw) should agree with the TSS configuration.  mssim wrapes the packets
+  in the MS simulator bytes.  raw does not.
+
+  The proxy is unnecessary when using a compiled application.
+
+  Link with:
+  
+  tbs.lib
+  ws2_32.lib 
+*/
+
+#include <limits.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+#include <time.h>
+
+#include <windows.h>
+#include <specstrings.h>
+
+#include <tbs.h>
+
+#define LOAD32(buffer,offset)         ( ntohl(*(uint32_t *)&(buffer)[(offset)]) )
+
+#ifndef SSIZE_MAX
+#define SSIZE_MAX INT_MAX
+#endif
+
+/* standard TCG definitions */
+
+typedef unsigned long 	TSS_RESULT;
+typedef unsigned char 	BYTE;
+typedef unsigned short 	TPM_TAG;
+
+/* local constants */
+
+#define ERROR_CODE	-1
+#define DEFAULT_PORT 	2321
+#define PACKET_SIZE	4096
+#define TRACE_SIZE	(PACKET_SIZE * 4)
+
+#define SERVER_TYPE_MSSIM	0
+#define SERVER_TYPE_RAW		1
+#define TPM_SEND_COMMAND        8	/* simulator command preamble */
+
+/* local prototypes */
+
+void printUsage(void);
+long getArgs(short *port,
+	     int *verbose,
+	     char **logFileName,
+	     int argc,
+	     char **argv);
+void logAll(const char *message, unsigned long length, const unsigned char* buff);
+
+TSS_RESULT socketInit(SOCKET *sock_fd, short port);
+TSS_RESULT socketConnect(SOCKET *accept_fd,
+			 SOCKET sock_fd,
+			 short port);
+TSS_RESULT socketRead(SOCKET accept_fd,
+		      char *buffer,
+		      uint32_t *bufferLength,
+		      size_t bufferSize);
+TSS_RESULT socketReadBytes(SOCKET accept_fd,
+			   char *buffer,
+			   size_t nbytes);
+TSS_RESULT socketWrite(SOCKET accept_fd,
+		       const char *buffer,
+		       size_t buffer_length);
+TSS_RESULT socketDisconnect(SOCKET accept_fd);
+
+void TPM_HandleWsaStartupError(const char *prefix,
+			       int irc);
+void TPM_HandleWsaError(const char *prefix);
+void TPM_GetWsaStartupError(int status,
+			    const char **error_string);
+void TPM_GetWsaError(const char **error_string);
+
+void TPM_GetTBSError(const char *prefix,
+		     TBS_RESULT rc);
+void CheckTPMError(const char *prefix,
+		     unsigned char *response);
+
+/* global variable for trace logging */
+
+int 	verbose;		/* verbose debug tracing */
+char 	*logFilename;		/* trace log file name */
+char	logMsg[TRACE_SIZE];	/* since it's big, put it here rather than on the stack */
+
+/* global socket server format type */
+
+int serverType = SERVER_TYPE_MSSIM;	/* default MS simulator format */
+
+#define false 0
+#define true 1
+
+int main(int argc, char** argv)
+{
+    TBS_RESULT 		rc = 0;
+    TBS_RESULT 		rc1 = 0;
+    time_t 		start_time;
+    int 		contextOpened = false;
+    SOCKET 		sock_fd;		/* server socket */
+    SOCKET 		accept_fd;    		/* server accept socket for a packet */
+    int 		socketOpened = FALSE;
+
+    TBS_HCONTEXT 	hContext = 0;
+    TBS_CONTEXT_PARAMS2 contextParams;
+
+    /* TPM command and response */
+    BYTE command[PACKET_SIZE]; 
+    uint32_t commandLength;
+    BYTE response[PACKET_SIZE];
+    uint32_t responseLength;
+		      
+    /* command line arguments */
+    short port;			/* TCPIP server port */
+
+    /* command line argument defaults */
+    port = DEFAULT_PORT;
+    logFilename = NULL;
+    verbose = FALSE;
+
+    /* initialization */
+    setvbuf(stdout, 0, _IONBF, 0);	/* output may be going through pipe */
+    start_time = time(NULL);
+    
+    /* get command line arguments */
+    if (rc == 0) {
+	rc = getArgs(&port, &verbose, &logFilename,
+		     argc, argv);
+    }
+    /* open HW TPM device driver */
+    if (rc == 0) {
+	if (verbose) printf("tpmproxy: start at %s", ctime(&start_time));
+	if (verbose) printf("tpmproxy: server type %s\n",
+			    (serverType == SERVER_TYPE_MSSIM) ? "MS simulator" : "raw");
+	contextParams.version = TBS_CONTEXT_VERSION_TWO;
+	contextParams.includeTpm12 = 0;
+	contextParams.includeTpm20 = 1;
+	rc = Tbsi_Context_Create((TBS_CONTEXT_PARAMS *)&contextParams,
+				 &hContext);
+
+	if (verbose) printf("tpmproxy: Tbsi_Context_Create rc %08x\n", rc);
+	if (rc == 0) {
+	    contextOpened = true;
+	}
+	else {
+	    TPM_GetTBSError("Tbsi_Context_Create ", rc);
+	}
+    }
+    /* open / initialize server socket */
+    if (rc == 0) {
+	if (verbose) printf("Opening socket at port %hu\n", port);
+	rc = socketInit(&sock_fd, port);
+	if (rc != 0) {
+	    printf("tpmproxy: socket open failed\n");
+	}
+	else {
+	    socketOpened = TRUE;
+	}
+    }
+    /* main loop */
+    while (rc == 0) {
+	/* connect to the client application */
+	if (rc == 0) {
+	    if (verbose) printf("Connecting on socket %hu\n", port);
+	    rc = socketConnect(&accept_fd, sock_fd, port);
+	}
+	/* read a command from client */
+	if (rc == 0) {
+	    rc = socketRead(accept_fd,
+			    (char *)command,	/* windows wants signed */
+			    &commandLength,
+			    sizeof(command));
+	    logAll("Command", commandLength, command);
+	}
+	/* send command to TPM and receive response */
+	if (rc == 0) {
+	    responseLength = sizeof(response);
+	    rc = Tbsip_Submit_Command(hContext,
+				      TBS_COMMAND_LOCALITY_ZERO,
+				      TBS_COMMAND_PRIORITY_NORMAL,
+				      command,
+				      commandLength,
+				      response,
+				      &responseLength);
+	    if (rc != 0) {
+		TPM_GetTBSError("Tbsi_Context_Create ", rc);
+	    }
+	}
+	/* send response to client */
+	if (rc == 0) {
+	    logAll("Response", responseLength, response);
+	    rc = socketWrite(accept_fd,
+			     (char *)response,	/* windows wants signed char */
+			     responseLength);
+	}
+	/* disconnect from client */
+	if (rc == 0) {
+	    rc = socketDisconnect(accept_fd);
+	}
+    }
+    /* close socket */
+    if (socketOpened) {
+	socketDisconnect(sock_fd);
+    }
+    /* close TPM */
+    if (contextOpened) {
+	rc1 = Tbsip_Context_Close(hContext);
+	if (verbose) printf("tpmproxy:Tbsip_Context_Close rc1 %08x\n", rc1);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (verbose) printf("tpmproxy: exit rc %08x\n", rc);
+    return rc;
+}
+
+/*
+  All the socket code is basically a cut and paste from the TPM 1.2 tpm_io.c
+*/
+
+TSS_RESULT socketInit(SOCKET *sock_fd, short port)
+{
+    TSS_RESULT   	rc = 0;
+    int			irc;
+    struct sockaddr_in 	serv_addr;
+    int 		opt;
+    WSADATA 		wsaData;
+
+    /* initiate use of the Windows Sockets DLL 2.0 */
+    if (rc == 0) {
+	if ((irc = WSAStartup(0x202,&wsaData)) != 0) {		/* if not successful */
+	    printf("socketInit: Error, WSAStartup()\n");
+	    TPM_HandleWsaStartupError("socketInit:", irc);
+	    rc = ERROR_CODE;
+	}
+    }
+    /* create a tcpip protocol socket */
+    if (rc == 0) {
+	/* if (verbose) printf(" socketInit: Port %hu\n", port); */
+	*sock_fd = socket(AF_INET, SOCK_STREAM, 0);	/* tcpip socket */
+	if (*sock_fd == INVALID_SOCKET) {
+	    printf("socketInit: Error, server socket()\n");
+	    TPM_HandleWsaError("socketInit:");
+	    rc = ERROR_CODE;
+	}
+    }
+    if (rc == 0) {
+	memset(&serv_addr, 0, sizeof(serv_addr));
+	serv_addr.sin_family = AF_INET;			/* Internet socket */
+	serv_addr.sin_port = htons(port);		/* host to network byte order for short */
+	serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);	/* host to network byte order for long */
+	opt = 1;
+	/* Set SO_REUSEADDR before calling bind() for servers that bind to a fixed port number. */
+	/* For boolean values, opt must be an int, but the setsockopt prototype is IMHO wrong.
+	   It should take void *, but uses char *.  Hence the type cast. */       
+	irc = setsockopt(*sock_fd, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt));
+	if (irc == SOCKET_ERROR) {
+	    printf("socketInit: Error, server setsockopt()\n");
+	    TPM_HandleWsaError("socketInit:");
+	    closesocket(*sock_fd);
+	    rc = ERROR_CODE;
+	}
+    }
+    /* bind the (local) server port name to the socket */
+    if (rc == 0) {
+	irc = bind(*sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
+	if (irc == SOCKET_ERROR) {
+	    printf("socketInit: Error, server bind()\n");
+	    printf("socketInit: Is SW TPM listening on this port?\n");
+	    TPM_HandleWsaError("socketInit:");
+	    closesocket(*sock_fd);
+	    rc = ERROR_CODE;
+	}
+    }
+    /* listen for a connection to the socket */
+    if (rc == 0) {
+	irc = listen(*sock_fd, SOMAXCONN);
+	if (irc == SOCKET_ERROR) {
+	    printf("socketInit: Error, server listen()\n");
+	    TPM_HandleWsaError("socketInit:");
+	    closesocket(*sock_fd);
+	    rc = ERROR_CODE;
+	}
+    }
+    if (rc != 0) {
+	WSACleanup();
+    }
+    return rc;
+}
+
+TSS_RESULT socketConnect(SOCKET *accept_fd,
+			 SOCKET sock_fd,
+			 short port)
+{
+    TSS_RESULT		rc = 0;
+    int			cli_len;
+    struct sockaddr_in 	cli_addr;		/* Internet version of sockaddr */
+    
+    /* accept a connection */
+    if (rc == 0) {
+	cli_len = sizeof(cli_addr);
+	/* block until connection from client */
+	/* printf(" socketConnect: Waiting for connection on port %hu ...\n", port); */
+	*accept_fd = accept(sock_fd, (struct sockaddr *)&cli_addr, &cli_len);
+	if (*accept_fd == SOCKET_ERROR) { 
+	    printf("socketConnect: Error, accept()\n");
+	    TPM_HandleWsaError("socketConnect: ");
+	    closesocket(sock_fd);
+	    WSACleanup();
+	    rc = ERROR_CODE;
+	}
+    }
+    return rc;
+}
+
+/* socketRead() reads a TPM command packet from the host
+
+   Puts the result in 'buffer' up to 'bufferSize' bytes.
+
+   On success, the number of bytes in the buffer is equal to 'bufferLength' bytes
+
+   This function is intended to be platform independent.
+*/
+
+TSS_RESULT socketRead(SOCKET accept_fd,		/* read/write file descriptor */
+		      char *buffer,		/* output: command stream */
+		      uint32_t *bufferLength,	/* output: command stream length */
+		      size_t bufferSize)	/* input: max size of output buffer */
+{	
+    TSS_RESULT		rc = 0;
+    uint32_t		headerSize;	/* minimum required bytes in command through paramSize */
+    uint32_t		paramSize;	/* from command stream */
+    uint32_t		commandTypeNbo;	/* MS simulator format preamble */ 	
+    uint32_t		commandType;	/* MS simulator format preamble */ 	
+    uint8_t 		locality;	/* MS simulator format preamble */ 
+    uint32_t 		lengthNbo;	/* MS simulator format preamble */ 
+    
+    /* if the MS simulator packet format */
+    if (serverType == SERVER_TYPE_MSSIM) {
+	/* read and check the command */
+	if (rc == 0) {
+	    rc = socketReadBytes(accept_fd, (char *)&commandTypeNbo, sizeof(uint32_t));
+	}
+	if (rc == 0) {
+	    commandType = LOAD32(&commandTypeNbo, 0);
+	    if (commandType != TPM_SEND_COMMAND) {
+		printf("socketRead: Error, -mssim preamble is %08x not %08x\n",
+		       commandType,TPM_SEND_COMMAND); 
+		rc = ERROR_CODE;
+	    }
+	}
+	/* read and discard the locality */
+	if (rc == 0) {
+	    rc = socketReadBytes(accept_fd, &locality, sizeof(uint8_t));
+	}
+	/* read and discard the redundant length */
+	if (rc == 0) {
+	    rc = socketReadBytes(accept_fd, (char *)&lengthNbo, sizeof(uint32_t));
+	}
+    }
+    /* check that the buffer can at least fit the command through the paramSize */
+    if (rc == 0) {
+	headerSize = sizeof(TPM_TAG) + sizeof(uint32_t);	
+	if (bufferSize < headerSize) {
+	    printf("socketRead: Error, buffer size %u less than minimum %u\n",
+		   bufferSize, headerSize);
+	    rc = ERROR_CODE;
+	}
+    }
+    /* read the command through the paramSize from the socket stream */
+    if (rc == 0) {
+	rc = socketReadBytes(accept_fd, buffer, headerSize);
+    }
+    if (rc == 0) {
+	/* extract the paramSize value, last field in header */
+	paramSize = LOAD32(buffer, headerSize - sizeof(uint32_t));
+	*bufferLength = headerSize + paramSize - (sizeof(TPM_TAG) + sizeof(uint32_t));
+	if (bufferSize < *bufferLength) {
+	    printf("socketRead: Error, buffer size %u is less than required %u\n",
+		   bufferSize, *bufferLength);
+	    rc = ERROR_CODE;
+	}
+    }
+    /* read the rest of the command (already read tag and paramSize) */
+    if (rc == 0) {
+	rc = socketReadBytes(accept_fd,
+			     buffer + headerSize,
+			     paramSize - (sizeof(TPM_TAG) + sizeof(uint32_t)));
+    }
+    return rc;
+}
+
+/* socketReadBytes() reads nbytes from accept_fd and puts them in buffer.
+
+   The buffer has already been checked for sufficient size.
+*/
+
+TSS_RESULT socketReadBytes(SOCKET accept_fd,	/* read/write file descriptor */
+			   char *buffer,
+			   size_t nbytes)
+{
+    TSS_RESULT rc = 0;
+    int nread = 0;
+    size_t nleft = nbytes;
+
+    /* read() is unspecified with nbytes too large */
+    if (rc == 0) {
+	if (nleft > SSIZE_MAX) {
+	    rc = ERROR_CODE;
+	}
+    }
+    while ((rc == 0) && (nleft > 0)) {
+	nread = recv(accept_fd, buffer, nleft, 0);
+	if ((nread == SOCKET_ERROR) ||
+	    (nread < 0)) {       		/* error */
+	    printf("socketReadBytes: Error, read() error\n");
+	    TPM_HandleWsaError("socketReadBytes:");
+	    socketDisconnect(accept_fd);
+            rc = ERROR_CODE;
+	}
+	else if (nread > 0) {
+	    nleft -= nread;
+	    buffer += nread;
+	}	    
+	else if (nread == 0) {  	/* EOF */
+	    printf("socketReadBytes: Error, read EOF, read %u bytes\n", nbytes - nleft);
+            rc = ERROR_CODE;
+	}
+    }
+    return rc;
+}
+
+/* socketWrite() writes buffer_length bytes from buffer to accept_fd.
+
+   In mmssim mode, it prepends the size and appends the acknowledgement.
+ */
+
+TSS_RESULT socketWrite(SOCKET accept_fd,	/* read/write file descriptor */
+		       const char *buffer,
+		       size_t buffer_length)
+{	
+    TSS_RESULT 	rc = 0;
+    int		nwritten = 0;
+    
+    /* write() is unspecified with buffer_length too large */
+    if (rc == 0) {
+	if (buffer_length > SSIZE_MAX) {
+	    rc = ERROR_CODE;
+	}
+    }
+    /* if the MS simulator packet format */
+    if (serverType == SERVER_TYPE_MSSIM) {
+	/* prepend the leading size */
+	if (rc == 0) {
+	    uint32_t bufferLengthNbo = htonl(buffer_length);
+	    send(accept_fd, (const char *)&bufferLengthNbo, sizeof(uint32_t), 0);
+	}	
+    }
+   /* test that connection is open to write */
+    if (rc == 0) {
+	if (accept_fd == SOCKET_ERROR) {
+	    printf("socketWrite: Error, connection not open, fd %d\n",
+		   accept_fd);
+	    rc = ERROR_CODE;
+	}
+    }
+    while ((rc == 0) && (buffer_length > 0)) {
+	nwritten = send(accept_fd, buffer, buffer_length, 0);
+	if ((nwritten == SOCKET_ERROR) ||
+	    (nwritten < 0)) {
+	    printf("socketWrite: Error, send()\n");
+	    TPM_HandleWsaError("socketWrite:");	/* report the error */
+	    socketDisconnect(accept_fd);
+	    rc = ERROR_CODE;
+	}	    
+	else {
+	    buffer_length -= nwritten;
+	    buffer += nwritten;
+	}
+    }
+    /* if the MS simulator packet format */
+    if (serverType == SERVER_TYPE_MSSIM) {
+	/* append the trailing acknowledgement */
+	if (rc == 0) {
+	    uint32_t acknowledgement = 0;
+	    send(accept_fd, (const char *)&acknowledgement, sizeof(uint32_t), 0);
+	}	
+    }
+    return rc;
+}
+
+/* socketDisconnect() breaks the connection between the TPM server and the host client
+
+   This is the Windows platform dependent socket version.
+*/
+
+TSS_RESULT socketDisconnect(SOCKET accept_fd)
+{
+    TSS_RESULT 	rc = 0;
+    int		irc;
+
+    /* close the connection to the client */
+    if (verbose) printf("Closing socket\n");
+    if (rc == 0) {
+	irc = closesocket(accept_fd);
+	accept_fd = SOCKET_ERROR;	/* mark the connection closed */
+	if (irc == SOCKET_ERROR) {
+	    printf("socketDisconnect: Error, closesocket()\n");
+	    rc = ERROR_CODE;
+	}
+    }
+    return rc;
+}
+
+void TPM_HandleWsaStartupError(const char *prefix,
+			       int irc)
+{
+    const char *error_string;
+
+    TPM_GetWsaStartupError(irc, &error_string);
+    printf("%s %s\n", prefix, error_string);
+    return;
+}
+
+void TPM_HandleWsaError(const char *prefix)
+{
+    const char *error_string;
+
+    TPM_GetWsaError(&error_string);
+    printf("%s %s\n", prefix, error_string);
+    return;
+}
+
+void TPM_GetWsaStartupError(int status,
+			    const char **error_string)
+{
+    /* convert WSAStartup status to more useful text.  Copy the text to error_string */
+       
+    switch(status) {
+      case WSASYSNOTREADY:
+	*error_string = "WSAStartup error: WSASYSNOTREADY underlying network subsystem not ready for "
+			"network communication";
+	break;
+      case WSAVERNOTSUPPORTED:
+	*error_string = "WSAStartup error: WSAVERNOTSUPPORTED version requested not provided by WinSock "
+			"implementation";
+	break;
+      case WSAEINPROGRESS:
+	*error_string = "WSAStartup error: WSAEINPROGRESS blocking WinSock 1.1 operation in progress";
+	break;
+      case WSAEPROCLIM:
+	*error_string = "WSAStartup error: WSAEPROCLIM Limit on number of tasks supported by WinSock "
+			"implementation has been reached";
+	break;
+      case WSAEFAULT:
+	*error_string = "WSAStartup error: WSAEFAULT lpWSAData is not a valid pointer";
+	break;
+      default:
+	*error_string = "WSAStartup error: return code unknown";
+	break;
+    }
+    return;
+}
+
+void TPM_GetWsaError(const char **error_string)
+{
+    /* Use WSAGetLastError, and convert the resulting number
+       to more useful text.  Copy the text to error_string */
+    
+    int error;
+	
+    error = WSAGetLastError();
+    switch(error) {
+
+      case WSANOTINITIALISED :
+	*error_string = "A successful WSAStartup must occur before using this function";
+	break;
+      case WSAENETDOWN :
+	*error_string = "The network subsystem or the associated service provider has failed";
+	break;
+      case WSAEAFNOSUPPORT :
+	*error_string = "The specified address family is not supported";
+	break;
+      case WSAEINPROGRESS :
+	*error_string = "A blocking Windows Sockets 1.1 call is in progress, "
+			"or the service provider is still processing a callback function";
+	break;
+      case WSAEMFILE:
+	*error_string = "No more socket descriptors are available";
+	break;
+      case WSAENOBUFS:
+	*error_string = "No buffer space is available";
+	break;
+      case WSAEPROTONOSUPPORT:
+	*error_string = "The specified protocol is not supported";
+	break;
+      case WSAEPROTOTYPE:
+	*error_string = "The specified protocol is the wrong type for this socket";
+	break;
+      case WSAESOCKTNOSUPPORT :
+	*error_string = "The specified socket type is not supported in this address family";
+	break;
+      case WSAEFAULT:
+	*error_string = "A parameter is too small, bad format, or bad value";
+	break;
+      case WSAEINVAL:
+	*error_string = "The socket has not been bound with bind, or listen not called";
+	break;
+      case WSAENETRESET:
+	*error_string = "The connection has been broken due to the remote host resetting";
+	break;
+      case WSAENOPROTOOPT:
+	*error_string = "The option is unknown or unsupported for the specified provider";
+	break;
+      case WSAENOTCONN:
+	*error_string = "Connection has been reset when SO_KEEPALIVE is set";
+	break;
+      case WSAENOTSOCK:
+	*error_string = "The descriptor is not a socket";
+	break;
+      case WSAEADDRINUSE:
+	*error_string = "The specified address is already in use";
+	break;
+      case WSAEISCONN:
+	*error_string = "The socket is already connected";
+	break;
+      case WSAEOPNOTSUPP:
+	*error_string = "The referenced socket is not of a type that supports the operation";
+	break;
+      case WSAEINTR:
+	*error_string = "The (blocking) call was canceled through WSACancelBlockingCall";
+      case WSAEWOULDBLOCK:
+	*error_string = "The socket is marked as nonblocking and no connections are present to be accepted";
+	break;
+      case WSAESHUTDOWN:
+	*error_string = "The socket has been shut down; it is not possible to recv or send on a socket "
+			"after shutdown has been invoked with how set to SD_RECEIVE or SD_BOTH";
+	break;
+      case WSAEMSGSIZE:
+	*error_string = "The message was too large to fit into the specified buffer and was truncated";
+	break;
+      case WSAECONNABORTED:
+	*error_string = "The virtual circuit was terminated due to a time-out or other failure. "
+			"The application should close the socket as it is no longer usable";
+	break;
+      case WSAETIMEDOUT:
+	*error_string = "The connection has been dropped because of a network failure or because "
+			"the peer system failed to respond";
+	break;
+      case WSAECONNRESET:
+	*error_string = "The virtual circuit was reset by the remote side executing a hard or abortive close. "
+			"The application should close the socket as it is no longer usable. On a UDP datagram "
+			"socket this error would indicate that a previous send operation resulted in an ICMP "
+			"Port Unreachable message";
+	break;
+      case WSAEACCES:
+	*error_string = "The requested address is a broadcast address, but the appropriate flag was not set";
+	break;
+      case WSAEHOSTUNREACH:
+	*error_string = "The remote host cannot be reached from this host at this time";
+	break;
+		
+      default:
+	*error_string = "unknown error type\n";
+	break;
+    }
+    return;
+}
+
+void TPM_GetTBSError(const char *prefix,
+		     TBS_RESULT rc)
+{
+    const char *error_string;
+		     
+    switch (rc) {
+
+	/* error codes from the TBS html docs */
+      case TBS_SUCCESS:
+	error_string = "The function succeeded.";
+	break;
+      case TBS_E_INTERNAL_ERROR:
+	error_string = "An internal software error occurred.";
+	break;
+      case TBS_E_BAD_PARAMETER:
+	error_string = "One or more parameter values are not valid.";
+	break;
+      case TBS_E_INVALID_OUTPUT_POINTER:
+	error_string = "A specified output pointer is bad.";
+	break;
+      case TBS_E_INVALID_CONTEXT:
+	error_string = "The specified context handle does not refer to a valid context.";
+	break;
+      case TBS_E_INSUFFICIENT_BUFFER:
+	error_string = "The specified output buffer is too small.";
+	break;
+      case TBS_E_IOERROR:
+	error_string = "An error occurred while communicating with the TPM.";
+	break;
+      case TBS_E_INVALID_CONTEXT_PARAM:
+	error_string = "A context parameter that is not valid was passed when attempting to create a "
+			"TBS context.";
+	break;
+      case TBS_E_SERVICE_NOT_RUNNING:
+	error_string = "The TBS service is not running and could not be started.";
+	break;
+      case TBS_E_TOO_MANY_TBS_CONTEXTS:
+	error_string = "A new context could not be created because there are too many open contexts.";
+	break;
+      case TBS_E_TOO_MANY_RESOURCES:
+	error_string = "A new virtual resource could not be created because there are too many open "
+			"virtual resources.";
+	break;
+      case TBS_E_SERVICE_START_PENDING:
+	error_string = "The TBS service has been started but is not yet running.";
+	break;
+      case TBS_E_PPI_NOT_SUPPORTED:
+	error_string = "The physical presence interface is not supported.";
+	break;
+      case TBS_E_COMMAND_CANCELED:
+	error_string = "The command was canceled.";
+	break;
+      case TBS_E_BUFFER_TOO_LARGE:
+	error_string = "The input or output buffer is too large.";
+	break;
+      case TBS_E_TPM_NOT_FOUND:
+	error_string = "A compatible Trusted Platform Module (TPM) Security Device cannot be found "
+			"on this computer.";
+	break;
+      case TBS_E_SERVICE_DISABLED:
+	error_string = "The TBS service has been disabled.";
+	break;
+      case TBS_E_NO_EVENT_LOG:
+	error_string = "The TBS event log is not available.";
+	break;
+      case TBS_E_ACCESS_DENIED:
+	error_string = "The caller does not have the appropriate rights to perform the requested operation.";
+	break;
+      case TBS_E_PROVISIONING_NOT_ALLOWED:
+	error_string = "The TPM provisioning action is not allowed by the specified flags.";
+	break;
+      case TBS_E_PPI_FUNCTION_UNSUPPORTED:
+	error_string = "The Physical Presence Interface of this firmware does not support the "
+			"requested method.";
+	break;
+      case TBS_E_OWNERAUTH_NOT_FOUND:
+	error_string = "The requested TPM OwnerAuth value was not found.";
+	break;
+
+	/* a few error codes from WinError.h */
+      case TPM_E_COMMAND_BLOCKED:
+	error_string = "The command was blocked.";
+	break;
+
+      default:
+	error_string = "unknown error type\n";
+	break;
+
+	
+    }
+    printf("%s %s\n", prefix, error_string);
+    return;
+}
+
+void CheckTPMError(const char *prefix,
+		   unsigned char *response)
+{
+    const char *error_string;
+    uint32_t tpmError = htonl(*(uint32_t *)(response+6));
+
+    if (tpmError != 0) {
+
+	switch (tpmError) {
+	    /* a few error codes from WinError.h */
+	  case TPM_E_COMMAND_BLOCKED:
+	    error_string = "The command was blocked.";
+	    break;
+	  default:
+	    error_string = "unknown error type\n";
+	    printf("TPM error %08x\n", tpmError);
+	    break;
+	}
+	printf("%s %s\n", prefix, error_string);
+    }    
+    return;
+}
+
+/* logging, tracing */
+
+void logAll(const char *message, unsigned long length, const unsigned char* buff)
+{
+    unsigned long i;
+    size_t 	nextChar = 0;
+    FILE 	*logFile;	/* trace log file descriptor */
+
+    /* construct the log message, keep appending to the character string */
+    if (buff != NULL) {
+	nextChar += sprintf(logMsg + nextChar, "%s length %lu\n ", message, length);
+	for (i = 0 ; i < length ; i++) {
+	    if (i && !( i % 16 )) {
+		nextChar += sprintf(logMsg + nextChar, "\n ");
+	    }
+	    nextChar += sprintf(logMsg + nextChar, "%.2X ",buff[i]);
+	}
+	nextChar += sprintf(logMsg + nextChar, "\n");
+    }
+    else {
+	nextChar += sprintf(logMsg + nextChar, "%s null\n", message);
+    }
+    if (verbose) printf("%s", logMsg);
+    if (logFilename != NULL) {
+	/* Open the log file if specified.  It's a hack to keep opening and closing the file for
+	   each append, but it's easier that trying to catch a signal to close the file.  Windows
+	   evidently doesn't automatically close the file when the program exits. */
+	logFile = fopen(logFilename, "a");
+	if (logFile == NULL) {
+	    printf("Error, opening %s for write failed, %s\n",
+		   logFilename, strerror(errno));
+	}
+	/* if success, print and close */
+	else {
+	    fprintf(logFile, "%s", logMsg);
+	    fclose(logFile);
+	}
+    }
+    return;
+}
+
+/* parse the command line arguments */
+
+long getArgs(short *port,
+	     int *verbose,
+	     char **logFilename,
+	     int argc,
+	     char **argv)
+{
+    long 	rc = 0;
+    int		irc;
+    int 	i;
+    FILE 	*logFile;	/* trace log file descriptor */
+
+    /* get the command line arguments */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if ((strcmp(argv[i],"-p") == 0) ||
+	    (strcmp(argv[i],"--port") == 0)) {
+	    i++;
+	    if (i < argc) {
+		irc = sscanf(argv[i], "%hu", port);
+		if (irc != 1) {
+		    printf("-p --port (socket port) illegal value %s\n", argv[i]);
+		    rc = ERROR_CODE;
+		}
+	    } else {
+		printf("-p --port (socket port) needs a value\n");
+		rc = ERROR_CODE;
+	    }
+	}
+	else if (strcmp(argv[i],"-raw") == 0) {
+	    serverType = SERVER_TYPE_RAW;
+	}
+	else if (strcmp(argv[i],"-mssim") == 0) {
+	    serverType = SERVER_TYPE_MSSIM;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	    rc = ERROR_CODE;
+	}
+	else if ((strcmp(argv[i],"-v") == 0) ||
+		 (strcmp(argv[i],"--verbose") == 0)) {
+	    *verbose = TRUE;
+	}
+	else if ((strcmp(argv[i],"-l") == 0) ||
+		 (strcmp(argv[i],"--log") == 0)) {
+	    i++;
+	    if (i < argc) {
+		if (strlen(argv[i]) < FILENAME_MAX) {
+		    *logFilename = argv[i];
+		}
+		else {
+		    printf("-l --log (log file name) too long\n");
+		    rc = ERROR_CODE;
+		}
+	    }
+	    else {
+		printf("-l --log option (log file name) needs a value\n");
+		rc = ERROR_CODE;
+	    }
+	}
+	else {
+	    printf("\n%s is not a valid option\n",argv[i]);
+	    printUsage();
+	    rc = ERROR_CODE;
+	}
+    }
+    /* erase old contents of log file */
+    if ((rc == 0) && (*logFilename != NULL)) {
+	logFile = fopen(*logFilename, "w");
+	if (logFile == NULL) {
+	    printf("Cannot open log file %s\n", *logFilename);
+	    rc = ERROR_CODE;
+	}
+	else {
+	    fclose(logFile);
+	}
+    }
+    return rc;
+}
+
+void printUsage()
+{
+    printf("\n");
+    printf("tpmproxy\n");
+    printf("\n");
+    printf("Pass through connecting a TCPIP port to a hardware TPM\n");
+    printf("\n");
+    printf("\t--port,-p <n> TCPIP server port (default 2321)\n");
+    printf("\t-mssim use MS TPM 2.0 socket simulator packet format (default)\n");
+    printf("\t\twith TSS env variable TPM_SERVER_TYPE=mssim (default)\n");
+    printf("\t-raw use TPM 2.0 packet format\n");
+    printf("\t\twith TSS env variable TPM_SERVER_TYPE=raw\n");
+    printf("\t--verbose,-v verbose mode (default false)\n");
+    printf("\t--log,-l log transactions into given file (default none)\n");
+    printf("\t \n");
+    return;
+}
diff --git a/utils/tpmpublic2eccpoint.c b/utils/tpmpublic2eccpoint.c
new file mode 100644
index 000000000..6c310da7b
--- /dev/null
+++ b/utils/tpmpublic2eccpoint.c
@@ -0,0 +1,155 @@
+/********************************************************************************/
+/*										*/
+/*		    TPM public key TPM2B_PUBLIC to TPM2B_ECC_POINT 		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssmarshal.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    const char			*publicKeyFilename = NULL;
+    const char			*pointFilename = NULL;
+    TPM2B_PUBLIC		public;
+    TPM2B_ECC_POINT 		eccPoint2b;
+
+    tssUtilsVerbose = FALSE;
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ipu") == 0) {
+	    i++;
+	    if (i < argc) {
+		publicKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ipu option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pt") == 0) {
+	    i++;
+	    if (i < argc) {
+		pointFilename = argv[i];
+	    }
+	    else {
+		printf("-pt option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (publicKeyFilename == NULL) {
+	printf("Missing public key parameter -ipu\n");
+	printUsage();
+    }
+    if (pointFilename == NULL) {
+	printf("Missing point file name parameter -pt\n");
+	printUsage();
+    }
+    /* read the TPM public key to a structure */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructureFlag(&public,
+					(UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					TRUE,			/* NULL permitted */
+					publicKeyFilename);
+    }
+    if (rc == 0) {
+	if (public.publicArea.type != TPM_ALG_ECC) {
+	    printf("Public key parameter -ipu type %04x is not TPM_ALG_ECC\n",
+		   public.publicArea.type);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	/* copy the TPMS_ECC_POINT */
+	eccPoint2b.point = public.publicArea.unique.ecc;
+	/* TSS_TPM2B_ECC_POINT_Marshal() fills in the redundant TPM2B_ECC_POINT size */
+	rc = TSS_File_WriteStructure(&eccPoint2b,
+				     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshalu,
+				     pointFilename);
+	
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("tpmpublic2eccpoint: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("tpmpublic2eccpoint: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("tpmpublic2eccpoint\n");
+    printf("\n");
+    printf("Converts an EC TPM2B_PUBLIC to TPM2B_ECC_POINT.  The intended use case\n");
+    printf("is to convert the public key output of certain commands (TPM2_CreatePrimary,\n");
+    printf("TPM2_Create, TPM2_CreateLoaded, TPM2_ReadPublic) to a format useful for\n");
+    printf("TPM2_ZGen_2Phase.\n");
+    printf("\n");
+    printf("\t-ipu\tEC public key input file in TPM TPM2B_PUBLIC format\n");
+    printf("\t-pt\tEC public key output file in TPM TPM2B_ECC_POINT format\n");
+    exit(1);	
+}
diff --git a/utils/tss.c b/utils/tss.c
new file mode 100644
index 000000000..b3d6745d0
--- /dev/null
+++ b/utils/tss.c
@@ -0,0 +1,282 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS Primary API 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tss.h>
+#include "tssproperties.h"
+#include <ibmtss/tsstransmit.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#ifndef TPM_TSS_NOCRYPTO
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tsscryptoh.h>
+#endif
+#include <ibmtss/tssprintcmd.h>
+#ifdef TPM_TPM20
+#include "tss20.h"
+#endif
+#ifdef TPM_TPM12
+#include "tss12.h"
+#endif
+
+/* local prototypes */
+
+static TPM_RC TSS_Context_Init(TSS_CONTEXT *tssContext);
+
+extern int tssVerbose;
+extern int tssVverbose;
+extern int tssFirstCall;
+
+/* TSS_Create() creates and initializes the TSS Context.  It does NOT open a connection to the
+   TPM.*/
+
+TPM_RC TSS_Create(TSS_CONTEXT **tssContext)
+{
+    TPM_RC		rc = 0;
+
+    /* allocate the high level TSS structure */
+    if (rc == 0) {
+	/* set to NULL for backward compatibility, caller may not have set tssContext to NULL before
+	   the call */
+	*tssContext = NULL;
+	rc = TSS_Malloc((unsigned char **)tssContext, sizeof(TSS_CONTEXT));
+    }
+    /* initialize the high level TSS structure */
+    if (rc == 0) {
+	rc = TSS_Context_Init(*tssContext);
+	/* the likely cause of a failure is a bad environment variable */
+	if (rc != 0) {
+	    if (tssVerbose) printf("TSS_Create: TSS_Context_Init() failed\n");
+	    free(*tssContext);
+	    *tssContext = NULL;
+	}
+    }
+    /* allocate and initialize the lower layer TSS context */
+    if (rc == 0) {
+	rc = TSS_AuthCreate(&((*tssContext)->tssAuthContext));
+    }
+    return rc;
+}
+
+/* TSS_Context_Init() on first call is used for any global library initialization.
+
+   On every call, it initializes the TSS context.
+*/
+
+static TPM_RC TSS_Context_Init(TSS_CONTEXT *tssContext)
+{
+    TPM_RC		rc = 0;
+#ifndef TPM_TSS_NOCRYPTO
+#ifndef TPM_TSS_NOFILE
+    size_t		tssSessionEncKeySize;
+    size_t		tssSessionDecKeySize;
+#endif
+#endif
+    /* at the first call to the TSS, initialize global variables */
+    if (tssFirstCall) {		/* tssFirstCall is a library global */
+#ifndef TPM_TSS_NOCRYPTO
+	/* crypto module initializations, crypto library specific */
+	if (rc == 0) {
+	    rc = TSS_Crypto_Init();
+	}
+#endif
+	/* TSS properties that are global, not per TSS context */
+	if (rc == 0) {
+	    rc = TSS_GlobalProperties_Init();
+	}
+	tssFirstCall = FALSE;
+    }
+    /* TSS properties that are per context */
+    if (rc == 0) {
+	rc = TSS_Properties_Init(tssContext);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+#ifndef TPM_TSS_NOFILE
+    /* crypto library dependent code to allocate the session state encryption and decryption keys.
+       They are probably always the same size, but it's safer not to assume that. */
+    if (rc == 0) {
+	rc = TSS_AES_GetEncKeySize(&tssSessionEncKeySize);
+    }
+    if (rc == 0) {
+	rc = TSS_AES_GetDecKeySize(&tssSessionDecKeySize);
+    }
+    if (rc == 0) {
+        rc = TSS_Malloc((uint8_t **)&tssContext->tssSessionEncKey, tssSessionEncKeySize);
+    }
+    if (rc == 0) {
+        rc = TSS_Malloc((uint8_t **)&tssContext->tssSessionDecKey, tssSessionDecKeySize);
+    }
+    /* build the session encryption and decryption keys */
+    if (rc == 0) {
+	rc = TSS_AES_KeyGenerate(tssContext->tssSessionEncKey,
+				 tssContext->tssSessionDecKey);
+    }
+#endif
+#endif
+    return rc;
+}
+
+/* TSS_Delete() closes an open TPM connection, then free the TSS context memory.
+ */
+
+TPM_RC TSS_Delete(TSS_CONTEXT *tssContext)
+{
+    TPM_RC rc = 0;
+
+    if (tssContext != NULL) {
+	TSS_AuthDelete(tssContext->tssAuthContext);
+#ifdef TPM_TSS_NOFILE
+	{
+	    size_t i;
+	    for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) {
+		tssContext->sessions[i].sessionHandle = TPM_RH_NULL;
+		/* erase any secrets */
+		memset(tssContext->sessions[i].sessionData,
+		       0, tssContext->sessions[i].sessionDataLength);
+		free(tssContext->sessions[i].sessionData);
+		tssContext->sessions[i].sessionData = NULL;
+		tssContext->sessions[i].sessionDataLength = 0;
+	    }
+	}
+#endif
+#ifndef TPM_TSS_NOCRYPTO
+#ifndef TPM_TSS_NOFILE
+	free(tssContext->tssSessionEncKey);
+	free(tssContext->tssSessionDecKey);
+#endif
+#endif
+	rc = TSS_Close(tssContext);
+	free(tssContext);
+    }
+    return rc;
+}
+
+/* TSS_Execute() performs the complete command / response process.
+
+   It sends the command specified by commandCode and the parameters 'in', returning the response
+   parameters 'out'.
+
+   ... varargs are
+
+   TPMI_SH_AUTH_SESSION sessionHandle,
+   const char *password,
+   unsigned int sessionAttributes
+
+   Terminates with TPM_RH_NULL, NULL, 0
+
+   Processes up to MAX_SESSION_NUM sessions.
+*/
+
+TPM_RC TSS_Execute(TSS_CONTEXT *tssContext,
+		   RESPONSE_PARAMETERS *out,
+		   COMMAND_PARAMETERS *in,
+		   EXTRA_PARAMETERS *extra,
+		   TPM_CC commandCode,
+		   ...)
+{
+    TPM_RC		rc = 0;
+    va_list		ap;
+    int 		tpm20Command;
+    int 		tpm12Command;
+
+    if (rc == 0) {
+	tpm20Command = (((commandCode >= TPM_CC_FIRST) && (commandCode <=TPM_CC_LAST)) || /* base */
+			((commandCode >= 0x20000000) && (commandCode <= 0x2000ffff)));	/* vendor */
+	tpm12Command = ((commandCode <= 0x000000ff) ||		/* base */
+			((commandCode >= 0x40000000) && (commandCode <= 0x4000ffff)));	/* TSC */
+	if (!tpm20Command && !tpm12Command) {
+	    if (tssVerbose) printf("TSS_Execute: commandCode %08x unsupported\n",
+				   commandCode);
+	    rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+	    
+	}
+	if (tpm20Command && tpm12Command) {
+	    if (tssVerbose) printf("TSS_Execute: commandCode %08x is both TPM 1.2 and TPM 2.0\n",
+				   commandCode);
+	    rc = TSS_RC_FAIL;
+	}
+    }
+    if (rc == 0) {
+	va_start(ap, commandCode);
+	if (tpm20Command) {
+#ifdef TPM_TPM20
+	    tssContext->tpm12Command = FALSE;
+	    rc = TSS_Execute20(tssContext,
+			       out,
+			       in,
+			       (EXTRA_PARAMETERS *)extra,
+			       commandCode,
+			       ap);
+#else
+	    if (tssVerbose) printf("TSS_Execute: commandCode is TPM 1.2, TSS is TPM 2.0 only\n");
+	    rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+#endif
+	}
+	if (tpm12Command) {
+#ifdef TPM_TPM12
+	    tssContext->tpm12Command = TRUE;
+	    rc = TSS_Execute12(tssContext,
+			       out,
+			       in,
+			       (EXTRA12_PARAMETERS *)extra,
+			       commandCode,
+			       ap);
+#else
+	    if (tssVerbose) printf("TSS_Execute: commandCode is TPM 2.0, TSS is TPM 1.2 only\n");
+	    rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+#endif
+	}	
+	va_end(ap);
+    }
+    return rc;
+}
+
+
diff --git a/utils/tss12.c b/utils/tss12.c
new file mode 100644
index 000000000..623193362
--- /dev/null
+++ b/utils/tss12.c
@@ -0,0 +1,1423 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS Primary API for TPM 1.2				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include "tssauth.h"
+#include <ibmtss/tss.h>
+#include "tssproperties.h"
+#include <ibmtss/tsstransmit.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tssprintcmd.h>
+#include <ibmtss/tpmconstants12.h>
+#include "tss12.h"
+#include "tssauth12.h"
+
+/* Files:
+
+   hxxxxxxxx.bin - session context
+*/
+
+/* NOTE Synchronize with
+
+   TSS_HmacSession12_InitContext
+   TSS_HmacSession12_Unmarshal
+   TSS_HmacSession12_Marshal
+*/
+
+typedef struct TSS_HMAC12_CONTEXT {
+    TPM_AUTHHANDLE		authHandle;		/* the authorization session handle */
+    TPM_NONCE			nonceEven;		/* from the TPM in response */
+    TPM_NONCE			nonceEvenOSAP;		/* from the TPM for OSAP in response */
+    TPMT_HA 			sharedSecret;		/* from KDF at OSAP session creation */
+    /* uint16 */
+    /* LSB is type of entityValue */
+    /* MSB is ADIP encryption scheme */
+    TPM_ENTITY_TYPE 		entityType;		/* The type of entity in use */
+    UINT32 			entityValue; 		/* The selection value based on entityType,
+							   e.g. a keyHandle #, TPM_RH_NULL for OIAP
+							   session  */
+    /* Items below this line are for the lifetime of one command.  They are not saved and loaded. */
+    TPM_NONCE			nonceOdd;		/* from the TSS in command */
+    TPM_NONCE			nonceOddOSAP;		/* from the TSS for OSAP in command */
+    /* for TPM 1.2, OIAP SHA-1 of password, OSAP sharedSecret */
+    TPMT_HA 			hmacKey;
+} TSS_HMAC12_CONTEXT;
+
+
+/* functions for command pre- and post- processing */
+
+typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext,
+					   COMMAND_PARAMETERS *in,
+					   EXTRA12_PARAMETERS *extra);
+typedef TPM_RC (*TSS_ChangeAuthFunction_t)(TSS_CONTEXT *tssContext,
+					   TSS_HMAC12_CONTEXT *session,
+					   size_t handleNumber,
+					   COMMAND_PARAMETERS *in);
+typedef TPM_RC (*TSS_PostProcessFunction_t)(TSS_CONTEXT *tssContext,
+					    COMMAND_PARAMETERS *in,
+					    RESPONSE_PARAMETERS *out,
+					    EXTRA12_PARAMETERS *extra);
+
+static TPM_RC TSS_PR_CreateWrapKey(TSS_CONTEXT *tssContext,
+				   CreateWrapKey_In *in,
+				   void *extra);
+static TPM_RC TSS_PR_MakeIdentity(TSS_CONTEXT *tssContext,
+				  MakeIdentity_In *in,
+				  void *extra);
+static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext,
+				    NV_DefineSpace_In *in,
+				    void *extra);
+#if 0
+static TPM_RC TSS_PR_Seal(TSS_CONTEXT *tssContext,
+			  Seal_in *In,
+			  void *extra);
+static TPM_RC TSS_PR_Sealx(TSS_CONTEXT *tssContext,
+			   Sealx_in *In,
+			   void *extra);
+
+#endif
+static TPM_RC TSS_PO_FlushSpecific(TSS_CONTEXT *tssContext,
+				   FlushSpecific_In *in,
+				   void *out,
+				   void *extra);
+static TPM_RC TSS_PR_OSAP(TSS_CONTEXT *tssContext,
+			  OSAP_In *in,
+			  OSAP_Extra *extra);
+static TPM_RC TSS_PO_OIAP(TSS_CONTEXT *tssContext,
+			  void *in,
+			  OIAP_Out *out,
+			  void *extra);
+static TPM_RC TSS_PO_OSAP(TSS_CONTEXT *tssContext,
+			  OSAP_In *in,
+			  OSAP_Out *out,
+			  OSAP_Extra *extra);
+
+typedef struct TSS_TABLE {
+    TPM_CC 			commandCode;
+    TSS_PreProcessFunction_t	preProcessFunction;
+    TSS_ChangeAuthFunction_t	changeAuthFunction;
+    TSS_PostProcessFunction_t 	postProcessFunction;
+} TSS_TABLE;
+
+/* FIXME offsets
+   changeauth +16, createownerdel, createkeydel -45
+   createwrapkey +14, +34
+   cmkcreatekey, changeauthowner +14
+   changeauth 16
+*/
+
+/* session handles numbers
+   #0 of 1 seal, sealx, createwrapkey, cmk_create, changeauthowner, del_ckd, del_cod, nv_define, createctr
+   #1 of 2 changeauth
+*/
+   
+
+static const TSS_TABLE tssTable [] = {
+				 
+    {TPM_ORD_Init, NULL, NULL, NULL},
+    {TPM_ORD_ActivateIdentity, NULL, NULL, NULL},
+    {TPM_ORD_ContinueSelfTest, NULL, NULL, NULL},
+    {TPM_ORD_CreateWrapKey, (TSS_PreProcessFunction_t)TSS_PR_CreateWrapKey, NULL, NULL},
+    {TPM_ORD_CreateEndorsementKeyPair, NULL, NULL, NULL},
+    {TPM_ORD_Extend, NULL, NULL, NULL},
+    {TPM_ORD_FlushSpecific, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushSpecific},
+    {TPM_ORD_GetCapability, NULL, NULL, NULL},
+    {TPM_ORD_MakeIdentity, (TSS_PreProcessFunction_t)TSS_PR_MakeIdentity, NULL, NULL},
+    {TPM_ORD_OIAP, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_OIAP},
+    {TPM_ORD_OSAP, (TSS_PreProcessFunction_t)TSS_PR_OSAP, NULL, (TSS_PostProcessFunction_t)TSS_PO_OSAP},
+    {TPM_ORD_OwnerReadInternalPub, NULL, NULL, NULL},
+    {TPM_ORD_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, NULL},
+    {TPM_ORD_NV_ReadValue, NULL, NULL, NULL},
+    {TPM_ORD_NV_ReadValueAuth, NULL, NULL, NULL},
+    {TPM_ORD_NV_WriteValue, NULL, NULL, NULL},
+    {TPM_ORD_NV_WriteValueAuth, NULL, NULL, NULL},
+    {TPM_ORD_PcrRead, NULL, NULL, NULL},
+    {TPM_ORD_PCR_Reset, NULL, NULL, NULL},
+#if 0
+    {TPM_ORD_Seal, (TSS_PreProcessFunction_t)TSS_PR_Seal, NULL, NULL},
+    {TPM_ORD_Sealx, (TSS_PreProcessFunction_t)TSS_PR_Sealx, NULL, NULL},
+#endif
+    {TPM_ORD_Startup, NULL, NULL, NULL},
+};
+
+/* local prototypes */
+
+
+static TPM_RC TSS_Execute12_valist(TSS_CONTEXT *tssContext,
+				   COMMAND_PARAMETERS *in,
+				   va_list ap);
+
+static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
+				       TPM_CC commandCode,
+				       COMMAND_PARAMETERS *in,
+				       EXTRA12_PARAMETERS *extra);
+static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext,
+					 COMMAND_PARAMETERS *in,
+					 RESPONSE_PARAMETERS *out,
+					 EXTRA12_PARAMETERS *extra);
+
+static TPM_RC TSS_HmacSession12_GetContext(TSS_HMAC12_CONTEXT **session);
+static void TSS_HmacSession12_InitContext(TSS_HMAC12_CONTEXT *session);
+static void TSS_HmacSession12_FreeContext(TSS_HMAC12_CONTEXT *session);
+static TPM_RC TSS_HmacSession12_SaveSession(TSS_CONTEXT *tssContext,
+					    TSS_HMAC12_CONTEXT *session);
+static TPM_RC TSS_HmacSession12_LoadSession(TSS_CONTEXT *tssContext,
+					    TSS_HMAC12_CONTEXT *session,
+					    TPM_AUTHHANDLE authHandle);
+static TPM_RC TSS_HmacSession12_Marshal(TSS_HMAC12_CONTEXT *source,
+					uint16_t *written,
+					uint8_t **buffer,
+					uint32_t *size);
+static TPM_RC TSS_HmacSession12_DeleteSession(TSS_CONTEXT *tssContext,
+					      TPM_AUTHHANDLE handle);
+static TPM_RC TSS_HmacSession12_Unmarshal(TSS_HMAC12_CONTEXT *target,
+					  uint8_t **buffer, uint32_t *size);
+static TPM_RC TSS_HmacSession12_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext,
+					size_t numSessions,
+					TSS_HMAC12_CONTEXT *session[],
+					TPMS_AUTH12_COMMAND *authCommand[],
+					TPM_AUTHHANDLE sessionHandle[],
+					unsigned int sessionAttributes[]);
+static TPM_RC TSS_HmacSession12_Verify(TSS_AUTH_CONTEXT *tssAuthContext,
+				       size_t		numSessions,
+				       TSS_HMAC12_CONTEXT *session[],
+				       TPMS_AUTH12_RESPONSE *authResponse[]);
+static TPM_RC TSS_HmacSession12_Continue(TSS_CONTEXT *tssContext,
+					 TSS_HMAC12_CONTEXT *session,
+					 TPMS_AUTH12_RESPONSE *authR);
+static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext,
+				  struct TSS_HMAC12_CONTEXT *session[],
+				  TPM_AUTHHANDLE sessionHandle[]);
+static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext,
+				     TSS_HMAC12_CONTEXT *session,
+				     uint8_t *encAuth,
+				     int parameterNumber);
+
+extern int tssVerbose;
+extern int tssVverbose;
+
+/* TSS_Execute12() performs the complete command / response process.
+
+   It sends the command specified by commandCode and the parameters 'in', returning the response
+   parameters 'out'.
+
+   ... varargs are
+
+   TPM_AUTHHANDLE authHandle,
+   const char *password,
+   unsigned int sessionAttributes
+
+   Terminates with TPM_RH_NULL, NULL, 0
+
+   Processes up to MAX_SESSION_NUM sessions.
+*/
+
+TPM_RC TSS_Execute12(TSS_CONTEXT *tssContext,
+		     RESPONSE_PARAMETERS *out,
+		     COMMAND_PARAMETERS *in,
+		     EXTRA12_PARAMETERS *extra,
+		     TPM_CC commandCode,
+		     va_list ap)
+{
+    TPM_RC		rc = 0;
+
+    /* create a TSS authorization context */
+    if (rc == 0) {
+	TSS_InitAuthContext(tssContext->tssAuthContext);
+    }
+    /* handle any command specific command pre-processing */
+    if (rc == 0) {
+	rc = TSS_Command_PreProcessor(tssContext,
+				      commandCode,
+				      in,
+				      extra);
+    }
+    /* marshal input parameters */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12: Command %08x marshal\n", commandCode);
+	rc = TSS_Marshal12(tssContext->tssAuthContext,
+			   in,
+			   commandCode);
+    }
+    /* execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute12_valist(tssContext, in, ap);
+    }
+    /* unmarshal the response parameters */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12: Command %08x unmarshal\n", commandCode);
+	rc = TSS_Unmarshal12(tssContext->tssAuthContext, out);
+    }
+    /* handle any command specific response post-processing */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12: Command %08x post processor\n", commandCode);
+	rc = TSS_Response_PostProcessor(tssContext,
+					in,
+					out,
+					extra);
+    }
+    return rc;
+}
+
+/* TSS_Execute12_valist() transmits the marshaled command and receives the marshaled response.
+
+   varargs are TPM_AUTHHANDLE sessionHandle, const char *password, unsigned int sessionAttributes
+
+   Terminates with sessionHandle TPM_RH_NULL
+
+   Processes up to MAX_SESSION_NUM sessions.  It handles HMAC generation and command and response
+   parameter encryption.  It loads each session context, rolls nonces, and saves or deletes the
+   session context.
+*/
+
+static TPM_RC TSS_Execute12_valist(TSS_CONTEXT *tssContext,
+				   COMMAND_PARAMETERS *in,
+				   va_list ap)
+{
+    TPM_RC		rc = 0;
+    size_t		i = 0;
+    size_t		numSessions = 0;
+
+    /* the vararg parameters */
+    TPM_AUTHHANDLE 	sessionHandle[MAX_SESSION_NUM];
+    const char 		*password[MAX_SESSION_NUM];
+    unsigned int	sessionAttributes[MAX_SESSION_NUM];
+
+    /* structures filled in */
+    TPMS_AUTH12_COMMAND authCommand[MAX_SESSION_NUM];
+    TPMS_AUTH12_RESPONSE authResponse[MAX_SESSION_NUM];
+    
+    /* pointer to the above structures as used */
+    TPMS_AUTH12_COMMAND *authC[MAX_SESSION_NUM];
+    TPMS_AUTH12_RESPONSE *authR[MAX_SESSION_NUM];
+
+    /* TSS sessions */
+    TSS_HMAC12_CONTEXT 	*session[MAX_SESSION_NUM];
+
+    in = in;
+    ap = ap;
+    
+    /* Step 1: initialization */
+    if (tssVverbose) printf("TSS_Execute12_valist: Step 1: initialization\n");
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) {
+	authC[i] = NULL;		/* array of TPMS_AUTH12_COMMAND structures, NULL for
+					   TSS_SetCmdAuths */
+	authR[i] = NULL;		/* array of TPMS_AUTH12_RESPONSE structures, NULL for
+					   TSS_GetRspAuths */
+	session[i] = NULL;		/* for free, used for HMAC and encrypt/decrypt sessions */
+	/* the varargs list inputs */
+	sessionHandle[i] = TPM_RH_NULL;
+	password[i] = NULL;
+	sessionAttributes[i] = 0;
+    }
+    /* Step 2: gather the command authorizations */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) {
+ 	sessionHandle[i] = va_arg(ap, TPM_AUTHHANDLE);		/* first vararg is the session
+								   handle */
+	password[i] = va_arg(ap, const char *);			/* second vararg is the password */
+	sessionAttributes[i] = va_arg(ap, unsigned int);	/* third argument is
+								   sessionAttributes */
+	sessionAttributes[i] &= 0xff;				/* is uint8_t */
+
+	if (sessionHandle[i] != TPM_RH_NULL) {			/* varargs termination value */ 
+
+	    if (tssVverbose) printf("TSS_Execute12_valist: Step 2: authorization %u\n",
+				    (unsigned int)i);
+	    if (tssVverbose) printf("TSS_Execute12_valist: session %u handle %08x\n",
+				    (unsigned int)i, sessionHandle[i]);
+	    /* make used, non-NULL for command and response varargs */
+	    authC[i] = &authCommand[i];
+	    authR[i] = &authResponse[i];
+
+	    /* initialize a TSS HMAC session */
+	    if (rc == 0) {
+		rc = TSS_HmacSession12_GetContext(&session[i]);
+	    }
+	    /* load the session created by either OIAP or OSAP */
+	    if (rc == 0) {
+		rc = TSS_HmacSession12_LoadSession(tssContext, session[i], sessionHandle[i]);
+	    }
+	    if (rc == 0) {
+		if (session[i]->entityValue == TPM_RH_NULL) {	/* if OIAP, use password */
+		    if (password[i] != NULL) {	/* if a password was specified, hash it */
+			/* hash the password, algorithm set to SHA-1 at initialization */
+			rc = TSS_Hash_Generate(&session[i]->hmacKey,
+					       strlen(password[i]), (unsigned char *)password[i],
+					       0, NULL);
+		    }
+		    /* TPM 1.2 convention seems to use all zeros as a well known auth */
+		    else {
+			memset((uint8_t *)&session[i]->hmacKey.digest, 0, SHA1_DIGEST_SIZE);
+		    }
+		}
+		else {		/* use shared secret from OSAP setup */
+		    memcpy((uint8_t *)&session[i]->hmacKey.digest,
+			   (uint8_t *)&session[i]->sharedSecret.digest, SHA1_DIGEST_SIZE);
+		}
+	    }
+	}
+	else {
+	    numSessions = i;	/* record the number of auth sessions */
+	    break;
+	}
+    }
+    /* Step 3: Roll nonceOdd, save in the session context for the response */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if (tssVverbose)
+	    printf("TSS_Execute12_valist: Step 3: nonceOdd for session %08x\n", sessionHandle[i]);
+	if (rc == 0) {
+	    rc = TSS_RandBytes(session[i]->nonceOdd, SHA1_DIGEST_SIZE);
+	    memcpy(authC[i]->nonce, session[i]->nonceOdd, SHA1_DIGEST_SIZE);
+	}
+    }
+    /* Step 4: Calculate the HMAC key */
+    /* not needed for TPM 1.2, HMAC key is either hash of password or OSAP shared secret, calculated
+       in previous step */
+    /* Step 5: TPM_ENCAUTH encryption */
+    if ((rc == 0) && (numSessions > 0)) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 5: command ADIP encrypt\n");
+	rc = TSS_Command_Decrypt(tssContext->tssAuthContext,
+				 session,
+				 sessionHandle);
+    }
+    /* Step 6: for each HMAC session, calculate cpHash, calculate the HMAC, and set it in
+       TPMS_AUTH12_COMMAND */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 6: calculate HMACs\n");
+	rc = TSS_HmacSession12_SetHMAC(tssContext->tssAuthContext,	/* TSS auth context */
+				       numSessions, 
+				       session,		/* TSS session contexts */
+				       authC,		/* output: command authorizations */
+				       sessionHandle,	/* list of session handles for the command */
+				       sessionAttributes /* attributes for this command */
+				       );
+    }
+    /* Step 7: set the command authorizations in the TSS command stream */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 7: set command authorizations\n");
+	rc = TSS_SetCmdAuths12(tssContext->tssAuthContext,
+			       numSessions, 
+			       authC);
+    }
+    /* Step 8: process the command.  Normally returns the TPM response code. */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 8: process the command\n");
+	rc = TSS_AuthExecute(tssContext);
+    }
+    /* Step 9: get the response authorizations from the TSS response stream */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 9: get response authorizations\n");
+	rc = TSS_GetRspAuths12(tssContext->tssAuthContext,
+			       numSessions, 
+			       authR);
+    }
+    /* Step 10: process the response authorizations, validate the HMAC */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 10: verify HMAC\n");
+#if 0
+	for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	    rc = TSS_Command_ChangeAuthProcessor(tssContext, session[i], i, in);
+	}
+#endif
+	if (rc == 0) {
+	    rc = TSS_HmacSession12_Verify(tssContext->tssAuthContext, /* authorization
+									 context */
+					  numSessions, 
+					  session,	/* TSS session context */
+					  authR);	/* input: response authorization */
+	}
+    }
+    /* Step 12: process the response continue flag */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if (tssVverbose) printf("TSS_Execute12_valist: Step 12: process continue flag %08x\n",
+				sessionHandle[i]);
+	rc = TSS_HmacSession12_Continue(tssContext, session[i], authR[i]);
+    }
+    /* cleanup */
+    for (i = 0 ; i < MAX_SESSION_NUM ; i++) {
+	TSS_HmacSession12_FreeContext(session[i]);
+    }
+    return rc;
+}
+
+/*
+  HMAC Session
+*/
+
+/* TSS_HmacSession12_GetContext() allocates and initializes a TSS_HMAC12_CONTEXT structure */
+
+static TPM_RC TSS_HmacSession12_GetContext(TSS_HMAC12_CONTEXT **session)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+        rc = TSS_Malloc((uint8_t **)session, sizeof(TSS_HMAC12_CONTEXT));
+    }
+    if (rc == 0) {
+	TSS_HmacSession12_InitContext(*session);
+    }
+    return rc;
+}
+
+/* TSS_HmacSession12_InitContext() initializes a TSS_HMAC12_CONTEXT structure */
+
+static void TSS_HmacSession12_InitContext(TSS_HMAC12_CONTEXT *session)
+{
+    session->authHandle = TPM_RH_NULL;
+    memset(session->nonceEven, 0, SHA1_DIGEST_SIZE);
+    memset(session->nonceEvenOSAP, 0, SHA1_DIGEST_SIZE);
+    memset(&session->sharedSecret.digest, 0, SHA1_DIGEST_SIZE);
+    memset(session->nonceOdd, 0, SHA1_DIGEST_SIZE);
+    memset(session->nonceOddOSAP, 0, SHA1_DIGEST_SIZE);
+    session->hmacKey.hashAlg = TPM_ALG_SHA1;
+    memset((uint8_t *)&session->hmacKey.digest, 0, SHA1_DIGEST_SIZE);
+    return;
+}
+
+/* TSS_HmacSession12_FreeContext() initializes (to erase secrets) and frees a TSS_HMAC12_CONTEXT
+   structure */
+
+static void TSS_HmacSession12_FreeContext(TSS_HMAC12_CONTEXT *session)
+{
+    if (session != NULL) {
+	TSS_HmacSession12_InitContext(session);
+	free(session);
+    }
+    return;
+}
+
+/* TSS_HmacSession12_SaveSession() marshals, optionally encrypts, and saves a TSS_HMAC12_CONTEXT
+   structure */ 
+
+static TPM_RC TSS_HmacSession12_SaveSession(TSS_CONTEXT *tssContext,
+					    TSS_HMAC12_CONTEXT *session)
+{
+    TPM_RC	rc = 0;
+    uint8_t 	*buffer = NULL;		/* marshaled TSS_HMAC12_CONTEXT */
+    uint16_t	written = 0;
+    char	sessionFilename[TPM_DATA_DIR_PATH_LENGTH];
+    uint8_t 	*outBuffer = NULL;
+    uint32_t 	outLength;
+    
+    if (tssVverbose) printf("TSS_HmacSession12_SaveSession: handle %08x\n", session->authHandle);
+    if (rc == 0) {
+	rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				   &written,
+				   session,
+				   (MarshalFunction_t)TSS_HmacSession12_Marshal);
+    }
+    if (rc == 0) {
+	/* if the flag is set, encrypt the session state before store */
+	if (tssContext->tssEncryptSessions) {
+	    rc = TSS_AES_Encrypt(tssContext->tssSessionEncKey,
+				 &outBuffer,   	/* output, freed @2 */
+				 &outLength,	/* output */
+				 buffer,	/* input */
+				 written);	/* input */
+	}
+	/* else store the session state in plaintext */
+	else {
+	    outBuffer = buffer;
+	    outLength = written;
+	}
+    }
+    /* save the session in a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session
+       handle */
+    if (rc == 0) {
+	sprintf(sessionFilename, "%s/h%08x.bin",
+		tssContext->tssDataDirectory, session->authHandle);
+    }
+    if (rc == 0) {
+	rc = TSS_File_WriteBinaryFile(outBuffer,
+				      outLength,
+				      sessionFilename);
+    }
+    if (tssContext->tssEncryptSessions) {
+	free(outBuffer);	/* @2 */
+    }
+    free(buffer);		/* @1 */
+    return rc;
+}
+
+/* TSS_HmacSession12_LoadSession() loads and decrypts an HMAC existing session saved by:
+
+   OIAP and OSAP
+   an update after a TPM response
+*/
+
+static TPM_RC TSS_HmacSession12_LoadSession(TSS_CONTEXT *tssContext,
+					    TSS_HMAC12_CONTEXT *session,
+					    TPM_AUTHHANDLE authHandle)
+{
+    TPM_RC		rc = 0;
+    uint8_t 		*buffer = NULL;
+    uint8_t 		*buffer1 = NULL;
+    size_t 		length = 0;
+    char		sessionFilename[TPM_DATA_DIR_PATH_LENGTH];
+    unsigned char *inData = NULL;		/* output */
+    uint32_t inLength;				/* output */
+
+    if (tssVverbose) printf("TSS_HmacSession12_LoadSession: handle %08x\n", authHandle);
+    /* load the session from a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session
+       handle */
+    if (rc == 0) {
+	sprintf(sessionFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, authHandle);
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     sessionFilename);
+    }
+    if (rc == 0) {
+	/* if the flag is set, decrypt the session state before unmarshal */
+	if (tssContext->tssEncryptSessions) {
+	    rc = TSS_AES_Decrypt(tssContext->tssSessionDecKey,
+				 &inData,   	/* output, freed @2 */
+				 &inLength,	/* output */
+				 buffer,	/* input */
+				 length);	/* input */
+	}
+	/* else the session was loaded in plaintext */
+	else {
+	    inData = buffer;
+	    inLength = length;
+	}
+    }
+    if (rc == 0) {
+	uint32_t ilength = inLength;
+	buffer1 = inData;
+	rc = TSS_HmacSession12_Unmarshal(session, &buffer1, &ilength);
+    }
+    if (tssContext->tssEncryptSessions) {
+	free(inData);	/* @2 */
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+/* TSS_HmacSession12_DeleteSession() deletes the file corresponding to the HMAC session */
+
+static TPM_RC TSS_HmacSession12_DeleteSession(TSS_CONTEXT *tssContext,
+					      TPM_AUTHHANDLE handle)
+{
+    TPM_RC		rc = 0;
+    char		filename[TPM_DATA_DIR_PATH_LENGTH];
+
+    /* delete the Name */
+    if (rc == 0) {
+	sprintf(filename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle);
+	if (tssVverbose) printf("TSS_HmacSession12_DeleteSession: delete session file %s\n", filename);
+	rc = TSS_File_DeleteFile(filename);
+    }
+    return rc;
+}
+
+/* TSS_HmacSession12_Marshal() serializes a TSS_HMAC12_CONTEXT
+ */
+
+static TPM_RC TSS_HmacSession12_Marshal(TSS_HMAC12_CONTEXT *source,
+					uint16_t *written,
+					uint8_t **buffer,
+					uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->nonceEven, SHA1_DIGEST_SIZE, written, buffer,  size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->nonceEvenOSAP, SHA1_DIGEST_SIZE, written, buffer,  size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu((uint8_t *)&source->sharedSecret.digest, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->entityType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->entityValue, written, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_HmacSession12_Unmarshal() deserializes a TSS_HMAC12_CONTEXT */
+
+static TPM_RC TSS_HmacSession12_Unmarshal(TSS_HMAC12_CONTEXT *target,
+					  uint8_t **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->authHandle, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->nonceEven, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->nonceEvenOSAP, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu((uint8_t *)&target->sharedSecret.digest, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Unmarshalu(&target->entityType, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->entityValue, buffer, size);
+    }
+    return rc;
+}
+
+/* TSS_HmacSession12_SetHMAC() is used for a command.  It sets all the values in one
+   TPMS_AUTH12_COMMAND, ready for marshaling into the command packet.
+
+   - gets cpBuffer
+   - generates cpHash
+   - generates the HMAC
+   - copies the result into authCommand
+
+   The HMAC key is already in the session structure.
+*/
+
+static TPM_RC TSS_HmacSession12_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext,	/* authorization context */
+					size_t		numSessions,
+					TSS_HMAC12_CONTEXT *session[],
+					
+					TPMS_AUTH12_COMMAND *authCommand[],	/* output: command
+										   authorization */
+					TPM_AUTHHANDLE sessionHandle[], 	/* session handles in
+										   command */
+					unsigned int sessionAttributes[])	/* attributes for this
+										   command */
+{
+    TPM_RC		rc = 0;
+    unsigned int	i = 0;
+    TPMT_HA 		cpHash;
+    TPMT_HA 		hmac;
+
+    /* Step 6: calculate cpHash.  For TPM 1.2, it is the same for all sessions. Name is not used */
+    if ((rc == 0) && (numSessions > 0))	{
+	uint32_t cpBufferSize;
+	uint8_t *cpBuffer;
+	TPM_CC commandCode = TSS_GetCommandCode(tssAuthContext);
+	TPM_CC commandCodeNbo = htonl(commandCode);
+	
+	rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer);
+	if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_SetHMAC: cpBuffer",
+				      cpBuffer, cpBufferSize);
+	/* Create cpHash - digest of inputs above the double line. */
+	cpHash.hashAlg = TPM_ALG_SHA1;
+	rc = TSS_Hash_Generate(&cpHash,
+			       sizeof(TPM_CC), &commandCodeNbo,		/* 1S */
+			       cpBufferSize, cpBuffer, 			/* 2S - ... */
+			       0, NULL);
+	if (rc == 0) {
+	    if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_SetHMAC: cpHash",
+					  (uint8_t *)&cpHash.digest,
+					  SHA1_DIGEST_SIZE);
+	}
+    }
+    for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) {
+	uint8_t sessionAttr8;
+	TPM2B_KEY hmacKey;
+	
+	if (tssVverbose) printf("TSS_HmacSession12_SetHMAC: Step 6 session %08x\n",
+				sessionHandle[i]);
+	/* sessionHandle */
+	authCommand[i]->sessionHandle = session[i]->authHandle;
+	/* attributes come from command */
+	sessionAttr8 = (uint8_t)sessionAttributes[i];
+	authCommand[i]->sessionAttributes.val = sessionAttr8;
+
+	if (tssVverbose) printf("TSS_HmacSession12_SetHMAC: calculate HMAC\n");
+	/* auth HMAC = HMAC(cpHash | nonceEven, nonceOdd, attributes */
+
+	/* convert the TPMT_HA hmacKey to a TPM2B_KEY hmac key */
+	if (rc == 0) {
+	    rc = TSS_TPM2B_Create(&hmacKey.b,
+				  (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE,
+				  sizeof(hmacKey.t.buffer));
+	}
+	if (rc == 0) {
+	    hmac.hashAlg = TPM_ALG_SHA1;
+	    rc = TSS_HMAC_Generate(&hmac,			/* output hmac */
+				   &hmacKey,			/* input key */
+				   SHA1_DIGEST_SIZE, (uint8_t *)&cpHash.digest,
+				   SHA1_DIGEST_SIZE, session[i]->nonceEven,
+				   SHA1_DIGEST_SIZE, session[i]->nonceOdd,
+				   sizeof(uint8_t), &sessionAttr8,
+				   0, NULL);
+	}
+	if (rc == 0) {
+	    if (tssVverbose) {
+		TSS_PrintAll("TSS_HmacSession12_SetHMAC: HMAC key",
+			     (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_SetHMAC: cpHash",
+			     (uint8_t *)&cpHash.digest, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_Set: nonceEven",
+			     session[i]->nonceEven, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_SetHMAC: nonceOdd",
+			     session[i]->nonceOdd, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_SetHMAC: sessionAttributes",
+			     &sessionAttr8, sizeof(uint8_t));
+		TSS_PrintAll("TSS_HmacSession12_SetHMAC: HMAC",
+			     (uint8_t *)&hmac.digest, SHA1_DIGEST_SIZE);
+	    }
+	}
+	/* copy HMAC into authCommand TPM2B_AUTH hmac */
+	if (rc == 0) {
+	    memcpy(authCommand[i]->hmac, (uint8_t *)&hmac.digest, SHA1_DIGEST_SIZE);
+	}
+    }
+    return rc;
+}
+
+/* TSS_HmacSession12_Verify() is used for a response.  It uses the values in TPMS_AUTH12_RESPONSE to
+   validate the response HMAC */
+
+static TPM_RC TSS_HmacSession12_Verify(TSS_AUTH_CONTEXT *tssAuthContext,	/* authorization
+										   context */
+				       size_t		numSessions,
+				       TSS_HMAC12_CONTEXT *session[],		/* TSS session
+										   context */
+				       TPMS_AUTH12_RESPONSE *authResponse[])	/* input: response
+										   authorization */
+{
+    TPM_RC		rc = 0;
+    unsigned int	i = 0;
+    TPMT_HA 		rpHash;
+    TPMT_HA 		actualHmac;
+
+    /* Step 10: calculate rpHash.  For TPM 1.2, it is the same for all sessions. Name is not used */
+    if ((rc == 0) && (numSessions > 0))	{
+	uint32_t rpBufferSize;
+	uint8_t *rpBuffer;
+	TPM_CC commandCode = TSS_GetCommandCode(tssAuthContext);
+	TPM_CC commandCodeNbo = htonl(commandCode);
+	
+	rc = TSS_GetRpBuffer12(tssAuthContext, &rpBufferSize, &rpBuffer, numSessions);
+	if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_Verify: rpBuffer",
+				      rpBuffer, rpBufferSize);
+	/* Create rpHash - digest of inputs above the double line. */
+	rpHash.hashAlg = TPM_ALG_SHA1;
+	rc = TSS_Hash_Generate(&rpHash,
+			       sizeof(TPM_RC),  &rc,			/* 1S */
+			       sizeof(TPM_CC), &commandCodeNbo,		/* 2S */
+			       rpBufferSize, rpBuffer, 			/* 3S - ... */
+			       0, NULL);
+	if (rc == 0) {
+	    if (tssVverbose) TSS_PrintAll("TSS_HmacSession12_Verify: rpHash",
+					  (uint8_t *)&rpHash.digest,
+					  SHA1_DIGEST_SIZE);
+	}
+    }
+    for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) {
+	uint8_t sessionAttr8;
+	TPM2B_KEY hmacKey;
+	if (tssVverbose) printf("TSS_HmacSession12_Verify: Step 10 session %u handle %08x\n",
+				i, session[i]->authHandle);
+	/* attributes come from response */
+	sessionAttr8 = (uint8_t)authResponse[i]->sessionAttributes.val;
+	/* save nonceEven in the session context */
+	if (rc == 0) {
+	    memcpy(session[i]->nonceEven, authResponse[i]->nonce, SHA1_DIGEST_SIZE);
+	}
+	if (rc == 0) {
+	    memcpy((uint8_t *)&actualHmac.digest, &authResponse[i]->hmac,
+		   SHA1_DIGEST_SIZE);
+	}
+	/* convert the TPMT_HA hmacKey to a TPM2B_KEY hmac key */
+	if (rc == 0) {
+	    rc = TSS_TPM2B_Create(&hmacKey.b,
+				  (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE,
+				  sizeof(hmacKey.t.buffer));
+	}
+	/* verify the HMAC */
+	if (rc == 0) {
+	    if (tssVverbose) {
+		TSS_PrintAll("TSS_HmacSession12_Verify: HMAC key",
+			     (uint8_t *)&session[i]->hmacKey.digest, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_Verify: rpHash",
+			     (uint8_t *)&rpHash.digest, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_Verify: nonceEven",
+			     session[i]->nonceEven, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_Verify: nonceOdd",
+			     session[i]->nonceOdd, SHA1_DIGEST_SIZE);
+		TSS_PrintAll("TSS_HmacSession12_Verify: sessionAttributes",
+			     &sessionAttr8, sizeof(uint8_t));
+		TSS_PrintAll("TSS_HmacSession12_Verify: response HMAC",
+			     (uint8_t *)&authResponse[i]->hmac, SHA1_DIGEST_SIZE);
+	    }
+	    actualHmac.hashAlg = TPM_ALG_SHA1;
+	    rc = TSS_HMAC_Verify(&actualHmac,			/* input response hmac */
+				 &hmacKey,			/* input HMAC key */
+				 SHA1_DIGEST_SIZE,
+				 /* rpHash */
+				 SHA1_DIGEST_SIZE, (uint8_t *)&rpHash.digest,
+				 /* new is nonceEven */
+				 SHA1_DIGEST_SIZE, session[i]->nonceEven,
+				 /* old is nonceOdd */
+				 SHA1_DIGEST_SIZE, session[i]->nonceOdd,
+				 /* 1 byte, no endian conversion */
+				 sizeof(uint8_t), &authResponse[i]->sessionAttributes.val,
+				 0, NULL);
+	    if (rc == 0) {
+		if (tssVverbose) printf("TSS_HmacSession12_Verify: session %u verified\n", i);
+	    }
+	    else {
+		if (tssVerbose) TSS_PrintAll("TSS_HmacSession12_Verify: HMAC verify failed, actual",
+					     (uint8_t *)&actualHmac.digest, SHA1_DIGEST_SIZE);
+	    }
+	}
+    }
+    return rc;
+}
+
+/* TSS_HmacSession12_Continue() handles the response continueSession flag.  It either saves the
+   updated session or deletes the session state. */
+
+static TPM_RC TSS_HmacSession12_Continue(TSS_CONTEXT *tssContext,
+					 TSS_HMAC12_CONTEXT *session,
+					 TPMS_AUTH12_RESPONSE *authR)
+{
+    TPM_RC		rc = 0;
+
+    if (rc == 0) {
+	/* if continue set */
+	if (authR->sessionAttributes.val & TPMA_SESSION_CONTINUESESSION) {
+	    /* save the session */
+	    rc = TSS_HmacSession12_SaveSession(tssContext, session);
+	}
+	else {		/* continue clear */
+	    /* delete the session state */
+	    rc = TSS_HmacSession12_DeleteSession(tssContext, session->authHandle);
+	}
+    }
+    return rc;
+}
+
+/* TSS_Command_Decrypt() does the command ADIP encryption (the TPM does the decrypt).
+
+   It does common error checking, then calls algorithm specific functions.  Currently, only XOR is
+   implemented.
+
+*/
+
+static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext,
+				  TSS_HMAC12_CONTEXT *session[],
+				  TPM_AUTHHANDLE sessionHandle[])
+{
+    TPM_RC			rc = 0;
+    uint16_t 			sessionNumber;
+    uint8_t			*encAuth0;
+    uint8_t			*encAuth1;
+    TSS_HMAC12_CONTEXT		*decryptSession;
+    int				done = FALSE;
+    int 			isXor;			/* true for XOR, false for AES */
+    
+    /* which session is the OSAP session used for the encryption */
+    if (rc == 0) {
+	rc = TSS_GetSessionNumber(tssAuthContext,
+				  &sessionNumber);
+    }
+    if (rc == 0) {
+	if (sessionNumber == 0xffff) {
+	    done = TRUE;
+	}
+    }
+    /* get the session used for the encryption */
+    if ((rc == 0) && !done) {
+	decryptSession = session[sessionNumber];
+	isXor = (session[sessionNumber]->entityType & 0xff00) == (TPM_ET_XOR << 8);
+	if (!isXor) {
+	    if (tssVerbose) printf("TSS_Command_Decrypt: bad entityType %04x for session %08x\n",
+				   session[sessionNumber]->entityType,
+				   sessionHandle[sessionNumber]);
+	    rc = TSS_RC_BAD_DECRYPT_ALGORITHM;
+	}
+	else {
+	    if (tssVverbose) printf("TSS_Command_Decrypt: using session %08x\n",
+				    sessionHandle[sessionNumber]);
+	}
+
+    }
+    /* get pointers to the parameters to be encrypted */ 
+    if ((rc == 0) && !done) {
+	rc = TSS_GetEncAuths(tssAuthContext,
+			     &encAuth0,
+			     &encAuth1);
+    }
+    if ((rc == 0) && !done) {
+	if (tssVverbose) printf("TSS_Command_Decrypt: TPM_ENC_AUTH's at %p, %p\n",
+				encAuth0, encAuth1);
+    }
+    if ((rc == 0) && !done && (encAuth0 != NULL)) {
+	rc = TSS_Command_DecryptXor(tssAuthContext, decryptSession, encAuth0, 0);
+    }
+    if ((rc == 0) && !done && (encAuth1 != NULL)) {
+	rc = TSS_Command_DecryptXor(tssAuthContext, decryptSession, encAuth1, 1);
+    }
+    return rc;
+}
+
+/*
+  pad = sha1(shared secret || lastnonceeven)
+  enc = xor (auth, pad)
+*/
+
+static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext,
+				     TSS_HMAC12_CONTEXT *session,
+				     uint8_t *encAuth,
+				     int parameterNumber)
+{
+    TPM_RC		rc = 0;
+    TPMT_HA 		padHash;
+    unsigned int	i;
+
+    tssAuthContext = tssAuthContext;
+    /* generate the pad */
+    if (rc == 0) {
+	padHash.hashAlg = TPM_ALG_SHA1;
+	if (parameterNumber == 0) {
+	    rc = TSS_Hash_Generate(&padHash,
+				   SHA1_DIGEST_SIZE, (uint8_t *)&session->sharedSecret.digest,
+				   SHA1_DIGEST_SIZE, session->nonceEven,
+				   0, NULL);
+	}
+	else {
+	    rc = TSS_Hash_Generate(&padHash,
+				   SHA1_DIGEST_SIZE, (uint8_t *)&session->sharedSecret.digest,
+				   SHA1_DIGEST_SIZE, session->nonceOdd,
+				   0, NULL);
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: pad",
+				      (uint8_t *)&padHash.digest,
+				      SHA1_DIGEST_SIZE);
+	if (tssVverbose) printf("TSS_Command_DecryptXor: parameter %u\n",
+				parameterNumber);
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: plaintext",
+				      encAuth, SHA1_DIGEST_SIZE);
+    }
+    /* do the XOR */
+    if (rc == 0) {
+	for (i = 0 ; i < SHA1_DIGEST_SIZE ; i++) {
+	    *(encAuth + i) = *(encAuth + i) ^ padHash.digest.sha1[i];
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: ciphertext",
+				      encAuth, SHA1_DIGEST_SIZE);
+    }    
+    return rc;
+}
+
+/*
+  Command Pre-Processor
+*/
+
+static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
+				       TPM_CC commandCode,
+				       COMMAND_PARAMETERS *in,
+				       EXTRA12_PARAMETERS *extra)
+{
+    TPM_RC 			rc = 0;
+    size_t 			index;
+    int 			found;
+    TSS_PreProcessFunction_t 	preProcessFunction = NULL;
+
+    /* search the table for a pre-processing function */
+    if (rc == 0) {
+	found = FALSE;
+	for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
+	    if (tssTable[index].commandCode == commandCode) {
+		found = TRUE;
+		break;	/* don't increment index if found */
+	    }
+	}
+    }
+    /* found false means there is no pre-processing function.  This permits the table to be smaller
+       if desired. */
+    if ((rc == 0) && found) {
+	preProcessFunction = tssTable[index].preProcessFunction;
+	/* there could also be an entry that is currently NULL, nothing to do */
+	if (preProcessFunction == NULL) {
+	    found = FALSE;
+	}
+    }
+    /* call the pre processing function */
+    if ((rc == 0) && found) {
+	rc = preProcessFunction(tssContext, in, extra);
+    }
+    return rc;
+}
+
+/*
+  Command specific pre processing functions
+*/
+
+static TPM_RC TSS_PR_CreateWrapKey(TSS_CONTEXT *tssContext,
+				   CreateWrapKey_In *in,
+				   void *extra)
+{
+    TPM_RC	rc = 0;
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PR_CreateWrapKey\n");
+    /* TPM_ENCAUTH is predictable distance from start */
+    if (rc == 0) {
+	rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext,
+				   sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+				   sizeof(TPM_KEY_HANDLE));
+    }
+    if (rc == 0) {
+	rc = TSS_SetEncAuthOffset1(tssContext->tssAuthContext,
+				   sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+				   sizeof(TPM_KEY_HANDLE) +
+				   SHA1_DIGEST_SIZE);
+    }
+    if (rc == 0) {
+	rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0);
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_PR_CreateWrapKey: ADIP offset at %lu and %lu\n",
+				(unsigned long)(sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+						sizeof(TPM_KEY_HANDLE)),
+				(unsigned long)(sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+						sizeof(TPM_KEY_HANDLE) +
+						SHA1_DIGEST_SIZE));
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PR_MakeIdentity(TSS_CONTEXT *tssContext,
+				  MakeIdentity_In *in,
+				  void *extra)
+{
+    TPM_RC	rc = 0;
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PR_MakeIdentity\n");
+    /* TPM_ENCAUTH is predictable distance from start */
+    if (rc == 0) {
+	rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext,
+				   sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT));
+    }
+    if (rc == 0) {
+	rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 1);
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_PR_MakeIdentity: ADIP offset at %lu\n",
+				(unsigned long)(sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT)));
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext,
+				    NV_DefineSpace_In *in,
+				    void *extra)
+{
+    TPM_RC	rc = 0;
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PR_NV_DefineSpace\n");
+    /* TPM_ENCAUTH is predictable distance from end */
+    if (rc == 0) {
+	rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext,
+				   -SHA1_DIGEST_SIZE);		/* encauth */
+		
+    }
+    if (rc == 0) {
+	rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0);
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_PR_NV_DefineSpace: ADIP offset at %d\n",
+				-SHA1_DIGEST_SIZE);
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PR_OSAP(TSS_CONTEXT *tssContext,
+			  OSAP_In *in,
+			  OSAP_Extra *extra)
+{
+    TPM_RC	rc = 0;
+    tssContext = tssContext;
+    extra = extra;
+
+    if (tssVverbose) printf("TSS_PR_OSAP\n");
+    /* generate nonceOddOSAP */
+    if (rc == 0) {
+	rc = TSS_RandBytes((unsigned char *)in->nonceOddOSAP, SHA1_DIGEST_SIZE);
+    }
+    return rc;
+}
+
+#if 0
+static TPM_RC TSS_PR_Seal(TSS_CONTEXT *tssContext,
+			  Seal_in *In,
+			  void *extra)
+{
+    TPM_RC	rc = 0;
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PR_Seal\n");
+    /* TPM_ENCAUTH is predictable distance from start */
+    if (rc == 0) {
+	rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext,
+				   sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+				   sizeof(TPM_KEY_HANDLE));
+    }
+    if (rc == 0) {
+	rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0);
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_PR_Seal: ADIP offset at %u\n",
+				sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+				sizeof(TPM_KEY_HANDLE));
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PR_Sealx(TSS_CONTEXT *tssContext,
+			   Sealx_in *In,
+			   void *extra)
+{
+    TPM_RC	rc = 0;
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PR_Sealx\n");
+    /* TPM_ENCAUTH is predictable distance from start */
+    if (rc == 0) {
+	rc = TSS_SetEncAuthOffset0(tssContext->tssAuthContext,
+				   sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+				   sizeof(TPM_KEY_HANDLE));
+	rc = TSS_SetSessionNumber(tssContext->tssAuthContext, 0);
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_PR_Seal: ADIP offset at %u\n",
+				sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_RESULT) +
+				sizeof(TPM_KEY_HANDLE));
+    }
+    return rc;
+}
+
+#endif
+
+/*
+  Response Post Processor
+*/
+
+/* TSS_Response_PostProcessor() handles any response specific post processing
+ */
+
+static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext,
+					 COMMAND_PARAMETERS *in,
+					 RESPONSE_PARAMETERS *out,
+					 EXTRA12_PARAMETERS *extra)
+{
+    TPM_RC 			rc = 0;
+    size_t 			index;
+    int 			found;
+    TSS_PostProcessFunction_t 	postProcessFunction = NULL;
+
+    /* search the table for a post processing function */
+    if (rc == 0) {
+	TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext);
+	found = FALSE;
+	for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
+	    if (tssTable[index].commandCode == commandCode) {
+		found = TRUE;
+		break;	/* don't increment index if found */
+	    }
+	}
+    }
+    /* found false means there is no post processing function.  This permits the table to be smaller
+       if desired. */
+    if ((rc == 0) && found) {
+	postProcessFunction = tssTable[index].postProcessFunction;
+	/* there could also be an entry that it currently NULL, nothing to do */
+	if (postProcessFunction == NULL) {
+	    found = FALSE;
+	}
+    }
+    /* call the function */
+    if ((rc == 0) && found) {
+	rc = postProcessFunction(tssContext, in, out, extra);
+    }
+    return rc;
+}
+
+/*
+  Command specific post processing functions
+*/
+
+static TPM_RC TSS_PO_FlushSpecific(TSS_CONTEXT *tssContext,
+				   FlushSpecific_In *in,
+				   void *out,
+				   void *extra)
+{
+    TPM_RC	rc = 0;
+    out = out;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_FlushSpecific: handle %08x\n", in->handle);
+    if ((rc == 0) && (in->resourceType == TPM_RT_AUTH)) {
+	rc = TSS_HmacSession12_DeleteSession(tssContext, in->handle);
+    }
+    return rc;
+}  
+
+static TPM_RC TSS_PO_OIAP(TSS_CONTEXT *tssContext,
+			  void *in,
+			  OIAP_Out *out,
+			  void *extra)
+{
+    TPM_RC 		rc = 0;
+    TSS_HMAC12_CONTEXT 	*session = NULL;
+
+    in = in;
+    extra = extra;
+    /* allocate a TSS_HMAC_CONTEXT session context */
+    if (rc == 0) {
+	rc = TSS_HmacSession12_GetContext(&session);
+    }
+    if (rc == 0) {
+	/* store OIAP ordinal outputs */
+	session->authHandle = out->authHandle;
+	session->entityValue = TPM_RH_NULL;	/* distinguish OIAP form OSAP */
+	memcpy(session->nonceEven, out->nonceEven, SHA1_DIGEST_SIZE);
+    }
+    /* persist the session */
+    if (rc == 0) {
+	rc = TSS_HmacSession12_SaveSession(tssContext, session);
+    }
+    TSS_HmacSession12_FreeContext(session);
+    return rc;
+}
+
+static TPM_RC TSS_PO_OSAP(TSS_CONTEXT *tssContext,
+			  OSAP_In *in,
+			  OSAP_Out *out,
+			  OSAP_Extra *extra)
+{
+    TPM_RC 		rc = 0;
+    TSS_HMAC12_CONTEXT 	*session = NULL;
+    TPM2B_KEY		hmacKey;
+    TPMT_HA 		usageAuth;		/* digest of the OSAP password */
+
+    /* allocate a TSS_HMAC_CONTEXT session context */
+    if (rc == 0) {
+	rc = TSS_HmacSession12_GetContext(&session);
+    }
+    if (rc == 0) {
+	session->entityType = in->entityType;
+	session->entityValue = in->entityValue;		/* mark OSAP session */
+	memcpy(session->nonceOddOSAP, in->nonceOddOSAP, SHA1_DIGEST_SIZE);
+	/* store OSAP ordinal outputs */
+	session->authHandle = out->authHandle;
+	memcpy(session->nonceEven, out->nonceEven, SHA1_DIGEST_SIZE);
+	memcpy(session->nonceEvenOSAP, out->nonceEvenOSAP, SHA1_DIGEST_SIZE);
+    }
+    /* SHA1 hash the usageAuth */
+    if (rc == 0) {
+	if (extra->usagePassword != NULL) {	/* if a password was specified, hash it */
+	    usageAuth.hashAlg = TPM_ALG_SHA1;
+	    rc = TSS_Hash_Generate(&usageAuth,
+				   strlen(extra->usagePassword),
+				   (unsigned char *)extra->usagePassword,
+				   0, NULL);
+	}
+	/* TPM 1.2 convention seems to use all zeros as a well known auth */
+	else {
+	    memset((uint8_t *)&usageAuth.digest, 0, SHA1_DIGEST_SIZE);
+	}
+    }
+    /* convert the TPMT_HA hash to a TPM2B_KEY hmac key */
+    if (rc == 0) {
+	rc = TSS_TPM2B_Create(&hmacKey.b, (uint8_t *)&usageAuth.digest, SHA1_DIGEST_SIZE,
+			      sizeof(hmacKey.t.buffer));
+    }
+    /* calculate the sharedSecret */
+    if (rc == 0) {
+	session->sharedSecret.hashAlg = TPM_ALG_SHA1;
+	rc = TSS_HMAC_Generate(&session->sharedSecret,		/* output hmac */
+			       &hmacKey,			/* input key */
+			       SHA1_DIGEST_SIZE, session->nonceEvenOSAP,
+			       SHA1_DIGEST_SIZE, in->nonceOddOSAP,
+			       0, NULL);
+    }
+    if ((rc == 0) && tssVverbose) {
+	printf("TSS_PO_OSAP: out->authHandle %08x\n",out->authHandle);
+	printf("TSS_PO_OSAP: in->entityType %08x\n", in->entityType);
+	printf("TSS_PO_OSAP: in->entityValue %08x\n", in->entityValue);
+	TSS_PrintAll("TSS_PO_OSAP: session->nonceEven",
+		     session->nonceEven, SHA1_DIGEST_SIZE);
+	TSS_PrintAll("TSS_PO_OSAP: session->nonceEvenOSAP",
+		     session->nonceEvenOSAP, SHA1_DIGEST_SIZE);
+	TSS_PrintAll("TSS_PO_OSAP: session->nonceOddOSAP",
+		     session->nonceOddOSAP, SHA1_DIGEST_SIZE);
+	TSS_PrintAll("TSS_PO_OSAP: usageAuth",
+		     (uint8_t *)&usageAuth.digest, SHA1_DIGEST_SIZE);
+	TSS_PrintAll("TSS_PO_OSAP: sharedSecret",
+		     (uint8_t *)&session->sharedSecret.digest, SHA1_DIGEST_SIZE);
+    }
+    /* persist the session */
+    if (rc == 0) {
+	rc = TSS_HmacSession12_SaveSession(tssContext, session);
+    }
+    TSS_HmacSession12_FreeContext(session);
+    return rc;
+}
diff --git a/utils/tss12.h b/utils/tss12.h
new file mode 100644
index 000000000..9d64398f3
--- /dev/null
+++ b/utils/tss12.h
@@ -0,0 +1,58 @@
+/********************************************************************************/
+/*										*/
+/*			   TSS TPM 1.2 API 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id:tss.h 656 2016-06-28 16:49:29Z kgoldman $			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSS12_H
+#define TSS12_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC TSS_Execute12(TSS_CONTEXT *tssContext,
+			 RESPONSE_PARAMETERS *out,
+			 COMMAND_PARAMETERS *in,
+			 EXTRA12_PARAMETERS *extra,
+			 TPM_CC commandCode,
+			 va_list ap);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/tss20.c b/utils/tss20.c
new file mode 100644
index 000000000..006f08819
--- /dev/null
+++ b/utils/tss20.c
@@ -0,0 +1,4901 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS Primary API for TPM 2.0				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include "tssauth.h"
+#include "tssauth20.h"
+#include <ibmtss/tss.h>
+#include "tssproperties.h"
+#include <ibmtss/tsstransmit.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include "tssccattributes.h"
+#ifndef TPM_TSS_NOCRYPTO
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tsscryptoh.h>
+#endif
+#include <ibmtss/tssprintcmd.h>
+#include "tss20.h"
+
+/* Files:
+
+   h01xxxxxx.bin - NV index name
+   h02xxxxxx.bin - hmac session context
+   h03xxxxxx.bin - policy session context
+   h80xxxxxx.bin - transient object name
+
+   cxxxx...xxxx.bin - context blob name
+*/
+
+/* NOTE Synchronize with
+
+   TSS_HmacSession_InitContext
+   TSS_HmacSession_Unmarshal
+   TSS_HmacSession_Marshal
+*/
+
+struct TSS_HMAC_CONTEXT {
+    TPMI_SH_AUTH_SESSION	sessionHandle;		/* the session handle */
+    TPMI_ALG_HASH		authHashAlg;		/* hash algorithm to use for the session */
+#ifndef TPM_TSS_NOCRYPTO
+    uint32_t           		sizeInBytes;		/* hash algorithm mapped to size */
+#endif	/* TPM_TSS_NOCRYPTO */
+    TPMT_SYM_DEF 		symmetric;		/* the algorithm and key size for parameter
+							   encryption */
+    TPMI_DH_ENTITY 		bind;			/* bind handle */
+    TPM2B_NAME			bindName;		/* Name corresponding to the the bind
+							   handle */
+    TPM2B_AUTH			bindAuthValue;		/* password corresponding to the bind
+							   handle */
+#ifndef TPM_TSS_NOCRYPTO
+    TPM2B_NONCE 		nonceTPM;		/* from TPM in response */
+    TPM2B_NONCE			nonceCaller;		/* from caller in command */
+    TPM2B_DIGEST		sessionKey;		/* from KDFa at session creation */
+#endif	/* TPM_TSS_NOCRYPTO */
+    TPM_SE			sessionType;		/* HMAC (0), policy (1), or trial policy */
+    uint8_t			isPasswordNeeded;	/* flag set by policy password */
+    uint8_t			isAuthValueNeeded;	/* flag set by policy authvalue */
+    /* Items below this line are for the lifetime of one command.  They are not saved and loaded. */
+    TPM2B_KEY			hmacKey;		/* HMAC key calculated for each command */
+#ifndef TPM_TSS_NOCRYPTO
+    TPM2B_KEY			sessionValue;		/* KDFa secret for parameter encryption */
+#endif	/* TPM_TSS_NOCRYPTO */
+} TSS_HMAC_CONTEXT;
+
+/* functions for command pre- and post- processing */
+
+typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext,
+					   COMMAND_PARAMETERS *in,
+					   EXTRA_PARAMETERS *extra);
+typedef TPM_RC (*TSS_ChangeAuthFunction_t)(TSS_CONTEXT *tssContext,
+					   struct TSS_HMAC_CONTEXT *session,
+					   size_t handleNumber,
+					   COMMAND_PARAMETERS *in);
+typedef TPM_RC (*TSS_PostProcessFunction_t)(TSS_CONTEXT *tssContext,
+					    COMMAND_PARAMETERS *in,
+					    RESPONSE_PARAMETERS *out,
+					    EXTRA_PARAMETERS *extra);
+
+static TPM_RC TSS_PR_StartAuthSession(TSS_CONTEXT *tssContext,
+				      StartAuthSession_In *in,
+				      StartAuthSession_Extra *extra);
+static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext,
+				    NV_DefineSpace_In *in,
+				    void *extra);
+
+static TPM_RC TSS_CA_HierarchyChangeAuth(TSS_CONTEXT *tssContext,
+					 struct TSS_HMAC_CONTEXT *session,
+					 size_t handleNumber,
+					 HierarchyChangeAuth_In *in);
+static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
+					     struct TSS_HMAC_CONTEXT *session,
+					     size_t handleNumber,
+					     NV_UndefineSpaceSpecial_In *in);
+static TPM_RC TSS_CA_NV_ChangeAuth(TSS_CONTEXT *tssContext,
+				   struct TSS_HMAC_CONTEXT *session,
+				   size_t handleNumber,
+				   NV_ChangeAuth_In *in);
+
+
+static TPM_RC TSS_PO_StartAuthSession(TSS_CONTEXT *tssContext,
+				      StartAuthSession_In *in,
+				      StartAuthSession_Out *out,
+				      StartAuthSession_Extra *extra);
+static TPM_RC TSS_PO_ContextSave(TSS_CONTEXT *tssContext,
+				 ContextSave_In *in,
+				 ContextSave_Out *out,
+				 void *extra);
+static TPM_RC TSS_PO_ContextLoad(TSS_CONTEXT *tssContext,
+				 ContextLoad_In *in,
+				 ContextLoad_Out *out,
+				 void *extra);
+static TPM_RC TSS_PO_FlushContext(TSS_CONTEXT *tssContext,
+				  FlushContext_In *in,
+				  void *out,
+				  void *extra);
+static TPM_RC TSS_PO_EvictControl(TSS_CONTEXT *tssContext,
+				  EvictControl_In *in,
+				  void *out,
+				  void *extra);
+static TPM_RC TSS_PO_Load(TSS_CONTEXT *tssContext,
+			  Load_In *in,
+			  Load_Out *out,
+			  void *extra);
+static TPM_RC TSS_PO_LoadExternal(TSS_CONTEXT *tssContext,
+				  LoadExternal_In *in,
+				  LoadExternal_Out *out,
+				  void *extra);
+static TPM_RC TSS_PO_ReadPublic(TSS_CONTEXT *tssContext,
+				ReadPublic_In *in,
+				ReadPublic_Out *out,
+				void *extra);
+static TPM_RC TSS_PO_CreateLoaded(TSS_CONTEXT *tssContext,
+				  CreateLoaded_In *in,
+				  CreateLoaded_Out *out,
+				  void *extra);
+static TPM_RC TSS_PO_HMAC_Start(TSS_CONTEXT *tssContext,
+				HMAC_Start_In *in,
+				HMAC_Start_Out *out,
+				void *extra);
+static TPM_RC TSS_PO_HashSequenceStart(TSS_CONTEXT *tssContext,
+				       HashSequenceStart_In *in,
+				       HashSequenceStart_Out *out,
+				       void *extra);
+static TPM_RC TSS_PO_SequenceComplete(TSS_CONTEXT *tssContext,
+				      SequenceComplete_In *in,
+				      SequenceComplete_Out *out,
+				      void *extra);
+static TPM_RC TSS_PO_EventSequenceComplete(TSS_CONTEXT *tssContext,
+					   EventSequenceComplete_In *in,
+					   EventSequenceComplete_Out *out,
+					   void *extra);
+static TPM_RC TSS_PO_PolicyAuthValue(TSS_CONTEXT *tssContext,
+				     PolicyAuthValue_In *in,
+				     void *out,
+				     void *extra);
+static TPM_RC TSS_PO_PolicyPassword(TSS_CONTEXT *tssContext,
+				    PolicyPassword_In *in,
+				    void *out,
+				    void *extra);
+static TPM_RC TSS_PO_CreatePrimary(TSS_CONTEXT *tssContext,
+				   CreatePrimary_In *in,
+				   CreatePrimary_Out *out,
+				   void *extra);
+static TPM_RC TSS_PO_NV_DefineSpace(TSS_CONTEXT *tssContext,
+				    NV_DefineSpace_In *in,
+				    void *out,
+				    void *extra);
+static TPM_RC TSS_PO_NV_ReadPublic(TSS_CONTEXT *tssContext,
+				   NV_ReadPublic_In *in,
+				   NV_ReadPublic_Out *out,
+				   void *extra);
+static TPM_RC TSS_PO_NV_UndefineSpace(TSS_CONTEXT *tssContext,
+				      NV_UndefineSpace_In *in,
+				      void *out,
+				      void *extra);
+static TPM_RC TSS_PO_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
+					     NV_UndefineSpaceSpecial_In *in,
+					     void *out,
+					     void *extra);
+static TPM_RC TSS_PO_NV_Write(TSS_CONTEXT *tssContext,
+			      NV_Write_In *in,
+			      void *out,
+			      void *extra);
+static TPM_RC TSS_PO_NV_WriteLock(TSS_CONTEXT *tssContext,
+				  NV_WriteLock_In *in,
+				  void *out,
+				  void *extra);
+static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext,
+				 NV_ReadLock_In *in,
+				 void *out,
+				 void *extra);
+
+typedef struct TSS_TABLE {
+    TPM_CC 			commandCode;
+    TSS_PreProcessFunction_t	preProcessFunction;
+    TSS_ChangeAuthFunction_t	changeAuthFunction;
+    TSS_PostProcessFunction_t 	postProcessFunction;
+} TSS_TABLE;
+
+/* This table indexes from the command to pre- and post- processing functions.  A missing entry is
+   not an error, and indicates a command with no functions. */
+
+static const TSS_TABLE tssTable [] = {
+				 
+    {TPM_CC_Startup, NULL, NULL, NULL},
+    {TPM_CC_Shutdown, NULL, NULL, NULL},
+    {TPM_CC_SelfTest, NULL, NULL, NULL},
+    {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL},
+    {TPM_CC_GetTestResult, NULL, NULL, NULL},
+    {TPM_CC_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
+    {TPM_CC_PolicyRestart, NULL, NULL, NULL},
+    {TPM_CC_Create, NULL, NULL, NULL},
+    {TPM_CC_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
+    {TPM_CC_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
+    {TPM_CC_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
+    {TPM_CC_ActivateCredential, NULL, NULL, NULL},
+    {TPM_CC_MakeCredential, NULL, NULL, NULL},
+    {TPM_CC_Unseal, NULL, NULL, NULL},
+    {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL},
+    {TPM_CC_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
+    {TPM_CC_Duplicate, NULL, NULL, NULL},
+    {TPM_CC_Rewrap, NULL, NULL, NULL},
+    {TPM_CC_Import, NULL, NULL, NULL},
+    {TPM_CC_RSA_Encrypt, NULL, NULL, NULL},
+    {TPM_CC_RSA_Decrypt, NULL, NULL, NULL},
+    {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL},
+    {TPM_CC_ECDH_ZGen, NULL, NULL, NULL},
+    {TPM_CC_ECC_Parameters, NULL, NULL, NULL},
+    {TPM_CC_ZGen_2Phase, NULL, NULL, NULL},
+    {TPM_CC_EncryptDecrypt, NULL, NULL, NULL},
+    {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL},
+    {TPM_CC_Hash, NULL, NULL, NULL},
+    {TPM_CC_HMAC, NULL, NULL, NULL},
+    {TPM_CC_GetRandom, NULL, NULL, NULL},
+    {TPM_CC_StirRandom, NULL, NULL, NULL},
+    {TPM_CC_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
+    {TPM_CC_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
+    {TPM_CC_SequenceUpdate, NULL, NULL, NULL},
+    {TPM_CC_SequenceComplete, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
+    {TPM_CC_EventSequenceComplete, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
+    {TPM_CC_Certify, NULL, NULL, NULL},
+    {TPM_CC_CertifyX509, NULL, NULL, NULL},
+    {TPM_CC_CertifyCreation, NULL, NULL, NULL},
+    {TPM_CC_Quote, NULL, NULL, NULL},
+    {TPM_CC_GetSessionAuditDigest, NULL, NULL, NULL},
+    {TPM_CC_GetCommandAuditDigest, NULL, NULL, NULL},
+    {TPM_CC_GetTime, NULL, NULL, NULL},
+    {TPM_CC_Commit, NULL, NULL, NULL},
+    {TPM_CC_EC_Ephemeral, NULL, NULL, NULL},
+    {TPM_CC_VerifySignature, NULL, NULL, NULL},
+    {TPM_CC_Sign, NULL, NULL, NULL},
+    {TPM_CC_SetCommandCodeAuditStatus, NULL, NULL, NULL},
+    {TPM_CC_PCR_Extend, NULL, NULL, NULL},
+    {TPM_CC_PCR_Event, NULL, NULL, NULL},
+    {TPM_CC_PCR_Read, NULL, NULL, NULL},
+    {TPM_CC_PCR_Allocate, NULL, NULL, NULL},
+    {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL},
+    {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL},
+    {TPM_CC_PCR_Reset, NULL, NULL, NULL},
+    {TPM_CC_PolicySigned, NULL, NULL, NULL},
+    {TPM_CC_PolicySecret, NULL, NULL, NULL},
+    {TPM_CC_PolicyTicket, NULL, NULL, NULL},
+    {TPM_CC_PolicyOR, NULL, NULL, NULL},
+    {TPM_CC_PolicyPCR, NULL, NULL, NULL},
+    {TPM_CC_PolicyLocality, NULL, NULL, NULL},
+    {TPM_CC_PolicyNV, NULL, NULL, NULL},
+    {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL},
+    {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL},
+    {TPM_CC_PolicyCommandCode, NULL, NULL, NULL},
+    {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL},
+    {TPM_CC_PolicyCpHash, NULL, NULL, NULL},
+    {TPM_CC_PolicyNameHash, NULL, NULL, NULL},
+    {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL},
+    {TPM_CC_PolicyAuthorize, NULL, NULL, NULL},
+    {TPM_CC_PolicyAuthValue, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
+    {TPM_CC_PolicyPassword, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
+    {TPM_CC_PolicyGetDigest, NULL, NULL, NULL},
+    {TPM_CC_PolicyNvWritten, NULL, NULL, NULL},
+    {TPM_CC_PolicyTemplate, NULL, NULL, NULL},
+    {TPM_CC_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
+    {TPM_CC_HierarchyControl, NULL, NULL, NULL},
+    {TPM_CC_SetPrimaryPolicy, NULL, NULL, NULL},
+    {TPM_CC_ChangePPS, NULL, NULL, NULL},
+    {TPM_CC_ChangeEPS, NULL, NULL, NULL},
+    {TPM_CC_Clear, NULL, NULL, NULL},
+    {TPM_CC_ClearControl, NULL, NULL, NULL},
+    {TPM_CC_HierarchyChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
+    {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL},
+    {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL},
+    {TPM_CC_PP_Commands, NULL, NULL, NULL},
+    {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL},
+    {TPM_CC_ContextSave, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
+    {TPM_CC_ContextLoad, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
+    {TPM_CC_FlushContext, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
+    {TPM_CC_EvictControl, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
+    {TPM_CC_ReadClock, NULL, NULL, NULL},
+    {TPM_CC_ClockSet, NULL, NULL, NULL},
+    {TPM_CC_ClockRateAdjust, NULL, NULL, NULL},
+    {TPM_CC_GetCapability, NULL, NULL, NULL},
+    {TPM_CC_TestParms, NULL, NULL, NULL},
+    {TPM_CC_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL,  (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
+    {TPM_CC_NV_UndefineSpace, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
+    {TPM_CC_NV_UndefineSpaceSpecial, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
+    {TPM_CC_NV_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
+    {TPM_CC_NV_Write, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
+    {TPM_CC_NV_Increment, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
+    {TPM_CC_NV_Extend, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
+    {TPM_CC_NV_SetBits, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
+    {TPM_CC_NV_WriteLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
+    {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL},
+    {TPM_CC_NV_Read, NULL, NULL, NULL},
+    {TPM_CC_NV_ReadLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
+    {TPM_CC_NV_ChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
+    {TPM_CC_NV_Certify, NULL, NULL, NULL}
+};
+
+#ifndef TPM_TSS_NO_PRINT
+
+typedef void (*TSS_InPrintFunction_t)(COMMAND_PARAMETERS *in, unsigned int indent);
+
+typedef struct TSS_PRINT_TABLE {
+    TPM_CC 			commandCode;
+    TSS_InPrintFunction_t	inPrintFunction;
+} TSS_PRINT_TABLE;
+
+/* This table indexes from the command to print functions.  A missing entry is
+   not an error, and indicates a command with no function. */
+
+static const TSS_PRINT_TABLE tssPrintTable [] = {
+				 
+    {TPM_CC_Startup, (TSS_InPrintFunction_t)Startup_In_Print},
+    {TPM_CC_Shutdown, (TSS_InPrintFunction_t)Shutdown_In_Print},
+    {TPM_CC_SelfTest, (TSS_InPrintFunction_t)SelfTest_In_Print},
+    {TPM_CC_IncrementalSelfTest, (TSS_InPrintFunction_t)IncrementalSelfTest_In_Print},
+    {TPM_CC_GetTestResult, NULL},
+    {TPM_CC_StartAuthSession, (TSS_InPrintFunction_t)StartAuthSession_In_Print},
+    {TPM_CC_PolicyRestart, (TSS_InPrintFunction_t)PolicyRestart_In_Print},
+    {TPM_CC_Create,(TSS_InPrintFunction_t)Create_In_Print},
+    {TPM_CC_Load, (TSS_InPrintFunction_t)Load_In_Print},
+    {TPM_CC_LoadExternal, (TSS_InPrintFunction_t)LoadExternal_In_Print},
+    {TPM_CC_ReadPublic, (TSS_InPrintFunction_t)ReadPublic_In_Print},
+    {TPM_CC_ActivateCredential, (TSS_InPrintFunction_t)ActivateCredential_In_Print},
+    {TPM_CC_MakeCredential, (TSS_InPrintFunction_t)MakeCredential_In_Print},
+    {TPM_CC_Unseal, (TSS_InPrintFunction_t)Unseal_In_Print},
+    {TPM_CC_ObjectChangeAuth, (TSS_InPrintFunction_t)ObjectChangeAuth_In_Print},
+    {TPM_CC_CreateLoaded, (TSS_InPrintFunction_t)CreateLoaded_In_Print},
+    {TPM_CC_Duplicate, (TSS_InPrintFunction_t)Duplicate_In_Print},
+    {TPM_CC_Rewrap, (TSS_InPrintFunction_t)Rewrap_In_Print},
+    {TPM_CC_Import, (TSS_InPrintFunction_t)Import_In_Print},
+    {TPM_CC_RSA_Encrypt, (TSS_InPrintFunction_t)RSA_Encrypt_In_Print},
+    {TPM_CC_RSA_Decrypt, (TSS_InPrintFunction_t)RSA_Decrypt_In_Print},
+    {TPM_CC_ECDH_KeyGen, (TSS_InPrintFunction_t)ECDH_KeyGen_In_Print},
+    {TPM_CC_ECDH_ZGen, (TSS_InPrintFunction_t)ECDH_ZGen_In_Print},
+    {TPM_CC_ECC_Parameters, (TSS_InPrintFunction_t)ECC_Parameters_In_Print},
+    {TPM_CC_ZGen_2Phase, (TSS_InPrintFunction_t)ZGen_2Phase_In_Print},
+    {TPM_CC_EncryptDecrypt, (TSS_InPrintFunction_t)EncryptDecrypt_In_Print},
+    {TPM_CC_EncryptDecrypt2, (TSS_InPrintFunction_t)EncryptDecrypt2_In_Print},
+    {TPM_CC_Hash, (TSS_InPrintFunction_t)Hash_In_Print},
+    {TPM_CC_HMAC, (TSS_InPrintFunction_t)HMAC_In_Print},
+    {TPM_CC_GetRandom, (TSS_InPrintFunction_t)GetRandom_In_Print},
+    {TPM_CC_StirRandom, (TSS_InPrintFunction_t)StirRandom_In_Print},
+    {TPM_CC_HMAC_Start, (TSS_InPrintFunction_t)HMAC_Start_In_Print},
+    {TPM_CC_HashSequenceStart, (TSS_InPrintFunction_t)HashSequenceStart_In_Print},
+    {TPM_CC_SequenceUpdate, (TSS_InPrintFunction_t)SequenceUpdate_In_Print},
+    {TPM_CC_SequenceComplete, (TSS_InPrintFunction_t)SequenceComplete_In_Print},
+    {TPM_CC_EventSequenceComplete, (TSS_InPrintFunction_t)EventSequenceComplete_In_Print},
+    {TPM_CC_Certify, (TSS_InPrintFunction_t)Certify_In_Print},
+    {TPM_CC_CertifyX509, (TSS_InPrintFunction_t)CertifyX509_In_Print},
+    {TPM_CC_CertifyCreation, (TSS_InPrintFunction_t)CertifyCreation_In_Print},
+    {TPM_CC_Quote, (TSS_InPrintFunction_t)Quote_In_Print},
+    {TPM_CC_GetSessionAuditDigest, (TSS_InPrintFunction_t)GetSessionAuditDigest_In_Print},
+    {TPM_CC_GetCommandAuditDigest, (TSS_InPrintFunction_t)GetCommandAuditDigest_In_Print},
+    {TPM_CC_GetTime, (TSS_InPrintFunction_t)GetTime_In_Print},
+    {TPM_CC_Commit, (TSS_InPrintFunction_t)Commit_In_Print},
+    {TPM_CC_EC_Ephemeral, (TSS_InPrintFunction_t)EC_Ephemeral_In_Print},
+    {TPM_CC_VerifySignature, (TSS_InPrintFunction_t)VerifySignature_In_Print},
+    {TPM_CC_Sign, (TSS_InPrintFunction_t)Sign_In_Print},
+    {TPM_CC_SetCommandCodeAuditStatus, (TSS_InPrintFunction_t)SetCommandCodeAuditStatus_In_Print},
+    {TPM_CC_PCR_Extend, (TSS_InPrintFunction_t)PCR_Extend_In_Print},
+    {TPM_CC_PCR_Event, (TSS_InPrintFunction_t)PCR_Event_In_Print},
+    {TPM_CC_PCR_Read, (TSS_InPrintFunction_t)PCR_Read_In_Print},
+    {TPM_CC_PCR_Allocate, (TSS_InPrintFunction_t)PCR_Allocate_In_Print},
+    {TPM_CC_PCR_SetAuthPolicy, (TSS_InPrintFunction_t)PCR_SetAuthPolicy_In_Print},
+    {TPM_CC_PCR_SetAuthValue, (TSS_InPrintFunction_t)PCR_SetAuthValue_In_Print},
+    {TPM_CC_PCR_Reset, (TSS_InPrintFunction_t)PCR_Reset_In_Print},
+    {TPM_CC_PolicySigned, (TSS_InPrintFunction_t)PolicySigned_In_Print},
+    {TPM_CC_PolicySecret, (TSS_InPrintFunction_t)PolicySecret_In_Print},
+    {TPM_CC_PolicyTicket, (TSS_InPrintFunction_t)PolicyTicket_In_Print},
+    {TPM_CC_PolicyOR, (TSS_InPrintFunction_t)PolicyOR_In_Print},
+    {TPM_CC_PolicyPCR, (TSS_InPrintFunction_t)PolicyPCR_In_Print},
+    {TPM_CC_PolicyLocality, (TSS_InPrintFunction_t)PolicyLocality_In_Print},
+    {TPM_CC_PolicyNV, (TSS_InPrintFunction_t)PolicyNV_In_Print},
+    {TPM_CC_PolicyAuthorizeNV, (TSS_InPrintFunction_t)PolicyAuthorizeNV_In_Print},
+    {TPM_CC_PolicyCounterTimer, (TSS_InPrintFunction_t)PolicyCounterTimer_In_Print},
+    {TPM_CC_PolicyCommandCode, (TSS_InPrintFunction_t)PolicyCommandCode_In_Print},
+    {TPM_CC_PolicyPhysicalPresence, (TSS_InPrintFunction_t)PolicyPhysicalPresence_In_Print},
+    {TPM_CC_PolicyCpHash, (TSS_InPrintFunction_t)PolicyCpHash_In_Print},
+    {TPM_CC_PolicyNameHash, (TSS_InPrintFunction_t)PolicyNameHash_In_Print},
+    {TPM_CC_PolicyDuplicationSelect, (TSS_InPrintFunction_t)PolicyDuplicationSelect_In_Print},
+    {TPM_CC_PolicyAuthorize, (TSS_InPrintFunction_t)PolicyAuthorize_In_Print},
+    {TPM_CC_PolicyAuthValue, (TSS_InPrintFunction_t)PolicyAuthValue_In_Print},
+    {TPM_CC_PolicyPassword, (TSS_InPrintFunction_t)PolicyPassword_In_Print},
+    {TPM_CC_PolicyGetDigest, (TSS_InPrintFunction_t)PolicyGetDigest_In_Print},
+    {TPM_CC_PolicyNvWritten, (TSS_InPrintFunction_t)PolicyNvWritten_In_Print},
+    {TPM_CC_PolicyTemplate, (TSS_InPrintFunction_t)PolicyTemplate_In_Print},
+    {TPM_CC_CreatePrimary, (TSS_InPrintFunction_t)CreatePrimary_In_Print},
+    {TPM_CC_HierarchyControl, (TSS_InPrintFunction_t)HierarchyControl_In_Print},
+    {TPM_CC_SetPrimaryPolicy, (TSS_InPrintFunction_t)SetPrimaryPolicy_In_Print},
+    {TPM_CC_ChangePPS, (TSS_InPrintFunction_t)ChangePPS_In_Print},
+    {TPM_CC_ChangeEPS, (TSS_InPrintFunction_t)ChangeEPS_In_Print},
+    {TPM_CC_Clear, (TSS_InPrintFunction_t)Clear_In_Print},
+    {TPM_CC_ClearControl, (TSS_InPrintFunction_t)ClearControl_In_Print},
+    {TPM_CC_HierarchyChangeAuth, (TSS_InPrintFunction_t)HierarchyChangeAuth_In_Print},
+    {TPM_CC_DictionaryAttackLockReset, (TSS_InPrintFunction_t)DictionaryAttackLockReset_In_Print},
+    {TPM_CC_DictionaryAttackParameters, (TSS_InPrintFunction_t)DictionaryAttackParameters_In_Print},
+    {TPM_CC_PP_Commands, (TSS_InPrintFunction_t)PP_Commands_In_Print},
+    {TPM_CC_SetAlgorithmSet, (TSS_InPrintFunction_t)SetAlgorithmSet_In_Print},
+    {TPM_CC_ContextSave, (TSS_InPrintFunction_t)ContextSave_In_Print},
+    {TPM_CC_ContextLoad, (TSS_InPrintFunction_t)ContextLoad_In_Print},
+    {TPM_CC_FlushContext, (TSS_InPrintFunction_t)FlushContext_In_Print},
+    {TPM_CC_EvictControl, (TSS_InPrintFunction_t)EvictControl_In_Print},
+    {TPM_CC_ReadClock, (TSS_InPrintFunction_t)NULL},
+    {TPM_CC_ClockSet, (TSS_InPrintFunction_t)ClockSet_In_Print},
+    {TPM_CC_ClockRateAdjust, (TSS_InPrintFunction_t)ClockRateAdjust_In_Print},
+    {TPM_CC_GetCapability, (TSS_InPrintFunction_t)GetCapability_In_Print},
+    {TPM_CC_TestParms, (TSS_InPrintFunction_t)TestParms_In_Print},
+    {TPM_CC_NV_DefineSpace, (TSS_InPrintFunction_t)NV_DefineSpace_In_Print},
+    {TPM_CC_NV_UndefineSpace, (TSS_InPrintFunction_t)NV_UndefineSpace_In_Print},
+    {TPM_CC_NV_UndefineSpaceSpecial, (TSS_InPrintFunction_t)NV_UndefineSpaceSpecial_In_Print},
+    {TPM_CC_NV_ReadPublic, (TSS_InPrintFunction_t)NV_ReadPublic_In_Print},
+    {TPM_CC_NV_Write, (TSS_InPrintFunction_t)NV_Write_In_Print},
+    {TPM_CC_NV_Increment, (TSS_InPrintFunction_t)NV_Increment_In_Print},
+    {TPM_CC_NV_Extend, (TSS_InPrintFunction_t)NV_Extend_In_Print},
+    {TPM_CC_NV_SetBits, (TSS_InPrintFunction_t)NV_SetBits_In_Print},
+    {TPM_CC_NV_WriteLock, (TSS_InPrintFunction_t)NV_WriteLock_In_Print},
+    {TPM_CC_NV_GlobalWriteLock, (TSS_InPrintFunction_t)NV_GlobalWriteLock_In_Print},
+    {TPM_CC_NV_Read, (TSS_InPrintFunction_t)NV_Read_In_Print},
+    {TPM_CC_NV_ReadLock, (TSS_InPrintFunction_t)NV_ReadLock_In_Print},
+    {TPM_CC_NV_ChangeAuth, (TSS_InPrintFunction_t)NV_ChangeAuth_In_Print},
+    {TPM_CC_NV_Certify, (TSS_InPrintFunction_t)NV_Certify_In_Print}
+};
+
+#endif /* TPM_TSS_NO_PRINT */
+
+/* local prototypes */
+
+static TPM_RC TSS_Execute_valist(TSS_CONTEXT *tssContext,
+				 COMMAND_PARAMETERS *in,
+				 va_list ap);
+
+
+static TPM_RC TSS_PwapSession_Set(TPMS_AUTH_COMMAND *authCommand,
+				  const char *password);
+static TPM_RC TSS_PwapSession_Verify(TPMS_AUTH_RESPONSE *authResponse);
+
+static TPM_RC TSS_HmacSession_GetContext(struct TSS_HMAC_CONTEXT **session);
+static void   TSS_HmacSession_InitContext(struct TSS_HMAC_CONTEXT *session);
+static void   TSS_HmacSession_FreeContext(struct TSS_HMAC_CONTEXT *session);
+
+#ifndef TPM_TSS_NOCRYPTO
+static TPM_RC TSS_HmacSession_SetSessionKey(TSS_CONTEXT *tssContext,
+					    struct TSS_HMAC_CONTEXT *session,
+					    TPM2B_DIGEST *salt,
+					    TPMI_DH_ENTITY bind,
+					    TPM2B_AUTH *bindAuthValue);
+static TPM_RC TSS_HmacSession_SetNonceCaller(struct TSS_HMAC_CONTEXT *session,
+					     TPMS_AUTH_COMMAND 	*authC);
+static TPM_RC TSS_HmacSession_SetHmacKey(TSS_CONTEXT *tssContext,
+					 struct TSS_HMAC_CONTEXT *session,
+					 size_t handleNumber,
+					 const char *password);
+#endif	/* TPM_TSS_NOCRYPTO */
+static TPM_RC TSS_HmacSession_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext,
+				      struct TSS_HMAC_CONTEXT *session[],
+				      TPMS_AUTH_COMMAND *authCommand[],
+				      TPMI_SH_AUTH_SESSION sessionHandle[],
+				      unsigned int sessionAttributes[],
+				      const char *password[],
+				      TPM2B_NAME *name0,		  
+				      TPM2B_NAME *name1,		  
+				      TPM2B_NAME *name2);
+#ifndef TPM_TSS_NOCRYPTO
+static TPM_RC TSS_HmacSession_Verify(TSS_AUTH_CONTEXT *tssAuthContext,
+				     struct TSS_HMAC_CONTEXT *session,
+				     TPMS_AUTH_RESPONSE *authResponse);
+#endif	/* TPM_TSS_NOCRYPTO */
+static TPM_RC TSS_HmacSession_Continue(TSS_CONTEXT *tssContext,
+				       struct TSS_HMAC_CONTEXT *session,
+				       TPMS_AUTH_RESPONSE *authR);
+
+
+static TPM_RC TSS_HmacSession_SaveSession(TSS_CONTEXT *tssContext,
+					  struct TSS_HMAC_CONTEXT *session);
+static TPM_RC TSS_HmacSession_LoadSession(TSS_CONTEXT *tssContext,
+					  struct TSS_HMAC_CONTEXT *session,
+					  TPMI_SH_AUTH_SESSION	sessionHandle);
+#ifdef TPM_TSS_NOFILE
+static TPM_RC TSS_HmacSession_SaveData(TSS_CONTEXT *tssContext,
+				       TPMI_SH_AUTH_SESSION sessionHandle,
+				       uint32_t outLength,
+				       uint8_t *outBuffer);
+static TPM_RC TSS_HmacSession_LoadData(TSS_CONTEXT *tssContext,
+				       uint32_t *inLength, uint8_t **inData,
+				       TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC TSS_HmacSession_DeleteData(TSS_CONTEXT *tssContext,
+					 TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC TSS_HmacSession_GetSlotForHandle(TSS_CONTEXT *tssContext,
+					       size_t *slotIndex,
+					       TPMI_SH_AUTH_SESSION sessionHandle);
+#endif
+static TPM_RC TSS_HmacSession_Marshal(struct TSS_HMAC_CONTEXT *source,
+				      uint16_t *written, uint8_t **buffer, uint32_t *size);
+static TPM_RC TSS_HmacSession_Unmarshal(struct TSS_HMAC_CONTEXT *target,
+					uint8_t **buffer, uint32_t *size);
+
+static TPM_RC TSS_Name_GetAllNames(TSS_CONTEXT *tssContext,
+				   TPM2B_NAME **names);
+static TPM_RC TSS_Name_GetName(TSS_CONTEXT *tssContext,
+			       TPM2B_NAME *name,
+			       TPM_HANDLE  handle);
+static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext,
+			     TPM2B_NAME *name,
+			     TPM_HANDLE handle,
+			     const char *string);
+static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext,
+			    TPM2B_NAME *name,
+			    TPM_HANDLE handle,
+			    const char *string);
+static TPM_RC TSS_Name_Copy(TSS_CONTEXT *tssContext,
+			    TPM_HANDLE outHandle,
+			    const char *outString,
+			    TPM_HANDLE inHandle,
+			    const char *inString);
+static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext,
+			       TPM2B_PUBLIC *public,
+			       TPM_HANDLE handle,
+			       const char *string);
+static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext,
+			      TPM2B_PUBLIC *public,
+			      TPM_HANDLE handle,
+			      const char *string);
+static TPM_RC TSS_Public_Copy(TSS_CONTEXT *tssContext,
+			      TPM_HANDLE outHandle,
+			      const char *outString,
+			      TPM_HANDLE inHandle,
+			      const char *inString);
+#ifdef TPM_TSS_NOFILE
+static TPM_RC TSS_ObjectPublic_GetSlotForHandle(TSS_CONTEXT *tssContext,
+						size_t *slotIndex,
+						TPM_HANDLE handle);
+static TPM_RC TSS_ObjectPublic_DeleteData(TSS_CONTEXT *tssContext, TPM_HANDLE handle);
+#endif
+static TPM_RC TSS_DeleteHandle(TSS_CONTEXT *tssContext,
+			       TPM_HANDLE handle);
+#ifndef TPM_TSS_NOCRYPTO
+static TPM_RC TSS_ObjectPublic_GetName(TPM2B_NAME *name,
+				       TPMT_PUBLIC *tpmtPublic);
+
+static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext,
+				 TPMS_NV_PUBLIC *nvPublic,
+				 TPMI_RH_NV_INDEX handle);
+static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext,
+				TPMS_NV_PUBLIC *nvPublic,
+				TPMI_RH_NV_INDEX handle);
+#endif
+static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext,
+				  TPMI_RH_NV_INDEX nvIndex);
+#ifdef TPM_TSS_NOFILE
+static TPM_RC TSS_NvPublic_GetSlotForHandle(TSS_CONTEXT *tssContext,
+					    size_t *slotIndex,
+					    TPMI_RH_NV_INDEX nvIndex);
+#endif
+
+static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext,
+				  struct TSS_HMAC_CONTEXT *session[],
+				  TPMI_SH_AUTH_SESSION sessionHandle[],
+				  unsigned int sessionAttributes[]);
+#ifndef TPM_TSS_NOCRYPTO
+static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext,
+				     struct TSS_HMAC_CONTEXT *session);
+static TPM_RC TSS_Command_DecryptAes(TSS_AUTH_CONTEXT *tssAuthContext,
+				     struct TSS_HMAC_CONTEXT *session);
+
+#endif	/* TPM_TSS_NOCRYPTO */
+static TPM_RC TSS_Response_Encrypt(TSS_AUTH_CONTEXT *tssAuthContext,
+				   struct TSS_HMAC_CONTEXT *session[],
+				   TPMI_SH_AUTH_SESSION sessionHandle[],
+				   unsigned int sessionAttributes[]);
+#ifndef TPM_TSS_NOCRYPTO
+static TPM_RC TSS_Response_EncryptXor(TSS_AUTH_CONTEXT *tssAuthContext,
+				      struct TSS_HMAC_CONTEXT *session);
+static TPM_RC TSS_Response_EncryptAes(TSS_AUTH_CONTEXT *tssAuthContext,
+				      struct TSS_HMAC_CONTEXT *session);
+
+static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext,
+					      struct TSS_HMAC_CONTEXT *session,
+					      size_t handleNumber,
+					      COMMAND_PARAMETERS *in);
+#endif	/* TPM_TSS_NOCRYPTO */
+
+static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
+				       TPM_CC commandCode,
+				       COMMAND_PARAMETERS *in,
+				       EXTRA_PARAMETERS *extra);
+static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext,
+					 COMMAND_PARAMETERS *in,
+					 RESPONSE_PARAMETERS *out,
+					 EXTRA_PARAMETERS *extra);
+
+static TPM_RC TSS_Sessions_GetDecryptSession(unsigned int *isDecrypt,
+					     unsigned int *decryptSession,
+					     TPMI_SH_AUTH_SESSION sessionHandle[],
+					     unsigned int sessionAttributes[]);
+static TPM_RC TSS_Sessions_GetEncryptSession(unsigned int *isEncrypt,
+					     unsigned int *encryptSession,
+					     TPMI_SH_AUTH_SESSION sessionHandle[],
+					     unsigned int sessionAttributes[]);
+
+#ifndef TPM_TSS_NOFILE
+static TPM_RC TSS_HashToString(char *str, uint8_t *digest);
+#endif
+#ifndef TPM_TSS_NOCRYPTO
+#ifndef TPM_TSS_NORSA
+static TPM_RC TSS_RSA_Salt(TPM2B_DIGEST 		*salt,
+			   TPM2B_ENCRYPTED_SECRET	*encryptedSalt,
+			   TPMT_PUBLIC			*publicArea);
+#endif /* TPM_TSS_NORSA */
+#endif /* TPM_TSS_NOCRYPTO */
+extern int tssVerbose;
+extern int tssVverbose;
+extern int tssFirstCall;
+
+
+TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
+		     RESPONSE_PARAMETERS *out,
+		     COMMAND_PARAMETERS *in,
+		     EXTRA_PARAMETERS *extra,
+		     TPM_CC commandCode,
+		     va_list ap)
+{
+    TPM_RC		rc = 0;
+	
+    /* create a TSS authorization context */
+    if (rc == 0) {
+	TSS_InitAuthContext(tssContext->tssAuthContext);
+    }
+    /* handle any command specific command pre-processing */
+    if (rc == 0) {
+	rc = TSS_Command_PreProcessor(tssContext,
+				      commandCode,
+				      in,
+				      extra);
+    }
+    /* marshal input parameters */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute20: Command %08x marshal\n", commandCode);
+	rc = TSS_Marshal(tssContext->tssAuthContext,
+			 in,
+			 commandCode);
+    }
+    /* execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute_valist(tssContext, in, ap);
+    }
+    /* unmarshal the response parameters */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute20: Command %08x unmarshal\n", commandCode);
+	rc = TSS_Unmarshal(tssContext->tssAuthContext, out);
+    }
+    /* handle any command specific response post-processing */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute20: Command %08x post processor\n", commandCode);
+	rc = TSS_Response_PostProcessor(tssContext,
+					in,
+					out,
+					extra);
+    }
+    return rc;
+}
+
+/* TSS_Execute_valist() transmits the marshaled command and receives the marshaled response.
+
+   varargs are TPMI_SH_AUTH_SESSION sessionHandle, const char *password, unsigned int
+   sessionAttributes
+
+   Terminates with sessionHandle TPM_RH_NULL
+
+   Processes up to MAX_SESSION_NUM sessions.  It handles HMAC generation and command and response
+   parameter encryption.  It loads each session context, rolls nonces, and saves or deletes the
+   session context.
+*/
+
+static TPM_RC TSS_Execute_valist(TSS_CONTEXT *tssContext,
+				 COMMAND_PARAMETERS *in,
+				 va_list ap)
+{
+    TPM_RC		rc = 0;
+    int 		done;
+    int 		haveNames = FALSE;	/* names are common to all HMAC sessions */
+    size_t		i = 0;
+
+    /* the vararg parameters */
+    TPMI_SH_AUTH_SESSION sessionHandle[MAX_SESSION_NUM];
+    const char 		*password[MAX_SESSION_NUM];
+    unsigned int	sessionAttributes[MAX_SESSION_NUM]; 
+
+    /* structures filled in */
+    TPMS_AUTH_COMMAND 	*authCommand[MAX_SESSION_NUM];
+    TPMS_AUTH_RESPONSE 	*authResponse[MAX_SESSION_NUM];
+    
+    /* pointer to the above structures as used */
+    TPMS_AUTH_COMMAND 	*authC[MAX_SESSION_NUM];
+    TPMS_AUTH_RESPONSE 	*authR[MAX_SESSION_NUM];
+
+    /* TSS sessions */
+    struct TSS_HMAC_CONTEXT *session[MAX_SESSION_NUM];
+    TPM2B_NAME *names[MAX_SESSION_NUM];
+	
+    
+    for (i = 0 ; i < MAX_SESSION_NUM ; i++) {
+	authCommand[i] = NULL;		/* for safe free */
+	authResponse[i] = NULL;		/* for safe free */
+ 	names[i] = NULL;		/* for safe free */
+	authC[i] = NULL;		/* array of TPMS_AUTH_COMMAND structures, NULL for
+					   TSS_SetCmdAuths */
+	authR[i] = NULL;		/* array of TPMS_AUTH_RESPONSE structures, NULL for
+					   TSS_GetRspAuths */
+	session[i] = NULL;		/* for free, used for HMAC and encrypt/decrypt sessions */
+	/* the varargs list inputs */
+	sessionHandle[i] = TPM_RH_NULL;
+	password[i] = NULL;
+	sessionAttributes[i] = 0;
+    }
+    /* Step 1: initialization */
+    if (tssVverbose) printf("TSS_Execute_valist: Step 1: initialization\n");
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) {
+	if (rc == 0) {
+	    rc = TSS_Malloc((unsigned char **)&authCommand[i],	/* freed @1 */
+			    sizeof(TPMS_AUTH_COMMAND));
+	}
+	if (rc == 0) {
+	    rc = TSS_Malloc((unsigned char **)&authResponse[i],	/* freed @2 */
+			    sizeof(TPMS_AUTH_RESPONSE));
+	}
+	if (rc == 0) {
+	    rc = TSS_Malloc((unsigned char **)&names[i],	/* freed @3 */
+			    sizeof(TPM2B_NAME));
+	}
+	if (rc == 0) {
+	    names[i]->b.size = 0;	/* to ignore unused names in cpHash calculation */
+	}
+    }
+    /* Step 2: gather the command authorizations
+
+       Process PWAP immediately
+       For HMAC, get the session context
+    */
+    done = FALSE;
+    for (i = 0 ; (rc == 0) && !done && (i < MAX_SESSION_NUM) ; i++) {
+ 	sessionHandle[i] = va_arg(ap, TPMI_SH_AUTH_SESSION);	/* first vararg is the session
+								   handle */
+	password[i]= va_arg(ap, const char *);			/* second vararg is the password */
+	sessionAttributes[i] = va_arg(ap, unsigned int);	/* third argument is
+								   sessionAttributes */
+	sessionAttributes[i] &= 0xff;				/* is uint8_t */
+
+	if (sessionHandle[i] != TPM_RH_NULL) {			/* varargs termination value */ 
+
+	    if (tssVverbose) printf("TSS_Execute_valist: Step 2: authorization %u\n",
+				    (unsigned int)i);
+	    if (tssVverbose) printf("TSS_Execute_valist: session %u handle %08x\n",
+				    (unsigned int)i, sessionHandle[i]);
+	    /* make used, non-NULL for command and response varargs */
+	    authC[i] = authCommand[i];
+	    authR[i] = authResponse[i];
+
+	    /* if password session, populate authC with password, etc. immediately */
+	    if (sessionHandle[i] == TPM_RS_PW) {
+		rc = TSS_PwapSession_Set(authC[i], password[i]);
+	    }
+	    /* if HMAC or encrypt/decrypt session  */
+	    else {
+		/* initialize a TSS HMAC session */
+		if (rc == 0) {
+		    rc = TSS_HmacSession_GetContext(&session[i]);
+		}
+		/* load the session created by startauthsession */
+		if (rc == 0) {
+		    rc = TSS_HmacSession_LoadSession(tssContext, session[i], sessionHandle[i]);
+		}
+		/* if there is at least one HMAC session, get the names corresponding to the
+		   handles */
+		if ((session[i]->sessionType == TPM_SE_HMAC) ||		/* HMAC session. OR */
+		    ((session[i]->sessionType == TPM_SE_POLICY) &&	/* Policy session AND */
+
+#ifndef TPM_TSS_NOCRYPTO
+		     ((session[i]->isAuthValueNeeded) || 		/* PolicyAuthValue ran, OR */
+		      (session[i]->sessionKey.b.size != 0)))		/* Already session key (bind or salt) */
+#else
+		    (session[i]->isAuthValueNeeded))		/* PolicyAuthValue ran, OR */
+#endif	/* TPM_TSS_NOCRYPTO */
+		    ) {	
+		    if ((rc == 0) && !haveNames) {
+			rc = TSS_Name_GetAllNames(tssContext, names);
+			haveNames = TRUE;	/* get only once, minor optimization */
+		    }
+		}
+	    }
+	}
+	else {
+	    done = TRUE;
+	}
+    }
+    /* Step 3: Roll nonceCaller, save in the session context for the response */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if (sessionHandle[i] != TPM_RS_PW) {		/* no nonce for password sessions */
+	    if (tssVverbose)
+		printf("TSS_Execute_valist: Step 3: nonceCaller %08x\n", sessionHandle[i]);
+#ifndef TPM_TSS_NOCRYPTO
+	    rc = TSS_HmacSession_SetNonceCaller(session[i], authC[i]);
+#else
+	    authC[i]->nonce.b.size = 16;
+	    memset(&authC[i]->nonce.b.buffer, 0, 16);
+#endif	/* TPM_TSS_NOCRYPTO */
+	}
+    }
+    
+#ifndef TPM_TSS_NOCRYPTO
+    /* Step 4: Calculate the HMAC key */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if (sessionHandle[i] != TPM_RS_PW) {		/* no HMAC key for password sessions */
+	    if (tssVverbose) printf("TSS_Execute_valist: Step 4: Session %u HMAC key for %08x\n",
+				    (unsigned int)i, sessionHandle[i]);
+	    rc = TSS_HmacSession_SetHmacKey(tssContext, session[i], i, password[i]);
+	}
+    }
+#endif	/* TPM_TSS_NOCRYPTO */
+    /* Step 5: command parameter encryption */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute_valist: Step 5: command encrypt\n");
+	rc = TSS_Command_Decrypt(tssContext->tssAuthContext,
+				 session,
+				 sessionHandle,
+				 sessionAttributes);
+    }
+    /* Step 6: for each HMAC session, calculate cpHash, calculate the HMAC, and set it in
+       TPMS_AUTH_COMMAND */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute_valist: Step 6 calculate HMACs\n");
+	rc = TSS_HmacSession_SetHMAC(tssContext->tssAuthContext,	/* TSS auth context */
+				     session,		/* TSS session contexts */
+				     authC,		/* output: command authorizations */
+				     sessionHandle,	/* list of session handles for the command */
+				     sessionAttributes, /* attributes for this command */
+				     password,		/* for plaintext password sessions */
+				     names[0],		/* Name */
+				     names[1],		/* Name */
+				     names[2]);		/* Name */
+    }
+    /* Step 7: set the command authorizations in the TSS command stream */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute_valist: Step 7 set command authorizations\n");
+	rc = TSS_SetCmdAuths(tssContext->tssAuthContext,
+			     authC[0],
+			     authC[1],
+			     authC[2],
+			     NULL);
+    }
+    /* Step 8: process the command.  Normally returns the TPM response code. */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute_valist: Step 8: process the command\n");
+	rc = TSS_AuthExecute(tssContext);
+    }
+    /* Step 9: get the response authorizations from the TSS response stream */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute_valist: Step 9 get response authorizations\n");
+	rc = TSS_GetRspAuths(tssContext->tssAuthContext,
+			     authR[0],
+			     authR[1],
+			     authR[2],
+			     NULL);
+    }
+    /* Step 10: process the response authorizations, validate the HMAC */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if (tssVverbose)
+	    printf("TSS_Execute_valist: Step 10: process response authorization %08x\n",
+		   sessionHandle[i]);
+	if (sessionHandle[i] == TPM_RS_PW) {
+	    rc = TSS_PwapSession_Verify(authR[i]);
+	}
+	/* HMAC session */
+	else {
+#ifndef TPM_TSS_NOCRYPTO
+	    /* save nonceTPM in the session context */
+	    if (rc == 0) {
+		rc = TSS_TPM2B_Copy(&session[i]->nonceTPM.b, &authR[i]->nonce.b, sizeof(TPMU_HA));
+	    }
+#endif	/* TPM_TSS_NOCRYPTO */
+	    /* the HMAC key is already part of the TSS session context.  For policy sessions with
+	       policy password, the response hmac is empty. */
+	    if ((session[i]->sessionType == TPM_SE_HMAC) ||
+		((session[i]->sessionType == TPM_SE_POLICY) && (session[i]->isAuthValueNeeded))) {
+#ifndef TPM_TSS_NOCRYPTO
+		if (rc == 0) {
+		    rc = TSS_Command_ChangeAuthProcessor(tssContext, session[i], i, in);
+		}
+		if (rc == 0) {
+		    rc = TSS_HmacSession_Verify(tssContext->tssAuthContext, /* authorization
+									       context */
+						session[i],	/* TSS session context */
+						authR[i]);	/* input: response authorization */
+		}
+#else
+		in = in;
+		if (tssVerbose)
+		    printf("TSS_Execute_valist: "
+			   "Error, HMAC verify with no crypto not implemented\n");
+		rc = TSS_RC_NOT_IMPLEMENTED;
+#endif	/* TPM_TSS_NOCRYPTO */
+	    }
+	}
+    }
+    /* Step 11: process the audit flag */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if ((sessionHandle[i] != TPM_RS_PW) &&
+	    (session[i]->bind != TPM_RH_NULL) &&
+	    (authR[i]->sessionAttributes.val & TPMA_SESSION_AUDIT)) {
+	    if (tssVverbose) printf("TSS_Execute_valist: Step 11: process bind audit flag %08x\n",
+				    sessionHandle[i]);
+	    /* if bind audit session, bind value is lost and further use requires authValue */
+	    session[i]->bind = TPM_RH_NULL;
+	}
+    }
+    /* Step 12: process the response continue flag */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	if (sessionHandle[i] != TPM_RS_PW) {
+	    if (tssVverbose) printf("TSS_Execute_valist: Step 12: process continue flag %08x\n",
+				    sessionHandle[i]);
+	    rc = TSS_HmacSession_Continue(tssContext, session[i], authR[i]);
+	}
+    }
+    /* Step 13: response parameter decryption */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Execute_valist: Step 13: response decryption\n");
+	rc = TSS_Response_Encrypt(tssContext->tssAuthContext,
+				  session,
+				  sessionHandle,
+				  sessionAttributes);
+    }
+    /* cleanup */
+    for (i = 0 ; i < MAX_SESSION_NUM ; i++) {
+	TSS_HmacSession_FreeContext(session[i]);
+	free(authCommand[i]);		/* @1 */
+ 	free(authResponse[i]);		/* @2 */
+	free(names[i]);			/* @3 */
+    }
+    return rc;
+}
+
+/*
+  PWAP - Password Session
+*/
+
+/* TSS_PwapSession_Set() sets all members of the TPMS_AUTH_COMMAND structure for a PWAP session.
+ */
+
+static TPM_RC TSS_PwapSession_Set(TPMS_AUTH_COMMAND *authCommand,
+				  const char *password)
+{
+    TPM_RC		rc = 0;
+    
+    if (rc == 0) {
+	authCommand->sessionHandle = TPM_RS_PW;
+	authCommand->nonce.t.size = 0;
+	authCommand->sessionAttributes.val = 0;
+    }
+    if (password != NULL) {
+	rc = TSS_TPM2B_StringCopy(&authCommand->hmac.b,
+				  password, sizeof(authCommand->hmac.t.buffer));
+    }
+    else {
+	authCommand->hmac.t.size = 0;
+    }
+    return rc;
+}
+
+/* TSS_PwapSession_Verify() verifies the PWAP session response. */
+
+static TPM_RC TSS_PwapSession_Verify(TPMS_AUTH_RESPONSE *authResponse)
+{
+    TPM_RC		rc = 0;
+
+    if (rc == 0) {
+	if (authResponse->nonce.t.size != 0) {
+	    if (tssVerbose) printf("TSS_PwapSession_Verify: nonce size %u not zero\n",
+				   authResponse->nonce.t.size);
+	    rc = TSS_RC_BAD_PWAP_NONCE;
+	}
+    }
+    if (rc == 0) {
+	if (authResponse->sessionAttributes.val != TPMA_SESSION_CONTINUESESSION) {
+	    if (tssVerbose) printf("TSS_PwapSession_Verify: continue %02x not set\n",
+				   authResponse->sessionAttributes.val);
+	    rc = TSS_RC_BAD_PWAP_ATTRIBUTES;
+	}
+    }
+    if (rc == 0) {
+	if (authResponse->hmac.t.size != 0) {
+	    if (tssVerbose) printf("TSS_PwapSession_Verify: HMAC size %u not zero\n",
+				   authResponse->hmac.t.size);
+	    rc = TSS_RC_BAD_PWAP_HMAC;
+	}
+    }
+    return rc;
+}
+
+/*
+  HMAC Session
+*/
+
+static TPM_RC TSS_HmacSession_GetContext(struct TSS_HMAC_CONTEXT **session)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+        rc = TSS_Malloc((uint8_t **)session, sizeof(TSS_HMAC_CONTEXT));
+    }
+    if (rc == 0) {
+	TSS_HmacSession_InitContext(*session);
+    }
+    return rc;
+}
+
+static void TSS_HmacSession_InitContext(struct TSS_HMAC_CONTEXT *session)
+{
+    session->sessionHandle = TPM_RH_NULL;
+    session->authHashAlg = TPM_ALG_NULL;
+#ifndef TPM_TSS_NOCRYPTO
+    session->sizeInBytes = 0;
+#endif
+    session->symmetric.algorithm = TPM_ALG_NULL;
+    session->bind = TPM_RH_NULL;
+    session->bindName.b.size = 0;
+    session->bindAuthValue.t.size = 0;
+#ifndef TPM_TSS_NOCRYPTO
+    memset(session->nonceTPM.t.buffer, 0, sizeof(TPMU_HA));
+    session->nonceTPM.b.size = 0;
+    memset(session->nonceCaller.t.buffer, 0, sizeof(TPMU_HA));
+    session->nonceCaller.b.size = 0;
+    memset(session->sessionKey.t.buffer, 0, sizeof(TPMU_HA));
+    session->sessionKey.b.size = 0;
+#endif
+    session->sessionType = 0;
+    session->isPasswordNeeded = FALSE;
+    session->isAuthValueNeeded = FALSE;
+    memset(session->hmacKey.t.buffer, 0, sizeof(TPMU_HA) + sizeof(TPMU_HA));
+    session->hmacKey.b.size = 0;
+#ifndef TPM_TSS_NOCRYPTO
+    memset(session->sessionValue.t.buffer, 0, sizeof(TPMU_HA) + sizeof(TPMU_HA));
+    session->sessionValue.b.size = 0;
+#endif
+}
+
+void TSS_HmacSession_FreeContext(struct TSS_HMAC_CONTEXT *session)
+{
+    if (session != NULL) {
+	TSS_HmacSession_InitContext(session);
+	free(session);
+    }
+    return;
+}
+
+/* TSS_HmacSession_SetSessionKey() is called by the StartAuthSession post processor to calculate and
+   store the session key
+
+   19.6.8	sessionKey Creation
+*/
+
+#ifndef TPM_TSS_NOCRYPTO
+
+static TPM_RC TSS_HmacSession_SetSessionKey(TSS_CONTEXT *tssContext,
+					    struct TSS_HMAC_CONTEXT *session,
+					    TPM2B_DIGEST *salt,
+					    TPMI_DH_ENTITY bind,
+					    TPM2B_AUTH *bindAuthValue)
+{
+    TPM_RC		rc = 0;
+    TPM2B_KEY 		key;		/* HMAC key for the KDFa */
+
+    if (rc == 0) {
+	/* save the bind handle, non-null indicates a bound session */
+	session->bind = bind;
+	/* if bind, save the bind Name in the session context.  The handle might change, but the
+	   name will not */
+	if ((rc == 0) && (bind != TPM_RH_NULL)) {
+	    rc = TSS_Name_GetName(tssContext, &session->bindName, bind);
+	}
+    }
+    if (rc == 0) {
+        if ((bind != TPM_RH_NULL) ||
+	    (salt->b.size != 0)) {
+
+	    /* session key is bindAuthValue || salt */
+	    /* copy bindAuthValue.  This is set during the post processor to either the supplied
+	       bind password or Empty */
+	    if (rc == 0) {
+		rc = TSS_TPM2B_Copy(&key.b, &bindAuthValue->b, sizeof(TPMU_HA) + sizeof(TPMT_HA));
+	    }
+	    /* copy salt.  This is set during the postprocessor to either the salt from the
+	       preprocessor or empty. */
+	    if (rc == 0) {
+		rc = TSS_TPM2B_Append(&key.b, &salt->b, sizeof(TPMU_HA) + sizeof(TPMT_HA));
+	    }
+	    if (rc == 0) {
+		if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetSessionKey: KDFa HMAC key",
+					      key.b.buffer, key.b.size);
+	    }
+	    /* KDFa for the session key */
+	    if (rc == 0) {
+		rc = TSS_KDFA(session->sessionKey.b.buffer,
+			      session->authHashAlg,
+			      &key.b,
+			      "ATH",
+			      &session->nonceTPM.b,
+			      &session->nonceCaller.b,
+			      session->sizeInBytes * 8);
+	    }
+	    if (rc == 0) {
+		session->sessionKey.b.size = session->sizeInBytes;
+		if (tssVverbose)
+		    TSS_PrintAll("TSS_HmacSession_SetSessionKey: Session key",
+				 session->sessionKey.b.buffer, session->sessionKey.b.size);
+	    }
+	}
+	else {
+	    session->sessionKey.b.size = 0;
+	}
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+/* TSS_HmacSession_SaveSession() saves a session in two cases:
+
+   The initial session from startauthsession
+   The updated session a TPM response
+*/
+
+
+static TPM_RC TSS_HmacSession_SaveSession(TSS_CONTEXT *tssContext,
+					  struct TSS_HMAC_CONTEXT *session)
+{
+    TPM_RC	rc = 0;
+    uint8_t 	*buffer = NULL;		/* marshaled TSS_HMAC_CONTEXT */
+    uint16_t	written = 0;
+#ifndef TPM_TSS_NOFILE
+    char	sessionFilename[TPM_DATA_DIR_PATH_LENGTH];
+    uint8_t *outBuffer = NULL;
+    uint32_t outLength;
+#endif
+    
+    if (tssVverbose) printf("TSS_HmacSession_SaveSession: handle %08x\n", session->sessionHandle);
+    if (rc == 0) {
+	rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				   &written,
+				   session,
+				   (MarshalFunction_t)TSS_HmacSession_Marshal);
+    }
+#ifndef TPM_TSS_NOFILE
+    if (rc == 0) {
+#ifndef TPM_TSS_NOCRYPTO
+	/* if the flag is set, encrypt the session state before store */
+	if (tssContext->tssEncryptSessions) {
+	    rc = TSS_AES_Encrypt(tssContext->tssSessionEncKey,
+				 &outBuffer,   	/* output, freed @2 */
+				 &outLength,	/* output */
+				 buffer,	/* input */
+				 written);	/* input */
+	}
+	/* else store the session state in plaintext */
+	else {
+#endif	/* TPM_TSS_NOCRYPTO */
+	    outBuffer = buffer;
+	    outLength = written;
+#ifndef TPM_TSS_NOCRYPTO
+	}
+#endif	/* TPM_TSS_NOCRYPTO */
+    }
+    /* save the session in a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session
+       handle */
+    if (rc == 0) {
+	sprintf(sessionFilename, "%s/h%08x.bin",
+		tssContext->tssDataDirectory, session->sessionHandle);
+    }
+    if (rc == 0) {
+	rc = TSS_File_WriteBinaryFile(outBuffer,
+				      outLength,
+				      sessionFilename);
+    }
+    if (tssContext->tssEncryptSessions) {
+	free(outBuffer);	/* @2 */
+    }
+#else		/* no file support, save to context */
+    if (rc == 0) {
+	rc = TSS_HmacSession_SaveData(tssContext,
+				      session->sessionHandle,
+				      written, buffer);
+    }
+#endif
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+/* TSS_HmacSession_LoadSession() loads an existing HMAC session context saved by:
+
+   startauthsession
+   an update after a TPM response
+*/
+
+static TPM_RC TSS_HmacSession_LoadSession(TSS_CONTEXT *tssContext,
+					  struct TSS_HMAC_CONTEXT *session,
+					  TPMI_SH_AUTH_SESSION	sessionHandle)
+{
+    TPM_RC		rc = 0;
+    uint8_t 		*buffer = NULL;
+    uint8_t 		*buffer1 = NULL;
+#ifndef TPM_TSS_NOFILE
+    size_t 		length = 0;
+    char		sessionFilename[TPM_DATA_DIR_PATH_LENGTH];
+#endif    
+    unsigned char 	*inData = NULL;		/* output */
+    uint32_t 		inLength;		/* output */
+
+    if (tssVverbose) printf("TSS_HmacSession_LoadSession: handle %08x\n", sessionHandle);
+#ifndef TPM_TSS_NOFILE
+    /* load the session from a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session
+       handle */
+    if (rc == 0) {
+	sprintf(sessionFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, sessionHandle);
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     sessionFilename);
+    }
+    if (rc == 0) {
+#ifndef TPM_TSS_NOCRYPTO
+	/* if the flag is set, decrypt the session state before unmarshal */
+	if (tssContext->tssEncryptSessions) {
+	    rc = TSS_AES_Decrypt(tssContext->tssSessionDecKey,
+				 &inData,   	/* output, freed @2 */
+				 &inLength,	/* output */
+				 buffer,	/* input */
+				 length);	/* input */
+	}
+	/* else the session was loaded in plaintext */
+	else {
+#endif	/* TPM_TSS_NOCRYPTO */
+	    inData = buffer;
+	    inLength = length;
+#ifndef TPM_TSS_NOCRYPTO
+	}
+#endif	/* TPM_TSS_NOCRYPTO */
+    }
+#else		/* no file support, load from context */
+    if (rc == 0) {
+	rc = TSS_HmacSession_LoadData(tssContext,
+				      &inLength, &inData,
+				      sessionHandle);
+    }
+#endif
+    if (rc == 0) {
+	uint32_t ilength = inLength;
+	buffer1 = inData;
+	rc = TSS_HmacSession_Unmarshal(session, &buffer1, &ilength);
+    }
+#ifndef TPM_TSS_NOFILE
+    if (tssContext->tssEncryptSessions) {
+	free(inData);	/* @2 */
+    }
+#endif
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_HmacSession_SaveData(TSS_CONTEXT *tssContext,
+				       TPMI_SH_AUTH_SESSION sessionHandle,
+				       uint32_t outLength,
+				       uint8_t *outBuffer)
+{
+    TPM_RC	rc = 0;
+    size_t	slotIndex;
+
+    /* if this handle is already used, overwrite the slot */
+    if (rc == 0) {
+	rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle);
+	if (rc != 0) {
+	    rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL);
+	    if (rc == 0) {
+		tssContext->sessions[slotIndex].sessionHandle = sessionHandle;
+	    }
+	    else {
+		if (tssVerbose)
+		    printf("TSS_HmacSession_SaveData: Error, no slot available for handle %08x\n",
+			   sessionHandle);
+	    }
+	}
+    }
+    /* reallocate memory and adjust the size */
+    if (rc == 0) {
+	rc = TSS_Realloc(&tssContext->sessions[slotIndex].sessionData, outLength);
+    }
+    if (rc == 0) {
+	tssContext->sessions[slotIndex].sessionDataLength = outLength;
+	memcpy(tssContext->sessions[slotIndex].sessionData, outBuffer, outLength);
+    }
+    return rc;
+}
+
+static TPM_RC TSS_HmacSession_LoadData(TSS_CONTEXT *tssContext,
+				       uint32_t *inLength, uint8_t **inData,
+				       TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC	rc = 0;
+    size_t	slotIndex;
+
+    if (rc == 0) {
+	rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_HmacSession_LoadData: Error, no slot found for handle %08x\n",
+		       sessionHandle);
+	}
+    }
+    if (rc == 0) {
+	*inLength = tssContext->sessions[slotIndex].sessionDataLength;
+	*inData = tssContext->sessions[slotIndex].sessionData;
+    }
+    return rc;
+}
+
+static TPM_RC TSS_HmacSession_DeleteData(TSS_CONTEXT *tssContext,
+					 TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC	rc = 0;
+    size_t	slotIndex;
+
+    if (rc == 0) {
+	rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_HmacSession_DeleteData: Error, no slot found for handle %08x\n",
+		       sessionHandle);
+	}
+    }    
+    if (rc == 0) {
+	tssContext->sessions[slotIndex].sessionHandle = TPM_RH_NULL;
+	/* erase any secrets */
+	memset(tssContext->sessions[slotIndex].sessionData, 0,
+	       tssContext->sessions[slotIndex].sessionDataLength);
+	free(tssContext->sessions[slotIndex].sessionData);
+	tssContext->sessions[slotIndex].sessionData = NULL;
+	tssContext->sessions[slotIndex].sessionDataLength = 0;
+    }
+    return rc;
+}
+
+/* TSS_HmacSession_GetSlotForHandle() finds the session slot corresponding to the session handle.
+
+   Returns non-zero if no slot is found.
+*/
+
+static TPM_RC TSS_HmacSession_GetSlotForHandle(TSS_CONTEXT *tssContext,
+					       size_t *slotIndex,
+					       TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    size_t 	i;
+
+    /* search all slots for handle */
+    for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) {
+	if (tssContext->sessions[i].sessionHandle == sessionHandle) {
+	    *slotIndex = i;
+	    return 0;
+	}
+    }
+    return TSS_RC_NO_SESSION_SLOT;
+}
+
+#endif
+
+static TPM_RC TSS_HmacSession_Marshal(struct TSS_HMAC_CONTEXT *source,
+					uint16_t *written,
+					uint8_t **buffer,
+					uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_AUTH_SESSION_Marshalu(&source->sessionHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->authHashAlg, written, buffer, size);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->sizeInBytes, written, buffer, size);
+    }
+#endif
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_Marshalu(&source->symmetric, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_ENTITY_Marshalu(&source->bind, written, buffer, size);
+    }   
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->bindName, written, buffer, size);
+    }
+#ifdef TPM_WINDOWS
+    /* FIXME Why does a VS release build need a printf here? */
+    if (tssVverbose) printf("");
+#endif
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->bindAuthValue, written, buffer, size);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceTPM, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceCaller, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->sessionKey, written, buffer, size);
+    }
+#endif
+    if (rc == 0) {
+	rc = TSS_TPM_SE_Marshalu(&source->sessionType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->isPasswordNeeded, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->isAuthValueNeeded, written, buffer, size);
+    }  
+    return rc;
+}
+
+static TPM_RC TSS_HmacSession_Unmarshal(struct TSS_HMAC_CONTEXT *target,
+					uint8_t **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(&target->sessionHandle, buffer, size, NO);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Unmarshalu(&target->authHashAlg, buffer, size, NO);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->sizeInBytes, buffer, size);
+    }
+#endif
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_Unmarshalu(&target->symmetric, buffer, size, YES);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_ENTITY_Unmarshalu(&target->bind, buffer, size, YES);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->bindName, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Unmarshalu(&target->bindAuthValue, buffer, size);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceCaller, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->sessionKey, buffer, size);
+    }
+#endif
+    if (rc == 0) {
+	rc = TSS_TPM_SE_Unmarshalu(&target->sessionType, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->isPasswordNeeded, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Unmarshalu(&target->isAuthValueNeeded, buffer, size);
+    }
+    return rc;
+}
+
+/*
+  Name handling
+*/
+
+/* TSS_Name_GetAllNames() files in the names array based on the handles marshaled into the TSS
+   context command stream. */
+
+static TPM_RC TSS_Name_GetAllNames(TSS_CONTEXT *tssContext,
+				   TPM2B_NAME **names)
+{
+    TPM_RC	rc = 0;
+    size_t	i;
+    size_t	commandHandleCount;	/* number of handles in the command stream */
+    TPM_HANDLE  commandHandle;
+
+    /* get the number of handles in the command stream */
+    if (rc == 0) {
+	rc = TSS_GetCommandHandleCount(tssContext->tssAuthContext, &commandHandleCount);
+	if (tssVverbose) printf("TSS_Name_GetAllNames: commandHandleCount %u\n",
+				(unsigned int)commandHandleCount);
+    }
+    for (i = 0 ; (rc == 0) && (i < commandHandleCount) ; i++) {
+	/* get a handle from the command stream */
+	if (rc == 0) {
+	    rc = TSS_GetCommandHandle(tssContext->tssAuthContext,
+				      &commandHandle,
+				      i);
+	}
+	/* get the Name corresponding to the handle */
+	if (rc == 0) {
+	    if (tssVverbose) printf("TSS_Name_GetAllNames: commandHandle %u %08x\n",
+				    (unsigned int)i, commandHandle);
+	    rc = TSS_Name_GetName(tssContext, names[i], commandHandle);
+	}
+    }
+    return rc;
+}
+
+/* TSS_Name_GetName() gets the Name associated with the handle */
+
+static TPM_RC TSS_Name_GetName(TSS_CONTEXT *tssContext,
+			       TPM2B_NAME *name,
+			       TPM_HANDLE  handle)
+{
+    TPM_RC	rc = 0;
+    TPM_HT 	handleType;
+
+    if (tssVverbose) printf("TSS_Name_GetName: Handle %08x\n", handle);
+    handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT);
+
+    /* Table 3 - Equations for Computing Entity Names */
+    switch (handleType) {
+	/* for these, the Name is simply the handle value */
+      case TPM_HT_PCR:
+      case TPM_HT_HMAC_SESSION:
+      case TPM_HT_POLICY_SESSION:
+      case TPM_HT_PERMANENT:
+	rc = TSS_TPM2B_CreateUint32(&name->b, handle, sizeof(name->t.name));
+	break;
+	/* for NV, the Names was calculated at NV read public */
+      case TPM_HT_NV_INDEX:
+	/* for objects, the Name was returned at creation or load */
+      case TPM_HT_TRANSIENT:
+      case TPM_HT_PERSISTENT:
+	rc = TSS_Name_Load(tssContext, name, handle, NULL);
+	break;
+      default:
+	if (tssVerbose) printf("TSS_Name_GetName: not implemented for handle %08x\n", handle);
+	rc = TSS_RC_NAME_NOT_IMPLEMENTED;
+	break;
+    }
+    if (rc == 0) {
+	if (tssVverbose)
+	    TSS_PrintAll("TSS_Name_GetName: ",
+			 name->t.name, name->t.size);
+    }
+    
+    return rc;
+}
+
+/* TSS_Name_Store() stores the 'name' parameter in a file.
+
+   If handle is not 0, the handle is used as the file name.
+
+   If 'string' is not NULL, the string is used as the file name.
+*/
+
+#ifndef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext,
+			     TPM2B_NAME *name,
+			     TPM_HANDLE handle,
+			     const char *string)
+{
+    TPM_RC 	rc = 0;
+    char 	nameFilename[TPM_DATA_DIR_PATH_LENGTH];
+
+    if (rc == 0) {
+	if (string == NULL) {
+	    if (handle != 0) {
+		sprintf(nameFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Name_Store: handle and string are both null");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+	else {
+	    if (handle == 0) {
+		sprintf(nameFilename, "%s/h%s.bin", tssContext->tssDataDirectory, string);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Name_Store: handle and string are both not null");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Name_Store: File %s\n", nameFilename);
+	rc = TSS_File_WriteBinaryFile(name->b.buffer, name->b.size, nameFilename);
+    }
+    return rc;
+}
+
+#endif
+
+/* TSS_Name_Load() loads the 'name' from a file.
+
+   If handle is not 0, the handle is used as the file name.
+
+   If 'string' is not NULL, the string is used as the file name.
+*/
+   
+#ifndef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext,
+			    TPM2B_NAME *name,
+			    TPM_HANDLE handle,
+			    const char *string)
+{
+    TPM_RC 		rc = 0;
+    char 		nameFilename[TPM_DATA_DIR_PATH_LENGTH];
+		
+    if (rc == 0) {
+	if (string == NULL) {
+	    if (handle != 0) {
+		sprintf(nameFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Name_Load: handle and string are both null\n");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+	else {
+	    if (handle == 0) {
+		sprintf(nameFilename, "%s/h%s.bin", tssContext->tssDataDirectory, string);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Name_Load: handle and string are both not null\n");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Name_Load: File %s\n", nameFilename);
+	rc = TSS_File_Read2B(&name->b,
+			     sizeof(name->t.name),
+			     nameFilename);
+    }
+    return rc;
+}
+
+#endif
+
+/* TSS_Name_Store() stores the 'name' parameter the TSS context.
+   
+*/
+
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext,
+			     TPM2B_NAME *name,
+			     TPM_HANDLE handle,
+			     const char *string)
+{
+    TPM_RC 	rc = 0;
+    TPM_HT 	handleType;
+    size_t	slotIndex;
+
+    if (tssVverbose) printf("TSS_Name_Store: Handle %08x\n", handle);
+    handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT);
+
+    switch (handleType) {
+      case TPM_HT_NV_INDEX:
+	/* for NV, the Name was returned at creation */
+	rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+	if (rc != 0) {
+	    rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL);
+	    if (rc == 0) {
+		tssContext->nvPublic[slotIndex].nvIndex = handle;
+	    }
+	    else {
+		if (tssVerbose)
+		    printf("TSS_Name_Store: Error, no slot available for handle %08x\n", handle);
+	    }
+	}
+	if (rc == 0) {
+	    tssContext->nvPublic[slotIndex].name = *name;
+	}
+	break;
+      case TPM_HT_TRANSIENT:
+      case TPM_HT_PERSISTENT:
+	if (rc == 0) {
+	    if (string == NULL) {
+		if (handle != 0) {
+		    /* if this handle is already used, overwrite the slot */
+		    rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+		    if (rc != 0) {
+			rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL);
+			if (rc == 0) {
+			    tssContext->objectPublic[slotIndex].objectHandle = handle;
+			}
+			else {
+			    if (tssVerbose)
+				printf("TSS_Name_Store: "
+				       "Error, no slot available for handle %08x\n",
+				       handle);
+			}
+		    }
+		}
+		else {
+		    if (tssVerbose) printf("TSS_Name_Store: handle and string are both null");
+		    rc = TSS_RC_NAME_FILENAME;
+		}
+	    }
+	    else {
+		if (handle == 0) {
+		    if (tssVerbose) printf("TSS_Name_Store: string unimplemented");
+		    rc = TSS_RC_NAME_FILENAME;
+		}
+		else {
+		    if (tssVerbose) printf("TSS_Name_Store: handle and string are both not null");
+		    rc = TSS_RC_NAME_FILENAME;
+		}
+	    }
+	}
+	if (rc == 0) {
+	    tssContext->objectPublic[slotIndex].name = *name;
+	}
+	break;
+      default:
+	if (tssVerbose) printf("TSS_Name_Store: handle type %02x unimplemented", handleType);
+	rc = TSS_RC_NAME_FILENAME;
+    }
+    return rc;
+}
+
+#endif
+
+/* TSS_Name_Load() loads the 'name' from the TSS context.
+   
+*/
+   
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext,
+			    TPM2B_NAME *name,
+			    TPM_HANDLE handle,
+			    const char *string)
+{
+    TPM_RC 	rc = 0;
+    TPM_HT 	handleType;
+    size_t	slotIndex;
+
+    string = string;
+    
+    if (tssVverbose) printf("TSS_Name_Load: Handle %08x\n", handle);
+    handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT);
+
+    switch (handleType) {
+      case TPM_HT_NV_INDEX:
+	rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_Name_Load: Error, no slot found for handle %08x\n", handle);
+	}
+	if (rc == 0) {
+	    *name = tssContext->nvPublic[slotIndex].name;
+	}
+	break;
+      case TPM_HT_TRANSIENT:
+      case TPM_HT_PERSISTENT:
+	rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_Name_Load: Error, no slot found for handle %08x\n", handle);
+	}
+	if (rc == 0) {
+	    *name = tssContext->objectPublic[slotIndex].name;
+	}
+	break;
+      default:
+	if (tssVerbose) printf("TSS_Name_Load: handle type %02x unimplemented", handleType);
+	rc = TSS_RC_NAME_FILENAME;
+	
+    }
+    return rc;
+}
+
+#endif
+
+/* TSS_Name_Copy() copies the name from either inHandle or inString to either outHandle or
+   outString */
+
+static TPM_RC TSS_Name_Copy(TSS_CONTEXT *tssContext,
+			    TPM_HANDLE outHandle,
+			    const char *outString,
+			    TPM_HANDLE inHandle,
+			    const char *inString)
+{
+    TPM_RC 		rc = 0;
+    TPM2B_NAME 		name;
+    
+    if (rc == 0) {
+	rc = TSS_Name_Load(tssContext, &name, inHandle, inString);
+    }
+    if (rc == 0) {
+	rc = TSS_Name_Store(tssContext, &name, outHandle, outString);
+    }
+    return rc;
+}
+
+/* TSS_Public_Store() stores the 'public' parameter in a file.
+
+   If handle is not 0, the handle is used as the file name.
+
+   If 'string' is not NULL, the string is used as the file name.
+*/
+
+#ifndef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext,
+			       TPM2B_PUBLIC *public,
+			       TPM_HANDLE handle,
+			       const char *string)
+{
+    TPM_RC 	rc = 0;
+    char 	publicFilename[TPM_DATA_DIR_PATH_LENGTH];
+
+    if (rc == 0) {
+	if (string == NULL) {
+	    if (handle != 0) {		/* store by handle */
+		sprintf(publicFilename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Store: handle and string are both null");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+	else {
+	    if (handle == 0) {		/* store by string */
+		sprintf(publicFilename, "%s/hp%s.bin", tssContext->tssDataDirectory, string);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Store: handle and string are both not null");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Public_Store: File %s\n", publicFilename);
+	rc = TSS_File_WriteStructure(public,
+				     (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal,
+				     publicFilename);
+    }
+    return rc;
+}
+
+#endif
+
+/* TSS_Public_Load() loads the 'public' parameter from a file.
+
+   If handle is not 0, the handle is used as the file name.
+
+   If 'string' is not NULL, the string is used as the file name.
+*/
+   
+#ifndef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext,
+			      TPM2B_PUBLIC *public,
+			      TPM_HANDLE handle,
+			      const char *string)
+{
+    TPM_RC 	rc = 0;
+    char 	publicFilename[TPM_DATA_DIR_PATH_LENGTH];
+		
+    if (rc == 0) {
+	if (string == NULL) {
+	    if (handle != 0) {
+		sprintf(publicFilename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Load: handle and string are both null\n");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+	else {
+	    if (handle == 0) {
+		sprintf(publicFilename, "%s/hp%s.bin", tssContext->tssDataDirectory, string);
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Load: handle and string are both not null\n");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Public_Load: File %s\n", publicFilename);
+	rc = TSS_File_ReadStructureFlag(public,
+					(UnmarshalFunctionFlag_t)TSS_TPM2B_PUBLIC_Unmarshalu,
+					TRUE,			/* NULL permitted */
+					publicFilename);
+    }
+    return rc;
+}
+
+#endif 	/* TPM_TSS_NOFILE */
+
+/* TSS_Public_Copy() copies the TPM2B_PUBLIC from either inHandle or inString to either outHandle or
+   outString */
+
+static TPM_RC TSS_Public_Copy(TSS_CONTEXT *tssContext,
+			      TPM_HANDLE outHandle,
+			      const char *outString,
+			      TPM_HANDLE inHandle,
+			      const char *inString)
+{
+    TPM_RC 		rc = 0;
+    TPM2B_PUBLIC 	public;
+    
+    if (rc == 0) {
+	rc = TSS_Public_Load(tssContext, &public, inHandle, inString);
+    }
+    if (rc == 0) {
+	rc = TSS_Public_Store(tssContext, &public, outHandle, outString);
+    }
+    return rc;
+}
+
+/* TSS_Public_Store() stores the 'public' parameter in the TSS context. 
+ */
+   
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext,
+			       TPM2B_PUBLIC *public,
+			       TPM_HANDLE handle,
+			       const char *string)
+{
+    TPM_RC 	rc = 0;
+    size_t	slotIndex;
+
+    if (rc == 0) {
+	if (string == NULL) {
+	    if (handle != 0) {
+		/* if this handle is already used, overwrite the slot */
+		rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+		if (rc != 0) {
+		    rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL);
+		    if (rc == 0) {
+			tssContext->objectPublic[slotIndex].objectHandle = handle;
+		    }
+		    else {
+			if (tssVerbose)
+			    printf("TSS_Public_Store: Error, no slot available for handle %08x\n",
+				   handle);
+		    }
+		}
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Store: handle and string are both null");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+	else {
+	    if (handle == 0) {
+		if (tssVerbose) printf("TSS_Public_Store: string not implemented yet");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Store: handle and string are both not null");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+    }
+    if (rc == 0) {
+	tssContext->objectPublic[slotIndex].objectPublic = *public;
+    }
+    return rc;
+}
+
+#endif
+
+/* TSS_Public_Load() loaded the object public from the TSS context.
+   
+ */
+   
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext,
+			      TPM2B_PUBLIC *public,
+			      TPM_HANDLE handle,
+			      const char *string)
+{
+    TPM_RC 	rc = 0;
+    size_t	slotIndex;
+		
+    if (rc == 0) {
+	if (string == NULL) {
+	    if (handle != 0) {
+		rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+		if (rc != 0) {
+		    if (tssVerbose)
+			printf("TSS_Public_Load: Error, no slot found for handle %08x\n",
+			       handle);
+		}
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Load: handle and string are both null\n");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+	else {
+	    if (handle == 0) {
+		if (tssVerbose) printf("TSS_Public_Load: string not implemented yet");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	    else {
+		if (tssVerbose) printf("TSS_Public_Load: handle and string are both not null\n");
+		rc = TSS_RC_NAME_FILENAME;
+	    }
+	}
+    }
+    if (rc == 0) {
+	*public = tssContext->objectPublic[slotIndex].objectPublic;
+    }
+    return rc;
+}
+
+#endif 	/* TPM_TSS_NOFILE */
+
+#ifdef TPM_TSS_NOFILE
+
+/* TSS_ObjectPublic_GetSlotForHandle() finds the object public slot corresponding to the handle.
+
+   Returns non-zero if no slot is found.
+*/
+
+static TPM_RC TSS_ObjectPublic_GetSlotForHandle(TSS_CONTEXT *tssContext,
+						size_t *slotIndex,
+						TPM_HANDLE handle)
+{
+    size_t 	i;
+
+    /* search all slots for handle */
+    for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) {
+	if (tssContext->objectPublic[i].objectHandle == handle) {
+	    *slotIndex = i;
+	    return 0;
+	}
+    }
+    return TSS_RC_NO_OBJECTPUBLIC_SLOT;
+}	
+
+#endif
+
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_ObjectPublic_DeleteData(TSS_CONTEXT *tssContext, TPM_HANDLE handle)
+{
+    TPM_RC	rc = 0;
+    size_t	slotIndex;
+
+    if (rc == 0) {
+	rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_ObjectPublic_DeleteData: Error, no slot found for handle %08x\n",
+		       handle);
+	}
+    }    
+    if (rc == 0) {
+	tssContext->objectPublic[slotIndex].objectHandle = TPM_RH_NULL;
+    }
+    return rc;
+}
+
+#endif
+
+
+/* TSS_DeleteHandle() removes retained state stored by the TSS for a handle 
+ */
+
+static TPM_RC TSS_DeleteHandle(TSS_CONTEXT *tssContext,
+			       TPM_HANDLE handle)
+{
+    TPM_RC		rc = 0;
+    TPM_HT 		handleType;
+#ifndef TPM_TSS_NOFILE
+    char		filename[TPM_DATA_DIR_PATH_LENGTH];
+#endif
+
+    handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT);
+#ifndef TPM_TSS_NOFILE
+    /* delete the Name */
+    if (rc == 0) {
+	sprintf(filename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle);
+	if (tssVverbose) printf("TSS_DeleteHandle: delete Name file %s\n", filename);
+	rc = TSS_File_DeleteFile(filename);
+    }
+    /* delete the public if it exists */
+    if (rc == 0) {
+	if ((handleType == TPM_HT_TRANSIENT) ||
+	    (handleType == TPM_HT_PERSISTENT)) {
+	    sprintf(filename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle);
+	    if (tssVverbose) printf("TSS_DeleteHandle: delete public file %s\n", filename);
+	    TSS_File_DeleteFile(filename);
+	}
+    }
+#else
+    /* sessions persist in the context and can be deleted */
+    if (rc == 0) {
+	switch (handleType) {
+	  case TPM_HT_NV_INDEX:
+	    rc = TSS_RC_NOT_IMPLEMENTED;
+	    break;
+	  case TPM_HT_HMAC_SESSION:
+	  case TPM_HT_POLICY_SESSION:
+	    if (tssVverbose) printf("TSS_DeleteHandle: delete session state %08x\n", handle);
+	    rc = TSS_HmacSession_DeleteData(tssContext, handle);
+	    break;
+	  case TPM_HT_TRANSIENT:
+	  case TPM_HT_PERSISTENT:
+	    rc = TSS_ObjectPublic_DeleteData(tssContext, handle);
+	    break;
+	}
+    }
+#endif
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* TSS_ObjectPublic_GetName() calculates the Name from the TPMT_PUBLIC.  The Name provides security,
+   because the Name returned from the TPM2_ReadPublic cannot be trusted.
+*/
+
+static TPM_RC TSS_ObjectPublic_GetName(TPM2B_NAME *name,
+				       TPMT_PUBLIC *tpmtPublic)
+{
+    TPM_RC 	rc = 0;
+    
+    uint16_t 	written = 0;
+    TPMT_HA	digest;
+    uint32_t 	sizeInBytes = 0;
+    uint8_t 	*buffer = NULL;
+
+    if (rc == 0) {
+	rc = TSS_Malloc(&buffer, MAX_RESPONSE_SIZE);	/* freed @1 */
+    }
+    /* marshal the TPMT_PUBLIC */
+    if (rc == 0) {
+	uint32_t 	size = MAX_RESPONSE_SIZE;
+	uint8_t 	*buffer1 = buffer;
+	rc = TSS_TPMT_PUBLIC_Marshalu(tpmtPublic, &written, &buffer1, &size);
+    }
+    /* hash the public area */
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
+	digest.hashAlg = tpmtPublic->nameAlg;	/* Name digest algorithm */
+	/* generate the TPMT_HA */
+	rc = TSS_Hash_Generate(&digest,	
+			       written, buffer,
+			       0, NULL);
+    }
+    if (rc == 0) {
+	TPMI_ALG_HASH nameAlgNbo;
+	/* copy the digest */
+	memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
+	/* copy the hash algorithm */
+	nameAlgNbo = htons(tpmtPublic->nameAlg);
+	memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
+	/* set the size */
+	name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+
+/* TSS_NVPublic_Store() stores the NV public data in a file.
+
+ */
+
+#ifndef TPM_TSS_NOFILE
+#ifndef TPM_TSS_NOCRYPTO
+
+static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext,
+				 TPMS_NV_PUBLIC *nvPublic,
+				 TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 	rc = 0;
+    char 	nvpFilename[TPM_DATA_DIR_PATH_LENGTH];
+
+    if (rc == 0) {
+	sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex);
+	rc = TSS_File_WriteStructure(nvPublic,
+				     (MarshalFunction_t)TSS_TPMS_NV_PUBLIC_Marshal,
+				     nvpFilename);
+    }
+    return rc;
+}
+
+#endif
+#endif
+
+/* TSS_NVPublic_Load() loads the NV public from a file.
+
+ */
+
+#ifndef TPM_TSS_NOFILE
+#ifndef TPM_TSS_NOCRYPTO
+
+static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext,
+				TPMS_NV_PUBLIC *nvPublic,
+				TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 	rc = 0;
+    char 	nvpFilename[TPM_DATA_DIR_PATH_LENGTH];
+
+    if (rc == 0) {
+	sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex);
+	rc = TSS_File_ReadStructure(nvPublic,
+				    (UnmarshalFunction_t)TSS_TPMS_NV_PUBLIC_Unmarshalu,
+				    nvpFilename);
+    }
+    return rc;
+}
+
+#endif
+#endif
+
+#ifndef TPM_TSS_NOFILE
+
+static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext,
+				  TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 	rc = 0;
+    char 	nvpFilename[TPM_DATA_DIR_PATH_LENGTH];
+    
+    if (rc == 0) {
+	sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex);
+	rc = TSS_File_DeleteFile(nvpFilename);
+    }
+    return rc;
+}
+
+#endif
+
+#ifdef TPM_TSS_NOFILE
+#ifndef TPM_TSS_NOCRYPTO
+
+/* TSS_NVPublic_Store() stores the NV public data in a file.
+
+ */
+
+static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext,
+				 TPMS_NV_PUBLIC *nvPublic,
+				 TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 	rc = 0;
+    size_t	slotIndex;
+
+    if (rc == 0) {
+	rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex);
+	if (rc != 0) {
+	    rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL);
+	    if (rc == 0) {
+		tssContext->nvPublic[slotIndex].nvIndex = nvIndex;
+	    }
+	    else {
+		if (tssVerbose)
+		    printf("TSS_NVPublic_Store: Error, no slot available for handle %08x\n",
+			   nvIndex);
+	    }
+	}
+    }
+    if (rc == 0) {
+	tssContext->nvPublic[slotIndex].nvPublic = *nvPublic;
+    }
+    return rc;
+}
+
+#endif
+#endif
+
+#ifdef TPM_TSS_NOFILE
+#ifndef TPM_TSS_NOCRYPTO
+
+/* TSS_NVPublic_Load() loads the NV public from a file.
+
+ */
+
+static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext,
+				TPMS_NV_PUBLIC *nvPublic,
+				TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 	rc = 0;
+    size_t	slotIndex;
+
+    if (rc == 0) {
+	rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_NVPublic_Load: Error, no slot found for handle %08x\n",
+		       nvIndex);
+	}
+    }
+    if (rc == 0) {
+	*nvPublic = tssContext->nvPublic[slotIndex].nvPublic;
+    }
+    return rc;
+}
+
+#endif
+#endif
+
+#ifdef TPM_TSS_NOFILE
+
+static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext,
+				  TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 	rc = 0;
+    size_t	slotIndex;
+    
+    if (rc == 0) {
+	rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex);
+	if (rc != 0) {
+	    if (tssVerbose)
+		printf("TSS_NVPublic_Delete: Error, no slot found for handle %08x\n",
+		       nvIndex);
+	}
+    }
+    if (rc == 0) {
+	tssContext->nvPublic[slotIndex].nvIndex = TPM_RH_NULL;
+    }
+    return rc;
+}
+
+#endif
+
+#ifdef TPM_TSS_NOFILE
+
+/* TSS_NvPublic_GetSlotForHandle() finds the object public slot corresponding to the handle.
+
+   Returns non-zero if no slot is found.
+*/
+
+static TPM_RC TSS_NvPublic_GetSlotForHandle(TSS_CONTEXT *tssContext,
+					    size_t *slotIndex,
+					    TPMI_RH_NV_INDEX nvIndex)
+{
+    size_t 	i;
+
+    /* search all slots for handle */
+    for (i = 0 ; i < (sizeof(tssContext->nvPublic) / sizeof(TSS_NVPUBLIC)) ; i++) {
+	if (tssContext->nvPublic[i].nvIndex == nvIndex) {
+	    *slotIndex = i;
+	    return 0;
+	}
+    }
+    return TSS_RC_NO_NVPUBLIC_SLOT;
+}	
+
+#endif
+
+/* TSS_NVPublic_GetName() calculates the Name from the TPMS_NV_PUBLIC.  The Name provides security,
+   because the Name returned from the TPM2_NV_ReadPublic cannot be trusted.
+*/
+
+#ifndef TPM_TSS_NOCRYPTO
+
+static TPM_RC TSS_NVPublic_GetName(TPM2B_NAME *name,
+				   TPMS_NV_PUBLIC *nvPublic)
+{
+    TPM_RC 	rc = 0;
+    
+    uint16_t 	written = 0;
+    TPMT_HA	digest;
+    uint32_t 	sizeInBytes = 0;
+    uint8_t 	*buffer = NULL;
+
+    if (rc == 0) {
+	rc = TSS_Malloc(&buffer, MAX_RESPONSE_SIZE);	/* freed @1 */
+    }
+    /* marshal the TPMS_NV_PUBLIC */
+    if (rc == 0) {
+	uint32_t 	size = MAX_RESPONSE_SIZE;
+	uint8_t 	*buffer1 = buffer;
+	rc = TSS_TPMS_NV_PUBLIC_Marshalu(nvPublic, &written, &buffer1, &size);
+    }
+    /* hash the public area */
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(nvPublic->nameAlg);
+	digest.hashAlg = nvPublic->nameAlg;	/* Name digest algorithm */
+	/* generate the TPMT_HA */
+	rc = TSS_Hash_Generate(&digest,	
+			       written, buffer,
+			       0, NULL);
+    }
+    if (rc == 0) {
+	TPMI_ALG_HASH nameAlgNbo;
+	/* copy the digest */
+	memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
+	/* copy the hash algorithm */
+	nameAlgNbo = htons(nvPublic->nameAlg);
+	memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
+	/* set the size */
+	name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+#endif
+
+#ifndef TPM_TSS_NOCRYPTO
+
+static TPM_RC TSS_HmacSession_SetNonceCaller(struct TSS_HMAC_CONTEXT *session,
+					     TPMS_AUTH_COMMAND 	*authC)
+{
+    TPM_RC		rc = 0;
+
+    /* generate a new nonceCaller */
+    if (rc == 0) {
+	session->nonceCaller.b.size = session->sizeInBytes;
+	rc = TSS_RandBytes(session->nonceCaller.t.buffer, session->sizeInBytes);
+    }
+    /* nonceCaller for the command */
+    if (rc == 0) {
+	rc = TSS_TPM2B_Copy(&authC->nonce.b, &session->nonceCaller.b, sizeof(TPMU_HA));
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* TSS_HmacSession_SetHmacKey() calculates the session HMAC key.
+
+   handleNumber is index into the session area.  The first sessions, the authorization sessions,
+   have a corresponding handle in the command handle.
+*/
+
+static TPM_RC TSS_HmacSession_SetHmacKey(TSS_CONTEXT *tssContext,
+					 struct TSS_HMAC_CONTEXT *session,
+					 size_t handleNumber,	/* index into the handle area */
+					 const char *password)
+{
+    TPM_RC		rc = 0;
+    TPM_HANDLE 		commandHandle;		/* from handle area, for bound session */
+    TPM2B_NAME		name;
+    TPM2B_AUTH 		authValue;
+    int 		bindMatch = FALSE;
+    int 		done = FALSE;		/* done with authorization sessions */
+
+    /*
+      authHMAC = HMAC sessionAlg ((sessionKey || authValue), 
+      (pHash || nonceNewer || nonceOlder 
+      { || nonceTPMdecrypt } { || nonceTPMencrypt }
+      || sessionAttributes))
+    */
+    /* HMAC key is sessionKey || authValue */
+    /* copy the session key to HMAC key */
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: sessionKey",
+				      session->sessionKey.b.buffer, session->sessionKey.b.size);
+	rc = TSS_TPM2B_Copy(&session->hmacKey.b,
+			    &session->sessionKey.b, sizeof(TPMU_HA) + sizeof(TPMT_HA));
+    }
+    /* copy the session key to sessionValue */
+    if (rc == 0) {
+	rc = TSS_TPM2B_Copy(&session->sessionValue.b,
+			    &session->sessionKey.b, sizeof(TPMU_HA) + sizeof(TPMT_HA));
+    }
+    if (rc == 0) {
+	if (tssVverbose)
+	    TSS_PrintAll("TSS_HmacSession_SetHmacKey: preliminary sessionValue",
+			 session->sessionValue.b.buffer, session->sessionValue.b.size);
+    }
+    /* This value is an EmptyAuth if the HMAC is being computed to authorize an action on the
+       object to which the session is bound.
+    */
+    /* The first sessions are authorization sessions.  They can have a bind entity.  All others can
+       be encrypt or decrypt sessions, but the authValue is not included in the session key.
+    */
+    if (rc == 0) {
+	AUTH_ROLE authRole = TSS_GetAuthRole(tssContext->tssAuthContext, handleNumber);
+	if (authRole == AUTH_NONE) {
+	    if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: Done, not auth session\n");
+	    done = TRUE;	/* not an authorization session, could be audit or
+				   encrypt/decrypt */
+	}
+    }
+    /* If not an authorization session, there is no authValue to append to the HMAC key or encrypt
+       sessionValue, regardless of the binding.  Below is for auth sessions. */
+    if (!done) {
+	/* First, if there was a bind handle, check if the name matches.  Else bindMatch remains
+	   FALSE. */
+	if (session->bind != TPM_RH_NULL) {
+	    /* get the handle for this session */
+	    if (tssVverbose)
+		printf("TSS_HmacSession_SetHmacKey: Processing bind handle %08x\n", session->bind);
+	    if (rc == 0) {
+		rc = TSS_GetCommandHandle(tssContext->tssAuthContext,
+					  &commandHandle,
+					  handleNumber);
+	    }
+	    /* get the Name corresponding to the handle */
+	    if (rc == 0) {
+		if (tssVverbose)
+		    printf("TSS_HmacSession_SetHmacKey: commandHandle %08x bindHandle %08x\n",
+			   commandHandle, session->bind);
+		rc = TSS_Name_GetName(tssContext, &name, commandHandle);
+	    }
+	    /* compare the authorized object name to the bind object name */
+	    if (rc == 0) {
+		bindMatch = TSS_TPM2B_Compare(&name.b, &session->bindName.b);
+		if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: bind match %u\n", bindMatch);
+	    }
+	}
+	/* Second, append password to session key for HMAC key if required */
+
+	/* When performing an HMAC for authorization, the HMAC key is normally the concatenation of
+	   the entity's authValue to the sessions sessionKey (created at
+	   TPM2_StartAuthSession(). However, if the authorization is for the entity to
+	   which the session is bound, the authValue is not included in the HMAC key. When
+	   a policy requires that an HMAC be computed, it is always concatenated.
+	*/
+	if ((rc == 0) &&
+	    /* append if HMAC session and not bind match */
+	    (((session->sessionType == TPM_SE_HMAC) && !bindMatch) ||
+	     /* append if policy and policy authvalue */
+	     ((session->sessionType == TPM_SE_POLICY) && session->isAuthValueNeeded)) &&
+	    (password != NULL)	/* if password is NULL, nothing to append. */
+
+	    ) {
+	    
+	    if (tssVverbose)
+		printf("TSS_HmacSession_SetHmacKey: Appending authValue to HMAC key\n");
+	    /* convert the password to an authvalue */
+	    if (rc == 0) {
+		rc = TSS_TPM2B_StringCopy(&authValue.b, password, sizeof(authValue.t.buffer));
+	    }
+	    /* append the authvalue to the session key to create the hmac key */
+	    if (rc == 0) {
+		rc = TSS_TPM2B_Append(&session->hmacKey.b, &authValue.b,
+				      sizeof(TPMU_HA) + sizeof(TPMT_HA));
+	    }
+	}
+	/* Third, append password to session key for sessionValue
+
+	   If a session is also being used for authorization, sessionValue (see 21.2 and 21.3) is
+	   sessionKey || authValue. The binding of the session is ignored. If the session is not
+	   being used for authorization, sessionValue is sessionKey.
+	 */
+	/* NOTE This step occurs even if there is a bind match. That is, the password is effectively
+	   appended twice. */
+	if (rc == 0) {
+	    /* if not bind, sessionValue is sessionKey || authValue (same as HMAC key) */
+	    if (!bindMatch) {
+		if (tssVverbose)
+		    printf("TSS_HmacSession_SetHmacKey: "
+			   "No bind, appending authValue to sessionValue\n");
+		/* convert the password to an authvalue */
+		if (rc == 0) {
+		    rc = TSS_TPM2B_StringCopy(&authValue.b, password, sizeof(authValue.t.buffer));
+		}
+		if (rc == 0) {
+		    rc = TSS_TPM2B_Append(&session->sessionValue.b, &authValue.b,
+					  sizeof(TPMU_HA) + sizeof(TPMT_HA));
+		}
+	    }
+	    /* if bind, sessionValue is sessionKey || bindAuthValue */
+	    else {
+		if (tssVverbose)
+		    printf("TSS_HmacSession_SetHmacKey: "
+			   "Bind, appending bind authValue to sessionValue\n");
+		if (rc == 0) {
+		    rc = TSS_TPM2B_Append(&session->sessionValue.b, &session->bindAuthValue.b,
+					  sizeof(TPMU_HA) + sizeof(TPMT_HA));
+		}
+	    }
+	    if (rc == 0) {
+		if (tssVverbose)
+		    TSS_PrintAll("TSS_HmacSession_SetHmacKey: bindAuthValue",
+				 session->bindAuthValue.b.buffer, session->bindAuthValue.b.size);
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose)
+	    TSS_PrintAll("TSS_HmacSession_SetHmacKey: hmacKey",
+			 session->hmacKey.b.buffer, session->hmacKey.b.size);
+	if (tssVverbose)
+	    TSS_PrintAll("TSS_HmacSession_SetHmacKey: sessionValue",
+			 session->sessionValue.b.buffer, session->sessionValue.b.size);
+    }
+    return rc;
+}
+    
+#endif	/* TPM_TSS_NOCRYPTO */
+
+/* TSS_HmacSession_SetHMAC() is used for a command.  It sets all the values in one
+   TPMS_AUTH_COMMAND, ready for marshaling into the command packet.
+
+   - gets cpBuffer
+   - generates cpHash
+   - generates the HMAC
+   - copies the result into authCommand
+
+   Unused names must have size 0.
+
+   The HMAC key is already in the session structure.
+*/
+
+static TPM_RC TSS_HmacSession_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext,	/* authorization context */
+				      struct TSS_HMAC_CONTEXT *session[],
+				      TPMS_AUTH_COMMAND *authCommand[],	/* output: command
+									   authorization */
+				      TPMI_SH_AUTH_SESSION sessionHandle[], /* session handles in
+									       command */
+				      unsigned int sessionAttributes[],	/* attributes for this
+									   command */
+				      const char *password[],
+				      TPM2B_NAME *name0,		/* up to 3 names */
+				      TPM2B_NAME *name1,	/* unused names have length 0 */
+				      TPM2B_NAME *name2)
+{
+    TPM_RC		rc = 0;
+    unsigned int	i = 0;
+#ifndef TPM_TSS_NOCRYPTO
+    TPMT_HA 		cpHash;
+    TPMT_HA 		hmac;
+    TPM2B_NONCE	nonceTPMDecrypt;
+    TPM2B_NONCE	nonceTPMEncrypt;
+    cpHash.hashAlg = TPM_ALG_NULL;	/* for cpHash calculation optimization */
+#endif	/* TPM_TSS_NOCRYPTO */
+
+
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) {
+	uint8_t sessionAttr8;
+	if (tssVverbose) printf("TSS_HmacSession_SetHMAC: Step 6 session %08x\n", sessionHandle[i]);
+	/* password sessions were serviced in step 2. */
+	if (sessionHandle[i] == TPM_RS_PW) {
+	    continue;
+	}
+	if (tssVverbose) printf("TSS_HmacSession_SetHMAC: sessionType %02x\n",
+				session[i]->sessionType);
+	if (tssVverbose) printf("TSS_HmacSession_SetHMAC: isPasswordNeeded %02x\n",
+				session[i]->isPasswordNeeded);
+	if (tssVverbose) printf("TSS_HmacSession_SetHMAC: isAuthValueNeeded %02x\n",
+				session[i]->isAuthValueNeeded);
+	/* sessionHandle */
+	authCommand[i]->sessionHandle = session[i]->sessionHandle;
+	/* attributes come from command */
+	sessionAttr8 = (uint8_t)sessionAttributes[i];
+	authCommand[i]->sessionAttributes.val = sessionAttr8;
+
+	/* policy session with policy password handled below, no hmac.  isPasswordNeeded is never
+	   true for an HMAC session, so don't need to test session type here. */
+	if (!(session[i]->isPasswordNeeded)) {
+	    /* HMAC session */ 
+	    if ((session[i]->sessionType == TPM_SE_HMAC) ||
+		/* policy session with TPM2_PolicyAuthValue */
+		((session[i]->sessionType == TPM_SE_POLICY) && (session[i]->isAuthValueNeeded)) ||
+		/* salted session */
+		(session[i]->hmacKey.t.size != 0)
+		) {
+		/* needs HMAC */
+#ifndef TPM_TSS_NOCRYPTO
+		if (tssVverbose) printf("TSS_HmacSession_SetHMAC: calculate HMAC\n");
+		/* calculate cpHash.  Performance optimization: If there is more than one session,
+		   and the hash algorithm is the same, use the previously calculated version. */
+		if ((rc == 0) && (cpHash.hashAlg != session[i]->authHashAlg)) {
+		    uint32_t cpBufferSize;
+		    uint8_t *cpBuffer;
+		    TPM_CC commandCode;
+		    TPM_CC commandCodeNbo;
+	
+		    rc = TSS_GetCpBuffer(tssAuthContext,
+					 &cpBufferSize,
+					 &cpBuffer);
+		    if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHMAC: cpBuffer",
+						  cpBuffer, cpBufferSize);
+		    cpHash.hashAlg = session[i]->authHashAlg;
+    
+		    /* cpHash = hash(commandCode [ || authName1		*/
+		    /*                           [ || authName2		*/
+		    /*                           [ || authName3 ]]]	*/
+		    /*                           [ || parameters])	*/
+		    /* A cpHash can contain just a commandCode only if the lone session is */
+		    /* an audit session. */
+
+		    commandCode = TSS_GetCommandCode(tssAuthContext);
+		    commandCodeNbo = htonl(commandCode);
+		    rc = TSS_Hash_Generate(&cpHash,		/* largest size of a digest */
+					   sizeof(TPM_CC), &commandCodeNbo,
+					   name0->b.size, &name0->b.buffer,
+					   name1->b.size, &name1->b.buffer,
+					   name2->b.size, &name2->b.buffer,
+					   cpBufferSize, cpBuffer,
+					   0, NULL);
+		}
+		if (i == 0) {
+		    unsigned int 	isDecrypt = 0;	/* count number of sessions with decrypt
+							   set */
+		    unsigned int	decryptSession = 0;	/* which one is decrypt */
+		    unsigned int 	isEncrypt = 0;	/* count number of sessions with decrypt
+							   set */
+		    unsigned int	encryptSession = 0;	/* which one is decrypt */
+		    nonceTPMDecrypt.t.size = 0;
+		    nonceTPMEncrypt.t.size = 0;
+		    /* if a different session is being used for parameter decryption, then the
+		       nonceTPM for that session is included in the HMAC of the first authorization
+		       session */
+		    if (rc == 0) {
+			rc = TSS_Sessions_GetDecryptSession(&isDecrypt,
+							    &decryptSession,
+							    sessionHandle,
+							    sessionAttributes);
+		    }
+		    if ((rc == 0) && isDecrypt && (decryptSession != 0)) {
+			rc = TSS_TPM2B_Copy(&nonceTPMDecrypt.b,
+					    &session[decryptSession]->nonceTPM.b, sizeof(TPMU_HA));
+		    }
+		    /* if a different session is being used for parameter encryption, then the
+		       nonceTPM for that session is included in the HMAC of the first authorization
+		       session */
+		    if (rc == 0) {
+			rc = TSS_Sessions_GetEncryptSession(&isEncrypt,
+							    &encryptSession,
+							    sessionHandle,
+							    sessionAttributes);
+		    }
+		    /* Don't include the same nonce twice */
+		    if ((rc == 0) && isEncrypt && (encryptSession != 0)) {
+			if (!isDecrypt || (encryptSession != decryptSession)) {
+			    rc = TSS_TPM2B_Copy(&nonceTPMEncrypt.b, 
+						&session[encryptSession]->nonceTPM.b,
+						sizeof(TPMU_HA));
+			}
+		    }
+		}
+		/* for other than the first session, those nonces are not used */
+		else {
+		    nonceTPMDecrypt.t.size = 0;
+		    nonceTPMEncrypt.t.size = 0;
+		}
+		/* */
+		if (rc == 0) {
+		    hmac.hashAlg = session[i]->authHashAlg;
+		    rc = TSS_HMAC_Generate(&hmac,				/* output hmac */
+					   &session[i]->hmacKey,		/* input key */
+					   session[i]->sizeInBytes, (uint8_t *)&cpHash.digest,
+					   /* new is nonceCaller */
+					   session[i]->nonceCaller.b.size,
+					   &session[i]->nonceCaller.b.buffer,
+					   /* old is previous nonceTPM */
+					   session[i]->nonceTPM.b.size,
+					   &session[i]->nonceTPM.b.buffer,
+					   /* nonceTPMDecrypt */
+					   nonceTPMDecrypt.b.size, nonceTPMDecrypt.b.buffer,
+					   /* nonceTPMEncrypt */
+					   nonceTPMEncrypt.b.size, nonceTPMEncrypt.b.buffer,
+					   /* 1 byte, no endian conversion */
+					   sizeof(uint8_t), &sessionAttr8,
+					   0, NULL);
+		    if (tssVverbose) {
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: HMAC key",
+				     session[i]->hmacKey.t.buffer, session[i]->hmacKey.t.size);
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: cpHash",
+				     (uint8_t *)&cpHash.digest, session[i]->sizeInBytes);
+			TSS_PrintAll("TSS_HmacSession_Set: nonceCaller",
+				     session[i]->nonceCaller.b.buffer,
+				     session[i]->nonceCaller.b.size);
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPM",
+				     session[i]->nonceTPM.b.buffer, session[i]->nonceTPM.b.size);
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPMDecrypt",
+				     nonceTPMDecrypt.b.buffer, nonceTPMDecrypt.b.size);
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPMEncrypt",
+				     nonceTPMEncrypt.b.buffer, nonceTPMEncrypt.b.size);
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: sessionAttributes",
+				     &sessionAttr8, sizeof(uint8_t));
+			TSS_PrintAll("TSS_HmacSession_SetHMAC: HMAC",
+				     (uint8_t *)&hmac.digest, session[i]->sizeInBytes);
+		    }
+		}
+		/* copy HMAC into authCommand TPM2B_AUTH hmac */
+		if (rc == 0) {
+		    rc = TSS_TPM2B_Create(&authCommand[i]->hmac.b,
+					  (uint8_t *)&hmac.digest,
+					  session[i]->sizeInBytes,
+					  sizeof(authCommand[i]->hmac.t.buffer));
+		}
+#else
+		tssAuthContext = tssAuthContext;
+		name0 = name0;
+		name1 = name1;
+		name2 = name2;
+		if (tssVerbose)
+		    printf("TSS_HmacSession_SetHMAC: Error, with no crypto not implemented\n");
+		rc = TSS_RC_NOT_IMPLEMENTED;
+#endif	/* TPM_TSS_NOCRYPTO */
+	    }
+	    /* not HMAC, not policy requiring password or hmac */
+	    else {
+		authCommand[i]->hmac.b.size = 0;
+	    }
+	}
+	/* For a policy session that contains TPM2_PolicyPassword(), the password takes precedence
+	   and must be present in hmac. */
+	else {		/* isPasswordNeeded true */
+	    if (tssVverbose) printf("TSS_HmacSession_SetHMAC: use password\n");
+	    /* nonce has already been set */
+	    rc = TSS_TPM2B_StringCopy(&authCommand[i]->hmac.b,
+				      password[i], sizeof(authCommand[i]->hmac.t.buffer));
+	}
+    }
+    return rc;
+}
+
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* TSS_HmacSession_Verify() is used for a response.  It uses the values in TPMS_AUTH_RESPONSE to
+   validate the response HMAC
+*/
+
+static TPM_RC TSS_HmacSession_Verify(TSS_AUTH_CONTEXT *tssAuthContext,	/* authorization context */
+				     struct TSS_HMAC_CONTEXT *session,	/* TSS session context */
+				     TPMS_AUTH_RESPONSE *authResponse)	/* input: response authorization */
+{
+    TPM_RC		rc = 0;
+    uint32_t		rpBufferSize;
+    uint8_t 		*rpBuffer;
+    TPMT_HA 		rpHash;
+    TPMT_HA 		actualHmac;
+
+    /* get the rpBuffer */
+    if (rc == 0) {
+	rc = TSS_GetRpBuffer(tssAuthContext, &rpBufferSize, &rpBuffer);
+	if (tssVverbose) TSS_PrintAll("TSS_HmacSession_Verify: rpBuffer",
+				      rpBuffer, rpBufferSize);
+    }
+    /* calculate rpHash */
+    if (rc == 0) {
+	TPM_CC commandCode;
+	TPM_CC commandCodeNbo;
+	rpHash.hashAlg = session->authHashAlg;
+	
+	commandCode = TSS_GetCommandCode(tssAuthContext);
+	commandCodeNbo = htonl(commandCode);
+	
+	/* rpHash = HsessionAlg (responseCode || commandCode {|| parameters })	 */
+	rc = TSS_Hash_Generate(&rpHash,			/* largest size of a digest */
+			       sizeof(TPM_RC), &rc,	/* RC is always 0, no need to endian
+							   convert */
+			       sizeof(TPM_CC), &commandCodeNbo,
+			       rpBufferSize, rpBuffer,
+			       0, NULL);
+    }
+    /* construct the actual HMAC as TPMT_HA */
+    if (rc == 0) {
+	actualHmac.hashAlg = session->authHashAlg;
+	if (authResponse->hmac.t.size != session->sizeInBytes) {
+	    if (tssVerbose)
+		printf("TSS_HmacSession_Verify: HMAC size %u inconsistent with algorithm %u\n",
+		       authResponse->hmac.t.size, session->sizeInBytes);
+	    rc = TSS_RC_HMAC_SIZE;
+	}
+    }
+    if (rc == 0) {
+	memcpy((uint8_t *)&actualHmac.digest, &authResponse->hmac.t.buffer,
+	       authResponse->hmac.t.size);
+    }
+    /* verify the HMAC */
+    if (rc == 0) {
+	if (tssVverbose) {
+	    TSS_PrintAll("TSS_HmacSession_Verify: HMAC key",
+			 session->hmacKey.t.buffer, session->hmacKey.t.size);
+	    TSS_PrintAll("TSS_HmacSession_Verify: rpHash",
+			 (uint8_t *)&rpHash.digest, session->sizeInBytes);
+	    TSS_PrintAll("TSS_HmacSession_Verify: nonceTPM",
+			 session->nonceTPM.b.buffer, session->nonceTPM.b.size);
+	    TSS_PrintAll("TSS_HmacSession_Verify: nonceCaller",
+			 session->nonceCaller.b.buffer, session->nonceCaller.b.size);
+	    TSS_PrintAll("TSS_HmacSession_Verify: sessionAttributes",
+			 &authResponse->sessionAttributes.val, sizeof(uint8_t));
+	    TSS_PrintAll("TSS_HmacSession_Verify: response HMAC",
+			 (uint8_t *)&authResponse->hmac.t.buffer, session->sizeInBytes);
+	}
+	rc = TSS_HMAC_Verify(&actualHmac,		/* input response hmac */
+			     &session->hmacKey,		/* input HMAC key */
+			     session->sizeInBytes,
+			     /* rpHash */
+			     session->sizeInBytes, (uint8_t *)&rpHash.digest,
+			     /* new is nonceTPM */
+			     session->nonceTPM.b.size, &session->nonceTPM.b.buffer,
+			     /* old is nonceCaller */
+			     session->nonceCaller.b.size, &session->nonceCaller.b.buffer,
+			     /* 1 byte, no endian conversion */
+			     sizeof(uint8_t), &authResponse->sessionAttributes.val,
+			     0, NULL);
+    }
+    return rc;
+}
+
+#endif 	/* TPM_TSS_NOCRYPTO */
+
+/* TSS_HmacSession_Continue() handles the response continueSession flag.  It either saves the
+   updated session or deletes the session state. */
+
+static TPM_RC TSS_HmacSession_Continue(TSS_CONTEXT *tssContext,
+				       struct TSS_HMAC_CONTEXT *session,
+				       TPMS_AUTH_RESPONSE *authR)
+{
+    TPM_RC		rc = 0;
+
+    if (rc == 0) {
+	/* if continue set */
+	if (authR->sessionAttributes.val & TPMA_SESSION_CONTINUESESSION) {
+	    /* clear the policy flags in preparation for the next use */
+	    session->isPasswordNeeded = FALSE;
+	    session->isAuthValueNeeded = FALSE;
+	    /* save the session */
+	    rc = TSS_HmacSession_SaveSession(tssContext, session);
+	}
+	else {		/* continue clear */
+	    /* delete the session state */
+	    rc = TSS_DeleteHandle(tssContext, session->sessionHandle);
+	}
+    }
+    return rc;
+}
+
+/* TSS_Sessions_GetDecryptSession() searches for a command decrypt session.  If found, returns
+   isDecrypt TRUE, and the session number in decryptSession.
+
+*/
+
+static TPM_RC TSS_Sessions_GetDecryptSession(unsigned int *isDecrypt,
+					     unsigned int *decryptSession,
+					     TPMI_SH_AUTH_SESSION sessionHandle[],
+					     unsigned int sessionAttributes[])
+{
+    TPM_RC		rc = 0;
+    unsigned int 	i = 0;
+
+    /* count the number of command decrypt sessions */
+    *isDecrypt = 0;		/* number of sessions with decrypt set */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) &&
+	     (sessionHandle[i] != TPM_RH_NULL) &&
+	     (sessionHandle[i] != TPM_RS_PW) ;
+	     i++) {
+	if (sessionAttributes[i] & TPMA_SESSION_DECRYPT) {
+	    (*isDecrypt)++;		/* count number of decrypt sessions */
+	    *decryptSession = i;	/* record which one it was */
+	}
+    }
+    /* how many decrypt sessions were found */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Sessions_GetDecryptSession: Found %u decrypt sessions at %u\n",
+				*isDecrypt, *decryptSession);
+	if (*isDecrypt > 1) {
+	    if (tssVerbose)
+		printf("TSS_Sessions_GetDecryptSession: Error, found %u decrypt sessions\n",
+		       *isDecrypt);
+	    rc = TSS_RC_DECRYPT_SESSIONS;
+	}
+    }
+    return rc;
+}
+
+/* TSS_Sessions_GetEncryptSession() searches for a response encrypt session.  If found, returns
+   isEncrypt TRUE, and the session number in encryptSession.
+
+*/
+
+static TPM_RC TSS_Sessions_GetEncryptSession(unsigned int *isEncrypt,
+					     unsigned int *encryptSession,
+					     TPMI_SH_AUTH_SESSION sessionHandle[],
+					     unsigned int sessionAttributes[])
+{
+    TPM_RC		rc = 0;
+    unsigned int 	i = 0;
+
+    /* count the number of command encrypt sessions */
+    *isEncrypt = 0;		/* number of sessions with encrypt set */
+    for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) &&
+	     (sessionHandle[i] != TPM_RH_NULL) &&
+	     (sessionHandle[i] != TPM_RS_PW) ;
+	 i++) {
+	if (sessionAttributes[i] & TPMA_SESSION_ENCRYPT) {
+	    (*isEncrypt)++;		/* count number of encrypt sessions */
+	    *encryptSession = i;	/* record which one it was */
+	}
+    }
+    /* how many encrypt sessions were found */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Sessions_GetEncryptSession: Found %u encrypt sessions at %u\n",
+				*isEncrypt, *encryptSession);
+	if (*isEncrypt > 1) {
+	    if (tssVerbose)
+		printf("TSS_Sessions_GetEncryptSession: Error, found %u encrypt sessions\n",
+		       *isEncrypt);
+	    rc = TSS_RC_ENCRYPT_SESSIONS;
+	}
+    }
+    return rc;
+}
+
+/* TSS_Command_Decrypt() determines whether any sessions are command decrypt sessions.  If so, it
+   encrypts the first command parameter.
+
+   It does common error checking, then calls algorithm specific functions.
+
+*/
+
+static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext,
+				  struct TSS_HMAC_CONTEXT *session[],
+				  TPMI_SH_AUTH_SESSION sessionHandle[],
+				  unsigned int	sessionAttributes[])
+{
+    TPM_RC		rc = 0;
+    unsigned int 	isDecrypt = 0;		/* count number of sessions with decrypt set */
+    unsigned int	decryptSession = 0;	/* which session is decrypt */
+
+    /* determine if there is a decrypt session */
+    if (rc == 0) {
+	rc = TSS_Sessions_GetDecryptSession(&isDecrypt,
+					    &decryptSession,
+					    sessionHandle,
+					    sessionAttributes);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	COMMAND_INDEX   tpmCommandIndex;	/* index into TPM table */
+	TPM_CC 		commandCode;
+	int		decryptSize;		/* size of TPM2B size, 2 if there is a TPM2B, 0 if
+						   not */
+	uint32_t 	paramSize;		/* size of the parameter to encrypt */	
+	uint8_t 	*decryptParamBuffer;
+	/* can the command parameter be encrypted */
+	if ((rc == 0) && isDecrypt) {
+	    /* get the commandCode, stored in TSS during marshal */
+	    commandCode  = TSS_GetCommandCode(tssAuthContext);
+	    /* get the index into the TPM command attributes table */
+	    tpmCommandIndex = CommandCodeToCommandIndex(commandCode);
+	    /* can this be a decrypt command (this is size of TPM2B size, not size of parameter) */
+	    decryptSize = getDecryptSize(tpmCommandIndex);
+	    if (decryptSize != 2) {		/* only handle TPM2B */
+		printf("TSS_Command_Decrypt: Error, command cannot be encrypted\n");
+		rc = TSS_RC_NO_DECRYPT_PARAMETER;
+	    }
+	}
+	/* get the TPM2B parameter to encrypt */
+	if ((rc == 0) && isDecrypt) {
+	    rc = TSS_GetCommandDecryptParam(tssAuthContext, &paramSize, &decryptParamBuffer);
+	}
+	/* if the size of the parameter to encrypt is zero, nothing to encrypt */
+	if ((rc == 0) && isDecrypt) {
+	    if (paramSize == 0) {
+		isDecrypt = FALSE;	/* none, done with this function */
+	    }
+	}
+	/* error checking complete, do the encryption */
+	if ((rc == 0) && isDecrypt) {
+	    switch (session[decryptSession]->symmetric.algorithm) {
+	      case TPM_ALG_XOR:
+		rc = TSS_Command_DecryptXor(tssAuthContext, session[decryptSession]);
+		break;
+	      case TPM_ALG_AES:
+		rc = TSS_Command_DecryptAes(tssAuthContext, session[decryptSession]);
+		break;
+	      default:
+		if (tssVerbose) printf("TSS_Command_Decrypt: Error, algorithm %04x not implemented\n",
+				       session[decryptSession]->symmetric.algorithm);
+		rc = TSS_RC_BAD_DECRYPT_ALGORITHM;
+		break;
+	    }
+	}
+    }
+#else
+    tssAuthContext = tssAuthContext;
+    session = session;
+    if ((rc == 0) && isDecrypt) {
+	if (tssVerbose)
+	    printf("TSS_Command_Decrypt: Error, with no crypto not implemented\n");
+	rc = TSS_RC_NOT_IMPLEMENTED;
+    }
+#endif
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* NOTE: if AES also works, do in place encryption */
+
+static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext,
+				     struct TSS_HMAC_CONTEXT *session)
+{
+    TPM_RC		rc = 0;
+    unsigned int	i;
+    uint32_t 		paramSize;
+    uint8_t 		*decryptParamBuffer;
+    uint8_t 		*mask = NULL;
+    uint8_t 		*encryptParamBuffer = NULL;
+
+    /* get the TPM2B parameter to encrypt */
+    if (rc == 0) {
+	rc = TSS_GetCommandDecryptParam(tssAuthContext, &paramSize, &decryptParamBuffer);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: decrypt in",
+				      decryptParamBuffer, paramSize);
+    }    
+    if (rc == 0) {
+	rc = TSS_Malloc(&mask, paramSize);
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(&encryptParamBuffer, paramSize);
+    }
+    /* generate the XOR pad */
+    /* 21.2	XOR Parameter Obfuscation
+
+       XOR(parameter, hashAlg, sessionValue, nonceNewer, nonceOlder)
+
+       parameter	a variable sized buffer containing the parameter to be obfuscated
+       hashAlg		the hash algorithm associated with the session
+       sessionValue	the session-specific HMAC key
+       nonceNewer	for commands, this will be nonceCaller and for responses it will be nonceTPM
+       nonceOlder	for commands, this will be nonceTPM and for responses it will be nonceCaller
+
+       11.4.6.3	XOR Obfuscation
+
+       XOR(data, hashAlg, key, contextU, contextV)
+       
+       mask = KDFa (hashAlg, key, "XOR", contextU, contextV, data.size * 8)
+    */
+    /* KDFa for the XOR mask */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Command_DecryptXor: hashAlg %04x\n", session->authHashAlg);
+	if (tssVverbose) printf("TSS_Command_DecryptXor: sizeInBits %04x\n", paramSize * 8);
+	if (tssVverbose)
+	    TSS_PrintAll("TSS_Command_DecryptXor: sessionKey",
+			 session->sessionKey.b.buffer, session->sessionKey.b.size);
+	if (tssVverbose)
+	    TSS_PrintAll("TSS_Command_DecryptXor: sessionValue",
+			 session->sessionValue.b.buffer, session->sessionValue.b.size);
+	rc = TSS_KDFA(mask,
+		      session->authHashAlg,
+		      &session->sessionValue.b,
+		      "XOR",
+		      &session->nonceCaller.b,
+		      &session->nonceTPM.b,
+		      paramSize * 8);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: mask",
+				      mask, paramSize);
+    }
+    /* XOR */
+    for (i = 0 ; (rc == 0) && (i < paramSize ) ; i++)  {
+	encryptParamBuffer[i] = decryptParamBuffer[i] ^ mask[i];
+    }
+    if (rc == 0) {
+	rc = TSS_SetCommandDecryptParam(tssAuthContext, paramSize, encryptParamBuffer);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: encrypt out",
+				      encryptParamBuffer, paramSize);
+    }
+    free(mask);
+    free(encryptParamBuffer);
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* NOTE: if AES also works, do in place encryption */
+
+static TPM_RC TSS_Command_DecryptAes(TSS_AUTH_CONTEXT *tssAuthContext,
+				     struct TSS_HMAC_CONTEXT *session)
+{
+    TPM_RC		rc = 0;
+    uint32_t 		paramSize;
+    uint8_t 		*decryptParamBuffer;
+    uint8_t 		*encryptParamBuffer = NULL;
+    TPM2B_IV		iv;
+    uint32_t           	kdfaBits;
+    uint16_t		keySizeinBytes;
+    uint8_t		symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE];	/* AES key + IV */
+    
+    /* get the TPM2B parameter to encrypt */
+    if (rc == 0) {
+	rc = TSS_GetCommandDecryptParam(tssAuthContext, &paramSize, &decryptParamBuffer);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: decrypt in",
+				      decryptParamBuffer, paramSize);
+    }    
+    if (rc == 0) {
+	rc = TSS_Malloc(&encryptParamBuffer, paramSize);	/* free @1 */
+    }
+    /* generate the encryption key and IV */
+    /* 21.3	CFB Mode Parameter Encryption
+
+       KDFa (hashAlg, sessionValue, "CFB", nonceNewer, nonceOlder, bits)	(34)
+
+       hashAlg		the hash algorithm associated with the session
+       sessionValue	the session-specific HMAC key
+       "CFB"		label to differentiate use of KDFa() (see 4.2)
+       nonceNewer	nonceCaller for a command and nonceTPM for a response
+       nonceOlder	nonceTPM for a command and nonceCaller for a response
+       bits		the number of bits required for the symmetric key plus an IV
+    */
+    if (rc == 0) {
+	iv.t.size = TSS_Sym_GetBlockSize(session->symmetric.algorithm,
+					 session->symmetric.keyBits.aes);
+	/* generate random values for both the AES key and the IV */
+	kdfaBits = session->symmetric.keyBits.aes + (iv.t.size * 8);
+
+	if (tssVverbose) printf("TSS_Command_DecryptAes: hashAlg %04x\n",
+				session->authHashAlg);
+	if (tssVverbose) printf("TSS_Command_DecryptAes: AES key bits %u\n",
+				session->symmetric.keyBits.aes);
+	if (tssVverbose) printf("TSS_Command_DecryptAes: kdfaBits %04x\n",
+				kdfaBits);
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: session key",
+				      session->sessionKey.b.buffer, session->sessionKey.b.size);
+
+	rc = TSS_KDFA(&symParmString[0],
+		      session->authHashAlg,
+		      &session->sessionValue.b,
+		      "CFB",
+		      &session->nonceCaller.b,
+		      &session->nonceTPM.b,
+		      kdfaBits);
+    }
+    /* copy the latter part of the kdf output to the IV */
+    if (rc == 0) {
+	keySizeinBytes = session->symmetric.keyBits.aes / 8;
+	memcpy(iv.t.buffer, &symParmString[keySizeinBytes], iv.t.size);
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: IV",
+				      iv.t.buffer, iv.t.size);
+    }
+    /* AES CFB encrypt the command */
+    if (rc == 0) {
+	TPM_RC crc;
+	crc = TSS_AES_EncryptCFB(encryptParamBuffer,			/* output */
+				 session->symmetric.keyBits.aes,	/* 128 */
+				 symParmString,				/* key */
+				 iv.t.buffer,				/* IV */
+				 paramSize,				/* length */
+				 (uint8_t *)decryptParamBuffer);	/* input */
+	if (crc != 0) {
+	    if (tssVerbose) printf("TSS_Command_DecryptAes: AES encrypt failed\n");
+	    rc = TSS_RC_AES_ENCRYPT_FAILURE;
+	}
+    }		 
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: encrypt out",
+				      encryptParamBuffer, paramSize);
+    }
+    if (rc == 0) {
+	rc = TSS_SetCommandDecryptParam(tssAuthContext, paramSize, encryptParamBuffer);
+    }
+    free(encryptParamBuffer);	/* @1 */
+    return rc;
+}    
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+static TPM_RC TSS_Response_Encrypt(TSS_AUTH_CONTEXT *tssAuthContext,
+				   struct TSS_HMAC_CONTEXT *session[],
+				   TPMI_SH_AUTH_SESSION sessionHandle[],
+				   unsigned int sessionAttributes[])
+{
+    TPM_RC		rc = 0;
+    unsigned int 	isEncrypt = 0;		/* count number of sessions with decrypt set */
+    unsigned int	encryptSession = 0;	/* which one is decrypt */
+    
+    /* determine if there is an encrypt session */
+    if (rc == 0) {
+	rc = TSS_Sessions_GetEncryptSession(&isEncrypt,
+					    &encryptSession,
+					    sessionHandle,
+					    sessionAttributes);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	COMMAND_INDEX   tpmCommandIndex;	/* index into TPM table */
+	TPM_CC 		commandCode;
+	int		encryptSize;		/* size of TPM2B size, 2 if there is a TPM2B, 0 if
+						   not */
+	uint32_t 	paramSize;		/* size of the parameter to decrypt */	
+	uint8_t 	*encryptParamBuffer;
+	/* can the response parameter be decrypted */
+	if ((rc == 0) && isEncrypt) {
+	    /* get the commandCode, stored in TSS during marshal */
+	    commandCode  = TSS_GetCommandCode(tssAuthContext);
+	    /* get the index into the TPM command attributes table */
+	    tpmCommandIndex = CommandCodeToCommandIndex(commandCode);
+	    /* can this be a decrypt command */
+	    encryptSize = getEncryptSize(tpmCommandIndex);
+	    if (encryptSize == 0) {
+		if (tssVerbose) printf("TSS_Response_Encrypt: "
+				       "Error, response cannot be encrypted\n");
+		rc = TSS_RC_NO_ENCRYPT_PARAMETER;
+	    }
+	}
+	/* get the TPM2B parameter to decrypt */
+	if ((rc == 0) && isEncrypt) {
+	    rc = TSS_GetResponseEncryptParam(tssAuthContext, &paramSize, &encryptParamBuffer);
+	}
+	/* if the size of the parameter to decrypt is zero, nothing to decrypt */
+	if ((rc == 0) && isEncrypt) {
+	    if (paramSize == 0) {
+		isEncrypt = FALSE;	/* none, done with this function */
+	    }
+	}
+	/* error checking complete, do the decryption */
+	if ((rc == 0) && isEncrypt) {
+	    switch (session[encryptSession]->symmetric.algorithm) {
+	      case TPM_ALG_XOR:
+		rc = TSS_Response_EncryptXor(tssAuthContext, session[encryptSession]);
+		break;
+	      case TPM_ALG_AES:
+		rc = TSS_Response_EncryptAes(tssAuthContext, session[encryptSession]);
+		break;
+	      default:
+		if (tssVerbose) printf("TSS_Response_Encrypt: "
+				       "Error, algorithm %04x not implemented\n",
+				       session[encryptSession]->symmetric.algorithm);
+		rc = TSS_RC_BAD_ENCRYPT_ALGORITHM;
+		break;
+	    }
+	}
+    }
+#else
+    tssAuthContext = tssAuthContext;
+    session = session;
+    if ((rc == 0) && isEncrypt) {
+	if (tssVerbose)
+	    printf("TSS_Response_Encrypt: Error, with no crypto not implemented\n");
+	rc = TSS_RC_NOT_IMPLEMENTED;
+    }
+#endif
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* NOTE: if CFB also works, do in place decryption */
+
+static TPM_RC TSS_Response_EncryptXor(TSS_AUTH_CONTEXT *tssAuthContext,
+				      struct TSS_HMAC_CONTEXT *session)
+{
+    TPM_RC		rc = 0;
+    unsigned int	i;
+    uint32_t 		paramSize;
+    uint8_t 		*encryptParamBuffer;
+    uint8_t 		*mask = NULL;
+    uint8_t 		*decryptParamBuffer = NULL;
+
+    /* get the TPM2B parameter to decrypt */
+    if (rc == 0) {
+	rc = TSS_GetResponseEncryptParam(tssAuthContext,
+					 &paramSize, &encryptParamBuffer);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: encrypt in",
+				      encryptParamBuffer, paramSize);
+    }    
+    if (rc == 0) {
+	rc = TSS_Malloc(&mask, paramSize);			/* freed @1 */
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(&decryptParamBuffer, paramSize);	/* freed @2 */
+    }
+    /* generate the XOR pad */
+    /* 21.2	XOR Parameter Obfuscation
+
+       XOR(parameter, hashAlg, sessionValue, nonceNewer, nonceOlder)
+
+       parameter	a variable sized buffer containing the parameter to be obfuscated
+       hashAlg		the hash algorithm associated with the session
+       sessionValue	the session-specific HMAC key
+       nonceNewer	for commands, this will be nonceCaller and for responses it will be nonceTPM
+       nonceOlder	for commands, this will be nonceTPM and for responses it will be nonceCaller
+
+       
+       11.4.6.3	XOR Obfuscation
+
+       XOR(data, hashAlg, key, contextU, contextV)
+       
+       mask = KDFa (hashAlg, key, "XOR", contextU, contextV, data.size * 8)
+    */
+    /* KDFa for the XOR mask */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Response_EncryptXor: hashAlg %04x\n", session->authHashAlg);
+	if (tssVverbose) printf("TSS_Response_EncryptXor: sizeInBits %04x\n", paramSize * 8);
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: session key",
+				      session->sessionKey.b.buffer, session->sessionKey.b.size);
+	rc = TSS_KDFA(mask,
+		      session->authHashAlg,
+		      &session->sessionValue.b,
+		      "XOR",
+		      &session->nonceTPM.b,
+		      &session->nonceCaller.b,
+		      paramSize * 8);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: mask",
+				      mask, paramSize);
+    }
+    /* XOR */
+    for (i = 0 ; (rc == 0) && (i < paramSize ) ; i++)  {
+	decryptParamBuffer[i] = encryptParamBuffer[i] ^ mask[i];
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: decrypt out",
+				      decryptParamBuffer, paramSize);
+    }
+    if (rc == 0) {
+	rc = TSS_SetResponseDecryptParam(tssAuthContext,
+					 paramSize, decryptParamBuffer);
+    }
+    free(mask);			/* @1 */
+    free(decryptParamBuffer);	/* @2 */
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+#ifndef TPM_TSS_NOCRYPTO
+
+/* NOTE: if CFB also works, do in place decryption */
+
+static TPM_RC TSS_Response_EncryptAes(TSS_AUTH_CONTEXT *tssAuthContext,
+				      struct TSS_HMAC_CONTEXT *session)
+{
+    TPM_RC		rc = 0;
+    uint32_t 		paramSize;
+    uint8_t 		*encryptParamBuffer;
+    uint8_t 		*decryptParamBuffer = NULL;
+    TPM2B_IV		iv;
+    uint32_t           	kdfaBits;
+    uint16_t		keySizeinBytes;
+    uint8_t		symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE];	/* AES key + IV */
+
+    /* get the TPM2B parameter to decrypt */
+    if (rc == 0) {
+	rc = TSS_GetResponseEncryptParam(tssAuthContext,
+					 &paramSize, &encryptParamBuffer);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: encrypt in",
+				      encryptParamBuffer, paramSize);
+    }    
+    if (rc == 0) {
+	rc = TSS_Malloc(&decryptParamBuffer, paramSize);	/* freed @1 */
+    }
+    /* generate the encryption key and IV */
+    /* 21.3	CFB Mode Parameter Encryption
+
+       KDFa (hashAlg, sessionValue, "CFB", nonceNewer, nonceOlder, bits)	(34)
+    */
+    if (rc == 0) {
+	
+	iv.t.size = TSS_Sym_GetBlockSize(session->symmetric.algorithm,
+					 session->symmetric.keyBits.aes);
+	/* generate random values for both the AES key and the IV */
+	kdfaBits = session->symmetric.keyBits.aes + (iv.t.size * 8);
+
+	if (tssVverbose) printf("TSS_Response_EncryptAes: hashAlg %04x\n",
+				session->authHashAlg);
+	if (tssVverbose) printf("TSS_Response_EncryptAes: AES key bits %u\n",
+				session->symmetric.keyBits.aes);
+	if (tssVverbose) printf("TSS_Response_EncryptAes: kdfaBits %04x\n",
+				kdfaBits);
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: session key",
+				      session->sessionKey.b.buffer, session->sessionKey.b.size);
+	
+	rc = TSS_KDFA(&symParmString[0],
+		      session->authHashAlg,
+		      &session->sessionValue.b,
+		      "CFB",
+		      &session->nonceTPM.b,
+		      &session->nonceCaller.b,
+		      kdfaBits);
+    }
+    /* copy the latter part of the kdf output to the IV */
+    if (rc == 0) {
+	keySizeinBytes = session->symmetric.keyBits.aes / 8;
+	memcpy(iv.t.buffer, &symParmString[keySizeinBytes], iv.t.size);
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: IV",
+				      iv.t.buffer, iv.t.size);
+    }
+    /* AES CFB decrypt the response */
+    if (rc == 0) {
+	TPM_RC crc;
+	crc = TSS_AES_DecryptCFB(decryptParamBuffer,			/* output */
+				 session->symmetric.keyBits.aes,	/* 128 */
+				 symParmString,				/* key */
+				 iv.t.buffer,				/* IV */
+				 paramSize,				/* length */
+				 (uint8_t *)encryptParamBuffer);	/* input */
+	if (crc != 0) {
+	    if (tssVerbose) printf("TSS_Response_EncryptAes: AES decrypt failed\n");
+	    rc = TSS_RC_AES_DECRYPT_FAILURE;
+	}
+    }		 
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: decrypt out",
+				      decryptParamBuffer, paramSize);
+    }
+    if (rc == 0) {
+	rc = TSS_SetResponseDecryptParam(tssAuthContext,
+					 paramSize, decryptParamBuffer);
+    }
+    free(decryptParamBuffer);	/* @1 */
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+/*
+  Command Change Authorization Processor
+*/
+
+#ifndef TPM_TSS_NOCRYPTO
+
+static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext,
+					      struct TSS_HMAC_CONTEXT *session,
+					      size_t handleNumber,
+					      COMMAND_PARAMETERS *in)
+{
+    TPM_RC 			rc = 0;
+    size_t 			index;
+    int 			found;
+    TSS_ChangeAuthFunction_t 	changeAuthFunction = NULL;
+
+    TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext);
+
+    /* search the table for a change authorization processing function */
+    if (rc == 0) {
+	found = FALSE;
+	for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
+	    if (tssTable[index].commandCode == commandCode) {
+		found = TRUE;
+		break;	/* don't increment index if found */
+	    }
+	}
+    }
+    /* found false means there is no change authorization function.  This permits the table to be
+       smaller if desired. */
+    if ((rc == 0) && found) {
+	changeAuthFunction = tssTable[index].changeAuthFunction;
+	/* there could also be an entry that is currently NULL, nothing to do */
+	if (changeAuthFunction == NULL) {
+	    found = FALSE;
+	}
+    }
+    /* call the processing function */
+    if ((rc == 0) && found) {
+	rc = changeAuthFunction(tssContext, session, handleNumber, in);
+    }
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOCRYPTO */
+
+static TPM_RC TSS_CA_HierarchyChangeAuth(TSS_CONTEXT *tssContext,
+					 struct TSS_HMAC_CONTEXT *session,
+					 size_t handleNumber,
+					 HierarchyChangeAuth_In *in)
+{
+    TPM_RC 		rc = 0;
+    char		*password = NULL;
+    
+    if (tssVverbose) printf("TSS_CA_HierarchyChangeAuth\n");
+    if (in->newAuth.t.size == 0) {
+	password = NULL;
+    }
+    else {
+	if (rc == 0) {
+	    rc = TSS_Malloc((uint8_t **)&password,	/* freed @1 */
+			    in->newAuth.t.size + 1);
+	}
+	if (rc == 0) {
+	    /* copy the password */
+	    memcpy(password, in->newAuth.t.buffer, in->newAuth.t.size);
+	    password[in->newAuth.t.size] = '\0';	/* nul terminate string */
+	}
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_HmacSession_SetHmacKey(tssContext,
+					session,
+					handleNumber,
+					password);
+    }
+#else
+    tssContext = tssContext;
+    session = session;
+    handleNumber = handleNumber;
+#endif	/* TPM_TSS_NOCRYPTO */
+    free(password);	/* @1 */
+    return rc;
+}
+
+static TPM_RC TSS_CA_NV_ChangeAuth(TSS_CONTEXT *tssContext,
+				   struct TSS_HMAC_CONTEXT *session,
+				   size_t handleNumber,
+				   NV_ChangeAuth_In *in)
+{
+    TPM_RC 		rc = 0;
+    char		*password = NULL;
+
+    if (tssVverbose) printf("TSS_CA_NV_ChangeAuth\n");
+    if (in->newAuth.t.size == 0) {
+	password = NULL;
+    }
+    else {
+	if (rc == 0) {
+	    rc = TSS_Malloc((uint8_t **)&password,	/* freed @1 */
+			    in->newAuth.t.size + 1);
+	}
+	if (rc == 0) {
+	    /* copy the password */
+	    memcpy(password, in->newAuth.t.buffer, in->newAuth.t.size);
+	    password[in->newAuth.t.size] = '\0';	/* nul terminate string */
+	}
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_HmacSession_SetHmacKey(tssContext,
+					session,
+					handleNumber,
+					password);
+    }
+#else
+    tssContext = tssContext;
+    session = session;
+    handleNumber = handleNumber;
+#endif	/* TPM_TSS_NOCRYPTO */
+    free(password);	/* @1 */
+    return rc;
+}
+
+static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
+					     struct TSS_HMAC_CONTEXT *session,
+					     size_t handleNumber,
+					     NV_UndefineSpaceSpecial_In *in)
+{
+    TPM_RC 		rc = 0;
+    
+    in = in;
+    if (tssVverbose) printf("TSS_CA_NV_UndefineSpaceSpecial\n");
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	/* the nvIndex authorization, the zeroth authorization, has special handling */
+	if (handleNumber == 0) {
+	    /* the Empty Buffer is used as the authValue when generating the response HMAC */
+	    rc = TSS_HmacSession_SetHmacKey(tssContext,
+					    session,
+					    handleNumber,
+					    NULL);		/* password */
+	}
+    }
+#else
+    tssContext = tssContext;
+    session = session;
+    handleNumber = handleNumber;
+#endif	/* TPM_TSS_NOCRYPTO */
+    return rc;
+}
+
+/*
+  Command Pre-Processor
+*/
+
+static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
+				       TPM_CC commandCode,
+				       COMMAND_PARAMETERS *in,
+				       EXTRA_PARAMETERS *extra)
+{
+    TPM_RC 			rc = 0;
+    size_t 			index;
+    int 			found;
+    TSS_PreProcessFunction_t 	preProcessFunction = NULL;
+    
+    /* search the table for a pre-processing function */
+    if (rc == 0) {
+	found = FALSE;
+	for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
+	    if (tssTable[index].commandCode == commandCode) {
+		found = TRUE;
+		break;	/* don't increment index if found */
+	    }
+	}
+    }
+    /* found false means there is no pre-processing function.  This permits the table to be smaller
+       if desired. */
+    if ((rc == 0) && found) {
+	preProcessFunction = tssTable[index].preProcessFunction;
+	/* call the pre processing function if there is one */
+	if (preProcessFunction != NULL) {
+	    rc = preProcessFunction(tssContext, in, extra);
+	}
+    }
+#ifndef TPM_TSS_NO_PRINT
+    if ((rc == 0) && tssVverbose) {
+	found = FALSE;
+	for (index = 0 ;
+	     (index < (sizeof(tssPrintTable) / sizeof(TSS_PRINT_TABLE))) && !found ;
+	     index++) {
+	    if (tssPrintTable[index].commandCode == commandCode) {
+		found = TRUE;
+		break;	/* don't increment index if found */
+	    }
+	}
+    }
+    /* found false means there is no print function.  This permits the table to be smaller
+       if desired. */
+    if ((rc == 0) && tssVverbose && found) {
+	TSS_InPrintFunction_t inPrintFunction = tssPrintTable[index].inPrintFunction;
+	/* call the pre processing function if there is one */
+	if (inPrintFunction != NULL) {
+	    printf("TSS_Command_PreProcessor: Input parameters\n");
+	    inPrintFunction(in, 8);	/* hard code indent 8 */
+	}
+    }
+#endif /* TPM_TSS_NO_PRINT */
+    return rc;
+}
+
+/*
+  Command specific pre processing functions
+*/
+
+/* TSS_PR_StartAuthSession handles StartAuthSession pre processing.
+
+   If the salt key in->tpmKey is not NULL and an RSA key, the preprocessor supplies the encrypted
+   salt.  It passes the unencrypted salt to the post processor for session key processing.
+
+   An input salt (encrypted or unencrypted) is ignored.
+
+   Returns an error if the key is not an RSA key.
+*/
+
+static TPM_RC TSS_PR_StartAuthSession(TSS_CONTEXT *tssContext,
+				      StartAuthSession_In *in,
+				      StartAuthSession_Extra *extra)
+{
+    TPM_RC 			rc = 0;
+    
+    if (tssVverbose) printf("TSS_PR_StartAuthSession\n");
+
+    /* if (tssVverbose) StartAuthSession_In_Print(in, 8); */
+    
+#ifndef TPM_TSS_NOCRYPTO
+    /* generate nonceCaller */
+    if (rc == 0) {
+	/* the size is determined by the session hash algorithm */
+	in->nonceCaller.t.size = TSS_GetDigestSize(in->authHash);
+	if (in->nonceCaller.t.size == 0) {
+	    if (tssVerbose) printf("TSS_PR_StartAuthSession: hash algorithm %04x not implemented\n",
+				   in->authHash);
+	    rc = TSS_RC_BAD_HASH_ALGORITHM;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_RandBytes((unsigned char *)&in->nonceCaller.t.buffer, in->nonceCaller.t.size);
+    }
+#else
+    in->nonceCaller.t.size = 16;
+    memset(&in->nonceCaller.t.buffer, 0, 16);
+#endif	/* TPM_TSS_NOCRYPTO */
+	/* initialize to handle unsalted session */
+    in->encryptedSalt.t.size = 0;
+    if (extra != NULL) {		/* extra NULL is handled at the port processor */
+	extra->salt.t.size = 0;
+    }
+    /* if the caller requests a salted session */
+    if (in->tpmKey != TPM_RH_NULL) {
+#ifndef TPM_TSS_NOCRYPTO
+	TPM2B_PUBLIC		bPublic;
+	
+	if (rc == 0) {
+	    if (extra == NULL) {
+		if (tssVerbose)
+		    printf("TSS_PR_StartAuthSession: salt session requires extra parameter\n");
+		rc = TSS_RC_NULL_PARAMETER;
+	    }
+	}
+	/* get the tpmKey public key */
+	if (rc == 0) {
+	    rc = TSS_Public_Load(tssContext, &bPublic, in->tpmKey, NULL);
+	}
+	/* generate the salt and encrypted salt based on the asymmetric key type */
+	if (rc == 0) {
+	    switch (bPublic.publicArea.type) {
+#ifndef TPM_TSS_NOECC
+	      case TPM_ALG_ECC:
+		rc = TSS_ECC_Salt(&extra->salt,
+				  &in->encryptedSalt,
+				  &bPublic.publicArea);
+		break;
+#endif	/* TPM_TSS_NOECC */
+#ifndef TPM_TSS_NORSA
+	      case TPM_ALG_RSA:
+		rc = TSS_RSA_Salt(&extra->salt,
+				  &in->encryptedSalt,
+				  &bPublic.publicArea);
+		break;
+#endif 	/* TPM_TSS_NORSA */
+	      default:
+		if (tssVerbose)
+		    printf("TSS_PR_StartAuthSession: public key type %04x not supported\n",
+			   bPublic.publicArea.type);
+		rc = TSS_RC_BAD_SALT_KEY;
+	    }
+	}
+#else
+	tssContext = tssContext;
+	rc = TSS_RC_NOT_IMPLEMENTED;
+#endif	/* TPM_TSS_NOCRYPTO */
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NOCRYPTO
+#ifndef TPM_TSS_NORSA
+
+/* TSS_RSA_Salt() returns both the plaintext and excrypted salt, based on the salt key bPublic. */
+
+static TPM_RC TSS_RSA_Salt(TPM2B_DIGEST 		*salt,
+			   TPM2B_ENCRYPTED_SECRET	*encryptedSalt,
+			   TPMT_PUBLIC			*publicArea)
+{
+    TPM_RC		rc = 0;
+
+    if (rc == 0) {
+	{
+	    /* error conditions when true */
+	    int b1 = publicArea->type != TPM_ALG_RSA;
+	    int b2 = publicArea->objectAttributes.val & TPMA_OBJECT_SIGN;
+	    int b3 = !(publicArea->objectAttributes.val & TPMA_OBJECT_DECRYPT);
+	    int b4 = publicArea->parameters.rsaDetail.keyBits != 2048;
+	    int b5 = (publicArea->parameters.rsaDetail.exponent != 0) &&
+		     /* some HW TPMs return 010001 for the RSA EK with the default IWG template */
+		     (publicArea->parameters.rsaDetail.exponent != RSA_DEFAULT_PUBLIC_EXPONENT);
+	    /* TSS support checks */
+	    if (b1 || b2 || b3 || b4 || b5) {
+		if (tssVerbose)
+		    printf("TSS_RSA_Salt: public key attributes not supported\n");
+		rc = TSS_RC_BAD_SALT_KEY;
+	    }
+	}
+    }    
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: public key",
+				      publicArea->unique.rsa.t.buffer,
+				      publicArea->unique.rsa.t.size);
+    }
+    /* generate a salt */
+    if (rc == 0) {
+	/* The size of the secret value is limited to the size of the digest produced by the
+	   nameAlg of the object that is associated with the public key used for OAEP
+	   encryption. */
+	salt->t.size = TSS_GetDigestSize(publicArea->nameAlg);
+	if (tssVverbose) printf("TSS_RSA_Salt: "
+				"Hash algorithm %04x Salt size %u\n",
+				publicArea->nameAlg, salt->t.size);
+	/* place the salt in extra so that it can be retrieved by post processor */
+	rc = TSS_RandBytes((uint8_t *)&salt->t.buffer, salt->t.size);
+    }
+    /* In TPM2_StartAuthSession(), when tpmKey is an RSA key, the secret value (salt) is
+       encrypted using OAEP as described in B.4. The string "SECRET" (see 4.5) is used as
+       the L value and the nameAlg of the encrypting key is used for the hash algorithm. The
+       data value in OAEP-encrypted blob (salt) is used to compute sessionKey. */
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: salt",
+				      (uint8_t *)&salt->t.buffer,
+				      salt->t.size);
+    }
+    /* encrypt the salt */
+    if (rc == 0) {
+	/* public exponent */
+	unsigned char earr[3] = {0x01, 0x00, 0x01};
+	/* encrypt the salt with the tpmKey public key */
+	rc = TSS_RSAPublicEncrypt((uint8_t *)&encryptedSalt->t.secret,   /* encrypted data */
+				  publicArea->unique.rsa.t.size,  /* size of encrypted data buffer */
+				  (uint8_t *)&salt->t.buffer, /* decrypted data */
+				  salt->t.size,
+				  publicArea->unique.rsa.t.buffer,  /* public modulus */
+				  publicArea->unique.rsa.t.size,
+				  earr, 		/* public exponent */
+				  sizeof(earr),
+				  (unsigned char *)"SECRET",	/* encoding parameter */
+				  sizeof("SECRET"),
+				  publicArea->nameAlg);
+    }    
+    if (rc == 0) {
+	encryptedSalt->t.size = publicArea->unique.rsa.t.size;
+	if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: RSA encrypted salt",
+				      encryptedSalt->t.secret,
+				      encryptedSalt->t.size);
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+#endif /* TPM_TSS_NOCRYPTO */
+
+static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext,
+				    NV_DefineSpace_In *in,
+				    void *extra)
+{
+    TPM_RC 	rc = 0;
+    tssContext = tssContext;
+    extra = extra;
+
+    if (tssVverbose) printf("TSS_PR_NV_DefineSpace\n");
+    /* Test that TPMA_NVA_POLICY_DELETE is only set when a policy is also set.  Otherwise, the index
+       cannot ever be deleted, even with Platform Authorization. If the application really wants to
+       do this, set the policy to one that cannot be satisfied, e.g., all 0xff's. */
+    if (rc == 0) {
+	if (in->publicInfo.nvPublic.attributes.val & TPMA_NVA_POLICY_DELETE) {
+	    if (in->publicInfo.nvPublic.authPolicy.b.size == 0) {
+		if (tssVverbose) printf("TSS_PR_NV_DefineSpace POLICY_DELETE requires a policy\n");
+		rc = TSS_RC_IN_PARAMETER;
+	    }
+	}
+    }
+    return rc;
+}
+
+/*
+  Response Post Processor
+*/
+
+/* TSS_Response_PostProcessor() handles any response specific post processing
+ */
+
+static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext,
+					 COMMAND_PARAMETERS *in,
+					 RESPONSE_PARAMETERS *out,
+					 EXTRA_PARAMETERS *extra)
+{
+    TPM_RC 			rc = 0;
+    size_t 			index;
+    int 			found;
+    TSS_PostProcessFunction_t 	postProcessFunction = NULL;
+
+    /* search the table for a post processing function */
+    if (rc == 0) {
+	TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext);
+	found = FALSE;
+	for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
+	    if (tssTable[index].commandCode == commandCode) {
+		found = TRUE;
+		break;	/* don't increment index if found */
+	    }
+	}
+    }
+    /* found false means there is no post processing function.  This permits the table to be smaller
+       if desired. */
+    if ((rc == 0) && found) {
+	postProcessFunction = tssTable[index].postProcessFunction;
+	/* there could also be an entry that it currently NULL, nothing to do */
+	if (postProcessFunction == NULL) {
+	    found = FALSE;
+	}
+    }
+    /* call the function */
+    if ((rc == 0) && found) {
+	rc = postProcessFunction(tssContext, in, out, extra);
+    }
+    return rc;
+}
+
+/*
+  Command specific post processing functions
+*/
+
+/* TSS_PO_StartAuthSession handles StartAuthSession post processing.  It:
+
+   creates a TSS HMAC session
+
+   saves the session handle, hash algorithm, and symmetric algorithm, nonceCaller and nonceTPM
+   
+   It calculates the session key and saves it
+
+   Finally, it marshals the session and stores it
+*/
+
+static TPM_RC TSS_PO_StartAuthSession(TSS_CONTEXT *tssContext,
+				      StartAuthSession_In *in,
+				      StartAuthSession_Out *out,
+				      StartAuthSession_Extra *extra)
+{
+    TPM_RC 			rc = 0;
+    struct TSS_HMAC_CONTEXT 	*session = NULL;
+    TPM2B_DIGEST 		salt;
+    
+    if (tssVverbose) printf("TSS_PO_StartAuthSession\n");
+    /* allocate a TSS_HMAC_CONTEXT session context */
+    if (rc == 0) {
+	rc = TSS_HmacSession_GetContext(&session);
+    }
+    if (rc == 0) {
+	session->sessionHandle = out->sessionHandle;
+	session->authHashAlg = in->authHash;
+#ifndef TPM_TSS_NOCRYPTO
+	session->sizeInBytes = TSS_GetDigestSize(session->authHashAlg);
+#endif
+	session->symmetric = in->symmetric;
+	session->sessionType = in->sessionType;
+    }
+    /* if not a bind session or if no bind password was supplied */
+    if (rc == 0) {
+	if ((extra == NULL) || (in->bind == TPM_RH_NULL) || (extra->bindPassword == NULL)) {
+	    session->bindAuthValue.b.size = 0;
+	}
+	else {
+	    rc = TSS_TPM2B_StringCopy(&session->bindAuthValue.b,
+				      extra->bindPassword, sizeof(session->bindAuthValue.t.buffer));
+	}
+    }
+    if (rc == 0) {
+	/* if the caller did not supply extra, the salt must be empty */
+	if (extra == NULL) {
+	    salt.b.size = 0;
+	}
+	/* if the caller supplied extra, the preprocessor sets salt to empty (unsalted) or the
+	   plaintext salt value */
+	else {
+	    rc = TSS_TPM2B_Copy(&salt.b, &extra->salt.b, sizeof(TPMT_HA));
+	}
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    if (rc == 0) {
+	rc = TSS_TPM2B_Copy(&session->nonceTPM.b, &out->nonceTPM.b, sizeof(TPMT_HA));
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_Copy(&session->nonceCaller.b, &in->nonceCaller.b, sizeof(TPMT_HA));
+    }
+    if (rc == 0) {
+	rc = TSS_HmacSession_SetSessionKey(tssContext, session,
+					   &salt,
+					   in->bind, &session->bindAuthValue);
+    }
+#endif	/* TPM_TSS_NOCRYPTO */
+    if (rc == 0) {
+	rc = TSS_HmacSession_SaveSession(tssContext, session);
+    }
+    TSS_HmacSession_FreeContext(session);
+    return rc;
+}
+
+/* TSS_PO_ContextSave() saves the name of an object in a filename that is a hash of the contextBlob.
+
+   This permits the name to be found during ContextLoad.
+*/
+
+static TPM_RC TSS_PO_ContextSave(TSS_CONTEXT *tssContext,
+				 ContextSave_In *in,
+				 ContextSave_Out *out,
+				 void *extra)
+{
+    TPM_RC 		rc = 0;
+#ifndef TPM_TSS_NOFILE
+    TPMT_HA 		cpHash;		/* largest size of a digest */
+    char		string[65];	/*  sha256 hash * 2 + 1 */
+    TPM_HT 		handleType;
+    int			done = FALSE;
+#endif
+
+    in = in;
+    extra = extra;
+
+#ifndef TPM_TSS_NOFILE
+    if (tssVverbose) printf("TSS_PO_ContextSave: handle %08x\n", in->saveHandle);
+    /* only for objects and sequence objects, not sessions */
+    if (rc == 0) {
+	handleType = (TPM_HT) ((in->saveHandle & HR_RANGE_MASK) >> HR_SHIFT);
+	if (handleType != TPM_HT_TRANSIENT) {
+	    done = TRUE;
+	}
+    }
+    if ((rc == 0) && !done) {
+	cpHash.hashAlg = TPM_ALG_SHA256;	/* arbitrary choice */
+	rc = TSS_Hash_Generate(&cpHash,
+			       out->context.contextBlob.b.size, out->context.contextBlob.b.buffer,
+			       0, NULL);
+    }
+    /* convert a hash of the context blob to a string */
+    if ((rc == 0) && !done) {
+	rc = TSS_HashToString(string, cpHash.digest.sha256);
+    }
+    if ((rc == 0) && !done) {
+	rc = TSS_Name_Copy(tssContext,
+			   0, string,			/* to context */
+			   in->saveHandle, NULL);	/* from handle */
+    }
+    /* get the public key of the object being context saved */
+    /* save the public key under the context */
+    if ((rc == 0) && !done) {
+	rc = TSS_Public_Copy(tssContext,
+			     0,
+			     string,
+			     in->saveHandle,
+			     NULL);
+    }
+#else
+    tssContext = tssContext;
+    out = out;
+#endif
+    return rc;
+}
+
+static TPM_RC TSS_PO_ContextLoad(TSS_CONTEXT *tssContext,
+				 ContextLoad_In *in,
+				 ContextLoad_Out *out,
+				 void *extra)
+{
+    TPM_RC 		rc = 0;
+#ifndef TPM_TSS_NOFILE
+    TPMT_HA 		cpHash;		/* largest size of a digest */
+    char		string[65];	/*  sha256 hash * 2 + 1 */
+    TPM_HT 		handleType;
+    int			done = FALSE;
+#endif
+
+    out = out;
+    extra = extra;
+
+#ifndef TPM_TSS_NOFILE
+    if (tssVverbose) printf("TSS_PO_ContextLoad: handle %08x\n", out->loadedHandle);
+    /* only for objects and sequence objects, not sessions */
+    if (rc == 0) {
+	handleType = (TPM_HT) ((out->loadedHandle & HR_RANGE_MASK) >> HR_SHIFT);
+	if (handleType != TPM_HT_TRANSIENT) {
+	    done = TRUE;
+	}
+    }
+    if ((rc == 0) && !done) {
+	cpHash.hashAlg = TPM_ALG_SHA256;	/* arbitrary choice */
+	rc = TSS_Hash_Generate(&cpHash,
+			       in->context.contextBlob.b.size, in->context.contextBlob.b.buffer,
+			       0, NULL);
+    }
+    /* convert a hash of the context blob to a string */
+    if ((rc == 0) && !done) {
+	rc = TSS_HashToString(string, cpHash.digest.sha256);
+    }
+    /* get the Name of the object being context loaded */
+    /* write the name with the loaded context's handle */
+    if ((rc == 0) && !done) {
+	rc = TSS_Name_Copy(tssContext,
+			   out->loadedHandle, NULL,	/* to handle */
+			   0, string);			/* from context */	
+    }
+    /* get the public key of the object being context loaded */
+    /* write the public key with the loaded context's handle */
+    if ((rc == 0) && !done) {
+	rc = TSS_Public_Copy(tssContext,
+			     out->loadedHandle,
+			     NULL,
+			     0,
+			     string);
+    }
+#else
+    tssContext = tssContext;
+    in = in; 
+#endif
+    return rc;
+}
+
+/* TSS_HashToString() converts a SHA-256 binary hash (really any 32-byte value) to a string 
+
+   string must be 65 bytes: 32*2 + 1
+
+   NOTE: Hard coded to SHA256
+*/
+
+#ifndef TPM_TSS_NOFILE
+
+static TPM_RC TSS_HashToString(char *str, uint8_t *digest)
+{
+    size_t i;
+
+    for (i = 0 ; i < SHA256_DIGEST_SIZE ; i++) {
+	sprintf(str +(i*2), "%02x", digest[i]);
+    }
+    if (tssVverbose) printf("TSS_HashToString: %s\n", str);
+    return 0;
+}
+
+#endif
+
+/* TSS_PO_FlushContext() removes persistent state associated with the handle */
+
+static TPM_RC TSS_PO_FlushContext(TSS_CONTEXT *tssContext,
+				  FlushContext_In *in,
+				  void *out,
+				  void *extra)
+{
+    TPM_RC 			rc = 0;
+
+    out = out;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_FlushContext: flushHandle %08x\n", in->flushHandle);
+    if (rc == 0) {
+	rc = TSS_DeleteHandle(tssContext, in->flushHandle);
+    }
+    return rc;
+}
+
+/* TSS_PO_EvictControl() removes persistent state associated with the handle */
+
+static TPM_RC TSS_PO_EvictControl(TSS_CONTEXT *tssContext,
+				  EvictControl_In *in,
+				  void *out,
+				  void *extra)
+{
+    TPM_RC 			rc = 0;
+
+    out = out;
+    extra = extra;
+    
+    if (tssVverbose) printf("TSS_PO_EvictControl: object %08x persistent %08x\n",
+			    in->objectHandle, in->persistentHandle);
+    /* if it successfully made a persistent copy */
+    if (in->objectHandle != in->persistentHandle) {
+	/* TPM2B_PUBLIC	bPublic; */
+	if (rc == 0) {
+	    rc = TSS_Name_Copy(tssContext,
+			       in->persistentHandle, NULL,	/* to persistent handle */
+			       in->objectHandle, NULL);		/* from transient handle */	
+	}
+	/* get the transient object public key */
+	/* copy it to the persistent object public key */
+	if (rc == 0) {
+	    rc = TSS_Public_Copy(tssContext,
+				 in->persistentHandle,
+				 NULL,
+				 in->objectHandle,
+				 NULL);
+	}
+    }
+    /* if it successfully evicted the persistent object */
+    else {
+	if (rc == 0) {
+	    rc = TSS_DeleteHandle(tssContext, in->persistentHandle);
+	}
+    }
+    return rc;
+}
+
+/* TSS_PO_Load() saves the Name returned for the loaded object.  It saves the TPM2B_PUBLIC */
+
+static TPM_RC TSS_PO_Load(TSS_CONTEXT *tssContext,
+			  Load_In *in,
+			  Load_Out *out,
+			  void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_Load: handle %08x\n", out->objectHandle);
+    /* use handle as file name */
+    if (rc == 0) {
+	rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Public_Store(tssContext, &in->inPublic, out->objectHandle, NULL);
+    }
+    return rc;
+}
+
+/* TSS_PO_LoadExternal() saves the Name returned for the loaded object */
+
+static TPM_RC TSS_PO_LoadExternal(TSS_CONTEXT *tssContext,
+				  LoadExternal_In *in,
+				  LoadExternal_Out *out,
+				  void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_LoadExternal: handle %08x\n", out->objectHandle);
+    /* use handle as file name */
+    if (rc == 0) {
+	rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Public_Store(tssContext, &in->inPublic, out->objectHandle, NULL);
+    }
+    return rc;
+}
+
+/* TSS_PO_ReadPublic() saves the Name returned for the loaded object */
+
+static TPM_RC TSS_PO_ReadPublic(TSS_CONTEXT *tssContext,
+				ReadPublic_In *in,
+				ReadPublic_Out *out,
+				void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_ReadPublic: handle %08x\n", in->objectHandle);
+    /* if the TSS is compiled without crypto support, it cannot recalculate the Name from the public
+       area. It has to trust the response from the TPM.  This should be OK since a 'no crypto' TSS
+       is used when there is a tructed path to the TPM. */
+#ifndef TPM_TSS_NOCRYPTO
+    /* validate the Name against the public area */
+    /* Name = nameAlg || HnameAlg (handle->publicArea)
+       where
+       nameAlg	algorithm used to compute Name
+       HnameAlg	hash using the nameAlg parameter in the object associated with handle
+       publicArea 	contents of the TPMT_PUBLIC associated with handle
+    */
+    {
+	TPM2B_NAME name;
+	if (rc == 0) {
+	    rc = TSS_ObjectPublic_GetName(&name, &out->outPublic.publicArea);
+	}
+	if (rc == 0) {
+	    if (name.t.size != out->name.t.size) {
+		if (tssVerbose)
+		    printf("TSS_PO_ReadPublic: TPMT_PUBLIC does not match TPM2B_NAME\n");
+		rc = TSS_RC_MALFORMED_PUBLIC;
+	    }
+	    else {
+		int irc;
+		irc = memcmp(name.t.name, out->name.t.name, out->name.t.size);
+		if (irc != 0) {
+		    if (tssVerbose)
+			printf("TSS_PO_ReadPublic: TPMT_PUBLIC does not match TPM2B_NAME\n");
+		    rc = TSS_RC_MALFORMED_PUBLIC;
+		}
+	    }
+	}
+    }
+#endif
+    /* use handle as file name */
+    if (rc == 0) {
+	rc = TSS_Name_Store(tssContext, &out->name, in->objectHandle, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Public_Store(tssContext, &out->outPublic, in->objectHandle, NULL);
+    }
+    return rc;
+}
+
+/* TSS_PO_Load() saves the Name returned for the loaded object.  It saves the TPM2B_PUBLIC */
+
+static TPM_RC TSS_PO_CreateLoaded(TSS_CONTEXT *tssContext,
+				  CreateLoaded_In *in,
+				  CreateLoaded_Out *out,
+				  void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_CreateLoaded: handle %08x\n", out->objectHandle);
+    /* use handle as file name */
+    if (rc == 0) {
+	rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Public_Store(tssContext, &out->outPublic, out->objectHandle, NULL);
+    }
+    return rc;
+}
+
+/* TSS_PO_HashSequenceStart() saves the Name returned for the started sequence object */
+
+static TPM_RC TSS_PO_HashSequenceStart(TSS_CONTEXT *tssContext,
+				       HashSequenceStart_In *in,
+				       HashSequenceStart_Out *out,
+				       void *extra)
+{
+    TPM_RC 	rc = 0;
+    TPM2B_NAME 	name;
+
+    in = in;
+    extra = extra;
+
+    if (tssVverbose) printf("TSS_PO_HashSequenceStart\n");
+    /* Part 1 Table 3 The Name of a sequence object is an Empty Buffer */
+    if (rc == 0) {
+	name.b.size = 0;
+	/* use handle as file name */
+	rc = TSS_Name_Store(tssContext, &name, out->sequenceHandle, NULL);
+    }
+    return rc;
+}
+
+
+/* TSS_PO_HMAC_Start() saves the Name returned for the started sequence object */
+
+static TPM_RC TSS_PO_HMAC_Start(TSS_CONTEXT *tssContext,
+				HMAC_Start_In *in,
+				HMAC_Start_Out *out,
+				void *extra)
+{
+    TPM_RC 	rc = 0;
+    TPM2B_NAME 	name;
+
+    in = in;
+    extra = extra;
+
+    if (tssVverbose) printf("TSS_PO_HMAC_Start\n");
+    /* Part 1 Table 3 The Name of a sequence object is an Empty Buffer */
+    if (rc == 0) {
+	name.b.size = 0;
+	/* use handle as file name */
+	rc = TSS_Name_Store(tssContext, &name, out->sequenceHandle, NULL);
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PO_SequenceComplete(TSS_CONTEXT *tssContext,
+				      SequenceComplete_In *in,
+				      SequenceComplete_Out *out,
+				      void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    out = out;
+    extra = extra;
+
+    if (tssVverbose) printf("TSS_PO_SequenceComplete: sequenceHandle %08x\n", in->sequenceHandle);
+    if (rc == 0) {
+	rc = TSS_DeleteHandle(tssContext, in->sequenceHandle);
+    }
+    return rc;
+}
+static TPM_RC TSS_PO_EventSequenceComplete(TSS_CONTEXT *tssContext,
+					   EventSequenceComplete_In *in,
+					   EventSequenceComplete_Out *out,
+					   void *extra)
+{
+    TPM_RC 	rc = 0;
+    out = out;
+    extra = extra;
+    if (tssVverbose)
+	printf("TSS_PO_EventSequenceComplete: sequenceHandle %08x\n", in->sequenceHandle);
+    if (rc == 0) {
+	rc = TSS_DeleteHandle(tssContext, in->sequenceHandle);
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PO_PolicyAuthValue(TSS_CONTEXT *tssContext,
+				     PolicyAuthValue_In *in,
+				     void *out,
+				     void *extra)
+{
+    TPM_RC 			rc = 0;
+    struct TSS_HMAC_CONTEXT 	*session = NULL;
+    
+    out = out;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_PolicyAuthValue\n");
+    if (rc == 0) {
+	rc = TSS_Malloc((unsigned char **)&session, sizeof(TSS_HMAC_CONTEXT));	/* freed @1 */
+    }
+    if (rc == 0) {
+	rc = TSS_HmacSession_LoadSession(tssContext, session, in->policySession);
+    }
+    if (rc == 0) {
+	session->isPasswordNeeded = FALSE;
+	session->isAuthValueNeeded = TRUE;
+	rc = TSS_HmacSession_SaveSession(tssContext, session);
+    }
+    free(session);		/* @1 */
+    return rc;
+}
+
+static TPM_RC TSS_PO_PolicyPassword(TSS_CONTEXT *tssContext,
+				    PolicyPassword_In *in,
+				    void *out,
+				    void *extra)
+{
+    TPM_RC 			rc = 0;
+    struct TSS_HMAC_CONTEXT 	*session = NULL;
+
+    out = out;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_PolicyPassword\n");
+    if (rc == 0) {
+	rc = TSS_Malloc((unsigned char **)&session, sizeof(TSS_HMAC_CONTEXT));	/* freed @1 */
+    }
+    if (rc == 0) {
+	rc = TSS_HmacSession_LoadSession(tssContext, session, in->policySession);
+    }
+    if (rc == 0) {
+	session->isPasswordNeeded = TRUE;
+	session->isAuthValueNeeded = FALSE;
+	rc = TSS_HmacSession_SaveSession(tssContext, session);
+    }
+    free(session);		/* @1 */
+    return rc;
+}
+
+static TPM_RC TSS_PO_CreatePrimary(TSS_CONTEXT *tssContext,
+				   CreatePrimary_In *in,
+				   CreatePrimary_Out *out,
+				   void *extra)
+{
+    TPM_RC 			rc = 0;
+
+    in = in;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_CreatePrimary: handle %08x\n", out->objectHandle);
+    /* use handle as file name */
+    if (rc == 0) {
+	rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Public_Store(tssContext, &out->outPublic, out->objectHandle, NULL);
+    }
+    return rc;
+}
+
+static TPM_RC TSS_PO_NV_DefineSpace(TSS_CONTEXT *tssContext,
+				    NV_DefineSpace_In *in,
+				    void *out,
+				    void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    if (tssVverbose) printf("TSS_PO_NV_DefineSpace\n");
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	TPM2B_NAME name;
+	/* calculate the Name from the input public area */
+	/* Name = nameAlg || HnameAlg (handle->nvPublicArea)
+	   where
+	   nameAlg	algorithm used to compute Name
+	   HnameAlg hash using the nameAlg parameter in the NV Index location associated with handle
+	   nvPublicArea	contents of the TPMS_NV_PUBLIC associated with handle
+	*/
+	/* calculate the Name from the input TPMS_NV_PUBLIC */
+	if (rc == 0) {
+	    rc = TSS_NVPublic_GetName(&name, &in->publicInfo.nvPublic);
+	}
+	/* use handle as file name */
+	if (rc == 0) {
+	    rc = TSS_Name_Store(tssContext, &name, in->publicInfo.nvPublic.nvIndex, NULL);
+	}
+	if (rc == 0) {
+	    rc = TSS_NVPublic_Store(tssContext, &in->publicInfo.nvPublic,
+				    in->publicInfo.nvPublic.nvIndex); 
+	}
+    }
+#else
+    tssContext = tssContext;
+    in = in;
+#endif
+    out = out;
+    extra = extra;
+    return rc;
+}
+
+
+static TPM_RC TSS_PO_NV_ReadPublic(TSS_CONTEXT *tssContext,
+				   NV_ReadPublic_In *in,
+				   NV_ReadPublic_Out *out,
+				   void *extra)
+{
+    TPM_RC 	rc = 0;
+
+    if (tssVverbose) printf("TSS_PO_NV_ReadPublic\n");
+    
+    /* validate the Name against the public area */
+    /* Name = nameAlg || HnameAlg (handle->nvPublicArea)
+       where
+       nameAlg	algorithm used to compute Name
+       HnameAlg hash using the nameAlg parameter in the NV Index location associated with handle
+       nvPublicArea	contents of the TPMS_NV_PUBLIC associated with handle
+    */
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	TPM2B_NAME name;
+	/* calculate the Name from the TPMS_NV_PUBLIC */
+	if (rc == 0) {
+	    rc = TSS_NVPublic_GetName(&name, &out->nvPublic.nvPublic);
+	}
+	if (rc == 0) {
+	    if (name.t.size != out->nvName.t.size) {
+		if (tssVerbose)
+		    printf("TSS_PO_NV_ReadPublic: TPMT_NV_PUBLIC does not match TPM2B_NAME\n");
+		rc = TSS_RC_MALFORMED_NV_PUBLIC;
+	    }
+	    else {
+		int irc;
+		irc = memcmp(name.t.name, out->nvName.t.name, out->nvName.t.size);
+		if (irc != 0) {
+		    if (tssVerbose)
+			printf("TSS_PO_NV_ReadPublic: TPMT_NV_PUBLIC does not match TPM2B_NAME\n");
+		    rc = TSS_RC_MALFORMED_NV_PUBLIC;
+		}
+	    }
+	}
+	/* use handle as file name */
+	if (rc == 0) {
+	    rc = TSS_Name_Store(tssContext, &out->nvName, in->nvIndex, NULL);
+	}
+	if (rc == 0) {
+	    rc = TSS_NVPublic_Store(tssContext, &out->nvPublic.nvPublic, in->nvIndex); 
+	}
+    }
+#else
+    tssContext = tssContext;
+    in = in;
+    out = out;
+#endif
+    extra = extra;
+    return rc;
+}
+
+static TPM_RC TSS_PO_NV_UndefineSpace(TSS_CONTEXT *tssContext,
+				      NV_UndefineSpace_In *in,
+				      void *out,
+				      void *extra)
+{
+    TPM_RC 			rc = 0;
+
+    out = out;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_NV_UndefineSpace\n");
+#ifndef TPM_TSS_NOCRYPTO
+    /* Don't check return code. */
+    TSS_DeleteHandle(tssContext, in->nvIndex);
+    TSS_NVPublic_Delete(tssContext, in->nvIndex);
+#else
+    tssContext = tssContext;
+    in = in;
+#endif
+    return rc;
+}
+
+static TPM_RC TSS_PO_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
+					     NV_UndefineSpaceSpecial_In *in,
+					     void *out,
+					     void *extra)
+{
+    TPM_RC 			rc = 0;
+
+    out = out;
+    extra = extra;
+    if (tssVverbose) printf("TSS_PO_NV_UndefineSpaceSpecial\n");
+    /* Don't check return code.  The name will only exist if NV_ReadPublic has been issued */
+    TSS_DeleteHandle(tssContext, in->nvIndex);
+    TSS_NVPublic_Delete(tssContext, in->nvIndex);
+    return rc;
+}
+
+/* TSS_PO_NV_Write() handles the Name and NVPublic update for the 4 NV write commands: write,
+   increment, extend, and setbits */
+
+static TPM_RC TSS_PO_NV_Write(TSS_CONTEXT *tssContext,
+			      NV_Write_In *in,
+			      void *out,
+			      void *extra)
+{
+    TPM_RC 			rc = 0;
+    
+    if (tssVverbose) printf("TSS_PO_NV_Write, Increment, Extend, SetBits:\n");
+
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	TPMS_NV_PUBLIC 		nvPublic;
+	TPM2B_NAME 		name;		/* new name */
+	
+	if (rc == 0) {
+	    rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex);
+	}
+	/* if the previous store had written clear */
+	if (!(nvPublic.attributes.val & TPMA_NVA_WRITTEN)) {
+	    if (rc == 0) {
+		/* set the written bit */
+		nvPublic.attributes.val |= TPMA_NVA_WRITTEN;
+		/* save the TPMS_NV_PUBLIC */
+		rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex);
+	    }
+	    /* calculate the name */
+	    if (rc == 0) {
+		rc = TSS_NVPublic_GetName(&name, &nvPublic);
+	    }
+	    /* save the name */
+	    if (rc == 0) {
+		/* use handle as file name */
+		rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL);
+	    }
+	    /* if there is a failure. delete the name and NVPublic */
+	    if (rc != 0) {
+		TSS_DeleteHandle(tssContext, in->nvIndex);
+		TSS_NVPublic_Delete(tssContext, in->nvIndex);
+	    }
+	}
+    }
+#else
+    tssContext = tssContext;
+    in = in;
+#endif
+    out = out;
+    extra = extra;
+    return rc;
+}
+
+/* TSS_PO_NV_WriteLock() handles the Name and NVPublic update for the write lock command */
+
+static TPM_RC TSS_PO_NV_WriteLock(TSS_CONTEXT *tssContext,
+				  NV_WriteLock_In *in,
+				  void *out,
+				  void *extra)
+{
+    TPM_RC 			rc = 0;
+   
+    if (tssVverbose) printf("TSS_PO_NV_WriteLock:\n");
+
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	TPMS_NV_PUBLIC 		nvPublic;
+	TPM2B_NAME 		name;		/* new name */
+	
+ 	if (rc == 0) {
+	    rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex);
+	}
+	/* if the previous store had write lock clear */
+	if (!(nvPublic.attributes.val & TPMA_NVA_WRITELOCKED)) {
+	    if (rc == 0) {
+		/* set the write lock bit */
+		nvPublic.attributes.val |= TPMA_NVA_WRITELOCKED;
+		/* save the TPMS_NV_PUBLIC */
+		rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex);
+	    }
+	    /* calculate the name */
+	    if (rc == 0) {
+		rc = TSS_NVPublic_GetName(&name, &nvPublic);
+	    }
+	    /* save the name */
+	    if (rc == 0) {
+		/* use handle as file name */
+		rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL);
+	    }
+	    /* if there is a failure. delete the name and NVPublic */
+	    if (rc != 0) {
+		TSS_DeleteHandle(tssContext, in->nvIndex);
+		TSS_NVPublic_Delete(tssContext, in->nvIndex);
+	    }
+	}
+    }
+#else
+    tssContext = tssContext;
+    in = in;
+#endif
+    out = out;
+    extra = extra;
+    return rc;
+}
+
+/* TSS_PO_NV_WriteLock() handles the Name and NVPublic update for the read lock command */
+
+static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext,
+				 NV_ReadLock_In *in,
+				 void *out,
+				 void *extra)
+{
+    TPM_RC 			rc = 0;
+    
+    if (tssVverbose) printf("TSS_PO_NV_ReadLock:");
+
+#ifndef TPM_TSS_NOCRYPTO
+    {
+	TPMS_NV_PUBLIC 		nvPublic;
+	TPM2B_NAME 			name;		/* new name */
+
+	if (rc == 0) {
+	    rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex);
+	}
+	/* if the previous store had read lock clear */
+	if (!(nvPublic.attributes.val & TPMA_NVA_READLOCKED)) {
+	    if (rc == 0) {
+		/* set the read lock bit */
+		nvPublic.attributes.val |= TPMA_NVA_READLOCKED;
+		/* save the TPMS_NV_PUBLIC */
+		rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex);
+	    }
+	    /* calculate the name */
+	    if (rc == 0) {
+		rc = TSS_NVPublic_GetName(&name, &nvPublic);
+	    }
+	    /* save the name */
+	    if (rc == 0) {
+		/* use handle as file name */
+		rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL);
+	    }
+	    /* if there is a failure. delete the name and NVPublic */
+	    if (rc != 0) {
+		TSS_DeleteHandle(tssContext, in->nvIndex);
+		TSS_NVPublic_Delete(tssContext, in->nvIndex);
+	    }
+	}
+    }
+#else
+    tssContext = tssContext;
+    in = in;
+#endif
+    out = out;
+    extra = extra;
+    return rc;
+}
+
diff --git a/utils/tss20.h b/utils/tss20.h
new file mode 100644
index 000000000..2e3e2b09b
--- /dev/null
+++ b/utils/tss20.h
@@ -0,0 +1,58 @@
+/********************************************************************************/
+/*										*/
+/*			   TSS TPM 2.0 API 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id:tss.h 656 2016-06-28 16:49:29Z kgoldman $			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSS20_H
+#define TSS20_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
+			 RESPONSE_PARAMETERS *out,
+			 COMMAND_PARAMETERS *in,
+			 EXTRA_PARAMETERS *extra,
+			 TPM_CC commandCode,
+			 va_list ap);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/tssauth.c b/utils/tssauth.c
new file mode 100644
index 000000000..40e9602fc
--- /dev/null
+++ b/utils/tssauth.c
@@ -0,0 +1,161 @@
+/********************************************************************************/
+/*										*/
+/*		Common TPM 1.2 and TPM 2.0 TSS Authorization 			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This layer handles command and response packet authorization parameters. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tsstransmit.h>
+#include "tssproperties.h"
+#include <ibmtss/tssresponsecode.h>
+
+#include "tssauth.h"
+
+extern int tssVerbose;
+extern int tssVverbose;
+
+/* TSS_AuthCreate() allocates and initializes a TSS_AUTH_CONTEXT */
+
+TPM_RC TSS_AuthCreate(TSS_AUTH_CONTEXT **tssAuthContext)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+        rc = TSS_Malloc((uint8_t **)tssAuthContext, sizeof(TSS_AUTH_CONTEXT));
+   }
+    if (rc == 0) {
+	TSS_InitAuthContext(*tssAuthContext);
+    }
+    return rc;
+}
+
+/* TSS_InitAuthContext() sets initial values for an allocated TSS_AUTH_CONTEXT */
+
+void TSS_InitAuthContext(TSS_AUTH_CONTEXT *tssAuthContext)
+{
+    memset(tssAuthContext->commandBuffer, 0, sizeof(tssAuthContext->commandBuffer));
+    memset(tssAuthContext->responseBuffer, 0, sizeof(tssAuthContext->responseBuffer));
+    tssAuthContext->commandText = NULL;
+    tssAuthContext->commandCode = 0;
+    tssAuthContext->responseCode = 0;
+    tssAuthContext->commandHandleCount = 0;
+    tssAuthContext->responseHandleCount = 0;
+    tssAuthContext->authCount = 0;
+    tssAuthContext->commandSize = 0;
+    tssAuthContext->cpBufferSize = 0;
+    tssAuthContext->cpBuffer = NULL;
+    tssAuthContext->responseSize = 0;
+    tssAuthContext->marshalInFunction = NULL;
+    tssAuthContext->unmarshalOutFunction = NULL;
+#ifndef TPM_TSS_NOCMDCHECK
+    tssAuthContext->unmarshalInFunction = NULL;
+#endif
+#ifdef TPM_TPM12
+    tssAuthContext->sessionNumber = 0xffff;	/* no encrypt sessions */
+    tssAuthContext->encAuthOffset0 = 0;
+    tssAuthContext->encAuthOffset1 = 0;
+#endif
+    return;
+}
+
+/* TSS_AuthDelete() re-initializes and then frees an allocated TSS_AUTH_CONTEXT */
+
+TPM_RC TSS_AuthDelete(TSS_AUTH_CONTEXT *tssAuthContext)
+{
+    if (tssAuthContext != NULL) {
+	TSS_InitAuthContext(tssAuthContext);
+	free(tssAuthContext);
+    }
+    return 0;
+}
+
+TPM_CC TSS_GetCommandCode(TSS_AUTH_CONTEXT *tssAuthContext)
+{
+    TPM_CC commandCode = tssAuthContext->commandCode;
+    return commandCode;
+}
+
+TPM_RC TSS_GetCpBuffer(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint32_t *cpBufferSize,
+		       uint8_t **cpBuffer)
+{
+    *cpBufferSize = tssAuthContext->cpBufferSize;
+    *cpBuffer = tssAuthContext->cpBuffer;
+    return 0;
+}
+
+/* TSS_GetCommandHandleCount() returns the number of handles in the command area */
+
+TPM_RC TSS_GetCommandHandleCount(TSS_AUTH_CONTEXT *tssAuthContext,
+				 size_t *commandHandleCount)
+{
+    *commandHandleCount = tssAuthContext->commandHandleCount;
+    return 0;
+}
+
+TPM_RC TSS_AuthExecute(TSS_CONTEXT *tssContext)
+{
+    TPM_RC rc = 0;
+    if (tssVverbose) printf("TSS_AuthExecute: Executing %s\n",
+			    tssContext->tssAuthContext->commandText);
+    /* transmit the command and receive the response.  Normally returns the TPM response code. */
+    if (rc == 0) {
+	rc = TSS_Transmit(tssContext,
+			  tssContext->tssAuthContext->responseBuffer,
+			  &tssContext->tssAuthContext->responseSize,
+			  tssContext->tssAuthContext->commandBuffer,
+			  tssContext->tssAuthContext->commandSize,
+			  tssContext->tssAuthContext->commandText);
+    }
+    return rc;
+}
diff --git a/utils/tssauth.h b/utils/tssauth.h
new file mode 100644
index 000000000..9d52c5385
--- /dev/null
+++ b/utils/tssauth.h
@@ -0,0 +1,104 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Authorization 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: tssauth.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is not a public header.  It should not be used by applications. */
+
+#ifndef TSS_AUTH_H
+#define TSS_AUTH_H
+
+#include <ibmtss/tss.h>
+#include "tssccattributes.h"
+
+/* Generic functions to marshal and unmarshal Part 3 ordinal command and response parameters */
+
+typedef TPM_RC (*MarshalInFunction_t)(COMMAND_PARAMETERS *source,
+				      uint16_t *written, BYTE **buffer, uint32_t *size);
+typedef TPM_RC (*UnmarshalOutFunction_t)(RESPONSE_PARAMETERS *target,
+					 TPM_ST tag, BYTE **buffer, uint32_t *size);
+typedef TPM_RC (*UnmarshalInFunction_t)(COMMAND_PARAMETERS *target,
+					BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+
+/* The context for the entire command processor.  Update TSS_InitAuthContext() when changing
+   this structure */
+
+typedef struct TSS_AUTH_CONTEXT {
+    uint8_t 		commandBuffer [MAX_COMMAND_SIZE];
+    uint8_t 		responseBuffer [MAX_RESPONSE_SIZE];
+    const char 		*commandText;
+    COMMAND_INDEX    	tpmCommandIndex;	/* index into attributes table */
+    TPM_CC 		commandCode;
+    TPM_RC 		responseCode;
+    size_t		commandHandleCount;
+    uint32_t 		responseHandleCount;
+    uint16_t		authCount;		/* authorizations in command */
+    uint16_t 		commandSize;
+    uint32_t 		cpBufferSize;
+    uint8_t 		*cpBuffer;
+    uint32_t 		responseSize;
+    MarshalInFunction_t    marshalInFunction;
+    UnmarshalOutFunction_t unmarshalOutFunction;
+#ifndef TPM_TSS_NOCMDCHECK	/* disable command parameter checking */
+    UnmarshalInFunction_t  unmarshalInFunction;
+#endif
+#ifdef TPM_TPM12
+    uint16_t		sessionNumber;		/* session used for ADIP, zero based */
+    int16_t		encAuthOffset0;		/* offset to first TPM_ENCAUTH parameter */
+    int16_t		encAuthOffset1;		/* offset to second TPM_ENCAUTH parameter if not NULL */
+#endif
+} TSS_AUTH_CONTEXT;
+
+TPM_RC TSS_AuthCreate(TSS_AUTH_CONTEXT **tssAuthContext);
+
+void TSS_InitAuthContext(TSS_AUTH_CONTEXT *tssAuthContext);
+
+TPM_RC TSS_AuthDelete(TSS_AUTH_CONTEXT *tssAuthContext);
+
+TPM_CC TSS_GetCommandCode(TSS_AUTH_CONTEXT *tssAuthContext);
+
+TPM_RC TSS_GetCpBuffer(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint32_t *cpBufferSize,
+		       uint8_t **cpBuffer);
+
+
+TPM_RC TSS_GetCommandHandleCount(TSS_AUTH_CONTEXT *tssAuthContext,
+				 size_t *commandHandleCount);
+
+TPM_RC TSS_AuthExecute(TSS_CONTEXT *tssContext);
+
+#endif
diff --git a/utils/tssauth12.c b/utils/tssauth12.c
new file mode 100644
index 000000000..1787618a2
--- /dev/null
+++ b/utils/tssauth12.c
@@ -0,0 +1,746 @@
+/********************************************************************************/
+/*										*/
+/*			     TPM 1.2 TSS Authorization				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This layer handles command and response packet authorization parameters. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+#include <ibmtss/tsstransmit.h>
+#include "tssproperties.h"
+#include <ibmtss/tssresponsecode.h>
+
+#include <ibmtss/tpmtypes12.h>
+#include <ibmtss/tpmconstants12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+#include "tssauth12.h"
+
+extern int tssVerbose;
+extern int tssVverbose;
+
+typedef struct MARSHAL_TABLE {
+    TPM_CC 			commandCode;
+    const char 			*commandText;
+    MarshalInFunction_t 	marshalInFunction;	/* marshal input command */
+    UnmarshalOutFunction_t 	unmarshalOutFunction;	/* unmarshal output response */
+#ifndef TPM_TSS_NOCMDCHECK
+    UnmarshalInFunction_t	unmarshalInFunction;	/* unmarshal input command for parameter
+							   checking */
+#endif
+} MARSHAL_TABLE;
+
+static const MARSHAL_TABLE marshalTable12 [] = {
+				 
+    {TPM_ORD_ActivateIdentity,"TPM_ORD_ActivateIdentity",
+     (MarshalInFunction_t)TSS_ActivateIdentity_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ActivateIdentity_Out_Unmarshalu,
+     (UnmarshalInFunction_t)ActivateIdentity_In_Unmarshal},
+
+    {TPM_ORD_ContinueSelfTest,"TPM_ORD_ContinueSelfTest",
+     (MarshalInFunction_t)NULL,
+     (UnmarshalOutFunction_t)NULL,
+     (UnmarshalInFunction_t)NULL},
+
+    {TPM_ORD_CreateEndorsementKeyPair,"TPM_ORD_CreateEndorsementKeyPair",
+     (MarshalInFunction_t)TSS_CreateEndorsementKeyPair_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_CreateEndorsementKeyPair_Out_Unmarshalu,
+     (UnmarshalInFunction_t)CreateEndorsementKeyPair_In_Unmarshal},
+
+    {TPM_ORD_CreateWrapKey,"TPM_ORD_CreateWrapKey",
+     (MarshalInFunction_t)TSS_CreateWrapKey_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_CreateWrapKey_Out_Unmarshalu,
+     (UnmarshalInFunction_t)CreateWrapKey_In_Unmarshal},
+
+    {TPM_ORD_Extend,"TPM_ORD_Extend",
+     (MarshalInFunction_t)TSS_Extend_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Extend_Out_Unmarshalu,
+     (UnmarshalInFunction_t)Extend_In_Unmarshal},
+
+    {TPM_ORD_FlushSpecific,"TPM_ORD_FlushSpecific",
+     (MarshalInFunction_t)TSS_FlushSpecific_In_Marshalu,
+     (UnmarshalOutFunction_t)NULL,
+     (UnmarshalInFunction_t)FlushSpecific_In_Unmarshal},
+
+    {TPM_ORD_GetCapability,"TPM_ORD_GetCapability",
+     (MarshalInFunction_t)TSS_GetCapability12_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_GetCapability12_Out_Unmarshalu,
+     (UnmarshalInFunction_t)GetCapability12_In_Unmarshal},
+
+    {TPM_ORD_LoadKey2,"TPM_ORD_LoadKey2",
+     (MarshalInFunction_t)TSS_LoadKey2_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_LoadKey2_Out_Unmarshalu,
+     (UnmarshalInFunction_t)LoadKey2_In_Unmarshal},
+
+    {TPM_ORD_MakeIdentity,"TPM_ORD_MakeIdentity",
+     (MarshalInFunction_t)TSS_MakeIdentity_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_MakeIdentity_Out_Unmarshalu,
+     (UnmarshalInFunction_t)MakeIdentity_In_Unmarshal},
+
+    {TPM_ORD_NV_DefineSpace,"TPM_ORD_NV_DefineSpace",
+     (MarshalInFunction_t)TSS_NV_DefineSpace12_In_Marshalu,
+     NULL,
+     (UnmarshalInFunction_t)NV_DefineSpace12_In_Unmarshal},
+
+    {TPM_ORD_NV_ReadValueAuth,"TPM_ORD_NV_ReadValueAuth",
+     (MarshalInFunction_t)TSS_NV_ReadValueAuth_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_NV_ReadValueAuth_Out_Unmarshalu,
+     (UnmarshalInFunction_t)NV_ReadValueAuth_In_Unmarshal},
+
+    {TPM_ORD_NV_ReadValue,"TPM_ORD_NV_ReadValue",
+     (MarshalInFunction_t)TSS_NV_ReadValue_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_NV_ReadValue_Out_Unmarshalu,
+     (UnmarshalInFunction_t)NV_ReadValue_In_Unmarshal},
+
+    {TPM_ORD_NV_WriteValue,"TPM_ORD_NV_WriteValue",
+     (MarshalInFunction_t)TSS_NV_WriteValue_In_Marshalu,
+     NULL,
+     (UnmarshalInFunction_t)NV_WriteValue_In_Unmarshal},
+
+    {TPM_ORD_NV_WriteValueAuth,"TPM_ORD_NV_WriteValueAuth",
+     (MarshalInFunction_t)TSS_NV_WriteValueAuth_In_Marshalu,
+     NULL,
+     (UnmarshalInFunction_t)NV_WriteValueAuth_In_Unmarshal},
+
+    {TPM_ORD_OIAP,"TPM_ORD_OIAP",
+     (MarshalInFunction_t)NULL,
+     (UnmarshalOutFunction_t)TSS_OIAP_Out_Unmarshalu,
+     (UnmarshalInFunction_t)NULL},
+
+    {TPM_ORD_OSAP,"TPM_ORD_OSAP",
+     (MarshalInFunction_t)TSS_OSAP_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_OSAP_Out_Unmarshalu,
+     (UnmarshalInFunction_t)OSAP_In_Unmarshal},
+
+    {TPM_ORD_OwnerReadInternalPub,"TPM_ORD_OwnerReadInternalPub",
+     (MarshalInFunction_t)TSS_OwnerReadInternalPub_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_OwnerReadInternalPub_Out_Unmarshalu,
+     (UnmarshalInFunction_t)OwnerReadInternalPub_In_Unmarshal},
+
+    {TPM_ORD_OwnerSetDisable,"TPM_ORD_OwnerSetDisable",
+     (MarshalInFunction_t)TSS_OwnerSetDisable_In_Marshalu,
+     NULL,
+     (UnmarshalInFunction_t)OwnerSetDisable_In_Unmarshal},
+
+    {TPM_ORD_MakeIdentity,"TPM_ORD_MakeIdentity",
+     (MarshalInFunction_t)TSS_MakeIdentity_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_MakeIdentity_Out_Unmarshalu,
+     (UnmarshalInFunction_t)MakeIdentity_In_Unmarshal},
+
+    {TPM_ORD_PcrRead,"TPM_ORD_PcrRead",
+     (MarshalInFunction_t)TSS_PcrRead12_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PcrRead12_Out_Unmarshalu,
+     (UnmarshalInFunction_t)PcrRead12_In_Unmarshal},
+
+    {TPM_ORD_PCR_Reset,"TPM_ORD_PCR_Reset",
+     (MarshalInFunction_t)TSS_PCR_Reset12_In_Marshalu,
+     NULL,
+     (UnmarshalInFunction_t)PCR_Reset12_In_Unmarshal},
+
+    {TPM_ORD_Quote2,"TPM_ORD_Quote2",
+     (MarshalInFunction_t)TSS_Quote2_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Quote2_Out_Unmarshalu,
+     (UnmarshalInFunction_t)Quote2_In_Unmarshal},
+
+    {TPM_ORD_ReadPubek,"TPM_ORD_ReadPubek",
+     (MarshalInFunction_t)TSS_ReadPubek_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ReadPubek_Out_Unmarshalu,
+     (UnmarshalInFunction_t)ReadPubek_In_Unmarshal},
+
+    {TPM_ORD_Sign,"TPM_ORD_Sign",
+     (MarshalInFunction_t)TSS_Sign12_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Sign12_Out_Unmarshalu,
+     (UnmarshalInFunction_t)Sign12_In_Unmarshal},
+
+    {TPM_ORD_Startup,"TPM_ORD_Startup",
+     (MarshalInFunction_t)TSS_Startup12_In_Marshalu,
+     NULL,
+     (UnmarshalInFunction_t)Startup12_In_Unmarshal},
+
+    {TPM_ORD_TakeOwnership,"TPM_ORD_TakeOwnership",
+     (MarshalInFunction_t)TSS_TakeOwnership_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_TakeOwnership_Out_Unmarshalu,
+     (UnmarshalInFunction_t)TakeOwnership_In_Unmarshal},
+
+     {TPM_ORD_Init,"TPM_ORD_Init",
+     NULL,
+     NULL,
+     NULL},
+};
+
+/* TSS_MarshalTable12_Process() indexes into the command marshal table, and saves the marshal and
+   unmarshal functions */
+
+
+static TPM_RC TSS_MarshalTable12_Process(TSS_AUTH_CONTEXT *tssAuthContext,
+					 TPM_CC commandCode)
+{
+    TPM_RC rc = 0;
+    size_t index;
+    int found = FALSE;
+
+    /* get the command index in the dispatch table */
+    for (index = 0 ; index < (sizeof(marshalTable12) / sizeof(MARSHAL_TABLE)) ; (index)++) {
+	if (marshalTable12[index].commandCode == commandCode) {
+	    found = TRUE;
+	    break;
+	}
+    }
+    if (found) {
+	tssAuthContext->commandCode = commandCode;
+	tssAuthContext->commandText = marshalTable12[index].commandText;
+	tssAuthContext->marshalInFunction = marshalTable12[index].marshalInFunction;
+	tssAuthContext->unmarshalOutFunction = marshalTable12[index].unmarshalOutFunction;
+#ifndef TPM_TSS_NOCMDCHECK
+	tssAuthContext->unmarshalInFunction = marshalTable12[index].unmarshalInFunction;
+#endif
+    }
+    else {
+	if (tssVerbose) printf("TSS_MarshalTable12_Process: "
+			       "commandCode %08x not found in marshal table\n",
+			       commandCode);
+	rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+    }
+    return rc;
+}
+
+/* TSS_Marshal12() marshals the input parameters into the TSS Authorization context.
+
+   It also sets other member of the context in preparation for the rest of the sequence.  
+*/
+
+TPM_RC TSS_Marshal12(TSS_AUTH_CONTEXT *tssAuthContext,
+		     COMMAND_PARAMETERS *in,
+		     TPM_CC commandCode)
+{
+    TPM_RC 		rc = 0;
+    TPM_TAG 		tag = TPM_TAG_RQU_COMMAND;	/* default until sessions are added */
+    uint8_t 		*buffer;			/* for marshaling */
+    uint8_t 		*bufferu;			/* for test unmarshaling */
+    uint32_t 		size;
+    
+    /* index from command code to table and save marshal and unmarshal functions for this command */
+    if (rc == 0) {
+	rc = TSS_MarshalTable12_Process(tssAuthContext, commandCode);
+    }
+    /* get the number of command and response handles from the TPM table */
+    if (rc == 0) {
+	tssAuthContext->tpmCommandIndex = CommandCodeToCommandIndex12(commandCode);
+	if (tssAuthContext->tpmCommandIndex == UNIMPLEMENTED_COMMAND_INDEX) {
+	    if (tssVerbose) printf("TSS_Marshal12: "
+				   "commandCode %08x not found in command attributes table\n",
+				   commandCode);
+	    rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+	}
+    }
+    if (rc == 0) {
+	tssAuthContext->commandHandleCount =
+	    getCommandHandleCount12(tssAuthContext->tpmCommandIndex);
+	tssAuthContext->responseHandleCount =
+	    getresponseHandleCount12(tssAuthContext->tpmCommandIndex);
+    }
+    if (rc == 0) {
+	/* make a copy of the command buffer and size since the marshal functions move them */
+	buffer = tssAuthContext->commandBuffer;
+	size = MAX_COMMAND_SIZE;
+	/* marshal header, preliminary tag and command size */
+	rc = TSS_UINT16_Marshalu(&tag, &tssAuthContext->commandSize, &buffer, &size);
+    }
+    if (rc == 0) {
+	uint32_t commandSize = tssAuthContext->commandSize;
+	rc = TSS_UINT32_Marshalu(&commandSize, &tssAuthContext->commandSize, &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&commandCode, &tssAuthContext->commandSize, &buffer, &size);
+    }    
+    if (rc == 0) {
+	/* save pointer to marshaled data for test unmarshal */
+	bufferu = buffer +
+		  tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE);
+	/* if there is a marshal function */
+	if (tssAuthContext->marshalInFunction != NULL) {
+	    /* if there is a structure to marshal */
+	    if (in != NULL) {
+		rc = tssAuthContext->marshalInFunction(in, &tssAuthContext->commandSize,
+						       &buffer, &size);
+	    }
+	    /* caller error, no structure supplied to marshal */
+	    else {
+		if (tssVerbose)
+		    printf("TSS_Marshal12: Command %08x requires command parameter structure\n",
+			   commandCode);
+		rc = TSS_RC_IN_PARAMETER;	
+	    }
+	}
+	/* if there is no marshal function */
+	else {
+	    /* caller error, supplied structure but there is no marshal function */
+	    if (in != NULL) {
+		if (tssVerbose)
+		    printf("TSS_Marshal12: Command %08x does not take command parameter structure\n",
+			   commandCode);
+		rc = TSS_RC_IN_PARAMETER;	
+	    }
+	    /* no marshal function and no command parameter structure is OK */
+	}
+    }
+#ifndef TPM_TSS_NOCMDCHECK
+    /* unmarshal to validate the input parameters */
+    if ((rc == 0) && (tssAuthContext->unmarshalInFunction != NULL)) {
+	COMMAND_PARAMETERS target;
+	TPM_HANDLE 	handles[MAX_HANDLE_NUM];
+	size = MAX_COMMAND_SIZE;
+	rc = tssAuthContext->unmarshalInFunction(&target, &bufferu, &size, handles);
+	if ((rc != 0) && tssVerbose) {
+	    printf("TSS_Marshal12: Invalid command parameter\n");
+	}
+    }
+#endif
+    /* back fill the correct commandSize */
+    if (rc == 0) {
+	uint16_t written = 0;		/* dummy */
+	uint32_t commandSize = tssAuthContext->commandSize;
+	buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG);
+	TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL);
+    }
+    /* record the interim cpBuffer and cpBufferSize before adding authorizations */
+    if (rc == 0) {
+	uint32_t notCpBufferSize;
+	
+	/* cpBuffer does not include the header and handles */
+	notCpBufferSize = sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) +
+			  (sizeof(TPM_HANDLE) * tssAuthContext->commandHandleCount);
+
+	tssAuthContext->cpBuffer = tssAuthContext->commandBuffer + notCpBufferSize;
+	tssAuthContext->cpBufferSize = tssAuthContext->commandSize - notCpBufferSize;
+    }
+    return rc;
+}
+
+/* TSS_Unmarshal12() unmarshals the response parameter.
+
+   It returns an error if either there is no unmarshal function and out is not NULL or if there is
+   an unmarshal function and out is not NULL.
+
+   If there is no unmarshal function and out is NULL, the function is a noop.
+*/
+
+TPM_RC TSS_Unmarshal12(TSS_AUTH_CONTEXT *tssAuthContext,
+		       RESPONSE_PARAMETERS *out)
+{
+    TPM_RC 	rc = 0;
+    TPM_TAG 	tag;
+    uint8_t 	*buffer;    
+    uint32_t 	size;
+
+    /* if there is an unmarshal function */
+    if (tssAuthContext->unmarshalOutFunction != NULL) {
+	/* if there is a structure to unmarshal */
+	if (out != NULL) {
+	    if (rc == 0) {
+		/* get the response tag, determines whether there are response authorizations to
+		   unmarshal */
+		/* tag not required for TPM 1.2, where there is no parameterSize to skip, but the
+		   response unmarshal function uses a common prototype */
+		buffer = tssAuthContext->responseBuffer;
+		size = tssAuthContext->responseSize;
+		rc = TSS_TPM_TAG_Unmarshalu(&tag, &buffer, &size);
+	    }
+	    if (rc == 0) {
+		/* move the buffer and size past the header */
+		buffer = tssAuthContext->responseBuffer +
+			 sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC);
+		size = tssAuthContext->responseSize -
+		       (sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC));
+		rc = tssAuthContext->unmarshalOutFunction(out, tag, &buffer, &size);
+	    }
+	}
+	/* caller error, no structure supplied to unmarshal */
+	else {
+	    if (tssVerbose)
+		printf("TSS_Unmarshal12: Command %08x requires response parameter structure\n",
+		       tssAuthContext->commandCode);
+	    rc = TSS_RC_OUT_PARAMETER;
+	}
+    }
+    /* if there is no unmarshal function */
+    else {
+	/* caller error, structure supplied but no unmarshal function */
+	if (out != NULL) {
+	    if (tssVerbose)
+		printf("TSS_Unmarshal12: Command %08x does not take response parameter structure\n",
+		       tssAuthContext->commandCode);
+	    rc = TSS_RC_OUT_PARAMETER;
+	}
+	/* no unmarshal function and no response parameter structure is OK */
+    }
+    return rc;
+}
+
+/* TSS_SetCmdAuths12() appends a list of TPMS_AUTH12_COMMAND structures to the command buffer.  It
+   back fills the tag and paramSize.
+
+*/
+
+TPM_RC TSS_SetCmdAuths12(TSS_AUTH_CONTEXT 	*tssAuthContext,
+			 size_t 		numSessions,
+			 TPMS_AUTH12_COMMAND 	*authC[])
+{
+    TPM_RC 		rc = 0;
+    size_t		i = 0;
+    TPM_TAG 		tag;
+    uint32_t 		cpBufferSize;
+    uint8_t 		*cpBuffer;
+    uint8_t 		*buffer;
+
+    if (rc == 0) {
+	/* record the number of authorizations for the response */
+	tssAuthContext->authCount = numSessions;
+	switch (numSessions) {
+	  case 0:
+	    tag = TPM_TAG_RQU_COMMAND;
+	    break;
+	  case 1:
+	    tag = TPM_TAG_RQU_AUTH1_COMMAND;
+	    break;
+	  case 2:
+	    tag = TPM_TAG_RQU_AUTH2_COMMAND;
+	    break;
+	  default:
+	    if (tssVerbose) printf("TSS_SetCmdAuths12: Invalid number of sessions %u\n",
+				   (unsigned int)numSessions);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    /* back fill the tag */
+    if (rc == 0) {
+	uint16_t written = 0;		/* dummy */
+	buffer = tssAuthContext->commandBuffer;
+	TSS_UINT16_Marshalu(&tag, &written, &buffer, NULL);
+    }
+    /* get cpBuffer, command parameters */
+    if (rc == 0) {
+	rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer);
+    }
+    /* index to the beginning of the authorization area, and range check the command buffer */
+    if (rc == 0) {
+	cpBuffer += cpBufferSize;
+    }
+    for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) {
+	uint16_t written = 0;
+	uint32_t size = MAX_COMMAND_SIZE - cpBufferSize;
+	/* marshal authHandle */
+	if (rc == 0) {
+	    rc = TSS_UINT32_Marshalu(&authC[i]->sessionHandle, &written, &cpBuffer, &size); 
+	}
+	/* marshal nonceOdd */
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(authC[i]->nonce, SHA1_DIGEST_SIZE,
+				   &written, &cpBuffer, &size); 
+	}
+	/* marshal attributes */
+	if (rc == 0) {
+	    rc = TSS_UINT8_Marshalu(&authC[i]->sessionAttributes.val, &written, &cpBuffer, &size);
+	}
+	/* marshal HMAC */
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(authC[i]->hmac, SHA1_DIGEST_SIZE,
+				   &written, &cpBuffer, &size); 
+	}
+    }	
+    if (rc == 0) {
+	uint16_t written = 0;		/* dummy */
+	uint32_t commandSize;
+	/* record command stream used size */
+	tssAuthContext->commandSize = cpBuffer - tssAuthContext->commandBuffer;
+	/* back fill the correct commandSize */
+	buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG);
+	commandSize = tssAuthContext->commandSize;
+	TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL);
+    }
+    return rc;
+}
+
+/* TSS_GetRspAuths12() unmarshals a response buffer into a list of list of TPMS_AUTH12_RESPONSE
+   structures.  This should not be called if the TPM returned a non-success response code.
+
+   Returns an error if the number of response auths requested is not equal to the number of command
+   auths, including zero.
+
+   If the response tag is TPM_TAG_RSP_COMMAND, the function is a noop (except for error checking).
+*/
+
+TPM_RC TSS_GetRspAuths12(TSS_AUTH_CONTEXT 	*tssAuthContext,
+			 size_t 		numSessions,
+			 TPMS_AUTH12_RESPONSE	*authR[])
+{
+    TPM_RC 	rc = 0;
+    size_t	i;
+    TPM_TAG 	tag;
+    uint32_t 	oneAuthAreaSize = SHA1_DIGEST_SIZE + 1 + SHA1_DIGEST_SIZE;
+    uint32_t 	authBufferSize;
+    uint8_t 	*authBuffer;
+
+    /* range check the response buffer size before the subtraction below */
+    if (rc == 0) {
+	if ((sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC) +
+	     (numSessions * oneAuthAreaSize)) <= tssAuthContext->responseSize) {
+	    authBufferSize = tssAuthContext->responseSize -
+			     (sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RC));  
+	}
+	else {
+	    if (tssVerbose) printf("TSS_GetRspAuths12: Invalid response size %u\n",
+				   (unsigned int)tssAuthContext->responseSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    /* unmarshal the response tag */
+    if (rc == 0) {
+	uint32_t size = tssAuthContext->responseSize;
+  	uint8_t *buffer = tssAuthContext->responseBuffer;
+	rc = TSS_TPM_TAG_Unmarshalu(&tag, &buffer, &size);
+    }
+    /* sanity check the response tag, range checking below */
+    if (rc == 0) {
+	switch (tag) {
+	  case TPM_TAG_RSP_COMMAND:
+	    if (numSessions != 0) {
+		if (tssVerbose) printf("TSS_GetRspAuths12: Invalid number of sessions %u\n",
+				       (unsigned int)numSessions);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	    break;
+	  case TPM_TAG_RSP_AUTH1_COMMAND:
+	    authBuffer = tssAuthContext->responseBuffer + tssAuthContext->responseSize 	/* end */
+			 - oneAuthAreaSize;	/* minus one auth area */
+	    authBufferSize = oneAuthAreaSize;
+	    if (numSessions != 1) {
+		if (tssVerbose) printf("TSS_GetRspAuths12: Invalid number of sessions %u\n",
+				       (unsigned int)numSessions);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	    break;
+	  case TPM_TAG_RSP_AUTH2_COMMAND:
+	    authBuffer = tssAuthContext->responseBuffer + tssAuthContext->responseSize 	/* end */
+			 - oneAuthAreaSize - oneAuthAreaSize ;	/* minus two auth areas */
+	    authBufferSize = oneAuthAreaSize + oneAuthAreaSize;
+	    if (numSessions != 2) {
+		if (tssVerbose) printf("TSS_GetRspAuths12: Invalid number of sessions %u\n",
+				       (unsigned int)numSessions);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	    break;
+	  default:
+	    if (tssVerbose) printf("TSS_GetRspAuths12: Bad tag %04x\n", tag);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	    break;
+	}
+    }
+    /* unmarshal into the TPMS_AUTH12_RESPONSE structures */
+    for (i = 0 ; (rc == 0) && (i < numSessions) ; i++) {
+	/* TPM 1.2 has fixed size auth area - nonceEven + continue + auth HMAC */
+	if (rc == 0) {
+	    rc = TSS_Array_Unmarshalu(authR[i]->nonce,
+				     SHA1_DIGEST_SIZE, &authBuffer, &authBufferSize);
+	}	
+	if (rc == 0) {
+	    rc = TSS_UINT8_Unmarshalu(&authR[i]->sessionAttributes.val, &authBuffer, &authBufferSize);
+	}	
+	if (rc == 0) {
+	    rc = TSS_Array_Unmarshalu(authR[i]->hmac,
+				     SHA1_DIGEST_SIZE, &authBuffer, &authBufferSize);
+	}	
+    }	
+    return rc;
+}
+
+/* TSS_GetRpBuffer12() returns a pointer to the response parameter area.
+
+   NOTE could move to execute so it only has to be done once.
+*/
+
+TPM_RC TSS_GetRpBuffer12(TSS_AUTH_CONTEXT *tssAuthContext,
+			 uint32_t 	*rpBufferSize,
+			 uint8_t 	**rpBuffer,
+			 size_t		numSessions)
+{
+    TPM_RC 	rc = 0;
+    uint32_t	headerSize = sizeof(TPM_TAG) + sizeof (uint32_t) + sizeof(TPM_RC) +
+			     (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount);
+    uint32_t 	oneAuthAreaSize = SHA1_DIGEST_SIZE + 1 + SHA1_DIGEST_SIZE;
+    
+    if (rc == 0) {
+	*rpBuffer = tssAuthContext->responseBuffer + headerSize;
+
+	if (headerSize + (numSessions * oneAuthAreaSize) <= tssAuthContext->responseSize) {
+	    *rpBufferSize =
+		tssAuthContext->responseSize - headerSize - (numSessions * oneAuthAreaSize);
+	}
+	else {
+	    if (tssVerbose) printf("TSS_GetRpBuffer12: "
+				   "response size %u too small for number of sessions %u\n",
+				   tssAuthContext->responseSize, (unsigned int)numSessions);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    return rc;
+}
+
+/* TSS_SetEncAuth() are called from the TPM 1.2 command pre-processor to record the location(s) of
+   the encrypted authorizations.
+
+   Cannot range check here, because command parameters have not been marshaled yet.
+   
+   NOTE: This is a bit of a hack, depending on the location being a fixed distance from the
+   beginning or end of the command buffer.  It could break if there is both a variable size argument
+   before and a variable number of authorizations or variable size argument after the location.
+
+   If this occurs, the pointers nust be set during marshaling, but this is more intrusive, requiring
+   TSS_AUTH_CONTEXT to be passed into the marshaling code.
+
+*/
+
+TPM_RC TSS_SetEncAuthOffset0(TSS_AUTH_CONTEXT *tssAuthContext,
+			     int16_t offset)
+{
+    tssAuthContext->encAuthOffset0 = offset;
+    return 0;
+}
+TPM_RC TSS_SetEncAuthOffset1(TSS_AUTH_CONTEXT *tssAuthContext,
+			     int16_t offset)
+{
+    tssAuthContext->encAuthOffset1 = offset;
+    return 0;
+}
+TPM_RC TSS_GetEncAuths(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint8_t		**encAuth0,
+		       uint8_t		**encAuth1)
+{
+    TPM_RC rc = 0;
+    
+    if (tssAuthContext->encAuthOffset0 > 0) {
+	if ((uint16_t)tssAuthContext->encAuthOffset0 < tssAuthContext->cpBufferSize) {
+	    *encAuth0 = tssAuthContext->commandBuffer + tssAuthContext->encAuthOffset0;
+	}
+	else {
+	    if (tssVerbose) printf("TSS_GetEncAuths: "
+				   "encAuthOffset0 %d too large for command buffer %u\n",
+				   tssAuthContext->encAuthOffset0, tssAuthContext->cpBufferSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    else if (tssAuthContext->encAuthOffset0 < 0) {
+	if ((uint16_t)(-tssAuthContext->encAuthOffset0) < tssAuthContext->commandSize) {
+	    *encAuth0 = tssAuthContext->commandBuffer +
+			tssAuthContext->commandSize + tssAuthContext->encAuthOffset0;
+	}
+	else {
+	    if (tssVerbose) printf("TSS_GetEncAuths: "
+				   "encAuthOffset0 %d too large for command buffer %u\n",
+				   tssAuthContext->encAuthOffset0, tssAuthContext->commandSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    else {
+	*encAuth0 = NULL;
+    }
+    if (tssAuthContext->encAuthOffset1 > 0) {
+	if ((uint16_t)tssAuthContext->encAuthOffset1 < tssAuthContext->cpBufferSize) {
+	    *encAuth1 = tssAuthContext->commandBuffer + tssAuthContext->encAuthOffset1;
+	}
+	else {
+	    if (tssVerbose) printf("TSS_GetEncAuths: "
+				   "encAuthOffset1 %u too large for command buffer %u\n",
+				   tssAuthContext->encAuthOffset1, tssAuthContext->cpBufferSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    else if (tssAuthContext->encAuthOffset1 < 0) {
+	if ((uint16_t)(-tssAuthContext->encAuthOffset1) < tssAuthContext->commandSize) {
+	    *encAuth1 = tssAuthContext->commandBuffer +
+			tssAuthContext->commandSize + tssAuthContext->encAuthOffset1;
+	}
+	else {
+	    if (tssVerbose) printf("TSS_GetEncAuths: "
+				   "encAuthOffset1 %d too large for command buffer %u\n",
+				   tssAuthContext->encAuthOffset1, tssAuthContext->commandSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    else {
+	*encAuth1 = NULL;
+    }
+    return rc;
+}
+
+TPM_RC TSS_SetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext,
+			   uint16_t sessionNumber)
+{
+    TPM_RC	rc = 0;
+    
+    tssAuthContext->sessionNumber = sessionNumber;
+    if (sessionNumber > 1) {
+	if (tssVerbose) printf("TSS_SetSessionNumber: %u out of range\n",
+			       sessionNumber);
+	rc = TSS_RC_SESSION_NUMBER;
+    }
+    return rc;
+}
+TPM_RC TSS_GetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext,
+			    uint16_t *sessionNumber)
+{
+    *sessionNumber = tssAuthContext->sessionNumber;
+    return 0;
+}
diff --git a/utils/tssauth12.h b/utils/tssauth12.h
new file mode 100644
index 000000000..9cc898c34
--- /dev/null
+++ b/utils/tssauth12.h
@@ -0,0 +1,94 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Authorization 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: tssauth12.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is not a public header.  It should not be used by applications. */
+
+#ifndef TSS_AUTH12_H
+#define TSS_AUTH12_H
+
+#include <ibmtss/tss.h>
+#include "Commands12_fp.h"
+#include "tssccattributes12.h"
+
+/* command and response authorization structures adapted for TPM 1.2 */
+
+typedef struct {
+    TPM_AUTHHANDLE 	sessionHandle;		/* the session handle */
+    TPM_NONCE		nonce;			/* the session nonce, may be the Empty Buffer */
+    TPMA_SESSION	sessionAttributes;	/* the session attributes */
+    TPM_AUTHDATA	hmac;			/* authorization HMAC */
+} TPMS_AUTH12_COMMAND;
+
+
+typedef struct {
+    TPM_NONCE		nonce;			/* the session nonce, may be the Empty Buffer */
+    TPMA_SESSION	sessionAttributes;	/* the session attributes */
+    TPM_AUTHDATA 	hmac;			/* authorization HMAC */
+} TPMS_AUTH12_RESPONSE;
+
+TPM_RC TSS_Marshal12(TSS_AUTH_CONTEXT *tssAuthContext,
+		     COMMAND_PARAMETERS *in,
+		     TPM_CC commandCode);
+
+TPM_RC TSS_Unmarshal12(TSS_AUTH_CONTEXT *tssAuthContext,
+		     RESPONSE_PARAMETERS *out);
+
+TPM_RC TSS_SetCmdAuths12(TSS_AUTH_CONTEXT 	*tssAuthContext,
+			 size_t			numSessions,
+			 TPMS_AUTH12_COMMAND 	*authC[]);
+TPM_RC TSS_GetRspAuths12(TSS_AUTH_CONTEXT *tssAuthContext,
+			 size_t 		numSessions,
+			 TPMS_AUTH12_RESPONSE	*authR[]);
+TPM_RC TSS_GetRpBuffer12(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint32_t *rpBufferSize,
+			 uint8_t **rpBuffer,
+			 size_t	numSessions);
+TPM_RC TSS_SetEncAuthOffset0(TSS_AUTH_CONTEXT *tssAuthContext,
+			     int16_t offset);
+TPM_RC TSS_SetEncAuthOffset1(TSS_AUTH_CONTEXT *tssAuthContext,
+			     int16_t offset);
+TPM_RC TSS_GetEncAuths(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint8_t		**encAuth0,
+		       uint8_t		**encAuth1);
+TPM_RC TSS_SetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext,
+			    uint16_t sessionNumber);
+TPM_RC TSS_GetSessionNumber(TSS_AUTH_CONTEXT *tssAuthContext,
+			    uint16_t *sessionNumber);
+
+#endif
diff --git a/utils/tssauth20.c b/utils/tssauth20.c
new file mode 100644
index 000000000..fca157f95
--- /dev/null
+++ b/utils/tssauth20.c
@@ -0,0 +1,1542 @@
+/********************************************************************************/
+/*										*/
+/*			     TPM 2.0 TSS Authorization				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This layer handles command and response packet authorization parameters. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tsstransmit.h>
+#include "tssproperties.h"
+#include <ibmtss/tssresponsecode.h>
+
+#include "tssntc.h"
+#include "tssauth.h"
+#include "tssauth20.h"
+
+extern int tssVerbose;
+extern int tssVverbose;
+
+typedef struct MARSHAL_TABLE {
+    TPM_CC 			commandCode;
+    const char 			*commandText;
+    MarshalInFunction_t 	marshalInFunction;	/* marshal input command */
+    UnmarshalOutFunction_t 	unmarshalOutFunction;	/* unmarshal output response */
+#ifndef TPM_TSS_NOCMDCHECK
+    UnmarshalInFunction_t	unmarshalInFunction;	/* unmarshal input command for parameter
+							   checking */
+#endif
+} MARSHAL_TABLE;
+
+static const MARSHAL_TABLE marshalTable [] = {
+				 
+    {TPM_CC_Startup, "TPM2_Startup",
+     (MarshalInFunction_t)TSS_Startup_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Startup_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Shutdown, "TPM2_Shutdown",
+     (MarshalInFunction_t)TSS_Shutdown_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Shutdown_In_Unmarshal
+#endif
+    },
+    {TPM_CC_SelfTest, "TPM2_SelfTest",
+     (MarshalInFunction_t)TSS_SelfTest_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)SelfTest_In_Unmarshal
+#endif
+    },
+    {TPM_CC_IncrementalSelfTest, "TPM2_IncrementalSelfTest",
+     (MarshalInFunction_t)TSS_IncrementalSelfTest_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_IncrementalSelfTest_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)IncrementalSelfTest_In_Unmarshal
+#endif
+    },
+    {TPM_CC_GetTestResult, "TPM2_GetTestResult",
+     NULL,
+     (UnmarshalOutFunction_t)TSS_GetTestResult_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,NULL
+#endif
+    },
+    {TPM_CC_StartAuthSession, "TPM2_StartAuthSession",
+     (MarshalInFunction_t)TSS_StartAuthSession_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_StartAuthSession_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)StartAuthSession_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyRestart, "TPM2_PolicyRestart",
+     (MarshalInFunction_t)TSS_PolicyRestart_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyRestart_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Create, "TPM2_Create",
+     (MarshalInFunction_t)TSS_Create_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Create_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Create_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Load, "TPM2_Load",
+     (MarshalInFunction_t)TSS_Load_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Load_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Load_In_Unmarshal
+#endif
+    },
+    {TPM_CC_LoadExternal, "TPM2_LoadExternal",
+     (MarshalInFunction_t)TSS_LoadExternal_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_LoadExternal_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)LoadExternal_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ReadPublic, "TPM2_ReadPublic",
+     (MarshalInFunction_t)TSS_ReadPublic_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ReadPublic_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ReadPublic_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ActivateCredential, "TPM2_ActivateCredential",
+     (MarshalInFunction_t)TSS_ActivateCredential_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ActivateCredential_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ActivateCredential_In_Unmarshal
+#endif
+    },
+    {TPM_CC_MakeCredential, "TPM2_MakeCredential",
+     (MarshalInFunction_t)TSS_MakeCredential_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_MakeCredential_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)MakeCredential_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Unseal, "TPM2_Unseal",
+     (MarshalInFunction_t)TSS_Unseal_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Unseal_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Unseal_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ObjectChangeAuth, "TPM2_ObjectChangeAuth",
+     (MarshalInFunction_t)TSS_ObjectChangeAuth_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ObjectChangeAuth_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ObjectChangeAuth_In_Unmarshal
+#endif
+    },
+    {TPM_CC_CreateLoaded, "TPM2_CreateLoaded",
+     (MarshalInFunction_t)TSS_CreateLoaded_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_CreateLoaded_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)CreateLoaded_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Duplicate, "TPM2_Duplicate",
+     (MarshalInFunction_t)TSS_Duplicate_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Duplicate_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Duplicate_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Rewrap, "TPM2_Rewrap",
+     (MarshalInFunction_t)TSS_Rewrap_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Rewrap_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Rewrap_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Import, "TPM2_Import",
+     (MarshalInFunction_t)TSS_Import_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Import_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Import_In_Unmarshal
+#endif
+    },
+    {TPM_CC_RSA_Encrypt, "TPM2_RSA_Encrypt",
+     (MarshalInFunction_t)TSS_RSA_Encrypt_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_RSA_Encrypt_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)RSA_Encrypt_In_Unmarshal
+#endif
+    },
+    {TPM_CC_RSA_Decrypt, "TPM2_RSA_Decrypt",
+     (MarshalInFunction_t)TSS_RSA_Decrypt_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_RSA_Decrypt_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)RSA_Decrypt_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ECDH_KeyGen, "TPM2_ECDH_KeyGen",
+     (MarshalInFunction_t)TSS_ECDH_KeyGen_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ECDH_KeyGen_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ECDH_KeyGen_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ECDH_ZGen, "TPM2_ECDH_ZGen",
+     (MarshalInFunction_t)TSS_ECDH_ZGen_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ECDH_ZGen_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ECDH_ZGen_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ECC_Parameters, "TPM2_ECC_Parameters",
+     (MarshalInFunction_t)TSS_ECC_Parameters_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ECC_Parameters_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ECC_Parameters_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ZGen_2Phase, "TPM2_ZGen_2Phase",
+     (MarshalInFunction_t)TSS_ZGen_2Phase_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ZGen_2Phase_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ZGen_2Phase_In_Unmarshal
+#endif
+    },
+    {TPM_CC_EncryptDecrypt, "TPM2_EncryptDecrypt",
+     (MarshalInFunction_t)TSS_EncryptDecrypt_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_EncryptDecrypt_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)EncryptDecrypt_In_Unmarshal
+#endif
+    },
+    {TPM_CC_EncryptDecrypt2, "TPM2_EncryptDecrypt2",
+     (MarshalInFunction_t)TSS_EncryptDecrypt2_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_EncryptDecrypt2_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)EncryptDecrypt2_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Hash, "TPM2_Hash",
+     (MarshalInFunction_t)TSS_Hash_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Hash_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Hash_In_Unmarshal
+#endif
+    },
+    {TPM_CC_HMAC, "TPM2_HMAC",
+     (MarshalInFunction_t)TSS_HMAC_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_HMAC_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)HMAC_In_Unmarshal
+#endif
+    },
+    {TPM_CC_GetRandom, "TPM2_GetRandom",
+     (MarshalInFunction_t)TSS_GetRandom_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_GetRandom_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)GetRandom_In_Unmarshal
+#endif
+    },
+    {TPM_CC_StirRandom, "TPM2_StirRandom",
+     (MarshalInFunction_t)TSS_StirRandom_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)StirRandom_In_Unmarshal
+#endif
+    },
+    {TPM_CC_HMAC_Start, "TPM2_HMAC_Start",
+     (MarshalInFunction_t)TSS_HMAC_Start_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_HMAC_Start_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)HMAC_Start_In_Unmarshal
+#endif
+    },
+    {TPM_CC_HashSequenceStart, "TPM2_HashSequenceStart",
+     (MarshalInFunction_t)TSS_HashSequenceStart_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_HashSequenceStart_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)HashSequenceStart_In_Unmarshal
+#endif
+    },
+    {TPM_CC_SequenceUpdate, "TPM2_SequenceUpdate",
+     (MarshalInFunction_t)TSS_SequenceUpdate_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)SequenceUpdate_In_Unmarshal
+#endif
+    },
+    {TPM_CC_SequenceComplete, "TPM2_SequenceComplete",
+     (MarshalInFunction_t)TSS_SequenceComplete_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_SequenceComplete_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)SequenceComplete_In_Unmarshal
+#endif
+    },
+    {TPM_CC_EventSequenceComplete, "TPM2_EventSequenceComplete",
+     (MarshalInFunction_t)TSS_EventSequenceComplete_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_EventSequenceComplete_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)EventSequenceComplete_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Certify, "TPM2_Certify",
+     (MarshalInFunction_t)TSS_Certify_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Certify_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Certify_In_Unmarshal
+#endif
+    },
+    {TPM_CC_CertifyX509, "TPM2_CertifyX509",
+     (MarshalInFunction_t)TSS_CertifyX509_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_CertifyX509_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)CertifyX509_In_Unmarshal
+#endif
+    },
+    {TPM_CC_CertifyCreation, "TPM2_CertifyCreation",
+     (MarshalInFunction_t)TSS_CertifyCreation_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_CertifyCreation_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)CertifyCreation_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Quote, "TPM2_Quote",
+     (MarshalInFunction_t)TSS_Quote_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Quote_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Quote_In_Unmarshal
+#endif
+    },
+    {TPM_CC_GetSessionAuditDigest, "TPM2_GetSessionAuditDigest",
+     (MarshalInFunction_t)TSS_GetSessionAuditDigest_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_GetSessionAuditDigest_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)GetSessionAuditDigest_In_Unmarshal
+#endif
+    },
+    {TPM_CC_GetCommandAuditDigest, "TPM2_GetCommandAuditDigest",
+     (MarshalInFunction_t)TSS_GetCommandAuditDigest_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_GetCommandAuditDigest_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)GetCommandAuditDigest_In_Unmarshal
+#endif
+    },
+    {TPM_CC_GetTime, "TPM2_GetTime",
+     (MarshalInFunction_t)TSS_GetTime_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_GetTime_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)GetTime_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Commit, "TPM2_Commit",
+     (MarshalInFunction_t)TSS_Commit_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Commit_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Commit_In_Unmarshal
+#endif
+    },
+    {TPM_CC_EC_Ephemeral, "TPM2_EC_Ephemeral",
+     (MarshalInFunction_t)TSS_EC_Ephemeral_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_EC_Ephemeral_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)EC_Ephemeral_In_Unmarshal
+#endif
+    },
+    {TPM_CC_VerifySignature, "TPM2_VerifySignature",
+     (MarshalInFunction_t)TSS_VerifySignature_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_VerifySignature_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)VerifySignature_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Sign, "TPM2_Sign",
+     (MarshalInFunction_t)TSS_Sign_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_Sign_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Sign_In_Unmarshal
+#endif
+    },
+    {TPM_CC_SetCommandCodeAuditStatus, "TPM2_SetCommandCodeAuditStatus",
+     (MarshalInFunction_t)TSS_SetCommandCodeAuditStatus_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)SetCommandCodeAuditStatus_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_Extend, "TPM2_PCR_Extend",
+     (MarshalInFunction_t)TSS_PCR_Extend_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_Extend_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_Event, "TPM2_PCR_Event",
+     (MarshalInFunction_t)TSS_PCR_Event_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PCR_Event_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_Event_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_Read, "TPM2_PCR_Read",
+     (MarshalInFunction_t)TSS_PCR_Read_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PCR_Read_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_Read_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_Allocate, "TPM2_PCR_Allocate",
+     (MarshalInFunction_t)TSS_PCR_Allocate_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PCR_Allocate_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_Allocate_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_SetAuthPolicy, "TPM2_PCR_SetAuthPolicy",
+     (MarshalInFunction_t)TSS_PCR_SetAuthPolicy_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_SetAuthPolicy_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_SetAuthValue, "TPM2_PCR_SetAuthValue",
+     (MarshalInFunction_t)TSS_PCR_SetAuthValue_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_SetAuthValue_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PCR_Reset, "TPM2_PCR_Reset",
+     (MarshalInFunction_t)TSS_PCR_Reset_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PCR_Reset_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicySigned, "TPM2_PolicySigned",
+     (MarshalInFunction_t)TSS_PolicySigned_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PolicySigned_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicySigned_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicySecret, "TPM2_PolicySecret",
+     (MarshalInFunction_t)TSS_PolicySecret_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PolicySecret_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicySecret_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyTicket, "TPM2_PolicyTicket",
+     (MarshalInFunction_t)TSS_PolicyTicket_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyTicket_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyOR, "TPM2_PolicyOR",
+     (MarshalInFunction_t)TSS_PolicyOR_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyOR_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyPCR, "TPM2_PolicyPCR",
+     (MarshalInFunction_t)TSS_PolicyPCR_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyPCR_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyLocality, "TPM2_PolicyLocality",
+     (MarshalInFunction_t)TSS_PolicyLocality_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyLocality_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyNV, "TPM2_PolicyNV",
+     (MarshalInFunction_t)TSS_PolicyNV_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyNV_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyAuthorizeNV, "TPM2_PolicyAuthorizeNV",
+     (MarshalInFunction_t)TSS_PolicyAuthorizeNV_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyAuthorizeNV_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyCounterTimer, "TPM2_PolicyCounterTimer",
+     (MarshalInFunction_t)TSS_PolicyCounterTimer_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyCounterTimer_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyCommandCode, "TPM2_PolicyCommandCode",
+     (MarshalInFunction_t)TSS_PolicyCommandCode_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyCommandCode_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyPhysicalPresence, "TPM2_PolicyPhysicalPresence",
+     (MarshalInFunction_t)TSS_PolicyPhysicalPresence_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyPhysicalPresence_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyCpHash, "TPM2_PolicyCpHash",
+     (MarshalInFunction_t)TSS_PolicyCpHash_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyCpHash_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyNameHash, "TPM2_PolicyNameHash",
+     (MarshalInFunction_t)TSS_PolicyNameHash_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyNameHash_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyDuplicationSelect, "TPM2_PolicyDuplicationSelect",
+     (MarshalInFunction_t)TSS_PolicyDuplicationSelect_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyDuplicationSelect_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyAuthorize, "TPM2_PolicyAuthorize",
+     (MarshalInFunction_t)TSS_PolicyAuthorize_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyAuthorize_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyAuthValue, "TPM2_PolicyAuthValue",
+     (MarshalInFunction_t)TSS_PolicyAuthValue_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyAuthValue_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyPassword, "TPM2_PolicyPassword",
+     (MarshalInFunction_t)TSS_PolicyPassword_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyPassword_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyGetDigest, "TPM2_PolicyGetDigest",
+     (MarshalInFunction_t)TSS_PolicyGetDigest_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_PolicyGetDigest_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyGetDigest_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyNvWritten, "TPM2_PolicyNvWritten",
+     (MarshalInFunction_t)TSS_PolicyNvWritten_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyNvWritten_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PolicyTemplate, "TPM2_PolicyTemplate",
+     (MarshalInFunction_t)TSS_PolicyTemplate_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PolicyTemplate_In_Unmarshal
+#endif
+    },
+    {TPM_CC_CreatePrimary, "TPM2_CreatePrimary",
+     (MarshalInFunction_t)TSS_CreatePrimary_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_CreatePrimary_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)CreatePrimary_In_Unmarshal
+#endif
+    },
+    {TPM_CC_HierarchyControl, "TPM2_HierarchyControl",
+     (MarshalInFunction_t)TSS_HierarchyControl_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)HierarchyControl_In_Unmarshal
+#endif
+    },
+    {TPM_CC_SetPrimaryPolicy, "TPM2_SetPrimaryPolicy",
+     (MarshalInFunction_t)TSS_SetPrimaryPolicy_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)SetPrimaryPolicy_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ChangePPS, "TPM2_ChangePPS",
+     (MarshalInFunction_t)TSS_ChangePPS_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ChangePPS_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ChangeEPS, "TPM2_ChangeEPS",
+     (MarshalInFunction_t)TSS_ChangeEPS_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ChangeEPS_In_Unmarshal
+#endif
+    },
+    {TPM_CC_Clear, "TPM2_Clear",
+     (MarshalInFunction_t)TSS_Clear_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)Clear_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ClearControl, "TPM2_ClearControl",
+     (MarshalInFunction_t)TSS_ClearControl_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ClearControl_In_Unmarshal
+#endif
+    },
+    {TPM_CC_HierarchyChangeAuth, "TPM2_HierarchyChangeAuth",
+     (MarshalInFunction_t)TSS_HierarchyChangeAuth_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)HierarchyChangeAuth_In_Unmarshal
+#endif
+    },
+    {TPM_CC_DictionaryAttackLockReset, "TPM2_DictionaryAttackLockReset",
+     (MarshalInFunction_t)TSS_DictionaryAttackLockReset_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)DictionaryAttackLockReset_In_Unmarshal
+#endif
+    },
+    {TPM_CC_DictionaryAttackParameters, "TPM2_DictionaryAttackParameters",
+     (MarshalInFunction_t)TSS_DictionaryAttackParameters_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)DictionaryAttackParameters_In_Unmarshal
+#endif
+    },
+    {TPM_CC_PP_Commands, "TPM2_PP_Commands",
+     (MarshalInFunction_t)TSS_PP_Commands_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)PP_Commands_In_Unmarshal
+#endif
+    },
+    {TPM_CC_SetAlgorithmSet, "TPM2_SetAlgorithmSet",
+     (MarshalInFunction_t)TSS_SetAlgorithmSet_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)SetAlgorithmSet_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ContextSave, "TPM2_ContextSave",
+     (MarshalInFunction_t)TSS_ContextSave_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ContextSave_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ContextSave_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ContextLoad, "TPM2_ContextLoad",
+     (MarshalInFunction_t)TSS_ContextLoad_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_ContextLoad_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ContextLoad_In_Unmarshal
+#endif
+    },
+    {TPM_CC_FlushContext, "TPM2_FlushContext",
+     (MarshalInFunction_t)TSS_FlushContext_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)FlushContext_In_Unmarshal
+#endif
+    },
+    {TPM_CC_EvictControl, "TPM2_EvictControl",
+     (MarshalInFunction_t)TSS_EvictControl_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)EvictControl_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ReadClock, "TPM2_ReadClock",
+     NULL,
+     (UnmarshalOutFunction_t)TSS_ReadClock_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,NULL
+#endif
+    },
+    {TPM_CC_ClockSet, "TPM2_ClockSet",
+     (MarshalInFunction_t)TSS_ClockSet_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ClockSet_In_Unmarshal
+#endif
+    },
+    {TPM_CC_ClockRateAdjust, "TPM2_ClockRateAdjust",
+     (MarshalInFunction_t)TSS_ClockRateAdjust_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)ClockRateAdjust_In_Unmarshal
+#endif
+    },
+    {TPM_CC_GetCapability, "TPM2_GetCapability",
+     (MarshalInFunction_t)TSS_GetCapability_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_GetCapability_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)GetCapability_In_Unmarshal
+#endif
+    },
+    {TPM_CC_TestParms, "TPM2_TestParms",
+     (MarshalInFunction_t)TSS_TestParms_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)TestParms_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_DefineSpace, "TPM2_NV_DefineSpace",
+     (MarshalInFunction_t)TSS_NV_DefineSpace_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_DefineSpace_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_UndefineSpace, "TPM2_NV_UndefineSpace",
+     (MarshalInFunction_t)TSS_NV_UndefineSpace_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_UndefineSpace_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_UndefineSpaceSpecial, "TPM2_NV_UndefineSpaceSpecial",
+     (MarshalInFunction_t)TSS_NV_UndefineSpaceSpecial_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_UndefineSpaceSpecial_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_ReadPublic, "TPM2_NV_ReadPublic",
+     (MarshalInFunction_t)TSS_NV_ReadPublic_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_NV_ReadPublic_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_ReadPublic_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_Write, "TPM2_NV_Write",
+     (MarshalInFunction_t)TSS_NV_Write_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_Write_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_Increment, "TPM2_NV_Increment",
+     (MarshalInFunction_t)TSS_NV_Increment_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_Increment_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_Extend, "TPM2_NV_Extend",
+     (MarshalInFunction_t)TSS_NV_Extend_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_Extend_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_SetBits, "TPM2_NV_SetBits",
+     (MarshalInFunction_t)TSS_NV_SetBits_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_SetBits_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_WriteLock, "TPM2_NV_WriteLock",
+     (MarshalInFunction_t)TSS_NV_WriteLock_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_WriteLock_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_GlobalWriteLock, "TPM2_NV_GlobalWriteLock",
+     (MarshalInFunction_t)TSS_NV_GlobalWriteLock_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_GlobalWriteLock_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_Read, "TPM2_NV_Read",
+     (MarshalInFunction_t)TSS_NV_Read_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_NV_Read_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_Read_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_ReadLock, "TPM2_NV_ReadLock",
+     (MarshalInFunction_t)TSS_NV_ReadLock_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_ReadLock_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_ChangeAuth, "TPM2_NV_ChangeAuth",
+     (MarshalInFunction_t)TSS_NV_ChangeAuth_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_ChangeAuth_In_Unmarshal
+#endif
+    },
+    {TPM_CC_NV_Certify, "TPM2_NV_Certify",
+     (MarshalInFunction_t)TSS_NV_Certify_In_Marshalu,
+     (UnmarshalOutFunction_t)TSS_NV_Certify_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)NV_Certify_In_Unmarshal
+#endif
+    },
+#ifdef TPM_TSS_NUVOTON
+    {NTC2_CC_PreConfig,"NTC2_CC_PreConfig",
+     (MarshalInFunction_t)TSS_NTC2_PreConfig_In_Marshalu,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,(UnmarshalInFunction_t)TSS_NTC2_PreConfig_In_Unmarshalu
+#endif
+    },
+    {NTC2_CC_LockPreConfig,"NTC2_CC_LockPreConfig",
+     NULL,
+     NULL
+#ifndef TPM_TSS_NOCMDCHECK
+     ,NULL
+#endif
+    },
+    {NTC2_CC_GetConfig,"NTC2_CC_GetConfig",
+     NULL,
+     (UnmarshalOutFunction_t)TSS_NTC2_GetConfig_Out_Unmarshalu
+#ifndef TPM_TSS_NOCMDCHECK
+     ,NULL
+#endif
+    },
+     
+#endif	/* TPM_TSS_NUVOTON */
+};
+
+/* TSS_MarshalTable_Process() indexes into the command marshal table, and saves the marshal and
+   unmarshal functions */
+
+static TPM_RC TSS_MarshalTable_Process(TSS_AUTH_CONTEXT *tssAuthContext,
+				       TPM_CC commandCode)
+{
+    TPM_RC rc = 0;
+    size_t index;
+    int found = FALSE;
+
+    /* get the command index in the dispatch table */
+    for (index = 0 ; index < (sizeof(marshalTable) / sizeof(MARSHAL_TABLE)) ; (index)++) {
+	if (marshalTable[index].commandCode == commandCode) {
+	    found = TRUE;
+	    break;
+	}
+    }
+    if (found) {
+	tssAuthContext->commandCode = commandCode;
+	tssAuthContext->commandText = marshalTable[index].commandText;
+	tssAuthContext->marshalInFunction = marshalTable[index].marshalInFunction;
+	tssAuthContext->unmarshalOutFunction = marshalTable[index].unmarshalOutFunction;
+#ifndef TPM_TSS_NOCMDCHECK
+	tssAuthContext->unmarshalInFunction = marshalTable[index].unmarshalInFunction;
+#endif
+    }
+    else {
+	if (tssVerbose) printf("TSS_MarshalTable_Process: "
+			       "commandCode %08x not found in marshal table\n",
+			       commandCode);
+	rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+    }
+    return rc;
+}
+
+/* TSS_Marshal() marshals the input parameters into the TSS Authorization context.
+
+   It also sets other member of the context in preparation for the rest of the sequence.  
+*/
+
+TPM_RC TSS_Marshal(TSS_AUTH_CONTEXT *tssAuthContext,
+		   COMMAND_PARAMETERS *in,
+		   TPM_CC commandCode)
+{
+    TPM_RC 		rc = 0;
+    TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;	/* default until sessions are added */
+    uint8_t 		*buffer;			/* for marshaling */
+    uint8_t 		*bufferu;			/* for test unmarshaling */
+    uint32_t 		size;
+    
+    /* index from command code to table and save items for this command */
+    if (rc == 0) {
+	rc = TSS_MarshalTable_Process(tssAuthContext, commandCode);
+    }
+    /* get the number of command and response handles from the TPM table */
+    if (rc == 0) {
+	tssAuthContext->tpmCommandIndex = CommandCodeToCommandIndex(commandCode);
+	if (tssAuthContext->tpmCommandIndex == UNIMPLEMENTED_COMMAND_INDEX) {
+	    if (tssVerbose) printf("TSS_Marshal: "
+				   "commandCode %08x not found in command attributes table\n",
+				   commandCode);
+	    rc = TSS_RC_COMMAND_UNIMPLEMENTED;
+	}
+    }
+    if (rc == 0) {
+	tssAuthContext->commandHandleCount =
+	    getCommandHandleCount(tssAuthContext->tpmCommandIndex);
+	tssAuthContext->responseHandleCount =
+	    getresponseHandleCount(tssAuthContext->tpmCommandIndex);
+    }
+    if (rc == 0) {
+	/* make a copy of the command buffer and size since the marshal functions move them */
+	buffer = tssAuthContext->commandBuffer;
+	size = sizeof(tssAuthContext->commandBuffer);
+	/* marshal header, preliminary tag and command size */
+	rc = TSS_TPMI_ST_COMMAND_TAG_Marshalu(&tag, &tssAuthContext->commandSize, &buffer, &size);
+    }
+    if (rc == 0) {
+	uint32_t commandSize = tssAuthContext->commandSize;
+	rc = TSS_UINT32_Marshalu(&commandSize, &tssAuthContext->commandSize, &buffer, &size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_CC_Marshalu(&commandCode, &tssAuthContext->commandSize, &buffer, &size);
+    }    
+    if (rc == 0) {
+	/* save pointer to marshaled data for test unmarshal */
+	bufferu = buffer +
+		  tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE);
+	/* if there is a marshal function */
+	if (tssAuthContext->marshalInFunction != NULL) {
+	    /* if there is a structure to marshal */
+	    if (in != NULL) {
+		rc = tssAuthContext->marshalInFunction(in, &tssAuthContext->commandSize,
+						       &buffer, &size);
+	    }
+	    /* caller error, no structure supplied to marshal */
+	    else {
+		if (tssVerbose)
+		    printf("TSS_Marshal: Command %08x requires command parameter structure\n",
+			   commandCode);
+		rc = TSS_RC_IN_PARAMETER;	
+	    }
+	}
+	/* if there is no marshal function */
+	else {
+	    /* caller error, supplied structure but there is no marshal function */
+	    if (in != NULL) {
+		if (tssVerbose)
+		    printf("TSS_Marshal: Command %08x does not take command parameter structure\n",
+			   commandCode);
+		rc = TSS_RC_IN_PARAMETER;	
+	    }
+	    /* no marshal function and no command parameter structure is OK */
+	}
+    }
+#ifndef TPM_TSS_NOCMDCHECK
+    /* unmarshal to validate the input parameters */
+    if ((rc == 0) && (tssAuthContext->unmarshalInFunction != NULL)) {
+	COMMAND_PARAMETERS *target = NULL;
+	TPM_HANDLE 	handles[MAX_HANDLE_NUM];
+	if (rc == 0) {
+	    rc = TSS_Malloc((unsigned char **)&target,
+			    sizeof(COMMAND_PARAMETERS));	/* freed @1 */
+	}
+	if (rc == 0) {
+	    size = sizeof(tssAuthContext->commandBuffer) -
+		   (tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE));
+	    rc = tssAuthContext->unmarshalInFunction(target, &bufferu, &size, handles);
+	    if ((rc != 0) && tssVerbose) {
+		printf("TSS_Marshal: Invalid command parameter\n");
+	    }
+	}
+	free(target);		/* @1 */
+    }
+#endif
+    /* back fill the correct commandSize */
+    if (rc == 0) {
+	uint16_t written = 0;		/* dummy */
+	uint32_t commandSize = tssAuthContext->commandSize;
+	buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG);
+	TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL);
+    }
+    /* record the interim cpBuffer and cpBufferSize before adding authorizations */
+    if (rc == 0) {
+	uint32_t notCpBufferSize;
+	
+	/* cpBuffer does not include the header and handles */
+	notCpBufferSize = sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) +
+			  (sizeof(TPM_HANDLE) * tssAuthContext->commandHandleCount);
+
+	tssAuthContext->cpBuffer = tssAuthContext->commandBuffer + notCpBufferSize;
+	tssAuthContext->cpBufferSize = tssAuthContext->commandSize - notCpBufferSize;
+    }
+    return rc;
+}
+
+/* TSS_Unmarshal() unmarshals the response parameter.
+
+   It returns an error if either there is no unmarshal function and out is not NULL or if there is
+   an unmarshal function and out is not NULL.
+
+   If there is no unmarshal function and out is NULL, the function is a noop.
+*/
+
+TPM_RC TSS_Unmarshal(TSS_AUTH_CONTEXT *tssAuthContext,
+		     RESPONSE_PARAMETERS *out)
+{
+    TPM_RC 	rc = 0;
+    TPM_ST 	tag;
+    uint8_t 	*buffer;    
+    uint32_t 	size;
+
+    /* if there is an unmarshal function */
+    if (tssAuthContext->unmarshalOutFunction != NULL) {
+	/* if there is a structure to unmarshal */
+	if (out != NULL) {
+	    if (rc == 0) {
+		/* get the response tag, determines whether there is a response parameterSize to
+		   unmarshal */
+		buffer = tssAuthContext->responseBuffer;
+		size = tssAuthContext->responseSize;
+		rc = TSS_TPM_ST_Unmarshalu(&tag, &buffer, &size);
+	    }
+	    if (rc == 0) {
+		/* move the buffer and size past the header */
+		buffer = tssAuthContext->responseBuffer +
+			 sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(TPM_RC);
+		size = tssAuthContext->responseSize -
+		       (sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(TPM_RC));
+		rc = tssAuthContext->unmarshalOutFunction(out, tag, &buffer, &size);
+	    }
+	}
+	/* caller error, no structure supplied to unmarshal */
+	else {
+	    if (tssVerbose)
+		printf("TSS_Unmarshal: Command %08x requires response parameter structure\n",
+		       tssAuthContext->commandCode);
+	    rc = TSS_RC_OUT_PARAMETER;
+	}
+    }
+    /* if there is no unmarshal function */
+    else {
+	/* caller error, structure supplied but no unmarshal function */
+	if (out != NULL) {
+	    if (tssVerbose)
+		printf("TSS_Unmarshal: Command %08x does not take response parameter structure\n",
+		       tssAuthContext->commandCode);
+	    rc = TSS_RC_OUT_PARAMETER;
+	}
+	/* no unmarshal function and no response parameter structure is OK */
+    }
+    return rc;
+}
+
+/* TSS_SetCmdAuths() adds a list of TPMS_AUTH_COMMAND structures to the command buffer.
+
+   The arguments are a NULL terminated list of TPMS_AUTH_COMMAND * structures.
+ */
+
+TPM_RC TSS_SetCmdAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...)
+{
+    TPM_RC 		rc = 0;
+    va_list		ap;
+    uint16_t 		authorizationSize;	/* does not include 4 bytes of size */   
+    TPMS_AUTH_COMMAND 	*authCommand = NULL;
+    int 		done;
+    uint32_t 		cpBufferSize;
+    uint8_t 		*cpBuffer;
+    uint8_t 		*buffer;
+
+    /* calculate size of authorization area */
+    done = FALSE;
+    authorizationSize = 0;
+    va_start(ap, tssAuthContext);
+    while ((rc == 0) && !done){
+	authCommand = va_arg(ap, TPMS_AUTH_COMMAND *);
+	if (authCommand != NULL) {
+	    rc = TSS_TPMS_AUTH_COMMAND_Marshalu(authCommand, &authorizationSize, NULL, NULL);
+	}
+	else {
+	    done = TRUE;
+	}
+    }
+    va_end(ap);
+    /* command called with authorizations */
+    if (authorizationSize != 0) {
+	/* back fill the tag TPM_ST_SESSIONS */
+	if (rc == 0) {
+	    uint16_t written = 0;		/* dummy */
+	    TPMI_ST_COMMAND_TAG tag = TPM_ST_SESSIONS;
+	    buffer = tssAuthContext->commandBuffer;
+	    TSS_TPMI_ST_COMMAND_TAG_Marshalu(&tag, &written, &buffer, NULL);
+	}
+	/* get cpBuffer, command parameters */
+	if (rc == 0) {
+	    rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer);
+	}
+	/* new authorization area range check, will cpBuffer move overflow */
+	if (rc == 0) {
+	    if (cpBuffer +
+		cpBufferSize +
+		sizeof (uint32_t) +		/* authorizationSize */
+		authorizationSize		/* authorization area */
+		> tssAuthContext->commandBuffer + sizeof(tssAuthContext->commandBuffer)) {
+	
+		if (tssVerbose)
+		    printf("TSS_SetCmdAuths: Command authorizations overflow command buffer\n");
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	/* move the cpBuffer to make space for the authorization area and its size */
+	if (rc == 0) {
+	    memmove(cpBuffer + sizeof (uint32_t) + authorizationSize,	/* to here */
+		    cpBuffer,						/* from here */
+		    cpBufferSize);
+	}
+	/* marshal the authorizationSize area, where cpBuffer was before move */
+	if (rc == 0) {
+	    uint32_t authorizationSize32 = authorizationSize;
+	    uint16_t written = 0;		/* dummy */
+	    TSS_UINT32_Marshalu(&authorizationSize32, &written, &cpBuffer, NULL);
+	}
+	/* marshal the command authorization areas */
+	done = FALSE;
+	authorizationSize = 0;
+	va_start(ap, tssAuthContext);
+	while ((rc == 0) && !done){
+	    authCommand = va_arg(ap, TPMS_AUTH_COMMAND *);
+	    if (authCommand != NULL) {
+		rc = TSS_TPMS_AUTH_COMMAND_Marshalu(authCommand, &authorizationSize, &cpBuffer, NULL);
+		tssAuthContext->authCount++; /* count the number of authorizations for the
+						response */
+	    }
+	    else {
+		done = TRUE;
+	    }
+	}
+	va_end(ap);
+	if (rc == 0) {
+	    uint16_t written = 0;		/* dummy */
+	    uint32_t commandSize;
+	    /* mark cpBuffer new location, size doesn't change */
+	    tssAuthContext->cpBuffer += sizeof (uint32_t) + authorizationSize;
+	    /* record command stream used size */
+	    tssAuthContext->commandSize += sizeof (uint32_t) + authorizationSize;
+	    /* back fill the correct commandSize */
+	    buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG);
+	    commandSize = tssAuthContext->commandSize;
+	    TSS_UINT32_Marshalu(&commandSize, &written, &buffer, NULL);
+	}
+    }
+    return rc;
+}
+
+/* TSS_GetRspAuths() unmarshals a response buffer into a NULL terminated list of TPMS_AUTH_RESPONSE
+   structures.  This should not be called if the TPM returned a non-success response code.
+
+   Returns an error if the number of response auths requested is not equal to the number of command
+   auths, including zero.
+
+   If the response tag is not TPM_ST_SESSIONS, the function is a noop (except for error checking).
+ */
+
+TPM_RC TSS_GetRspAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...)
+{
+    TPM_RC 	rc = 0;
+    va_list	ap;
+    TPMS_AUTH_RESPONSE 	*authResponse = NULL;
+    uint32_t 	size;
+    uint8_t 	*buffer;
+    TPM_ST 	tag;
+    int 	done;
+    uint16_t	authCount = 0;		/* authorizations in response */
+    uint32_t 	parameterSize;
+    
+    /* unmarshal the response tag */
+    if (rc == 0) {
+	size = tssAuthContext->responseSize;
+  	buffer = tssAuthContext->responseBuffer;
+	rc = TSS_TPM_ST_Unmarshalu(&tag, &buffer, &size);
+    }
+    /* check that the tag indicates that there are sessions */
+    if ((rc == 0) && (tag == TPM_ST_SESSIONS)) {
+	/* offset the buffer past the header and handles, and get the response parameterSize */
+	if (rc == 0) {
+	    uint32_t offsetSize = sizeof(TPM_ST) +  + sizeof (uint32_t) + sizeof(TPM_RC) +
+				  (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount);
+	    buffer = tssAuthContext->responseBuffer + offsetSize;
+	    size = tssAuthContext->responseSize - offsetSize;
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, &buffer, &size);
+	}
+	if (rc == 0) {
+	    if (parameterSize > (uint32_t)size) {
+		if (tssVerbose)	printf("TSS_GetRspAuths: Invalid response parameterSize %u\n",
+				       parameterSize);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	}
+	if (rc == 0) {
+	    /* index past the response parameters to the authorization area */
+	    buffer += parameterSize;
+	    size -= parameterSize;
+	}
+	/* unmarshal the response authorization area */
+	done = FALSE;
+	va_start(ap, tssAuthContext);
+	while ((rc == 0) && !done){
+	    authResponse = va_arg(ap, TPMS_AUTH_RESPONSE *);
+	    if (authResponse != NULL) {
+		rc = TSS_TPMS_AUTH_RESPONSE_Unmarshalu(authResponse, &buffer, &size);
+		authCount++;
+	    }
+	    else {
+		done = TRUE;
+	    }
+	}
+	va_end(ap);
+	/* check for extra bytes at the end of the response */
+	if (rc == 0) {
+	    if (size != 0) {
+		if (tssVerbose)
+		    printf("TSS_GetRspAuths: Extra bytes at the end of response authorizations\n");
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	}
+    }
+    /* check that the same number was requested as were sent in the command.  Check for zero if not
+       TPM_ST_SESSIONS */
+    if (rc == 0) {
+	if (tssAuthContext->authCount != authCount) {
+	    if (tssVerbose)
+		printf("TSS_GetRspAuths: "
+		       "Response authorizations requested does not equal number in command\n");
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    return rc;
+}
+
+/* TSS_GetCommandDecryptParam() returns the size and pointer to the first marshaled TPM2B */
+
+TPM_RC TSS_GetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				  uint32_t *decryptParamSize,
+				  uint8_t **decryptParamBuffer)
+{
+    TPM_RC 	rc = 0;
+    /* the first parameter is the TPM2B */
+    uint32_t cpBufferSize;
+    uint8_t *cpBuffer;
+
+    if (rc == 0) {
+	rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer);
+    }
+    /* extract contents of the first TPM2B */
+    if (rc == 0) {
+	*decryptParamSize = ntohs(*(uint16_t *)cpBuffer);
+	*decryptParamBuffer = cpBuffer + sizeof(uint16_t);
+    }
+    /* sanity range check */
+    if (rc == 0) {
+	if (((*decryptParamBuffer + *decryptParamSize) >
+	     (tssAuthContext->commandBuffer + tssAuthContext->commandSize)) ||
+	    ((*decryptParamSize + sizeof(uint16_t) > tssAuthContext->cpBufferSize))) {
+	    if (tssVerbose) printf("TSS_GetCommandDecryptParam: Malformed decrypt parameter "
+				   "size %u cpBufferSize %u commandSize %u\n",
+				   *decryptParamSize, tssAuthContext->cpBufferSize,
+				   tssAuthContext->commandSize);
+	    rc = TSS_RC_BAD_ENCRYPT_SIZE;
+	}
+    }
+    return rc;
+}
+
+TPM_RC TSS_SetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				  uint32_t encryptParamSize,
+				  uint8_t *encryptParamBuffer)
+{
+    TPM_RC 	rc = 0;
+    /* the first parameter is the TPM2B */
+    uint32_t decryptParamSize;
+    uint8_t *decryptParamBuffer;
+
+    if (rc == 0) {
+	rc = TSS_GetCommandDecryptParam(tssAuthContext,
+					&decryptParamSize,
+					&decryptParamBuffer);
+    }
+    /* the encrypt data overwrites the already marshaled data */
+    if (rc == 0) {
+	if (decryptParamSize != encryptParamSize) {
+	    if (tssVerbose)
+		printf("TSS_SetCommandDecryptParam: Different encrypt and decrypt size\n");
+	    rc = TSS_RC_BAD_ENCRYPT_SIZE;
+	}
+    }
+    /* skip the 2B size, copy the data */
+    if (rc == 0) {
+	memcpy(decryptParamBuffer, encryptParamBuffer, encryptParamSize);
+    }
+    return rc;
+}
+
+/* TSS_GetAuthRole() returns AUTH_NONE if the handle in the handle area cannot be an authorization
+   handle. */
+
+AUTH_ROLE TSS_GetAuthRole(TSS_AUTH_CONTEXT *tssAuthContext,
+			  size_t handleIndex)
+{
+    AUTH_ROLE authRole;
+    authRole = getCommandAuthRole(tssAuthContext->tpmCommandIndex, handleIndex);
+    return authRole;
+}
+
+/* TSS_GetCommandHandle() gets the command handle at the index.  Index is a zero based count, not a
+   byte count.
+
+   Returns 0 if the index exceeds the number of handles.
+*/
+
+TPM_RC TSS_GetCommandHandle(TSS_AUTH_CONTEXT *tssAuthContext,
+			    TPM_HANDLE *commandHandle,
+			    size_t index)
+{
+    TPM_RC 	rc = 0;
+    uint8_t 	*buffer;
+    uint32_t 	size;
+   
+    
+    if (rc == 0) {
+	if (index >= tssAuthContext->commandHandleCount) {
+	    if (tssVerbose) printf("TSS_GetCommandHandle: index %u too large for command\n",
+				   (unsigned int)index);
+	    rc = TSS_RC_BAD_HANDLE_NUMBER;
+	}
+    }
+    if (rc == 0) {
+	/* index into the command handle */
+	buffer = tssAuthContext->commandBuffer +
+		 sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) +
+		 (sizeof(TPM_HANDLE) * index);
+	size = sizeof(TPM_HANDLE);
+	rc = TSS_TPM_HANDLE_Unmarshalu(commandHandle, &buffer, &size);
+    }
+    return rc;
+}
+    
+/* TSS_GetRpBuffer() returns a pointer to the response parameter area.
+
+   NOTE could move to execute so it only has to be done once.
+*/
+
+TPM_RC TSS_GetRpBuffer(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint32_t *rpBufferSize,
+		       uint8_t **rpBuffer)
+{
+    TPM_RC 	rc = 0;
+    TPM_ST 	tag;			/* response tag */
+    uint32_t 	offsetSize;		/* to beginning of parameter area, to parameterSize */
+    uint32_t 	size;			/* tmp for unmarshal */
+    uint8_t 	*buffer;		/* tmp for unmarshal */
+    uint32_t 	parameterSize;		/* response parameter (if sessions) */
+     
+    /* unmarshal the response tag */
+    if (rc == 0) {
+	/* offset to parameterSize or parameters */
+	offsetSize = sizeof(TPM_ST) + sizeof (uint32_t) + sizeof(TPM_RC) +
+		     (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount);
+
+	size = tssAuthContext->responseSize;
+  	buffer = tssAuthContext->responseBuffer;
+	rc = TSS_TPM_ST_Unmarshalu(&tag, &buffer, &size);	/* does value checking */
+    }
+    /* no sessions -> no parameterSize */
+    if (tag == TPM_ST_NO_SESSIONS) {
+	if (rc == 0) {
+	    if (offsetSize > tssAuthContext->responseSize) {
+		if (tssVerbose)
+		    printf("TSS_GetRpBuffer: offset %u past response buffer %u\n",
+			   offsetSize, tssAuthContext->responseSize);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	}
+	if (rc == 0) {			/* subtract now safe from above range check */
+	    *rpBufferSize = tssAuthContext->responseSize - offsetSize;
+	    *rpBuffer = tssAuthContext->responseBuffer + offsetSize;
+	}
+    }
+    /* sessions -> parameterSize */
+    else {
+	/* validate that there are enough response bytes for uint32_t parameterSize */
+	if (rc == 0) {
+	    if ((offsetSize + sizeof(uint32_t)) > tssAuthContext->responseSize) {
+		if (tssVerbose)
+		    printf("TSS_GetRpBuffer: offset %u past response buffer %u\n",
+			   offsetSize, tssAuthContext->responseSize);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	}
+	/* unmarshal the parameterSize */
+	if (rc == 0) {
+	    size = tssAuthContext->responseSize - offsetSize;
+	    buffer = tssAuthContext->responseBuffer + offsetSize;
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, &buffer, &size);
+	    offsetSize += sizeof(uint32_t);	/* move offset past parameterSize, to rpBuffer */
+	}
+	/* range check parameterSize */
+	/* first, check that addition willl not overflow */
+	if (rc == 0) {
+	    if (parameterSize > (0xffffffff - offsetSize)) {
+		if (tssVerbose) printf("TSS_GetRpBuffer: parameterSize %u too large\n",
+				       parameterSize);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	}
+	/* second, range check parameterSize vs. entire response buffer */
+	if (rc == 0) {
+	    if ((offsetSize + parameterSize) > tssAuthContext->responseSize) {
+		if (tssVerbose)
+		    printf("TSS_GetRpBuffer: parameterSize %u past response buffer %u\n",
+			   parameterSize, tssAuthContext->responseSize);
+		rc = TSS_RC_MALFORMED_RESPONSE;
+	    }
+	}
+	/* assignment safe after above checks */
+	if (rc == 0) {
+	    *rpBufferSize = parameterSize;	/* by definition when there are auth sessions */
+	    *rpBuffer = tssAuthContext->responseBuffer + offsetSize;
+	}
+    }
+    return rc;
+}
+
+/* TSS_GetResponseEncryptParam() returns the first TPM2B in the response area.
+
+   The caller should ensure that the first response parameter is a TPM2B.
+*/
+
+TPM_RC TSS_GetResponseEncryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				   uint32_t *encryptParamSize,
+				   uint8_t **encryptParamBuffer)
+{
+    TPM_RC 	rc = 0;
+    /* the first parameter is the TPM2B */
+    uint32_t rpBufferSize;
+    uint8_t *rpBuffer;
+
+    if (rc == 0) {
+	rc = TSS_GetRpBuffer(tssAuthContext, &rpBufferSize, &rpBuffer);
+    }
+    /* extract contents of the first TPM2B */
+    if (rc == 0) {
+	*encryptParamSize = ntohs(*(uint16_t *)rpBuffer);
+	*encryptParamBuffer = rpBuffer + sizeof(uint16_t);
+    }
+    /* sanity range check */
+    if (rc == 0) {
+	if (((*encryptParamBuffer + *encryptParamSize) >
+	     (tssAuthContext->responseBuffer + tssAuthContext->responseSize)) ||
+	    ((*encryptParamSize + sizeof(uint16_t) > rpBufferSize))) {
+	    if (tssVerbose) printf("TSS_GetResponseEncryptParam: Malformed encrypt parameter "
+				   "size %u rpBufferSize %u responseSize %u\n",
+				   *encryptParamSize, rpBufferSize,
+				   tssAuthContext->responseSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    return rc;
+}
+
+/* TSS_SetResponseDecryptParam() copies the decryptParamBuffer into the first TPM2B in the response
+   area.
+
+   The caller should ensure that the first response parameter is a TPM2B.
+*/
+
+TPM_RC TSS_SetResponseDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				   uint32_t decryptParamSize,
+				   uint8_t *decryptParamBuffer)
+{
+    TPM_RC 	rc = 0;
+    /* the first parameter is the TPM2B */
+    uint32_t encryptParamSize;
+    uint8_t *encryptParamBuffer;
+
+    if (rc == 0) {
+	rc = TSS_GetResponseEncryptParam(tssAuthContext,
+					 &encryptParamSize,
+					 &encryptParamBuffer);
+    }
+    /* the decrypt data overwrites the already marshaled data */
+    if (rc == 0) {
+	if (decryptParamSize != encryptParamSize) {
+	    if (tssVerbose)
+		printf("TSS_SetCommandDecryptParam: Different encrypt and decrypt size\n");
+	    rc = TSS_RC_BAD_ENCRYPT_SIZE;
+	}
+    }
+    /* skip the 2B size, copy the data */
+    if (rc == 0) {
+	memcpy(encryptParamBuffer, decryptParamBuffer, decryptParamSize);
+    }
+    return rc;
+}
+
diff --git a/utils/tssauth20.h b/utils/tssauth20.h
new file mode 100644
index 000000000..52b840376
--- /dev/null
+++ b/utils/tssauth20.h
@@ -0,0 +1,86 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Authorization 					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*            $Id: tssauth20.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is not a public header.  It should not be used by applications. */
+
+#ifndef TSS_AUTH20_H
+#define TSS_AUTH20_H
+
+#include <ibmtss/tss.h>
+#include "tssccattributes.h"
+
+TPM_RC TSS_Marshal(TSS_AUTH_CONTEXT *tssAuthContext,
+		   COMMAND_PARAMETERS *in,
+		   TPM_CC commandCode);
+
+TPM_RC TSS_Unmarshal(TSS_AUTH_CONTEXT *tssAuthContext,
+		     RESPONSE_PARAMETERS *out);
+
+TPM_RC TSS_SetCmdAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...);
+
+TPM_RC TSS_GetRspAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...);
+
+TPM_RC TSS_GetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				  uint32_t *decryptParamSize,
+				  uint8_t **decryptParamBuffer);
+
+TPM_RC TSS_SetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				  uint32_t encryptParamSize,
+				  uint8_t *encryptParamBuffer);
+
+AUTH_ROLE TSS_GetAuthRole(TSS_AUTH_CONTEXT *tssAuthContext,
+			  size_t handleIndex);
+
+TPM_RC TSS_GetCommandHandle(TSS_AUTH_CONTEXT *tssAuthContext,
+			    TPM_HANDLE *commandHandle,
+			    size_t index);
+
+TPM_RC TSS_GetRpBuffer(TSS_AUTH_CONTEXT *tssAuthContext,
+		       uint32_t *rpBufferSize,
+		       uint8_t **rpBuffer);
+
+TPM_RC TSS_GetResponseEncryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				   uint32_t *encryptParamSize,
+				   uint8_t **encryptParamBuffer);
+
+TPM_RC TSS_SetResponseDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext,
+				   uint32_t decryptParamSize,
+				   uint8_t *decryptParamBuffer);
+
+#endif
diff --git a/utils/tssccattributes.c b/utils/tssccattributes.c
new file mode 100644
index 000000000..1f4f656db
--- /dev/null
+++ b/utils/tssccattributes.c
@@ -0,0 +1,150 @@
+/********************************************************************************/
+/*										*/
+/*			     Command Code Attributes				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* NOTE: This is a replica of CommandAttributeData.c, but endian independent.  It must be kept in
+   sync with the TPM reference implementation.
+   
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "tssccattributes.h"
+
+/* CommandCodeToCommandIndex() returns the index into the s_ccAttr table for the commandCode.
+   Returns UNIMPLEMENTED_COMMAND_INDEX if the command is unimplemented.
+*/
+
+/* NOTE: Marked as const function in header declaration */
+
+COMMAND_INDEX CommandCodeToCommandIndex(TPM_CC commandCode)
+{
+    COMMAND_INDEX i;
+
+    /* s_ccAttr has terminating 0x0000 command code and V */
+    for (i = 0 ; (s_ccAttr[i].commandCode != 0) || (s_ccAttr[i].V != 0) ; i++) {
+	if (s_ccAttr[i].commandCode == commandCode) {
+	    return i;
+	}
+    }
+    return UNIMPLEMENTED_COMMAND_INDEX;
+}
+
+/* getCommandHandleCount() returns the number of command parameter handles */
+
+/* NOTE: Marked as const function in header declaration */
+
+uint32_t getCommandHandleCount(COMMAND_INDEX index)
+{
+    return s_ccAttr[index].cHandles;
+}
+
+/* getresponseHandleCount() returns the number of command parameter handles */
+
+/* NOTE: Marked as const function in header declaration */
+
+uint32_t getresponseHandleCount(COMMAND_INDEX index)
+{
+    return s_ccAttr[index].rHandle;
+}
+
+/* getDecryptSize() returns 0 if the command does not support command parameter encryption, 2 if the
+   command does support command parameter encryption and the size is a uint16_t.  There is an unused
+   provision for a 4 for a uint32_t size. */
+
+/* NOTE: Marked as const function in header declaration */
+
+int getDecryptSize(COMMAND_INDEX    commandIndex)
+{
+    COMMAND_ATTRIBUTES      ca = s_commandAttributes[commandIndex];
+    
+    if(ca & DECRYPT_2)
+	return 2;
+    if(ca & DECRYPT_4)
+	return 4;
+    return 0;
+}
+
+/* getEecryptSize() returns 0 if the response does not support response parameter encryption, 2 if
+   the command does support response parameter encryption and the size is a uint16_t.  There is an
+   unused provision for a 4 for a uint32_t size. */
+
+/* NOTE: Marked as const function in header declaration */
+
+int getEncryptSize(COMMAND_INDEX    commandIndex)
+{
+    COMMAND_ATTRIBUTES  ca = s_commandAttributes[commandIndex];
+    if(ca & ENCRYPT_2)
+	return 2;
+    if(ca & ENCRYPT_4)
+	return 4;
+    return 0;
+}
+
+/* getCommandAuthRole() returns the authorization role for the handle: user, admin, or dup.
+
+ */
+
+/* NOTE: Marked as const function in header declaration */
+
+AUTH_ROLE getCommandAuthRole(
+			     COMMAND_INDEX    	commandIndex,  // IN: command index
+			     size_t		handleIndex    // IN: handle index (zero based)
+			     )
+{
+    if(0 == handleIndex )
+	{
+	    // Any auth role set?
+	    COMMAND_ATTRIBUTES  properties = s_commandAttributes[commandIndex];
+	    
+	    if(properties & HANDLE_1_USER)
+		return AUTH_USER;
+	    if(properties & HANDLE_1_ADMIN)
+		return AUTH_ADMIN;
+	    if(properties & HANDLE_1_DUP)
+		return AUTH_DUP;
+	}
+    else if (1 == handleIndex)
+	{
+	    if(s_commandAttributes[commandIndex] & HANDLE_2_USER)
+		return AUTH_USER;
+	}
+    return AUTH_NONE;
+}
diff --git a/utils/tssccattributes.h b/utils/tssccattributes.h
new file mode 100644
index 000000000..d975b914d
--- /dev/null
+++ b/utils/tssccattributes.h
@@ -0,0 +1,90 @@
+/********************************************************************************/
+/*										*/
+/*			     Command Code Attributes				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSSCCATTRIBUTES_H
+#define TSSCCATTRIBUTES_H
+
+#include <stdio.h>
+
+#include <ibmtss/TPM_Types.h>
+#include "CommandAttributes.h"
+
+typedef uint16_t COMMAND_INDEX;
+
+/* From Global.h */
+typedef UINT32          AUTH_ROLE;
+#define AUTH_NONE       ((AUTH_ROLE)(0))
+#define AUTH_USER       ((AUTH_ROLE)(1))
+#define AUTH_ADMIN      ((AUTH_ROLE)(2))
+#define AUTH_DUP        ((AUTH_ROLE)(3))
+
+#define UNIMPLEMENTED_COMMAND_INDEX     ((COMMAND_INDEX)(~0))
+
+COMMAND_INDEX CommandCodeToCommandIndex(TPM_CC commandCode)
+#ifdef __ULTRAVISOR__
+__attribute__ ((const))
+#endif
+    ;
+uint32_t getCommandHandleCount(COMMAND_INDEX index)
+#ifdef __ULTRAVISOR__
+    __attribute__ ((const))
+#endif
+    ;
+uint32_t getresponseHandleCount(COMMAND_INDEX index)
+#ifdef __ULTRAVISOR__
+    __attribute__ ((const))
+#endif
+    ;
+int getDecryptSize(COMMAND_INDEX    commandIndex)
+#ifdef __ULTRAVISOR__
+    __attribute__ ((const))
+#endif
+    ;
+int getEncryptSize(COMMAND_INDEX    commandIndex)
+#ifdef __ULTRAVISOR__
+    __attribute__ ((const))
+#endif
+    ;
+AUTH_ROLE getCommandAuthRole(COMMAND_INDEX    	commandIndex,
+			     size_t		handleIndex)
+#ifdef __ULTRAVISOR__
+    __attribute__ ((const))
+#endif
+    ;
+
+#endif
diff --git a/utils/tssccattributes12.c b/utils/tssccattributes12.c
new file mode 100644
index 000000000..0ae8a876a
--- /dev/null
+++ b/utils/tssccattributes12.c
@@ -0,0 +1,74 @@
+/********************************************************************************/
+/*										*/
+/*			     Command Code Attributes				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssccattributes12.c 1164 2018-04-17 19:53:29Z kgoldman $	*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* NOTE: This is a replica of CommandAttributeData.c, but endian independent.  It must be kept in
+   sync with the TPM reference implementation.
+   
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "tssccattributes12.h"
+
+COMMAND_INDEX CommandCodeToCommandIndex12(TPM_CC commandCode)
+{
+    COMMAND_INDEX i;
+
+    /* s_ccAttr12 has terminating 0x0000 command code and V */
+    for (i = 0 ; (s_ccAttr12[i].commandCode != 0) || (s_ccAttr12[i].V != 0) ; i++) {
+	if (s_ccAttr12[i].commandCode == commandCode) {
+	    return i;
+	}
+    }
+    return UNIMPLEMENTED_COMMAND_INDEX;
+}
+
+uint32_t getCommandHandleCount12(COMMAND_INDEX index)
+{
+    return s_ccAttr12[index].cHandles;
+}
+
+uint32_t getresponseHandleCount12(COMMAND_INDEX index)
+{
+    return s_ccAttr12[index].rHandle;
+}
+
diff --git a/utils/tssccattributes12.h b/utils/tssccattributes12.h
new file mode 100644
index 000000000..a29f011f5
--- /dev/null
+++ b/utils/tssccattributes12.h
@@ -0,0 +1,55 @@
+/********************************************************************************/
+/*										*/
+/*			     Command Code Attributes				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssccattributes12.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSSCCATTRIBUTES12_H
+#define TSSCCATTRIBUTES12_H
+
+#include <stdio.h>
+
+#include <ibmtss/TPM_Types.h>
+#include "tssccattributes.h"
+#include "CommandAttributes.h"
+
+#define UNIMPLEMENTED_COMMAND_INDEX     ((COMMAND_INDEX)(~0))
+
+COMMAND_INDEX CommandCodeToCommandIndex12(TPM_CC commandCode);
+uint32_t getCommandHandleCount12(COMMAND_INDEX index);
+uint32_t getresponseHandleCount12(COMMAND_INDEX index);
+
+#endif
diff --git a/utils/tsscrypto.c b/utils/tsscrypto.c
new file mode 100644
index 000000000..d9c62907b
--- /dev/null
+++ b/utils/tsscrypto.c
@@ -0,0 +1,1453 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Library Dependent Crypto Support		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*		ECC Salt functions written by Bill Martin			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* Interface to OpenSSL version 1.0 or 1.1 crypto library */
+
+#include <string.h>
+#include <stdio.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/aes.h>
+#ifndef TPM_TSS_NORSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tsserror.h>
+
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+
+extern int tssVverbose;
+extern int tssVerbose;
+
+/* openssl compatibility code */
+
+#if OPENSSL_VERSION_NUMBER < 0x10101000
+#define EC_POINT_set_affine_coordinates(a,b,c,d,e)  EC_POINT_set_affine_coordinates_GFp(a,b,c,d,e)
+#define EC_POINT_get_affine_coordinates(a,b,c,d,e)  EC_POINT_get_affine_coordinates_GFp(a,b,c,d,e)
+#endif
+
+/* local prototypes */
+
+static TPM_RC TSS_Hash_GetMd(const EVP_MD **md,
+			     TPMI_ALG_HASH hashAlg);
+
+#ifndef TPM_TSS_NOECC
+
+/* ECC salt */
+
+typedef struct
+{
+    EC_GROUP            *G;
+    BN_CTX              *ctx;
+} CURVE_DATA;
+
+static TPM_RC TSS_ECC_GeneratePlatformEphemeralKey(CURVE_DATA *eCurveData,
+						   EC_KEY *myecc);
+static TPM_RC TSS_BN_new(BIGNUM **bn);
+static TPM_RC TSS_BN_hex2bn(BIGNUM **bn, const char *str);
+#endif	/* TPM_TSS_NOECC */
+
+#ifndef TPM_TSS_NORSA
+static TPM_RC TSS_bin2bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes);
+#endif	/* TPM_TSS_NORSA */
+
+/*
+  Initialization
+*/
+
+TPM_RC TSS_Crypto_Init(void)
+{
+    TPM_RC		rc = 0;
+#if 0
+    int			irc;
+#endif
+
+    ERR_load_crypto_strings ();
+    OpenSSL_add_all_algorithms();
+#if 0
+    irc = FIPS_mode_set(1);
+    if (irc == 0) {
+	if (tssVerbose) printf("TSS_Crypto_Init: Cannot set FIPS mode\n");
+    }
+#endif
+    return rc;
+}
+
+/*
+  Digests
+*/
+
+static TPM_RC TSS_Hash_GetMd(const EVP_MD **md,
+			     TPMI_ALG_HASH hashAlg)
+{
+    TPM_RC		rc = 0;
+
+    if (rc == 0) {
+	switch (hashAlg) {
+#ifdef TPM_ALG_SHA1
+	  case TPM_ALG_SHA1:
+	    *md = EVP_get_digestbyname("sha1");
+	    break;
+#endif
+#ifdef TPM_ALG_SHA256	
+	  case TPM_ALG_SHA256:
+	    *md = EVP_get_digestbyname("sha256");
+	    break;
+#endif
+#ifdef TPM_ALG_SHA384
+	  case 	TPM_ALG_SHA384:
+	    *md = EVP_get_digestbyname("sha384");
+	    break;
+#endif
+#ifdef TPM_ALG_SHA512
+	  case 	TPM_ALG_SHA512:
+	    *md = EVP_get_digestbyname("sha512");
+	    break;
+#endif
+	  default:
+	    rc = TSS_RC_BAD_HASH_ALGORITHM;
+	}
+    }
+    return rc;
+}
+
+/* On call, digest->hashAlg is the desired hash algorithm
+
+   length 0 is ignored, buffer NULL terminates list.
+*/
+
+TPM_RC TSS_HMAC_Generate_valist(TPMT_HA *digest,		/* largest size of a digest */
+				const TPM2B_KEY *hmacKey,
+				va_list ap)
+{
+    TPM_RC		rc = 0;
+    int 		irc = 0;
+    int			done = FALSE;
+    const EVP_MD 	*md;	/* message digest method */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+    HMAC_CTX 		ctx;
+#else
+    HMAC_CTX 		*ctx;
+#endif
+    int			length;
+    uint8_t 		*buffer;
+    
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+    HMAC_CTX_init(&ctx);
+#else
+    ctx = HMAC_CTX_new();
+#endif
+    if (rc == 0) {
+	rc = TSS_Hash_GetMd(&md, digest->hashAlg);
+    }
+    if (rc == 0) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	irc = HMAC_Init_ex(&ctx,
+			   hmacKey->b.buffer, hmacKey->b.size,	/* HMAC key */
+			   md,					/* message digest method */
+			   NULL);
+#else
+	irc = HMAC_Init_ex(ctx,
+			   hmacKey->b.buffer, hmacKey->b.size,	/* HMAC key */
+			   md,					/* message digest method */
+			   NULL);
+#endif
+	
+	if (irc == 0) {
+	    rc = TSS_RC_HMAC;
+	}
+    }
+    while ((rc == 0) && !done) {
+	length = va_arg(ap, int);		/* first vararg is the length */
+	buffer = va_arg(ap, unsigned char *);	/* second vararg is the array */
+	if (buffer != NULL) {			/* loop until a NULL buffer terminates */
+	    if (length < 0) {
+		if (tssVerbose) printf("TSS_HMAC_Generate: Length is negative\n");
+		rc = TSS_RC_HMAC;
+	    }
+	    else {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+		irc = HMAC_Update(&ctx, buffer, length);
+#else
+		irc = HMAC_Update(ctx, buffer, length);
+#endif
+		if (irc == 0) {
+		    if (tssVerbose) printf("TSS_HMAC_Generate: HMAC_Update failed\n");
+		    rc = TSS_RC_HMAC;
+		}
+	    }
+ 	}
+	else {
+	    done = TRUE;
+	}
+    }
+
+    if (rc == 0) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+	irc = HMAC_Final(&ctx, (uint8_t *)&digest->digest, NULL);
+#else
+	irc = HMAC_Final(ctx, (uint8_t *)&digest->digest, NULL);
+#endif
+	if (irc == 0) {
+	    rc = TSS_RC_HMAC;
+	}
+    }
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+    HMAC_CTX_cleanup(&ctx);
+#else
+    HMAC_CTX_free(ctx);
+#endif
+    return rc;
+}
+
+/*
+  valist is int length, unsigned char *buffer pairs
+  
+  length 0 is ignored, buffer NULL terminates list.
+*/
+
+TPM_RC TSS_Hash_Generate_valist(TPMT_HA *digest,		/* largest size of a digest */
+				va_list ap)
+{
+    TPM_RC		rc = 0;
+    int			irc = 0;
+    int			done = FALSE;
+    int			length;
+    uint8_t 		*buffer;
+    EVP_MD_CTX 		*mdctx;
+    const EVP_MD 	*md;
+
+    if (rc == 0) {
+	mdctx = EVP_MD_CTX_create();
+        if (mdctx == NULL) {
+	    if (tssVerbose) printf("TSS_Hash_Generate: EVP_MD_CTX_create failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Hash_GetMd(&md, digest->hashAlg);
+    }
+    if (rc == 0) {
+	irc = EVP_DigestInit_ex(mdctx, md, NULL);
+	if (irc != 1) {
+	    rc = TSS_RC_HASH;
+	}
+    }
+    while ((rc == 0) && !done) {
+	length = va_arg(ap, int);		/* first vararg is the length */
+	buffer = va_arg(ap, unsigned char *);	/* second vararg is the array */
+	if (buffer != NULL) {			/* loop until a NULL buffer terminates */
+	    if (length < 0) {
+		if (tssVerbose) printf("TSS_Hash_Generate: Length is negative\n");
+		rc = TSS_RC_HASH;
+	    }
+	    else {
+		/* if (tssVverbose) TSS_PrintAll("TSS_Hash_Generate:", buffer, length); */
+		if (length != 0) {
+		    EVP_DigestUpdate(mdctx, buffer, length);
+		}
+	    }
+	}
+	else {
+	    done = TRUE;
+	}
+    }
+    if (rc == 0) {
+	EVP_DigestFinal_ex(mdctx, (uint8_t *)&digest->digest, NULL);
+    }
+    EVP_MD_CTX_destroy(mdctx);
+    return rc;
+}
+
+/* Random Numbers */
+
+TPM_RC TSS_RandBytes(unsigned char *buffer, uint32_t size)
+{
+    TPM_RC 	rc = 0;
+    int		irc = 0;
+
+    irc = RAND_bytes(buffer, size);
+    if (irc != 1) {
+	if (tssVerbose) printf("TSS_RandBytes: Random number generation failed\n");
+	rc = TSS_RC_RNG_FAILURE;
+    }
+    return rc;
+}
+
+/*
+  RSA functions
+*/
+
+#ifndef TPM_TSS_NORSA
+
+/* TSS_RsaNew() allocates an openssl RSA key token.
+
+   This abstracts the crypto library specific allocation.
+
+   For Openssl, rsaKey is an RSA structure.
+*/
+
+TPM_RC TSS_RsaNew(void **rsaKey)
+{
+    TPM_RC  	rc = 0;
+
+    /* sanity check for the free */
+    if (rc == 0) {
+	if (*rsaKey != NULL) {
+            if (tssVerbose)
+		printf("TSS_RsaNew: Error (fatal), token %p should be NULL\n",
+		       *rsaKey);
+            rc = TSS_RC_ALLOC_INPUT;
+	}
+    }
+    /* construct the OpenSSL private key object */
+    if (rc == 0) {
+        *rsaKey = RSA_new();                        	/* freed by caller */
+        if (*rsaKey == NULL) {
+            if (tssVerbose) printf("TSS_RsaNew: Error in RSA_new()\n");
+            rc = TSS_RC_RSA_KEY_CONVERT;
+        }
+    }
+    return rc;
+}
+
+/* TSS_RsaFree() frees an openssl RSA key token.
+
+   This abstracts the crypto library specific free.
+   
+   For Openssl, rsaKey is an RSA structure.
+*/
+
+void TSS_RsaFree(void *rsaKey)
+{
+    if (rsaKey != NULL) {
+        RSA_free(rsaKey); 
+    }
+    return;
+}
+
+/* TSS_RSAGeneratePublicToken() is deprecated for application use, since it is openssl library
+   dependent.
+
+   Use TSS_RSAGeneratePublicTokenI().
+*/
+
+TPM_RC TSS_RSAGeneratePublicToken(RSA **rsa_pub_key,		/* freed by caller */
+				  const unsigned char *narr,    /* public modulus */
+				  uint32_t nbytes,
+				  const unsigned char *earr,    /* public exponent */
+				  uint32_t ebytes)
+{
+    TPM_RC  	rc = 0;
+    rc = TSS_RSAGeneratePublicTokenI((void **)rsa_pub_key,
+				     narr, 
+				     nbytes,
+				     earr,
+				     ebytes);
+    return rc;
+}
+
+/* TSS_RSAGeneratePublicTokenI() generates an RSA key token from n and e
+
+   Free rsa_pub_key using TSS_RsaFree();
+ */
+
+TPM_RC TSS_RSAGeneratePublicTokenI(void **rsa_pub_key,		/* freed by caller */
+				   const unsigned char *narr,    /* public modulus */
+				   uint32_t nbytes,
+				   const unsigned char *earr,    /* public exponent */
+				   uint32_t ebytes)
+{
+    TPM_RC  	rc = 0;
+    BIGNUM *    n = NULL;
+    BIGNUM *    e = NULL;
+    RSA **	rsaPubKey = (RSA **)rsa_pub_key;	/* openssl specific structure */
+
+    /* construct the OpenSSL private key object */
+    if (rc == 0) {
+	rc = TSS_RsaNew(rsa_pub_key);
+    }
+    if (rc == 0) {
+        rc = TSS_bin2bn(&n, narr, nbytes);	/* freed by caller */
+    }
+    if (rc == 0) {
+        rc = TSS_bin2bn(&e, earr, ebytes);	/* freed by caller */
+    }
+    if (rc == 0) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+        (*rsaPubKey)->n = n;
+        (*rsaPubKey)->e = e;
+        (*rsaPubKey)->d = NULL;
+#else
+	int irc = RSA_set0_key(*rsaPubKey, n, e, NULL);
+	if (irc != 1) {
+            if (tssVerbose) printf("TSS_RSAGeneratePublicTokenI: Error in RSA_set0_key()\n");
+            rc = TSS_RC_RSA_KEY_CONVERT;
+	}
+#endif
+    }
+    return rc;
+}
+
+/* TSS_RSAPublicEncrypt() pads 'decrypt_data' to 'encrypt_data_size' and encrypts using the public
+   key 'n, e'.
+*/
+
+TPM_RC TSS_RSAPublicEncrypt(unsigned char *encrypt_data,    /* encrypted data */
+			    size_t encrypt_data_size,       /* size of encrypted data buffer */
+			    const unsigned char *decrypt_data,      /* decrypted data */
+			    size_t decrypt_data_size,
+			    unsigned char *narr,           /* public modulus */
+			    uint32_t nbytes,
+			    unsigned char *earr,           /* public exponent */
+			    uint32_t ebytes,
+			    unsigned char *p,		/* encoding parameter */
+			    int pl,
+			    TPMI_ALG_HASH halg)		/* OAEP hash algorithm */
+{
+    TPM_RC  	rc = 0;
+    int         irc;
+    RSA         *rsa_pub_key = NULL;
+    unsigned char *padded_data = NULL;
+    
+    if (tssVverbose) printf(" TSS_RSAPublicEncrypt: Input data size %lu\n",
+			    (unsigned long)decrypt_data_size);
+    /* intermediate buffer for the decrypted but still padded data */
+    if (rc == 0) {
+        rc = TSS_Malloc(&padded_data, encrypt_data_size);               /* freed @2 */
+    }
+    /* construct the OpenSSL public key object */
+    if (rc == 0) {
+	rc = TSS_RSAGeneratePublicTokenI((void **)&rsa_pub_key,	/* freed @1 */
+					 narr,      	/* public modulus */
+					 nbytes,
+					 earr,      	/* public exponent */
+					 ebytes);
+    }
+    if (rc == 0) {
+	padded_data[0] = 0x00;
+	rc = TSS_RSA_padding_add_PKCS1_OAEP(padded_data,		/* to */
+					    encrypt_data_size,		/* to length */
+					    decrypt_data,		/* from */
+					    decrypt_data_size,		/* from length */
+					    p,		/* encoding parameter */
+					    pl,		/* encoding parameter length */
+					    halg);	/* OAEP hash algorithm */
+    }
+    if (rc == 0) {
+        if (tssVverbose)
+	    printf("  TSS_RSAPublicEncrypt: Padded data size %lu\n",
+		   (unsigned long)encrypt_data_size);
+        if (tssVverbose) TSS_PrintAll("  TPM_RSAPublicEncrypt: Padded data", padded_data,
+				      encrypt_data_size);
+        /* encrypt with public key.  Must pad first and then encrypt because the encrypt
+           call cannot specify an encoding parameter */
+	/* returns the size of the encrypted data.  On error, -1 is returned */
+	irc = RSA_public_encrypt(encrypt_data_size,         /* from length */
+				 padded_data,               /* from - the clear text data */
+				 encrypt_data,              /* the padded and encrypted data */
+				 rsa_pub_key,               /* key */
+				 RSA_NO_PADDING);           /* padding */
+	if (irc < 0) {
+	    if (tssVerbose) printf("TSS_RSAPublicEncrypt: Error in RSA_public_encrypt()\n");
+	    rc = TSS_RC_RSA_ENCRYPT;
+	}
+    }
+    if (rc == 0) {
+        if (tssVverbose) printf("  TSS_RSAPublicEncrypt: RSA_public_encrypt() success\n");
+    }
+    TSS_RsaFree(rsa_pub_key);          /* @1 */
+    free(padded_data);                  /* @2 */
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+
+#ifndef TPM_TSS_NOECC
+
+/* TSS_GeneratePlatformEphemeralKey sets the EC parameters to NIST P256 for generating the ephemeral
+   key. Some OpenSSL versions do not come with NIST p256.
+
+   On success, eCurveData->G must be freed by the caller.
+*/
+
+static TPM_RC TSS_ECC_GeneratePlatformEphemeralKey(CURVE_DATA *eCurveData, EC_KEY *myecc)
+{
+    TPM_RC      rc = 0;
+    BIGNUM 	*p = NULL;
+    BIGNUM 	*a = NULL;
+    BIGNUM 	*b = NULL;
+    BIGNUM 	*x = NULL;
+    BIGNUM 	*y = NULL;
+    BIGNUM 	*z = NULL;
+    EC_POINT    *G = NULL; 	/* generator */
+
+    /* ---------------------------------------------------------- *
+     * Set the EC parameters to NISTp256. Openssl versions might  *
+     * not have NISTP256 as a possible parameter so we make it    *
+     * possible by setting the curve ourselves.                   *
+     * ---------------------------------------------------------- */
+
+    /*  NIST P256  from FIPS 186-3 */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting p\n");
+	rc = TSS_BN_hex2bn(&p,		/* freed @1 */
+			   "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting a\n");
+	rc = TSS_BN_hex2bn(&a,		/* freed @2 */
+			   "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting b\n");
+	rc = TSS_BN_hex2bn(&b,		/* freed @3 */
+			   "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: New group\n");
+	eCurveData->G = EC_GROUP_new(EC_GFp_mont_method());	/* freed @4 */
+	if (eCurveData->G == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				   "Error creating new group\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Set the curve prime\n");
+	if (EC_GROUP_set_curve_GFp(eCurveData->G, p, a, b, eCurveData->ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				   "Error seting curve prime\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	G = EC_POINT_new(eCurveData->G);			/* freed @5 */
+	if (G == NULL ){
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: EC_POINT_new failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_BN_hex2bn(&x,					/* freed @6 */
+			   "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296");
+    }
+    if (rc == 0) {
+	rc = TSS_BN_hex2bn(&y,					/* freed @7 */
+			   "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5");
+    }
+    if (rc == 0) {
+	if (EC_POINT_set_affine_coordinates(eCurveData->G, G, x, y, eCurveData->ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, "
+				   "Cannot create TPM public point from coordinates\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    /* sanity check to see if point is on the curve */
+    if (rc == 0) {
+	if (EC_POINT_is_on_curve(eCurveData->G, G, eCurveData->ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, "
+				   "Point not on curve\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_BN_hex2bn(&z,					/* freed @8 */
+			   "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
+    }
+    if (rc == 0) {
+	if (EC_GROUP_set_generator(eCurveData->G, G, z, BN_value_one()) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, "
+				   "EC_GROUP_set_generator()\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+        }
+    }
+    if (rc == 0) {
+	if (EC_GROUP_check(eCurveData->G, eCurveData->ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, "
+				   "EC_GROUP_check()\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+        }
+    }
+    if (rc == 0) {
+	if (EC_KEY_set_group(myecc, eCurveData->G) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, "
+				   "EC_KEY_set_group()\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+        }
+    }
+    if (rc == 0) {
+#if 0
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				"Address of eCurveData->G is %p\n", eCurveData->G);
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				"Address of eCurveData->CTX is %p\n", eCurveData->ctx);
+#endif
+	if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				"Set group for key\n");
+    }
+    /* Create the public/private EC key pair here */
+    if (rc == 0) {
+	if (EC_KEY_generate_key(myecc) == 0) 	{
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				   "Error generating the ECC key.\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	if (!EC_KEY_check_key(myecc)) {
+	    if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: "
+				   "Error on EC_KEY_check_key()\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (p != NULL)	BN_clear_free(p);	/* @1 */
+    if (a != NULL)	BN_clear_free(a);	/* @2 */
+    if (b != NULL) 	BN_clear_free(b);	/* @3 */
+    if (rc != 0) {				/* else freed by caller */
+	EC_GROUP_free(eCurveData->G);	/* @4 */	
+	/* EC_POINT_free(G);		/\* @5  *\/ */
+    }
+    EC_POINT_free(G);		/* @5  */
+    if (x != NULL)	BN_clear_free(x);	/* @6 */
+    if (y != NULL)	BN_clear_free(y);	/* @7 */
+    if (z != NULL)	BN_clear_free(z);	/* @8 */
+
+    /* don't free the key info.  This curve was constructed out of parameters, not of the openssl
+       library */
+    /* EC_KEY_free(myecc) */
+    /* EC_POINT_free(G); */
+    return rc;
+}
+
+/* TSS_ECC_Salt() returns both the plaintext and excrypted salt, based on the salt key bPublic.
+
+   This is currently hard coded to the TPM_ECC_NIST_P256 curve.
+*/
+
+TPM_RC TSS_ECC_Salt(TPM2B_DIGEST 		*salt,
+		    TPM2B_ENCRYPTED_SECRET	*encryptedSalt,
+		    TPMT_PUBLIC			*publicArea)
+{
+    TPM_RC		rc = 0;
+    EC_KEY		*myecc = NULL;		/* ephemeral key */
+    const BIGNUM	*d_caller; 		/* ephemeral private key */
+    const EC_POINT	*callerPointPub; 	/* ephemeral public key */
+    EC_POINT		*tpmPointPub = NULL;
+    BIGNUM		*p_tpmX = NULL;
+    BIGNUM		*bigY = NULL;
+    BIGNUM 		*zBn = NULL;
+    EC_POINT 		*rPoint = NULL;
+    BIGNUM 		*thepoint = NULL;
+    BIGNUM		*sharedX = NULL;
+    BIGNUM		*yBn = NULL;
+    uint32_t		sizeInBytes;
+    uint32_t		sizeInBits;
+    uint8_t             *sharedXBin = NULL;
+    unsigned int	lengthSharedXBin;
+    BIGNUM		*p_caller_Xbn = NULL;
+    BIGNUM		*p_caller_Ybn = NULL; 
+    uint8_t		*p_caller_Xbin = NULL;
+    uint8_t		*p_caller_Ybin = NULL;
+    uint8_t		*p_tpmXbin = NULL;
+    unsigned int 	length_p_caller_Xbin;
+    unsigned int 	length_p_caller_Ybin;
+    unsigned int	length_p_tpmXbin;
+    TPM2B_ECC_PARAMETER	sharedX_For_KDFE;
+    TPM2B_ECC_PARAMETER	p_caller_X_For_KDFE;
+    TPM2B_ECC_PARAMETER	p_tpmX_For_KDFE;
+    CURVE_DATA 		eCurveData;
+
+    eCurveData.ctx = NULL;	/* for free */
+    eCurveData.G = NULL;	/* this is initialized in TSS_ECC_GeneratePlatformEphemeralKey() at
+				   EC_GROUP_new() but gcc -O3 emits a warning that it's
+				   uninitialized. */
+    /* only NIST P256 is currently supported */
+    if (rc == 0) {
+	if ((publicArea->parameters.eccDetail.curveID != TPM_ECC_NIST_P256)) {
+	    if (tssVerbose)
+		printf("TSS_ECC_Salt: ECC curve ID %04x not supported\n",
+		       publicArea->parameters.eccDetail.curveID);
+	    rc = TSS_RC_BAD_SALT_KEY;
+	}
+    }
+    if (rc == 0) {
+	myecc = EC_KEY_new();		/* freed @1 */
+	if (myecc == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: EC_KEY_new failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	eCurveData.ctx = BN_CTX_new();	/* freed @16 */
+	if (eCurveData.ctx == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: BN_CTX_new failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* Generate the TSS EC ephemeral key pair outside the TPM for the salt. The public part of this
+       key is actually the 'encrypted' salt. */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Calling TSS_ECC_GeneratePlatformEphemeralKey\n");
+	/* eCurveData->G freed @17 */
+	rc = TSS_ECC_GeneratePlatformEphemeralKey(&eCurveData, myecc);
+    }
+    if (rc == 0) {
+	d_caller = EC_KEY_get0_private_key(myecc);		/* ephemeral private key */
+	callerPointPub = EC_KEY_get0_public_key(myecc); 	/* ephemeral public key */
+    } 
+    /* validate that the public point is on the NIST P-256 curve */
+    if (rc == 0) 		{
+	if (EC_POINT_is_on_curve(eCurveData.G, callerPointPub, eCurveData.ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "Generated point not on curve\n"); 
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) { 
+	/* let d_caller be private scalar and P_caller be public point */
+	/* p_tpm is public point. p_tpmX is to be X-coordinate and p_tpmY the
+	   Y-coordinate */
+
+	/* Allocate the space for P_tpm */
+	tpmPointPub = EC_POINT_new(eCurveData.G); 			/* freed @2 */
+	if (tpmPointPub == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: EC_POINT_new failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* grab the public point x and y using the parameters passed in */
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Salt key sizes are X: %d and Y: %d\n",
+				publicArea->unique.ecc.x.t.size,
+				publicArea->unique.ecc.y.t.size);
+	p_tpmX = BN_bin2bn((const unsigned char *)&publicArea->unique.ecc.x.t.buffer,
+			   publicArea->unique.ecc.x.t.size, NULL);	/* freed @3 */
+	if (p_tpmX == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: BN_bin2bn p_tpmX failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	bigY = BN_bin2bn((const unsigned char*)&publicArea->unique.ecc.y.t.buffer,
+			 publicArea->unique.ecc.y.t.size, bigY);	/* freed @15 */
+	if (bigY == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: BN_bin2bn bigY failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Salt public key X %s\n", BN_bn2hex(p_tpmX));
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Salt public key Y %s\n", BN_bn2hex(bigY));
+    }
+    /* Create the openssl form of the TPM salt public key as EC_POINT using coordinates */
+    if (rc == 0) {
+	if (EC_POINT_set_affine_coordinates
+	    (eCurveData.G, tpmPointPub, p_tpmX, bigY, eCurveData.ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "Cannot create TPM public point from coordinates\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    /* RFC 2440 Named curve prime256v1 */
+    if (rc == 0) {
+	rc = TSS_BN_hex2bn(&zBn,			/* freed @4 */
+			   "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
+    }    
+    /* add the generator z to the group we are constructing */
+    if (rc == 0) {
+	if (EC_GROUP_set_generator(eCurveData.G, tpmPointPub, zBn, BN_value_one()) == 0) { 
+	    if(tssVerbose) printf ("TSS_ECC_Salt: "
+				   "Error EC_GROUP_set_generator()\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE; 
+	}
+    } 
+    /* Check for validity of our group  */
+    if (rc == 0) { 
+	if (EC_GROUP_check(eCurveData.G, eCurveData.ctx) == 0) { 
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "ec_group_check() failed\n"); 
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    /* Check to see if what we think is the TPM point is on the curve */
+    if (rc == 0) {
+	if (EC_POINT_is_on_curve(eCurveData.G, tpmPointPub, eCurveData.ctx) == 0) { 
+	    if (tssVerbose) printf("TSS_ECC_Salt: Error, "
+				   "Point not on curve\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+	else {
+	    if (tssVverbose) printf("TSS_ECC_Salt: "
+				    "Validated that TPM EC point is on curve\n");
+	}
+    }
+    if (rc == 0) {
+	rPoint = EC_POINT_new(eCurveData.G);
+	if (rPoint == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "Cannot create rPoint\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    /* Point multiply the TPM public point by the ephemeral scalar. This will produce the
+       point from which we get the shared X coordinate, which we keep for use in KDFE. The
+       TPM will calculate the same X. */
+    if (rc == 0) {
+	if (EC_POINT_mul(eCurveData.G, rPoint, NULL, tpmPointPub,
+			 d_caller, eCurveData.ctx) == 0) { 
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "EC_POINT_mul failed\n") ;
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE; 
+	}
+	else {
+	    if (tssVverbose) printf("TSS_ECC_Salt: "
+				    "EC_POINT_mul() succeeded\n");
+	}
+    }
+    /* Check to see if calculated point is on the curve, just for extra sanity */
+    if (rc == 0) {  
+	if (EC_POINT_is_on_curve(eCurveData.G, rPoint, eCurveData.ctx) == 0) { 
+	    if (tssVerbose) printf("TSS_ECC_Salt: Error,"
+				   "Point r is not on curve\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+	else {
+	    if (tssVverbose) printf("TSS_ECC_Salt: "
+				    "Point calculated by EC_POINT_mul() is on the curve\n");
+	}
+    }
+    if (rc == 0) {
+	thepoint = EC_POINT_point2bn(eCurveData.G, rPoint, POINT_CONVERSION_UNCOMPRESSED,
+				     NULL, eCurveData.ctx);	/* freed @6 */
+	if (thepoint == NULL) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "EC_POINT_point2bn thepoint failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    /* get sharedX */
+    if (rc == 0) {
+	rc = TSS_BN_new(&sharedX);		/* freed @7 */
+    }
+    if (rc == 0) {
+	rc = TSS_BN_new(&yBn);			/* freed @8 */
+    }
+    if (rc == 0) {
+	if (EC_POINT_get_affine_coordinates(eCurveData.G, rPoint,
+						sharedX, yBn, eCurveData.ctx) == 0) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "EC_POINT_get_affine_coordinates() failed\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(publicArea->nameAlg);
+	sizeInBits =  sizeInBytes * 8;
+	rc = TSS_Malloc(&sharedXBin, BN_num_bytes(sharedX));		/* freed @9 */
+    }
+    if (rc == 0) {
+	lengthSharedXBin = (unsigned int)BN_bn2bin(sharedX, sharedXBin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: sharedXBin",
+				      sharedXBin,
+				      lengthSharedXBin);
+    }
+    /* encrypted salt is just the ephemeral public key */
+    if (rc == 0) {
+	rc = TSS_BN_new(&p_caller_Xbn);			/* freed 10 */
+    }
+    if (rc == 0) {
+	rc = TSS_BN_new(&p_caller_Ybn);			/* freed @11 */
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Allocated space for ephemeral BIGNUM X, Y\n");
+    }
+    /* Get the X-coordinate and Y-Coordinate */
+    if (rc == 0) {
+	if (EC_POINT_get_affine_coordinates(eCurveData.G, callerPointPub,
+						p_caller_Xbn, p_caller_Ybn,
+						eCurveData.ctx) == 0) { 
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "EC_POINT_get_affine_coordinates() failed\n");
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+	else {
+	    if (tssVverbose) printf("TSS_ECC_Salt: "
+				    "Retrieved X and Y coordinates from ephemeral public\n");
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(&p_caller_Xbin, BN_num_bytes(p_caller_Xbn));	/* freed @12 */
+    }
+    if (rc == 0) {    
+	rc = TSS_Malloc(&p_caller_Ybin , BN_num_bytes(p_caller_Ybn));	/* freed @13 */
+    }
+    if (rc == 0) {    
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Allocated space for ephemeral binary X and y\n");
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(&p_tpmXbin, BN_num_bytes(p_tpmX));		/* freed @14 */
+    }
+    if (rc == 0) {
+	length_p_tpmXbin = (unsigned int)BN_bn2bin(p_tpmX, p_tpmXbin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_tpmXbin ",
+				      p_tpmXbin,
+				      length_p_tpmXbin);
+	length_p_caller_Xbin = (unsigned int)BN_bn2bin(p_caller_Xbn, p_caller_Xbin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_Xbin",
+				      p_caller_Xbin,
+				      length_p_caller_Xbin);
+	length_p_caller_Ybin = (unsigned int)BN_bn2bin(p_caller_Ybn, p_caller_Ybin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_Ybin",
+				      p_caller_Ybin,
+				      length_p_caller_Ybin);
+    }
+    /* in->encryptedSalt TPM2B_ENCRYPTED_SECRET is a size and TPMU_ENCRYPTED_SECRET secret.
+       TPMU_ENCRYPTED_SECRET is a TPMS_ECC_POINT
+       TPMS_ECC_POINT has two TPMB_ECC_PARAMETER, x and y
+    */
+    if (rc == 0) {
+	/* TPMS_ECC_POINT 256/8 is a hard coded value for NIST P256, the only curve
+	   currently supported */
+	uint8_t *secret = encryptedSalt->t.secret;	/* TPMU_ENCRYPTED_SECRET pointer for
+							   clarity */
+	/* TPM2B_ENCRYPTED_SECRET size */
+	encryptedSalt->t.size = sizeof(uint16_t) + (256/8) + sizeof(uint16_t) + (256/8);
+	/* leading zeros, because some points may be less than 32 bytes */
+	memset(secret, 0, sizeof(TPMU_ENCRYPTED_SECRET));
+	/* TPMB_ECC_PARAMETER X point */
+	*(uint16_t *)(secret) = htons(256/8);
+	memcpy(secret +
+	       sizeof(uint16_t) + (256/8) - length_p_caller_Xbin,
+	       p_caller_Xbin, length_p_caller_Xbin);
+	/* TPMB_ECC_PARAMETER Y point */
+	*(uint16_t *)(secret + sizeof(uint16_t) + (256/8)) = htons(256/8);
+	memcpy(secret +
+	       sizeof(uint16_t) + (256/8) +
+	       sizeof(uint16_t) + (256/8) - length_p_caller_Ybin,
+	       p_caller_Ybin, length_p_caller_Ybin);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: ECC encrypted salt",
+				      encryptedSalt->t.secret,
+				      encryptedSalt->t.size);
+    }
+    /* TPM2B_ECC_PARAMETER sharedX_For_KDFE */
+    if (rc == 0) {
+	if (lengthSharedXBin > 32) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "lengthSharedXBin %u too large\n",
+				   lengthSharedXBin);
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	sharedX_For_KDFE.t.size = 32;
+	memset(sharedX_For_KDFE.t.buffer, 0, sizeof(sharedX_For_KDFE.t.buffer));
+	memcpy(sharedX_For_KDFE.t.buffer + 32 - lengthSharedXBin,
+	       sharedXBin, lengthSharedXBin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: sharedX_For_KDFE",
+				      sharedX_For_KDFE.t.buffer,
+				      sharedX_For_KDFE.t.size);
+    }
+    /* TPM2B_ECC_PARAMETER p_caller_X_For_KDFE */
+    if (rc == 0) {
+	if (length_p_caller_Xbin > 32) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "length_p_caller_Xbin %u too large\n",
+				   length_p_caller_Xbin);
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	p_caller_X_For_KDFE.t.size = 32;
+	memset(p_caller_X_For_KDFE.t.buffer, 0, sizeof(p_caller_X_For_KDFE.t.buffer));
+	memcpy(p_caller_X_For_KDFE.t.buffer + 32 - length_p_caller_Xbin,
+	       p_caller_Xbin, length_p_caller_Xbin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_X_For_KDFE",
+				      p_caller_X_For_KDFE.t.buffer,
+				      p_caller_X_For_KDFE.t.size);
+    }
+    /* p_tpmX_For_KDFE */
+    if (rc == 0) {
+	if (length_p_tpmXbin > 32) {
+	    if (tssVerbose) printf("TSS_ECC_Salt: "
+				   "length_p_tpmXbin %u too large\n",
+				   length_p_tpmXbin);
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	p_tpmX_For_KDFE .t.size = 32;
+	memset(p_tpmX_For_KDFE.t.buffer, 0, sizeof(p_tpmX_For_KDFE.t.buffer));
+	memcpy(p_tpmX_For_KDFE.t.buffer + 32 - length_p_tpmXbin,
+	       p_tpmXbin, length_p_tpmXbin);
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_tpmX_For_KDFE",
+				      p_tpmX_For_KDFE.t.buffer,
+				      p_tpmX_For_KDFE.t.size);
+    }
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_ECC_Salt: "
+				"Calling TSS_KDFE\n");
+	/* TPM2B_DIGEST salt size is the largest supported digest algorithm.
+	   This has already been validated when unmarshaling the Name hash algorithm.
+	*/
+	/* salt = KDFe(tpmKey_NameAlg, sharedX, "SECRET", P_caller, P_tpm,
+	   tpmKey_NameAlgSizeBits) */
+	salt->t.size = sizeInBytes;
+	rc = TSS_KDFE((uint8_t *)&salt->t.buffer, 	/* KDFe output */
+		      publicArea->nameAlg,		/* hash algorithm */
+		      &sharedX_For_KDFE.b,		/* Z (key) */
+		      "SECRET",				/* KDFe label */
+		      &p_caller_X_For_KDFE.b,		/* context U */
+		      &p_tpmX_For_KDFE.b,		/* context V */
+		      sizeInBits);			/* required size of key in bits */
+    }
+    if (rc == 0) { 
+	if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: salt",
+				      (uint8_t *)&salt->t.buffer,
+				      salt->t.size);
+    }
+    /* cleanup */
+    if (myecc != NULL) 		EC_KEY_free(myecc);		/* @1 */
+    if (tpmPointPub != NULL)    EC_POINT_free(tpmPointPub);	/* @2 */
+    if (p_tpmX != NULL)		BN_clear_free(p_tpmX);		/* @3 */
+    if (zBn != NULL)            BN_clear_free(zBn);		/* @4 */
+    if (rPoint != NULL)		EC_POINT_free(rPoint);		/* @5 */
+    if (thepoint != NULL)       BN_clear_free(thepoint);	/* @6 */
+    if (sharedX != NULL)        BN_clear_free(sharedX);		/* @7 */
+    if (yBn != NULL)		BN_clear_free(yBn);		/* @8 */
+    free(sharedXBin);						/* @9 */
+    if (p_caller_Xbn != NULL)   BN_clear_free(p_caller_Xbn);	/* @10 */
+    if (p_caller_Ybn != NULL)   BN_clear_free(p_caller_Ybn);	/* @11 */
+    free(p_caller_Xbin);					/* @12 */
+    free(p_caller_Ybin);					/* @13 */
+    free(p_tpmXbin);						/* @14 */
+    if (bigY != NULL)           BN_clear_free(bigY);		/* @15 */
+    EC_GROUP_free(eCurveData.G);				/* @17 */	
+    if (eCurveData.ctx != NULL)	BN_CTX_free(eCurveData.ctx);	/* @16 */
+
+    return rc;
+}
+
+/* TSS_BN_new() wraps the openSSL function in a TPM error handler
+ */
+
+static TPM_RC TSS_BN_new(BIGNUM **bn)		/* freed by caller */
+{
+    TPM_RC	rc = 0;
+
+    if (rc == 0) {
+	if (*bn != NULL) {
+	    if (tssVerbose)
+		printf("TSS_BN_new: Error (fatal), *bn %p should be NULL before BN_new()\n", *bn);
+	    rc = TSS_RC_ALLOC_INPUT;
+	}	    
+    }
+    if (rc == 0) {
+	*bn = BN_new();
+	if (*bn == NULL) {
+	    if (tssVerbose) printf("TSS_BN_new: BN_new() failed\n");
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    return rc;
+}
+
+/* TSS_BN_hex2bn() wraps the openSSL function in a TPM error handler
+ */
+
+static TPM_RC TSS_BN_hex2bn(BIGNUM **bn, const char *str)	/* freed by caller */
+{
+    TPM_RC	rc = 0;
+
+    if (rc == 0) {
+	if (*bn != NULL) {
+	    if (tssVerbose)
+		printf("TSS_BN_hex2bn: Error (fatal), *bn %p should be NULL before BN_new()\n", *bn);
+	    rc = TSS_RC_ALLOC_INPUT;
+	}	    
+    }
+    if (rc == 0) {
+	int irc;
+	irc = BN_hex2bn(bn, str);
+	if (irc == 0) {
+	    if (tssVerbose) printf("TSS_BN_hex2bn: BN_hex2bn() failed\n"); 
+	    rc = TSS_RC_EC_EPHEMERAL_FAILURE;
+	}
+    }    
+    return rc;
+}
+
+#endif	/* TPM_TSS_NOECC */
+
+#ifndef TPM_TSS_NORSA
+
+/* TSS_bin2bn() wraps the openSSL function in a TPM error handler
+
+   Converts a char array to bignum
+
+   bn must be freed by the caller.
+*/
+
+static TPM_RC TSS_bin2bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes)
+{
+    TPM_RC	rc = 0;
+
+    /* BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+    
+       BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM
+       and places it in ret. If ret is NULL, a new BIGNUM is created.
+
+       BN_bin2bn() returns the BIGNUM, NULL on error.
+    */
+    if (rc == 0) {
+        *bn = BN_bin2bn(bin, bytes, *bn);
+        if (*bn == NULL) {
+            if (tssVerbose) printf("TSS_bin2bn: Error in BN_bin2bn\n");
+            rc = TSS_RC_BIGNUM;
+        }
+    }
+    return rc;
+}
+
+#endif /* TPM_TSS_NORSA */
+
+/*
+  AES
+*/
+
+TPM_RC TSS_AES_GetEncKeySize(size_t *tssSessionEncKeySize)
+{
+    *tssSessionEncKeySize = sizeof(AES_KEY);
+    return 0;
+}
+TPM_RC TSS_AES_GetDecKeySize(size_t *tssSessionDecKeySize)
+{
+    *tssSessionDecKeySize = sizeof(AES_KEY);
+    return 0;
+}
+
+#define TSS_AES_KEY_BITS 128
+
+TPM_RC TSS_AES_KeyGenerate(void *tssSessionEncKey,
+			   void *tssSessionDecKey)
+{
+    TPM_RC		rc = 0;
+    int 		irc;
+    unsigned char 	userKey[AES_128_BLOCK_SIZE_BYTES];
+    const char 		*envKeyString = NULL;
+    unsigned char 	*envKeyBin = NULL;
+    size_t 		envKeyBinLen;
+
+    if (rc == 0) {
+	envKeyString = getenv("TPM_SESSION_ENCKEY");
+    }
+    if (envKeyString == NULL) {
+	/* If the env variable TPM_SESSION_ENCKEY is not set, generate a random key for this
+	   TSS_CONTEXT */
+	if (rc == 0) {
+	    /* initialize userKey to silence valgrind false positive */
+	    memset(userKey, 0, sizeof(userKey));
+	    rc = TSS_RandBytes(userKey, AES_128_BLOCK_SIZE_BYTES);
+	}
+    }
+    /* The env variable TPM_SESSION_ENCKEY can set a (typically constant) encryption key.  This is
+       useful for scripting, where the env variable is set to a random seed at the beginning of the
+       script. */
+    else {
+	/* hexascii to binary */
+	if (rc == 0) {
+	    rc = TSS_Array_Scan(&envKeyBin,			/* freed @1 */
+				&envKeyBinLen, envKeyString);
+	}
+	/* range check */
+	if (rc == 0) {
+	    if (envKeyBinLen != AES_128_BLOCK_SIZE_BYTES) {
+		if (tssVerbose)
+		    printf("TSS_AES_KeyGenerate: Error, env variable length %lu not %lu\n",
+			   (unsigned long)envKeyBinLen, (unsigned long)sizeof(userKey));
+		rc = TSS_RC_BAD_PROPERTY_VALUE;
+	    }
+	}
+	/* copy the binary to the common userKey for use below */
+	if (rc == 0) {
+	    memcpy(userKey, envKeyBin, envKeyBinLen);  
+	}
+    }
+    /* translate to an openssl key token */
+    if (rc == 0) {
+        irc = AES_set_encrypt_key(userKey,
+                                  TSS_AES_KEY_BITS,
+                                  tssSessionEncKey);
+	/* should never occur, null pointers or bad bit size */
+	if (irc != 0) {
+            if (tssVerbose)
+		printf("TSS_AES_KeyGenerate: Error setting openssl AES encryption key\n");
+	    rc = TSS_RC_AES_KEYGEN_FAILURE; 
+	}
+    }
+    if (rc == 0) {
+	irc = AES_set_decrypt_key(userKey,
+				  TSS_AES_KEY_BITS,
+				  tssSessionDecKey);
+	/* should never occur, null pointers or bad bit size */
+	if (irc != 0) {
+            if (tssVerbose)
+		printf("TSS_AES_KeyGenerate: Error setting openssl AES decryption key\n");
+	    rc = TSS_RC_AES_KEYGEN_FAILURE; 
+	}
+    }
+    free(envKeyBin);	/* @1 */
+    return rc;
+}
+
+/* TSS_AES_Encrypt() is AES non-portable code to encrypt 'decrypt_data' to 'encrypt_data' using CBC.
+   This function uses the session encryption key for encrypting session state.
+
+   The stream is padded as per PKCS#7 / RFC2630
+
+   'encrypt_data' must be free by the caller
+*/
+   
+TPM_RC TSS_AES_Encrypt(void *tssSessionEncKey,
+		       unsigned char **encrypt_data,   		/* output, caller frees */
+		       uint32_t *encrypt_length,		/* output */
+		       const unsigned char *decrypt_data,	/* input */
+		       uint32_t decrypt_length)			/* input */
+{
+    TPM_RC		rc = 0;
+    uint32_t		pad_length;
+    unsigned char	*decrypt_data_pad;
+    unsigned char	ivec[AES_128_BLOCK_SIZE_BYTES];       /* initial chaining vector */
+
+    decrypt_data_pad = NULL;    /* freed @1 */
+    if (rc == 0) {
+        /* calculate the pad length and padded data length */
+        pad_length = AES_128_BLOCK_SIZE_BYTES - (decrypt_length % AES_128_BLOCK_SIZE_BYTES);
+        *encrypt_length = decrypt_length + pad_length;
+         /* allocate memory for the encrypted response */
+        rc = TSS_Malloc(encrypt_data, *encrypt_length);
+    }
+    /* allocate memory for the padded decrypted data */
+    if (rc == 0) {
+        rc = TSS_Malloc(&decrypt_data_pad, *encrypt_length);
+    }
+    /* pad the decrypted clear text data */
+    if (rc == 0) {
+        /* unpadded original data */
+        memcpy(decrypt_data_pad, decrypt_data, decrypt_length);
+        /* last gets pad = pad length */
+        memset(decrypt_data_pad + decrypt_length, pad_length, pad_length);
+        /* set the IV */
+        memset(ivec, 0, sizeof(ivec));
+        /* encrypt the padded input to the output */
+        AES_cbc_encrypt(decrypt_data_pad,
+                        *encrypt_data,
+                        *encrypt_length,
+                        tssSessionEncKey,
+                        ivec,
+                        AES_ENCRYPT);
+    }
+    free(decrypt_data_pad);     /* @1 */
+    return rc;
+}
+
+/* TSS_AES_Decrypt() is AES non-portable code to decrypt 'encrypt_data' to 'decrypt_data' using CBC.
+   This function uses the session encryption key for decrypting session state.
+
+   The stream must be padded as per PKCS#7 / RFC2630
+
+   decrypt_data must be free by the caller
+*/
+
+TPM_RC TSS_AES_Decrypt(void *tssSessionDecKey,
+		       unsigned char **decrypt_data,   		/* output, caller frees */
+		       uint32_t *decrypt_length,		/* output */
+		       const unsigned char *encrypt_data,	/* input */
+		       uint32_t encrypt_length)			/* input */
+{
+    TPM_RC          	rc = 0;
+    uint32_t		pad_length;
+    uint32_t		i;
+    unsigned char       *pad_data;
+    unsigned char       ivec[AES_128_BLOCK_SIZE_BYTES];       /* initial chaining vector */
+    
+    /* sanity check encrypted length */
+    if (rc == 0) {
+        if (encrypt_length < AES_128_BLOCK_SIZE_BYTES) {
+            if (tssVerbose) printf("TSS_AES_Decrypt: Error, bad length %u\n",
+				   encrypt_length);
+            rc = TSS_RC_AES_DECRYPT_FAILURE;
+        }
+    }
+    /* allocate memory for the padded decrypted data */
+    if (rc == 0) {
+        rc = TSS_Malloc(decrypt_data, encrypt_length);
+    }
+    /* decrypt the input to the padded output */
+    if (rc == 0) {
+        /* set the IV */
+        memset(ivec, 0, sizeof(ivec));
+        /* decrypt the padded input to the output */
+        AES_cbc_encrypt(encrypt_data,
+                        *decrypt_data,
+                        encrypt_length,
+                        tssSessionDecKey,
+                        ivec,
+                        AES_DECRYPT);
+    }
+    /* get the pad length */
+    if (rc == 0) {
+        /* get the pad length from the last byte */
+        pad_length = (uint32_t)*(*decrypt_data + encrypt_length - 1);
+        /* sanity check the pad length */
+        if ((pad_length == 0) ||
+            (pad_length > AES_128_BLOCK_SIZE_BYTES)) {
+            if (tssVerbose) printf("TSS_AES_Decrypt: Error, illegal pad length\n");
+            rc = TSS_RC_AES_DECRYPT_FAILURE;
+        }
+    }
+    if (rc == 0) {
+        /* get the unpadded length */
+        *decrypt_length = encrypt_length - pad_length;
+        /* pad starting point */
+        pad_data = *decrypt_data + *decrypt_length;
+        /* sanity check the pad */
+        for (i = 0 ; (rc == 0) && (i < pad_length) ; i++, pad_data++) {
+            if (*pad_data != pad_length) {
+                if (tssVerbose) printf("TSS_AES_Decrypt: Error, bad pad %02x at index %u\n",
+				       *pad_data, i);
+                rc = TSS_RC_AES_DECRYPT_FAILURE;
+            }
+        }
+    }
+    return rc;
+}
+
+TPM_RC TSS_AES_EncryptCFB(uint8_t	*dOut,		/* OUT: the encrypted data */
+			  uint32_t	keySizeInBits,	/* IN: key size in bits */
+			  uint8_t 	*key,           /* IN: key buffer */
+			  uint8_t 	*iv,		/* IN/OUT: IV for decryption */
+			  uint32_t	dInSize,       	/* IN: data size */
+			  uint8_t 	*dIn)		/* IN: data buffer */
+{
+    TPM_RC	rc = 0;
+    int 	irc;
+    int		blockSize;
+    AES_KEY	aeskey;
+    int32_t	dSize;         /* signed version of dInSize */
+    
+    /* Create AES encryption key token */
+    if (rc == 0) {
+	irc = AES_set_encrypt_key(key, keySizeInBits, &aeskey);
+	if (irc != 0) {
+            if (tssVerbose) printf("TSS_AES_EncryptCFB: Error setting openssl AES encryption key\n");
+	    rc = TSS_RC_AES_KEYGEN_FAILURE;  /* should never occur, null pointers or bad bit size */
+	}
+    }
+    if (rc == 0) {
+	/* Encrypt the current IV into the new IV, XOR in the data, and copy to output */
+	for(dSize = (int32_t)dInSize ; dSize > 0 ; dSize -= 16, dOut += 16, dIn += 16) {
+	    /* Encrypt the current value of the IV to the intermediate value.  Store in old iv,
+	       since it's not needed anymore. */
+	    AES_encrypt(iv, iv, &aeskey);
+	    blockSize = (dSize < 16) ? dSize : 16;	/* last block can be < 16 */	
+	    TSS_XOR(dOut, dIn, iv, blockSize);
+	    memcpy(iv, dOut, blockSize);
+	}
+    }
+    return rc;
+}
+
+TPM_RC TSS_AES_DecryptCFB(uint8_t *dOut,          	/* OUT: the decrypted data */
+			  uint32_t keySizeInBits, 	/* IN: key size in bits */
+			  uint8_t *key,           	/* IN: key buffer */
+			  uint8_t *iv,            	/* IN/OUT: IV for decryption. */
+			  uint32_t dInSize,       	/* IN: data size */
+			  uint8_t *dIn)			/* IN: data buffer */
+{
+    TPM_RC	rc = 0;
+    int 	irc;
+    uint8_t	tmp[16];
+    int		blockSize;
+    AES_KEY	aesKey;
+    int32_t	dSize;
+    
+    /* Create AES encryption key token */
+    if (rc == 0) {
+	irc = AES_set_encrypt_key(key, keySizeInBits, &aesKey);
+	if (irc != 0) {
+            if (tssVerbose) printf("TSS_AES_DecryptCFB: Error setting openssl AES encryption key\n");
+	    rc = TSS_RC_AES_KEYGEN_FAILURE;  /* should never occur, null pointers or bad bit size */
+	}
+    }
+    if (rc == 0) {
+	for (dSize = (int32_t)dInSize ; dSize > 0; dSize -= 16, dOut += 16, dIn += 16) {
+	    /* Encrypt the IV into the temp buffer */
+	    AES_encrypt(iv, tmp, &aesKey);
+	    blockSize = (dSize < 16) ? dSize : 16;	/* last block can be < 16 */	
+	    TSS_XOR(dOut, dIn, tmp, blockSize);
+	    memcpy(iv, dIn, blockSize);
+	}
+    }
+    return rc;
+}
+
diff --git a/utils/tsscryptoh.c b/utils/tsscryptoh.c
new file mode 100644
index 000000000..792a10f2c
--- /dev/null
+++ b/utils/tsscryptoh.c
@@ -0,0 +1,632 @@
+/********************************************************************************/
+/*										*/
+/*			     TSS Library Independent Crypto Support		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tsserror.h>
+
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+
+extern int tssVverbose;
+extern int tssVerbose;
+
+/* local prototypes */
+
+static TPM_RC TSS_MGF1(unsigned char       	*mask,
+		       uint32_t            	maskLen,
+		       const unsigned char 	*mgfSeed,
+		       uint16_t			mgfSeedlen,
+		       TPMI_ALG_HASH 		halg);
+
+/* TSS_HMAC_Generate() can be called directly to HMAC a list of streams.
+   
+   The ... arguments are a message list of the form
+   int length, unsigned char *buffer
+   terminated by a 0 length
+*/
+
+/* On call, digest->hashAlg is the desired hash algorithm */
+
+TPM_RC TSS_HMAC_Generate(TPMT_HA *digest,		/* largest size of a digest */
+			 const TPM2B_KEY *hmacKey,
+			 ...)
+{
+    TPM_RC		rc = 0;
+    va_list		ap;
+    
+    va_start(ap, hmacKey);
+    rc = TSS_HMAC_Generate_valist(digest, hmacKey, ap);
+    va_end(ap);
+    return rc;
+}
+
+/* TSS_HMAC_Verify() can be called directly to check the HMAC of a list of streams.
+   
+   The ... arguments are a list of the form
+   int length, unsigned char *buffer
+   terminated by a 0 length
+
+*/
+
+TPM_RC TSS_HMAC_Verify(TPMT_HA *expect,
+		       const TPM2B_KEY *hmacKey,
+		       uint32_t sizeInBytes,
+		       ...)
+{
+    TPM_RC		rc = 0;
+    int			irc;
+    va_list		ap;
+    TPMT_HA 		actual;
+
+    actual.hashAlg = expect->hashAlg;	/* algorithm for the HMAC calculation */
+    va_start(ap, sizeInBytes);
+    if (rc == 0) {
+	rc = TSS_HMAC_Generate_valist(&actual, hmacKey, ap);
+    }
+    if (rc == 0) {
+	irc = memcmp((uint8_t *)&expect->digest, &actual.digest, sizeInBytes);
+	if (irc != 0) {
+	    TSS_PrintAll("TSS_HMAC_Verify: calculated HMAC",
+			 (uint8_t *)&actual.digest, sizeInBytes);
+	    rc = TSS_RC_HMAC_VERIFY;
+	}
+    }
+    va_end(ap);
+    return rc;
+}
+
+/* TSS_KDFA() 11.4.9	Key Derivation Function
+
+   As defined in SP800-108, the inner loop for building the key stream is:
+
+   K(i) = HMAC (KI , [i]2 || Label || 00 || Context || [L]2) 
+*/
+
+TPM_RC TSS_KDFA(uint8_t		*keyStream,    	/* OUT: key buffer */
+		TPM_ALG_ID	hashAlg,       	/* IN: hash algorithm used in HMAC */
+		const TPM2B	*key,           /* IN: HMAC key */
+		const char	*label,		/* IN: KDFa label, NUL terminated */
+		const TPM2B	*contextU,      /* IN: context U */
+		const TPM2B	*contextV,      /* IN: context V */
+		uint32_t	sizeInBits)    	/* IN: size of generated key in bits */
+
+{
+    TPM_RC	rc = 0;
+    uint32_t 	bytes = ((sizeInBits + 7) / 8);	/* bytes left to produce */
+    uint8_t	*stream;
+    uint32_t 	sizeInBitsNbo = htonl(sizeInBits);	/* KDFa L2 */
+    uint16_t    bytesThisPass;			/* in one HMAC operation */
+    uint32_t	counter;    			/* counter value */
+    uint32_t 	counterNbo;			/* counter in big endian */
+    TPMT_HA 	hmac;				/* hmac result for this pass */
+    
+
+    if (rc == 0) {
+	hmac.hashAlg = hashAlg;			/* for TSS_HMAC_Generate() */
+	bytesThisPass = TSS_GetDigestSize(hashAlg);	/* start with hashAlg sized chunks */
+	if (bytesThisPass == 0) {
+	    if (tssVerbose) printf("TSS_KDFA: KDFa failed\n");
+	    rc = TSS_RC_KDFA_FAILED;
+	}
+    }
+    /* Generate required bytes */
+    for (stream = keyStream, counter = 1 ;	/* beginning of stream, KDFa counter starts at 1 */
+	 (rc == 0) && bytes > 0 ;				/* bytes left to produce */
+	 stream += bytesThisPass, bytes -= bytesThisPass, counter++) {
+
+	/* last pass, can be less than hashAlg sized chunks */
+	if (bytes < bytesThisPass) {
+	    bytesThisPass = bytes;
+	}
+	counterNbo = htonl(counter);	/* counter for this pass in BE format */
+	    
+	rc = TSS_HMAC_Generate(&hmac,				/* largest size of an HMAC */
+			       (const TPM2B_KEY *)key,
+			       sizeof(uint32_t), &counterNbo,	/* KDFa i2 counter */
+			       strlen(label) + 1, label,	/* KDFa label, use NUL as the KDFa
+								   00 byte */
+			       contextU->size, contextU->buffer,	/* KDFa Context */
+			       contextV->size, contextV->buffer,	/* KDFa Context */
+			       sizeof(uint32_t), &sizeInBitsNbo,	/* KDFa L2 */
+			       0, NULL);
+	memcpy(stream, &hmac.digest.tssmax, bytesThisPass);
+    }
+    return rc;
+}
+
+/* TSS_KDFE() 11.4.9.3	Key Derivation Function for ECDH
+
+   Digest = Hash(counter || Z || Use || PartyUInfo || PartyVInfo || bits )
+
+   where
+
+   counter is initialized to 1 and incremented for each iteration
+   
+   Z is the X-coordinate of the product of a public (TPM) ECC key and 
+   a different private ECC key
+   
+   Use is a NULL-terminated string that indicates the use of the key 
+   ("DUPLICATE", "IDENTITY", "SECRET", etc)
+   
+   PartyUInfo is the X-coordinate of the public point of an ephemeral key
+   
+   PartyVInfo is the X-coordinate of the public point of the TPM key
+   
+   bits is a 32-bit value indicating the number of bits to be returned
+*/
+
+TPM_RC TSS_KDFE(uint8_t		*keyStream,    	/* OUT: key buffer */
+		TPM_ALG_ID	hashAlg,       	/* IN: hash algorithm used */
+		const TPM2B	*key,           /* IN: Z  */
+		const char	*label,		/* IN: KDFe label, NUL terminated */
+		const TPM2B	*contextU,      /* IN: context U */
+		const TPM2B	*contextV,      /* IN: context V */
+		uint32_t	sizeInBits)    	/* IN: size of generated key in bits */
+
+{
+    TPM_RC	rc = 0;
+    uint32_t 	bytes = ((sizeInBits + 7) / 8);	/* bytes left to produce */
+    uint8_t	*stream;
+    uint16_t    bytesThisPass;			/* in one Hash operation */
+    uint32_t	counter;    			/* counter value */
+    uint32_t 	counterNbo;			/* counter in big endian */
+    TPMT_HA 	digest;				/* result for this pass */
+    
+    if (rc == 0) {
+	digest.hashAlg = hashAlg;			/* for TSS_Hash_Generate() */
+	bytesThisPass = TSS_GetDigestSize(hashAlg);	/* start with hashAlg sized chunks */
+	if (bytesThisPass == 0) {
+	    if (tssVerbose) printf("TSS_KDFE: KDFe failed\n");
+	    rc = TSS_RC_KDFE_FAILED;
+	}
+    }
+    /* Generate required bytes */
+    for (stream = keyStream, counter = 1 ;	/* beginning of stream, KDFe counter starts at 1 */
+	 (rc == 0) && bytes > 0 ;				/* bytes left to produce */
+	 stream += bytesThisPass, bytes -= bytesThisPass, counter++) {
+	/* last pass, can be less than hashAlg sized chunks */
+	if (bytes < bytesThisPass) {
+	    bytesThisPass = bytes;
+	}
+	counterNbo = htonl(counter);	/* counter for this pass in BE format */
+	    
+	rc = TSS_Hash_Generate(&digest,				/* largest size of a digest */
+			       sizeof(uint32_t), &counterNbo,	/* KDFe i2 counter */
+			       key->size, key->buffer,
+			       strlen(label) + 1, label,	/* KDFe label, use NUL as the KDFe
+								   00 byte */
+			       contextU->size, contextU->buffer,	/* KDFe Context */
+			       contextV->size, contextV->buffer,	/* KDFe Context */
+			       0, NULL);
+	memcpy(stream, &digest.digest.tssmax, bytesThisPass);
+    }
+    return rc;
+}
+
+/* On call, digest->hashAlg is the desired hash algorithm
+
+   ... is a list of int length, unsigned char *buffer pairs.
+
+   length 0 is ignored, buffer NULL terminates list.
+*/
+
+TPM_RC TSS_Hash_Generate(TPMT_HA *digest,		/* largest size of a digest */
+			 ...)
+{
+    TPM_RC	rc = 0;
+    va_list	ap;
+    va_start(ap, digest);
+    rc = TSS_Hash_Generate_valist(digest, ap);
+    va_end(ap);
+    return rc;
+}
+
+/* TSS_GetDigestSize() returns the digest size in bytes based on the hash algorithm.
+
+   Returns 0 for an unknown algorithm.
+*/
+
+/* NOTE: Marked as const function in header */
+
+uint16_t TSS_GetDigestSize(TPM_ALG_ID hashAlg)
+{
+    uint16_t size;
+    
+    switch (hashAlg) {
+#ifdef TPM_ALG_SHA1
+      case TPM_ALG_SHA1:
+	size = SHA1_DIGEST_SIZE;
+	break;
+#endif
+#ifdef TPM_ALG_SHA256	
+     case TPM_ALG_SHA256:
+	size = SHA256_DIGEST_SIZE;
+	break;
+#endif
+#ifdef TPM_ALG_SHA384
+      case TPM_ALG_SHA384:
+	size = SHA384_DIGEST_SIZE;
+	break;
+#endif
+#ifdef TPM_ALG_SHA512
+     case TPM_ALG_SHA512:
+	size = SHA512_DIGEST_SIZE;
+	break;
+#endif
+#if 0
+      case TPM_ALG_SM3_256:
+	size = SM3_256_DIGEST_SIZE;
+	break;
+#endif
+      default:
+	size = 0;
+    }
+    return size;
+}
+
+/* TSS_GetDigestBlockSize() returns the digest block size in bytes based on the hash algorithm.
+
+   Returns 0 for an unknown algorithm.
+*/
+
+/* NOTE: Marked as const function in header */
+
+uint16_t TSS_GetDigestBlockSize(TPM_ALG_ID hashAlg)
+{
+    uint16_t size;
+    
+    switch (hashAlg) {
+#ifdef TPM_ALG_SHA1
+     case TPM_ALG_SHA1:
+	size = SHA1_BLOCK_SIZE;
+	break;
+#endif
+#ifdef TPM_ALG_SHA256	
+      case TPM_ALG_SHA256:
+	size = SHA256_BLOCK_SIZE;
+	break;
+#endif
+#ifdef TPM_ALG_SHA384
+     case TPM_ALG_SHA384:
+	size = SHA384_BLOCK_SIZE;
+	break;
+#endif
+#ifdef TPM_ALG_SHA512
+      case TPM_ALG_SHA512:
+	size = SHA512_BLOCK_SIZE;
+	break;
+#endif
+#if 0
+      case TPM_ALG_SM3_256:
+	size = SM3_256_BLOCK_SIZE;
+	break;
+#endif
+      default:
+	size = 0;
+    }
+    return size;
+}
+
+/* TPM_MGF1() generates an MGF1 'array' of length 'arrayLen' from 'seed' of length 'seedlen'
+
+   The openSSL DLL doesn't export MGF1 in Windows or Linux 1.0.0, so this version is created from
+   scratch.
+   
+   Algorithm and comments (not the code) from:
+
+   PKCS #1: RSA Cryptography Specifications Version 2.1 B.2.1 MGF1
+
+   Prototype designed to be compatible with openSSL
+
+   MGF1 is a Mask Generation Function based on a hash function.
+   
+   MGF1 (mgfSeed, maskLen)
+
+   Options:     
+
+   Hash hash function (hLen denotes the length in octets of the hash 
+   function output)
+
+   Input:
+   
+   mgfSeed         seed from which mask is generated, an octet string
+   maskLen         intended length in octets of the mask, at most 2^32(hLen)
+
+   Output:      
+   mask            mask, an octet string of length l; or "mask too long"
+
+   Error:          "mask too long'
+*/
+
+static TPM_RC TSS_MGF1(unsigned char       	*mask,
+		       uint32_t            	maskLen,
+		       const unsigned char 	*mgfSeed,
+		       uint16_t			mgfSeedlen,
+		       TPMI_ALG_HASH 		halg)
+{
+    TPM_RC 		rc = 0;
+    unsigned char       counter[4];     /* 4 octets */
+    uint32_t	        count;          /* counter as an integral type */
+    uint32_t		outLen;
+    TPMT_HA 		digest;
+    uint16_t 		digestSize = TSS_GetDigestSize(halg);
+    
+    digest.hashAlg = halg;
+    
+#if 0
+    if (rc == 0) {
+        /* this is possible with arrayLen on a 64 bit architecture, comment to quiet beam */
+        if ((maskLen / TPM_DIGEST_SIZE) > 0xffffffff) {        /* constant condition */
+            if (tssVerbose)
+		printf("TSS_MGF1: Error (fatal), Output length too large for 32 bit counter\n");
+            rc = TPM_FAIL;              /* should never occur */
+        }
+    }
+#endif
+    /* 1.If l > 2^32(hLen), output "mask too long" and stop. */
+    /* NOTE Checked by caller */
+    /* 2. Let T be the empty octet string. */
+    /* 3. For counter from 0 to [masklen/hLen] - 1, do the following: */
+    for (count = 0, outLen = 0 ; (rc == 0) && (outLen < maskLen) ; count++) {
+	/* a. Convert counter to an octet string C of length 4 octets - see Section 4.1 */
+	/* C = I2OSP(counter, 4) NOTE Basically big endian */
+        uint32_t count_n = htonl(count);
+	memcpy(counter, &count_n, 4);
+	/* b.Concatenate the hash of the seed mgfSeed and C to the octet string T: */
+	/* T = T || Hash (mgfSeed || C) */
+	/* If the entire digest is needed for the mask */
+	if ((outLen + digestSize) < maskLen) {
+	    rc = TSS_Hash_Generate(&digest,
+				   mgfSeedlen, mgfSeed,
+				   4, counter,
+				   0, NULL);
+	    memcpy(mask + outLen, &digest.digest, digestSize);
+	    outLen += digestSize;
+	}
+	/* if the mask is not modulo TPM_DIGEST_SIZE, only part of the final digest is needed */
+	else {
+	    /* hash to a temporary digest variable */
+	    rc = TSS_Hash_Generate(&digest,
+				   mgfSeedlen, mgfSeed,
+				   4, counter,
+				   0, NULL);
+	    /* copy what's needed */
+	    memcpy(mask + outLen, &digest.digest, maskLen - outLen);
+	    outLen = maskLen;           /* outLen = outLen + maskLen - outLen */
+	}
+    }
+    /* 4.Output the leading l octets of T as the octet string mask. */
+    return rc;
+}
+
+/*
+  OAEP Padding 
+*/
+
+/* TSS_RSA_padding_add_PKCS1_OAEP() is a variation of the the openSSL function
+
+   int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+   unsigned char *f, int fl, unsigned char *p, int pl);
+
+   It is used because the openssl function is hard coded to SHA1.
+
+   This function was independently written from the PKCS1 specification "9.1.1.1 Encoding
+   Operation" and PKCS#1 v2.2, intended to be unencumbered by any license.
+
+
+   | <-			  emLen					   -> |
+   
+                         |  lHash |    PS     | 01 |  Message	      |
+
+                            SHA                       flen
+
+                         |  db                                        |
+			 |  dbMask                                    |
+        |  seed          |
+
+	   SHA
+	   
+        |  seedMask      | 
+   | 00 |  maskSeed      |   maskedDB                                 |
+*/
+
+TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen,
+				      const unsigned char *from, uint32_t fLen,
+				      const unsigned char *p,
+				      int plen,
+				      TPMI_ALG_HASH halg)	
+{	
+    TPM_RC		rc = 0;
+    TPMT_HA 		lHash;
+    unsigned char 	*db = NULL;		/* compiler false positive */
+    
+    unsigned char *dbMask = NULL;			/* freed @1 */
+    unsigned char *seed = NULL;				/* freed @2 */
+    unsigned char *maskedDb;
+    unsigned char *seedMask = NULL;		/* compiler false positive */
+    unsigned char *maskedSeed;
+
+    uint16_t hlen = TSS_GetDigestSize(halg);
+    
+    /* 1.a. If the length of L is greater than the input limitation for */
+    /* the hash function (2^61-1 octets for SHA-1) then output "parameter */
+    /* string too long" and stop. */
+    if (rc == 0) {
+	if (plen > 0xffff) {
+	    if (tssVerbose) printf("TSS_RSA_padding_add_PKCS1_OAEP: Error, "
+				   "label %u too long\n", plen);
+	    rc = TSS_RC_RSA_PADDING;
+	}	    
+    }
+    /* 1.b. If ||M|| > emLen-2hLen-1 then output "message too long" and stop. */
+    if (rc == 0) {
+	if (emLen < ((2 * hlen) + 2 + fLen)) {
+	    if (tssVerbose) printf("TSS_RSA_padding_add_PKCS1_OAEP: Error, "
+				   "message length %u too large for encoded length %u\n",
+				   fLen, emLen);
+	    rc = TSS_RC_RSA_PADDING;
+	}
+    }
+    /* 2.a. Let lHash = Hash(L), an octet string of length hLen. */
+    if (rc == 0) {
+	lHash.hashAlg = halg;
+	rc = TSS_Hash_Generate(&lHash,
+			       plen, p,
+			       0, NULL);
+    }
+    if (rc == 0) {
+	/* 2.b. Generate an octet string PS consisting of emLen-||M||-2hLen-2 zero octets. The
+	   length of PS may be 0. */
+	/* 2.c. Concatenate lHash, PS, a single octet of 0x01 the message M, to form a data block DB
+	   as: DB = lHash || PS || 01 || M */
+	/* NOTE Since db is eventually maskedDb, part of em, create directly in em */
+	db = em + hlen + 1;
+	memcpy(db, &lHash.digest, hlen);			/* lHash */
+	/* PSlen = emlen - flen - (2 * hlen) - 2 */
+	memset(db + hlen, 0,					/* PS */
+	       emLen - fLen - (2 * hlen) - 2);
+	/* position of 0x01 in db is
+	   hlen + PSlen =
+	   hlen + emlen - flen - (2 * hlen) - 2 = 
+	   emlen - hlen - flen - 2 */
+	db[emLen - fLen - hlen - 2] = 0x01;
+	memcpy(db + emLen - fLen - hlen - 1, from, fLen);	/* M */
+    }
+    /* 2.d. Generate a random octet string seed of length hLen. */
+    if (rc == 0) {
+	rc = TSS_Malloc(&seed, hlen);
+    }
+    if (rc == 0) {
+	rc = TSS_RandBytes(seed, hlen);
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(&dbMask, emLen - hlen - 1);
+    }
+    if (rc == 0) {
+	/* 2.e. Let dbMask = MGF(seed, emLen-hLen-1). */
+	rc = TSS_MGF1(dbMask, emLen - hlen -1,	/* dbLen */
+		      seed, hlen,
+		      halg);
+    }
+    if (rc == 0) {
+	/* 2.f. Let maskedDB = DB xor dbMask. */
+	/* NOTE Since maskedDB is eventually em, XOR directly to em */
+	maskedDb = em + hlen + 1;
+	TSS_XOR(maskedDb, db, dbMask, emLen - hlen -1);
+	/* 2.g. Let seedMask = MGF(maskedDB, hLen). */
+	/* NOTE Since seedMask is eventually em, create directly to em */
+	seedMask = em + 1;
+	rc = TSS_MGF1(seedMask, hlen,
+		      maskedDb, emLen - hlen - 1,
+		      halg);
+    }
+    if (rc == 0) {
+	/* 2.h. Let maskedSeed = seed xor seedMask. */
+	/* NOTE Since maskedSeed is eventually em, create directly to em */
+	maskedSeed = em + 1;
+	TSS_XOR(maskedSeed, seed, seedMask, hlen);
+	/* 2.i. 0x00, maskedSeed, and maskedDb to form EM */
+	/* NOTE Created directly in em */
+    }
+    free(dbMask);		/* @1 */
+    free(seed);			/* @2 */
+    return rc;
+}
+
+/* TPM_XOR XOR's 'in1' and 'in2' of 'length', putting the result in 'out'
+
+ */
+
+void TSS_XOR(unsigned char *out,
+	     const unsigned char *in1,
+	     const unsigned char *in2,
+	     size_t length)
+{
+    size_t i;
+    
+    for (i = 0 ; i < length ; i++) {
+	out[i] = in1[i] ^ in2[i];
+    }
+    return;
+}
+
+/*
+  AES
+*/
+
+#define TSS_AES_KEY_BITS 128
+
+/* TSS_Sym_GetBlockSize() returns the block size for the symmetric algorithm.  Returns 0 on for an
+   unknown algorithm.
+*/
+
+/* NOTE: Marked as const function in header */
+
+uint16_t TSS_Sym_GetBlockSize(TPM_ALG_ID	symmetricAlg, 
+			      uint16_t		keySizeInBits)
+{
+    keySizeInBits = keySizeInBits;
+    
+    switch (symmetricAlg) {
+#ifdef TPM_ALG_AES
+      case TPM_ALG_AES:
+#endif
+#ifdef TPM_ALG_SM4 /* Both AES and SM4 use the same block size */
+      case TPM_ALG_SM4:
+#endif
+	return  16;
+      default:
+	return 0;
+    }
+    return 0;
+}
+
diff --git a/utils/tssdev.c b/utils/tssdev.c
new file mode 100644
index 000000000..e127cc6b8
--- /dev/null
+++ b/utils/tssdev.c
@@ -0,0 +1,217 @@
+/********************************************************************************/
+/*										*/
+/*		Linux Device Transmit and Receive Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifdef TPM_POSIX
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include "tssproperties.h"
+
+#include "tssdev.h"
+
+/* local prototypes */
+
+static uint32_t TSS_Dev_Open(TSS_CONTEXT *tssContext);
+static uint32_t TSS_Dev_SendCommand(int dev_fd, const uint8_t *buffer, uint16_t length,
+				    const char *message);
+static uint32_t TSS_Dev_ReceiveResponse(int dev_fd, uint8_t *buffer, uint32_t *length);
+
+/* global configuration */
+
+extern int tssVverbose;
+extern int tssVerbose;
+
+/* TSS_Dev_Transmit() transmits the command and receives the response.
+
+   Can return device transmit and receive packet errors, but normally returns the TPM response code.
+*/
+
+TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext,
+			uint8_t *responseBuffer, uint32_t *read,
+			const uint8_t *commandBuffer, uint32_t written,
+			const char *message)
+{
+    TPM_RC rc = 0;
+    
+    /* open on first transmit */
+    if (tssContext->tssFirstTransmit) {	
+	if (rc == 0) {
+	    rc = TSS_Dev_Open(tssContext);
+	}
+	if (rc == 0) {
+	    tssContext->tssFirstTransmit = FALSE;
+	}
+    }
+    /* send the command to the device.  Error if the device send fails. */
+    if (rc == 0) {
+	rc = TSS_Dev_SendCommand(tssContext->dev_fd, commandBuffer, written, message);
+    }
+    /* receive the response from the dev_fd.  Returns dev_fd errors, malformed response errors.
+       Else returns the TPM response code. */
+    if (rc == 0) {
+	rc = TSS_Dev_ReceiveResponse(tssContext->dev_fd, responseBuffer, read);
+    }
+    return rc;
+}
+
+/* TSS_Dev_Open() opens the TPM device (through the device driver) */
+
+static uint32_t TSS_Dev_Open(TSS_CONTEXT *tssContext)
+{
+    uint32_t rc = 0;
+    
+    if (rc == 0) {
+	if (tssVverbose) printf("TSS_Dev_Open: Opening %s\n", tssContext->tssDevice);
+	tssContext->dev_fd = open(tssContext->tssDevice, O_RDWR);
+	if (tssContext->dev_fd < 0) {
+	    if (tssVerbose) printf("TSS_Dev_Open: Error opening %s\n", tssContext->tssDevice);
+	    rc = TSS_RC_NO_CONNECTION;
+	}
+    }
+    return rc;
+}
+
+/* TSS_Dev_SendCommand() sends the TPM command buffer to the device.
+
+   Returns an error if the device write fails.
+*/
+
+static uint32_t TSS_Dev_SendCommand(int dev_fd,
+				    const uint8_t *buffer, uint16_t length,
+				    const char *message)
+{
+    uint32_t rc = 0;
+    int irc;
+    
+    if (message != NULL) {
+	if (tssVverbose) printf("TSS_Dev_SendCommand: %s\n", message);
+    }
+    if ((rc == 0) && tssVverbose) {
+	TSS_PrintAll("TSS_Dev_SendCommand",
+		     buffer, length);
+    }
+    if (rc == 0) {
+	irc = write(dev_fd, buffer, length);
+	if (irc < 0) {
+	    if (tssVerbose) printf("TSS_Dev_SendCommand: write error %d %s\n",
+				   errno, strerror(errno));
+	    rc = TSS_RC_BAD_CONNECTION;
+	}
+    }
+    return rc;
+}
+
+/* TSS_Dev_ReceiveResponse() reads a response buffer from the device.  'buffer' must be at least
+   MAX_RESPONSE_SIZE bytes.
+
+   Returns TPM packet error code.
+
+   Validates that the packet length and the packet responseSize match 
+*/
+
+static uint32_t TSS_Dev_ReceiveResponse(int dev_fd, uint8_t *buffer, uint32_t *length)
+{
+    uint32_t 	rc = 0;
+    int 	irc;
+    uint32_t 	responseSize = 0;
+    uint32_t 	responseCode = 0;
+
+    if (tssVverbose) printf("TSS_Dev_ReceiveResponse:\n");
+    /* read the TPM device */
+    if (rc == 0) {
+	irc = read(dev_fd, buffer, MAX_RESPONSE_SIZE);
+	if (irc <= 0) {
+	    rc = TSS_RC_BAD_CONNECTION;
+	    if (irc < 0) {
+		if (tssVerbose) printf("TSS_Dev_ReceiveResponse: read error %d %s\n",
+				       errno, strerror(errno));
+	    }
+	}
+    }
+    if ((rc == 0) && tssVverbose) {
+	TSS_PrintAll("TSS_Dev_ReceiveResponse",
+		     buffer, irc);
+    }
+    /* verify that there is at least a tag, responseSize, and responseCode */
+    if (rc == 0) {
+	if ((unsigned int)irc < (sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(uint32_t))) {
+	    if (tssVerbose) printf("TSS_Dev_ReceiveResponse: read bytes %u < header\n", irc);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+    }
+    /* get responseSize from the packet */
+    if (rc == 0) {
+	responseSize = ntohl(*(uint32_t *)(buffer + sizeof(TPM_ST)));
+	/* sanity check against the length actually received, the return code */
+	if ((uint32_t)irc != responseSize) {
+	    if (tssVerbose) printf("TSS_Dev_ReceiveResponse: read bytes %u != responseSize %u\n",
+				   (uint32_t)irc, responseSize);
+	    rc = TSS_RC_BAD_CONNECTION;
+	}
+    }
+    /* read the TPM return code from the packet */
+    if (rc == 0) {
+	responseCode = ntohl(*(uint32_t *)(buffer + sizeof(TPM_ST)+ sizeof(uint32_t)));
+    }
+    if (rc == 0) {
+	rc = responseCode;
+    }
+	
+    *length = responseSize;
+    if (tssVverbose) printf("TSS_Dev_ReceiveResponse: rc %08x\n", rc);
+    return rc;
+}	
+
+TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext)
+{
+    if (tssVverbose) printf("TSS_Dev_Close: Closing %s\n", tssContext->tssDevice);
+    close(tssContext->dev_fd);
+    return 0;
+}
+
+#endif	/* TPM_POSIX */
diff --git a/utils/tssdev.h b/utils/tssdev.h
new file mode 100644
index 000000000..73d4bfc01
--- /dev/null
+++ b/utils/tssdev.h
@@ -0,0 +1,64 @@
+/********************************************************************************/
+/*										*/
+/*		Linux Device Transmit and Receive Utilities  			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssdev.h 1015 2017-06-07 13:16:34Z kgoldman $			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is not a public header.  It should not be used by applications. */
+
+#ifndef TSSDEV_H
+#define TSSDEV_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext,
+			    uint8_t *responseBuffer, uint32_t *read,
+			    const uint8_t *commandBuffer, uint32_t written,
+			    const char *message);
+    TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+
diff --git a/utils/tssdevskiboot.c b/utils/tssdevskiboot.c
new file mode 100644
index 000000000..5252dd35e
--- /dev/null
+++ b/utils/tssdevskiboot.c
@@ -0,0 +1,153 @@
+/********************************************************************************/
+/*										*/
+/*		Skiboot Transmit and Receive Utilities				*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <string.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/Implementation.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <tssproperties.h>
+
+#include <tpm2.h>
+#include <tssdevskiboot.h>
+
+extern int tssVerbose;
+
+TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext,
+			    uint8_t *responseBuffer, uint32_t *read,
+			    const uint8_t *commandBuffer, uint32_t written,
+			    const char *message)
+{
+	TPM_RC rc = 0;
+	size_t size, responseSize;
+
+	if (tssVerbose) {
+		printf("%s: %s\n", "TSS_Skiboot_Transmit", message);
+		TSS_PrintAll("TSS_Skiboot_Transmit: Command ",
+			     commandBuffer, written);
+	}
+	/* we don't neeed to open a device as it is done in user space but we
+	 * need to be sure a device and the driver are available for use.
+	 */
+	if(tssContext->tssFirstTransmit == TRUE){
+		tssContext->tpm_device = tpm2_get_device();
+	        tssContext->tpm_driver = tpm2_get_driver();
+		if ((tssContext->tpm_device == NULL) || (tssContext->tpm_driver == NULL)) {
+			printf("%s: tpm device/driver not set\n", "TSS_Skiboot_Transmit");
+			rc = TSS_RC_NO_CONNECTION;
+		}
+
+	}
+
+	tssContext->tssFirstTransmit = FALSE;
+
+	/*
+	 * Let's issue compilation issue if eventually MAX_COMMAND_SIZE becomes
+	 * potentialy greater than MAX_RESPONSE_SIZE
+	 */
+#if MAX_COMMAND_SIZE > MAX_RESPONSE_SIZE
+#error "MAX_COMMAND_SIZE can be greater than MAX_RESPONSE_SIZE. Potential overflow on the buffer for Command and Response"
+#endif
+
+	if (written > MAX_RESPONSE_SIZE)
+		rc = TSS_RC_BAD_CONNECTION;
+
+	/*
+	 * the buffer used to send the command will be overwritten and store the
+	 * response data after tpm execution. So here we copy the contents of
+	 * commandBuffer to responseBuffer, using the latter to perform the
+	 * operation and storing the response and keeping the former safe.
+	 */
+	if (rc == 0){
+		memcpy(responseBuffer, commandBuffer, written);
+		/*
+		 * local copy of read - we update read itself once we confirm the
+		 * transmit operation succeeded
+		 */
+		size = *read;
+		rc = tssContext->tpm_driver->transmit(tssContext->tpm_device,
+					      responseBuffer, written, &size);
+	}
+
+	/*
+	 * Check if the response size in the response buffer matches read
+	 * matches the value in size
+	 */
+	responseSize = ntohl(*(uint32_t *)(responseBuffer + sizeof(TPM_ST)));
+	if (responseSize != size){
+		if (tssVerbose)
+			printf("%s: Bytes read (%ld) and Buffer responseSize field (%ld) don't match\n",
+			       "TSS_Skiboot_Transmit:", size, responseSize);
+	    rc = TSS_RC_MALFORMED_RESPONSE;
+	}
+
+
+	if (rc == 0) {
+		*read = size;
+		if (tssVerbose)
+			TSS_PrintAll("TSS_Skiboot_Transmit: Response", responseBuffer, *read);
+
+		if (*read < (sizeof(TPM_ST) + 2*sizeof(uint32_t))) {
+			if (tssVerbose)
+				printf("%s: received %d bytes < header\n", "TSS_Skiboot_Transmit", *read);
+			rc = TSS_RC_MALFORMED_RESPONSE;
+		}
+
+	} else{
+		if (tssVerbose)
+			printf("%s: receive error %d\n", "TSS_Skiboot_Transmit", rc);
+		rc = TSS_RC_BAD_CONNECTION;
+	}
+
+	/*
+	 * Now we need to get the actual return code from the response buffer
+	 * and delivery it to the upper layers
+	 */
+	if (rc == 0)
+		rc = be32_to_cpu(*(uint32_t *)(responseBuffer + sizeof(TPM_ST) + sizeof(uint32_t)));
+
+	if (tssVerbose)
+		printf("%s: Response Code: %d", "TSS_Skiboot_Transmit", rc);
+
+	return rc;
+}
+
+TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext)
+{
+	tssContext = tssContext;
+	return 0;
+}
diff --git a/utils/tssdevskiboot.h b/utils/tssdevskiboot.h
new file mode 100644
index 000000000..3aac0c0cc
--- /dev/null
+++ b/utils/tssdevskiboot.h
@@ -0,0 +1,50 @@
+/********************************************************************************/
+/*										*/
+/*		Skiboot Dev Interface			  			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is not a public header.  It should not be used by applications. */
+
+#ifndef TSSDEVSKIBOOT_H
+#define TSSDEVSKIBOOT_H
+
+#include <stdint.h>
+
+TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext,
+			    uint8_t *responseBuffer, uint32_t *read,
+			    const uint8_t *commandBuffer, uint32_t written,
+			    const char *message);
+
+TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext);
+#endif /* TSSDEVSKIBOOT_H */
diff --git a/utils/tssfile.c b/utils/tssfile.c
new file mode 100644
index 000000000..3c200d598
--- /dev/null
+++ b/utils/tssfile.c
@@ -0,0 +1,321 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS and Application File Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tssfile.h>
+
+extern int tssVerbose;
+extern int tssVverbose;
+
+/* TSS_File_Open() opens the 'filename' for 'mode'
+ */
+
+int TSS_File_Open(FILE **file,
+		  const char *filename,
+		  const char* mode)
+{
+    int 	rc = 0;
+		    
+    if (rc == 0) {
+	*file = fopen(filename, mode);
+	if (*file == NULL) {
+	    if (tssVerbose) printf("TSS_File_Open: Error opening %s for %s, %s\n",
+				   filename, mode, strerror(errno));
+	    rc = TSS_RC_FILE_OPEN;
+	}
+    }
+    return rc;
+}
+
+/* TSS_File_ReadBinaryFile() reads 'filename'.  The results are put into 'data', which must be freed
+   by the caller.  'length' indicates the number of bytes read.
+   
+*/
+
+TPM_RC TSS_File_ReadBinaryFile(unsigned char **data,     /* must be freed by caller */
+			       size_t *length,
+			       const char *filename) 
+{
+    int		rc = 0;
+    long	lrc;
+    size_t	src;
+    int		irc;
+    FILE	*file = NULL;
+
+    *data = NULL;
+    *length = 0;
+    /* open the file */
+    if (rc == 0) {
+	rc = TSS_File_Open(&file, filename, "rb");				/* closed @1 */
+    }
+    /* determine the file length */
+    if (rc == 0) {
+	irc = fseek(file, 0L, SEEK_END);	/* seek to end of file */
+	if (irc == -1L) {
+	    if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error seeking to end of %s\n",
+				   filename);
+	    rc = TSS_RC_FILE_SEEK;
+	}
+    }
+    if (rc == 0) {
+	lrc = ftell(file);			/* get position in the stream */
+	if (lrc == -1L) {
+	    if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error ftell'ing %s\n", filename);
+	    rc = TSS_RC_FILE_FTELL;
+	}
+	else {
+	    *length = (size_t)lrc;		/* save the length */
+	}
+    }
+    if (rc == 0) {
+	irc = fseek(file, 0L, SEEK_SET);	/* seek back to the beginning of the file */
+	if (irc == -1L) {
+	    if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error seeking to beginning of %s\n",
+				   filename);
+	    rc = TSS_RC_FILE_SEEK;
+	}
+    }
+    /* allocate a buffer for the actual data */
+    if ((rc == 0) && (*length != 0)) {
+	rc = TSS_Malloc(data, *length);
+    }
+    /* read the contents of the file into the data buffer */
+    if ((rc == 0) && *length != 0) {
+	src = fread(*data, 1, *length, file);
+	if (src != *length) {
+	    if (tssVerbose)
+		printf("TSS_File_ReadBinaryFile: Error reading %s, %u bytes, got %lu\n",
+		       filename, (unsigned int)*length, (unsigned long)src);
+	    rc = TSS_RC_FILE_READ;
+	}
+    }
+    if (file != NULL) {
+	irc = fclose(file);		/* @1 */
+	if (irc != 0) {
+	    if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error closing %s\n",
+				   filename);
+	    rc = TSS_RC_FILE_CLOSE;
+	}
+    }
+    if (rc != 0) {
+	if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error reading %s\n", filename);
+	free(*data);
+	*data = NULL;
+    }
+    return rc;
+}
+
+/* TSS_File_WriteBinaryFile() writes 'data' of 'length' to 'filename'
+ */
+
+TPM_RC TSS_File_WriteBinaryFile(const unsigned char *data,
+				size_t length,
+				const char *filename) 
+{
+    long	rc = 0;
+    size_t	src;
+    int		irc;
+    FILE	*file = NULL;
+
+    /* open the file */
+    if (rc == 0) {
+	rc = TSS_File_Open(&file, filename, "wb");	/* closed @1 */
+    }
+    /* write the contents of the data buffer into the file */
+    if (rc == 0) {
+	src = fwrite(data, 1, length, file);
+	if (src != length) {
+	    if (tssVerbose)
+		printf("TSS_File_WriteBinaryFile: Error writing %s, %lu bytes, got %lu\n",
+		       filename, (unsigned long)length, (unsigned long)src);
+	    rc = TSS_RC_FILE_WRITE;
+	}
+    }
+    if (file != NULL) {
+	irc = fclose(file);		/* @1 */
+	if (irc != 0) {
+	    if (tssVerbose) printf("TSS_File_WriteBinaryFile: Error closing %s\n",
+				   filename);
+	    rc = TSS_RC_FILE_CLOSE;
+	}
+    }
+    return rc;
+}
+
+/* TSS_File_ReadStructure() is a general purpose "read a structure" function.
+   
+   It reads the filename, and then unmarshals the structure using "unmarshalFunction".
+*/
+
+TPM_RC TSS_File_ReadStructure(void 			*structure,
+			      UnmarshalFunction_t 	unmarshalFunction,
+			      const char 		*filename)
+{
+    TPM_RC 	rc = 0;
+    uint8_t	*buffer = NULL;		/* for the free */
+    uint8_t	*buffer1 = NULL;	/* for unmarshaling */
+    size_t 	length = 0;
+
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     filename);
+    }
+    if (rc == 0) {
+	uint32_t ilength = length;
+	buffer1 = buffer;
+	rc = unmarshalFunction(structure, &buffer1, &ilength);
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+/* TSS_File_ReadStructureFlag() is a general purpose "read a structure" function.
+
+   It reads the filename, and then unmarshals the structure using "unmarshalFunction".
+
+   It is similar to TSS_File_ReadStructure() but is used when the structure unmarshal function
+   requires the allowNull flag.
+*/
+
+TPM_RC TSS_File_ReadStructureFlag(void 				*structure,
+				  UnmarshalFunctionFlag_t 	unmarshalFunction,
+				  BOOL 				allowNull,
+				  const char 			*filename)
+{
+    TPM_RC 	rc = 0;
+    uint8_t	*buffer = NULL;		/* for the free */
+    uint8_t	*buffer1 = NULL;	/* for unmarshaling */
+    size_t 	length = 0;
+
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     filename);
+    }
+    if (rc == 0) {
+	uint32_t ilength = length;
+	buffer1 = buffer;
+	rc = unmarshalFunction(structure, &buffer1, &ilength, allowNull);
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+/* TSS_File_WriteStructure() is a general purpose "write a structure" function.
+   
+   It marshals the structure using "marshalFunction", and then writes it to filename.
+*/
+
+TPM_RC TSS_File_WriteStructure(void 			*structure,
+			       MarshalFunction_t 	marshalFunction,
+			       const char 		*filename)
+{
+    TPM_RC 	rc = 0;
+    uint16_t	written = 0;
+    uint8_t	*buffer = NULL;		/* for the free */
+
+    if (rc == 0) {
+	rc = TSS_Structure_Marshal(&buffer,	/* freed @1 */
+				   &written,
+				   structure,
+				   marshalFunction);
+    }
+    if (rc == 0) {
+	rc = TSS_File_WriteBinaryFile(buffer,
+				      written,
+				      filename); 
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+/* TSS_File_Read2B() reads 'filename' and copies the data to 'tpm2b', checking targetSize
+
+ */
+
+TPM_RC TSS_File_Read2B(TPM2B 		*tpm2b,
+		       uint16_t 	targetSize,
+		       const char 	*filename)
+{
+    TPM_RC 	rc = 0;
+    uint8_t	*buffer = NULL;
+    size_t 	length = 0;
+    
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @1 */
+				     &length,
+				     filename);
+    }
+    if (rc == 0) {
+	if (length > 0xffff) {	/* overflow TPM2B uint16_t */
+	    if (tssVerbose) printf("TSS_File_Read2B: size %u greater than 0xffff\n",
+				   (unsigned int)length);	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* copy it into the TPM2B */
+    if (rc == 0) {
+	rc = TSS_TPM2B_Create(tpm2b, buffer, (uint16_t)length, targetSize);
+    }
+    free(buffer);	/* @1 */
+    return rc;
+}
+
+/* FIXME need to add - ignore failure if does not exist */
+
+TPM_RC TSS_File_DeleteFile(const char *filename) 
+{
+    TPM_RC 	rc = 0;
+    int		irc;
+    
+    if (rc == 0) {
+	irc = remove(filename);
+	if (irc != 0) {
+	    rc = TSS_RC_FILE_REMOVE;
+	}
+    }
+    return rc;
+}
diff --git a/utils/tssmarshal.c b/utils/tssmarshal.c
new file mode 100644
index 000000000..957a1ac8e
--- /dev/null
+++ b/utils/tssmarshal.c
@@ -0,0 +1,7768 @@
+/********************************************************************************/
+/*										*/
+/*			 TSS Marshal and Unmarshal    				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <string.h>
+
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+/* This file holds:
+
+   ---------------------------------------
+
+   Recommended functions - with an unsigned size
+
+   * Primary marshal functions             TSS_primary_Marshalu
+   * Primary unmarshal functions           TSS_primary_Unmarshalu  in Unmarshal.c
+   * TPM 2.0 structure   marshal functions TSS_structure_Marshalu
+   * TPM 2.0 structure unmarshal functions TSS_structure_Unmarshalu in Unmarshal.c
+   * TPM 2.0 command     marshal functions TSS_command_In_Marshalu
+     TPM 2.0 command   unmarshal functions command_In_Unmarshal 
+   * TPM 2.0 response  unmarshal functions TSS_response_Out_Unmarshalu
+
+   ---------------------------------------
+
+   Deprecated functions - with a signed size
+
+   * Primary   marshal functions           TSS_primary_Marshal
+   * Primary unmarshal functions           primary_Unmarshal       in Unmarshal.c
+   * TPM 2.0 structure   marshal functions TSS_structure_Marshal
+   * TPM 2.0 structure unmarshal functions structure_Unmarshal     in Unmarshal.c
+   * TPM 2.0 command     marshal functions TSS_command_In_Marshal
+   * TPM 2.0 response  unmarshal functions TSS_response_Out_Unmarshal
+
+   * are exposed in /tss2/
+*/
+
+/* The marshaling function prototype pattern is:
+
+   Return:
+
+   An extra return code, TSS_RC_INSUFFICIENT_BUFFER, indicates that the supplied buffer size is too
+   small.  The TPM functions assert.
+
+   'source' is the structure to be marshaled.
+   'written' is the __additional__ number of bytes written.
+   'buffer' is the buffer written.
+   ' size' is the remaining size of the buffer.
+
+   If 'buffer' is NULL, 'written' is updated but no marshaling is performed.  This is used in a two
+   pass pattern, where the first pass returns the size of the buffer to be malloc'ed.
+
+   If 'size' is NULL, the source is marshaled without a size check.  The caller must ensure that
+   the buffer is sufficient, often due to a malloc after the first pass.  */
+
+/* Marshal functions shared by TPM 1.2 and TPM 2.0 */
+
+/* The functions with the _Marshalu suffix are preferred.  They use an unsigned size.  The functions
+   with _Marshalu are deprecated.  */
+
+TPM_RC
+TSS_UINT8_Marshalu(const UINT8 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {	/* if buffer is NULL, don't marshal, just return written */
+	/* if size is NULL, ignore it, else check sufficient */
+	if ((size == NULL) || (*size >= sizeof(UINT8))) {
+	    /* marshal, move the buffer */
+	    (*buffer)[0] = *source;
+	    *buffer += sizeof(UINT8);
+	    /* is size was supplied, update it */
+	    if (size != NULL) {
+		*size -= sizeof(UINT8);
+	    }
+	}
+	else {
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    *written += sizeof(UINT8);
+    return rc;
+}
+    
+TPM_RC
+TSS_INT8_Marshalu(const INT8 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    rc = TSS_UINT8_Marshalu((const UINT8 *)source, written, buffer, size);
+    return rc;
+}
+
+TPM_RC
+TSS_UINT16_Marshalu(const UINT16 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {
+	if ((size == NULL) || (*size >= sizeof(uint16_t))) {
+
+	    (*buffer)[0] = (BYTE)((*source >> 8) & 0xff);
+	    (*buffer)[1] = (BYTE)((*source >> 0) & 0xff);
+	    *buffer += sizeof(uint16_t);
+
+	    if (size != NULL) {
+		*size -= sizeof(uint16_t);
+	    }
+	}
+	else {
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    *written += sizeof(uint16_t);
+    return rc;
+}
+
+TPM_RC
+TSS_UINT32_Marshalu(const UINT32 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {
+	if ((size == NULL) || (*size >= sizeof(uint32_t))) {
+
+	    (*buffer)[0] = (BYTE)((*source >> 24) & 0xff);
+	    (*buffer)[1] = (BYTE)((*source >> 16) & 0xff);
+	    (*buffer)[2] = (BYTE)((*source >>  8) & 0xff);
+	    (*buffer)[3] = (BYTE)((*source >>  0) & 0xff);
+	    *buffer += sizeof(uint32_t);
+
+	    if (size != NULL) {
+		*size -= sizeof(uint32_t);
+	    }
+	}
+	else {
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    *written += sizeof(uint32_t);
+    return rc;
+}
+
+TPM_RC
+TSS_INT32_Marshalu(const INT32 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    rc = TSS_UINT32_Marshalu((const UINT32 *)source, written, buffer, size);
+    return rc;
+}
+
+TPM_RC
+TSS_UINT64_Marshalu(const UINT64 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {
+	if ((size == NULL) || (*size >= sizeof(UINT64))) {
+
+	    (*buffer)[0] = (BYTE)((*source >> 56) & 0xff);
+	    (*buffer)[1] = (BYTE)((*source >> 48) & 0xff);
+	    (*buffer)[2] = (BYTE)((*source >> 40) & 0xff);
+	    (*buffer)[3] = (BYTE)((*source >> 32) & 0xff);
+	    (*buffer)[4] = (BYTE)((*source >> 24) & 0xff);
+	    (*buffer)[5] = (BYTE)((*source >> 16) & 0xff);
+	    (*buffer)[6] = (BYTE)((*source >>  8) & 0xff);
+	    (*buffer)[7] = (BYTE)((*source >>  0) & 0xff);
+	    *buffer += sizeof(UINT64);
+
+	    if (size != NULL) {
+		*size -= sizeof(UINT64);
+	    }
+	}
+	else {
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    *written += sizeof(UINT64);
+    return rc;
+}
+
+TPM_RC
+TSS_Array_Marshalu(const BYTE *source, uint16_t sourceSize, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (buffer != NULL) {
+	if ((size == NULL) || (*size >= sourceSize)) {
+	    memcpy(*buffer, source, sourceSize);
+
+	    *buffer += sourceSize;
+
+	    if (size != NULL) {
+		*size -= sourceSize;
+	    }
+	}
+	else {
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    *written += sourceSize;
+    return rc;
+}
+
+
+#ifdef TPM_TPM20
+
+/*
+  TPM 2.0 Command parameter marshaling
+*/
+
+TPM_RC
+TSS_Startup_In_Marshalu(const Startup_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_SU_Marshalu(&source->startupType, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Shutdown_In_Marshalu(const Shutdown_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_SU_Marshalu(&source->shutdownType, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_SelfTest_In_Marshalu(const SelfTest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->fullTest, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_IncrementalSelfTest_In_Marshalu(const IncrementalSelfTest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPML_ALG_Marshalu(&source->toTest, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_StartAuthSession_In_Marshalu(const StartAuthSession_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->tpmKey, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_ENTITY_Marshalu(&source->bind, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceCaller, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->encryptedSalt, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_SE_Marshalu(&source->sessionType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_Marshalu(&source->symmetric, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->authHash, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyRestart_In_Marshalu(const PolicyRestart_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->sessionHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Create_In_Marshalu(const Create_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_SENSITIVE_CREATE_Marshalu(&source->inSensitive, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->outsideInfo, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->creationPCR, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Load_In_Marshalu(const Load_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PRIVATE_Marshalu(&source->inPrivate, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_LoadExternal_In_Marshalu(const LoadExternal_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	/* optional parameter, use size as flag */
+	if (source->inPrivate.b.size == 0) {		/* not present */
+	    uint16_t zero = 0;
+	    rc = TSS_UINT16_Marshalu(&zero, written, buffer, size);
+	}
+	else {
+	    rc = TSS_TPM2B_SENSITIVE_Marshalu(&source->inPrivate, written, buffer, size);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ReadPublic_In_Marshalu(const ReadPublic_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ActivateCredential_In_Marshalu(const ActivateCredential_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->activateHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ID_OBJECT_Marshalu(&source->credentialBlob, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->secret, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_MakeCredential_In_Marshalu(const MakeCredential_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->handle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->credential, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->objectName, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Unseal_In_Marshalu(const Unseal_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->itemHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ObjectChangeAuth_In_Marshalu(const ObjectChangeAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->newAuth, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CreateLoaded_In_Marshalu(const CreateLoaded_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_SENSITIVE_CREATE_Marshalu(&source->inSensitive, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_TEMPLATE_Marshalu(&source->inPublic, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Duplicate_In_Marshalu(const Duplicate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->newParentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->encryptionKeyIn, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetricAlg, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Rewrap_In_Marshalu(const Rewrap_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->oldParent, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->newParent, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PRIVATE_Marshalu(&source->inDuplicate, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->name, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->inSymSeed, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Import_In_Marshalu(const Import_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->encryptionKey, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_Marshalu(&source->objectPublic, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PRIVATE_Marshalu(&source->duplicate, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(&source->inSymSeed, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetricAlg, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_RSA_Encrypt_In_Marshalu(const RSA_Encrypt_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->message, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_RSA_DECRYPT_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->label, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_RSA_Decrypt_In_Marshalu(const RSA_Decrypt_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->cipherText, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_RSA_DECRYPT_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->label, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ECDH_KeyGen_In_Marshalu(const ECDH_KeyGen_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ECDH_ZGen_In_Marshalu(const ECDH_ZGen_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->inPoint, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ECC_Parameters_In_Marshalu(const ECC_Parameters_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ZGen_2Phase_In_Marshalu(const ZGen_2Phase_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyA, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->inQsB, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->inQeB, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->counter, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EncryptDecrypt_In_Marshalu(const EncryptDecrypt_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->decrypt, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_CIPHER_MODE_Marshalu(&source->mode, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_IV_Marshalu(&source->ivIn, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->inData, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EncryptDecrypt2_In_Marshalu(const EncryptDecrypt2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->inData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->decrypt, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_CIPHER_MODE_Marshalu(&source->mode, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_IV_Marshalu(&source->ivIn, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Hash_In_Marshalu(const Hash_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->data, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HMAC_In_Marshalu(const HMAC_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->handle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetRandom_In_Marshalu(const GetRandom_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->bytesRequested, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_StirRandom_In_Marshalu(const StirRandom_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->inData, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HMAC_Start_In_Marshalu(const HMAC_Start_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->handle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HashSequenceStart_In_Marshalu(const HashSequenceStart_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_SequenceUpdate_In_Marshalu(const SequenceUpdate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->sequenceHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_SequenceComplete_In_Marshalu(const SequenceComplete_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->sequenceHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EventSequenceComplete_In_Marshalu(const EventSequenceComplete_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->sequenceHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->buffer, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Certify_In_Marshalu(const Certify_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CertifyCreation_In_Marshalu(const CertifyCreation_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->creationHash, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_TK_CREATION_Marshalu(&source->creationTicket, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CertifyX509_In_Marshalu(const CertifyX509_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->reserved, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_BUFFER_Marshalu(&source->partialCertificate, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Quote_In_Marshalu(const Quote_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->PCRselect, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetSessionAuditDigest_In_Marshalu(const GetSessionAuditDigest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_ENDORSEMENT_Marshalu(&source->privacyAdminHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_HMAC_Marshalu(&source->sessionHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetCommandAuditDigest_In_Marshalu(const GetCommandAuditDigest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_ENDORSEMENT_Marshalu(&source->privacyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetTime_In_Marshalu(const GetTime_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_ENDORSEMENT_Marshalu(&source->privacyAdminHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Commit_In_Marshalu(const Commit_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_POINT_Marshalu(&source->P1, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->s2, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->y2, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EC_Ephemeral_In_Marshalu(const EC_Ephemeral_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_VerifySignature_In_Marshalu(const VerifySignature_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIGNATURE_Marshalu(&source->signature, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Sign_In_Marshalu(const Sign_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_TK_HASHCHECK_Marshalu(&source->validation, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_SetCommandCodeAuditStatus_In_Marshalu(const SetCommandCodeAuditStatus_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->auditAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_CC_Marshalu(&source->setList, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_CC_Marshalu(&source->clearList, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Extend_In_Marshalu(const PCR_Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_DIGEST_VALUES_Marshalu(&source->digests, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Event_In_Marshalu(const PCR_Event_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_EVENT_Marshalu(&source->eventData, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Read_In_Marshalu(const PCR_Read_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrSelectionIn, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Allocate_In_Marshalu(const PCR_Allocate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrAllocation, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_SetAuthPolicy_In_Marshalu(const PCR_SetAuthPolicy_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrNum, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_SetAuthValue_In_Marshalu(const PCR_SetAuthValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->auth, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Reset_In_Marshalu(const PCR_Reset_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PCR_Marshalu(&source->pcrHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicySigned_In_Marshalu(const PolicySigned_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->authObject, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceTPM, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_INT32_Marshalu(&source->expiration, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIGNATURE_Marshalu(&source->auth, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicySecret_In_Marshalu(const PolicySecret_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_ENTITY_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->nonceTPM, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_INT32_Marshalu(&source->expiration, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyTicket_In_Marshalu(const PolicyTicket_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_TIMEOUT_Marshalu(&source->timeout, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->authName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_TK_AUTH_Marshalu(&source->ticket, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyOR_In_Marshalu(const PolicyOR_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_DIGEST_Marshalu(&source->pHashList, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyPCR_In_Marshalu(const PolicyPCR_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->pcrDigest, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrs, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyLocality_In_Marshalu(const PolicyLocality_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_LOCALITY_Marshalu(&source->locality, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyNV_In_Marshalu(const PolicyNV_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_OPERAND_Marshalu(&source->operandB, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_EO_Marshalu(&source->operation, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyCounterTimer_In_Marshalu(const PolicyCounterTimer_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_OPERAND_Marshalu(&source->operandB, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_EO_Marshalu(&source->operation, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyCommandCode_In_Marshalu(const PolicyCommandCode_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_CC_Marshalu(&source->code, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyPhysicalPresence_In_Marshalu(const PolicyPhysicalPresence_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyCpHash_In_Marshalu(const PolicyCpHash_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->cpHashA, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyNameHash_In_Marshalu(const PolicyNameHash_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->nameHash, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyDuplicationSelect_In_Marshalu(const PolicyDuplicationSelect_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->objectName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->newParentName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->includeObject, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyAuthorize_In_Marshalu(const PolicyAuthorize_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->approvedPolicy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->policyRef, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->keySign, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_TK_VERIFIED_Marshalu(&source->checkTicket, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyAuthValue_In_Marshalu(const PolicyAuthValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyPassword_In_Marshalu(const PolicyPassword_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyGetDigest_In_Marshalu(const PolicyGetDigest_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyNvWritten_In_Marshalu(const PolicyNvWritten_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->writtenSet, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyTemplate_In_Marshalu(const PolicyTemplate_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->templateHash, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyAuthorizeNV_In_Marshalu(const PolicyAuthorizeNV_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_POLICY_Marshalu(&source->policySession, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CreatePrimary_In_Marshalu(const CreatePrimary_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->primaryHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_SENSITIVE_CREATE_Marshalu(&source->inSensitive, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_Marshalu(&source->inPublic, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->outsideInfo, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->creationPCR, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HierarchyControl_In_Marshalu(const HierarchyControl_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_ENABLES_Marshalu(&source->enable, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->state, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_SetPrimaryPolicy_In_Marshalu(const SetPrimaryPolicy_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_POLICY_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ChangePPS_In_Marshalu(const ChangePPS_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ChangeEPS_In_Marshalu(const ChangeEPS_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Clear_In_Marshalu(const Clear_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_CLEAR_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ClearControl_In_Marshalu(const ClearControl_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_CLEAR_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->disable, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HierarchyChangeAuth_In_Marshalu(const HierarchyChangeAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->newAuth, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_DictionaryAttackLockReset_In_Marshalu(const DictionaryAttackLockReset_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_LOCKOUT_Marshalu(&source->lockHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_DictionaryAttackParameters_In_Marshalu(const DictionaryAttackParameters_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_LOCKOUT_Marshalu(&source->lockHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->newMaxTries, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->newRecoveryTime, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->lockoutRecovery, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PP_Commands_In_Marshalu(const PP_Commands_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_CC_Marshalu(&source->setList, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPML_CC_Marshalu(&source->clearList, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_SetAlgorithmSet_In_Marshalu(const SetAlgorithmSet_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->algorithmSet, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ContextSave_In_Marshalu(const ContextSave_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_CONTEXT_Marshalu(&source->saveHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ContextLoad_In_Marshalu(const ContextLoad_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_CONTEXT_Marshalu(&source->context, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_FlushContext_In_Marshalu(const FlushContext_In *source, uint16_t *written, BYTE **buffer, uint32_t *size) 
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_CONTEXT_Marshalu(&source->flushHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EvictControl_In_Marshalu(const EvictControl_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->objectHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_PERSISTENT_Marshalu(&source->persistentHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ClockSet_In_Marshalu(const ClockSet_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->newTime, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ClockRateAdjust_In_Marshalu(const ClockRateAdjust_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_CLOCK_ADJUST_Marshalu(&source->rateAdjust, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetCapability_In_Marshalu(const GetCapability_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_CAP_Marshalu(&source->capability, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->property, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->propertyCount, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TestParms_In_Marshalu(const TestParms_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMT_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_DefineSpace_In_Marshalu(const NV_DefineSpace_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->auth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NV_PUBLIC_Marshalu(&source->publicInfo, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_UndefineSpace_In_Marshalu(const NV_UndefineSpace_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_UndefineSpaceSpecial_In_Marshalu(const NV_UndefineSpaceSpecial_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PLATFORM_Marshalu(&source->platform, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_ReadPublic_In_Marshalu(const NV_ReadPublic_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Write_In_Marshalu(const NV_Write_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Marshalu(&source->data, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Increment_In_Marshalu(const NV_Increment_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Extend_In_Marshalu(const NV_Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Marshalu(&source->data, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_SetBits_In_Marshalu(const NV_SetBits_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->bits, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_WriteLock_In_Marshalu(const NV_WriteLock_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_GlobalWriteLock_In_Marshalu(const NV_GlobalWriteLock_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_PROVISION_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Read_In_Marshalu(const NV_Read_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->size, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_ReadLock_In_Marshalu(const NV_ReadLock_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_ChangeAuth_In_Marshalu(const NV_ChangeAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->newAuth, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Certify_In_Marshalu(const NV_Certify_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_OBJECT_Marshalu(&source->signHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_AUTH_Marshalu(&source->authHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->qualifyingData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SIG_SCHEME_Marshalu(&source->inScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->size, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size);
+    }
+    return rc;
+}
+
+/*
+  TPM 2.0 Response parameter unmarshaling
+*/
+
+TPM_RC
+TSS_IncrementalSelfTest_Out_Unmarshalu(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_ALG_Unmarshalu(&target->toDoList, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetTestResult_Out_Unmarshalu(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    uint32_t parameterSize;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->outData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_RC_Unmarshalu(&target->testResult, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_StartAuthSession_Out_Unmarshalu(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_SH_AUTH_SESSION_Unmarshalu(&target->sessionHandle, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NONCE_Unmarshalu(&target->nonceTPM, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Create_Out_Unmarshalu(Create_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_CREATION_DATA_Unmarshalu(&target->creationData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_CREATION_Unmarshalu(&target->creationTicket, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Load_Out_Unmarshalu(Load_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_LoadExternal_Out_Unmarshalu(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ReadPublic_Out_Unmarshalu(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->qualifiedName, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ActivateCredential_Out_Unmarshalu(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->certInfo, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_MakeCredential_Out_Unmarshalu(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ID_OBJECT_Unmarshalu(&target->credentialBlob, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->secret, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Unseal_Out_Unmarshalu(Unseal_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Unmarshalu(&target->outData, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ObjectChangeAuth_Out_Unmarshalu(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CreateLoaded_Out_Unmarshalu(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Duplicate_Out_Unmarshalu(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DATA_Unmarshalu(&target->encryptionKeyOut, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->duplicate, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->outSymSeed, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Rewrap_Out_Unmarshalu(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outDuplicate, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ENCRYPTED_SECRET_Unmarshalu(&target->outSymSeed, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Import_Out_Unmarshalu(Import_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PRIVATE_Unmarshalu(&target->outPrivate, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_RSA_Encrypt_Out_Unmarshalu(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->outData, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_RSA_Decrypt_Out_Unmarshalu(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Unmarshalu(&target->message, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ECDH_KeyGen_Out_Unmarshalu(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->zPoint, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->pubPoint, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ECDH_ZGen_Out_Unmarshalu(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->outPoint, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ECC_Parameters_Out_Unmarshalu(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_ALGORITHM_DETAIL_ECC_Unmarshalu(&target->parameters, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ZGen_2Phase_Out_Unmarshalu(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->outZ1, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->outZ2, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EncryptDecrypt_Out_Unmarshalu(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->outData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_IV_Unmarshalu(&target->ivOut, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EncryptDecrypt2_Out_Unmarshalu(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    return TSS_EncryptDecrypt_Out_Unmarshalu((EncryptDecrypt_Out *)target, tag, buffer, size);
+}
+TPM_RC
+TSS_Hash_Out_Unmarshalu(Hash_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->outHash, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_HASHCHECK_Unmarshalu(&target->validation, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HMAC_Out_Unmarshalu(HMAC_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->outHMAC, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetRandom_Out_Unmarshalu(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->randomBytes, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_HMAC_Start_Out_Unmarshalu(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_OBJECT_Unmarshalu(&target->sequenceHandle, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    return rc;
+}
+TPM_RC
+TSS_HashSequenceStart_Out_Unmarshalu(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_OBJECT_Unmarshalu(&target->sequenceHandle, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    return rc;
+}
+TPM_RC
+TSS_SequenceComplete_Out_Unmarshalu(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->result, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_HASHCHECK_Unmarshalu(&target->validation, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EventSequenceComplete_Out_Unmarshalu(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->results, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Certify_Out_Unmarshalu(Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->certifyInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CertifyCreation_Out_Unmarshalu(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->certifyInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CertifyX509_Out_Unmarshalu(CertifyX509_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_BUFFER_Unmarshalu(&target->addedToCertificate, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->tbsDigest, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Quote_Out_Unmarshalu(Quote_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->quoted, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetSessionAuditDigest_Out_Unmarshalu(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->auditInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetCommandAuditDigest_Out_Unmarshalu(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->auditInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetTime_Out_Unmarshalu(GetTime_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->timeInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Commit_Out_Unmarshalu(Commit_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->K, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->L, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->E, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->counter, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_EC_Ephemeral_Out_Unmarshalu(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ECC_POINT_Unmarshalu(&target->Q, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT16_Unmarshalu(&target->counter, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_VerifySignature_Out_Unmarshalu(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_VERIFIED_Unmarshalu(&target->validation, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_Sign_Out_Unmarshalu(Sign_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, NO);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Event_Out_Unmarshalu(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_DIGEST_VALUES_Unmarshalu(&target->digests, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Read_Out_Unmarshalu(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->pcrUpdateCounter, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_PCR_SELECTION_Unmarshalu(&target->pcrSelectionOut, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPML_DIGEST_Unmarshalu(&target->pcrValues, buffer, size, 0);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PCR_Allocate_Out_Unmarshalu(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->allocationSuccess, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->maxPCR, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->sizeNeeded, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_UINT32_Unmarshalu(&target->sizeAvailable, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicySigned_Out_Unmarshalu(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_TIMEOUT_Unmarshalu(&target->timeout, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_AUTH_Unmarshalu(&target->policyTicket, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicySecret_Out_Unmarshalu(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_TIMEOUT_Unmarshalu(&target->timeout, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_AUTH_Unmarshalu(&target->policyTicket, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_PolicyGetDigest_Out_Unmarshalu(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->policyDigest, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_CreatePrimary_Out_Unmarshalu(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM_HANDLE_Unmarshalu(&target->objectHandle, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_PUBLIC_Unmarshalu(&target->outPublic, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_CREATION_DATA_Unmarshalu(&target->creationData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_DIGEST_Unmarshalu(&target->creationHash, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_TK_CREATION_Unmarshalu(&target->creationTicket, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->name, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ContextSave_Out_Unmarshalu(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_CONTEXT_Unmarshalu(&target->context, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_ContextLoad_Out_Unmarshalu(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_DH_CONTEXT_Unmarshalu(&target->loadedHandle, buffer, size, NO);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    return rc;
+}
+TPM_RC
+TSS_ReadClock_Out_Unmarshalu(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_TIME_INFO_Unmarshalu(&target->currentTime, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_GetCapability_Out_Unmarshalu(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMI_YES_NO_Unmarshalu(&target->moreData, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMS_CAPABILITY_DATA_Unmarshalu(&target->capabilityData, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_ReadPublic_Out_Unmarshalu(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NV_PUBLIC_Unmarshalu(&target->nvPublic, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_NAME_Unmarshalu(&target->nvName, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Read_Out_Unmarshalu(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Unmarshalu(&target->data, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_NV_Certify_Out_Unmarshalu(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    uint32_t parameterSize = 0;
+    if (rc == TPM_RC_SUCCESS) {
+	if (tag == TPM_ST_SESSIONS) {
+	    rc = TSS_UINT32_Unmarshalu(&parameterSize, buffer, size);
+	}
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPM2B_ATTEST_Unmarshalu(&target->certifyInfo, buffer, size);
+    }
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_TPMT_SIGNATURE_Unmarshalu(&target->signature, buffer, size, YES);
+    }
+    return rc;
+}
+
+/*
+  TPM 2.0 Structure marshaling
+*/
+
+TPM_RC
+TSS_TPM2B_Marshalu(const TPM2B *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&(source->size), written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->buffer, source->size, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 5 - Definition of Types for Documentation Clarity */
+
+TPM_RC
+TSS_TPM_KEY_BITS_Marshalu(const TPM_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+   
+/* Table 7 - Definition of (UINT32) TPM_GENERATED Constants <O> */
+
+TPM_RC
+TSS_TPM_GENERATED_Marshalu(const TPM_GENERATED *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+ 
+/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_ALG_ID_Marshalu(const TPM_ALG_ID *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 10 - Definition of (uint16_t) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> */
+
+#ifdef TPM_ALG_ECC
+TPM_RC
+TSS_TPM_ECC_CURVE_Marshalu(const TPM_ECC_CURVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+#endif
+
+/* Table 17 - Definition of (UINT32) TPM_RC Constants (Actions) <OUT> */
+
+TPM_RC
+TSS_TPM_RC_Marshalu(const TPM_RC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 18 - Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> */
+
+TPM_RC
+TSS_TPM_CLOCK_ADJUST_Marshalu(const TPM_CLOCK_ADJUST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_INT8_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 19 - Definition of (UINT16) TPM_EO Constants <IN/OUT> */
+
+TPM_RC
+TSS_TPM_EO_Marshalu(const TPM_EO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 20 - Definition of (UINT16) TPM_ST Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_ST_Marshalu(const TPM_ST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+ 
+/* Table 21 - Definition of (UINT16) TPM_SU Constants <IN> */
+
+TPM_RC
+TSS_TPM_SU_Marshalu(const TPM_ST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 22 - Definition of (UINT8) TPM_SE Constants <IN> */
+
+TPM_RC
+TSS_TPM_SE_Marshalu(const TPM_SE  *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 23 - Definition of (UINT32) TPM_CAP Constants  */
+
+TPM_RC
+TSS_TPM_CAP_Marshalu(const TPM_CAP *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 24 - Definition of (UINT32) TPM_PT Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_PT_Marshalu(const TPM_PT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 25 - Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM_PT_PCR_Marshalu(const TPM_PT_PCR *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 27 - Definition of Types for Handles */
+
+TPM_RC
+TSS_TPM_HANDLE_Marshalu(const TPM_HANDLE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 31 - Definition of (UINT32) TPMA_ALGORITHM Bits */
+
+TPM_RC
+TSS_TPMA_ALGORITHM_Marshalu(const TPMA_ALGORITHM *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */
+
+TPM_RC
+TSS_TPMA_OBJECT_Marshalu(const TPMA_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size);
+    }
+    return rc;
+}
+ 
+/* Table 33 - Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> */
+
+TPM_RC
+TSS_TPMA_SESSION_Marshalu(const TPMA_SESSION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->val, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 34 - Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> */
+
+TPM_RC
+TSS_TPMA_LOCALITY_Marshalu(const TPMA_LOCALITY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->val, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 38 - Definition of (TPM_CC) TPMA_CC Bits <OUT> */
+
+TPM_RC
+TSS_TPM_CC_Marshalu(const TPM_CC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 38 - Definition of (TPM_CC) TPMA_CC Bits <OUT> */
+
+TPM_RC
+TSS_TPMA_CC_Marshalu(const TPMA_CC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */
+
+TPM_RC
+TSS_TPMI_YES_NO_Marshalu(const TPMI_YES_NO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */
+
+TPM_RC
+TSS_TPMI_DH_OBJECT_Marshalu(const TPMI_DH_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */
+
+TPM_RC
+TSS_TPMI_DH_PERSISTENT_Marshalu(const TPMI_DH_PERSISTENT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> */
+
+TPM_RC
+TSS_TPMI_DH_ENTITY_Marshalu(const TPMI_DH_ENTITY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 43 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> */
+
+TPM_RC
+TSS_TPMI_DH_PCR_Marshalu(const TPMI_DH_PCR  *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_SH_AUTH_SESSION_Marshalu(const TPMI_SH_AUTH_SESSION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_SH_HMAC_Marshalu(const TPMI_SH_HMAC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 46 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_SH_POLICY_Marshalu(const TPMI_SH_POLICY*source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+  
+/* Table 47 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type  */
+
+TPM_RC
+TSS_TPMI_DH_CONTEXT_Marshalu(const TPMI_DH_CONTEXT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type  */
+
+TPM_RC
+TSS_TPMI_DH_SAVED_Marshalu(const TPMI_DH_SAVED *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type  */
+
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_Marshalu(const TPMI_RH_HIERARCHY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+   
+/* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */
+
+TPM_RC
+TSS_TPMI_RH_ENABLES_Marshalu(const TPMI_RH_ENABLES *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(const TPMI_RH_HIERARCHY_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_POLICY Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_POLICY_Marshalu(const TPMI_RH_HIERARCHY_POLICY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_PLATFORM_Marshalu(const TPMI_RH_PLATFORM *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_ENDORSEMENT_Marshalu(const TPMI_RH_ENDORSEMENT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_PROVISION_Marshalu(const TPMI_RH_PROVISION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_CLEAR_Marshalu(const TPMI_RH_CLEAR *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_NV_AUTH_Marshalu(const TPMI_RH_NV_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> */
+
+TPM_RC
+TSS_TPMI_RH_LOCKOUT_Marshalu(const TPMI_RH_LOCKOUT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 58 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> */
+
+TPM_RC
+TSS_TPMI_RH_NV_INDEX_Marshalu(const TPMI_RH_NV_INDEX *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_HANDLE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type  */
+
+TPM_RC
+TSS_TPMI_ALG_HASH_Marshalu(const TPMI_ALG_HASH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */
+
+TPM_RC
+TSS_TPMI_ALG_SYM_Marshalu(const TPMI_ALG_SYM *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */
+
+TPM_RC
+TSS_TPMI_ALG_SYM_OBJECT_Marshalu(const TPMI_ALG_SYM_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */
+
+TPM_RC
+TSS_TPMI_ALG_SYM_MODE_Marshalu(const TPMI_ALG_SYM_MODE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */
+
+TPM_RC
+TSS_TPMI_ALG_KDF_Marshalu(const TPMI_ALG_KDF *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 65 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_SIG_SCHEME_Marshalu(const TPMI_ALG_SIG_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 66 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */
+
+TPM_RC
+TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(const TPMI_ECC_KEY_EXCHANGE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+} 
+
+/* Table 67 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */
+
+TPM_RC
+TSS_TPMI_ST_COMMAND_TAG_Marshalu(const TPMI_ST_COMMAND_TAG *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ST_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 71 - Definition of (TPM_ALG_ID) TPMI_ALG_MAC_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_MAC_SCHEME_Marshalu(const TPMI_ALG_MAC_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size) 
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 72 - Definition of (TPM_ALG_ID) TPMI_ALG_CIPHER_MODE Type */
+
+TPM_RC
+TSS_TPMI_ALG_CIPHER_MODE_Marshalu(const TPMI_ALG_CIPHER_MODE *source, uint16_t *written, BYTE **buffer, uint32_t *size) 
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+} 
+
+/* Table 70 - Definition of TPMU_HA Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_HA_Marshalu(const TPMU_HA *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    
+    switch (selector) {
+#ifdef TPM_ALG_SHA1
+      case TPM_ALG_SHA1:
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(&source->sha1[0], SHA1_DIGEST_SIZE, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SHA256
+      case TPM_ALG_SHA256:
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(&source->sha256[0], SHA256_DIGEST_SIZE, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SHA384
+      case TPM_ALG_SHA384:
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(&source->sha384[0], SHA384_DIGEST_SIZE, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SHA512
+      case TPM_ALG_SHA512:
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(&source->sha512[0], SHA512_DIGEST_SIZE, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SM3_256
+      case TPM_ALG_SM3_256:
+	if (rc == 0) {
+	    rc = TSS_Array_Marshalu(&source->sm3_256[0], SM3_256_DIGEST_SIZE, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 71 - Definition of TPMT_HA Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPMT_HA_Marshalu(const TPMT_HA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_HA_Marshalu(&source->digest, written, buffer, size, source->hashAlg);
+    }
+    return rc;
+}
+
+/* Table 72 - Definition of TPM2B_DIGEST Structure */
+
+TPM_RC
+TSS_TPM2B_DIGEST_Marshalu(const TPM2B_DIGEST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 73 - Definition of TPM2B_DATA Structure */
+
+TPM_RC
+TSS_TPM2B_DATA_Marshalu(const TPM2B_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 74 - Definition of Types for TPM2B_NONCE */
+
+TPM_RC
+TSS_TPM2B_NONCE_Marshalu(const TPM2B_NONCE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 75 - Definition of Types for TPM2B_AUTH */
+
+TPM_RC
+TSS_TPM2B_AUTH_Marshalu(const TPM2B_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 76 - Definition of Types for TPM2B_OPERAND */
+
+TPM_RC
+TSS_TPM2B_OPERAND_Marshalu(const TPM2B_OPERAND *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 77 - Definition of TPM2B_EVENT Structure */
+
+TPM_RC
+TSS_TPM2B_EVENT_Marshalu(const TPM2B_EVENT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 78 - Definition of TPM2B_MAX_BUFFER Structure */
+
+TPM_RC
+TSS_TPM2B_MAX_BUFFER_Marshalu(const TPM2B_MAX_BUFFER *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 79 - Definition of TPM2B_MAX_NV_BUFFER Structure */
+
+TPM_RC
+TSS_TPM2B_MAX_NV_BUFFER_Marshalu(const TPM2B_MAX_NV_BUFFER *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 80 - Definition of TPM2B_TIMEOUT Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_TIMEOUT_Marshalu(const TPM2B_TIMEOUT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 81 - Definition of TPM2B_IV Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_IV_Marshalu(const TPM2B_IV *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 83 - Definition of TPM2B_NAME Structure */
+
+TPM_RC
+TSS_TPM2B_NAME_Marshalu(const TPM2B_NAME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 85 - Definition of TPMS_PCR_SELECTION Structure */
+
+TPM_RC
+TSS_TPMS_PCR_SELECTION_Marshalu(const TPMS_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hash, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->sizeofSelect, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(&source->pcrSelect[0], source->sizeofSelect, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 88 - Definition of TPMT_TK_CREATION Structure */
+
+TPM_RC
+TSS_TPMT_TK_CREATION_Marshalu(const TPMT_TK_CREATION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 89 - Definition of TPMT_TK_VERIFIED Structure */
+
+TPM_RC
+TSS_TPMT_TK_VERIFIED_Marshalu(const TPMT_TK_VERIFIED *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 90 - Definition of TPMT_TK_AUTH Structure */
+
+TPM_RC
+TSS_TPMT_TK_AUTH_Marshalu(const TPMT_TK_AUTH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */
+
+TPM_RC
+TSS_TPMT_TK_HASHCHECK_Marshalu(const TPMT_TK_HASHCHECK *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ST_Marshalu(&source->tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->digest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 92 - Definition of TPMS_ALG_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_ALG_PROPERTY_Marshalu(const TPMS_ALG_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(&source->alg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_ALGORITHM_Marshalu(&source->algProperties, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 93 - Definition of TPMS_TAGGED_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TAGGED_PROPERTY_Marshalu(const TPMS_TAGGED_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_PT_Marshalu(&source->property, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->value, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 94 - Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(const TPMS_TAGGED_PCR_SELECT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_PT_PCR_Marshalu(&source->tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->sizeofSelect, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(&source->pcrSelect[0], source->sizeofSelect, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 95 - Definition of TPML_CC Structure */
+
+TPM_RC
+TSS_TPML_CC_Marshalu(const TPML_CC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPM_CC_Marshalu(&source->commandCodes[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 96 - Definition of TPML_CCA Structure <OUT> */
+
+TPM_RC
+TSS_TPML_CCA_Marshalu(const TPML_CCA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMA_CC_Marshalu(&source->commandAttributes[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 97 - Definition of TPML_ALG Structure */
+
+TPM_RC
+TSS_TPML_ALG_Marshalu(const TPML_ALG *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPM_ALG_ID_Marshalu(&source->algorithms[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 98 - Definition of TPML_HANDLE Structure <OUT> */
+
+TPM_RC
+TSS_TPML_HANDLE_Marshalu(const TPML_HANDLE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPM_HANDLE_Marshalu(&source->handle[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 99 - Definition of TPML_DIGEST Structure */
+
+TPM_RC
+TSS_TPML_DIGEST_Marshalu(const TPML_DIGEST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPM2B_DIGEST_Marshalu(&source->digests[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 100 - Definition of TPML_DIGEST_VALUES Structure */
+
+TPM_RC
+TSS_TPML_DIGEST_VALUES_Marshalu(const TPML_DIGEST_VALUES *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMT_HA_Marshalu(&source->digests[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+
+TPM_RC
+TSS_TPML_PCR_SELECTION_Marshalu(const TPML_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMS_PCR_SELECTION_Marshalu(&source->pcrSelections[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 103 - Definition of TPML_ALG_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_ALG_PROPERTY_Marshalu(const TPML_ALG_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMS_ALG_PROPERTY_Marshalu(&source->algProperties[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 104 - Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(const TPML_TAGGED_TPM_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMS_TAGGED_PROPERTY_Marshalu(&source->tpmProperty[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 105 - Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> */
+
+TPM_RC
+TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(const TPML_TAGGED_PCR_PROPERTY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(&source->pcrProperty[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 106 - Definition of {ECC} TPML_ECC_CURVE Structure <OUT> */
+
+TPM_RC
+TSS_TPML_ECC_CURVE_Marshalu(const TPML_ECC_CURVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint32_t i;
+    
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->count, written, buffer, size);
+    }
+    for (i = 0 ; i < source->count ; i++) {
+	if (rc == 0) {
+	    rc = TSS_TPM_ECC_CURVE_Marshalu(&source->eccCurves[i], written, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* Table 107 - Definition of TPMU_CAPABILITIES Union <OUT> */
+
+TPM_RC
+TSS_TPMU_CAPABILITIES_Marshalu(const TPMU_CAPABILITIES *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+      case TPM_CAP_ALGS:
+	if (rc == 0) {
+	    rc = TSS_TPML_ALG_PROPERTY_Marshalu(&source->algorithms, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_HANDLES:
+	if (rc == 0) {
+	    rc = TSS_TPML_HANDLE_Marshalu(&source->handles, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_COMMANDS:
+	if (rc == 0) {
+	    rc = TSS_TPML_CCA_Marshalu(&source->command, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_PP_COMMANDS:
+	if (rc == 0) {
+	    rc = TSS_TPML_CC_Marshalu(&source->ppCommands, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_AUDIT_COMMANDS:
+	if (rc == 0) {
+	    rc = TSS_TPML_CC_Marshalu(&source->auditCommands, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_PCRS:
+	if (rc == 0) {
+	    rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->assignedPCR, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_TPM_PROPERTIES:
+	if (rc == 0) {
+	    rc = TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(&source->tpmProperties, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_PCR_PROPERTIES:
+	if (rc == 0) {
+	    rc = TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(&source->pcrProperties, written, buffer, size);
+	}
+	break;
+      case TPM_CAP_ECC_CURVES:
+	if (rc == 0) {
+	    rc = TSS_TPML_ECC_CURVE_Marshalu(&source->eccCurves, written, buffer, size);
+	}
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 108 - Definition of TPMS_CAPABILITY_DATA Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CAPABILITY_DATA_Marshalu(const TPMS_CAPABILITY_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_CAP_Marshalu(&source->capability, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_CAPABILITIES_Marshalu(&source->data, written, buffer, size, source->capability);
+    }
+    return rc;
+}
+
+/* Table 109 - Definition of TPMS_CLOCK_INFO Structure */
+
+TPM_RC
+TSS_TPMS_CLOCK_INFO_Marshalu(const TPMS_CLOCK_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->clock, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->resetCount, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->restartCount, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->safe, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 110 - Definition of TPMS_TIME_INFO Structure */
+
+TPM_RC
+TSS_TPMS_TIME_INFO_Marshalu(const TPMS_TIME_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->time, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMS_CLOCK_INFO_Marshalu(&source->clockInfo, written, buffer, size);
+    }
+    return rc;
+}
+    
+/* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_TIME_ATTEST_INFO_Marshalu(const TPMS_TIME_ATTEST_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_TIME_INFO_Marshalu(&source->time, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->firmwareVersion, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 112 - Definition of TPMS_CERTIFY_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CERTIFY_INFO_Marshalu(const TPMS_CERTIFY_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->name, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->qualifiedName, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 113 - Definition of TPMS_QUOTE_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_QUOTE_INFO_Marshalu(const TPMS_QUOTE_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrSelect, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->pcrDigest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 114 - Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(const TPMS_COMMAND_AUDIT_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->auditCounter, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(&source->digestAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->auditDigest, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->commandDigest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 115 - Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(const TPMS_SESSION_AUDIT_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_YES_NO_Marshalu(&source->exclusiveSession, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->sessionDigest, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 116 - Definition of TPMS_CREATION_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CREATION_INFO_Marshalu(const TPMS_CREATION_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->objectName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->creationHash, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 117 - Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_NV_CERTIFY_INFO_Marshalu(const TPMS_NV_CERTIFY_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->indexName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->offset, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_MAX_NV_BUFFER_Marshalu(&source->nvContents, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 118 - Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT> */
+
+TPM_RC
+TSS_TPMI_ST_ATTEST_Marshalu(const TPMI_ST_ATTEST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ST_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 119 - Definition of TPMU_ATTEST Union <OUT> */
+
+TPM_RC
+TSS_TPMU_ATTEST_Marshalu(const TPMU_ATTEST  *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+      case TPM_ST_ATTEST_CERTIFY:
+	if (rc == 0) {
+	    rc = TSS_TPMS_CERTIFY_INFO_Marshalu(&source->certify, written, buffer, size);
+	}
+	break;
+      case TPM_ST_ATTEST_CREATION:
+	if (rc == 0) {
+	    rc = TSS_TPMS_CREATION_INFO_Marshalu(&source->creation, written, buffer, size);
+	}
+	break;
+      case TPM_ST_ATTEST_QUOTE:
+	if (rc == 0) {
+	    rc = TSS_TPMS_QUOTE_INFO_Marshalu(&source->quote, written, buffer, size);
+	}
+	break;
+      case TPM_ST_ATTEST_COMMAND_AUDIT:
+	if (rc == 0) {
+	    rc = TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(&source->commandAudit, written, buffer, size);
+	}
+	break;
+      case TPM_ST_ATTEST_SESSION_AUDIT:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(&source->sessionAudit, written, buffer, size);
+	}
+	break;
+      case TPM_ST_ATTEST_TIME:
+	if (rc == 0) {
+	    rc = TSS_TPMS_TIME_ATTEST_INFO_Marshalu(&source->time, written, buffer, size);
+	}
+	break;
+      case TPM_ST_ATTEST_NV:
+	if (rc == 0) {
+	    rc = TSS_TPMS_NV_CERTIFY_INFO_Marshalu(&source->nv, written, buffer, size);
+	}
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 120 - Definition of TPMS_ATTEST Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_ATTEST_Marshalu(const TPMS_ATTEST  *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_GENERATED_Marshalu(&source->magic, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ST_ATTEST_Marshalu(&source->type, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->qualifiedSigner, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->extraData, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMS_CLOCK_INFO_Marshalu(&source->clockInfo, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->firmwareVersion, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_ATTEST_Marshalu(&source->attested, written, buffer, size,source->type);
+    }
+    return rc;
+}
+
+/* Table 121 - Definition of TPM2B_ATTEST Structure <OUT> */
+
+TPM_RC
+TSS_TPM2B_ATTEST_Marshalu(const TPM2B_ATTEST *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 122 - Definition of TPMS_AUTH_COMMAND Structure <IN> */
+
+TPM_RC
+TSS_TPMS_AUTH_COMMAND_Marshalu(const TPMS_AUTH_COMMAND *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_SH_AUTH_SESSION_Marshalu(&source->sessionHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NONCE_Marshalu(&source->nonce, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_SESSION_Marshalu(&source->sessionAttributes, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->hmac, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 124 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */
+
+TPM_RC
+TSS_TPMI_AES_KEY_BITS_Marshalu(const TPMI_AES_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_BITS_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */
+
+TPM_RC
+TSS_TPMU_SYM_KEY_BITS_Marshalu(const TPMU_SYM_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch(selector) {
+#ifdef TPM_ALG_AES
+      case TPM_ALG_AES:
+	if (rc == 0) {
+	    rc = TSS_TPMI_AES_KEY_BITS_Marshalu(&source->aes, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SM4
+      case TPM_ALG_SM4:
+	if (rc == 0) {
+	    rc = TSS_TPMI_SM4_KEY_BITS_Marshalu(&source->sm4, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_CAMELLIA
+      case TPM_ALG_CAMELLIA:
+	if (rc == 0) {
+	    rc = TSS_TPMI_CAMELLIA_KEY_BITS_Marshalu(&source->camellia, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+	if (rc == 0) {
+	    rc = TSS_TPMI_ALG_HASH_Marshalu(&source->xorr, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	return rc;
+    }
+    return rc;
+}
+
+/* Table 126 - Definition of TPMU_SYM_MODE Union */
+
+TPM_RC
+TSS_TPMU_SYM_MODE_Marshalu(const TPMU_SYM_MODE *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_AES
+      case TPM_ALG_AES:
+	if (rc == 0) {
+	    rc = TSS_TPMI_ALG_SYM_MODE_Marshalu(&source->aes, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SM4
+      case TPM_ALG_SM4:
+	if (rc == 0) {
+	    rc = TSS_TPMI_ALG_SYM_MODE_Marshalu(&source->sm4, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_CAMELLIA
+      case TPM_ALG_CAMELLIA:
+	if (rc == 0) {
+	    rc = TSS_TPMI_ALG_SYM_MODE_Marshalu(&source->camellia, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 128 - Definition of TPMT_SYM_DEF Structure */
+
+TPM_RC
+TSS_TPMT_SYM_DEF_Marshalu(const TPMT_SYM_DEF *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_SYM_Marshalu(&source->algorithm, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SYM_KEY_BITS_Marshalu(&source->keyBits, written, buffer, size, source->algorithm);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SYM_MODE_Marshalu(&source->mode, written, buffer, size, source->algorithm);
+    }
+    return rc;
+}
+
+/* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */
+
+TPM_RC
+TSS_TPMT_SYM_DEF_OBJECT_Marshalu(const TPMT_SYM_DEF_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_SYM_OBJECT_Marshalu(&source->algorithm, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SYM_KEY_BITS_Marshalu(&source->keyBits, written, buffer, size, source->algorithm);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SYM_MODE_Marshalu(&source->mode, written, buffer, size, source->algorithm);
+    }
+    return rc;
+}
+
+/* Table 130 - Definition of TPM2B_SYM_KEY Structure */
+
+TPM_RC
+TSS_TPM2B_SYM_KEY_Marshalu(const TPM2B_SYM_KEY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 134 - Definition of TPM2B_LABEL Structure */
+
+TPM_RC
+TSS_TPM2B_LABEL_Marshalu(const TPM2B_LABEL *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 139 - Definition of TPMS_DERIVE Structure */
+
+TPM_RC
+TSS_TPMS_DERIVE_Marshalu(const TPMS_DERIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_LABEL_Marshalu(&source->label, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_LABEL_Marshalu(&source->context, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 131 - Definition of TPMS_SYMCIPHER_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_SYMCIPHER_PARMS_Marshalu(const TPMS_SYMCIPHER_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->sym, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure */
+
+TPM_RC
+TSS_TPM2B_SENSITIVE_DATA_Marshalu(const TPM2B_SENSITIVE_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure <IN> */
+
+TPM_RC
+TSS_TPMS_SENSITIVE_CREATE_Marshalu(const TPMS_SENSITIVE_CREATE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->userAuth, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->data, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 134 - Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> */
+
+TPM_RC
+TSS_TPM2B_SENSITIVE_CREATE_Marshalu(const TPM2B_SENSITIVE_CREATE  *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint16_t);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMS_SENSITIVE_CREATE_Marshalu(&source->sensitive, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	*written += sizeWritten;
+	if (buffer != NULL) {
+	    rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size);	/* backfill 2B size */
+	}
+	else {
+	    *written += sizeof(uint16_t);
+	}
+    }
+    return rc;
+}
+
+/* Table 135 - Definition of TPMS_SCHEME_HASH Structure */
+
+TPM_RC
+TSS_TPMS_SCHEME_HASH_Marshalu(const TPMS_SCHEME_HASH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    return rc;
+}
+    
+/* Table 136 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */
+
+TPM_RC
+TSS_TPMS_SCHEME_ECDAA_Marshalu(const TPMS_SCHEME_ECDAA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->count, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(const TPMI_ALG_KEYEDHASH_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 138 - Definition of Types for HMAC_SIG_SCHEME */
+
+TPM_RC
+TSS_TPMS_SCHEME_HMAC_Marshalu(const TPMS_SCHEME_HMAC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 139 - Definition of TPMS_SCHEME_XOR Structure */
+
+TPM_RC
+TSS_TPMS_SCHEME_XOR_Marshalu(const TPMS_SCHEME_XOR *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hashAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_KDF_Marshalu(&source->kdf, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(const TPMU_SCHEME_KEYEDHASH *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_HMAC_Marshalu(&source->hmac, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_XOR_Marshalu(&source->xorr, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(const TPMT_KEYEDHASH_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(&source->details, written, buffer, size, source->scheme);
+    }
+    return rc;
+}
+
+/* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(const TPMS_SIG_SCHEME_RSASSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(const TPMS_SIG_SCHEME_RSAPSS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(const TPMS_SIG_SCHEME_ECDSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_SM2_Marshalu(const TPMS_SIG_SCHEME_SM2 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(const TPMS_SIG_SCHEME_ECSCHNORR *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */
+
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(const TPMS_SIG_SCHEME_ECDAA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_ECDAA_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 144 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SIG_SCHEME_Marshalu(const TPMU_SIG_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(&source->rsassa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(&source->rsapss, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(&source->ecdsa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(&source->ecdaa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_SM2_Marshalu(&source->sm2, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(&source->ecSchnorr, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_HMAC_Marshalu(&source->hmac, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+ 
+/* Table 145 - Definition of TPMT_SIG_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_SIG_SCHEME_Marshalu(const TPMT_SIG_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_SIG_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SIG_SCHEME_Marshalu(&source->details, written, buffer, size,source->scheme);
+    }
+    return rc;
+}
+
+/* Table 146 - Definition of Types for {RSA} Encryption Schemes */
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC
+TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(const TPMS_ENC_SCHEME_OAEP *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 146 - Definition of Types for {RSA} Encryption Schemes */
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC
+TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(const TPMS_ENC_SCHEME_RSAES *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    source = source;
+    written = written;
+    buffer = buffer;
+    size = size;
+    return 0;
+}
+
+/* Table 147 - Definition of Types for {ECC} ECC Key Exchange */
+
+TPM_RC
+TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(const TPMS_KEY_SCHEME_ECDH *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(const TPMS_KEY_SCHEME_ECMQV *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */
+
+TPM_RC
+TSS_TPMS_SCHEME_MGF1_Marshalu(const TPMS_SCHEME_MGF1 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(const TPMS_SCHEME_KDF1_SP800_56A *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_SCHEME_KDF2_Marshalu(const TPMS_SCHEME_KDF2 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(const TPMS_SCHEME_KDF1_SP800_108 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 149 - Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_KDF_SCHEME_Marshalu(const TPMU_KDF_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_MGF1
+      case TPM_ALG_MGF1:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_MGF1_Marshalu(&source->mgf1, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_KDF1_SP800_56A
+      case TPM_ALG_KDF1_SP800_56A:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(&source->kdf1_SP800_56a, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_KDF2
+      case TPM_ALG_KDF2:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_KDF2_Marshalu(&source->kdf2, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_KDF1_SP800_108
+      case TPM_ALG_KDF1_SP800_108:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(&source->kdf1_sp800_108, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+/* Table 150 - Definition of TPMT_KDF_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_KDF_SCHEME_Marshalu(const TPMT_KDF_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_KDF_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_KDF_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme);
+    }
+    return rc;
+}
+
+/* Table 152 - Definition of TPMU_ASYM_SCHEME Union */
+
+TPM_RC
+TSS_TPMU_ASYM_SCHEME_Marshalu(const TPMU_ASYM_SCHEME  *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_ECDH
+      case TPM_ALG_ECDH:
+	if (rc == 0) {
+	    rc = TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(&source->ecdh, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECMQV
+      case TPM_ALG_ECMQV:
+	if (rc == 0) {
+	    rc = TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(&source->ecmqvh, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(&source->rsassa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(&source->rsapss, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(&source->ecdsa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(&source->ecdaa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_SM2_Marshalu(&source->sm2, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(&source->ecSchnorr, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSAES
+      case TPM_ALG_RSAES:
+	if (rc == 0) {
+	    rc = TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(&source->rsaes, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_OAEP
+      case TPM_ALG_OAEP:
+	if (rc == 0) {
+	    rc = TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(&source->oaep, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 154 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_RSA_SCHEME_Marshalu(const TPMI_ALG_RSA_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_RSA_SCHEME_Marshalu(const TPMT_RSA_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_RSA_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_ASYM_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme);
+    }
+    return rc;
+}
+
+/* Table 156 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */
+
+TPM_RC
+TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(const TPMI_ALG_RSA_DECRYPT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */
+
+TPM_RC
+TSS_TPMT_RSA_DECRYPT_Marshalu(const TPMT_RSA_DECRYPT  *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_ASYM_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme);
+    }
+    return rc;
+}
+
+/* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */
+
+TPM_RC
+TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(const TPM2B_PUBLIC_KEY_RSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */
+
+TPM_RC
+TSS_TPMI_RSA_KEY_BITS_Marshalu(const TPMI_RSA_KEY_BITS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_BITS_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 160 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */
+
+TPM_RC
+TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(const TPM2B_PRIVATE_KEY_RSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 161 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */
+
+TPM_RC
+TSS_TPM2B_ECC_PARAMETER_Marshalu(const TPM2B_ECC_PARAMETER *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 162 - Definition of {ECC} TPMS_ECC_POINT Structure */
+
+TPM_RC
+TSS_TPMS_ECC_POINT_Marshalu(const TPMS_ECC_POINT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->x, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->y, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 163 - Definition of {ECC} TPM2B_ECC_POINT Structure */
+
+TPM_RC
+TSS_TPM2B_ECC_POINT_Marshalu(const TPM2B_ECC_POINT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint16_t);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMS_ECC_POINT_Marshalu(&source->point, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	*written += sizeWritten;
+	if (buffer != NULL) {
+	    rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint16_t);
+	}
+    }
+    return rc;
+}
+
+/* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */
+
+TPM_RC
+TSS_TPMI_ALG_ECC_SCHEME_Marshalu(const TPMI_ALG_ECC_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */
+
+TPM_RC
+TSS_TPMI_ECC_CURVE_Marshalu(const TPMI_ECC_CURVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ECC_CURVE_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */
+
+TPM_RC
+TSS_TPMT_ECC_SCHEME_Marshalu(const TPMT_ECC_SCHEME *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_ECC_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_ASYM_SCHEME_Marshalu(&source->details, written, buffer, size, source->scheme);
+    }
+    return rc;
+}
+
+/* Table 167 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshalu(const TPMS_ALGORITHM_DETAIL_ECC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->keySize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_KDF_SCHEME_Marshalu(&source->kdf, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_ECC_SCHEME_Marshalu(&source->sign, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->p, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->a, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->b, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->gX, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->gY, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->n, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->h, written, buffer, size);
+    }
+    return rc;
+}
+    
+/* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_RSA_Marshalu(const TPMS_SIGNATURE_RSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hash, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->sig, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 169 - Definition of Types for {RSA} Signature */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_RSASSA_Marshalu(const TPMS_SIGNATURE_RSASSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SIGNATURE_RSA_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(const TPMS_SIGNATURE_RSAPSS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SIGNATURE_RSA_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 170 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECC_Marshalu(const TPMS_SIGNATURE_ECC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->hash, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->signatureR, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->signatureS, written, buffer, size);
+    }
+    return rc;
+}
+    
+/* Table 171 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECDSA_Marshalu(const TPMS_SIGNATURE_ECDSA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}	
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECDAA_Marshalu(const TPMS_SIGNATURE_ECDAA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMS_SIGNATURE_SM2_Marshalu(const TPMS_SIGNATURE_SM2 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMS_SIGNATURE_ECSCHNORR_Marshalu(const TPMS_SIGNATURE_ECSCHNORR *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 172 - Definition of TPMU_SIGNATURE Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SIGNATURE_Marshalu(const TPMU_SIGNATURE *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIGNATURE_RSASSA_Marshalu(&source->rsassa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(&source->rsapss, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->ecdsa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->ecdaa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->sm2, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SIGNATURE_ECDSA_Marshalu(&source->ecschnorr, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	if (rc == 0) {
+	    rc = TSS_TPMT_HA_Marshalu(&source->hmac, written, buffer, size);
+	}
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 173 - Definition of TPMT_SIGNATURE Structure */
+
+TPM_RC
+TSS_TPMT_SIGNATURE_Marshalu(const TPMT_SIGNATURE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_SIG_SCHEME_Marshalu(&source->sigAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SIGNATURE_Marshalu(&source->signature, written, buffer, size, source->sigAlg);
+    }
+    return rc;
+}
+
+/* Table 175 - Definition of TPM2B_ENCRYPTED_SECRET Structure */
+
+TPM_RC
+TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(const TPM2B_ENCRYPTED_SECRET *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+ 
+/* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+
+TPM_RC
+TSS_TPMI_ALG_PUBLIC_Marshalu(const TPMI_ALG_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 177 - Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_PUBLIC_ID_Marshalu(const TPMU_PUBLIC_ID *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_DIGEST_Marshalu(&source->keyedHash, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_DIGEST_Marshalu(&source->sym, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(&source->rsa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	if (rc == 0) {
+	    rc = TSS_TPMS_ECC_POINT_Marshalu(&source->ecc, written, buffer, size);
+	}
+	break;
+#endif
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+} 
+
+/* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_KEYEDHASH_PARMS_Marshalu(const TPMS_KEYEDHASH_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_RSA_PARMS_Marshalu(const TPMS_RSA_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetric, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_RSA_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RSA_KEY_BITS_Marshalu(&source->keyBits, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->exponent, written, buffer, size);
+    }
+    return rc;
+}
+/* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */
+
+TPM_RC
+TSS_TPMS_ECC_PARMS_Marshalu(const TPMS_ECC_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMT_SYM_DEF_OBJECT_Marshalu(&source->symmetric, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_ECC_SCHEME_Marshalu(&source->scheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ECC_CURVE_Marshalu(&source->curveID, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_KDF_SCHEME_Marshalu(&source->kdf, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_PUBLIC_PARMS_Marshalu(const TPMU_PUBLIC_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector) 
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	if (rc == 0) {
+	    rc = TSS_TPMS_KEYEDHASH_PARMS_Marshalu(&source->keyedHashDetail, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	if (rc == 0) {
+	    rc = TSS_TPMS_SYMCIPHER_PARMS_Marshalu(&source->symDetail, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	if (rc == 0) {
+	    rc = TSS_TPMS_RSA_PARMS_Marshalu(&source->rsaDetail, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	if (rc == 0) {
+	    rc = TSS_TPMS_ECC_PARMS_Marshalu(&source->eccDetail, written, buffer, size);
+	}
+	break;
+#endif
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 183 - Definition of TPMT_PUBLIC_PARMS Structure */
+
+TPM_RC
+TSS_TPMT_PUBLIC_PARMS_Marshalu(const TPMT_PUBLIC_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->type, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size, source->type);
+    }
+    return rc;
+}
+
+/* Table 184 - Definition of TPMT_PUBLIC Structure */
+
+TPM_RC
+TSS_TPMT_PUBLIC_Marshalu(const TPMT_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->type, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->nameAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_OBJECT_Marshalu(&source->objectAttributes, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size, source->type);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_PUBLIC_ID_Marshalu(&source->unique, written, buffer, size, source->type);
+    }
+    return rc;
+}
+
+/* Table 184 - Definition of TPMT_PUBLIC Structure - special marshaling for derived object template */
+
+TPM_RC
+TSS_TPMT_PUBLIC_D_Marshalu(const TPMT_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->type, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->nameAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_OBJECT_Marshalu(&source->objectAttributes, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_PUBLIC_PARMS_Marshalu(&source->parameters, written, buffer, size, source->type);
+    }
+    /* if derived from a derivation parent, marshal a TPMS_DERIVE structure */             
+    if (rc == 0) {
+	rc = TSS_TPMS_DERIVE_Marshalu(&source->unique.derive, written, buffer, size);
+    }    
+    return rc;
+}
+
+/* Table 185 - Definition of TPM2B_PUBLIC Structure */
+
+TPM_RC
+TSS_TPM2B_PUBLIC_Marshalu(const TPM2B_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+    
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint16_t);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_PUBLIC_Marshalu(&source->publicArea, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	*written += sizeWritten;
+	if (buffer != NULL) {
+	    rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint16_t);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM2B_TEMPLATE_Marshalu(const TPM2B_TEMPLATE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 187 - Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> */
+
+TPM_RC
+TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(const TPMU_SENSITIVE_COMPOSITE *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(&source->rsa, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_ECC_PARAMETER_Marshalu(&source->ecc, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_SENSITIVE_DATA_Marshalu(&source->bits, written, buffer, size);
+	}
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	if (rc == 0) {
+	    rc = TSS_TPM2B_SYM_KEY_Marshalu(&source->sym, written, buffer, size);
+	}
+	break;
+#endif
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+/* Table 188 - Definition of TPMT_SENSITIVE Structure */
+
+TPM_RC
+TSS_TPMT_SENSITIVE_Marshalu(const TPMT_SENSITIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_PUBLIC_Marshalu(&source->sensitiveType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_AUTH_Marshalu(&source->authValue, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->seedValue, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(&source->sensitive, written, buffer, size, source->sensitiveType);
+    }
+    return rc;
+}
+
+/* Table 189 - Definition of TPM2B_SENSITIVE Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_SENSITIVE_Marshalu(const TPM2B_SENSITIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+    
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint16_t);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMT_SENSITIVE_Marshalu(&source->t.sensitiveArea, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	*written += sizeWritten;
+	if (buffer != NULL) {
+	    rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint16_t);
+	}
+    }
+    return rc;
+}
+
+/* Table 191 - Definition of TPM2B_PRIVATE Structure <IN/OUT, S> */
+
+TPM_RC
+TSS_TPM2B_PRIVATE_Marshalu(const TPM2B_PRIVATE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 193 - Definition of TPM2B_ID_OBJECT Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_ID_OBJECT_Marshalu(const TPM2B_ID_OBJECT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 196 - Definition of (UINT32) TPMA_NV Bits */
+
+TPM_RC
+TSS_TPMA_NV_Marshalu(const TPMA_NV *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->val, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 197 - Definition of TPMS_NV_PUBLIC Structure */
+
+TPM_RC
+TSS_TPMS_NV_PUBLIC_Marshalu(const TPMS_NV_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_NV_INDEX_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_ALG_HASH_Marshalu(&source->nameAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_NV_Marshalu(&source->attributes, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->authPolicy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->dataSize, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */
+
+TPM_RC
+TSS_TPM2B_NV_PUBLIC_Marshalu(const TPM2B_NV_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+
+    if (buffer != NULL) {
+ 	sizePtr = *buffer;
+	*buffer += sizeof(uint16_t);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMS_NV_PUBLIC_Marshalu(&source->nvPublic, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	*written += sizeWritten;
+	if (buffer != NULL) {
+	    rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint16_t);
+	}
+    }
+    return rc;
+}
+
+/* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_CONTEXT_SENSITIVE_Marshalu(const TPM2B_CONTEXT_SENSITIVE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> */
+
+TPM_RC
+TSS_TPM2B_CONTEXT_DATA_Marshalu(const TPM2B_CONTEXT_DATA  *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM2B_Marshalu(&source->b, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 202 - Definition of TPMS_CONTEXT Structure */
+
+TPM_RC
+TSS_TPMS_CONTEXT_Marshalu(const TPMS_CONTEXT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT64_Marshalu(&source->sequence, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_DH_SAVED_Marshalu(&source->savedHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMI_RH_HIERARCHY_Marshalu(&source->hierarchy, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_CONTEXT_DATA_Marshalu(&source->contextBlob, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 204 - Definition of TPMS_CREATION_DATA Structure <OUT> */
+
+TPM_RC
+TSS_TPMS_CREATION_DATA_Marshalu(const TPMS_CREATION_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPML_PCR_SELECTION_Marshalu(&source->pcrSelect, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DIGEST_Marshalu(&source->pcrDigest, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMA_LOCALITY_Marshalu(&source->locality, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_ALG_ID_Marshalu(&source->parentNameAlg, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->parentName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_NAME_Marshalu(&source->parentQualifiedName, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM2B_DATA_Marshalu(&source->outsideInfo, written, buffer, size);
+    }
+    return rc;
+}
+
+/* Table 205 - Definition of TPM2B_CREATION_DATA Structure <OUT> */
+
+TPM_RC
+TSS_TPM2B_CREATION_DATA_Marshalu(const TPM2B_CREATION_DATA *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint16_t);
+    }
+    if (rc == 0) {
+	rc = TSS_TPMS_CREATION_DATA_Marshalu(&source->creationData, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	*written += sizeWritten;
+	if (buffer != NULL) {
+	    rc = TSS_UINT16_Marshalu(&sizeWritten, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint16_t);
+	}
+    }
+    return rc;
+}
+
+#ifndef TPM_TSS_NODEPRECATED
+
+/* Deprecated functions that use a sized value for the size parameter.  The recommended functions
+   use an unsigned value.
+
+*/
+
+TPM_RC
+TSS_UINT8_Marshal(const UINT8 *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_UINT8_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_INT8_Marshal(const INT8 *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_INT8_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_UINT16_Marshal(const UINT16 *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_UINT16_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_UINT32_Marshal(const UINT32 *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_UINT32_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_INT32_Marshal(const INT32 *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_INT32_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_UINT64_Marshal(const UINT64 *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_UINT64_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Array_Marshal(const BYTE *source, uint16_t sourceSize, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Array_Marshalu(source, sourceSize, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_Marshal(const TPM2B *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_KEY_BITS_Marshal(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_GENERATED_Marshal(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_GENERATED_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_ALG_ID_Marshal(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_ALG_ID_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_ECC_CURVE_Marshal(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_ECC_CURVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_RC_Marshal(const TPM_RC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_RC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_CLOCK_ADJUST_Marshal(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_CLOCK_ADJUST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_EO_Marshal(const TPM_EO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_EO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_ST_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_ST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_SU_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_SU_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_SE_Marshal(const TPM_SE  *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_SE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_CAP_Marshal(const TPM_CAP *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_CAP_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_PT_Marshal(const TPM_PT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_PT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_PT_PCR_Marshal(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_PT_PCR_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_HANDLE_Marshal(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_HANDLE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMA_ALGORITHM_Marshal(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_ALGORITHM_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMA_OBJECT_Marshal(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMA_SESSION_Marshal(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_SESSION_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMA_LOCALITY_Marshal(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_LOCALITY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM_CC_Marshal(const TPM_CC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM_CC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMA_CC_Marshal(const TPMA_CC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_CC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_YES_NO_Marshal(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_YES_NO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_DH_OBJECT_Marshal(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_DH_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_DH_PERSISTENT_Marshal(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_DH_PERSISTENT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_DH_ENTITY_Marshal(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_DH_ENTITY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_DH_PCR_Marshal(const TPMI_DH_PCR  *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_DH_PCR_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_SH_AUTH_SESSION_Marshal(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_SH_AUTH_SESSION_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_SH_HMAC_Marshal(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_SH_HMAC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_SH_POLICY_Marshal(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_SH_POLICY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_DH_CONTEXT_Marshal(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_DH_CONTEXT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_Marshal(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_HIERARCHY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_ENABLES_Marshal(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_ENABLES_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_HIERARCHY_AUTH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_PLATFORM_Marshal(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_PLATFORM_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_ENDORSEMENT_Marshal(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_ENDORSEMENT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_PROVISION_Marshal(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_PROVISION_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_CLEAR_Marshal(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_CLEAR_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_NV_AUTH_Marshal(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_NV_AUTH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_LOCKOUT_Marshal(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_LOCKOUT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RH_NV_INDEX_Marshal(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RH_NV_INDEX_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_HASH_Marshal(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_HASH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_SYM_Marshal(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_SYM_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_SYM_OBJECT_Marshal(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_SYM_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_SYM_MODE_Marshal(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_SYM_MODE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_KDF_Marshal(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_KDF_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_SIG_SCHEME_Marshal(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_SIG_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ECC_KEY_EXCHANGE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ST_COMMAND_TAG_Marshal(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ST_COMMAND_TAG_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_MAC_SCHEME_Marshal(const TPMI_ALG_MAC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_MAC_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_CIPHER_MODE_Marshal(const TPMI_ALG_CIPHER_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_CIPHER_MODE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_HA_Marshal(const TPMU_HA *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_HA_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_HA_Marshal(const TPMT_HA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_HA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_DIGEST_Marshal(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_DIGEST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_DATA_Marshal(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_DATA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_NONCE_Marshal(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_NONCE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_AUTH_Marshal(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_AUTH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_OPERAND_Marshal(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_OPERAND_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_EVENT_Marshal(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_EVENT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_MAX_BUFFER_Marshal(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_MAX_BUFFER_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_MAX_NV_BUFFER_Marshal(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_MAX_NV_BUFFER_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_TIMEOUT_Marshal(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_TIMEOUT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_IV_Marshal(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_IV_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_NAME_Marshal(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_NAME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_PCR_SELECTION_Marshal(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_PCR_SELECTION_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_TK_CREATION_Marshal(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_CREATION_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_TK_VERIFIED_Marshal(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_VERIFIED_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_TK_AUTH_Marshal(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_AUTH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_TK_HASHCHECK_Marshal(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_TK_HASHCHECK_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_ALG_PROPERTY_Marshal(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ALG_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_TAGGED_PROPERTY_Marshal(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TAGGED_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_TAGGED_PCR_SELECT_Marshal(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TAGGED_PCR_SELECT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_CC_Marshal(const TPML_CC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_CC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_CCA_Marshal(const TPML_CCA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_CCA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_ALG_Marshal(const TPML_ALG *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_ALG_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_HANDLE_Marshal(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_HANDLE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_DIGEST_Marshal(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_DIGEST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_DIGEST_VALUES_Marshal(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_DIGEST_VALUES_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_PCR_SELECTION_Marshal(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_PCR_SELECTION_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_ALG_PROPERTY_Marshal(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_ALG_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_TAGGED_TPM_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_TAGGED_PCR_PROPERTY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPML_ECC_CURVE_Marshal(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPML_ECC_CURVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_CAPABILITIES_Marshal(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_CAPABILITIES_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMS_CAPABILITY_DATA_Marshal(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CAPABILITY_DATA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_CLOCK_INFO_Marshal(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CLOCK_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_TIME_INFO_Marshal(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TIME_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_TIME_ATTEST_INFO_Marshal(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_TIME_ATTEST_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_CERTIFY_INFO_Marshal(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CERTIFY_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_QUOTE_INFO_Marshal(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_QUOTE_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_COMMAND_AUDIT_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SESSION_AUDIT_INFO_Marshal(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SESSION_AUDIT_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_CREATION_INFO_Marshal(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CREATION_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_NV_CERTIFY_INFO_Marshal(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_NV_CERTIFY_INFO_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ST_ATTEST_Marshal(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ST_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_ATTEST_Marshal(const TPMU_ATTEST  *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMS_ATTEST_Marshal(const TPMS_ATTEST  *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_ATTEST_Marshal(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ATTEST_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_AUTH_COMMAND_Marshal(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_AUTH_COMMAND_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_AES_KEY_BITS_Marshal(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_AES_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_SYM_KEY_BITS_Marshal(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SYM_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMU_SYM_MODE_Marshal(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SYM_MODE_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_SYM_DEF_Marshal(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_SYM_DEF_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_SYM_DEF_OBJECT_Marshal(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_SYM_DEF_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_SYM_KEY_Marshal(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SYM_KEY_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_LABEL_Marshal(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_LABEL_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_DERIVE_Marshal(const TPMS_DERIVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_DERIVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SYMCIPHER_PARMS_Marshal(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SYMCIPHER_PARMS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_SENSITIVE_DATA_Marshal(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SENSITIVE_DATA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SENSITIVE_CREATE_Marshal(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SENSITIVE_CREATE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_SENSITIVE_CREATE_Marshal(const TPM2B_SENSITIVE_CREATE  *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SENSITIVE_CREATE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_HASH_Marshal(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_HASH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_ECDAA_Marshal(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_ECDAA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_HMAC_Marshal(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_HMAC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_XOR_Marshal(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_XOR_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_SCHEME_KEYEDHASH_Marshal(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SCHEME_KEYEDHASH_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_KEYEDHASH_SCHEME_Marshal(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_KEYEDHASH_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_RSASSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_RSAPSS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_ECDSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_SM2_Marshal(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_SM2_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIG_SCHEME_ECDAA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_SIG_SCHEME_Marshal(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SIG_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_SIG_SCHEME_Marshal(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_SIG_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC
+TSS_TPMS_ENC_SCHEME_OAEP_Marshal(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ENC_SCHEME_OAEP_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+
+/* NOTE: Marked as const function in header */
+
+TPM_RC
+TSS_TPMS_ENC_SCHEME_RSAES_Marshal(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ENC_SCHEME_RSAES_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_KEY_SCHEME_ECDH_Marshal(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_KEY_SCHEME_ECDH_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_KEY_SCHEME_ECMQV_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_MGF1_Marshal(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_MGF1_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_KDF2_Marshal(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_KDF2_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SCHEME_KDF1_SP800_108_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_KDF_SCHEME_Marshal(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_KDF_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_KDF_SCHEME_Marshal(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_KDF_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_ASYM_SCHEME_Marshal(const TPMU_ASYM_SCHEME  *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_ASYM_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMI_ALG_RSA_SCHEME_Marshal(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_RSA_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_RSA_SCHEME_Marshal(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_RSA_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_RSA_DECRYPT_Marshal(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_RSA_DECRYPT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_RSA_DECRYPT_Marshal(const TPMT_RSA_DECRYPT  *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_RSA_DECRYPT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PUBLIC_KEY_RSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_RSA_KEY_BITS_Marshal(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_RSA_KEY_BITS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PRIVATE_KEY_RSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_ECC_PARAMETER_Marshal(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ECC_PARAMETER_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_ECC_POINT_Marshal(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ECC_POINT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_ECC_POINT_Marshal(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ECC_POINT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_ECC_SCHEME_Marshal(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_ECC_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ECC_CURVE_Marshal(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ECC_CURVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_ECC_SCHEME_Marshal(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_ECC_SCHEME_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_RSA_Marshal(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_RSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_RSASSA_Marshal(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_RSASSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_RSAPSS_Marshal(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_RSAPSS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_ECC_Marshal(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_ECDSA_Marshal(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECDSA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_ECDAA_Marshal(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECDAA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_SM2_Marshal(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_SM2_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_SIGNATURE_ECSCHNORR_Marshal(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_SIGNATURE_ECSCHNORR_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_SIGNATURE_Marshal(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SIGNATURE_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_SIGNATURE_Marshal(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_SIGNATURE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_ENCRYPTED_SECRET_Marshal(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ENCRYPTED_SECRET_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMI_ALG_PUBLIC_Marshal(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMI_ALG_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_PUBLIC_ID_Marshal(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_PUBLIC_ID_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMS_KEYEDHASH_PARMS_Marshal(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_KEYEDHASH_PARMS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_RSA_PARMS_Marshal(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_RSA_PARMS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_ECC_PARMS_Marshal(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_ECC_PARMS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_PUBLIC_PARMS_Marshal(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_PUBLIC_PARMS_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_PUBLIC_PARMS_Marshal(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_PUBLIC_PARMS_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_PUBLIC_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMT_PUBLIC_D_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_PUBLIC_D_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_PUBLIC_Marshal(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_TEMPLATE_Marshal(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_TEMPLATE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector)
+{
+    return TSS_TPMU_SENSITIVE_COMPOSITE_Marshalu(source, written, buffer, (uint32_t *)size, selector);
+}
+TPM_RC
+TSS_TPMT_SENSITIVE_Marshal(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMT_SENSITIVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_SENSITIVE_Marshal(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_SENSITIVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_PRIVATE_Marshal(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_PRIVATE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_ID_OBJECT_Marshal(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_ID_OBJECT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMA_NV_Marshal(const TPMA_NV *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMA_NV_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_NV_PUBLIC_Marshal(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_NV_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_NV_PUBLIC_Marshal(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_NV_PUBLIC_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_CONTEXT_SENSITIVE_Marshal(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_CONTEXT_SENSITIVE_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_CONTEXT_DATA_Marshal(const TPM2B_CONTEXT_DATA  *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_CONTEXT_DATA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_CONTEXT_Marshal(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CONTEXT_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPMS_CREATION_DATA_Marshal(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPMS_CREATION_DATA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TPM2B_CREATION_DATA_Marshal(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size)
+{
+    return TSS_TPM2B_CREATION_DATA_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+
+
+
+TPM_RC
+TSS_Startup_In_Marshal(const Startup_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Startup_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Shutdown_In_Marshal(const Shutdown_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Shutdown_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SelfTest_In_Marshal(const SelfTest_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_SelfTest_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_IncrementalSelfTest_In_Marshal(const IncrementalSelfTest_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_IncrementalSelfTest_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_StartAuthSession_In_Marshal(const StartAuthSession_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_StartAuthSession_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyRestart_In_Marshal(const PolicyRestart_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyRestart_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Create_In_Marshal(const Create_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Create_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Load_In_Marshal(const Load_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Load_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_LoadExternal_In_Marshal(const LoadExternal_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_LoadExternal_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ReadPublic_In_Marshal(const ReadPublic_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ReadPublic_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ActivateCredential_In_Marshal(const ActivateCredential_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ActivateCredential_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_MakeCredential_In_Marshal(const MakeCredential_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_MakeCredential_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Unseal_In_Marshal(const Unseal_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Unseal_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ObjectChangeAuth_In_Marshal(const ObjectChangeAuth_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ObjectChangeAuth_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_CreateLoaded_In_Marshal(const CreateLoaded_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_CreateLoaded_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Duplicate_In_Marshal(const Duplicate_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Duplicate_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Rewrap_In_Marshal(const Rewrap_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Rewrap_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Import_In_Marshal(const Import_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Import_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_RSA_Encrypt_In_Marshal(const RSA_Encrypt_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_RSA_Encrypt_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_RSA_Decrypt_In_Marshal(const RSA_Decrypt_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_RSA_Decrypt_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ECDH_KeyGen_In_Marshal(const ECDH_KeyGen_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ECDH_KeyGen_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ECDH_ZGen_In_Marshal(const ECDH_ZGen_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ECDH_ZGen_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ECC_Parameters_In_Marshal(const ECC_Parameters_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ECC_Parameters_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ZGen_2Phase_In_Marshal(const ZGen_2Phase_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ZGen_2Phase_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EncryptDecrypt_In_Marshal(const EncryptDecrypt_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_EncryptDecrypt_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EncryptDecrypt2_In_Marshal(const EncryptDecrypt2_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_EncryptDecrypt2_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Hash_In_Marshal(const Hash_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Hash_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HMAC_In_Marshal(const HMAC_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_HMAC_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetRandom_In_Marshal(const GetRandom_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetRandom_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_StirRandom_In_Marshal(const StirRandom_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_StirRandom_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HMAC_Start_In_Marshal(const HMAC_Start_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_HMAC_Start_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HashSequenceStart_In_Marshal(const HashSequenceStart_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_HashSequenceStart_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SequenceUpdate_In_Marshal(const SequenceUpdate_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_SequenceUpdate_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SequenceComplete_In_Marshal(const SequenceComplete_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_SequenceComplete_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EventSequenceComplete_In_Marshal(const EventSequenceComplete_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_EventSequenceComplete_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Certify_In_Marshal(const Certify_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Certify_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_CertifyCreation_In_Marshal(const CertifyCreation_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_CertifyCreation_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Quote_In_Marshal(const Quote_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Quote_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetSessionAuditDigest_In_Marshal(const GetSessionAuditDigest_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetSessionAuditDigest_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetCommandAuditDigest_In_Marshal(const GetCommandAuditDigest_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetCommandAuditDigest_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetTime_In_Marshal(const GetTime_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetTime_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Commit_In_Marshal(const Commit_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Commit_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EC_Ephemeral_In_Marshal(const EC_Ephemeral_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_EC_Ephemeral_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_VerifySignature_In_Marshal(const VerifySignature_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_VerifySignature_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Sign_In_Marshal(const Sign_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Sign_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SetCommandCodeAuditStatus_In_Marshal(const SetCommandCodeAuditStatus_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_SetCommandCodeAuditStatus_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Extend_In_Marshal(const PCR_Extend_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Extend_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Event_In_Marshal(const PCR_Event_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Event_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Read_In_Marshal(const PCR_Read_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Read_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Allocate_In_Marshal(const PCR_Allocate_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Allocate_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_SetAuthPolicy_In_Marshal(const PCR_SetAuthPolicy_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_SetAuthPolicy_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_SetAuthValue_In_Marshal(const PCR_SetAuthValue_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_SetAuthValue_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Reset_In_Marshal(const PCR_Reset_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Reset_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicySigned_In_Marshal(const PolicySigned_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicySigned_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicySecret_In_Marshal(const PolicySecret_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicySecret_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyTicket_In_Marshal(const PolicyTicket_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyTicket_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyOR_In_Marshal(const PolicyOR_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyOR_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyPCR_In_Marshal(const PolicyPCR_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyPCR_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyLocality_In_Marshal(const PolicyLocality_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyLocality_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyNV_In_Marshal(const PolicyNV_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyNV_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyCounterTimer_In_Marshal(const PolicyCounterTimer_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyCounterTimer_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyCommandCode_In_Marshal(const PolicyCommandCode_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyCommandCode_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyPhysicalPresence_In_Marshal(const PolicyPhysicalPresence_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyPhysicalPresence_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyCpHash_In_Marshal(const PolicyCpHash_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyCpHash_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyNameHash_In_Marshal(const PolicyNameHash_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyNameHash_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyDuplicationSelect_In_Marshal(const PolicyDuplicationSelect_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyDuplicationSelect_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyAuthorize_In_Marshal(const PolicyAuthorize_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyAuthorize_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyAuthValue_In_Marshal(const PolicyAuthValue_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyAuthValue_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyPassword_In_Marshal(const PolicyPassword_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyPassword_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyGetDigest_In_Marshal(const PolicyGetDigest_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyGetDigest_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyNvWritten_In_Marshal(const PolicyNvWritten_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyNvWritten_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyTemplate_In_Marshal(const PolicyTemplate_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyTemplate_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyAuthorizeNV_In_Marshal(const PolicyAuthorizeNV_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyAuthorizeNV_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_CreatePrimary_In_Marshal(const CreatePrimary_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_CreatePrimary_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HierarchyControl_In_Marshal(const HierarchyControl_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_HierarchyControl_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SetPrimaryPolicy_In_Marshal(const SetPrimaryPolicy_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_SetPrimaryPolicy_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ChangePPS_In_Marshal(const ChangePPS_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ChangePPS_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ChangeEPS_In_Marshal(const ChangeEPS_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ChangeEPS_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Clear_In_Marshal(const Clear_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_Clear_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ClearControl_In_Marshal(const ClearControl_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ClearControl_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HierarchyChangeAuth_In_Marshal(const HierarchyChangeAuth_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_HierarchyChangeAuth_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_DictionaryAttackLockReset_In_Marshal(const DictionaryAttackLockReset_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_DictionaryAttackLockReset_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_DictionaryAttackParameters_In_Marshal(const DictionaryAttackParameters_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_DictionaryAttackParameters_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PP_Commands_In_Marshal(const PP_Commands_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_PP_Commands_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SetAlgorithmSet_In_Marshal(const SetAlgorithmSet_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_SetAlgorithmSet_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ContextSave_In_Marshal(const ContextSave_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ContextSave_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ContextLoad_In_Marshal(const ContextLoad_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ContextLoad_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_FlushContext_In_Marshal(const FlushContext_In *source, uint16_t *written, BYTE **buffer, int32_t *size) 
+{
+    return TSS_FlushContext_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EvictControl_In_Marshal(const EvictControl_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_EvictControl_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ClockSet_In_Marshal(const ClockSet_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ClockSet_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ClockRateAdjust_In_Marshal(const ClockRateAdjust_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_ClockRateAdjust_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetCapability_In_Marshal(const GetCapability_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetCapability_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_TestParms_In_Marshal(const TestParms_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_TestParms_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_DefineSpace_In_Marshal(const NV_DefineSpace_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_DefineSpace_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_UndefineSpace_In_Marshal(const NV_UndefineSpace_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_UndefineSpace_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_UndefineSpaceSpecial_In_Marshal(const NV_UndefineSpaceSpecial_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_UndefineSpaceSpecial_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_ReadPublic_In_Marshal(const NV_ReadPublic_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_ReadPublic_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Write_In_Marshal(const NV_Write_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Write_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Increment_In_Marshal(const NV_Increment_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Increment_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Extend_In_Marshal(const NV_Extend_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Extend_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_SetBits_In_Marshal(const NV_SetBits_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_SetBits_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_WriteLock_In_Marshal(const NV_WriteLock_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_WriteLock_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_GlobalWriteLock_In_Marshal(const NV_GlobalWriteLock_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_GlobalWriteLock_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Read_In_Marshal(const NV_Read_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Read_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_ReadLock_In_Marshal(const NV_ReadLock_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_ReadLock_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_ChangeAuth_In_Marshal(const NV_ChangeAuth_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_ChangeAuth_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Certify_In_Marshal(const NV_Certify_In *source, uint16_t *written, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Certify_In_Marshalu(source, written, buffer, (uint32_t *)size);
+}
+
+
+
+TPM_RC
+TSS_IncrementalSelfTest_Out_Unmarshal(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_IncrementalSelfTest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetTestResult_Out_Unmarshal(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetTestResult_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_StartAuthSession_Out_Unmarshal(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_StartAuthSession_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Create_Out_Unmarshal(Create_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Create_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Load_Out_Unmarshal(Load_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Load_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_LoadExternal_Out_Unmarshal(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_LoadExternal_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ReadPublic_Out_Unmarshal(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ReadPublic_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ActivateCredential_Out_Unmarshal(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ActivateCredential_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_MakeCredential_Out_Unmarshal(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_MakeCredential_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Unseal_Out_Unmarshal(Unseal_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Unseal_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ObjectChangeAuth_Out_Unmarshal(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ObjectChangeAuth_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_CreateLoaded_Out_Unmarshal(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_CreateLoaded_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Duplicate_Out_Unmarshal(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Duplicate_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Rewrap_Out_Unmarshal(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Rewrap_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Import_Out_Unmarshal(Import_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Import_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_RSA_Encrypt_Out_Unmarshal(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_RSA_Encrypt_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_RSA_Decrypt_Out_Unmarshal(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_RSA_Decrypt_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ECDH_KeyGen_Out_Unmarshal(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ECDH_KeyGen_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ECDH_ZGen_Out_Unmarshal(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ECDH_ZGen_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ECC_Parameters_Out_Unmarshal(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ECC_Parameters_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ZGen_2Phase_Out_Unmarshal(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ZGen_2Phase_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EncryptDecrypt_Out_Unmarshal(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_EncryptDecrypt_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EncryptDecrypt2_Out_Unmarshal(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_EncryptDecrypt2_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Hash_Out_Unmarshal(Hash_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Hash_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HMAC_Out_Unmarshal(HMAC_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_HMAC_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetRandom_Out_Unmarshal(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetRandom_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HMAC_Start_Out_Unmarshal(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_HMAC_Start_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_HashSequenceStart_Out_Unmarshal(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_HashSequenceStart_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_SequenceComplete_Out_Unmarshal(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_SequenceComplete_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EventSequenceComplete_Out_Unmarshal(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_EventSequenceComplete_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Certify_Out_Unmarshal(Certify_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Certify_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_CertifyCreation_Out_Unmarshal(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_CertifyCreation_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Quote_Out_Unmarshal(Quote_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Quote_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetSessionAuditDigest_Out_Unmarshal(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetSessionAuditDigest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetCommandAuditDigest_Out_Unmarshal(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetCommandAuditDigest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetTime_Out_Unmarshal(GetTime_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetTime_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Commit_Out_Unmarshal(Commit_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Commit_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_EC_Ephemeral_Out_Unmarshal(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_EC_Ephemeral_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_VerifySignature_Out_Unmarshal(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_VerifySignature_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_Sign_Out_Unmarshal(Sign_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_Sign_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Event_Out_Unmarshal(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Event_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Read_Out_Unmarshal(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Read_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PCR_Allocate_Out_Unmarshal(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_PCR_Allocate_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicySigned_Out_Unmarshal(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicySigned_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicySecret_Out_Unmarshal(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicySecret_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_PolicyGetDigest_Out_Unmarshal(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_PolicyGetDigest_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_CreatePrimary_Out_Unmarshal(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_CreatePrimary_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ContextSave_Out_Unmarshal(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ContextSave_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ContextLoad_Out_Unmarshal(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ContextLoad_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_ReadClock_Out_Unmarshal(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_ReadClock_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_GetCapability_Out_Unmarshal(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_GetCapability_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_ReadPublic_Out_Unmarshal(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_ReadPublic_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Read_Out_Unmarshal(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Read_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+TPM_RC
+TSS_NV_Certify_Out_Unmarshal(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, int32_t *size)
+{
+    return TSS_NV_Certify_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
+
+#endif	/* TPM_TSS_NODEPRECATED */
+#endif /* TPM 2.0 */
diff --git a/utils/tssmarshal12.c b/utils/tssmarshal12.c
new file mode 100644
index 000000000..43d6b553b
--- /dev/null
+++ b/utils/tssmarshal12.c
@@ -0,0 +1,1136 @@
+/********************************************************************************/
+/*										*/
+/*			 TSS Marshal and Unmarshal    				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssmarshal12.c 1285 2018-07-27 18:33:41Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifdef TPM_TPM12
+
+#include <string.h>
+
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/Unmarshal12_fp.h>
+#include <ibmtss/tssmarshal12.h>
+
+/* The marshaling functions are slightly different from the TPM side.  The TPM assumes that all
+   structures are trusted, and so has no error checking.  The TSS side makes no such assumption.
+
+   The prototype pattern is:
+
+   Return:
+
+   An extra return code, TSS_RC_INSUFFICIENT_BUFFER, indicates that the supplied buffer size is too
+   small.  The TPM functions assert.
+
+   'source' is the structure to be marshaled, the same as the TPM functions.
+   'written' is the __additional__ number of bytes written, the value that the TPM returns.
+   'buffer' is the buffer written, the same as the TPM functions.
+   ' size' is the remaining size of the buffer, the same as the TPM functions.
+
+   If 'buffer' is NULL, 'written' is updated but no marshaling is performed.  This is used in a two
+   pass pattern, where the first pass returns the size of the buffer to be malloc'ed.
+
+   If 'size' is NULL, the source is unmarshaled without a size check.  The caller must ensure that
+   the buffer is sufficient, often due to a malloc after the first pass.  */
+
+/*Unmarshal
+  Command parameter marshaling
+*/
+
+TPM_RC
+TSS_ActivateIdentity_In_Marshalu(const ActivateIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->idKeyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->blobSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->blob, source->blobSize, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_CreateEndorsementKeyPair_In_Marshalu(const CreateEndorsementKeyPair_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->antiReplay, TPM_NONCE_SIZE, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Marshalu(&source->keyInfo, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_CreateWrapKey_In_Marshalu(const CreateWrapKey_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->dataUsageAuth, SHA1_DIGEST_SIZE, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->dataMigrationAuth, SHA1_DIGEST_SIZE, written, buffer, size);	
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Marshalu(&source->keyInfo, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Extend_In_Marshalu(const Extend_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->pcrNum, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->inDigest, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_FlushSpecific_In_Marshalu(const FlushSpecific_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->handle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->resourceType, written, buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_GetCapability12_In_Marshalu(const GetCapability12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->capArea, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->subCapSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->subCap, source->subCapSize, written, buffer, size);	
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_LoadKey2_In_Marshalu(const LoadKey2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->parentHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Marshalu(&source->inKey, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_MakeIdentity_In_Marshalu(const MakeIdentity_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->identityAuth, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->labelPrivCADigest, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Marshalu(&source->idKeyParams, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_DefineSpace12_In_Marshalu(const NV_DefineSpace12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_NV_DATA_PUBLIC_Marshalu(&source->pubInfo, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->encAuth, SHA1_DIGEST_SIZE, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_ReadValueAuth_In_Marshalu(const NV_ReadValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_ReadValue_In_Marshalu(const NV_ReadValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_WriteValue_In_Marshalu(const NV_WriteValue_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->data, source->dataSize, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_WriteValueAuth_In_Marshalu(const NV_WriteValueAuth_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->nvIndex , written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->offset, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->data, source->dataSize, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_OwnerReadInternalPub_In_Marshalu(const OwnerReadInternalPub_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    return rc;
+}						  
+ 
+TPM_RC
+TSS_OwnerSetDisable_In_Marshalu(const OwnerSetDisable_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->disableState, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_OSAP_In_Marshalu(const OSAP_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->entityType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->entityValue, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->nonceOddOSAP, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    return rc;
+}						  
+ 
+TPM_RC
+TSS_PcrRead12_In_Marshalu(const PcrRead12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->pcrIndex, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_PCR_Reset12_In_Marshalu(const PCR_Reset12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+    	rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->pcrSelection, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Quote2_In_Marshalu(const Quote2_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->externalData, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->targetPCR, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->addVersion, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_ReadPubek_In_Marshalu(const ReadPubek_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->antiReplay, TPM_NONCE_SIZE, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Sign12_In_Marshalu(const Sign12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->keyHandle, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->areaToSignSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->areaToSign, source->areaToSignSize, written, buffer, size);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Startup12_In_Marshalu(const Startup12_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_STARTUP_TYPE_Marshalu(&source->startupType, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TakeOwnership_In_Marshalu(const TakeOwnership_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->protocolID, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->encOwnerAuthSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->encOwnerAuth, source->encOwnerAuthSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->encSrkAuthSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->encSrkAuth, source->encSrkAuthSize, written, buffer, size);	
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Marshalu(&source->srkParams, written, buffer, size);
+    }
+    return rc;
+}
+
+/*
+  Response parameter unmarshaling
+*/
+
+TPM_RC
+TSS_ActivateIdentity_Out_Unmarshalu(ActivateIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_TPM_SYMMETRIC_KEY_Unmarshalu(&target->symmetricKey, buffer, size);
+    } 
+    return rc;
+}
+
+TPM_RC
+TSS_CreateEndorsementKeyPair_Out_Unmarshalu(CreateEndorsementKeyPair_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_TPM_PUBKEY_Unmarshalu(&target->pubEndorsementKey, buffer, size);
+    } 
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->checksum, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_CreateWrapKey_Out_Unmarshalu(CreateWrapKey_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_TPM_KEY12_Unmarshalu(&target->wrappedKey, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Extend_Out_Unmarshalu(Extend_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->outDigest, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_GetCapability12_Out_Unmarshalu(GetCapability12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->respSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->respSize > sizeof(target->resp)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->resp, target->respSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_LoadKey2_Out_Unmarshalu(LoadKey2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->inkeyHandle, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_MakeIdentity_Out_Unmarshalu(MakeIdentity_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Unmarshalu(&target->idKey, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->identityBindingSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->identityBindingSize > sizeof(target->identityBinding)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->identityBinding, target->identityBindingSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_ReadValueAuth_Out_Unmarshalu(NV_ReadValueAuth_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->dataSize > sizeof(target->data)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NV_ReadValue_Out_Unmarshalu(NV_ReadValue_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->dataSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->dataSize > sizeof(target->data)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->data, target->dataSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_OIAP_Out_Unmarshalu(OIAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->authHandle, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->nonceEven, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_OSAP_Out_Unmarshalu(OSAP_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->authHandle, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->nonceEven, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->nonceEvenOSAP, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_OwnerReadInternalPub_Out_Unmarshalu(OwnerReadInternalPub_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_TPM_PUBKEY_Unmarshalu(&target->publicPortion, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_PcrRead12_Out_Unmarshalu(PcrRead12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->outDigest, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Quote2_Out_Unmarshalu(Quote2_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+    	rc = TSS_TPM_PCR_INFO_SHORT_Unmarshalu(&target->pcrData, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->versionInfoSize, buffer, size);
+    }
+    if (rc == 0) {
+    	rc = TSS_TPM_CAP_VERSION_INFO_Unmarshalu(&target->versionInfo, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->sigSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->sigSize > sizeof(target->sig)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->sig, target->sigSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_Sign12_Out_Unmarshalu(Sign12_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+	rc = TSS_UINT32_Unmarshalu(&target->sigSize, buffer, size);
+    }
+    if (rc == 0) {
+	if (target->sigSize > sizeof(target->sig)) {
+	    rc = TPM_RC_SIZE;
+	}
+    }    
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->sig, target->sigSize, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_ReadPubek_Out_Unmarshalu(ReadPubek_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+    	rc = TSS_TPM_PUBKEY_Unmarshalu(&target->pubEndorsementKey, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Unmarshalu(target->checksum, SHA1_DIGEST_SIZE, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TakeOwnership_Out_Unmarshalu(TakeOwnership_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    tag = tag;
+    if (rc == 0) {
+    	rc = TSS_TPM_KEY12_Unmarshalu(&target->srkPub, buffer, size);
+    }
+    return rc;
+}
+
+/*
+  Structure marshaling
+*/
+
+TPM_RC
+TSS_TPM_STARTUP_TYPE_Marshalu(const TPM_STARTUP_TYPE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(source, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 5.0 */
+
+
+TPM_RC
+TSS_TPM_VERSION_Marshalu(const TPM_VERSION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->major, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->minor, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->revMajor, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->revMinor, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 8.0 */
+
+TPM_RC
+TSS_TPM_PCR_SELECTION_Marshalu(const TPM_PCR_SELECTION *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->sizeOfSelect, written, buffer, size);   
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->pcrSelect, source->sizeOfSelect, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_PCR_INFO_LONG;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);                      
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->localityAtCreation, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->localityAtRelease, written, buffer, size);   
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->creationPCRSelection, written, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->releasePCRSelection, written, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->digestAtCreation, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->digestAtRelease, SHA1_DIGEST_SIZE, written, buffer, size); 
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_PCR_INFO_SHORT_Marshalu(const TPM_PCR_INFO_SHORT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{ 
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_SELECTION_Marshalu(&source->pcrSelection, written, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->localityAtRelease, written, buffer, size);   
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->digestAtRelease, SHA1_DIGEST_SIZE, written, buffer, size); 
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM4B_TPM_PCR_INFO_LONG_Marshalu(const TPM_PCR_INFO_LONG *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint32_t);	/* skip size */
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_LONG_Marshalu(source, &sizeWritten, buffer, size);
+    }
+    if (rc == 0) {
+	uint32_t sizeWritten32;
+	*written += sizeWritten;
+	sizeWritten32 = sizeWritten;	/* back fill size */
+	if (buffer != NULL) {
+	    rc = TSS_UINT32_Marshalu(&sizeWritten32, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint32_t);
+	}
+    }
+    return rc;
+}
+
+/* 9.0 */
+
+TPM_RC
+TSS_TPM_SYMMETRIC_KEY_Marshalu(const TPM_SYMMETRIC_KEY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->algId, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->encScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->size, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->data, source->size, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 10.0 */
+
+TPM_RC
+TSS_TPM_RSA_KEY_PARMS_Marshalu(const TPM_RSA_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->keyLength, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->numPrimes, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->exponentSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->exponent, source->exponentSize, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    switch (selector) {
+      case TPM_ALG_RSA:		/* A structure of type TPM_RSA_KEY_PARMS */
+	rc = TSS_TPM_RSA_KEY_PARMS_Marshalu(&source->rsaParms, written, buffer, size);
+	break;
+      case TPM_ALG_AES128:	/* A structure of type TPM_SYMMETRIC_KEY_PARMS */
+	/* not implemented yet */
+      default:
+	rc = TPM_RC_SELECTOR;
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM4B_TPMU_PARMS_Marshalu(const TPMU_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size, uint32_t selector)
+{
+    TPM_RC rc = 0;
+    uint16_t sizeWritten = 0;	/* of structure */
+    BYTE *sizePtr;
+
+    if (buffer != NULL) {
+	sizePtr = *buffer;
+	*buffer += sizeof(uint32_t);	/* skip size */
+    }
+    if (rc == 0) {
+	rc = TSS_TPMU_PARMS_Marshalu(source, &sizeWritten, buffer, size, selector);
+    }
+    if (rc == 0) {
+	uint32_t sizeWritten32;
+	*written += sizeWritten;
+	sizeWritten32 = sizeWritten;	/* back fill size */
+	if (buffer != NULL) {
+	    rc = TSS_UINT32_Marshalu(&sizeWritten32, written, &sizePtr, size);
+	}
+	else {
+	    *written += sizeof(uint32_t);
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_KEY_PARMS_Marshalu(const TPM_KEY_PARMS *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->algorithmID, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->encScheme, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->sigScheme, written, buffer, size); 
+    }
+    if (rc == 0) {
+	rc = TSS_TPM4B_TPMU_PARMS_Marshalu(&source->parms, written, buffer, size, source->algorithmID);	
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_STORE_PUBKEY_Marshalu(const TPM_STORE_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->keyLength, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->key, source->keyLength, written, buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_KEY12_PUBKEY_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Marshalu(&source->algorithmParms, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->pubKey, written, buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_PUBKEY_Marshalu(const TPM_PUBKEY *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Marshalu(&source->algorithmParms, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->pubKey, written, buffer, size);
+    }
+    return rc;
+}						  
+
+TPM_RC
+TSS_TPM_KEY12_Marshalu(const TPM_KEY12 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_KEY12;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	uint16_t fill = 0;
+	rc = TSS_UINT16_Marshalu(&fill, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->keyUsage, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->keyFlags, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->authDataUsage, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_KEY_PARMS_Marshalu(&source->algorithmParms, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM4B_TPM_PCR_INFO_LONG_Marshalu(&source->PCRInfo, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->pubKey, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_STORE_PUBKEY_Marshalu(&source->encData, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 11.0 */
+
+TPM_RC
+TSS_TPM_QUOTE_INFO2_Marshalu(const TPM_QUOTE_INFO2 *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_QUOTE_INFO2;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->fixed, 4, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->externalData, TPM_NONCE_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->infoShort, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 12.0 */
+
+TPM_RC
+TSS_TPM_EK_BLOB_Marshalu(const TPM_EK_BLOB *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_EK_BLOB;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->ekType, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->blobSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->blob, source->blobSize, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_EK_BLOB_ACTIVATE_Marshalu(const TPM_EK_BLOB_ACTIVATE *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_EK_BLOB_ACTIVATE;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_SYMMETRIC_KEY_Marshalu(&source->sessionKey, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->idDigest, SHA1_DIGEST_SIZE, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->pcrInfo, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 19.0 */
+
+TPM_RC
+TSS_TPM_NV_ATTRIBUTES_Marshalu(const TPM_NV_ATTRIBUTES *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0; 
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_NV_ATTRIBUTES;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->attributes, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_TPM_NV_DATA_PUBLIC_Marshalu(const TPM_NV_DATA_PUBLIC *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	uint16_t tag = TPM_TAG_NV_DATA_PUBLIC;
+	rc = TSS_UINT16_Marshalu(&tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->nvIndex, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->pcrInfoRead, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_PCR_INFO_SHORT_Marshalu(&source->pcrInfoWrite, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_NV_ATTRIBUTES_Marshalu(&source->permission, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->bReadSTClear, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->bWriteSTClear, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->bWriteDefine, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT32_Marshalu(&source->dataSize, written, buffer, size);
+    }
+    return rc;
+}
+
+/* 21.0 */
+
+TPM_RC
+TSS_TPM_CAP_VERSION_INFO_Marshalu(const TPM_CAP_VERSION_INFO *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->tag, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_TPM_VERSION_Marshalu(&source->version, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->specLevel, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT8_Marshalu(&source->errataRev, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->tpmVendorID, 4, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_UINT16_Marshalu(&source->vendorSpecificSize, written, buffer, size);
+    }
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu(source->vendorSpecific, source->vendorSpecificSize, written, buffer, size);
+    }
+    return rc;
+} ;
+
+#endif		/* TPM_TPM12 */
diff --git a/utils/tssntc.c b/utils/tssntc.c
new file mode 100644
index 000000000..2b76602e6
--- /dev/null
+++ b/utils/tssntc.c
@@ -0,0 +1,128 @@
+/********************************************************************************/
+/*										*/
+/*		     	TPM2 Nuvoton Proprietary Commands			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssntc.c 1285 2018-07-27 18:33:41Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2017					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tssprint.h>
+#include "tssntc.h"
+
+/* Marshal and Unmarshal Functions */
+
+TPM_RC
+TSS_NTC2_CFG_STRUCT_Unmarshalu(NTC2_CFG_STRUCT *target, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+
+    /* assumes that the NTC2_CFG_STRUCT structure are all uint8_t so that there are no endian
+       issues */
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_Array_Unmarshalu((BYTE *)target, sizeof(NTC2_CFG_STRUCT), buffer, size);
+    }
+    return rc;
+}
+    
+TPM_RC
+TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_Array_Marshalu((BYTE *)source, sizeof(NTC2_CFG_STRUCT), written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NTC2_PreConfig_In_Unmarshalu(NTC2_PreConfig_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[])
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    handles = handles;
+
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_NTC2_CFG_STRUCT_Unmarshalu(&target->preConfig, buffer, size);	
+	if (rc != TPM_RC_SUCCESS) {	
+	    rc += RC_NTC2_PreConfig_preConfig;
+	}
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NTC2_PreConfig_In_Marshalu(NTC2_PreConfig_In *source, uint16_t *written, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = 0;
+    if (rc == 0) {
+	rc = TSS_NTC2_CFG_STRUCT_Marshal(&source->preConfig, written, buffer, size);
+    }
+    return rc;
+}
+
+TPM_RC
+TSS_NTC2_GetConfig_Out_Unmarshalu(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size)
+{
+    TPM_RC rc = TPM_RC_SUCCESS;
+    tag = tag;
+    
+    if (rc == TPM_RC_SUCCESS) {
+	rc = TSS_NTC2_CFG_STRUCT_Unmarshalu(&target->preConfig, buffer, size);
+    }
+    return rc;
+}
+
+/* These functions are deprecated.  They were adapted from the TPM side, but the signed size
+   caused static analysis tool warnings. */
+    
+TPM_RC
+NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size)
+{
+    return TSS_NTC2_CFG_STRUCT_Unmarshalu(target, buffer, (uint32_t *)size);
+}
+TPM_RC
+NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[])
+{
+    return TSS_NTC2_PreConfig_In_Unmarshalu(target, buffer, (uint32_t *)size, handles);
+}
+TPM_RC
+TSS_NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size)
+{
+    return TSS_NTC2_GetConfig_Out_Unmarshalu(target, tag, buffer, (uint32_t *)size);
+}
diff --git a/utils/tssntc.h b/utils/tssntc.h
new file mode 100644
index 000000000..e9cf1e4e6
--- /dev/null
+++ b/utils/tssntc.h
@@ -0,0 +1,81 @@
+/********************************************************************************/
+/*										*/
+/*		     	Nuvoton Command Common Routines				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssntc.h 1285 2018-07-27 18:33:41Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2018					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSSNTC2_H
+#define TSSNTC2_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/TPM_Types.h>
+#include "Commands_fp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC
+    TSS_NTC2_CFG_STRUCT_Unmarshalu(NTC2_CFG_STRUCT *target, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NTC2_PreConfig_In_Unmarshalu(NTC2_PreConfig_In *target, BYTE **buffer, uint32_t *size, TPM_HANDLE handles[]);
+    TPM_RC
+    TSS_NTC2_PreConfig_In_Marshalu(NTC2_PreConfig_In *source, uint16_t *written, BYTE **buffer, uint32_t *size);
+    TPM_RC
+    TSS_NTC2_GetConfig_Out_Unmarshalu(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, uint32_t *size);
+
+    /* These functions are deprecated.  They were adapted from the TPM side, but the signed size
+    caused static analysis tool warnings. */
+
+    TPM_RC
+    NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size);
+    TPM_RC
+    NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]);
+    TPM_RC
+    TSS_NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size);
+
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/tssprint.c b/utils/tssprint.c
new file mode 100644
index 000000000..72ed885c2
--- /dev/null
+++ b/utils/tssprint.c
@@ -0,0 +1,2347 @@
+/********************************************************************************/
+/*										*/
+/*			     Structure Print and Scan Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssutils.h>
+
+#include <ibmtss/tssprint.h>
+
+extern int tssVerbose;
+
+#ifdef TPM_TSS_NO_PRINT
+
+/* false to compile out printf */
+int tssSwallowRc = 0;
+/* function prototype to match the printf prototype */
+int TSS_SwallowPrintf(const char *format, ...)
+{
+    format = format;
+    return 0;
+}
+
+#endif
+
+#ifndef TPM_TSS_NOFILE
+/* TSS_Array_Scan() converts a string to a binary array */
+
+uint32_t TSS_Array_Scan(unsigned char **data,	/* output binary, freed by caller */
+			size_t *len,
+			const char *string)	/* input string */
+{
+    uint32_t rc = 0;
+    size_t strLength;
+    
+    if (rc == 0) {
+	strLength = strlen(string);
+	if ((strLength %2) != 0) {
+	    if (tssVerbose) printf("TSS_Array_Scan: Error, string length %lu is not even\n",
+				   (unsigned long)strLength);
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+    if (rc == 0) {
+	*len = strLength / 2;		/* safe because already tested for even number of bytes */
+        rc = TSS_Malloc(data, (*len) + 8);
+    }
+    if (rc == 0) {
+	unsigned int i;
+	for (i = 0 ; i < *len ; i++) {
+	    unsigned int tmpint;
+	    int irc = sscanf(string + (2*i), "%2x", &tmpint);
+	    *((*data)+i) = tmpint;
+	    if (irc != 1) {
+		if (tssVerbose) printf("TSS_Array_Scan: invalid hexascii\n");
+		rc = TSS_RC_BAD_PROPERTY_VALUE;
+	    }
+	}
+    }
+    return rc;
+}
+#endif /* TPM_TSS_NOFILE */
+
+/* TSS_PrintAll() prints 'string', the length, and then the entire byte array
+ */
+
+void TSS_PrintAll(const char *string, const unsigned char* buff, uint32_t length)
+{
+    TSS_PrintAlli(string, 1, buff, length);
+}
+
+/* TSS_PrintAlli() prints 'string', the length, and then the entire byte array
+   
+   Each line indented 'indent' spaces.
+*/
+
+void TSS_PrintAlli(const char *string, unsigned int indent, const unsigned char* buff, uint32_t length)
+{
+    TSS_PrintAllLogLevel(LOGLEVEL_DEBUG, string, indent, buff, length);
+}
+
+/* TSS_PrintAllLogLevel() prints based on loglevel the 'string', the length, and then the entire
+   byte array
+
+   loglevel LOGLEVEL_DEBUG prints the length and prints the array with a newline every 16 bytes.
+   otherwise prints no length and prints the array with no newlines.
+
+*/
+
+void TSS_PrintAllLogLevel(uint32_t loglevel, const char *string, unsigned int indent,
+			  const unsigned char* buff, uint32_t length)
+{
+    uint32_t i;
+    if (buff != NULL) {
+        if (loglevel == LOGLEVEL_DEBUG) {
+	    printf("%*s" "%s length %u\n" "%*s", indent, "", string, length, indent, "");
+	}
+        else {
+	    printf("%*s" "%s" "%*s", indent, "", string, indent, "");
+	}
+        for (i = 0 ; i < length ; i++) {
+            if ((loglevel == LOGLEVEL_DEBUG) && i && !( i % 16 )) {
+                printf("\n" "%*s", indent, "");
+	    }
+            printf("%.2x ",buff[i]);
+        }
+	printf("\n");
+    }
+    else {
+        printf("%*s" "%s null\n", indent, "", string);
+    }
+    return;
+}
+
+#ifndef TPM_TSS_NO_PRINT
+#ifdef TPM_TPM20
+
+void TSS_TPM2B_Print(const char *string, unsigned int indent, TPM2B *source)
+{
+    TSS_PrintAlli(string, indent, source->buffer, source->size);
+    return;
+}
+
+/* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> */
+
+void TSS_TPM_ALG_ID_Print(const char *string, TPM_ALG_ID source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case  ALG_RSA_VALUE:
+	printf("%s TPM_ALG_RSA\n", string);
+	break;
+      case  ALG_TDES_VALUE:
+	printf("%s TPM_ALG_TDES\n", string);
+	break;
+      case  ALG_SHA1_VALUE:
+	printf("%s TPM_ALG_SHA1\n", string);
+	break;
+      case  ALG_HMAC_VALUE:
+	printf("%s TPM_ALG_HMAC\n", string);
+	break;
+      case  ALG_AES_VALUE:
+	printf("%s TPM_ALG_AES\n", string);
+	break;
+      case  ALG_MGF1_VALUE:
+	printf("%s TPM_ALG_MGF1\n", string);
+	break;
+      case  ALG_KEYEDHASH_VALUE:
+	printf("%s TPM_ALG_KEYEDHASH\n", string);
+	break;
+      case  ALG_XOR_VALUE:
+	printf("%s TPM_ALG_XOR\n", string);
+	break;
+      case  ALG_SHA256_VALUE:
+	printf("%s TPM_ALG_SHA256\n", string);
+	break;
+      case  ALG_SHA384_VALUE:
+	printf("%s TPM_ALG_SHA384\n", string);
+	break;
+      case  ALG_SHA512_VALUE:
+	printf("%s TPM_ALG_SHA512\n", string);
+	break;
+      case  ALG_NULL_VALUE:
+	printf("%s TPM_ALG_NULL\n", string);
+	break;
+      case  ALG_SM3_256_VALUE:
+	printf("%s TPM_ALG_SM3_256\n", string);
+	break;
+      case  ALG_SM4_VALUE:
+	printf("%s TPM_ALG_SM4\n", string);
+	break;
+      case  ALG_RSASSA_VALUE:
+	printf("%s TPM_ALG_RSASSA\n", string);
+	break;
+      case  ALG_RSAES_VALUE:
+	printf("%s TPM_ALG_RSAES\n", string);
+	break;
+      case  ALG_RSAPSS_VALUE:
+	printf("%s TPM_ALG_RSAPSS\n", string);
+	break;
+      case  ALG_OAEP_VALUE:
+	printf("%s TPM_ALG_OAEP\n", string);
+	break;
+      case  ALG_ECDSA_VALUE:
+	printf("%s TPM_ALG_ECDSA\n", string);
+	break;
+      case  ALG_ECDH_VALUE:
+	printf("%s TPM_ALG_ECDH\n", string);
+	break;
+      case  ALG_ECDAA_VALUE:
+	printf("%s TPM_ALG_ECDAA\n", string);
+	break;
+      case  ALG_SM2_VALUE:
+	printf("%s TPM_ALG_SM2\n", string);
+	break;
+      case  ALG_ECSCHNORR_VALUE:
+	printf("%s TPM_ALG_ECSCHNORR\n", string);
+	break;
+      case  ALG_ECMQV_VALUE:
+	printf("%s TPM_ALG_ECMQV\n", string);
+	break;
+      case  ALG_KDF1_SP800_56A_VALUE:
+	printf("%s TPM_ALG_KDF1_SP800_56A\n", string);
+	break;
+      case  ALG_KDF2_VALUE:
+	printf("%s TPM_ALG_KDF2\n", string);
+	break;
+      case  ALG_KDF1_SP800_108_VALUE:
+	printf("%s TPM_ALG_KDF1_SP800_108\n", string);
+	break;
+      case  ALG_ECC_VALUE:
+	printf("%s TPM_ALG_ECC\n", string);
+	break;
+      case  ALG_SYMCIPHER_VALUE:
+	printf("%s TPM_ALG_SYMCIPHER\n", string);
+	break;
+      case  ALG_CAMELLIA_VALUE:
+	printf("%s TPM_ALG_CAMELLIA\n", string);
+	break;
+      case ALG_SHA3_256_VALUE:
+	printf("%s TPM_ALG_SHA3_256\n", string);
+	break;
+      case ALG_SHA3_384_VALUE:
+	printf("%s TPM_ALG_SHA3_384\n", string);
+	break;
+      case ALG_SHA3_512_VALUE:
+	printf("%s TPM_ALG_SHA3_512\n", string);
+	break;
+      case ALG_CMAC_VALUE:
+	printf("%s TPM_ALG_CMAC\n", string);
+	break;
+      case  ALG_CTR_VALUE:
+	printf("%s TPM_ALG_CTR\n", string);
+	break;
+      case  ALG_OFB_VALUE:
+	printf("%s TPM_ALG_OFB\n", string);
+	break;
+      case  ALG_CBC_VALUE:
+	printf("%s TPM_ALG_CBC\n", string);
+	break;
+      case  ALG_CFB_VALUE:
+	printf("%s TPM_ALG_CFB\n", string);
+	break;
+      case  ALG_ECB_VALUE:
+	printf("%s TPM_ALG_ECB\n", string);
+	break;
+      default:
+	printf("%s TPM_ALG_ID value %04hx unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> */
+
+void TSS_TPM_ECC_CURVE_Print(const char *string, TPM_ECC_CURVE source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_ECC_NONE:
+	printf("%s TPM_ECC_NONE\n", string);
+	break;
+      case TPM_ECC_NIST_P192:
+	printf("%s TPM_ECC_NIST_P192\n", string);
+	break;
+      case TPM_ECC_NIST_P224:
+	printf("%s TPM_ECC_NIST_P224\n", string);
+	break;
+      case TPM_ECC_NIST_P256:
+	printf("%s TPM_ECC_NIST_P256\n", string);
+	break;
+      case TPM_ECC_NIST_P384:
+	printf("%s TPM_ECC_NIST_P384\n", string);
+	break;
+      case TPM_ECC_NIST_P521:
+	printf("%s TPM_ECC_NIST_P521\n", string);
+	break;
+      case TPM_ECC_BN_P256:
+	printf("%s TPM_ECC_BN_P256\n", string);
+	break;
+      case TPM_ECC_BN_P638:
+	printf("%s TPM_ECC_BN_P638\n", string);
+	break;
+      case TPM_ECC_SM2_P256:
+	printf("%s TPM_ECC_SM2_P256\n", string);
+	break;
+      default:
+	printf("%s TPM_ECC_CURVE value %04hx unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 100 - Definition of TPMS_TAGGED_POLICY Structure <OUT> */
+
+void TSS_TPMS_TAGGED_POLICY_Print(TPMS_TAGGED_POLICY *source, unsigned int indent)
+{
+    TSS_TPM_HANDLE_Print("handle", source->handle, indent);
+    TSS_TPMT_HA_Print(&source->policyHash, indent);
+    return;
+}
+
+/* Table 12 - Definition of (UINT32) TPM_CC Constants (Numeric Order) <IN/OUT, S> */
+
+void TSS_TPM_CC_Print(const char *string, TPM_CC source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_CC_NV_UndefineSpaceSpecial:
+	printf("%s TPM_CC_NV_UndefineSpaceSpecial\n", string);
+	break;
+      case TPM_CC_EvictControl:
+	printf("%s TPM_CC_EvictControl\n", string);
+	break;
+      case TPM_CC_HierarchyControl:
+	printf("%s TPM_CC_HierarchyControl\n", string);
+	break;
+      case TPM_CC_NV_UndefineSpace:
+	printf("%s TPM_CC_NV_UndefineSpace\n", string);
+	break;
+      case TPM_CC_ChangeEPS:
+	printf("%s TPM_CC_ChangeEPS\n", string);
+	break;
+      case TPM_CC_ChangePPS:
+	printf("%s TPM_CC_ChangePPS\n", string);
+	break;
+      case TPM_CC_Clear:
+	printf("%s TPM_CC_Clear\n", string);
+	break;
+      case TPM_CC_ClearControl:
+	printf("%s TPM_CC_ClearControl\n", string);
+	break;
+      case TPM_CC_ClockSet:
+	printf("%s TPM_CC_ClockSet\n", string);
+	break;
+      case TPM_CC_HierarchyChangeAuth:
+	printf("%s TPM_CC_HierarchyChangeAuth\n", string);
+	break;
+      case TPM_CC_NV_DefineSpace:
+	printf("%s TPM_CC_NV_DefineSpace\n", string);
+	break;
+      case TPM_CC_PCR_Allocate:
+	printf("%s TPM_CC_PCR_Allocate\n", string);
+	break;
+      case TPM_CC_PCR_SetAuthPolicy:
+	printf("%s TPM_CC_PCR_SetAuthPolicy\n", string);
+	break;
+      case TPM_CC_PP_Commands:
+	printf("%s TPM_CC_PP_Commands\n", string);
+	break;
+      case TPM_CC_SetPrimaryPolicy:
+	printf("%s TPM_CC_SetPrimaryPolicy\n", string);
+	break;
+#if 0
+      case TPM_CC_FieldUpgradeStart:
+	printf("%s TPM_CC_FieldUpgradeStart\n", string);
+	break;
+#endif
+      case TPM_CC_ClockRateAdjust:
+	printf("%s TPM_CC_ClockRateAdjust\n", string);
+	break;
+      case TPM_CC_CreatePrimary:
+	printf("%s TPM_CC_CreatePrimary\n", string);
+	break;
+      case TPM_CC_NV_GlobalWriteLock:
+	printf("%s TPM_CC_NV_GlobalWriteLock\n", string);
+	break;
+      case TPM_CC_GetCommandAuditDigest:
+	printf("%s TPM_CC_GetCommandAuditDigest\n", string);
+	break;
+      case TPM_CC_NV_Increment:
+	printf("%s TPM_CC_NV_Increment\n", string);
+	break;
+      case TPM_CC_NV_SetBits:
+	printf("%s TPM_CC_NV_SetBits\n", string);
+	break;
+      case TPM_CC_NV_Extend:
+	printf("%s TPM_CC_NV_Extend\n", string);
+	break;
+      case TPM_CC_NV_Write:
+	printf("%s TPM_CC_NV_Write\n", string);
+	break;
+      case TPM_CC_NV_WriteLock:
+	printf("%s TPM_CC_NV_WriteLock\n", string);
+	break;
+      case TPM_CC_DictionaryAttackLockReset:
+	printf("%s TPM_CC_DictionaryAttackLockReset\n", string);
+	break;
+      case TPM_CC_DictionaryAttackParameters:
+	printf("%s TPM_CC_DictionaryAttackParameters\n", string);
+	break;
+      case TPM_CC_NV_ChangeAuth:
+	printf("%s TPM_CC_NV_ChangeAuth\n", string);
+	break;
+      case TPM_CC_PCR_Event:
+	printf("%s TPM_CC_PCR_Event\n", string);
+	break;
+      case TPM_CC_PCR_Reset:
+	printf("%s TPM_CC_PCR_Reset\n", string);
+	break;
+      case TPM_CC_SequenceComplete:
+	printf("%s TPM_CC_SequenceComplete\n", string);
+	break;
+      case TPM_CC_SetAlgorithmSet:
+	printf("%s TPM_CC_SetAlgorithmSet\n", string);
+	break;
+      case TPM_CC_SetCommandCodeAuditStatus:
+	printf("%s TPM_CC_SetCommandCodeAuditStatus\n", string);
+	break;
+#if 0
+      case TPM_CC_FieldUpgradeData:
+	printf("%s TPM_CC_FieldUpgradeData\n", string);
+	break;
+#endif
+      case TPM_CC_IncrementalSelfTest:
+	printf("%s TPM_CC_IncrementalSelfTest\n", string);
+	break;
+      case TPM_CC_SelfTest:
+	printf("%s TPM_CC_SelfTest\n", string);
+	break;
+      case TPM_CC_Startup:
+	printf("%s TPM_CC_Startup\n", string);
+	break;
+      case TPM_CC_Shutdown:
+	printf("%s TPM_CC_Shutdown\n", string);
+	break;
+      case TPM_CC_StirRandom:
+	printf("%s TPM_CC_StirRandom\n", string);
+	break;
+      case TPM_CC_ActivateCredential:
+	printf("%s TPM_CC_ActivateCredential\n", string);
+	break;
+      case TPM_CC_Certify:
+	printf("%s TPM_CC_Certify\n", string);
+	break;
+      case TPM_CC_PolicyNV:
+	printf("%s TPM_CC_PolicyNV\n", string);
+	break;
+      case TPM_CC_CertifyCreation:
+	printf("%s TPM_CC_CertifyCreation\n", string);
+	break;
+      case TPM_CC_Duplicate:
+	printf("%s TPM_CC_Duplicate\n", string);
+	break;
+      case TPM_CC_GetTime:
+	printf("%s TPM_CC_GetTime\n", string);
+	break;
+      case TPM_CC_GetSessionAuditDigest:
+	printf("%s TPM_CC_GetSessionAuditDigest\n", string);
+	break;
+      case TPM_CC_NV_Read:
+	printf("%s TPM_CC_NV_Read\n", string);
+	break;
+      case TPM_CC_NV_ReadLock:
+	printf("%s TPM_CC_NV_ReadLock\n", string);
+	break;
+      case TPM_CC_ObjectChangeAuth:
+	printf("%s TPM_CC_ObjectChangeAuth\n", string);
+	break;
+      case TPM_CC_PolicySecret:
+	printf("%s TPM_CC_PolicySecret\n", string);
+	break;
+      case TPM_CC_Rewrap:
+	printf("%s TPM_CC_Rewrap\n", string);
+	break;
+      case TPM_CC_Create:
+	printf("%s TPM_CC_Create\n", string);
+	break;
+      case TPM_CC_ECDH_ZGen:
+	printf("%s TPM_CC_ECDH_ZGen\n", string);
+	break;
+      case TPM_CC_HMAC:
+	printf("%s TPM_CC_HMAC\n", string);
+	break;
+#if 0
+      case TPM_CC_MAC:
+	printf("%s TPM_CC_MAC\n", string);
+	break;
+#endif
+      case TPM_CC_Import:
+	printf("%s TPM_CC_Import\n", string);
+	break;
+      case TPM_CC_Load:
+	printf("%s TPM_CC_Load\n", string);
+	break;
+      case TPM_CC_Quote:
+	printf("%s TPM_CC_Quote\n", string);
+	break;
+      case TPM_CC_RSA_Decrypt:
+	printf("%s TPM_CC_RSA_Decrypt\n", string);
+	break;
+      case TPM_CC_HMAC_Start:
+	printf("%s TPM_CC_HMAC_Start\n", string);
+	break;
+#if 0
+      case TPM_CC_MAC_Start:
+	printf("%s TPM_CC_MAC_Start\n", string);
+	break;
+#endif
+      case TPM_CC_SequenceUpdate:
+	printf("%s TPM_CC_SequenceUpdate\n", string);
+	break;
+      case TPM_CC_Sign:
+	printf("%s TPM_CC_Sign\n", string);
+	break;
+      case TPM_CC_Unseal:
+	printf("%s TPM_CC_Unseal\n", string);
+	break;
+      case TPM_CC_PolicySigned:
+	printf("%s TPM_CC_PolicySigned\n", string);
+	break;
+      case TPM_CC_ContextLoad:
+	printf("%s TPM_CC_ContextLoad\n", string);
+	break;
+      case TPM_CC_ContextSave:
+	printf("%s TPM_CC_ContextSave\n", string);
+	break;
+      case TPM_CC_ECDH_KeyGen:
+	printf("%s TPM_CC_ECDH_KeyGen\n", string);
+	break;
+      case TPM_CC_EncryptDecrypt:
+	printf("%s TPM_CC_EncryptDecrypt\n", string);
+	break;
+      case TPM_CC_FlushContext:
+	printf("%s TPM_CC_FlushContext\n", string);
+	break;
+      case TPM_CC_LoadExternal:
+	printf("%s TPM_CC_LoadExternal\n", string);
+	break;
+      case TPM_CC_MakeCredential:
+	printf("%s TPM_CC_MakeCredential\n", string);
+	break;
+      case TPM_CC_NV_ReadPublic:
+	printf("%s TPM_CC_NV_ReadPublic\n", string);
+	break;
+      case TPM_CC_PolicyAuthorize:
+	printf("%s TPM_CC_PolicyAuthorize\n", string);
+	break;
+      case TPM_CC_PolicyAuthValue:
+	printf("%s TPM_CC_PolicyAuthValue\n", string);
+	break;
+      case TPM_CC_PolicyCommandCode:
+	printf("%s TPM_CC_PolicyCommandCode\n", string);
+	break;
+      case TPM_CC_PolicyCounterTimer:
+	printf("%s TPM_CC_PolicyCounterTimer\n", string);
+	break;
+      case TPM_CC_PolicyCpHash:
+	printf("%s TPM_CC_PolicyCpHash\n", string);
+	break;
+      case TPM_CC_PolicyLocality:
+	printf("%s TPM_CC_PolicyLocality\n", string);
+	break;
+      case TPM_CC_PolicyNameHash:
+	printf("%s TPM_CC_PolicyNameHash\n", string);
+	break;
+      case TPM_CC_PolicyOR:
+	printf("%s TPM_CC_PolicyOR\n", string);
+	break;
+      case TPM_CC_PolicyTicket:
+	printf("%s TPM_CC_PolicyTicket\n", string);
+	break;
+      case TPM_CC_ReadPublic:
+	printf("%s TPM_CC_ReadPublic\n", string);
+	break;
+      case TPM_CC_RSA_Encrypt:
+	printf("%s TPM_CC_RSA_Encrypt\n", string);
+	break;
+      case TPM_CC_StartAuthSession:
+	printf("%s TPM_CC_StartAuthSession\n", string);
+	break;
+      case TPM_CC_VerifySignature:
+	printf("%s TPM_CC_VerifySignature\n", string);
+	break;
+      case TPM_CC_ECC_Parameters:
+	printf("%s TPM_CC_ECC_Parameters\n", string);
+	break;
+#if 0
+      case TPM_CC_FirmwareRead:
+	printf("%s TPM_CC_FirmwareRead\n", string);
+	break;
+#endif
+      case TPM_CC_GetCapability:
+	printf("%s TPM_CC_GetCapability\n", string);
+	break;
+      case TPM_CC_GetRandom:
+	printf("%s TPM_CC_GetRandom\n", string);
+	break;
+      case TPM_CC_GetTestResult:
+	printf("%s TPM_CC_GetTestResult\n", string);
+	break;
+      case TPM_CC_Hash:
+	printf("%s TPM_CC_Hash\n", string);
+	break;
+      case TPM_CC_PCR_Read:
+	printf("%s TPM_CC_PCR_Read\n", string);
+	break;
+      case TPM_CC_PolicyPCR:
+	printf("%s TPM_CC_PolicyPCR\n", string);
+	break;
+      case TPM_CC_PolicyRestart:
+	printf("%s TPM_CC_PolicyRestart\n", string);
+	break;
+      case TPM_CC_ReadClock:
+	printf("%s TPM_CC_ReadClock\n", string);
+	break;
+      case TPM_CC_PCR_Extend:
+	printf("%s TPM_CC_PCR_Extend\n", string);
+	break;
+      case TPM_CC_PCR_SetAuthValue:
+	printf("%s TPM_CC_PCR_SetAuthValue\n", string);
+	break;
+      case TPM_CC_NV_Certify:
+	printf("%s TPM_CC_NV_Certify\n", string);
+	break;
+      case TPM_CC_EventSequenceComplete:
+	printf("%s TPM_CC_EventSequenceComplete\n", string);
+	break;
+      case TPM_CC_HashSequenceStart:
+	printf("%s TPM_CC_HashSequenceStart\n", string);
+	break;
+      case TPM_CC_PolicyPhysicalPresence:
+	printf("%s TPM_CC_PolicyPhysicalPresence\n", string);
+	break;
+      case TPM_CC_PolicyDuplicationSelect:
+	printf("%s TPM_CC_PolicyDuplicationSelect\n", string);
+	break;
+      case TPM_CC_PolicyGetDigest:
+	printf("%s TPM_CC_PolicyGetDigest\n", string);
+	break;
+      case TPM_CC_TestParms:
+	printf("%s TPM_CC_TestParms\n", string);
+	break;
+      case TPM_CC_Commit:
+	printf("%s TPM_CC_Commit\n", string);
+	break;
+      case TPM_CC_PolicyPassword:
+	printf("%s TPM_CC_PolicyPassword\n", string);
+	break;
+      case TPM_CC_ZGen_2Phase:
+	printf("%s TPM_CC_ZGen_2Phase\n", string);
+	break;
+      case TPM_CC_EC_Ephemeral:
+	printf("%s TPM_CC_EC_Ephemeral\n", string);
+	break;
+      case TPM_CC_PolicyNvWritten:
+	printf("%s TPM_CC_PolicyNvWritten\n", string);
+	break;
+      case TPM_CC_PolicyTemplate:
+	printf("%s TPM_CC_PolicyTemplate\n", string);
+	break;
+      case TPM_CC_CreateLoaded:
+	printf("%s TPM_CC_CreateLoaded\n", string);
+	break;
+      case TPM_CC_PolicyAuthorizeNV:
+	printf("%s TPM_CC_PolicyAuthorizeNV\n", string);
+	break;
+      case TPM_CC_EncryptDecrypt2:
+	printf("%s TPM_CC_EncryptDecrypt2\n", string);
+	break;
+#if 0
+      case TPM_CC_AC_GetCapability:
+	printf("%s TPM_CC_AC_GetCapability\n", string);
+	break;
+      case TPM_CC_AC_Send:
+	printf("%s TPM_CC_AC_Send\n", string);
+	break;
+      case TPM_CC_Policy_AC_SendSelect:
+	printf("%s TPM_CC_Policy_AC_SendSelect\n", string);
+	break;
+#endif
+      default:
+	printf("%s TPM_CC value %08x unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 17 - Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> */
+
+void TSS_TPM_CLOCK_ADJUST_Print(const char *string, TPM_CLOCK_ADJUST source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_CLOCK_COARSE_SLOWER:
+	printf("%s TPM_CLOCK_COARSE_SLOWER\n", string);
+	break;
+      case TPM_CLOCK_MEDIUM_SLOWER:
+	printf("%s TPM_CLOCK_MEDIUM_SLOWER\n", string);
+	break;
+      case TPM_CLOCK_FINE_SLOWER:
+	printf("%s TPM_CLOCK_FINE_SLOWER\n", string);
+	break;
+      case TPM_CLOCK_NO_CHANGE:
+	printf("%s TPM_CLOCK_NO_CHANGE\n", string);
+	break;
+      case TPM_CLOCK_FINE_FASTER:
+	printf("%s TPM_CLOCK_FINE_FASTER\n", string);
+	break;
+      case TPM_CLOCK_MEDIUM_FASTER:
+	printf("%s TPM_CLOCK_MEDIUM_FASTER\n", string);
+	break;
+      case TPM_CLOCK_COARSE_FASTER:
+	printf("%s TPM_CLOCK_COARSE_FASTER\n", string);
+	break;
+      default:
+	printf("%s TPM_CLOCK_ADJUST value %d unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 18 - Definition of (UINT16) TPM_EO Constants <IN/OUT> */
+
+void TSS_TPM_EO_Print(const char *string, TPM_EO source, unsigned int indent) 
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_EO_EQ:
+	printf("%s TPM_EO_EQ\n", string);
+	break;
+      case TPM_EO_NEQ:
+	printf("%s TPM_EO_NEQ\n", string);
+	break;
+      case TPM_EO_SIGNED_GT:
+	printf("%s TPM_EO_SIGNED_GT\n", string);
+	break;
+      case TPM_EO_UNSIGNED_GT:
+	printf("%s TPM_EO_UNSIGNED_GT\n", string);
+	break;
+      case TPM_EO_SIGNED_LT:
+	printf("%s TPM_EO_SIGNED_LT\n", string);
+	break;
+      case TPM_EO_UNSIGNED_LT:
+	printf("%s TPM_EO_UNSIGNED_LT\n", string);
+	break;
+      case TPM_EO_SIGNED_GE:
+	printf("%s TPM_EO_SIGNED_GE\n", string);
+	break;
+      case TPM_EO_UNSIGNED_GE:
+	printf("%s TPM_EO_UNSIGNED_GE\n", string);
+	break;
+      case TPM_EO_SIGNED_LE:
+	printf("%s TPM_EO_SIGNED_LE\n", string);
+	break;
+      case TPM_EO_UNSIGNED_LE:
+	printf("%s TPM_EO_UNSIGNED_LE\n", string);
+	break;
+      case TPM_EO_BITSET:
+	printf("%s TPM_EO_BITSET\n", string);
+	break;
+      case TPM_EO_BITCLEAR:
+	printf("%s TPM_EO_BITCLEAR\n", string);
+	break;
+      default:
+	printf("%s TPM_EO value %04hx unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 19 - Definition of (UINT16) TPM_ST Constants <IN/OUT, S> */
+
+void TSS_TPM_ST_Print(const char *string, TPM_ST source, unsigned int indent) 
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_ST_RSP_COMMAND:
+	printf("%s TPM_ST_RSP_COMMAND\n", string);
+	break;
+      case TPM_ST_NULL:
+	printf("%s TPM_ST_NULL\n", string);
+	break;
+      case TPM_ST_NO_SESSIONS:
+	printf("%s TPM_ST_NO_SESSIONS\n", string);
+	break;
+      case TPM_ST_SESSIONS:
+	printf("%s TPM_ST_SESSIONS\n", string);
+	break;
+      case TPM_ST_ATTEST_NV:
+	printf("%s TPM_ST_ATTEST_NV\n", string);
+	break;
+      case TPM_ST_ATTEST_COMMAND_AUDIT:
+	printf("%s TPM_ST_ATTEST_COMMAND_AUDIT\n", string);
+	break;
+      case TPM_ST_ATTEST_SESSION_AUDIT:
+	printf("%s TPM_ST_ATTEST_SESSION_AUDIT\n", string);
+	break;
+      case TPM_ST_ATTEST_CERTIFY:
+	printf("%s TPM_ST_ATTEST_CERTIFY\n", string);
+	break;
+      case TPM_ST_ATTEST_QUOTE:
+	printf("%s TPM_ST_ATTEST_QUOTE\n", string);
+	break;
+      case TPM_ST_ATTEST_TIME:
+	printf("%s TPM_ST_ATTEST_TIME\n", string);
+	break;
+      case TPM_ST_ATTEST_CREATION:
+	printf("%s TPM_ST_ATTEST_CREATION\n", string);
+	break;
+      case TPM_ST_ATTEST_NV_DIGEST:
+	printf("%s TPM_ST_ATTEST_NV_DIGEST\n", string);
+	break;
+      case TPM_ST_CREATION:
+	printf("%s TPM_ST_CREATION\n", string);
+	break;
+      case TPM_ST_VERIFIED:
+	printf("%s TPM_ST_VERIFIED\n", string);
+	break;
+      case TPM_ST_AUTH_SECRET:
+	printf("%s TPM_ST_AUTH_SECRET\n", string);
+	break;
+      case TPM_ST_HASHCHECK:
+	printf("%s TPM_ST_HASHCHECK\n", string);
+	break;
+      case TPM_ST_AUTH_SIGNED:
+	printf("%s TPM_ST_AUTH_SIGNED\n", string);
+	break;
+      default:
+	printf("%s TPM_ST value %04hx unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 20 - Definition of (UINT16) TPM_SU Constants <IN> */
+
+void TSS_TPM_SU_Print(const char *string, TPM_SU source, unsigned int indent) 
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_SU_CLEAR:
+	printf("%s TPM_SU_CLEAR\n", string);
+	break;
+      case TPM_SU_STATE:
+	printf("%s TPM_SU_STATE\n", string);
+	break;
+      default:
+	printf("%s TPM_SU value %04hx unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 21 - Definition of (UINT8) TPM_SE Constants <IN> */
+
+void TSS_TPM_SE_Print(const char *string, TPM_SE source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_SE_HMAC:
+	printf("%s TPM_SE_HMAC\n", string);
+	break;
+      case TPM_SE_POLICY:
+	printf("%s TPM_SE_POLICY\n", string); 
+	break;
+      case TPM_SE_TRIAL:
+	printf("%s TPM_SE_TRIAL\n", string); 
+	break;
+      default:
+	printf("%s TPM_SE value %02x unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 22 - Definition of (UINT32) TPM_CAP Constants */
+
+void TSS_TPM_CAP_Print(const char *string, TPM_CAP source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+     case TPM_CAP_ALGS:
+       printf("%s TPM_CAP_ALGS\n", string);
+	break;
+      case TPM_CAP_HANDLES:
+	printf("%s TPM_CAP_HANDLES\n", string);
+	break;
+      case TPM_CAP_COMMANDS:
+	printf("%s TPM_CAP_COMMANDS\n", string);
+	break;
+      case TPM_CAP_PP_COMMANDS:
+	printf("%s TPM_CAP_PP_COMMANDS\n", string);
+	break;
+      case TPM_CAP_AUDIT_COMMANDS:
+	printf("%s TPM_CAP_AUDIT_COMMANDS\n", string);
+	break;
+      case TPM_CAP_PCRS:
+	printf("%s TPM_CAP_PCRS\n", string);
+	break;
+      case TPM_CAP_TPM_PROPERTIES:
+	printf("%s TPM_CAP_TPM_PROPERTIES\n", string);
+	break;
+      case TPM_CAP_PCR_PROPERTIES:
+	printf("%s TPM_CAP_PCR_PROPERTIES\n", string);
+	break;
+      case TPM_CAP_ECC_CURVES:
+	printf("%s TPM_CAP_ECC_CURVES\n", string);
+	break;
+      case TPM_CAP_AUTH_POLICIES:
+	printf("%s TPM_CAP_AUTH_POLICIES\n", string);
+	break;
+      case TPM_CAP_VENDOR_PROPERTY:
+	printf("%s TPM_CAP_VENDOR_PROPERTY\n", string);
+	break;
+      default:
+	printf("%s TPM_CAP value %08x unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 26 - Definition of Types for Handles */
+
+void TSS_TPM_HANDLE_Print(const char *string, TPM_HANDLE source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_RH_SRK:
+	printf("%s TPM_RH_SRK\n", string);
+	break;
+      case TPM_RH_OWNER:
+	printf("%s TPM_RH_OWNER\n", string);
+	break;
+      case TPM_RH_REVOKE:
+	printf("%s TPM_RH_REVOKE\n", string);
+	break;
+      case TPM_RH_TRANSPORT:
+	printf("%s TPM_RH_TRANSPORT\n", string);
+	break;
+      case TPM_RH_OPERATOR:
+	printf("%s TPM_RH_OPERATOR\n", string);
+	break;
+      case TPM_RH_ADMIN:
+	printf("%s TPM_RH_ADMIN\n", string);
+	break;
+      case TPM_RH_EK:
+	printf("%s TPM_RH_EK\n", string);
+	break;
+      case TPM_RH_NULL:
+	printf("%s TPM_RH_NULL\n", string);
+	break;
+      case TPM_RH_UNASSIGNED:
+	printf("%s TPM_RH_UNASSIGNED\n", string);
+	break;
+      case TPM_RS_PW:
+	printf("%s TPM_RS_PW\n", string);
+	break;
+      case TPM_RH_LOCKOUT:
+	printf("%s TPM_RH_LOCKOUT\n", string);
+	break;
+      case TPM_RH_ENDORSEMENT:
+	printf("%s TPM_RH_ENDORSEMENT\n", string);
+	break;
+      case TPM_RH_PLATFORM:
+	printf("%s TPM_RH_PLATFORM\n", string);
+	break;
+      case TPM_RH_PLATFORM_NV:
+	printf("%s TPM_RH_PLATFORM_NV\n", string);
+	break;
+      default:
+	printf("%s TPM_HANDLE %08x\n", string, source);
+    }
+    return;
+}
+
+/* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */
+
+void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent)
+{
+    if (source.val & TPMA_ALGORITHM_ASYMMETRIC) printf("%*s" "TPMA_ALGORITHM: asymmetric\n", indent, "");
+    if (source.val & TPMA_ALGORITHM_SYMMETRIC) printf("%*s" "TPMA_ALGORITHM: symmetric\n", indent, "");
+    if (source.val & TPMA_ALGORITHM_HASH) printf("%*s" "TPMA_ALGORITHM: hash\n", indent, "");
+    if (source.val & TPMA_ALGORITHM_OBJECT) printf("%*s" "TPMA_ALGORITHM: object\n", indent, "");
+    if (source.val & TPMA_ALGORITHM_SIGNING) printf("%*s" "TPMA_ALGORITHM: signing\n", indent, "");
+    if (source.val & TPMA_ALGORITHM_ENCRYPTING) printf("%*s" "TPMA_ALGORITHM: encrypting\n", indent, "");
+    if (source.val & TPMA_ALGORITHM_METHOD) printf("%*s" "TPMA_ALGORITHM: method\n", indent, "");
+    return;
+}
+
+/* Table 31 - Definition of (UINT32) TPMA_OBJECT Bits */
+
+void TSS_TPMA_OBJECT_Print(const char *string, TPMA_OBJECT source, unsigned int indent)
+{
+    printf("%*s%s: %08x\n", indent, "", string, source.val);
+    if (source.val & TPMA_OBJECT_FIXEDTPM) printf("%*s%s: fixedTpm\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_STCLEAR) printf("%*s%s: stClear\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_FIXEDPARENT) printf("%*s%s: fixedParent\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_SENSITIVEDATAORIGIN) printf("%*s%s: sensitiveDataOrigin\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_USERWITHAUTH) printf("%*s%s: userWithAuth\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_ADMINWITHPOLICY) printf("%*s%s: adminWithPolicy\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_NODA) printf("%*s%s: noDA\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_ENCRYPTEDDUPLICATION) printf("%*s%s: encryptedDuplication\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_RESTRICTED) printf("%*s%s: restricted\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_DECRYPT) printf("%*s%s: decrypt\n", indent, "", string);
+    if (source.val & TPMA_OBJECT_SIGN) printf("%*s%s: sign\n", indent, "", string);
+    return;
+}
+
+/* Table 32 - Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> */
+
+void TSS_TPMA_SESSION_Print(TPMA_SESSION source, unsigned int indent)
+{
+    
+    if (source.val & TPMA_SESSION_CONTINUESESSION) printf("%*s" "TPMA_SESSION: continue\n", indent, "");
+    if (source.val & TPMA_SESSION_AUDITEXCLUSIVE) printf("%*s" "TPMA_SESSION: auditexclusive\n", indent, ""); 
+    if (source.val & TPMA_SESSION_AUDITRESET) printf("%*s" "TPMA_SESSION: auditreset\n", indent, ""); 
+    if (source.val & TPMA_SESSION_DECRYPT) printf("%*s" "TPMA_SESSION: decrypt\n", indent, ""); 
+    if (source.val & TPMA_SESSION_ENCRYPT) printf("%*s" "TPMA_SESSION: encrypt\n", indent, ""); 
+    if (source.val & TPMA_SESSION_AUDIT) printf("%*s" "TPMA_SESSION: audit\n", indent, ""); 
+    return;
+}
+
+/* Table 33 - Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> */
+
+void TSS_TPMA_LOCALITY_Print(TPMA_LOCALITY source, unsigned int indent)
+{
+    if (source.val & TPMA_LOCALITY_ZERO) printf("%*s" "TPMA_LOCALITY: zero\n", indent, "");
+    if (source.val & TPMA_LOCALITY_ONE) printf("%*s" "TPMA_LOCALITY: one\n", indent, "");
+    if (source.val & TPMA_LOCALITY_TWO) printf("%*s" "TPMA_LOCALITY: two\n", indent, "");
+    if (source.val & TPMA_LOCALITY_THREE) printf("%*s" "TPMA_LOCALITY: three\n", indent, "");
+    if (source.val & TPMA_LOCALITY_FOUR) printf("%*s" "TPMA_LOCALITY: four\n", indent, "");
+    if (source.val & TPMA_LOCALITY_EXTENDED) printf("%*s" "TPMA_LOCALITY: extended\n", indent, "");
+    return;
+}
+
+/* Table 34 - Definition of (UINT32) TPMA_PERMANENT Bits <OUT> */
+
+void TSS_TPMA_PERMANENT_Print(TPMA_PERMANENT source, unsigned int indent)
+{
+    printf("%*s" "TPMA_PERMANENT: ownerAuthSet %s\n", indent, "",
+	   (source.val & TPMA_PERMANENT_OWNERAUTHSET) ? "yes" : "no"); 
+    printf("%*s" "TPMA_PERMANENT: endorsementAuthSet %s\n", indent, "",
+	   (source.val & TPMA_PERMANENT_ENDORSEMENTAUTHSET)  ? "yes" : "no"); 
+    printf("%*s" "TPMA_PERMANENT: lockoutAuthSet %s\n", indent, "",
+	   (source.val & TPMA_PERMANENT_LOCKOUTAUTHSET)  ? "yes" : "no"); 
+    printf("%*s" "TPMA_PERMANENT: disableClear %s\n", indent, "",
+	   (source.val & TPMA_PERMANENT_DISABLECLEAR) ? "yes" : "no"); 
+    printf("%*s" "TPMA_PERMANENT: inLockout %s\n", indent, "",
+	   (source.val & TPMA_PERMANENT_INLOCKOUT) ? "yes" : "no"); 
+    printf("%*s" "TPMA_PERMANENT: tpmGeneratedEPS %s\n", indent, "",
+	   (source.val & TPMA_PERMANENT_TPMGENERATEDEPS)  ? "yes" : "no"); 
+    return;
+}
+
+/* Table 35 - Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT> */
+
+void TSS_TPMA_STARTUP_CLEAR_Print(TPMA_STARTUP_CLEAR source, unsigned int indent)
+{
+    printf("%*s" "TPMA_STARTUP_CLEAR: phEnable %s\n", indent, "",
+	   (source.val & TPMA_STARTUP_CLEAR_PHENABLE)  ? "yes" : "no"); 
+    printf("%*s" "TPMA_STARTUP_CLEAR: shEnable %s\n", indent, "",
+	   (source.val & TPMA_STARTUP_CLEAR_SHENABLE)  ? "yes" : "no"); 
+    printf("%*s" "TPMA_STARTUP_CLEAR: ehEnable %s\n", indent, "",
+	   (source.val & TPMA_STARTUP_CLEAR_EHENABLE)  ? "yes" : "no"); 
+    printf("%*s" "TPMA_STARTUP_CLEAR: phEnableNV %s\n", indent, "",
+	   (source.val & TPMA_STARTUP_CLEAR_PHENABLENV)  ? "yes" : "no"); 
+    printf("%*s" "TPMA_STARTUP_CLEAR: orderly %s\n", indent, "",
+	   (source.val & TPMA_STARTUP_CLEAR_ORDERLY)  ? "yes" : "no"); 
+    return;
+}
+
+/* Table 36 - Definition of (UINT32) TPMA_MEMORY Bits <Out> */
+
+void TSS_TPMA_MEMORY_Print(TPMA_MEMORY source, unsigned int indent)
+{
+    printf("%*s" "TPMA_MEMORY: sharedRAM %s\n", indent, "",
+	   (source.val & TPMA_MEMORY_SHAREDRAM) ? "yes" : "no");
+    printf("%*s" "TPMA_MEMORY: sharedNV %s\n", indent, "",
+	   (source.val & TPMA_MEMORY_SHAREDNV) ? "yes" : "no");
+    printf("%*s" "TPMA_MEMORY: objectCopiedToRam %s\n", indent, "",
+	   (source.val & TPMA_MEMORY_OBJECTCOPIEDTORAM) ? "yes" : "no");
+    return;
+}
+
+/* Table 38 - Definition of (UINT32) TPMA_MODES Bits <Out> */
+
+void TSS_TPMA_MODES_Print(TPMA_MODES source, unsigned int indent)
+{
+    printf("%*s" "TPMA_MODES: TPMA_MODES_FIPS_140_2 %s\n", indent, "",
+	   (source.val & TPMA_MODES_FIPS_140_2) ? "yes" : "no");
+    return;
+}
+
+/* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */
+
+void TSS_TPMI_YES_NO_Print(const char *string, TPMI_YES_NO source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case NO:
+	printf("%s no\n", string);
+	break;
+      case YES:
+	printf("%s yes\n", string);
+	break;
+      default:
+	printf("%s TPMI_YES_NO %02x unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 75 - Definition of TPMU_HA Union <IN/OUT, S> */
+
+
+void TSS_TPMU_HA_Print(TPMU_HA *source, uint32_t selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_SHA1
+      case TPM_ALG_SHA1:
+	TSS_PrintAlli("sha1", indent, source->sha1, SHA1_DIGEST_SIZE);
+	break;
+#endif
+#ifdef TPM_ALG_SHA256
+      case TPM_ALG_SHA256:
+	TSS_PrintAlli("sha256", indent, source->sha256, SHA256_DIGEST_SIZE);
+	break;
+#endif
+#ifdef TPM_ALG_SHA384
+      case TPM_ALG_SHA384:
+	TSS_PrintAlli("sha384", indent, source->sha384, SHA384_DIGEST_SIZE);
+	break;
+#endif
+#ifdef TPM_ALG_SHA512
+      case TPM_ALG_SHA512:
+	TSS_PrintAlli("sha512", indent, source->sha512, SHA512_DIGEST_SIZE);
+	break;
+#endif
+#ifdef TPM_ALG_SM3_256
+      case TPM_ALG_SM3_256:
+	TSS_PrintAlli("sm3_256", indent, source->sm3_256, SM3_256_DIGEST_SIZE);
+	break;
+#endif
+      case TPM_ALG_NULL:
+	break;
+      default:
+	printf("%*s" "TPMU_HA: selection %08x not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table 76 - Definition of TPMT_HA Structure <IN/OUT> */
+
+void TSS_TPMT_HA_Print(TPMT_HA *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("hashAlg", source->hashAlg, indent+2);	
+    TSS_TPMU_HA_Print(&source->digest, source->hashAlg, indent+2);
+    return;
+}
+
+/* Table 89 - Definition of TPMS_PCR_SELECT Structure */
+
+void TSS_TPMS_PCR_SELECT_Print(TPMS_PCR_SELECT *source, unsigned int indent)
+{
+    printf("%*s" "TSS_TPMS_PCR_SELECT sizeofSelect %u\n", indent, "", source->sizeofSelect);
+    TSS_PrintAlli("pcrSelect", indent, source->pcrSelect, source->sizeofSelect);
+    return;
+}
+
+/* Table 90 - Definition of TPMS_PCR_SELECTION Structure */
+
+void TSS_TPMS_PCR_SELECTION_Print(TPMS_PCR_SELECTION *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("hash", source->hash, indent+2);
+    TSS_PrintAlli("TPMS_PCR_SELECTION", indent+2,
+		  source->pcrSelect,
+		  source->sizeofSelect);
+    return;
+}
+
+/* Table 93 - Definition of TPMT_TK_CREATION Structure */
+
+void TSS_TPMT_TK_CREATION_Print(TPMT_TK_CREATION *source, unsigned int indent)
+{
+    TSS_TPM_ST_Print("tag", source->tag, indent);
+    TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent);	
+    TSS_TPM2B_Print("TPMT_TK_CREATION digest", indent, &source->digest.b);
+    return;
+}
+
+/* Table 94 - Definition of TPMT_TK_VERIFIED Structure */
+
+void TSS_TPMT_TK_VERIFIED_Print(TPMT_TK_VERIFIED *source, unsigned int indent)
+{
+    TSS_TPM_ST_Print("tag", source->tag, indent);
+    TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent);	
+    TSS_TPM2B_Print("TPMT_TK_VERIFIED digest", indent, &source->digest.b);
+    return;
+}
+	
+/* Table 95 - Definition of TPMT_TK_AUTH Structure */
+
+void TSS_TPMT_TK_AUTH_Print(TPMT_TK_AUTH *source, unsigned int indent)
+{
+    TSS_TPM_ST_Print("tag", source->tag, indent);
+    TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent);	
+    TSS_TPM2B_Print("TPMT_TK_AUTH digest", indent, &source->digest.b);
+    return;
+}
+
+/* Table 96 - Definition of TPMT_TK_HASHCHECK Structure */
+
+void TSS_TPMT_TK_HASHCHECK_Print(TPMT_TK_HASHCHECK *source, unsigned int indent)
+{
+    TSS_TPM_ST_Print("tag", source->tag, indent);
+    TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent);	
+    TSS_TPM2B_Print("TPMT_TK_AUTH digest", indent, &source->digest.b);
+    return;
+}
+
+/* Table 101 - Definition of TPML_CC Structure */
+
+void TSS_TPML_CC_Print(TPML_CC *source, unsigned int indent)
+{
+    uint32_t i;
+    printf("%*s" "TPML_CC count %u\n", indent, "", source->count);
+    for (i = 0 ; (i < source->count) ; i++) {
+	TSS_TPM_CC_Print("commandCode", source->commandCodes[i], indent);
+    }
+    return;
+}
+
+/* Table 102 - Definition of TPML_PCR_SELECTION Structure */
+
+void TSS_TPML_PCR_SELECTION_Print(TPML_PCR_SELECTION *source, unsigned int indent)
+{
+    uint32_t i;
+    printf("%*s" "TPML_PCR_SELECTION count %u\n", indent, "", source->count);
+    for (i = 0 ; (i < source->count) ; i++) {
+	TSS_TPMS_PCR_SELECTION_Print(&source->pcrSelections[i], indent);
+    }
+    return;
+}
+
+/* Table 103 - Definition of TPML_ALG Structure */
+
+void TSS_TPML_ALG_Print(TPML_ALG *source, unsigned int indent)
+{
+    uint32_t i;
+    printf("%*s" "TPML_ALG count %u\n", indent, "", source->count);
+    for (i = 0 ; (i < source->count) ; i++) {
+	TSS_TPM_ALG_ID_Print("algorithms", source->algorithms[i], indent);
+    }
+    return;
+}
+
+/* Table 105 - Definition of TPML_DIGEST Structure */
+
+void TSS_TPML_DIGEST_Print(TPML_DIGEST *source, unsigned int indent)
+{
+    uint32_t i;
+    printf("%*s" "TPML_DIGEST count %u\n", indent, "", source->count);
+    for (i = 0 ; (i < source->count) ; i++) {
+	TSS_TPM2B_Print("TPML_DIGEST digest", indent, &source->digests[i].b);
+    }
+    return;
+}
+
+/* Table 106 - Definition of TPML_DIGEST_VALUES Structure */
+
+void TSS_TPML_DIGEST_VALUES_Print(TPML_DIGEST_VALUES *source, unsigned int indent)
+{
+    uint32_t i;
+    printf("%*s" "TPML_DIGEST_VALUES count %u\n", indent, "", source->count);
+    for (i = 0 ; (i < source->count) ; i++) {
+	TSS_TPMT_HA_Print(&source->digests[i], indent);
+    }
+    return;
+}
+
+/* Table 115 - Definition of TPMS_CLOCK_INFO Structure */
+
+void TSS_TPMS_CLOCK_INFO_Print(TPMS_CLOCK_INFO *source, unsigned int indent)
+{
+    printf("%*s" "TPMS_CLOCK_INFO clock %"PRIu64"\n", indent, "", source->clock);
+    printf("%*s" "TPMS_CLOCK_INFO resetCount %u\n", indent, "", source->resetCount);
+    printf("%*s" "TPMS_CLOCK_INFO restartCount %u\n", indent, "", source->restartCount);
+    printf("%*s" "TPMS_CLOCK_INFO safe %x\n", indent, "", source->safe);
+    return;
+}
+
+/* Table 116 - Definition of TPMS_TIME_INFO Structure */
+
+void TSS_TPMS_TIME_INFO_Print(TPMS_TIME_INFO *source, unsigned int indent)
+{
+    uint64_t days;
+    uint64_t hours;
+    uint64_t minutes;
+    uint64_t seconds;
+    printf("%*s" "TPMS_TIME_INFO time %"PRIu64" msec", indent, "", source->time);
+    days = source->time/(1000 * 60 * 60 * 24);
+    hours = (source->time % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60);
+    minutes = (source->time % (1000 * 60 * 60)) / (1000 * 60);
+    seconds = (source->time % (1000 * 60)) / (1000);
+    printf(" - %"PRIu64" days %"PRIu64" hours %"PRIu64" minutes %"PRIu64" seconds\n",
+	   days, hours, minutes, seconds);
+    TSS_TPMS_CLOCK_INFO_Print(&source->clockInfo, indent+2);
+    return;
+}
+    
+/* Table 117 - Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> */
+
+void TSS_TPMS_TIME_ATTEST_INFO_Print(TPMS_TIME_ATTEST_INFO *source, unsigned int indent)
+{
+    TSS_TPMS_TIME_INFO_Print(&source->time, indent+2);
+    printf("%*s" "TPMS_TIME_ATTEST_INFO firmwareVersion %"PRIu64"\n", indent, "", source->firmwareVersion);
+    return;
+}
+
+/* Table 118 - Definition of TPMS_CERTIFY_INFO Structure <OUT> */
+
+void TSS_TPMS_CERTIFY_INFO_Print(TPMS_CERTIFY_INFO *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_CERTIFY_INFO name", indent, &source->name.b);
+    TSS_TPM2B_Print("TPMS_CERTIFY_INFO qualifiedName", indent, &source->qualifiedName.b);
+    return;
+}
+
+/* Table 119 - Definition of TPMS_QUOTE_INFO Structure <OUT> */
+
+void TSS_TPMS_QUOTE_INFO_Print(TPMS_QUOTE_INFO *source, unsigned int indent)
+{
+    TSS_TPML_PCR_SELECTION_Print(&source->pcrSelect, indent+2);
+    TSS_TPM2B_Print("TPMS_QUOTE_INFO pcrDigest", indent+2, &source->pcrDigest.b);
+    return;
+}
+
+/* Table 120 - Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> */
+
+void TSS_TPMS_COMMAND_AUDIT_INFO_Print(TPMS_COMMAND_AUDIT_INFO *source, unsigned int indent)
+{
+    printf("%*s" "TPMS_COMMAND_AUDIT_INFO auditCounter %"PRIu64"\n", indent, "", source->auditCounter);
+    TSS_TPM_ALG_ID_Print("digestAlg", source->digestAlg, indent);
+    TSS_TPM2B_Print("TPMS_COMMAND_AUDIT_INFO auditDigest", indent, &source->auditDigest.b);
+    TSS_TPM2B_Print("TPMS_COMMAND_AUDIT_INFO commandDigest", indent, &source->commandDigest.b);
+    return;
+}
+  
+/* Table 121 - Definition of TPMS_SESSION_AUDIT_INFO Structure */
+
+void TSS_TPMS_SESSION_AUDIT_INFO_Print(TPMS_SESSION_AUDIT_INFO *source, unsigned int indent)
+{
+    printf("%*s" "TPMS_SESSION_AUDIT_INFO exclusiveSession %d\n", indent, "",
+	   source->exclusiveSession);
+    TSS_TPM2B_Print("TPMS_SESSION_AUDIT_INFO sessionDigest", indent, &source->sessionDigest.b);
+   return;
+}
+
+/* Table 122 - Definition of TPMS_CREATION_INFO Structure <OUT> */
+
+void TSS_TPMS_CREATION_INFO_Print(TPMS_CREATION_INFO *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_CREATION_INFO objectName", indent, &source->objectName.b);
+    TSS_TPM2B_Print("TPMS_CREATION_INFO creationHash", indent, &source->creationHash.b);
+    return;
+}
+
+/* Table 123 - Definition of TPMS_NV_CERTIFY_INFO Structure */
+
+void TSS_TPMS_NV_CERTIFY_INFO_Print(TPMS_NV_CERTIFY_INFO *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_NV_CERTIFY_INFO indexName", indent, &source->indexName.b);
+    printf("%*s" "TPMS_NV_CERTIFY_INFO offset %d\n", indent, "",  source->offset);
+    TSS_TPM2B_Print("TPMS_NV_CERTIFY_INFO nvContents", indent, &source->nvContents.b);
+    return;
+}
+
+/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure <OUT> */
+void TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Print(TPMS_NV_DIGEST_CERTIFY_INFO  *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_NV_DIGEST_CERTIFY_INFO indexName", indent, &source->indexName.b);
+    TSS_TPM2B_Print("TPMS_NV_DIGEST_CERTIFY_INFO nvDigest", indent, &source->nvDigest.b);
+    return;
+}
+
+/* Table 124 - Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT> */
+
+void TSS_TPMI_ST_ATTEST_Print(const char *string, TPMI_ST_ATTEST selector, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (selector) {
+      case TPM_ST_ATTEST_CERTIFY:
+	printf("%s TPM_ST_ATTEST_CERTIFY\n", string);
+	break;
+      case TPM_ST_ATTEST_CREATION:
+	printf("%s TPM_ST_ATTEST_CREATION\n", string);
+	break;
+      case TPM_ST_ATTEST_QUOTE:
+	printf("%s TPM_ST_ATTEST_QUOTE\n", string);
+	break;
+      case TPM_ST_ATTEST_COMMAND_AUDIT:
+	printf("%s TPM_ST_ATTEST_COMMAND_AUDIT\n", string);
+	break;
+      case TPM_ST_ATTEST_SESSION_AUDIT:
+	printf("%s TPM_ST_ATTEST_SESSION_AUDIT\n", string);
+	break;
+      case TPM_ST_ATTEST_TIME:
+	printf("%s TPM_ST_ATTEST_TIME\n", string);
+	break;
+      case TPM_ST_ATTEST_NV:
+	printf("%s TPM_ST_ATTEST_NV\n", string);
+	break;
+      case TPM_ST_ATTEST_NV_DIGEST:
+	printf("%s TPM_ST_ATTEST_NV_DIGEST\n", string);
+	break;
+      default:
+	printf("%s TPMI_ST_ATTEST_Print: selection %04hx not implemented\n", string, selector);
+    }
+    return;
+}
+
+/* Table 125 - Definition of TPMU_ATTEST Union <OUT> */
+
+void TSS_TPMU_ATTEST_Print(TPMU_ATTEST *source, TPMI_ST_ATTEST selector, unsigned int indent)
+{
+    switch (selector) {
+      case TPM_ST_ATTEST_CERTIFY:
+	TSS_TPMS_CERTIFY_INFO_Print(&source->certify, indent+2);
+	break;
+      case TPM_ST_ATTEST_CREATION:
+	TSS_TPMS_CREATION_INFO_Print(&source->creation, indent+2);
+	break;
+      case TPM_ST_ATTEST_QUOTE:
+	TSS_TPMS_QUOTE_INFO_Print(&source->quote, indent+2);
+	break;
+      case TPM_ST_ATTEST_COMMAND_AUDIT:
+	TSS_TPMS_COMMAND_AUDIT_INFO_Print(&source->commandAudit, indent+2);
+	break;
+      case TPM_ST_ATTEST_SESSION_AUDIT:
+	TSS_TPMS_SESSION_AUDIT_INFO_Print(&source->sessionAudit, indent+2);
+	break;
+      case TPM_ST_ATTEST_TIME:
+	TSS_TPMS_TIME_ATTEST_INFO_Print(&source->time, indent+2);
+	break;
+      case TPM_ST_ATTEST_NV:
+	TSS_TPMS_NV_CERTIFY_INFO_Print(&source->nv, indent+2);
+	break;
+      case TPM_ST_ATTEST_NV_DIGEST:
+	TSS_TPMS_NV_DIGEST_CERTIFY_INFO_Print(&source->nvDigest, indent+2);
+	break;
+      default:
+	printf("%*s" "TPMU_ATTEST selection %04hx not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table 126 - Definition of TPMS_ATTEST Structure <OUT> */
+
+void TSS_TPMS_ATTEST_Print(TPMS_ATTEST *source, unsigned int indent)
+{
+    printf("%*s" "TPMS_ATTEST magic %08x\n", indent+2, "", source->magic);
+    TSS_TPMI_ST_ATTEST_Print("type", source->type, indent+2);
+    TSS_TPM2B_Print("TPMS_ATTEST qualifiedSigner", indent+2, &source->qualifiedSigner.b);
+    TSS_TPM2B_Print("TPMS_ATTEST extraData", indent+2, &source->extraData.b);
+    TSS_TPMS_CLOCK_INFO_Print(&source->clockInfo, indent+2);
+    printf("%*s" "TPMS_ATTEST firmwareVersion %"PRIu64"\n",  indent+2, "", source->firmwareVersion);
+    TSS_TPMU_ATTEST_Print(&source->attested, source->type, indent+2);
+    return;
+}
+
+/* Table 127 - Definition of TPM2B_ATTEST Structure <OUT> */
+
+void TSS_TPM2B_ATTEST_Print(TPM2B_ATTEST *source, unsigned int indent)
+{
+    TPM_RC			rc = 0;
+    TPMS_ATTEST 		attests;
+    uint32_t			size;
+    uint8_t			*buffer = NULL;
+
+    /* unmarshal the TPMS_ATTEST from the TPM2B_ATTEST */
+    if (rc == 0) {
+	buffer = source->t.attestationData;
+	size = source->t.size;
+	rc = TSS_TPMS_ATTEST_Unmarshalu(&attests, &buffer, &size);
+    }
+    if (rc == 0) {
+	TSS_TPMS_ATTEST_Print(&attests, indent+2);
+    }
+    else {
+	printf("%*s" "TPMS_ATTEST_Unmarshal failed\n", indent, "");
+    }
+    return;
+}
+
+/* Table 128 - Definition of TPMS_AUTH_COMMAND Structure <IN> */
+
+void TSS_TPMS_AUTH_COMMAND_Print(TPMS_AUTH_COMMAND *source, unsigned int indent)
+{
+    TSS_TPM_HANDLE_Print("sessionHandle", source->sessionHandle, indent);	
+    TSS_TPM2B_Print("TPMS_AUTH_COMMAND nonce", indent, &source->nonce.b);
+    TSS_TPMA_SESSION_Print(source->sessionAttributes, indent);
+    TSS_TPM2B_Print("TPMS_AUTH_COMMAND hmac", indent, &source->hmac.b);
+    return;
+}
+
+/* Table 129 - Definition of TPMS_AUTH_RESPONSE Structure <OUT> */
+
+void TSS_TPMS_AUTH_RESPONSE_Print(TPMS_AUTH_RESPONSE *source, unsigned int indent)
+{
+    TSS_PrintAlli("TPMS_AUTH_RESPONSE nonce", indent,
+		  source->nonce.t.buffer,
+		  source->nonce.t.size);
+    TSS_TPMA_SESSION_Print(source->sessionAttributes, indent);
+    TSS_TPM2B_Print("TPMS_AUTH_RESPONSE hmac", indent, &source->hmac.b);
+    return;
+}
+
+/* Table 130 - Definition of  {!ALG.S} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS   Type */
+
+void TSS_TPM_KEY_BITS_Print(TPM_KEY_BITS source, unsigned int indent)
+{
+    printf("%*s" "TPM_KEY_BITS %u\n", indent, "", source);
+    return;
+}
+
+/* Table 131 - Definition of TPMU_SYM_KEY_BITS Union */
+
+void TSS_TPMU_SYM_KEY_BITS_Print(TPMU_SYM_KEY_BITS *source, TPMI_ALG_SYM selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_AES
+      case TPM_ALG_AES:
+	TSS_TPM_KEY_BITS_Print(source->aes, indent);
+	break;
+#endif
+#ifdef TPM_ALG_SM4
+      case TPM_ALG_SM4:
+	TSS_TPM_KEY_BITS_Print(source->sm4, indent);
+	break;
+#endif
+#ifdef TPM_ALG_CAMELLIA
+      case TPM_ALG_CAMELLIA:
+	TSS_TPM_KEY_BITS_Print(source->camellia, indent);
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+	TSS_TPM_ALG_ID_Print("xorr", source->xorr, indent);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMI_ALG_SYM value %04hx unknown\n", indent, "", selector);
+    }
+
+    return;
+}
+
+/* Table 134 - Definition of TPMT_SYM_DEF Structure */
+
+void TSS_TPMT_SYM_DEF_Print(TPMT_SYM_DEF *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("algorithm", source->algorithm, indent);
+    TSS_TPMU_SYM_KEY_BITS_Print(&source->keyBits, source->algorithm, indent);
+    TSS_TPM_ALG_ID_Print("mode", source->mode.sym, indent);		
+    return;
+}
+
+/* Table 135 - Definition of TPMT_SYM_DEF_OBJECT Structure */
+
+void TSS_TPMT_SYM_DEF_OBJECT_Print(TPMT_SYM_DEF_OBJECT *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("algorithm", source->algorithm, indent+2);
+    if (source->algorithm != TPM_ALG_NULL) {
+	printf("%*s" "keyBits: %u\n", indent+2, "", source->keyBits.sym);
+	TSS_TPM_ALG_ID_Print("mode", source->mode.sym, indent+2);
+    }
+    return;
+}
+
+/* Table 139 - Definition of TPMS_DERIVE Structure */
+
+void TSS_TPMS_DERIVE_Print(TPMS_DERIVE *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_DERIVE label", indent, &source->label.b);
+    TSS_TPM2B_Print("TPMS_DERIVE context", indent, &source->context.b);
+    return;
+}
+
+/* Table 143 - Definition of TPMS_SENSITIVE_CREATE Structure <IN> */
+
+void TSS_TPMS_SENSITIVE_CREATE_Print(TPMS_SENSITIVE_CREATE *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("userAuth", indent, &source->userAuth.b);
+    TSS_TPM2B_Print("data", indent, &source->data.b);
+    return;
+}
+
+/* Table 144 - Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> */
+
+void TSS_TPM2B_SENSITIVE_CREATE_Print(const char *string, TPM2B_SENSITIVE_CREATE *source, unsigned int indent)
+{
+    printf("%*s" "%s\n", indent, "", string);
+    TSS_TPMS_SENSITIVE_CREATE_Print(&source->sensitive, indent+2);
+    return;
+}
+
+/* Table 146 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */
+
+void TSS_TPMS_SCHEME_ECDAA_Print(TPMS_SCHEME_ECDAA *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("hashAlg", source->hashAlg, indent+2);
+    printf("%*s" "TPMS_SCHEME_ECDAA count %u\n", indent+2, "", source->count);
+    return;
+}
+
+/* Table 149 - Definition of TPMS_SCHEME_XOR Structure */
+
+void TSS_TPMS_SCHEME_XOR_Print(TPMS_SCHEME_XOR *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("hashAlg", source->hashAlg, indent+2);
+    TSS_TPM_ALG_ID_Print("kdf", source->kdf, indent+2);
+    return;
+}
+
+/* Table 150 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */
+
+void TSS_TPMU_SCHEME_KEYEDHASH_Print(TPMU_SCHEME_KEYEDHASH *source, TPMI_ALG_KEYEDHASH_SCHEME selector,
+				     unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	TSS_TPM_ALG_ID_Print("hmac", source->hmac.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_XOR
+      case TPM_ALG_XOR:
+	TSS_TPMS_SCHEME_XOR_Print(&source->xorr, indent+2);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMU_SCHEME_KEYEDHASH selection %04hx not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table 151 - Definition of TPMT_KEYEDHASH_SCHEME Structure */
+
+void TSS_TPMT_KEYEDHASH_SCHEME_Print(TPMT_KEYEDHASH_SCHEME *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPMU_SCHEME_KEYEDHASH_Print(&source->details, source->scheme, indent+2);
+    }
+    return;
+}
+
+/* Table 154 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */
+
+void TSS_TPMU_SIG_SCHEME_Print(TPMU_SIG_SCHEME *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	TSS_TPM_ALG_ID_Print("rsassa", source->rsassa.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	TSS_TPM_ALG_ID_Print("rsapss", source->rsapss.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	TSS_TPM_ALG_ID_Print("ecdsa", source->ecdsa.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	TSS_TPMS_SCHEME_ECDAA_Print(&source->ecdaa, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	TSS_TPM_ALG_ID_Print("sm2", source->sm2.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	TSS_TPM_ALG_ID_Print("ecSchnorr", source->ecSchnorr.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	TSS_TPM_ALG_ID_Print("hmac", source->hmac.hashAlg, indent+2);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMU_SIG_SCHEME selection %04hx not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table " Definition", 155 - Definition of TPMT_SIG_SCHEME Structure */
+
+void TSS_TPMT_SIG_SCHEME_Print(TPMT_SIG_SCHEME *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPMU_SIG_SCHEME_Print(&source->details, source->scheme, indent+2);
+    }
+    return;
+}
+
+/* Table 160 - Definition of TPMT_KDF_SCHEME Structure */
+
+void TSS_TPMT_KDF_SCHEME_Print(TPMT_KDF_SCHEME *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPM_ALG_ID_Print("details", source->details.mgf1.hashAlg, indent+2);
+    }
+    return;
+}
+
+/* Table 162 - Definition of TPMU_ASYM_SCHEME Union */
+
+void TSS_TPMU_ASYM_SCHEME_Print(TPMU_ASYM_SCHEME *source, TPMI_ALG_ASYM_SCHEME selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_ECDH
+      case TPM_ALG_ECDH:
+	TSS_TPM_ALG_ID_Print("ecdh", source->ecdh.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECMQV
+      case TPM_ALG_ECMQV:
+	TSS_TPM_ALG_ID_Print("ecmqvh", source->ecmqvh.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	TSS_TPM_ALG_ID_Print("rsassa", source->rsassa.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	TSS_TPM_ALG_ID_Print("rsapss", source->rsapss.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	TSS_TPM_ALG_ID_Print("ecdsa", source->ecdsa.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	TSS_TPMS_SCHEME_ECDAA_Print(&source->ecdaa, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	TSS_TPM_ALG_ID_Print("sm2", source->sm2.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	TSS_TPM_ALG_ID_Print("ecSchnorr", source->ecSchnorr.hashAlg, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_RSAES
+      case TPM_ALG_RSAES:
+	break;
+#endif
+#ifdef TPM_ALG_OAEP
+      case TPM_ALG_OAEP:
+	TSS_TPM_ALG_ID_Print("oaep", source->oaep.hashAlg, indent+2);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMU_ASYM_SCHEME selection %04hx not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table 163 - Definition of TPMT_ASYM_SCHEME Structure <> */
+
+void TSS_TPMT_ASYM_SCHEME_Print(TPMT_ASYM_SCHEME *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPMU_ASYM_SCHEME_Print(&source->details, source->scheme, indent+2);
+    }
+    return;
+}
+	
+/* Table 165 - Definition of {RSA} TPMT_RSA_SCHEME Structure */
+
+void TSS_TPMT_RSA_SCHEME_Print(TPMT_RSA_SCHEME *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPM_ALG_ID_Print("details", source->details.anySig.hashAlg, indent+2);
+    }
+    return;
+}
+
+/* Table 167 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */
+
+void TSS_TPMT_RSA_DECRYPT_Print(TPMT_RSA_DECRYPT *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPMU_ASYM_SCHEME_Print(&source->details, source->scheme, indent+2);
+    }
+    return;
+}
+
+/* Table 169 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */
+
+void TSS_TPMI_RSA_KEY_BITS_Print(TPMI_RSA_KEY_BITS source, unsigned int indent)
+{
+    printf("%*s" "TPM_KEY_BITS keyBits: %u\n", indent, "", source);
+    return;
+}
+
+/* Table 172 - Definition of {ECC} TPMS_ECC_POINT Structure */
+
+void TSS_TPMS_ECC_POINT_Print(TPMS_ECC_POINT *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_ECC_POINT x", indent+2, &source->x.b);
+    TSS_TPM2B_Print("TPMS_ECC_POINT y", indent+2, &source->y.b);
+    return;
+}
+
+/* Table 173 - Definition of {ECC} TPM2B_ECC_POINT Structure */
+
+void TSS_TPM2B_ECC_POINT_Print(const char *string, TPM2B_ECC_POINT *source, unsigned int indent)
+{
+    printf("%*s" "%s\n", indent, "", string);
+    TSS_TPMS_ECC_POINT_Print(&source->point, indent);
+    return;
+}
+
+/* Table 175 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */
+
+void TSS_TPMI_ECC_CURVE_Print(const char *string, TPMI_ECC_CURVE source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+      case TPM_ECC_BN_P256:
+	printf("%s TPM_ECC_BN_P256\n", string);
+	break;
+      case TPM_ECC_NIST_P256:
+	printf("%s TPM_ECC_NIST_P256\n", string);
+	break;
+      case TPM_ECC_NIST_P384:
+	printf("%s TPM_ECC_NIST_P384\n", string);
+	break;
+      default:
+	printf("%s TPMI_ECC_CURVE %04hx unknown\n", string, source);
+    }
+    return;
+}
+
+/* Table 176 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */
+
+void TSS_TPMT_ECC_SCHEME_Print(TPMT_ECC_SCHEME *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("scheme", source->scheme, indent+2);
+    if (source->scheme != TPM_ALG_NULL) {
+	TSS_TPM_ALG_ID_Print("details", source->details.anySig.hashAlg, indent+2);
+    }
+    return;
+}
+
+/* Table 177 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> */
+
+void TSS_TPMS_ALGORITHM_DETAIL_ECC_Print(TPMS_ALGORITHM_DETAIL_ECC *source, unsigned int indent)
+{
+    TSS_TPM_ECC_CURVE_Print("curveID", source->curveID, indent+2);
+    printf("%*s" "TPMS_ALGORITHM_DETAIL_ECC keySize %u\n", indent+2, "", source->keySize);
+    TSS_TPMT_KDF_SCHEME_Print(&source->kdf, indent+2);
+    TSS_TPMT_ECC_SCHEME_Print(&source->sign, indent+2);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC p", indent, &source->p.b);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC a", indent, &source->a.b);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC b", indent, &source->b.b);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC gX", indent, &source->gX.b);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC gY", indent, &source->gY.b);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC n", indent, &source->n.b);
+    TSS_TPM2B_Print("TPMS_ALGORITHM_DETAIL_ECC h", indent, &source->h.b);
+    return;
+}
+
+/* Table 178 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */
+
+void TSS_TPMS_SIGNATURE_RSA_Print(TPMS_SIGNATURE_RSA *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("hash", source->hash, indent+2);
+    TSS_TPM2B_Print("TPMS_SIGNATURE_RSA sig", indent+2, &source->sig.b);
+    return;
+}
+
+/* Table 179 - Definition of Types for {RSA} Signature */
+
+void TSS_TPMS_SIGNATURE_RSASSA_Print(TPMS_SIGNATURE_RSASSA *source, unsigned int indent)
+{
+    TSS_TPMS_SIGNATURE_RSA_Print(source, indent+2);
+    return;
+}
+
+/* Table 180 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */
+
+void TSS_TPMS_SIGNATURE_ECC_Print(TPMS_SIGNATURE_ECC *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("hash", source->hash, indent);
+    TSS_TPM2B_Print("TPMS_SIGNATURE_ECC signatureR", indent, &source->signatureR.b);
+    TSS_TPM2B_Print("TPMS_SIGNATURE_ECC signatureS", indent, &source->signatureS.b);
+    return;
+}
+
+/* Table 182 - Definition of TPMU_SIGNATURE Union <IN/OUT, S> */
+
+void TSS_TPMU_SIGNATURE_Print(TPMU_SIGNATURE *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_RSASSA
+      case TPM_ALG_RSASSA:
+	TSS_TPMS_SIGNATURE_RSA_Print(&source->rsassa, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_RSAPSS
+      case TPM_ALG_RSAPSS:
+	TSS_TPMS_SIGNATURE_RSA_Print(&source->rsapss, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECDSA
+      case TPM_ALG_ECDSA:
+	TSS_TPMS_SIGNATURE_ECC_Print(&source->ecdsa, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECDAA
+      case TPM_ALG_ECDAA:
+	TSS_TPMS_SIGNATURE_ECC_Print(&source->ecdaa, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_SM2
+      case TPM_ALG_SM2:
+	TSS_TPMS_SIGNATURE_ECC_Print(&source->sm2, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_ECSCHNORR
+      case TPM_ALG_ECSCHNORR:
+	TSS_TPMS_SIGNATURE_ECC_Print(&source->ecschnorr, indent+2);
+	break;
+#endif
+#ifdef TPM_ALG_HMAC
+      case TPM_ALG_HMAC:
+	TSS_TPMT_HA_Print(&source->hmac, indent+2);
+	break;
+#endif
+     default:
+	printf("%*s" "TPMU_SIGNATURE selection %04hx not implemented\n", indent, "", selector);
+	
+    }
+}
+
+/* Table 183 - Definition of TPMT_SIGNATURE Structure */
+
+void TSS_TPMT_SIGNATURE_Print(TPMT_SIGNATURE *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("sigAlg", source->sigAlg, indent+2);
+    if (source->sigAlg != TPM_ALG_NULL) {
+	TSS_TPMU_SIGNATURE_Print(&source->signature, source->sigAlg, indent);
+    }
+    return;
+}
+
+/* Table 186 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */
+
+void TSS_TPMI_ALG_PUBLIC_Print(const char *string, TPMI_ALG_PUBLIC source, unsigned int indent)
+{
+    printf("%*s", indent, "");
+    switch (source) {
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	printf("%s TPM_ALG_KEYEDHASH\n", string);
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	printf("%s TPM_ALG_RSA\n", string);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	printf("%s TPM_ALG_ECC\n", string);
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	printf("%s TPM_ALG_SYMCIPHER\n", string);
+	break;
+#endif
+      default:
+	printf("%s selection %04hx not implemented\n", string, source);
+    }
+    return;
+}
+    
+/* Table 187 - Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> */
+
+void TSS_TPMU_PUBLIC_ID_Print(TPMU_PUBLIC_ID *source, TPMI_ALG_PUBLIC selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	TSS_TPM2B_Print("TPM_ALG_KEYEDHASH keyedHash", indent, &source->keyedHash.b);
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	TSS_TPM2B_Print("TPM_ALG_SYMCIPHER sym", indent, &source->sym.b);
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA: 
+	TSS_TPM2B_Print("TPM_ALG_RSA rsa", indent, &source->rsa.b);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	TSS_TPM2B_Print("TPM_ALG_ECC x", indent, &source->ecc.x.b);
+	TSS_TPM2B_Print("TPM_ALG_ECC y", indent, &source->ecc.y.b);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMU_PUBLIC_ID_Print: selection %04hx not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table 188 - Definition of TPMS_KEYEDHASH_PARMS Structure */
+
+void TSS_TPMS_KEYEDHASH_PARMS_Print(TPMS_KEYEDHASH_PARMS *source, unsigned int indent)
+{
+    TSS_TPMT_KEYEDHASH_SCHEME_Print(&source->scheme, indent);
+    return;
+}
+
+/* Table 189 - Definition of TPMS_ASYM_PARMS Structure <> */
+
+void TSS_TPMS_ASYM_PARMS_Print(TPMS_ASYM_PARMS *source, unsigned int indent)
+{
+    TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent+2);
+    TSS_TPMT_ASYM_SCHEME_Print(&source->scheme, indent+2);
+    return;
+}
+
+/* Table 190 - Definition of {RSA} TPMS_RSA_PARMS Structure */
+
+void TSS_TPMS_RSA_PARMS_Print(TPMS_RSA_PARMS *source, unsigned int indent)
+{
+    TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent);
+    TSS_TPMT_RSA_SCHEME_Print(&source->scheme, indent);
+    TSS_TPMI_RSA_KEY_BITS_Print(source->keyBits, indent);
+    printf("%*s" "TPMS_RSA_PARMS exponent %08x\n", indent, "", source->exponent);
+    return;
+}
+
+/* Table 191 - Definition of {ECC} TPMS_ECC_PARMS Structure */
+
+void TSS_TPMS_ECC_PARMS_Print(TPMS_ECC_PARMS *source, unsigned int indent)
+{
+    TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent);
+    TSS_TPMT_ECC_SCHEME_Print(&source->scheme, indent);
+    TSS_TPMI_ECC_CURVE_Print("curveID", source->curveID, indent);
+    TSS_TPMT_KDF_SCHEME_Print(&source->kdf, indent);
+    return;
+}
+
+/* Table 192 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
+
+void TSS_TPMU_PUBLIC_PARMS_Print(TPMU_PUBLIC_PARMS *source, uint32_t selector, unsigned int indent)
+{
+    switch (selector) {
+      case TPM_ALG_KEYEDHASH:
+	printf("%*s" "TPMU_PUBLIC_PARMS keyedHashDetail\n", indent, "");
+	TSS_TPMS_KEYEDHASH_PARMS_Print(&source->keyedHashDetail, indent);
+	break;
+#if 0
+      case TPM_ALG_SYMCIPHER:
+	printf("%*s" "TPMU_PUBLIC_PARMS symDetail\n", indent, "");
+	TSS_TPMS_SYMCIPHER_PARMS_Print(&source->symDetail, indent);
+	break;
+#endif
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	printf("%*s" "TPMU_PUBLIC_PARMS rsaDetail\n", indent, "");
+	TSS_TPMS_RSA_PARMS_Print(&source->rsaDetail, indent);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	printf("%*s" "TPMU_PUBLIC_PARMS eccDetail\n", indent, "");
+	TSS_TPMS_ECC_PARMS_Print(&source->eccDetail, indent);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMU_PUBLIC_PARMS: selector %04x not implemented\n", indent, "", selector);
+    }
+    return;
+}
+
+/* Table 193 - Definition of TPMT_PUBLIC_PARMS Structure */
+
+void TSS_TPMT_PUBLIC_PARMS_Print(TPMT_PUBLIC_PARMS *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("type", source->type, indent);
+    TSS_TPMU_PUBLIC_PARMS_Print(&source->parameters, source->type, indent);
+    return;
+}
+/* Table 194 - Definition of TPMT_PUBLIC Structure */
+
+void TSS_TPMT_PUBLIC_Print(TPMT_PUBLIC *source, unsigned int indent)
+{
+    TSS_TPMI_ALG_PUBLIC_Print("type", source->type, indent);
+    TSS_TPM_ALG_ID_Print("nameAlg", source->nameAlg, indent);
+    TSS_TPMA_OBJECT_Print("objectAttributes", source->objectAttributes, indent);	
+    TSS_TPM2B_Print("authPolicy", indent, &source->authPolicy.b);
+    TSS_TPMU_PUBLIC_PARMS_Print(&source->parameters, source->type, indent);		
+    TSS_TPMU_PUBLIC_ID_Print(&source->unique, source->type, indent);			
+    return;
+}
+
+/* Table 195 - Definition of TPM2B_PUBLIC Structure */
+
+void TSS_TPM2B_PUBLIC_Print(const char *string, TPM2B_PUBLIC *source, unsigned int indent)
+{
+    printf("%*s" "%s\n", indent, "", string);
+    TSS_TPMT_PUBLIC_Print(&source->publicArea, indent+2);		
+    return;
+}
+
+/* Table 198 - Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> */
+
+void TSS_TPMU_SENSITIVE_COMPOSITE_Print(TPMU_SENSITIVE_COMPOSITE *source, uint32_t selector, unsigned int indent)
+{
+    switch (selector) {
+#ifdef TPM_ALG_RSA
+      case TPM_ALG_RSA:
+	TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE rsa", indent+2, &source->rsa.b);
+	break;
+#endif
+#ifdef TPM_ALG_ECC
+      case TPM_ALG_ECC:
+	TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE ecc", indent+2, &source->ecc.b);
+	break;
+#endif
+#ifdef TPM_ALG_KEYEDHASH
+      case TPM_ALG_KEYEDHASH:
+	TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE bits", indent+2, &source->bits.b);
+	break;
+#endif
+#ifdef TPM_ALG_SYMCIPHER
+      case TPM_ALG_SYMCIPHER:
+	TSS_TPM2B_Print("TPMU_SENSITIVE_COMPOSITE sym", indent+2, &source->sym.b);
+	break;
+#endif
+      default:
+	printf("%*s" "TPMU_SENSITIVE_COMPOSITE: selection %08x not implemented \n", indent+2, "", selector);
+    }
+    return;
+}
+
+/* Table 199 - Definition of TPMT_SENSITIVE Structure */
+
+void TSS_TPMT_SENSITIVE_Print(TPMT_SENSITIVE *source, unsigned int indent)
+{
+    TSS_TPM_ALG_ID_Print("sensitiveType", source->sensitiveType, indent+2);
+    TSS_TPM2B_Print("TPMT_SENSITIVE authValue", indent+2, &source->authValue.b);
+    TSS_TPM2B_Print("TPMT_SENSITIVE seedValue", indent+2, &source->seedValue.b);
+    TSS_TPMU_SENSITIVE_COMPOSITE_Print(&source->sensitive, source->sensitiveType, indent+2);
+    return;
+}
+
+/* Table 200 - Definition of TPM2B_SENSITIVE Structure <IN/OUT> */
+
+void TSS_TPM2B_SENSITIVE_Print(TPM2B_SENSITIVE *source, unsigned int indent)
+{
+    printf("%*s" "TPM2B_SENSITIVE size %u\n", indent+2, "", source->t.size);
+    if (source->t.size != 0) {
+	TSS_TPMT_SENSITIVE_Print(&source->t.sensitiveArea, indent+2);
+    }
+    return;
+}
+
+/* Table 207 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure */
+
+void TSS_TPMS_NV_PIN_COUNTER_PARAMETERS_Print(TPMS_NV_PIN_COUNTER_PARAMETERS *source, unsigned int indent)
+{
+    printf("%*s" "pinCount %u\n", indent+2, "", source->pinCount);
+    printf("%*s" "pinLimit %u\n", indent+2, "", source->pinLimit);
+    return;
+}
+
+/* Table 208 - Definition of (UINT32) TPMA_NV Bits */
+
+void TSS_TPMA_NV_Print(TPMA_NV source, unsigned int indent)
+{
+    uint32_t nvType;
+
+    if (source.val & TPMA_NVA_PPWRITE) printf("%*s" "TPMA_NV_PPWRITE\n", indent, "");
+    if (source.val & TPMA_NVA_OWNERWRITE) printf("%*s" "TPMA_NV_OWNERWRITE\n", indent, "");
+    if (source.val & TPMA_NVA_AUTHWRITE) printf("%*s" "TPMA_NV_AUTHWRITE\n", indent, "");
+    if (source.val & TPMA_NVA_POLICYWRITE) printf("%*s" "TPMA_NV_POLICYWRITE\n", indent, "");
+
+    nvType = (source.val & TPMA_NVA_TPM_NT_MASK) >> 4;
+    switch (nvType) {
+      case TPM_NT_ORDINARY:
+	printf("%*s" "TPM_NT_ORDINARY\n", indent, "");
+	break;
+      case TPM_NT_COUNTER:
+	printf("%*s" "TPM_NT_COUNTER\n", indent, "");
+	break;
+      case TPM_NT_BITS:
+	printf("%*s" "TPM_NT_COUNTER\n", indent, "");
+	break;
+      case TPM_NT_EXTEND:
+	printf("%*s" "TPM_NT_EXTEND\n", indent, "");
+	break;
+      case TPM_NT_PIN_FAIL:
+	printf("%*s" "TPM_NT_PIN_FAIL\n", indent, "");
+	break;
+      case TPM_NT_PIN_PASS:
+	printf("%*s" "TPM_NT_PIN_PASS\n", indent, "");
+	break;
+      default:
+	printf("%*s" "TPMA_NV type %02x unknown\n", indent, "", nvType);
+    }
+
+    if (source.val & TPMA_NVA_POLICY_DELETE) printf("%*s" "TPMA_NV_POLICY_DELETE\n", indent, "");
+    if (source.val & TPMA_NVA_WRITELOCKED) printf("%*s" "TPMA_NV_WRITELOCKED\n", indent, "");
+    if (source.val & TPMA_NVA_WRITEALL) printf("%*s" "TPMA_NV_WRITEALL\n", indent, "");
+    if (source.val & TPMA_NVA_WRITEDEFINE) printf("%*s" "TPMA_NV_WRITEDEFINE\n", indent, "");
+    if (source.val & TPMA_NVA_WRITE_STCLEAR) printf("%*s" "TPMA_NV_WRITE_STCLEAR\n", indent, "");
+    if (source.val & TPMA_NVA_GLOBALLOCK) printf("%*s" "TPMA_NV_GLOBALLOCK\n", indent, "");
+    if (source.val & TPMA_NVA_PPREAD) printf("%*s" "TPMA_NV_PPREAD\n", indent, "");
+    if (source.val & TPMA_NVA_OWNERREAD) printf("%*s" "TPMA_NV_OWNERREAD\n", indent, "");
+    if (source.val & TPMA_NVA_AUTHREAD) printf("%*s" "TPMA_NV_AUTHREAD\n", indent, "");
+    if (source.val & TPMA_NVA_POLICYREAD) printf("%*s" "TPMA_NV_POLICYREAD\n", indent, "");
+    if (source.val & TPMA_NVA_NO_DA) printf("%*s" "TPMA_NV_NO_DA\n", indent, "");
+    if (source.val & TPMA_NVA_ORDERLY) printf("%*s" "TPMA_NV_ORDERLY\n", indent, "");
+    if (source.val & TPMA_NVA_CLEAR_STCLEAR) printf("%*s" "TPMA_NV_CLEAR_STCLEAR\n", indent, "");
+    if (source.val & TPMA_NVA_READLOCKED) printf("%*s" "TPMA_NV_READLOCKED\n", indent, "");
+    if (source.val & TPMA_NVA_WRITTEN) printf("%*s" "TPMA_NV_WRITTEN\n", indent, "");
+    if (source.val & TPMA_NVA_PLATFORMCREATE) printf("%*s" "TPMA_NV_PLATFORMCREATE\n", indent, "");
+    if (source.val & TPMA_NVA_READ_STCLEAR) printf("%*s" "TPMA_NV_READ_STCLEAR\n", indent, "");
+    return;
+}
+
+/* Table 209 - Definition of TPMS_NV_PUBLIC Structure */
+
+void TSS_TPMS_NV_PUBLIC_Print(TPMS_NV_PUBLIC *source, unsigned int indent)
+{
+    printf("%*s" "TPMS_NV_PUBLIC nvIndex %08x\n", indent+2, "", source->nvIndex);
+    TSS_TPM_ALG_ID_Print("nameAlg", source->nameAlg, indent+2);
+    TSS_TPMA_NV_Print(source->attributes, indent+2);
+    TSS_TPM2B_Print("TPMS_NV_PUBLIC authPolicy", indent+2, &source->authPolicy.b);
+    printf("%*s" "TPMS_NV_PUBLIC dataSize %u\n", indent+2, "", source->dataSize);
+    return;
+}
+
+/* Table 210 - Definition of TPM2B_NV_PUBLIC Structure */
+
+void TSS_TPM2B_NV_PUBLIC_Print(TPM2B_NV_PUBLIC *source, unsigned int indent)
+{
+    TSS_TPMS_NV_PUBLIC_Print(&source->nvPublic, indent+2);
+    return;
+}
+
+/* Table 212 - Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> */
+
+void TSS_TPMS_CONTEXT_DATA_Print(TPMS_CONTEXT_DATA *source, unsigned int indent)
+{
+    TSS_TPM2B_Print("TPMS_CONTEXT_DATA integrity", indent+2, &source->integrity.b);
+    TSS_TPM2B_Print("TPMS_CONTEXT_DATA encrypted", indent+2, &source->encrypted.b);
+    return;
+}
+
+/* Table 214 - Definition of TPMS_CONTEXT Structure */
+
+void TSS_TPMS_CONTEXT_Print(TPMS_CONTEXT *source, unsigned int indent)
+{
+    printf("%*s" "TPMS_CONTEXT sequence %"PRIu64"\n", indent+2, "", source->sequence);
+    TSS_TPM_HANDLE_Print("savedHandle", source->savedHandle, indent+2);
+    TSS_TPM_HANDLE_Print("hierarchy", source->hierarchy, indent+2);
+    TSS_TPM2B_Print("TPMS_CONTEXT contextBlob", indent+2, &source->contextBlob.b);
+    return;
+}
+
+/* Table 216 - Definition of TPMS_CREATION_DATA Structure <OUT> */
+
+void TSS_TPMS_CREATION_DATA_Print(TPMS_CREATION_DATA *source, unsigned int indent)
+{
+    TSS_TPML_PCR_SELECTION_Print(&source->pcrSelect, indent+2);
+    TSS_TPM2B_Print("TPMS_CREATION_DATA pcrDigest", indent+2, &source->pcrDigest.b);
+    TSS_TPMA_LOCALITY_Print(source->locality, indent+2);
+    TSS_TPM_ALG_ID_Print("parentNameAlg", source->parentNameAlg, indent+2);
+    TSS_TPM2B_Print("TPMS_CREATION_DATA parentName", indent+2, &source->parentName.b);
+    TSS_TPM2B_Print("TPMS_CREATION_DATA parentQualifiedName", indent+2, &source->parentQualifiedName.b);
+    TSS_TPM2B_Print("TPMS_CREATION_DATA outsideInfo", indent+2, &source->outsideInfo.b);
+return;
+}
+
+/* Table 217 - Definition of TPM2B_CREATION_DATA Structure <OUT> */
+
+void TSS_TPM2B_CREATION_DATA_Print(TPM2B_CREATION_DATA *source, unsigned int indent)
+{
+    printf("%*s" "TPM2B_CREATION_DATA size %u\n", indent+2, "", source->size);
+    TSS_TPMS_CREATION_DATA_Print(&source->creationData, indent+2);
+    return;
+}
+
+#endif	/* TPM_TPM20 */
+
+#endif /* TPM_TSS_NO_PRINT */
diff --git a/utils/tssprintcmd.c b/utils/tssprintcmd.c
new file mode 100644
index 000000000..45da7e166
--- /dev/null
+++ b/utils/tssprintcmd.c
@@ -0,0 +1,920 @@
+/********************************************************************************/
+/*										*/
+/*			     Command Print Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdint.h>
+#include <stdio.h>
+#include <inttypes.h>
+
+#include <ibmtss/tssprintcmd.h>
+
+void ActivateCredential_In_Print(ActivateCredential_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ActivateCredential\n", indent, "");
+    TSS_TPM_HANDLE_Print("activateHandle", in->activateHandle, indent);
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_Print("credentialBlob", indent, &in->credentialBlob.b);
+    TSS_TPM2B_Print("TPM2B_ENCRYPTED_SECRET secret", indent, &in->secret.b);
+    return;
+}
+void CertifyCreation_In_Print(CertifyCreation_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_CertifyCreation\n", indent, "");
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    TSS_TPM2B_Print("creationHash", indent, &in->creationHash.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    printf("%*s" "creationTicket\n", indent, "");
+    TSS_TPMT_TK_CREATION_Print(&in->creationTicket, indent+2);
+    return;
+}
+void Certify_In_Print(Certify_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Certify\n", indent, "");
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    return;
+}
+void CertifyX509_In_Print(CertifyX509_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_CertifyX509\n", indent, "");
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM2B_Print("reserved", indent, &in->reserved.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    TSS_TPM2B_Print("partialCertificate", indent, &in->partialCertificate.b);
+    return;
+}
+void ChangeEPS_In_Print(ChangeEPS_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ChangeEPS\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    return;
+}
+void ChangePPS_In_Print(ChangePPS_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ChangePPS\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    return;
+}
+void ClearControl_In_Print(ClearControl_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ClearControl\n", indent, "");
+    TSS_TPM_HANDLE_Print("auth", in->auth, indent);
+    TSS_TPMI_YES_NO_Print("disable", in->disable, indent);
+    return;
+}
+void Clear_In_Print(Clear_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Clear\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    return;
+}
+void ClockRateAdjust_In_Print(ClockRateAdjust_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ClockRateAdjust\n", indent, "");
+    TSS_TPM_HANDLE_Print("auth", in->auth, indent);
+    TSS_TPM_CLOCK_ADJUST_Print("rateAdjust", in->rateAdjust, indent);
+    return;
+}
+void ClockSet_In_Print(ClockSet_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ClockSet\n", indent, "");
+    TSS_TPM_HANDLE_Print("auth", in->auth, indent);
+    printf("%*s" "newTime %"PRIu64"\n", indent, "", in->newTime);
+    return;
+}
+void Commit_In_Print(Commit_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Commit\n", indent, "");
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM2B_ECC_POINT_Print("P1", &in->P1, indent);
+    TSS_TPM2B_Print("s2", indent, &in->s2.b);
+    TSS_TPM2B_Print("y2", indent, &in->y2.b);
+    return;
+}
+void ContextLoad_In_Print(ContextLoad_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ContextLoad\n", indent, "");
+    TSS_TPMS_CONTEXT_Print(&in->context, indent);
+    return;
+}
+void ContextSave_In_Print(ContextSave_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ContextSave\n", indent, "");
+    TSS_TPM_HANDLE_Print("saveHandle", in->saveHandle, indent);
+    return;
+}
+void Create_In_Print(Create_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Create\n", indent, "");
+    TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent);
+    TSS_TPM2B_SENSITIVE_CREATE_Print("inSensitive", &in->inSensitive, indent);
+    TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent);
+    TSS_TPM2B_Print("outsideInfo", indent, &in->outsideInfo.b);
+    TSS_TPML_PCR_SELECTION_Print(&in->creationPCR, indent);
+    return;
+}
+void CreateLoaded_In_Print(CreateLoaded_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_CreateLoaded\n", indent, "");
+    TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent);
+    TSS_TPM2B_SENSITIVE_CREATE_Print("inSensitive", &in->inSensitive, indent);
+    TSS_TPM2B_Print("inPublic", indent, &in->inPublic.b);
+    return;
+}
+void CreatePrimary_In_Print(CreatePrimary_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_CreatePrimary\n", indent, "");
+    TSS_TPM_HANDLE_Print("primaryHandle", in->primaryHandle, indent);
+    TSS_TPM2B_SENSITIVE_CREATE_Print("inSensitive", &in->inSensitive, indent);
+    TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent);
+    TSS_TPM2B_Print("outsideInfo", indent, &in->outsideInfo.b);
+    TSS_TPML_PCR_SELECTION_Print(&in->creationPCR, indent);
+    return;
+}
+void DictionaryAttackLockReset_In_Print(DictionaryAttackLockReset_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_DictionaryAttackLockReset\n", indent, "");
+    TSS_TPM_HANDLE_Print("lockHandle", in->lockHandle, indent);
+    return;
+}
+void DictionaryAttackParameters_In_Print(DictionaryAttackParameters_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_DictionaryAttackParameters\n", indent, "");
+    TSS_TPM_HANDLE_Print("lockHandle", in->lockHandle, indent);
+    printf("%*s" "newMaxTries %u\n", indent, "", in->newMaxTries);
+    printf("%*s" "newRecoveryTime %u\n", indent, "", in->newRecoveryTime);
+    printf("%*s" "lockoutRecovery %u\n", indent, "", in->lockoutRecovery);
+    return;
+}
+void Duplicate_In_Print(Duplicate_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Duplicate\n", indent, "");
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    TSS_TPM_HANDLE_Print("newParentHandle", in->newParentHandle, indent);
+    TSS_TPM2B_Print("encryptionKeyIn", indent, &in->encryptionKeyIn.b);
+    printf("%*s" "symmetricAlg\n", indent, "");
+    TSS_TPMT_SYM_DEF_OBJECT_Print(&in->symmetricAlg, indent);
+    return;
+}
+void ECC_Parameters_In_Print(ECC_Parameters_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ECC_Parameters\n", indent, "");
+    TSS_TPMI_ECC_CURVE_Print("curveID", in->curveID, indent);
+    return;
+}
+void ECDH_KeyGen_In_Print(ECDH_KeyGen_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ECDH_KeyGen\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    return;
+}
+void ECDH_ZGen_In_Print(ECDH_ZGen_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ECDH_ZGen\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_ECC_POINT_Print("inPoint", &in->inPoint, indent);
+    return;
+}
+void EC_Ephemeral_In_Print(EC_Ephemeral_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_EC_Ephemeral\n", indent, "");
+    TSS_TPMI_ECC_CURVE_Print("curveID", in->curveID, indent);
+    return;
+}
+void EncryptDecrypt_In_Print(EncryptDecrypt_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_EncryptDecrypt\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPMI_YES_NO_Print("decrypt", in->decrypt, indent);
+    TSS_TPM_ALG_ID_Print("mode", in->mode, indent);
+    TSS_TPM2B_Print("ivIn", indent, &in->ivIn.b);
+    TSS_TPM2B_Print("inData", indent, &in->inData.b);
+    return;
+}
+void EncryptDecrypt2_In_Print(EncryptDecrypt2_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_EncryptDecrypt2\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_Print("inData", indent, &in->inData.b);
+    TSS_TPMI_YES_NO_Print("decrypt", in->decrypt, indent);
+    TSS_TPM_ALG_ID_Print("mode", in->mode, indent);
+    TSS_TPM2B_Print("ivIn", indent, &in->ivIn.b);
+    return;
+}
+void EventSequenceComplete_In_Print(EventSequenceComplete_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_EventSequenceComplete\n", indent, "");
+    TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent);
+    TSS_TPM_HANDLE_Print("sequenceHandle", in->sequenceHandle, indent);
+    TSS_TPM2B_Print("buffer", indent, &in->buffer.b);
+    return;
+}
+void EvictControl_In_Print(EvictControl_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_EvictControl\n", indent, "");
+    TSS_TPM_HANDLE_Print("auth", in->auth, indent);
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    TSS_TPM_HANDLE_Print("persistentHandle", in->persistentHandle, indent);
+    return;
+}
+void FlushContext_In_Print(FlushContext_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_FlushContext\n", indent, "");
+    TSS_TPM_HANDLE_Print("flushHandle", in->flushHandle, indent);
+    return;
+}
+void GetCapability_In_Print(GetCapability_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_GetCapability\n", indent, "");
+    TSS_TPM_CAP_Print("capability", in->capability, indent);
+    printf("%*s" "property %08x\n", indent, "", in->property);
+    printf("%*s" "propertyCount %u\n", indent, "", in->propertyCount);
+    return;
+}
+void GetCommandAuditDigest_In_Print(GetCommandAuditDigest_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_GetCommandAuditDigest\n", indent, "");
+    TSS_TPM_HANDLE_Print("privacyHandle", in->privacyHandle, indent);
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    return;
+}
+void GetRandom_In_Print(GetRandom_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_GetRandom\n", indent, "");
+    printf("%*s" "bytesRequested %u\n", indent, "", in->bytesRequested);
+    return;
+}
+void GetSessionAuditDigest_In_Print(GetSessionAuditDigest_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_GetSessionAuditDigest\n", indent, "");
+    TSS_TPM_HANDLE_Print("privacyAdminHandle", in->privacyAdminHandle, indent);
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM_HANDLE_Print("sessionHandle", in->sessionHandle, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    return;
+}
+void GetTime_In_Print(GetTime_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_GetTime\n", indent, "");
+    TSS_TPM_HANDLE_Print("privacyAdminHandle", in->privacyAdminHandle, indent);
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    return;
+}
+void HMAC_Start_In_Print(HMAC_Start_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_HMAC_Start\n", indent, "");
+    TSS_TPM_HANDLE_Print("handle", in->handle, indent);
+    TSS_TPM2B_Print("auth", indent, &in->auth.b);
+    TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent);
+    return;
+}
+void HMAC_In_Print(HMAC_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_HMAC\n", indent, "");
+    TSS_TPM_HANDLE_Print("handle", in->handle, indent);
+    TSS_TPM2B_Print("buffer", indent, &in->buffer.b);
+    TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent);
+    return;
+}
+void HashSequenceStart_In_Print(HashSequenceStart_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_HashSequenceStart\n", indent, "");
+    TSS_TPM2B_Print("auth", indent, &in->auth.b);
+    TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent);
+    return;
+}
+void Hash_In_Print(Hash_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Hash\n", indent, "");
+    TSS_TPM2B_Print("data", indent, &in->data.b);
+    TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent);
+    TSS_TPM_HANDLE_Print("hierarchy", in->hierarchy, indent);
+    return;
+}
+void HierarchyChangeAuth_In_Print(HierarchyChangeAuth_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_HierarchyChangeAuth\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM2B_Print("newAuth", indent, &in->newAuth.b);
+    return;
+}
+void HierarchyControl_In_Print(HierarchyControl_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_HierarchyControl\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("enable", in->enable, indent);
+    TSS_TPMI_YES_NO_Print("state", in->state, indent);
+    return;
+}
+void Import_In_Print(Import_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Import\n", indent, "");
+    TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent);
+    TSS_TPM2B_Print("encryptionKey", indent, &in->encryptionKey.b);
+    TSS_TPM2B_PUBLIC_Print("objectPublic", &in->objectPublic, indent);
+    TSS_TPM2B_Print("duplicate", indent, &in->duplicate.b);
+    TSS_TPM2B_Print("inSymSeed", indent, &in->inSymSeed.b);
+    printf("%*s" "symmetricAlg\n", indent, "");
+    TSS_TPMT_SYM_DEF_OBJECT_Print(&in->symmetricAlg, indent);
+    return;
+}
+void IncrementalSelfTest_In_Print(IncrementalSelfTest_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_IncrementalSelfTest\n", indent, "");
+    TSS_TPML_ALG_Print(&in->toTest, indent);
+    return;
+}
+void LoadExternal_In_Print(LoadExternal_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_LoadExternal\n", indent, "");
+    if (in->inPrivate.t.size != 0) {	/* if there is a private area */
+	TSS_TPMT_SENSITIVE_Print(&in->inPrivate.t.sensitiveArea, indent);
+    }
+    TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent);
+    TSS_TPM_HANDLE_Print("hierarchy", in->hierarchy, indent);
+    return;
+}
+void Load_In_Print(Load_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Load\n", indent, "");
+    TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent);
+    TSS_TPM2B_Print("inPrivate", indent, &in->inPrivate.b);
+    TSS_TPM2B_PUBLIC_Print("inPublic", &in->inPublic, indent);
+    return;
+}
+void MakeCredential_In_Print(MakeCredential_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_MakeCredential\n", indent, "");
+    TSS_TPM_HANDLE_Print("handle", in->handle, indent);
+    TSS_TPM2B_Print("credential", indent, &in->credential.b);
+    TSS_TPM2B_Print("objectName", indent, &in->objectName.b);
+    return;
+}
+#if 0
+void NTC2_PreConfig_In_Print(NTC2_PreConfig_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NTC2_PreConfig\n", indent, "");
+    NTC2_CFG_STRUCT preConfig;
+    return;
+}
+#endif
+void NV_Certify_In_Print(NV_Certify_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_Certify\n", indent, "");
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    printf("%*s" "size %u\n", indent, "", in->size);
+    printf("%*s" "offset %u\n", indent, "", in->offset);
+    return;
+}
+void NV_ChangeAuth_In_Print(NV_ChangeAuth_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_ChangeAuth\n", indent, "");
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM2B_Print("newAuth", indent, &in->newAuth.b);
+    return;
+}
+void NV_DefineSpace_In_Print(NV_DefineSpace_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_DefineSpace\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM2B_Print("auth", indent, &in->auth.b);
+    printf("%*s" "publicInfo\n", indent, "");
+    TSS_TPM2B_NV_PUBLIC_Print(&in->publicInfo, indent);
+    return;
+}
+void NV_Extend_In_Print(NV_Extend_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_Extend\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM2B_Print("data", indent, &in->data.b);
+    return;
+}
+void NV_GlobalWriteLock_In_Print(NV_GlobalWriteLock_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_GlobalWriteLock\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    return;
+}
+void NV_Increment_In_Print(NV_Increment_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_Increment\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    return;
+}
+void NV_ReadLock_In_Print(NV_ReadLock_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_ReadLock\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    return;
+}
+void NV_ReadPublic_In_Print(NV_ReadPublic_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_ReadPublic\n", indent, "");
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    return;
+}
+void NV_Read_In_Print(NV_Read_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_Read\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    printf("%*s" "size %u\n", indent, "", in->size);
+    printf("%*s" "offset %u\n", indent, "", in->offset);
+    return;
+}
+void NV_SetBits_In_Print(NV_SetBits_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_SetBits\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    printf("%*s" "bits %"PRIx64"\n", indent, "", in->bits);
+    return;
+}
+void NV_UndefineSpaceSpecial_In_Print(NV_UndefineSpaceSpecial_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_UndefineSpaceSpecial\n", indent, "");
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM_HANDLE_Print("platform", in->platform, indent);
+    return;
+}
+void NV_UndefineSpace_In_Print(NV_UndefineSpace_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_UndefineSpace\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    return;
+}    
+void NV_WriteLock_In_Print(NV_WriteLock_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_WriteLock\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    return;
+}
+void NV_Write_In_Print(NV_Write_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_NV_Write\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM2B_Print("data", indent, &in->data.b);
+    printf("%*s" "offset %u\n", indent, "", in->offset);
+    return;
+}
+void ObjectChangeAuth_In_Print(ObjectChangeAuth_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ObjectChangeAuth\n", indent, "");
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    TSS_TPM_HANDLE_Print("parentHandle", in->parentHandle, indent);
+    TSS_TPM2B_Print("newAuth", indent, &in->newAuth.b);
+    return;
+}
+void PCR_Allocate_In_Print(PCR_Allocate_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_Allocate\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPML_PCR_SELECTION_Print(&in->pcrAllocation, indent);
+    return;
+}
+void PCR_Event_In_Print(PCR_Event_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_Event\n", indent, "");
+    TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent);
+    TSS_TPM2B_Print("eventData", indent, &in->eventData.b);
+    return;
+}
+void PCR_Extend_In_Print(PCR_Extend_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_Extend\n", indent, "");
+    TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent);
+    TSS_TPML_DIGEST_VALUES_Print(&in->digests, indent);
+    return;
+}
+void PCR_Read_In_Print(PCR_Read_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_Read\n", indent, "");
+    TSS_TPML_PCR_SELECTION_Print(&in->pcrSelectionIn, indent);
+    return;
+}
+void PCR_Reset_In_Print(PCR_Reset_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_Reset\n", indent, "");
+    TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent);
+    return;
+}
+void PCR_SetAuthPolicy_In_Print(PCR_SetAuthPolicy_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_SetAuthPolicy\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM2B_Print("authPolicy", indent, &in->authPolicy.b);
+    TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent);
+    TSS_TPM_HANDLE_Print("pcrNum", in->pcrNum, indent);
+    return;
+}
+void PCR_SetAuthValue_In_Print(PCR_SetAuthValue_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PCR_SetAuthValue\n", indent, "");
+    TSS_TPM_HANDLE_Print("pcrHandle", in->pcrHandle, indent);
+    TSS_TPM2B_Print("auth", indent, &in->auth.b);
+    return;
+}
+void PP_Commands_In_Print(PP_Commands_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PP_Commands\n", indent, "");
+    TSS_TPM_HANDLE_Print("auth", in->auth, indent);
+    TSS_TPML_CC_Print(&in->setList, indent);
+    TSS_TPML_CC_Print(&in->clearList, indent);
+    return;
+}
+void PolicyAuthValue_In_Print(PolicyAuthValue_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyAuthValue\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    return;
+}
+void PolicyAuthorizeNV_In_Print(PolicyAuthorizeNV_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyAuthorizeNV\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    return;
+}
+void PolicyAuthorize_In_Print(PolicyAuthorize_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyAuthorize\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("approvedPolicy", indent, &in->approvedPolicy.b);
+    TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b);
+    TSS_TPM2B_Print("keySign", indent, &in->keySign.b);
+    printf("%*s" "checkTicket\n", indent, "");
+    TSS_TPMT_TK_VERIFIED_Print(&in->checkTicket, indent+2);
+    return;
+}
+void PolicyCommandCode_In_Print(PolicyCommandCode_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyCommandCode\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM_CC_Print("code", in->code, indent);
+    return;
+}
+void PolicyCounterTimer_In_Print(PolicyCounterTimer_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyCounterTimer\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("operandB", indent, &in->operandB.b);
+    printf("%*s" "offset %u\n", indent, "", in->offset);
+    TSS_TPM_EO_Print("operation", in->operation, indent);
+    return;
+}
+void PolicyCpHash_In_Print(PolicyCpHash_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyCpHash\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b);
+    return;
+}
+void PolicyDuplicationSelect_In_Print(PolicyDuplicationSelect_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyDuplicationSelect\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("objectName", indent, &in->objectName.b);
+    TSS_TPM2B_Print("newParentName", indent, &in->newParentName.b);
+    TSS_TPMI_YES_NO_Print("includeObject", in->includeObject, indent);
+    return;
+}
+void PolicyGetDigest_In_Print(PolicyGetDigest_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyGetDigest\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    return;
+}
+void PolicyLocality_In_Print(PolicyLocality_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyLocality\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPMA_LOCALITY_Print(in->locality, indent);
+    return;
+}
+void PolicyNV_In_Print(PolicyNV_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyNV\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("nvIndex", in->nvIndex, indent);
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("operandB", indent, &in->operandB.b);
+    printf("%*s" "offset %u\n", indent, "", in->offset);
+    TSS_TPM_EO_Print("operation", in->operation, indent);
+    return;
+}
+void PolicyNameHash_In_Print(PolicyNameHash_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyNameHash\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("nameHash", indent, &in->nameHash.b);
+    return;
+}
+void PolicyNvWritten_In_Print(PolicyNvWritten_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyNvWritten\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPMI_YES_NO_Print("writtenSet", in->writtenSet, indent);
+    return;
+}
+void PolicyOR_In_Print(PolicyOR_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyOR\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    printf("%*s" "pHashList\n", indent, "");
+    TSS_TPML_DIGEST_Print(&in->pHashList, indent+2);
+    return;
+}
+void PolicyPCR_In_Print(PolicyPCR_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyPCR\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("pcrDigest", indent, &in->pcrDigest.b);
+    TSS_TPML_PCR_SELECTION_Print(&in->pcrs, indent);
+    return;
+}
+void PolicyPassword_In_Print(PolicyPassword_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyPassword\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    return;
+}
+void PolicyPhysicalPresence_In_Print(PolicyPhysicalPresence_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyPhysicalPresence\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    return;
+}
+void PolicyRestart_In_Print(PolicyRestart_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyRestart\n", indent, "");
+    TSS_TPM_HANDLE_Print("sessionHandle", in->sessionHandle, indent);
+    return;
+}
+void PolicySecret_In_Print(PolicySecret_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicySecret\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("nonceTPM", indent, &in->nonceTPM.b);
+    TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b);
+    TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b);
+    printf("%*s" "expiration %d\n", indent, "", in->expiration);
+    return;
+}
+void PolicySigned_In_Print(PolicySigned_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicySigned\n", indent, "");
+    TSS_TPM_HANDLE_Print("authObject", in->authObject, indent);
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("nonceTPM", indent, &in->nonceTPM.b);
+    TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b);
+    TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b);
+    printf("%*s" "expiration %d\n", indent, "", in->expiration);
+    printf("%*s" "auth\n", indent, "");
+    TSS_TPMT_SIGNATURE_Print(&in->auth, indent+2);
+    return;
+}
+void PolicyTemplate_In_Print(PolicyTemplate_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyTemplate\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("templateHash", indent, &in->templateHash.b);
+    return;
+}
+void PolicyTicket_In_Print(PolicyTicket_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_PolicyTicket\n", indent, "");
+    TSS_TPM_HANDLE_Print("policySession", in->policySession, indent);
+    TSS_TPM2B_Print("timeout", indent, &in->timeout.b);
+    TSS_TPM2B_Print("cpHashA", indent, &in->cpHashA.b);
+    TSS_TPM2B_Print("policyRef", indent, &in->policyRef.b);
+    TSS_TPM2B_Print("authName", indent, &in->authName.b);
+    printf("%*s" "ticket\n", indent, "");
+    TSS_TPMT_TK_AUTH_Print(&in->ticket, indent+2);
+    return;
+}
+void Quote_In_Print(Quote_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Quote\n", indent, "");
+    TSS_TPM_HANDLE_Print("signHandle", in->signHandle, indent);
+    TSS_TPM2B_Print("qualifyingData", indent, &in->qualifyingData.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    TSS_TPML_PCR_SELECTION_Print(&in->PCRselect, indent);
+    return;
+}
+void RSA_Decrypt_In_Print(RSA_Decrypt_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_RSA_Decrypt\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_Print("cipherText", indent, &in->cipherText.b); 
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_RSA_DECRYPT_Print(&in->inScheme, indent);
+    TSS_TPM2B_Print("label", indent, &in->label.b);
+    return;
+}
+void RSA_Encrypt_In_Print(RSA_Encrypt_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_RSA_Encrypt\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_Print("message", indent, &in->message.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_RSA_DECRYPT_Print(&in->inScheme, indent);
+    TSS_TPM2B_Print("label", indent, &in->label.b);
+    return;
+}
+void ReadPublic_In_Print(ReadPublic_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ReadPublic\n", indent, "");
+    TSS_TPM_HANDLE_Print("objectHandle", in->objectHandle, indent);
+    return;
+}
+void Rewrap_In_Print(Rewrap_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Rewrap\n", indent, "");
+    TSS_TPM_HANDLE_Print("oldParent", in->oldParent, indent);
+    TSS_TPM_HANDLE_Print("newParent", in->newParent, indent);
+    TSS_TPM2B_Print("inDuplicate", indent, &in->inDuplicate.b);
+    TSS_TPM2B_Print("name", indent, &in->name.b);
+    TSS_TPM2B_Print("inSymSeed", indent, &in->inSymSeed.b);
+    return;
+}
+void SelfTest_In_Print(SelfTest_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_SelfTest\n", indent, "");
+    TSS_TPMI_YES_NO_Print("fullTest", in->fullTest, indent);
+    return;
+}
+void SequenceComplete_In_Print(SequenceComplete_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_SequenceComplete\n", indent, "");
+    TSS_TPM_HANDLE_Print("sequenceHandle", in->sequenceHandle, indent);
+    TSS_TPM2B_Print("buffer", indent, &in->buffer.b);
+    TSS_TPM_HANDLE_Print("hierarchy", in->hierarchy, indent);
+    return;
+}
+void SequenceUpdate_In_Print(SequenceUpdate_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_SequenceUpdate\n", indent, "");
+    TSS_TPM_HANDLE_Print("sequenceHandle", in->sequenceHandle, indent);
+    TSS_TPM2B_Print("buffer", indent, &in->buffer.b);
+    return;
+}
+void SetAlgorithmSet_In_Print(SetAlgorithmSet_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_SetAlgorithmSet\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    printf("%*s" "algorithmSet %08x\n", indent, "", in->algorithmSet);
+    return;
+}
+void SetCommandCodeAuditStatus_In_Print(SetCommandCodeAuditStatus_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_SetCommandCodeAuditStatus\n", indent, "");
+    TSS_TPM_HANDLE_Print("auth", in->auth, indent);
+    TSS_TPM_ALG_ID_Print("auditAlg", in->auditAlg, indent);
+    TSS_TPML_CC_Print(&in->setList, indent);
+    TSS_TPML_CC_Print(&in->clearList, indent);
+    return;
+}
+void SetPrimaryPolicy_In_Print(SetPrimaryPolicy_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_SetPrimaryPolicy\n", indent, "");
+    TSS_TPM_HANDLE_Print("authHandle", in->authHandle, indent);
+    TSS_TPM2B_Print("authPolicy", indent, &in->authPolicy.b);
+    TSS_TPM_ALG_ID_Print("hashAlg", in->hashAlg, indent);
+    return;
+}
+void Shutdown_In_Print(Shutdown_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Shutdown\n", indent, "");
+    TSS_TPM_SU_Print("shutdownType", in->shutdownType, indent);
+    return;
+}
+void Sign_In_Print(Sign_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Sign\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_Print("digest", indent, &in->digest.b);
+    printf("%*s" "inScheme\n", indent, "");
+    TSS_TPMT_SIG_SCHEME_Print(&in->inScheme, indent);
+    printf("%*s" "validation\n", indent, "");
+    TSS_TPMT_TK_HASHCHECK_Print(&in->validation, indent+2);
+    return;
+}
+void StartAuthSession_In_Print(StartAuthSession_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_StartAuthSession\n", indent, "");
+    TSS_TPM_HANDLE_Print("tpmKey", in->tpmKey, indent);
+    TSS_TPM_HANDLE_Print("bind", in->bind, indent);
+    TSS_TPM2B_Print("nonceCaller", indent, &in->nonceCaller.b);
+    TSS_TPM2B_Print("encryptedSalt", indent, &in->encryptedSalt.b);
+    TSS_TPM_SE_Print("sessionType", in->sessionType, indent);
+    TSS_TPMT_SYM_DEF_Print(&in->symmetric, indent);
+    TSS_TPM_ALG_ID_Print("authHash", in->authHash, indent);
+    return;
+}
+void Startup_In_Print(Startup_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Startup\n", indent, "");
+    TSS_TPM_SU_Print("startupType", in->startupType, indent);
+    return;
+}
+void StirRandom_In_Print(StirRandom_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_StirRandom\n", indent, "");
+    TSS_TPM2B_Print("inData", indent, &in->inData.b);
+    return;
+}
+void TestParms_In_Print(TestParms_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_TestParms\n", indent, "");
+    TSS_TPMT_PUBLIC_PARMS_Print(&in->parameters, indent);
+    return;
+}
+void Unseal_In_Print(Unseal_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_Unseal\n", indent, "");
+    TSS_TPM_HANDLE_Print("itemHandle", in->itemHandle, indent);
+    return;
+}
+void VerifySignature_In_Print(VerifySignature_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_VerifySignature\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyHandle", in->keyHandle, indent);
+    TSS_TPM2B_Print("digest", indent, &in->digest.b);
+    printf("%*s" "signature\n", indent, "");
+    TSS_TPMT_SIGNATURE_Print(&in->signature, indent);
+    return;
+}
+void ZGen_2Phase_In_Print(ZGen_2Phase_In *in, unsigned int indent)
+{
+    printf("%*s" "TPM2_ZGen_2Phase\n", indent, "");
+    TSS_TPM_HANDLE_Print("keyA", in->keyA, indent);
+    TSS_TPM2B_ECC_POINT_Print("inQsB", &in->inQsB, indent);
+    TSS_TPM2B_ECC_POINT_Print("inQsB", &in->inQeB, indent);
+    TSS_TPM_ALG_ID_Print("inScheme", in->inScheme, indent);
+    printf("%*s" "counter %u\n", indent, "", in->counter);
+    return;
+}
diff --git a/utils/tssproperties.c b/utils/tssproperties.c
new file mode 100644
index 000000000..55e0c83a9
--- /dev/null
+++ b/utils/tssproperties.c
@@ -0,0 +1,534 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS Configuration Properties			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tsstransmit.h>
+#ifndef TPM_TSS_NOCRYPTO
+#include <ibmtss/tsscrypto.h>
+#endif
+#include <ibmtss/tssprint.h>
+
+#include "tssproperties.h"
+
+/* For systems where there are no environment variables, GETENV returns NULL.  This simulates the
+   situation when an environment variable is not set, causing the compiled in default to be used. */
+#ifndef TPM_TSS_NOENV
+#define GETENV(x) getenv(x)
+#else
+#define GETENV(x) NULL
+#endif
+
+/* local prototypes */
+
+static TPM_RC TSS_SetTraceLevel(const char *value);
+static TPM_RC TSS_SetDataDirectory(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetCommandPort(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetPlatformPort(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetServerName(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetServerType(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetInterfaceType(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetDevice(TSS_CONTEXT *tssContext, const char *value);
+static TPM_RC TSS_SetEncryptSessions(TSS_CONTEXT *tssContext, const char *value);
+
+/* globals for the library */
+
+/* tracing is global to avoid passing the context into every function call */
+int tssVerbose = TRUE;		/* initial value so TSS_Properties_Init errors emit message */
+int tssVverbose = FALSE;
+
+/* This is a total hack to ensure that the global verbose flags are only set once.  It's used by the
+   two entry points to the TSS, TSS_Create() and TSS_SetProperty() */
+
+int tssFirstCall = TRUE;
+
+/* defaults for global settings */
+
+#ifndef TPM_TRACE_LEVEL_DEFAULT 	
+#define TPM_TRACE_LEVEL_DEFAULT 	"0"
+#endif
+
+#ifndef TPM_COMMAND_PORT_DEFAULT
+#define TPM_COMMAND_PORT_DEFAULT 	"2321"		/* default for MS simulator */
+#endif
+
+#ifndef TPM_PLATFORM_PORT_DEFAULT
+#define TPM_PLATFORM_PORT_DEFAULT 	"2322"		/* default for MS simulator */
+#endif
+
+#ifndef TPM_SERVER_NAME_DEFAULT
+#define TPM_SERVER_NAME_DEFAULT		"localhost"	/* default to local machine */
+#endif
+
+#ifndef TPM_SERVER_TYPE_DEFAULT
+#define TPM_SERVER_TYPE_DEFAULT		"mssim"		/* default to MS simulator format */
+#endif
+
+#ifndef TPM_DATA_DIR_DEFAULT
+#define TPM_DATA_DIR_DEFAULT		"."		/* default to current working directory */
+#endif
+
+#ifndef TPM_INTERFACE_TYPE_DEFAULT
+#ifndef TPM_NOSOCKET
+#define TPM_INTERFACE_TYPE_DEFAULT	"socsim"	/* default to MS simulator interface */
+#else
+#define TPM_INTERFACE_TYPE_DEFAULT	"dev"		/* if no sockets, default to device driver */
+#endif
+#endif
+
+#ifndef TPM_DEVICE_DEFAULT
+#ifdef TPM_POSIX
+#define TPM_DEVICE_DEFAULT		"/dev/tpm0"	/* default to Linux device driver */
+#endif
+#ifdef TPM_WINDOWS
+#define TPM_DEVICE_DEFAULT		"tddl.dll"	/* default to Windows TPM interface dll */
+#endif
+#endif
+
+#ifndef TPM_ENCRYPT_SESSIONS_DEFAULT
+#define TPM_ENCRYPT_SESSIONS_DEFAULT	"1"
+#endif
+
+/* TSS_GlobalProperties_Init() sets the global verbose trace flags at the first entry points to the
+   TSS */
+
+TPM_RC TSS_GlobalProperties_Init(void)
+{
+    TPM_RC		rc = 0;
+    const char 		*value;
+
+    /* trace level is global, tssContext can be null */
+    if (rc == 0) {
+	value = GETENV("TPM_TRACE_LEVEL");
+	rc = TSS_SetTraceLevel(value);
+    }
+    return rc;
+}
+
+
+/* TSS_Properties_Init() sets the initial TSS_CONTEXT properties based on either the environment
+   variables (if set) or the defaults (if not).
+*/
+
+TPM_RC TSS_Properties_Init(TSS_CONTEXT *tssContext)
+{
+    TPM_RC		rc = 0;
+    const char 		*value;
+
+    if (rc == 0) {
+	tssContext->tssAuthContext = NULL;
+	tssContext->tssFirstTransmit = TRUE;	/* connection not opened */
+	tssContext->tpm12Command = FALSE;
+#ifdef TPM_WINDOWS
+	tssContext->sock_fd = INVALID_SOCKET;
+#endif
+#ifdef TPM_POSIX
+#ifndef TPM_NOSOCKET
+	tssContext->sock_fd = -1;
+#endif 	/* TPM_NOSOCKET */
+#endif
+#ifndef TPM_NODEV
+	tssContext->dev_fd = -1;
+#endif /* TPM_NODEV */
+#ifdef TPM_WINDOWS
+#ifdef TPM_WINDOWS_TBSI
+#endif
+#endif
+#ifndef TPM_TSS_NOCRYPTO
+#ifndef TPM_TSS_NOFILE
+	tssContext->tssSessionEncKey = NULL;
+	tssContext->tssSessionDecKey = NULL;
+#endif
+#endif
+    }
+    /* for a minimal TSS with no file support */
+#ifdef TPM_TSS_NOFILE
+    {
+	size_t i;
+	for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) {
+	    tssContext->sessions[i].sessionHandle = TPM_RH_NULL;
+	    tssContext->sessions[i].sessionData = NULL;
+	    tssContext->sessions[i].sessionDataLength = 0;
+	}
+	for (i = 0 ; i < (sizeof(tssContext->objectPublic) / sizeof(TSS_OBJECT_PUBLIC)) ; i++) {
+	    tssContext->objectPublic[i].objectHandle = TPM_RH_NULL;
+	}
+	for (i = 0 ; i < (sizeof(tssContext->nvPublic) / sizeof(TSS_NVPUBLIC)) ; i++) {
+	    tssContext->nvPublic[i].nvIndex = TPM_RH_NULL;
+	}
+    }
+#endif
+    /* data directory */
+    if (rc == 0) {
+	value = GETENV("TPM_DATA_DIR");
+	rc = TSS_SetDataDirectory(tssContext, value);
+    }
+    /* flag whether session state should be encrypted */
+    if (rc == 0) {
+	value = GETENV("TPM_ENCRYPT_SESSIONS");
+	rc = TSS_SetEncryptSessions(tssContext, value);
+    }
+    /* TPM socket command port */
+    if (rc == 0) {
+	value = GETENV("TPM_COMMAND_PORT");
+	rc = TSS_SetCommandPort(tssContext, value);
+    }
+    /* TPM simulator socket platform port */
+    if (rc == 0) {
+	value = GETENV("TPM_PLATFORM_PORT");
+	rc = TSS_SetPlatformPort(tssContext, value);
+    }
+    /* TPM socket host name */
+    if (rc == 0) {
+	value = GETENV("TPM_SERVER_NAME");
+	rc = TSS_SetServerName(tssContext, value);
+    }
+    /* TPM socket server type */
+    if (rc == 0) {
+	value = GETENV("TPM_SERVER_TYPE");
+	rc = TSS_SetServerType(tssContext, value);
+    }
+    /* TPM interface type */
+    if (rc == 0) {
+	value = GETENV("TPM_INTERFACE_TYPE");
+	rc = TSS_SetInterfaceType(tssContext, value);
+    }
+    /* TPM device within the interface type */
+    if (rc == 0) {
+	value = GETENV("TPM_DEVICE");
+	rc = TSS_SetDevice(tssContext, value);
+    }
+    return rc;
+}
+
+/* TSS_SetProperty() sets the property to the value.
+
+   The format of the property and value the same as that of the environment variable.
+
+   A NULL value sets the property to the default.
+*/
+
+TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext,
+		       int property,
+		       const char *value)
+{
+    TPM_RC		rc = 0;
+
+    /* at the first call to the TSS, initialize global variables */
+    if (tssFirstCall) {
+#ifndef TPM_TSS_NOCRYPTO
+	/* crypto module initializations */
+	if (rc == 0) {
+	    rc = TSS_Crypto_Init();
+	}
+#endif
+	if (rc == 0) {
+	    rc = TSS_GlobalProperties_Init();
+	}
+	tssFirstCall = FALSE;
+    }
+    if (rc == 0) {
+	switch (property) {
+	  case TPM_TRACE_LEVEL:
+	    rc = TSS_SetTraceLevel(value);
+	    break;
+	  case TPM_DATA_DIR:
+	    rc = TSS_SetDataDirectory(tssContext, value);
+	    break;
+	  case TPM_COMMAND_PORT:	
+	    rc = TSS_SetCommandPort(tssContext, value);
+	    break;
+	  case TPM_PLATFORM_PORT:	
+	    rc = TSS_SetPlatformPort(tssContext, value);
+	    break;
+	  case TPM_SERVER_NAME:		
+	    rc = TSS_SetServerName(tssContext, value);
+	    break;
+	  case TPM_SERVER_TYPE:		
+	    rc = TSS_SetServerType(tssContext, value);
+	    break;
+	  case TPM_INTERFACE_TYPE:
+	    rc = TSS_SetInterfaceType(tssContext, value);
+	    break;
+	  case TPM_DEVICE:
+	    rc = TSS_SetDevice(tssContext, value);
+	    break;
+	  case TPM_ENCRYPT_SESSIONS:
+	    rc = TSS_SetEncryptSessions(tssContext, value);
+	    break;
+	  default:
+	    rc = TSS_RC_BAD_PROPERTY;
+	}
+    }
+    return rc;
+}
+
+/* TSS_SetTraceLevel() sets the trace level.
+
+   0:	no printing
+   1:	error printing
+   2:	trace printing
+*/
+
+static TPM_RC TSS_SetTraceLevel(const char *value)
+{
+    TPM_RC		rc = 0;
+    int                 irc = 0;
+    int 		level;
+
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_TRACE_LEVEL_DEFAULT;
+	}
+    }
+#if !defined(__ULTRAVISOR__) && !defined(TPM_SKIBOOT)
+    if (rc == 0) {
+       irc = sscanf(value, "%u", &level);
+       if (irc != 1) {
+           if (tssVerbose) printf("TSS_SetTraceLevel: Error, value invalid\n");
+           rc = TSS_RC_BAD_PROPERTY_VALUE;
+       }
+    }
+#else
+    irc = irc;
+    level = 0;
+#endif
+    if (rc == 0) {
+	switch (level) {
+	  case 0:
+	    tssVerbose = FALSE;
+	    tssVverbose = FALSE;
+	    break;
+	  case 1:
+	    tssVerbose = TRUE;
+	    tssVverbose = FALSE;
+	    break;
+	  default:
+	    tssVerbose = TRUE;
+	    tssVverbose = TRUE;
+	    break;
+	}
+    }
+    return rc;
+}
+
+static TPM_RC TSS_SetDataDirectory(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_DATA_DIR_DEFAULT;
+	}
+    }
+    if (rc == 0) {
+	tssContext->tssDataDirectory = value;
+	/* appended to this is 17 characters /cccnnnnnnnn.bin[nul], add a bit of margin for future
+	   prefixes */
+	if (strlen(value) > (TPM_DATA_DIR_PATH_LENGTH - 24)) {
+	    if (tssVerbose) printf("TSS_SetDataDirectory: Error, value too long\n");
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+    return rc;
+}
+
+static TPM_RC TSS_SetCommandPort(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+    int			irc = 0;
+
+    /* close an open connection before changing property */
+    if (rc == 0) {
+	rc = TSS_Close(tssContext);
+    }
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_COMMAND_PORT_DEFAULT;
+	}
+    }
+#ifndef TPM_NOSOCKET
+    if (rc == 0) {
+	irc = sscanf(value, "%hu", &tssContext->tssCommandPort);
+	if (irc != 1) {
+	    if (tssVerbose) printf("TSS_SetCommandPort: Error, value invalid\n");
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+#else
+    tssContext->tssCommandPort = 0;
+    irc = irc;
+#endif /* TPM_NOSOCKET */
+    return rc;
+}
+
+static TPM_RC TSS_SetPlatformPort(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+    int			irc = 0;
+
+    /* close an open connection before changing property */
+    if (rc == 0) {
+	rc = TSS_Close(tssContext);
+    }
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_PLATFORM_PORT_DEFAULT;
+	}
+    }
+#ifndef TPM_NOSOCKET
+   if (rc == 0) {
+	irc = sscanf(value, "%hu", &tssContext->tssPlatformPort);
+	if (irc != 1) {
+	    if (tssVerbose) printf("TSS_SetPlatformPort: Error, , value invalid\n");
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+#else
+   tssContext->tssPlatformPort = 0;
+    irc = irc;
+#endif /* TPM_NOSOCKET */
+    return rc;
+}
+
+static TPM_RC TSS_SetServerName(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+
+    /* close an open connection before changing property */
+    if (rc == 0) {
+	rc = TSS_Close(tssContext);
+    }
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_SERVER_NAME_DEFAULT;
+	}
+    }
+    if (rc == 0) {
+	tssContext->tssServerName = value;
+    }
+    return rc;
+}
+
+static TPM_RC TSS_SetServerType(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+
+    /* close an open connection before changing property */
+    if (rc == 0) {
+	rc = TSS_Close(tssContext);
+    }
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_SERVER_TYPE_DEFAULT;
+	}
+    }
+    if (rc == 0) {
+	tssContext->tssServerType = value;
+    }
+    return rc;
+}
+
+static TPM_RC TSS_SetInterfaceType(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+
+    /* close an open connection before changing property */
+    if (rc == 0) {
+	rc = TSS_Close(tssContext);
+    }
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_INTERFACE_TYPE_DEFAULT;
+	}
+    }
+    if (rc == 0) {
+	tssContext->tssInterfaceType = value;
+    }
+    return rc;
+}
+
+static TPM_RC TSS_SetDevice(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+
+    /* close an open connection before changing property */
+    if (rc == 0) {
+	rc = TSS_Close(tssContext);
+    }
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_DEVICE_DEFAULT;
+	}
+    }
+    if (rc == 0) {
+	tssContext->tssDevice = value;
+    }
+    return rc;
+}
+
+static TPM_RC TSS_SetEncryptSessions(TSS_CONTEXT *tssContext, const char *value)
+{
+    TPM_RC		rc = 0;
+    int			irc = 0;
+
+    if (rc == 0) {
+	if (value == NULL) {
+	    value = TPM_ENCRYPT_SESSIONS_DEFAULT;
+	}
+    }
+#ifndef TPM_TSS_NOFILE
+   if (rc == 0) {
+	irc = sscanf(value, "%u", &tssContext->tssEncryptSessions);
+	if (irc != 1) {
+	    if (tssVerbose) printf("TSS_SetEncryptSessions: Error, value invalid\n");
+	    rc = TSS_RC_BAD_PROPERTY_VALUE;
+	}
+    }
+#else
+   tssContext->tssEncryptSessions = TRUE;
+   irc = irc;
+#endif /* TPM_TSS_NOFILE */
+   return rc;
+}
diff --git a/utils/tssproperties.h b/utils/tssproperties.h
new file mode 100644
index 000000000..e1ed32737
--- /dev/null
+++ b/utils/tssproperties.h
@@ -0,0 +1,193 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS Configuration Properties			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tssproperties.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is an internal TSS file, subject to change.  Applications should not include it. */
+
+#ifndef TSSPROPERTIES_H
+#define TSSPROPERTIES_H
+
+#include <ibmtss/TPM_Types.h>
+
+#ifdef TPM_WINDOWS
+
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+
+#include <winsock2.h>
+#include <windows.h>
+#include <specstrings.h>
+
+#ifdef TPM_SKIBOOT
+#include <libstb/tpm2.h>
+#endif /* TPM_SKIBOOT */
+
+#ifdef TPM_WINDOWS_TBSI
+/* Windows 7 */
+#if defined TPM_WINDOWS_TBSI_WIN7
+#include <c:/progra~1/Micros~2/Windows/v7.1/include/tbs.h>
+/* Windows 8, 10 */
+#elif defined  TPM_WINDOWS_TBSI_WIN8
+#include <tbs.h>
+#else
+#error "Must define either TPM_WINDOWS_TBSI_WIN7 or TPM_WINDOWS_TBSI_WIN8"
+#endif
+#endif
+
+typedef SOCKET TSS_SOCKET_FD; 
+#endif /* TPM_WINDOWS */
+
+#ifdef TPM_POSIX
+#ifndef TPM_NOSOCKET
+typedef int TSS_SOCKET_FD;
+#endif 	/* TPM_NOSOCKET */
+#endif	/* TPM_POSIX */
+
+/* There doesn't seem to be a portable Unix MAXPATHLEN variable, so pick a large number.  The
+   directory length will be (currently) 17 bytes smaller. */
+#define TPM_DATA_DIR_PATH_LENGTH 256
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <ibmtss/tss.h>
+#include "tssauth.h"
+
+    /* Structure to hold session data within the context */
+
+    typedef struct TSS_SESSIONS {
+	TPMI_SH_AUTH_SESSION sessionHandle;
+	uint8_t *sessionData;
+	uint16_t sessionDataLength;
+    } TSS_SESSIONS;
+
+    /* Structure to hold transient or persistent object data within the context */
+    
+    typedef struct TSS_OBJECT_PUBLIC {
+	TPM_HANDLE objectHandle;
+	TPM2B_NAME name;
+	TPM2B_PUBLIC objectPublic;
+    } TSS_OBJECT_PUBLIC;
+
+    /* Structure to hold NV index  data within the context */
+
+    typedef struct TSS_NVPUBLIC {
+	TPMI_RH_NV_INDEX nvIndex;
+	TPM2B_NAME name;
+	TPMS_NV_PUBLIC	nvPublic;
+    } TSS_NVPUBLIC;
+
+    /* Context for TSS global parameters.
+
+       NOTE:  Keep this in sync with TSS_Properties_Init() and TSS_Delete() */
+
+    struct TSS_CONTEXT {
+
+	TSS_AUTH_CONTEXT *tssAuthContext;
+
+	/* directory for persistant storage */
+	const char *tssDataDirectory;
+
+	/* encrypt saved session state */
+	int tssEncryptSessions;
+
+	/* saved session encryption key.  This seems to port to openssl 1.0 and 1.1, but will have to
+	   become a malloced void * for other crypto libraries. */
+#ifndef TPM_TSS_NOCRYPTO
+	void *tssSessionEncKey;
+	void *tssSessionDecKey;
+#endif
+	/* a minimal TSS with no file support stores the sessions, objects, and NV metadata in a
+	   structure.  Scripting will not work, and persistent objects will not work, but a single
+	   application will otherwise work. */
+#ifdef TPM_TSS_NOFILE
+	TSS_SESSIONS sessions[MAX_ACTIVE_SESSIONS];
+	TSS_OBJECT_PUBLIC objectPublic[64];
+	TSS_NVPUBLIC nvPublic[64];
+#endif
+	/* ports, host name, server (packet) type for socket interface */
+	short tssCommandPort;
+	short tssPlatformPort;
+	const char *tssServerName;
+	const char *tssServerType;
+
+	/* interface type */
+	const char *tssInterfaceType;
+
+	/* device driver interface */
+	const char *tssDevice;
+
+	/* TRUE for the first time through, indicates that interface open must occur */
+	int tssFirstTransmit;
+	int tpm12Command;		/* TRUE for TPM 1.2 command */
+
+	/* socket file descriptor */
+#ifndef TPM_NOSOCKET
+	TSS_SOCKET_FD sock_fd;
+#endif 	/* TPM_NOSOCKET */
+
+#ifndef TPM_NODEV
+	/* Linux device file descriptor */
+	int dev_fd;
+#endif /* TPM_NODEV */
+
+	/* Windows device driver handle */
+#ifdef TPM_WINDOWS
+#ifdef TPM_WINDOWS_TBSI
+	TBS_HCONTEXT hContext;
+#endif
+#endif
+
+#ifdef TPM_SKIBOOT
+	struct tpm_dev *tpm_device;
+	struct tpm_driver *tpm_driver;
+#endif /* TPM_SKIBOOT */
+    };
+
+    TPM_RC TSS_GlobalProperties_Init(void);
+    TPM_RC TSS_Properties_Init(TSS_CONTEXT *tssContext);
+    
+#ifdef __cplusplus
+}
+#endif
+
+
+
+#endif
diff --git a/utils/tssresponsecode.c b/utils/tssresponsecode.c
new file mode 100644
index 000000000..fc974cd38
--- /dev/null
+++ b/utils/tssresponsecode.c
@@ -0,0 +1,587 @@
+/********************************************************************************/
+/*										*/
+/*			     TPM2 Response Code Printer				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TPM_TSS_NO_PRINT
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#ifdef TPM_WINDOWS
+#ifdef TPM_WINDOWS_TBSI
+#include <winsock2.h>
+#include <windows.h>
+#include <tbs.h>
+#endif  /* TPM_WINDOWS_TBSI */
+#endif	/* TPM_WINDOWS */
+
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsserror.h>
+#ifdef TPM_TPM12
+#include <ibmtss/tsserror12.h>
+#endif
+#include <ibmtss/tssprint.h>
+
+/* The intended usage is:
+
+   const char *msg;
+   const char *submsg;
+   const char *num;
+
+   TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+
+   printf("%s%s%s\n", msg, submsg, num);
+*/
+
+/* 39.4	Response Code Details */
+
+/* tables to map response code to text */
+
+typedef struct {
+    TPM_RC rc;
+    const char *text;
+} RC_TABLE;
+
+#ifdef TPM_TPM12
+const RC_TABLE tpm12Table [] = {
+
+    {TPM_AUTHFAIL, "TPM 1.2 TPM_AUTHFAIL - Authentication failed"},
+    {TPM_BADINDEX, "TPM 1.2 TPM_BADINDEX - The index to a PCR, DIR or other register is incorrect"},
+    {TPM_BAD_PARAMETER, "TPM 1.2 TPM_BAD_PARAMETER - One or more parameter is bad"},
+    {TPM_AUDITFAILURE, "TPM 1.2 TPM_AUDITFAILURE - An operation completed successfully but the auditing of that operation failed. "},
+    {TPM_CLEAR_DISABLED, "TPM 1.2 TPM_CLEAR_DISABLED - The clear disable flag is set and all clear operations now require physical access"},
+    {TPM_DEACTIVATED, "TPM 1.2 TPM_DEACTIVATED - The TPM is deactivated"},
+    {TPM_DISABLED, "TPM 1.2 TPM_DISABLED - The TPM is disabled"},
+    {TPM_DISABLED_CMD, "TPM 1.2 TPM_DISABLED_CMD - The target command has been disabled"},
+    {TPM_FAIL, "TPM 1.2 TPM_FAIL - The operation failed"},
+    {TPM_BAD_ORDINAL, "TPM 1.2 TPM_BAD_ORDINAL - The ordinal was unknown or inconsistent"},
+    {TPM_INSTALL_DISABLED, "TPM 1.2 TPM_INSTALL_DISABLED - The ability to install an owner is disabled"},
+    {TPM_INVALID_KEYHANDLE, "TPM 1.2 TPM_INVALID_KEYHANDLE - The key handle presented was invalid"},
+    {TPM_KEYNOTFOUND, "TPM 1.2 TPM_KEYNOTFOUND - The target key was not found"},
+    {TPM_INAPPROPRIATE_ENC, "TPM 1.2 TPM_INAPPROPRIATE_ENC - Unacceptable encryption scheme"},
+    {TPM_MIGRATEFAIL, "TPM 1.2 TPM_MIGRATEFAIL - Migration authorization failed"},
+    {TPM_INVALID_PCR_INFO, "TPM 1.2 TPM_INVALID_PCR_INFO - PCR information could not be interpreted"},
+    {TPM_NOSPACE, "TPM 1.2 TPM_NOSPACE - No room to load key. "},
+    {TPM_NOSRK, "TPM 1.2 TPM_NOSRK - There is no SRK set"},
+    {TPM_NOTSEALED_BLOB, "TPM 1.2 TPM_NOTSEALED_BLOB - An encrypted blob is invalid or was not created by this TPM"},
+    {TPM_OWNER_SET, "TPM 1.2 TPM_OWNER_SET - There is already an Owner"},
+    {TPM_RESOURCES, "TPM 1.2 TPM_RESOURCES - The TPM has insufficient internal resources to perform the requested action. "},
+    {TPM_SHORTRANDOM, "TPM 1.2 TPM_SHORTRANDOM - A random string was too short"},
+    {TPM_SIZE, "TPM 1.2 TPM_SIZE - The TPM does not have the space to perform the operation."},
+    {TPM_WRONGPCRVAL, "TPM 1.2 TPM_WRONGPCRVAL - The named PCR value does not match the current PCR value."},
+    {TPM_BAD_PARAM_SIZE, "TPM 1.2 TPM_BAD_PARAM_SIZE - The paramSize argument to the command has the incorrect value"},
+    {TPM_SHA_THREAD, "TPM 1.2 TPM_SHA_THREAD - There is no existing SHA-1 thread. "},
+    {TPM_SHA_ERROR, "TPM 1.2 TPM_SHA_ERROR - The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error. "},
+    {TPM_FAILEDSELFTEST, "TPM 1.2 TPM_FAILEDSELFTEST - Self-test has failed and the TPM has shutdown. "},
+    {TPM_AUTH2FAIL, "TPM 1.2 TPM_AUTH2FAIL - The authorization for the second key in a 2 key function failed authorization"},
+    {TPM_BADTAG, "TPM 1.2 TPM_BADTAG - The tag value sent to the TPM for a command is invalid"},
+    {TPM_IOERROR, "TPM 1.2 TPM_IOERROR - An IO error occurred transmitting information to the TPM"},
+    {TPM_ENCRYPT_ERROR, "TPM 1.2 TPM_ENCRYPT_ERROR - The encryption process had a problem. "},
+    {TPM_DECRYPT_ERROR, "TPM 1.2 TPM_DECRYPT_ERROR - The decryption process did not complete. "},
+    {TPM_INVALID_AUTHHANDLE, "TPM 1.2 TPM_INVALID_AUTHHANDLE - An invalid handle was used. "},
+    {TPM_NO_ENDORSEMENT, "TPM 1.2 TPM_NO_ENDORSEMENT - The TPM does not a EK installed"},
+    {TPM_INVALID_KEYUSAGE, "TPM 1.2 TPM_INVALID_KEYUSAGE - The usage of a key is not allowed"},
+    {TPM_WRONG_ENTITYTYPE, "TPM 1.2 TPM_WRONG_ENTITYTYPE - The submitted entity type is not allowed"},
+    {TPM_INVALID_POSTINIT, "TPM 1.2 TPM_INVALID_POSTINIT - The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup"},
+    {TPM_INAPPROPRIATE_SIG, "TPM 1.2 TPM_INAPPROPRIATE_SIG - Signed data cannot include additional DER information"},
+    {TPM_BAD_KEY_PROPERTY, "TPM 1.2 TPM_BAD_KEY_PROPERTY - The key properties in TPM_KEY_PARMs are not supported by this TPM"},
+    {TPM_BAD_MIGRATION, "TPM 1.2 TPM_BAD_MIGRATION - The migration properties of this key are incorrect."},
+    {TPM_BAD_SCHEME, "TPM 1.2 TPM_BAD_SCHEME - The signature or encryption scheme for this key is incorrect or not permitted in this situation. "},
+    {TPM_BAD_DATASIZE, "TPM 1.2 TPM_BAD_DATASIZE - The size of the data (or blob) parameter is bad or inconsistent with the referenced key"},
+    {TPM_BAD_MODE, "TPM 1.2 TPM_BAD_MODE - A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob. "},
+    {TPM_BAD_PRESENCE, "TPM 1.2 TPM_BAD_PRESENCE- Either the physicalPresence or physicalPresenceLock bits have the wrong value"},
+    {TPM_BAD_VERSION, "TPM 1.2 TPM_BAD_VERSION - The TPM cannot perform this version of the capability"},
+    {TPM_NO_WRAP_TRANSPORT, "TPM 1.2 TPM_NO_WRAP_TRANSPORT - The TPM does not allow for wrapped transport sessions"},
+    {TPM_AUDITFAIL_UNSUCCESSFUL, "TPM 1.2 TPM_AUDITFAIL_UNSUCCESSFUL - TPM audit construction failed and the underlying command was returning a failure also"},
+    {TPM_AUDITFAIL_SUCCESSFUL, "TPM 1.2 TPM_AUDITFAIL_SUCCESSFUL - TPM audit construction failed and the underlying command was returning success"},
+    {TPM_NOTRESETABLE, "TPM 1.2 TPM_NOTRESETABLE - Attempt to reset a PCR register that does not have the resettable attribute"},
+    {TPM_NOTLOCAL, "TPM 1.2 TPM_NOTLOCAL - Attempt to reset a PCR register that requires locality and locality modifier not part of command transport"},
+    {TPM_BAD_TYPE, "TPM 1.2 TPM_BAD_TYPE - Make identity blob not properly typed"},
+    {TPM_INVALID_RESOURCE, "TPM 1.2 TPM_INVALID_RESOURCE - When saving context identified resource type does not match actual resource"},
+    {TPM_NOTFIPS, "TPM 1.2 TPM_NOTFIPS - The TPM is attempting to execute a command only available when in FIPS mode"},
+    {TPM_INVALID_FAMILY, "TPM 1.2 TPM_INVALID_FAMILY - The command is attempting to use an invalid family ID"},
+    {TPM_NO_NV_PERMISSION, "TPM 1.2 TPM_NO_NV_PERMISSION - The permission to manipulate the NV storage is not available"},
+    {TPM_REQUIRES_SIGN, "TPM 1.2 TPM_REQUIRES_SIGN - The operation requires a signed command"},
+    {TPM_KEY_NOTSUPPORTED, "TPM 1.2 TPM_KEY_NOTSUPPORTED - Wrong operation to load an NV key"},
+    {TPM_AUTH_CONFLICT, "TPM 1.2 TPM_AUTH_CONFLICT - NV_DefineSpace requires both owner and blob authorization"},
+    {TPM_AREA_LOCKED, "TPM 1.2 TPM_AREA_LOCKED - The NV area is locked and not writable"},
+    {TPM_BAD_LOCALITY, "TPM 1.2 TPM_BAD_LOCALITY - The locality is incorrect for the attempted operation"},
+    {TPM_READ_ONLY, "TPM 1.2 TPM_READ_ONLY - The NV area is read only and can't be written to  "},
+    {TPM_PER_NOWRITE, "TPM 1.2 TPM_PER_NOWRITE - There is no protection on the write to the NV area  "},
+    {TPM_FAMILYCOUNT, "TPM 1.2 TPM_FAMILYCOUNT - The family count value does not match"},
+    {TPM_WRITE_LOCKED, "TPM 1.2 TPM_WRITE_LOCKED - The NV area has already been written to"},
+    {TPM_BAD_ATTRIBUTES, "TPM 1.2 TPM_BAD_ATTRIBUTES - The NV area attributes conflict"},
+    {TPM_INVALID_STRUCTURE, "TPM 1.2 TPM_INVALID_STRUCTURE - The structure tag and version are invalid or inconsistent"},
+    {TPM_KEY_OWNER_CONTROL, "TPM 1.2 TPM_KEY_OWNER_CONTROL - The key is under control of the TPM Owner and can only be evicted by the TPM Owner. "},
+    {TPM_BAD_COUNTER, "TPM 1.2 TPM_BAD_COUNTER - The counter handle is incorrect"},
+    {TPM_NOT_FULLWRITE, "TPM 1.2 TPM_NOT_FULLWRITE - The write is not a complete write of the area"},
+    {TPM_CONTEXT_GAP, "TPM 1.2 TPM_CONTEXT_GAP - The gap between saved context counts is too large  "},
+    {TPM_MAXNVWRITES, "TPM 1.2 TPM_MAXNVWRITES - The maximum number of NV writes without an owner has been exceeded"},
+    {TPM_NOOPERATOR, "TPM 1.2 TPM_NOOPERATOR - No operator authorization value is set"},
+    {TPM_RESOURCEMISSING, "TPM 1.2 TPM_RESOURCEMISSING - The resource pointed to by context is not loaded  "},
+    {TPM_DELEGATE_LOCK, "TPM 1.2 TPM_DELEGATE_LOCK - The delegate administration is locked"},
+    {TPM_DELEGATE_FAMILY, "TPM 1.2 TPM_DELEGATE_FAMILY - Attempt to manage a family other then the delegated family"},
+    {TPM_DELEGATE_ADMIN, "TPM 1.2 TPM_DELEGATE_ADMIN - Delegation table management not enabled"},
+    {TPM_TRANSPORT_NOTEXCLUSIVE, "TPM 1.2 TPM_TRANSPORT_NOTEXCLUSIVE - There was a command executed outside of an exclusive transport session"},
+    {TPM_OWNER_CONTROL, "TPM 1.2 TPM_OWNER_CONTROL - Attempt to context save a owner evict controlled key"},
+    {TPM_DAA_RESOURCES, "TPM 1.2 TPM_DAA_RESOURCES - The DAA command has no resources available to execute the command"},
+    {TPM_DAA_INPUT_DATA0, "TPM 1.2 TPM_DAA_INPUT_DATA0 - The consistency check on DAA parameter inputData0 has failed."},
+    {TPM_DAA_INPUT_DATA1, "TPM 1.2 TPM_DAA_INPUT_DATA1 - The consistency check on DAA parameter inputData1 has failed."},
+    {TPM_DAA_ISSUER_SETTINGS, "TPM 1.2 TPM_DAA_ISSUER_SETTINGS - The consistency check on DAA_issuerSettings has failed."},
+    {TPM_DAA_TPM_SETTINGS, "TPM 1.2 TPM_DAA_TPM_SETTINGS - The consistency check on DAA_tpmSpecific has failed."},
+    {TPM_DAA_STAGE, "TPM 1.2 TPM_DAA_STAGE - The atomic process indicated by the submitted DAA command is not the expected process."},
+    {TPM_DAA_ISSUER_VALIDITY, "TPM 1.2 TPM_DAA_ISSUER_VALIDITY - The issuer's validity check has detected an inconsistency"},
+    {TPM_DAA_WRONG_W, "TPM 1.2 TPM_DAA_WRONG_W - The consistency check on w has failed."},
+    {TPM_BAD_HANDLE, "TPM 1.2 TPM_BAD_HANDLE - The handle is incorrect"},
+    {TPM_BAD_DELEGATE, "TPM 1.2 TPM_BAD_DELEGATE - Delegation is not correct"},
+    {TPM_BADCONTEXT, "TPM 1.2 TPM_BADCONTEXT - The context blob is invalid"},
+    {TPM_TOOMANYCONTEXTS, "TPM 1.2 TPM_TOOMANYCONTEXTS - Too many contexts held by the TPM"},
+    {TPM_MA_TICKET_SIGNATURE, "TPM 1.2 TPM_MA_TICKET_SIGNATURE - Migration authority signature validation failure  "},
+    {TPM_MA_DESTINATION, "TPM 1.2 TPM_MA_DESTINATION - Migration destination not authenticated"},
+    {TPM_MA_SOURCE, "TPM 1.2 TPM_MA_SOURCE - Migration source incorrect"},
+    {TPM_MA_AUTHORITY, "TPM 1.2 TPM_MA_AUTHORITY - Incorrect migration authority"},
+    {TPM_PERMANENTEK, "TPM 1.2 TPM_PERMANENTEK - Attempt to revoke the EK and the EK is not revocable"},
+    {TPM_BAD_SIGNATURE, "TPM 1.2 TPM_BAD_SIGNATURE - Bad signature of CMK ticket "},
+    {TPM_NOCONTEXTSPACE, "TPM 1.2 TPM_NOCONTEXTSPACE - There is no room in the context list for additional contexts"},
+    {TPM_RETRY, "TPM 1.2 TPM_RETRY - The TPM is too busy to respond to the command immediately, but the command could be submitted at a later time"},
+    {TPM_NEEDS_SELFTEST, "TPM 1.2 TPM_NEEDS_SELFTEST - TPM_ContinueSelfTest has has not been run"},
+    {TPM_DOING_SELFTEST, "TPM 1.2 TPM_DOING_SELFTEST - The TPM is currently executing the actions of TPM_ContinueSelfTest because the ordinal required resources that have not been tested."},
+    {TPM_DEFEND_LOCK_RUNNING, "TPM 1.2 TPM_DEFEND_LOCK_RUNNING - The TPM is defending against dictionary attacks and is in some time-out period."},
+
+};
+#endif	/*  TPM_TPM12 */
+
+static const char *TSS_ResponseCode_RcToText(const RC_TABLE *table, size_t tableSize, TPM_RC rc);
+static const char *TSS_ResponseCode_NumberToText(unsigned int num);
+
+const RC_TABLE ver1Table [] = {
+    {TPM_RC_INITIALIZE, "TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized"},
+    {TPM_RC_FAILURE, "TPM_RC_FAILURE - commands not being accepted because of a TPM failure"},
+    {TPM_RC_SEQUENCE, "TPM_RC_SEQUENCE - improper use of a sequence handle"},
+    {TPM_RC_PRIVATE, "TPM_RC_PRIVATE - not currently used"},
+    {TPM_RC_HMAC, "TPM_RC_HMAC - HMAC failure"},
+    {TPM_RC_DISABLED, "TPM_RC_DISABLED - the command is disabled"},
+    {TPM_RC_EXCLUSIVE, "TPM_RC_EXCLUSIVE - command failed because audit sequence required exclusivity"},
+    {TPM_RC_AUTH_TYPE, "TPM_RC_AUTH_TYPE - authorization handle is not correct for command"},
+    {TPM_RC_AUTH_MISSING, "TPM_RC_AUTH_MISSING - command requires an authorization session"},
+    {TPM_RC_POLICY, "TPM_RC_POLICY - policy failure in math operation or an invalid authPolicy value"},
+    {TPM_RC_PCR, "TPM_RC_PCR - PCR check fail"},
+    {TPM_RC_PCR_CHANGED, "TPM_RC_PCR_CHANGED - PCR have changed since checked."},
+    {TPM_RC_UPGRADE, "TPM_RC_UPGRADE - TPM is in field upgrade mode"},
+    {TPM_RC_TOO_MANY_CONTEXTS, "TPM_RC_TOO_MANY_CONTEXTS - context ID counter is at maximum."},
+    {TPM_RC_AUTH_UNAVAILABLE, "TPM_RC_AUTH_UNAVAILABLE - authValue or authPolicy is not available for selected entity."},
+    {TPM_RC_REBOOT, "TPM_RC_REBOOT - a _TPM_Init and Startup(CLEAR) is required"},
+    {TPM_RC_UNBALANCED, "TPM_RC_UNBALANCED - the protection algorithms (hash and symmetric) are not reasonably balanced"},
+    {TPM_RC_COMMAND_SIZE, "TPM_RC_COMMAND_SIZE - command commandSize value is inconsistent with contents of the command buffer"},
+    {TPM_RC_COMMAND_CODE, "TPM_RC_COMMAND_CODE - command code not supported"},
+    {TPM_RC_AUTHSIZE, "TPM_RC_AUTHSIZE - the value of authorizationSize is out of range"},
+    {TPM_RC_AUTH_CONTEXT, "TPM_RC_AUTH_CONTEXT - use of an authorization session with a command that cannot have an authorization session"},
+    {TPM_RC_NV_RANGE, "TPM_RC_NV_RANGE - NV offset+size is out of range."},
+    {TPM_RC_NV_SIZE, "TPM_RC_NV_SIZE - Requested allocation size is larger than allowed."},
+    {TPM_RC_NV_LOCKED, "TPM_RC_NV_LOCKED - NV access locked."},
+    {TPM_RC_NV_AUTHORIZATION, "TPM_RC_NV_AUTHORIZATION - NV access authorization fails"},
+    {TPM_RC_NV_UNINITIALIZED, "TPM_RC_NV_UNINITIALIZED - an NV Index is used before being initialized"},
+    {TPM_RC_NV_SPACE, "TPM_RC_NV_SPACE - insufficient space for NV allocation"},
+    {TPM_RC_NV_DEFINED, "TPM_RC_NV_DEFINED - NV Index or persistent object already defined"},
+    {TPM_RC_BAD_CONTEXT, "TPM_RC_BAD_CONTEXT - context in TPM2_ContextLoad() is not valid"},
+    {TPM_RC_CPHASH, "TPM_RC_CPHASH - cpHash value already set or not correct for use"},
+    {TPM_RC_PARENT, "TPM_RC_PARENT - handle for parent is not a valid parent"},
+    {TPM_RC_NEEDS_TEST, "TPM_RC_NEEDS_TEST - some function needs testing."},
+    {TPM_RC_NO_RESULT, "TPM_RC_NO_RESULT - internal function cannot process a request due to an unspecified problem."},
+    {TPM_RC_SENSITIVE, "TPM_RC_SENSITIVE - the sensitive area did not unmarshal correctly after decryption"},
+};
+
+/* RC_FMT1 response code to text */
+
+const RC_TABLE fmt1Table [] = {
+    {TPM_RC_ASYMMETRIC, "TPM_RC_ASYMMETRIC - asymmetric algorithm not supported or not correct"},
+    {TPM_RC_ATTRIBUTES, "TPM_RC_ATTRIBUTES - inconsistent attributes"},
+    {TPM_RC_HASH, "TPM_RC_HASH - hash algorithm not supported or not appropriate"},
+    {TPM_RC_VALUE, "TPM_RC_VALUE - value is out of range or is not correct for the context"},
+    {TPM_RC_HIERARCHY, "TPM_RC_HIERARCHY - hierarchy is not enabled or is not correct for the use"},
+    {TPM_RC_KEY_SIZE, "TPM_RC_KEY_SIZE - key size is not supported"},
+    {TPM_RC_MGF, "TPM_RC_MGF - mask generation function not supported"},
+    {TPM_RC_MODE, "TPM_RC_MODE - mode of operation not supported"},
+    {TPM_RC_TYPE, "TPM_RC_TYPE - the type of the value is not appropriate for the use"},
+    {TPM_RC_HANDLE, "TPM_RC_HANDLE - the handle is not correct for the use"},
+    {TPM_RC_KDF, "TPM_RC_KDF - unsupported key derivation function or function not appropriate for use"},
+    {TPM_RC_RANGE, "TPM_RC_RANGE - value was out of allowed range."},
+    {TPM_RC_AUTH_FAIL, "TPM_RC_AUTH_FAIL - the authorization HMAC check failed and DA counter incremented"},
+    {TPM_RC_NONCE, "TPM_RC_NONCE - invalid nonce size or nonce value mismatch"},
+    {TPM_RC_PP, "TPM_RC_PP - authorization requires assertion of PP"},
+    {TPM_RC_SCHEME, "TPM_RC_SCHEME - unsupported or incompatible scheme"},
+    {TPM_RC_SIZE, "TPM_RC_SIZE - structure is the wrong size"},
+    {TPM_RC_SYMMETRIC, "TPM_RC_SYMMETRIC - unsupported symmetric algorithm or key size, or not appropriate for instance"},
+    {TPM_RC_TAG, "TPM_RC_TAG - incorrect structure tag"},
+    {TPM_RC_SELECTOR, "TPM_RC_SELECTOR - union selector is incorrect"},
+    {TPM_RC_INSUFFICIENT, "TPM_RC_INSUFFICIENT - the TPM was unable to unmarshal a value because there were not enough octets in the input buffer"},
+    {TPM_RC_SIGNATURE, "TPM_RC_SIGNATURE - the signature is not valid"},
+    {TPM_RC_KEY, "TPM_RC_KEY - key fields are not compatible with the selected use"},
+    {TPM_RC_POLICY_FAIL, "TPM_RC_POLICY_FAIL - a policy check failed"},
+    {TPM_RC_INTEGRITY, "TPM_RC_INTEGRITY - integrity check failed"},
+    {TPM_RC_TICKET, "TPM_RC_TICKET - invalid ticket"},
+    {TPM_RC_RESERVED_BITS, "TPM_RC_RESERVED_BITS - reserved bits not set to zero as required"},
+    {TPM_RC_BAD_AUTH, "TPM_RC_BAD_AUTH - authorization failure without DA implications"},
+    {TPM_RC_EXPIRED, "TPM_RC_EXPIRED - the policy has expired"},
+    {TPM_RC_POLICY_CC, "TPM_RC_POLICY_CC - the commandCode in the policy is not the commandCode of the command"},
+    {TPM_RC_BINDING, "TPM_RC_BINDING - public and sensitive portions of an object are not cryptographically bound"},
+    {TPM_RC_CURVE, "TPM_RC_CURVE - curve not supported	"},
+    {TPM_RC_ECC_POINT, "TPM_RC_ECC_POINT - point is not on the required curve."},
+};
+
+/* RC_WARN response code to text */
+
+const RC_TABLE warnTable [] = {
+    {TPM_RC_CONTEXT_GAP, "TPM_RC_CONTEXT_GAP - gap for context ID is too large"},
+    {TPM_RC_OBJECT_MEMORY, "TPM_RC_OBJECT_MEMORY - out of memory for object contexts"},
+    {TPM_RC_SESSION_MEMORY, "TPM_RC_SESSION_MEMORY - out of memory for session contexts"},
+    {TPM_RC_MEMORY, "TPM_RC_MEMORY - out of shared object/session memory or need space for internal operations"},
+    {TPM_RC_SESSION_HANDLES, "TPM_RC_SESSION_HANDLES - out of session handles - a session must be flushed before a new session may be created"},
+    {TPM_RC_OBJECT_HANDLES, "TPM_RC_OBJECT_HANDLES - out of object handles - the handle space for objects is depleted and a reboot is required"},
+    {TPM_RC_LOCALITY, "TPM_RC_LOCALITY - bad locality"},
+    {TPM_RC_YIELDED, "TPM_RC_YIELDED - the TPM has suspended operation on the command; forward progress was made and the command may be retried."},
+    {TPM_RC_CANCELED, "TPM_RC_CANCELED - the command was canceled"},
+    {TPM_RC_TESTING, "TPM_RC_TESTING - TPM is performing self-tests"},
+    {TPM_RC_REFERENCE_H0, "TPM_RC_REFERENCE_H0 - the 1st handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_H1, "TPM_RC_REFERENCE_H1 - the 2nd handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_H2, "TPM_RC_REFERENCE_H2 - the 3rd handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_H3, "TPM_RC_REFERENCE_H3 - the 4th handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_H4, "TPM_RC_REFERENCE_H4 - the 5th handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_H5, "TPM_RC_REFERENCE_H5 - the 6th handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_H6, "TPM_RC_REFERENCE_H6 - the 7th handle in the handle area references a transient object or session that is not loaded"},
+    {TPM_RC_REFERENCE_S0, "TPM_RC_REFERENCE_S0 - the 1st authorization session handle references a session that is not loaded"},
+    {TPM_RC_REFERENCE_S1, "TPM_RC_REFERENCE_S1 - the 2nd authorization session handle references a session that is not loaded"},
+    {TPM_RC_REFERENCE_S2, "TPM_RC_REFERENCE_S2 - the 3rd authorization session handle references a session that is not loaded"},
+    {TPM_RC_REFERENCE_S3, "TPM_RC_REFERENCE_S3 - the 4th authorization session handle references a session that is not loaded"},
+    {TPM_RC_REFERENCE_S4, "TPM_RC_REFERENCE_S4 - the 5th session handle references a session that is not loaded"},
+    {TPM_RC_REFERENCE_S5, "TPM_RC_REFERENCE_S5 - the 6th session handle references a session that is not loaded"},
+    {TPM_RC_REFERENCE_S6, "TPM_RC_REFERENCE_S6 - the 7th authorization session handle references a session that is not loaded"},
+    {TPM_RC_NV_RATE, "TPM_RC_NV_RATE - the TPM is rate-limiting accesses to prevent wearout of NV"},
+    {TPM_RC_LOCKOUT, "TPM_RC_LOCKOUT - authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode"},
+    {TPM_RC_RETRY, "TPM_RC_RETRY - the TPM was not able to start the command"},
+    {TPM_RC_NV_UNAVAILABLE, "the command may require writing of NV and NV is not current accessible"}, 
+    {TPM_RC_NOT_USED, "TPM_RC_NOT_USED - this value is reserved and shall not be returned by the TPM"},
+};
+    
+/* parameter and handle number to text */
+
+const char *num_table [] = {
+    "unspecified",
+    "1",
+    "2",
+    "3",
+    "4",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "10",
+    "11",
+    "12",
+    "13",
+    "14",
+    "15"
+};
+
+/* from tsserror.h */
+
+const RC_TABLE tssTable [] = {
+    {TSS_RC_OUT_OF_MEMORY, "TSS_RC_OUT_OF_MEMORY - Out of memory (malloc failed)"},
+    {TSS_RC_ALLOC_INPUT, "TSS_RC_ALLOC_INPUT - The input to an allocation is not NULL"},
+    {TSS_RC_MALLOC_SIZE, "TSS_RC_MALLOC_SIZE - The malloc size is too large or zero"},
+    {TSS_RC_INSUFFICIENT_BUFFER, "TSS_RC_INSUFFICIENT_BUFFER - A buffer was insufficient for a copy"},
+    {TSS_RC_BAD_PROPERTY, "TSS_RC_BAD_PROPERTY - The property parameter is out of range"},
+    {TSS_RC_BAD_PROPERTY_VALUE, "TSS_RC_BAD_PROPERTY_VALUE - The property value is invalid"},
+    {TSS_RC_INSUPPORTED_INTERFACE, "TSS_RC_INSUPPORTED_INTERFACE - The TPM interface type is not supported"},
+    {TSS_RC_NO_CONNECTION, "TSS_RC_NO_CONNECTION - Failure connecting to lower layer"},
+    {TSS_RC_BAD_CONNECTION, "TSS_RC_BAD_CONNECTION - Failure communicating with lower layer"},
+    {TSS_RC_MALFORMED_RESPONSE, "TSS_RC_MALFORMED_RESPONSE - A response packet was fundamentally malformed"},
+    {TSS_RC_NULL_PARAMETER, "TSS_RC_NULL_PARAMETER - A required parameter was NULL"},
+    {TSS_RC_NOT_IMPLEMENTED, "TSS_RC_NOT_IMPLEMENTED - TSS function is not implemented"},
+    {TSS_RC_BAD_READ_VALUE, "TSS_RC_BAD_READ_VALUE - Actual read value different from expected"},
+    {TSS_RC_FILE_OPEN, "TSS_RC_FILE_OPEN - The file could not be opened"},
+    {TSS_RC_FILE_SEEK, "TSS_RC_FILE_SEEK - A file seek failed"},
+    {TSS_RC_FILE_FTELL, "TSS_RC_FILE_FTELL - A file ftell failed"},
+    {TSS_RC_FILE_READ, "TSS_RC_FILE_READ - A file read failed"},
+    {TSS_RC_FILE_CLOSE, "TSS_RC_FILE_CLOSE - A file close failed"},
+    {TSS_RC_FILE_WRITE, "TSS_RC_FILE_WRITE - A file write failed"},
+    {TSS_RC_FILE_REMOVE, "TSS_RC_FILE_REMOVE - A file remove failed"},
+    {TSS_RC_RNG_FAILURE, "TSS_RC_RNG_FAILURE - The random number generator failed"},
+    {TSS_RC_BAD_PWAP_NONCE, "TSS_RC_BAD_PWAP_NONCE - Bad PWAP response nonce"},
+    {TSS_RC_BAD_PWAP_ATTRIBUTES, "TSS_RC_BAD_PWAP_ATTRIBUTES - Bad PWAP response attributes"},
+    {TSS_RC_BAD_PWAP_HMAC, "TSS_RC_BAD_PWAP_HMAC - Bad PWAP response HMAC"},
+    {TSS_RC_NAME_NOT_IMPLEMENTED, "TSS_RC_NAME_NOT_IMPLEMENTED - name calculation not implemented for handle type"},
+    {TSS_RC_MALFORMED_NV_PUBLIC, "TSS_RC_MALFORMED_NV_PUBLIC - The NV public structure does not match the name"},
+    {TSS_RC_NAME_FILENAME, "TSS_RC_NAME_FILENAME - The name filename function has inconsistent arguments"},
+    {TSS_RC_MALFORMED_PUBLIC, "TSS_RC_MALFORMED_PUBLIC -The public structure does not match the name"},
+    {TSS_RC_DECRYPT_SESSIONS, "TSS_RC_DECRYPT_SESSIONS - More than one command decrypt session"},
+    {TSS_RC_ENCRYPT_SESSIONS, "TSS_RC_ENCRYPT_SESSIONS - More than one response encrypt session"},
+    {TSS_RC_NO_DECRYPT_PARAMETER, "TSS_RC_NO_DECRYPT_PARAMETER - Command has no decrypt parameter"},
+    {TSS_RC_NO_ENCRYPT_PARAMETER, "TSS_RC_NO_ENCRYPT_PARAMETER - Respnse has no encrypt parameter"},
+    {TSS_RC_BAD_DECRYPT_ALGORITHM, "TSS_RC_BAD_DECRYPT_ALGORITHM - Session had an unimplemented decrypt symmetric algorithm"},
+    {TSS_RC_BAD_ENCRYPT_ALGORITHM, "TSS_RC_BAD_ENCRYPT_ALGORITHM - Session had an unimplemented encrypt symmetric algorithm"},
+    {TSS_RC_AES_ENCRYPT_FAILURE, "TSS_RC_AES_ENCRYPT_FAILURE - AES encryption failed"},
+    {TSS_RC_AES_DECRYPT_FAILURE, "TSS_RC_AES_DECRYPT_FAILURE - AES decryption failed\n"
+     "\tIf using command line utilities, set env variable TPM_ENCRYPT_SESSIONS to 0\n"
+     "\tor see TSS manual for more options"},
+    {TSS_RC_BAD_ENCRYPT_SIZE, "TSS_RC_BAD_ENCRYPT_SIZE - Parameter encryption size mismatch"},
+    {TSS_RC_AES_KEYGEN_FAILURE, "TSS_RC_AES_KEYGEN_FAILURE - AES key generation failed"},
+    {TSS_RC_SESSION_NUMBER, "TSS_RC_SESSION_NUMBER - session number out of range"},
+    {TSS_RC_BAD_SALT_KEY, "TSS_RC_BAD_SALT_KEY - Key is unsuitable for salt"},
+    {TSS_RC_KDFA_FAILED, "TSS_RC_KDFA_FAILED - KDFa function failed"},
+    {TSS_RC_HMAC, "TSS_RC_HMAC -  An HMAC calculation failed"},
+    {TSS_RC_HMAC_SIZE, "TSS_RC_HMAC_SIZE - nse HMAC is the wrong size"},
+    {TSS_RC_HMAC_VERIFY, "TSS_RC_HMAC_VERIFY - MAC does not verify"},
+    {TSS_RC_BAD_HASH_ALGORITHM, "TSS_RC_BAD_HASH_ALGORITHM - Unimplemented hash algorithm"},
+    {TSS_RC_HASH, "TSS_RC_HASH - A hash calculation failed"},
+    {TSS_RC_RSA_KEY_CONVERT, "TSS_RC_RSA_KEY_CONVERT - RSA key conversion failed"},
+    {TSS_RC_RSA_PADDING, "TSS_RC_RSA_PADDING - RSA add padding failed"},
+    {TSS_RC_RSA_ENCRYPT, "TSS_RC_RSA_ENCRYPT - RSA public encrypt failed"},
+    {TSS_RC_BIGNUM, "TSS_RC_BIGNUM - NUM operation failed"},
+    {TSS_RC_RSA_SIGNATURE, "TSS_RC_RSA_SIGNATURE - RSA signature is bad"},
+    {TSS_RC_EC_SIGNATURE, "TSS_RC_EC_SIGNATURE - EC signature is bad"},
+    {TSS_RC_EC_KEY_CONVERT, "TSS_RC_EC_KEY_CONVERT - EC key conversion failed"},
+    {TSS_RC_X509_ERROR, "TSS_RC_X509_ERROR - X509 parse error"},
+    {TSS_RC_PEM_ERROR, "TSS_RC_PEM_ERROR - PEM parse error"},
+    {TSS_RC_BAD_SIGNATURE_ALGORITHM, "TSS_RC_BAD_SIGNATURE_ALGORITHM - Unimplemented signature algorithm"},
+    {TSS_RC_COMMAND_UNIMPLEMENTED, "TSS_RC_COMMAND_UNIMPLEMENTED - Unimplemented command"},
+    {TSS_RC_IN_PARAMETER, "TSS_RC_IN_PARAMETER - Bad in parameter to TSS_Execute"},
+    {TSS_RC_OUT_PARAMETER, "TSS_RC_OUT_PARAMETER - Bad out parameter to TSS_Execute"},
+    {TSS_RC_BAD_HANDLE_NUMBER, "TSS_RC_BAD_HANDLE_NUMBER - Bad handle number for this command"},
+    {TSS_RC_KDFE_FAILED, "TSS_RC_KDFE_FAILED - KDFe function failed"},
+    {TSS_RC_EC_EPHEMERAL_FAILURE, "TSS_RC_EC_EPHEMERAL_FAILURE - Failed while making or using EC ephemeral key"},
+    {TSS_RC_FAIL, "TSS_RC_FAIL - TSS internal failure"},
+    {TSS_RC_NO_SESSION_SLOT, "TSS_RC_NO_SESSION_SLOT - TSS context has no session slot for handle"},
+    {TSS_RC_NO_OBJECTPUBLIC_SLOT, "TSS_RC_NO_OBJECTPUBLIC_SLOT - TSS context has no object public slot for handle"},
+    {TSS_RC_NO_NVPUBLIC_SLOT, "TSS_RC_NO_NVPUBLIC_SLOT -TSS context has no NV public slot for handle"},
+};
+
+#ifdef TPM_WINDOWS
+#ifdef TPM_WINDOWS_TBSI
+
+/* Windows TBS, see winerror.h */
+
+const RC_TABLE tbsTable [] = {
+    {TBS_E_INTERNAL_ERROR, "TBS_E_INTERNAL_ERROR - An internal software error occurred"},
+    {TBS_E_BAD_PARAMETER, "TBS_E_BAD_PARAMETER - One or more parameter values are not valid"},
+    {TBS_E_INVALID_OUTPUT_POINTER, "TBS_E_INVALID_OUTPUT_POINTER - A specified output pointer is bad"},
+    {TBS_E_INVALID_CONTEXT, "TBS_E_INVALID_CONTEXT - The specified context handle does not refer to a valid context"},
+    {TBS_E_INSUFFICIENT_BUFFER, "TBS_E_INSUFFICIENT_BUFFER - The specified output buffer is too small"},
+    {TBS_E_IOERROR, "TBS_E_IOERROR - An error occurred while communicating with the TPM"},
+    {TBS_E_INVALID_CONTEXT_PARAM, "TBS_E_INVALID_CONTEXT_PARAM - A context parameter that is not valid was passed when attempting to create a TBS context"},
+    {TBS_E_SERVICE_NOT_RUNNING, "TBS_E_SERVICE_NOT_RUNNING - The TBS service is not running and could not be started"},
+    {TBS_E_TOO_MANY_TBS_CONTEXTS, "TBS_E_TOO_MANY_TBS_CONTEXTS - A new context could not be created because there are too many open contexts"},
+    {TBS_E_TOO_MANY_RESOURCES, "TBS_E_TOO_MANY_RESOURCES - A new virtual resource could not be created because there are too many open virtual resources"},
+    {TBS_E_SERVICE_START_PENDING, "TBS_E_SERVICE_START_PENDING - The TBS service has been started but is not yet running"},
+    {TBS_E_PPI_NOT_SUPPORTED, "TBS_E_PPI_NOT_SUPPORTED - The physical presence interface is not supported"},
+    {TBS_E_COMMAND_CANCELED, "TBS_E_COMMAND_CANCELED - The command was canceled"},
+    {TBS_E_BUFFER_TOO_LARGE, "TBS_E_BUFFER_TOO_LARGE - The input or output buffer is too large"},
+    {TBS_E_TPM_NOT_FOUND, "TBS_E_TPM_NOT_FOUND - A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer"},
+    {TBS_E_SERVICE_DISABLED, "TBS_E_SERVICE_DISABLED - The TBS service has been disabled"},
+    {TBS_E_NO_EVENT_LOG, "TBS_E_NO_EVENT_LOG - The TBS event log is not available"},
+    {TBS_E_ACCESS_DENIED, "TBS_E_ACCESS_DENIED - The caller does not have the appropriate rights to perform the requested operation"},
+    {TBS_E_PROVISIONING_NOT_ALLOWED, "TBS_E_PROVISIONING_NOT_ALLOWED - The TPM provisioning action is not allowed by the specified flags"},
+    {TBS_E_PPI_FUNCTION_UNSUPPORTED, "TBS_E_PPI_FUNCTION_UNSUPPORTED - The Physical Presence Interface of this firmware does not support the requested method"},
+    {TBS_E_OWNERAUTH_NOT_FOUND, "TBS_E_OWNERAUTH_NOT_FOUND - The requested TPM OwnerAuth value was not found"},
+    {TBS_E_PROVISIONING_INCOMPLETE, "TBS_E_PROVISIONING_INCOMPLETE - The TPM provisioning did not complete."},
+    
+    {TPM_E_COMMAND_BLOCKED, "TPM_E_COMMAND_BLOCKED - The command was blocked"},
+    {TPM_E_INVALID_HANDLE, "TPM_E_INVALID_HANDLE - The specified handle was not found"},
+    {TPM_E_DUPLICATE_VHANDLE, "TPM_E_DUPLICATE_VHANDLE - The TPM returned a duplicate handle and the command needs to be resubmitted"},
+    {TPM_E_EMBEDDED_COMMAND_BLOCKED, "TPM_E_EMBEDDED_COMMAND_BLOCKED - The command within the transport was blocked"},
+    {TPM_E_EMBEDDED_COMMAND_UNSUPPORTED, "TPM_E_EMBEDDED_COMMAND_UNSUPPORTED - The command within the transport is not supported"},
+    {TPM_E_RETRY, "TPM_E_RETRY - The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time"},
+    {TPM_E_NEEDS_SELFTEST, "TPM_E_NEEDS_SELFTEST - SelfTestFull has not been run"},
+    {TPM_E_DOING_SELFTEST, "TPM_E_DOING_SELFTEST - The TPM is currently executing a full selftest"},
+    {TPM_E_DEFEND_LOCK_RUNNING, "TPM_E_DEFEND_LOCK_RUNNING - The TPM is defending against dictionary attacks and is in a time-out period"},
+};
+
+#endif  /* TPM_WINDOWS_TBSI */
+#endif	/* TPM_WINDOWS */
+
+#define BITS1108	0xf00
+#define BITS1108SHIFT	8
+
+#define BITS1008	0x700
+#define BITS1008SHIFT	8
+
+#define BITS0600	0x07f
+#define BITS0500	0x03f
+
+#define BITS87		0x180
+#define BIT11		0x800
+#define BIT10		0x400
+#define BIT7		0x080
+#define BIT6		0x040
+
+#define TSSMASK		0x00ff0000	/* 23:16 */
+#define TBSMASK		0x80000000
+
+/* Test cases
+
+   TPM 	1.2	001
+   TPM 	param	1c1
+   TPM	handle  181
+   TPM	session	981
+   TSS		b0001
+*/
+
+/* TSS namespace starts with bit 16 */
+#define TSS_RC_LEVEL_SHIFT 16
+
+/* TSS error level name space */
+#define TSS_ERROR_LEVEL (11 << TSS_RC_LEVEL_SHIFT )
+
+/* Figure 26 - Response Code Evaluation */	    
+
+void TSS_ResponseCode_toString(const char **msg, const char **submsg,  const char **num, TPM_RC rc)
+{
+    *submsg = "";	/* sometimes no sub-message */
+    *num = "";		/* sometime no number */
+
+    if (rc == 0) {
+	*msg = "TPM_RC_SUCCESS";
+    }
+#ifdef TPM_WINDOWS
+#ifdef TPM_WINDOWS_TBSI
+    else if ((rc & TBSMASK) == TBSMASK) {
+	*msg = TSS_ResponseCode_RcToText(tbsTable, sizeof(tbsTable) / sizeof(RC_TABLE), rc);
+    }
+#endif  /* TPM_WINDOWS_TBSI */
+#endif	/* TPM_WINDOWS */
+    /* if TSS 11 << 16 */
+    else if ((rc & TSSMASK) == TSS_ERROR_LEVEL) {
+	*msg = TSS_ResponseCode_RcToText(tssTable, sizeof(tssTable) / sizeof(RC_TABLE), rc);
+    }
+    /* if bits 8:7 are 00 */
+    else if ((rc & BITS87) == 0) {
+	/* TPM 1.2  x000 0xxx xxxx */
+#ifdef TPM_TPM12
+	*msg = TSS_ResponseCode_RcToText(tpm12Table, sizeof(tpm12Table) / sizeof(RC_TABLE), rc);
+#else
+	*msg = "TPM 1.2 response code";
+#endif
+    }
+    /* if bits 8:7 are not 00 */
+    else {
+	/* if bit 7 is 0 */
+	if ((rc & BIT7) == 0) {
+	    /* if bit 10 is 1 */
+	    if ((rc & BIT10) != 0) {
+		/* vendor defined x101 0xxx xxxx */
+		*msg = "TPM2 vendor defined response code";
+	    }
+	    /* if bit 10 is 0 */
+	    else {
+		/* if bit 11 is 1 */
+		if ((rc & BIT11) != 0) {
+		    /* warning 1001 0xxx xxxx RC_WARN */
+		    *msg = TSS_ResponseCode_RcToText(warnTable,
+						     sizeof(warnTable) / sizeof(RC_TABLE),
+						     rc & (BITS0600 | RC_WARN));
+		}
+		/* if bit 11 is 0 */
+		else {
+		    /* error 0001 0xxx xxxx  RC_VER1 */
+		    *msg = TSS_ResponseCode_RcToText(ver1Table,
+						     sizeof(ver1Table) / sizeof(RC_TABLE),
+						     rc & (BITS0600 | RC_VER1));
+		}
+	    }
+	}
+	/* if bit 7 is 1 RC_FMT1 */
+	else {
+	    /* if bit 6 is 1 */
+	    if ((rc & BIT6) != 0) {
+		/* error xxxx 11xx xxxx */
+		*msg = TSS_ResponseCode_RcToText(fmt1Table,
+						 sizeof(fmt1Table) / sizeof(RC_TABLE),
+						 rc & (BITS0500 | RC_FMT1));
+		*submsg = " Parameter number ";
+		*num = TSS_ResponseCode_NumberToText((rc & BITS1108) >> BITS1108SHIFT); 
+	    }
+	    /* if bit 6 is 0 */
+	    else {
+		/* if bit 11 is 1 */
+		if ((rc & BIT11) != 0) {
+		    /* error 1xxx 10xx xxxx */
+		    *msg = TSS_ResponseCode_RcToText(fmt1Table,
+						     sizeof(fmt1Table) / sizeof(RC_TABLE),
+						     rc & (BITS0500 | RC_FMT1));
+		    *submsg = " Session number ";
+		    *num = TSS_ResponseCode_NumberToText((rc & BITS1008) >> BITS1008SHIFT); 
+		}
+		/* if bit 11 is 0 */
+		else {
+		    /* error 0xxx 10xx xxxx */
+		    *msg = TSS_ResponseCode_RcToText(fmt1Table,
+						     sizeof(fmt1Table) / sizeof(RC_TABLE),
+						     rc & (BITS0500 | RC_FMT1));
+		    *submsg = " Handle number ";
+		    *num = TSS_ResponseCode_NumberToText((rc & BITS1008) >> BITS1008SHIFT); 
+		}
+	    }
+	}
+    }
+    return;
+}
+
+static const char *TSS_ResponseCode_RcToText(const RC_TABLE *table, size_t tableSize, TPM_RC rc) 
+{
+    size_t i;
+
+    for (i = 0 ; i < tableSize ; i++) {
+	if (table[i].rc == rc) {
+	    return table[i].text;
+	}
+    }
+    return "response code unknown";
+}
+
+static const char *TSS_ResponseCode_NumberToText(unsigned int num)
+{
+    if (num < (sizeof(num_table) / sizeof(const char *))) {
+	return num_table[num];
+    }
+    else {
+	return "out of bounds";
+    }
+}
+
+#endif 	/* TPM_TSS_NO_PRINT */
diff --git a/utils/tsssocket.c b/utils/tsssocket.c
new file mode 100644
index 000000000..aa808a276
--- /dev/null
+++ b/utils/tsssocket.c
@@ -0,0 +1,706 @@
+/********************************************************************************/
+/*										*/
+/*			   Socket Transmit and Receive Utilities		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tsssocket.c 1304 2018-08-20 18:31:45Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#ifndef TPM_NOSOCKET
+
+/* TSS_SOCKET_FD encapsulates the differences between the Posix and Windows socket type */
+
+#ifdef TPM_POSIX
+#include <unistd.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#endif
+
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <sys/types.h>
+#include <fcntl.h>
+
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+#include "tssproperties.h"
+#include <ibmtss/tsstransmit.h>
+
+#include "tsssocket.h"
+
+/* local prototypes */
+
+static uint32_t TSS_Socket_Open(TSS_CONTEXT *tssContext, short port);
+static uint32_t TSS_Socket_SendCommand(TSS_CONTEXT *tssContext,
+				       const uint8_t *buffer, uint16_t length,
+				       const char *message);
+static uint32_t TSS_Socket_SendPlatform(TSS_SOCKET_FD sock_fd, uint32_t command, const char *message);
+static uint32_t TSS_Socket_ReceiveCommand(TSS_CONTEXT *tssContext, uint8_t *buffer, uint32_t *length);
+static uint32_t TSS_Socket_ReceivePlatform(TSS_SOCKET_FD sock_fd);
+static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd, uint8_t *buffer, uint32_t nbytes);
+static uint32_t TSS_Socket_SendBytes(TSS_SOCKET_FD sock_fd, const uint8_t *buffer, size_t length);
+
+static uint32_t TSS_Socket_GetServerType(TSS_CONTEXT *tssContext,
+					 int *mssim,
+					 int *rawsingle);
+#ifdef TPM_WINDOWS
+static void TSS_Socket_PrintError(int err);
+#endif
+    
+extern int tssVverbose;
+extern int tssVerbose;
+
+/* TSS_Socket_TransmitPlatform() transmits MS simulator platform administrative commands */
+
+TPM_RC TSS_Socket_TransmitPlatform(TSS_CONTEXT *tssContext,
+				   uint32_t command, const char *message)
+{
+    TPM_RC 	rc = 0;
+    int 	mssim;	/* boolean, true for MS simulator packet format, false for raw packet
+			   format */
+    int 	rawsingle = FALSE;	/* boolean, true for raw format with an open and close per
+					   command */
+    /* open on first transmit */
+    if (tssContext->tssFirstTransmit) {	
+	/* detect errors before starting, get the server packet type, MS sim or raw */
+	if (rc == 0) {
+	    rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle);
+	}
+	/* the platform administrative commands can only work with the simulator */
+	if (rc == 0) {
+	    if (!mssim) {
+		if (tssVerbose) printf("TSS_Socket_TransmitPlatform: server type %s unsupported\n",
+				       tssContext->tssServerType);
+		rc = TSS_RC_INSUPPORTED_INTERFACE;	
+	    }
+	}
+	if (rc == 0) {
+	    rc = TSS_Socket_Open(tssContext, tssContext->tssPlatformPort);
+	}
+	if (rc == 0) {
+	    tssContext->tssFirstTransmit = FALSE;
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Socket_SendPlatform(tssContext->sock_fd, command, message);
+    }
+    if (rc == 0) {
+	rc = TSS_Socket_ReceivePlatform(tssContext->sock_fd);
+    }
+    return rc;
+}
+
+/* TSS_Socket_TransmitCommand() transmits MS simulator in band administrative commands */
+
+TPM_RC TSS_Socket_TransmitCommand(TSS_CONTEXT *tssContext,
+				  uint32_t command, const char *message)
+{
+    TPM_RC 	rc = 0;
+    int 	mssim;	/* boolean, true for MS simulator packet format, false for raw packet
+			   format */
+    int 	rawsingle = FALSE;	/* boolean, true for raw format with an open and close per
+					   command */
+    /* open on first transmit */
+    if (tssContext->tssFirstTransmit) {	
+	/* detect errors before starting, get the server packet type, MS sim or raw */
+	if (rc == 0) {
+	    rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle);
+	}
+	/* the platform administrative commands can only work with the simulator */
+	if (rc == 0) {
+	    if (!mssim) {
+		if (tssVerbose) printf("TSS_Socket_TransmitCommand: server type %s unsupported\n",
+				       tssContext->tssServerType);
+		rc = TSS_RC_INSUPPORTED_INTERFACE;	
+	    }
+	}
+	if (rc == 0) {
+	    rc = TSS_Socket_Open(tssContext, tssContext->tssCommandPort);
+	}
+	if (rc == 0) {
+	    tssContext->tssFirstTransmit = FALSE;
+	}
+    }
+    if (message != NULL) {
+	if (tssVverbose) printf("TSS_Socket_TransmitCommand: %s\n", message);
+    }
+    if (rc == 0) {
+	uint32_t commandType = htonl(command);	/* command type is network byte order */
+	rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t));
+    }
+    /* FIXME The only command currently supported is TPM_STOP, which has no response */
+    return rc;
+}
+
+/* TSS_Socket_Transmit() transmits the TPM command and receives the response.
+
+   It can return socket transmit and receive packet errors, but normally returns the TPM response
+   code.
+
+*/
+
+TPM_RC TSS_Socket_Transmit(TSS_CONTEXT *tssContext,
+			   uint8_t *responseBuffer, uint32_t *read,
+			   const uint8_t *commandBuffer, uint32_t written,
+			   const char *message)
+{
+    TPM_RC 	rc = 0;
+    int 	mssim;	/* boolean, true for MS simulator packet format, false for raw packet
+			   format */
+    int 	rawsingle = FALSE;	/* boolean, true for raw packet format requiring an open and
+					   close for each command */
+
+    /* open on first transmit */
+    if (tssContext->tssFirstTransmit) {	
+	/* detect errors before starting, get the server packet type, MS sim or raw */
+	if (rc == 0) {
+	    rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle);
+	}
+	if (rc == 0) {
+	    rc = TSS_Socket_Open(tssContext, tssContext->tssCommandPort);
+	}
+	if (rc == 0) {
+	    tssContext->tssFirstTransmit = FALSE;
+	}
+    }
+    /* send the command over the socket.  Error if the socket send fails. */
+    if (rc == 0) {
+	rc = TSS_Socket_SendCommand(tssContext, commandBuffer, written, message);
+    }
+    /* receive the response over the socket.  Returns socket errors, malformed response errors.
+       Else returns the TPM response code. */
+    if (rc == 0) {
+	rc = TSS_Socket_ReceiveCommand(tssContext, responseBuffer, read);
+    }
+    /* rawsingle flags a close after each command */
+    if (rawsingle) {
+	TPM_RC rc1;
+	rc1 = TSS_Socket_Close(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+	tssContext->tssFirstTransmit = TRUE;	/* force reopen on next command */
+    }
+    return rc;
+}
+
+/* TSS_Socket_GetServerType() gets the type of server packet format
+
+   Currently, the formats supported are:
+
+   mssim, raw, rawsingle
+
+   mssim TRUE  - the MS simulator packet
+   mssim FALSE - raw TPM specification Part 3 packets
+   rawsingle is the same as mssim FALSE but forces an open and cose for each command
+*/
+
+static uint32_t TSS_Socket_GetServerType(TSS_CONTEXT *tssContext,
+					 int *mssim,
+					 int *rawsingle)
+{
+    uint32_t 	rc = 0;
+    if (rc == 0) {
+	if ((strcmp(tssContext->tssServerType, "mssim") == 0)) {
+	    *mssim = TRUE;
+	    *rawsingle = FALSE;
+	}
+	else if ((strcmp(tssContext->tssServerType, "raw") == 0)) {
+	    *mssim = FALSE;
+	    *rawsingle = FALSE;
+	}
+	else if ((strcmp(tssContext->tssServerType, "rawsingle") == 0)) {
+	    *mssim = FALSE;
+	    *rawsingle = TRUE;
+	}
+	else {
+	    if (tssVerbose) printf("TSS_Socket_GetServerType: server type %s unsupported\n",
+				   tssContext->tssServerType);
+	    rc = TSS_RC_INSUPPORTED_INTERFACE;	
+	}
+    }
+    return rc;
+}
+
+/* TSS_Socket_Open() opens the socket to the TPM Host emulation to tssServerName:port
+
+*/
+
+static uint32_t TSS_Socket_Open(TSS_CONTEXT *tssContext, short port)
+{
+#ifdef TPM_WINDOWS 
+    WSADATA 		wsaData;
+    int			irc;
+#endif
+    struct sockaddr_in 	serv_addr;
+    struct hostent 	*host = NULL;
+
+    if (tssVverbose) printf("TSS_Socket_Open: Opening %s:%hu-%s\n",
+			    tssContext->tssServerName, port, tssContext->tssServerType);
+    /* create a socket */
+#ifdef TPM_WINDOWS
+    if ((irc = WSAStartup(0x202, &wsaData)) != 0) {		/* if not successful */
+	if (tssVerbose) printf("TSS_Socket_Open: Error, WSAStartup failed\n");
+	WSACleanup();
+	return TSS_RC_NO_CONNECTION;
+    }
+    if ((tssContext->sock_fd = socket(AF_INET,SOCK_STREAM, 0)) == INVALID_SOCKET) {
+	if (tssVerbose) printf("TSS_Socket_Open: client socket() error: %u\n", tssContext->sock_fd);
+	return TSS_RC_NO_CONNECTION;
+    }
+#endif 
+#ifdef TPM_POSIX
+    if ((tssContext->sock_fd = socket(AF_INET,SOCK_STREAM, 0)) < 0) {
+	if (tssVerbose) printf("TSS_Socket_Open: client socket error: %d %s\n",
+			       errno,strerror(errno));
+	return TSS_RC_NO_CONNECTION;
+    }
+#endif
+    memset((char *)&serv_addr,0x0,sizeof(serv_addr));
+    serv_addr.sin_family = AF_INET;
+    serv_addr.sin_port = htons(port);
+
+    /* the server host name tssServerName came from the default or an environment variable */
+    /* first assume server is dotted decimal number and call inet_addr */
+    if ((int)(serv_addr.sin_addr.s_addr = inet_addr(tssContext->tssServerName)) == -1) {
+	/* if inet_addr fails, assume server is a name and call gethostbyname to look it up */
+	/* if gethostbyname also fails */
+	if ((host = gethostbyname(tssContext->tssServerName)) == NULL) {
+	    if (tssVerbose) printf("TSS_Socket_Open: server name error, name %s\n",
+				   tssContext->tssServerName);
+	    return TSS_RC_NO_CONNECTION;
+	}
+	serv_addr.sin_family = host->h_addrtype;
+	memcpy(&serv_addr.sin_addr, host->h_addr, host->h_length);
+    }
+    /* establish the connection to the TPM server */
+#ifdef TPM_POSIX
+    if (connect(tssContext->sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
+	if (tssVerbose) printf("TSS_Socket_Open: Error on connect to %s:%u\n",
+			       tssContext->tssServerName, port);
+	if (tssVerbose) printf("TSS_Socket_Open: client connect: error %d %s\n",
+			       errno,strerror(errno));
+	return TSS_RC_NO_CONNECTION;
+    }
+#endif
+#ifdef TPM_WINDOWS
+    if (connect(tssContext->sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) != 0) {
+	if (tssVerbose) {
+	    int err;
+	    printf("TSS_Socket_Open: Error on connect to %s:%u\n",
+			       tssContext->tssServerName, port);
+	    err = WSAGetLastError();
+	    printf("TSS_Socket_Open: client connect: error %d\n", err);
+	    TSS_Socket_PrintError(err);
+	}
+	return TSS_RC_NO_CONNECTION;
+    }
+#endif
+    else {
+	/*  	printf("TSS_Socket_Open: client connect: success\n"); */
+    }
+    return 0;
+}
+
+/* TSS_Socket_SendCommand() sends the TPM command packet over the socket.
+
+   The MS simulator packet is of the form:
+
+   TPM_SEND_COMMAND
+   locality 0
+   length
+   TPM command packet	(this is the raw packet format)
+
+   Returns an error if the socket send fails.
+*/
+
+static uint32_t TSS_Socket_SendCommand(TSS_CONTEXT *tssContext,
+				       const uint8_t *buffer, uint16_t length,
+				       const char *message)
+{
+    uint32_t 	rc = 0;
+    int 	mssim;	/* boolean, true for MS simulator packet format, false for raw packet
+			   format */
+    int 	rawsingle;
+    
+    if (message != NULL) {
+	if (tssVverbose) printf("TSS_Socket_SendCommand: %s\n", message);
+    }
+    /* trace the command packet */
+    if ((rc == 0) && tssVverbose) {
+	TSS_PrintAll("TSS_Socket_SendCommand",
+		     buffer, length);
+    }
+    /* get the server packet type, MS sim or raw */
+    if (rc == 0) {
+	rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle);
+    }
+    /* MS simulator wants a command type, locality, length */
+    if ((rc == 0) && mssim) {
+	uint32_t commandType = htonl(TPM_SEND_COMMAND);	/* command type is network byte order */
+	rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t));
+    }
+    if ((rc == 0) && mssim) {
+	uint8_t locality = 0;
+	rc = TSS_Socket_SendBytes(tssContext->sock_fd, &locality, sizeof(uint8_t));
+    }
+    if ((rc == 0) && mssim) {
+	uint32_t lengthNbo = htonl(length);	/* length is network byte order */
+	rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&lengthNbo, sizeof(uint32_t));
+    }
+    /* all packet formats (types) send the TPM command packet */
+    if (rc == 0) {
+	rc = TSS_Socket_SendBytes(tssContext->sock_fd, buffer, length);
+    }
+    return rc;
+}
+
+/* TSS_Socket_SendPlatform() transmits MS simulator platform administrative commands.  This function
+   should only be called if the TPM supports administrative commands.
+
+   Returns an error if the socket send fails.
+
+*/
+
+static uint32_t TSS_Socket_SendPlatform(TSS_SOCKET_FD sock_fd, uint32_t command, const char *message)
+{
+    uint32_t rc = 0;
+
+    if (message != NULL) {
+	if (tssVverbose) printf("TSS_Socket_SendPlatform: %s\n", message);
+    }
+    if (tssVverbose) printf("TSS_Socket_SendPlatform: Command %08x\n", command);
+    /* MS simulator platform commands */
+    if (rc == 0) {
+	uint32_t commandNbo = htonl(command);	/* command is network byte order */
+	rc = TSS_Socket_SendBytes(sock_fd, (uint8_t *)&commandNbo , sizeof(uint32_t));
+    }
+    return rc;
+}
+
+/* TSS_Socket_SendBytes() is the low level sent function that transmits the buffer over the socket.
+
+   It handles partial writes by looping.
+
+ */
+
+static uint32_t TSS_Socket_SendBytes(TSS_SOCKET_FD sock_fd, const uint8_t *buffer, size_t length)
+{
+    int nwritten = 0;
+    size_t nleft = 0;
+    unsigned int offset = 0;
+
+    nleft = length;
+    while (nleft > 0) {
+#ifdef TPM_POSIX
+	nwritten = write(sock_fd, &buffer[offset], nleft);
+	if (nwritten < 0) {        /* error */
+	    if (tssVerbose) printf("TSS_Socket_SendBytes: write error %d\n", (int)nwritten);
+	    return TSS_RC_BAD_CONNECTION;
+	}
+#endif
+#ifdef TPM_WINDOWS
+	/* cast for winsock.  Unix uses void * */
+	nwritten = send(sock_fd, (char *)(&buffer[offset]), nleft, 0);
+	if (nwritten == SOCKET_ERROR) {        /* error */
+	    if (tssVerbose) printf("TSS_Socket_SendBytes: write error %d\n", (int)nwritten);
+	    return TSS_RC_BAD_CONNECTION;
+	}
+#endif
+	nleft -= nwritten;
+	offset += nwritten;
+    }
+    return 0;
+}
+
+/* TSS_Socket_ReceiveCommand() reads a TPM response packet from the socket.  'buffer' must be at
+   least MAX_RESPONSE_SIZE bytes.  The bytes read are returned in 'length'.
+
+   The MS simulator packet is of the form:
+
+   length
+   TPM response packet		(this is the raw packet format)
+   acknowledgement uint32_t zero
+
+   If the receive succeeds, returns TPM packet error code.
+
+   Validates that the packet length and the packet responseSize match 
+*/
+
+static uint32_t TSS_Socket_ReceiveCommand(TSS_CONTEXT *tssContext,
+					  uint8_t *buffer, uint32_t *length)
+{
+    uint32_t 	rc = 0;
+    uint32_t 	responseSize = 0;
+    uint32_t 	responseLength = 0;
+    uint8_t 	*bufferPtr = buffer;	/* the moving buffer */
+    TPM_RC 	responseCode;
+    uint32_t 	size;		/* dummy for unmarshal call */
+    int 	mssim;		/* boolean, true for MS simulator packet format, false for raw
+				   packet format */
+    int		rawsingle;
+    TPM_RC 	acknowledgement;	/* MS sim acknowledgement */
+    
+    /* get the server packet type, MS sim or raw */
+    if (rc == 0) {
+	rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle);
+    }
+    /* read the length prepended by the simulator */
+    if ((rc == 0) && mssim) {
+	rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd,
+				     (uint8_t *)&responseLength, sizeof(uint32_t));
+	responseLength = ntohl(responseLength);
+    }
+    /* read the tag and responseSize */
+    if (rc == 0) {
+	rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd,
+				     bufferPtr, sizeof(TPM_ST) + sizeof(uint32_t));
+    }
+    /* extract the responseSize */
+    if (rc == 0) {
+	/* skip over tag to responseSize */
+	bufferPtr += sizeof(TPM_ST);
+	
+	size = sizeof(uint32_t);		/* dummy for call */
+	rc = TSS_UINT32_Unmarshalu(&responseSize, &bufferPtr, &size);
+	*length = responseSize;			/* returned length */
+
+	/* check the response size, see TSS_CONTEXT structure */
+	if (responseSize > MAX_RESPONSE_SIZE) {
+	    if (tssVerbose)
+		printf("TSS_Socket_ReceiveCommand: ERROR: responseSize %u greater than %u\n",
+		       responseSize, MAX_RESPONSE_SIZE);
+	    rc = TSS_RC_BAD_CONNECTION;
+	}
+	/* check that MS sim prepended length is the same as the response TPM packet
+	   length parameter */
+	if (mssim && (responseSize != responseLength)) {
+	    if (tssVerbose) printf("TSS_Socket_ReceiveCommand: "
+				   "ERROR: responseSize %u not equal to responseLength %u\n",
+				   responseSize, responseLength);
+	    rc = TSS_RC_BAD_CONNECTION;
+	}
+    }
+    /* read the rest of the packet */
+    if (rc == 0) {
+	rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd,
+				     bufferPtr,
+				     responseSize - (sizeof(TPM_ST) + sizeof(uint32_t)));
+    }
+    if ((rc == 0) && tssVverbose) {
+	TSS_PrintAll("TSS_Socket_ReceiveCommand",
+		     buffer, responseSize);
+    }
+    /* read the MS sim acknowledgement */
+    if ((rc == 0) && mssim) {
+	rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd,
+				     (uint8_t *)&acknowledgement, sizeof(uint32_t));
+    }
+    /* extract the TPM return code from the packet */
+    if (rc == 0) {
+	/* skip to responseCode */
+	bufferPtr = buffer + sizeof(TPM_ST) + sizeof(uint32_t);
+	size = sizeof(TPM_RC);		/* dummy for call */
+	rc = TSS_UINT32_Unmarshalu(&responseCode, &bufferPtr, &size);
+    }
+    /* if there is no other (receive or unmarshal) error, return the TPM response code */
+    if (rc == 0) {
+	rc = responseCode;
+    }
+    /* if there is no other (TPM response) error, return the MS simulator packet acknowledgement */
+    if ((rc == 0) && mssim) {
+	  rc = ntohl(acknowledgement);	/* should always be zero */
+    }
+    return rc;
+}
+
+/* TSS_Socket_ReceivePlatform reads MS simulator platform administrative responses.  This function
+   should only be called if the TPM supports administrative commands.
+
+   The acknowledgement is a uint32_t zero.
+
+*/
+
+static uint32_t TSS_Socket_ReceivePlatform(TSS_SOCKET_FD sock_fd)
+{
+    uint32_t 	rc = 0;
+    TPM_RC 	acknowledgement;
+    
+    /* read the MS sim acknowledgement */
+    if (rc == 0) {
+	rc = TSS_Socket_ReceiveBytes(sock_fd, (uint8_t *)&acknowledgement, sizeof(uint32_t));
+    }
+    /* if there is no other error, return the MS simulator packet acknowledgement */
+    if (rc == 0) {
+	rc = ntohl(acknowledgement);	/* should always be zero */
+    }
+    return rc;
+}
+
+/* TSS_Socket_ReceiveBytes() is the low level receive function that reads the buffer over the
+   socket.  'buffer' must be atleast 'nbytes'. 
+
+   It handles partial reads by looping.
+
+*/
+
+static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd,
+					uint8_t *buffer,  
+					uint32_t nbytes)
+{
+    int nread = 0;
+    int nleft = 0;
+
+    nleft = nbytes;
+    while (nleft > 0) {
+#ifdef TPM_POSIX
+	nread = read(sock_fd, buffer, nleft);
+	if (nread < 0) {       /* error */
+	    if (tssVerbose)  printf("TSS_Socket_ReceiveBytes: read error %d\n", nread);
+	    return TSS_RC_BAD_CONNECTION;
+	}
+#endif
+#ifdef TPM_WINDOWS
+	/* cast for winsock.  Unix uses void * */
+	nread = recv(sock_fd, (char *)buffer, nleft, 0);
+	if (nread == SOCKET_ERROR) {       /* error */
+	    if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", nread);
+	    return TSS_RC_BAD_CONNECTION;
+	}
+#endif
+	else if (nread == 0) {  /* EOF */
+	    if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read EOF\n");
+	    return TSS_RC_BAD_CONNECTION;
+	}
+	nleft -= nread;
+	buffer += nread;
+    }
+    return 0;
+}
+
+/* TSS_Socket_Close() closes the socket.
+
+   It sends the TPM_SESSION_END required by the MS simulator.
+
+*/
+
+TPM_RC TSS_Socket_Close(TSS_CONTEXT *tssContext)
+{
+    uint32_t 	rc = 0;
+    int 	mssim;	/* boolean, true for MS simulator packet format, false for raw packet
+			   format */
+    int		rawsingle = TRUE;	/* boolean, true for raw format with an open and close per
+					   command.  Initialized to suppress false gcc -O3
+					   warning. */
+    
+    if (tssVverbose) printf("TSS_Socket_Close: Closing %s-%s\n",
+			    tssContext->tssServerName, tssContext->tssServerType);
+    /* get the server packet type, MS sim or raw */
+    if (rc == 0) {
+	rc = TSS_Socket_GetServerType(tssContext, &mssim, &rawsingle);
+    }
+    /* the MS simulator expects a TPM_SESSION_END command before close */
+    if ((rc == 0) && mssim) {
+	uint32_t commandType = htonl(TPM_SESSION_END);
+	rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t));
+    }
+#ifdef TPM_POSIX
+    /* always attempt a close, even though rawsingle should already have closed the socket */
+    if (close(tssContext->sock_fd) != 0) {
+	if (!rawsingle) {
+	    if (tssVerbose) printf("TSS_Socket_Close: close error\n");
+	    rc = TSS_RC_BAD_CONNECTION;
+	}
+    }
+#endif
+#ifdef TPM_WINDOWS
+    /* gracefully shut down the socket */
+    /* always attempt a close, even though rawsingle should already have closed the socket */
+    {
+	int		irc;
+	irc = shutdown(tssContext->sock_fd, SD_SEND);
+	if (!rawsingle) {
+	    if (irc == SOCKET_ERROR) {       /* error */
+		if (tssVerbose) printf("TSS_Socket_Close: shutdown error\n");
+		rc = TSS_RC_BAD_CONNECTION;
+	    }
+	}
+    }
+    closesocket(tssContext->sock_fd);
+    WSACleanup();
+#endif
+    return rc;
+}
+#endif 	/* TPM_NOSOCKET */
+
+#ifdef TPM_WINDOWS
+
+/* The Windows equivalent to strerror().  It also traces the error message.
+ */
+
+static void TSS_Socket_PrintError(int err)
+{
+    DWORD rc;
+    char *buffer = NULL;
+    /* mingw seems to output UTF-8 for FormatMessage().  For Visual Studio, FormatMessage() outputs
+       UTF-16, which would require wprintf(). FormatMessageA() outputs UTF-8, permitting printf()
+       for both compilers. */
+    rc = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+			NULL,	/* formatting */
+			err,
+			0,	/* language */
+			(LPSTR)&buffer, 
+			0, 
+			NULL);
+    if (rc != 0) {
+	printf("%s\n", buffer);
+    }
+    LocalFree(buffer);
+    return;
+}
+#endif
+
+
diff --git a/utils/tsssocket.h b/utils/tsssocket.h
new file mode 100644
index 000000000..2a5a0c83d
--- /dev/null
+++ b/utils/tsssocket.h
@@ -0,0 +1,67 @@
+/********************************************************************************/
+/*										*/
+/*		Socket Transmit and Receive Utilities  				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tsssocket.h 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef TSSSOCKET_H
+#define TSSSOCKET_H
+
+/* This is not a public header.  It should not be used by applications. */
+
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC TSS_Socket_TransmitPlatform(TSS_CONTEXT *tssContext,
+				       uint32_t command, const char *message);
+    TPM_RC TSS_Socket_TransmitCommand(TSS_CONTEXT *tssContext,
+				      uint32_t command, const char *message);
+    TPM_RC TSS_Socket_Transmit(TSS_CONTEXT *tssContext,
+			       uint8_t *responseBuffer, uint32_t *read,
+			       const uint8_t *commandBuffer, uint32_t written,
+			       const char *message);
+    TPM_RC TSS_Socket_Close(TSS_CONTEXT *tssContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils/tsstbsi.c b/utils/tsstbsi.c
new file mode 100644
index 000000000..ff6095d52
--- /dev/null
+++ b/utils/tsstbsi.c
@@ -0,0 +1,345 @@
+/********************************************************************************/
+/*										*/
+/*	Windows 7,8,10 Device Transmit and Receive Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tsstbsi.c 1308 2018-08-21 16:55:56Z kgoldman $ 		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2018.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifdef TPM_WINDOWS_TBSI
+
+/*
+  Must copy winerror.h with the TBS error codes to:
+  
+  C:\Program Files\MinGW\include
+
+  Original obtained from
+  
+  http://sourceforge.net/apps/trac/mingw-w64/browser/experimental/headers_additions_test/include/winerror.h?rev=5328
+
+  Link with:
+
+  Windows 7
+
+  c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib
+
+  Windows 8
+
+  tbs.lib
+*/
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <limits.h>
+
+#include <winsock2.h>
+#include <windows.h>
+#include <winerror.h>
+#include <specstrings.h>
+#include <tbs.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include "tssproperties.h"
+
+#include "tsstbsi.h"
+
+
+/* local prototypes */
+
+static uint32_t TSS_Tbsi_Open(
+#if defined TPM_WINDOWS_TBSI_WIN7
+			      TBS_CONTEXT_PARAMS *contextParams,
+#elif defined  TPM_WINDOWS_TBSI_WIN8
+			      TBS_CONTEXT_PARAMS2 *contextParams,
+#endif
+			      TBS_HCONTEXT *hContext);
+static uint32_t TSS_Tbsi_SubmitCommand(TBS_HCONTEXT hContext,
+				       uint8_t *responseBuffer, uint32_t *read,
+				       const uint8_t *commandBuffer, uint32_t written,
+				       const char *message);
+static void TSS_Tbsi_GetTBSError(const char *prefix,
+				 TBS_RESULT rc);
+
+
+/* global configuration */
+
+extern int tssVverbose;
+extern int tssVerbose;
+
+/* TSS_Tbsi_Transmit() transmits the command and receives the response. 'responseBuffer' must be at
+   least MAX_RESPONSE_SIZE bytes.
+
+
+   Can return device transmit and receive packet errors, but normally returns the TPM response code.
+*/
+
+TPM_RC TSS_Tbsi_Transmit(TSS_CONTEXT *tssContext,
+			 uint8_t *responseBuffer, uint32_t *read,
+			 const uint8_t *commandBuffer, uint32_t written,
+			 const char *message)
+{
+    TPM_RC rc = 0;
+#if defined TPM_WINDOWS_TBSI_WIN7
+    TBS_CONTEXT_PARAMS contextParams;
+#elif defined  TPM_WINDOWS_TBSI_WIN8
+    TBS_CONTEXT_PARAMS2 contextParams;
+#else
+#error "One of TPM_WINDOWS_TBSI_WIN7 or TPM_WINDOWS_TBSI_WIN8 must be defined"
+#endif
+
+    if (rc == 0) {
+#if defined TPM_WINDOWS_TBSI_WIN7
+	if (!tssContext->tpm12Command) {
+	    if (tssVerbose) printf("TSS_Tbsi_Transmit: TPM 2.0 unsupported\n");
+	    rc = TSS_RC_INSUPPORTED_INTERFACE;
+	}
+	contextParams.version = TBS_CONTEXT_VERSION_ONE;
+#elif defined  TPM_WINDOWS_TBSI_WIN8
+	contextParams.version = TBS_CONTEXT_VERSION_TWO;
+	if (!tssContext->tpm12Command) {	/* TPM 2.0 command */
+	    contextParams.includeTpm12 = 0;
+	    contextParams.includeTpm20 = 1;
+	}
+	else {					/* TPM 1.2 command */
+	    contextParams.includeTpm12 = 1;
+	    contextParams.includeTpm20 = 0;
+	}
+#endif
+    }
+    *read = MAX_RESPONSE_SIZE;
+    /* open on first transmit */
+    if (tssContext->tssFirstTransmit) {	
+	if (rc == 0) {
+	    rc = TSS_Tbsi_Open(&contextParams, &tssContext->hContext);
+	}
+	if (rc == 0) {
+	    tssContext->tssFirstTransmit = FALSE;
+	}
+     }
+    /* send the command to the device.  Error if the device send fails. */
+    if (rc == 0) {
+	rc = TSS_Tbsi_SubmitCommand(tssContext->hContext,
+				    responseBuffer, read,
+				    commandBuffer, written,
+				    message);
+    }
+    return rc;
+}
+
+/* TSS_Tbsi_Open() opens the TPM device */
+
+static uint32_t TSS_Tbsi_Open(
+#if defined TPM_WINDOWS_TBSI_WIN7
+			      TBS_CONTEXT_PARAMS *contextParams,
+#elif defined  TPM_WINDOWS_TBSI_WIN8
+			      TBS_CONTEXT_PARAMS2 *contextParams,
+#endif
+			      TBS_HCONTEXT *hContext)
+{
+    uint32_t rc = 0;
+
+    if (rc == 0) {
+	/* cast is safe because caller sets the version member for the subclass */
+	rc = Tbsi_Context_Create((TBS_CONTEXT_PARAMS *)contextParams, hContext);
+	if (tssVverbose) printf("TSS_Tbsi_Open: Tbsi_Context_Create rc %08x\n", rc);
+	if (rc != 0) {
+	    if (tssVerbose) TSS_Tbsi_GetTBSError("TSS_Tbsi_Open: Error Tbsi_Context_Create ", rc);
+	    rc = TSS_RC_NO_CONNECTION;
+	}
+    }
+    return rc;
+}
+
+/* TSS_Tbsi_Submit_Command sends the command to the TPM and receives the response.
+
+   If the submit succeeds, returns TPM packet error code.
+*/
+
+static uint32_t TSS_Tbsi_SubmitCommand(TBS_HCONTEXT hContext,
+				       uint8_t *responseBuffer, uint32_t *read,
+				       const uint8_t *commandBuffer, uint32_t written,
+				       const char *message)
+{
+    uint32_t 	rc = 0;
+    TPM_RC 	responseCode;
+
+    if (message != NULL) {
+	if (tssVverbose) printf("TSS_Tbsi_SubmitCommand: %s\n", message);
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Tbsi_SubmitCommand: Command",
+				      commandBuffer, written);
+    }
+    if (rc == 0) {
+	rc = Tbsip_Submit_Command(hContext,
+				  TBS_COMMAND_LOCALITY_ZERO,
+				  TBS_COMMAND_PRIORITY_NORMAL,
+				  commandBuffer,
+				  written,
+				  responseBuffer,
+				  read);
+	if (rc != 0) {
+	    TSS_Tbsi_GetTBSError("Tbsip_Submit_Command", rc);
+	    rc = TSS_RC_BAD_CONNECTION;
+
+	}
+    }
+    if (rc == 0) {
+	if (tssVverbose) TSS_PrintAll("TSS_Tbsi_SubmitCommand: Response",
+				      responseBuffer, *read);
+    }
+    /* read the TPM return code from the packet */
+    if (rc == 0) {
+	uint8_t		*bufferPtr;
+	uint32_t	size;
+
+	bufferPtr = responseBuffer + sizeof(TPM_ST) + sizeof(uint32_t);		/* skip to responseCode */
+	size = sizeof(TPM_RC);		/* dummy for call */
+	rc = TSS_UINT32_Unmarshalu(&responseCode, &bufferPtr, &size);
+    }
+    if (rc == 0) {
+	rc = responseCode;
+    }
+    return rc;
+}
+
+TPM_RC TSS_Tbsi_Close(TSS_CONTEXT *tssContext)
+{
+    TPM_RC rc = 0;
+    if (tssVverbose) printf("TSS_Tbsi_Close: Closing connection\n");
+    rc = Tbsip_Context_Close(tssContext->hContext);
+    return rc;
+}
+
+static void TSS_Tbsi_GetTBSError(const char *prefix,
+				 TBS_RESULT rc)
+{
+    const char *error_string;
+		     
+    switch (rc) {
+
+	/* error codes from the TBS html docs */
+      case TBS_SUCCESS:
+	error_string = "The function succeeded.";
+	break;
+      case TBS_E_INTERNAL_ERROR:
+	error_string = "An internal software error occurred.";
+	break;
+      case TBS_E_BAD_PARAMETER:
+	error_string = "One or more parameter values are not valid.";
+	break;
+      case TBS_E_INVALID_OUTPUT_POINTER:
+	error_string = "A specified output pointer is bad.";
+	break;
+      case TBS_E_INVALID_CONTEXT:
+	error_string = "The specified context handle does not refer to a valid context.";
+	break;
+      case TBS_E_INSUFFICIENT_BUFFER:
+	error_string = "The specified output buffer is too small.";
+	break;
+      case TBS_E_IOERROR:
+	error_string = "An error occurred while communicating with the TPM.";
+	break;
+      case TBS_E_INVALID_CONTEXT_PARAM:
+	error_string = "A context parameter that is not valid was passed when attempting to create a "
+		       "TBS context.";
+	break;
+      case TBS_E_SERVICE_NOT_RUNNING:
+	error_string = "The TBS service is not running and could not be started.";
+	break;
+      case TBS_E_TOO_MANY_TBS_CONTEXTS:
+	error_string = "A new context could not be created because there are too many open contexts.";
+	break;
+      case TBS_E_TOO_MANY_RESOURCES:
+	error_string = "A new virtual resource could not be created because there are too many open "
+		       "virtual resources.";
+	break;
+      case TBS_E_SERVICE_START_PENDING:
+	error_string = "The TBS service has been started but is not yet running.";
+	break;
+      case TBS_E_PPI_NOT_SUPPORTED:
+	error_string = "The physical presence interface is not supported.";
+	break;
+      case TBS_E_COMMAND_CANCELED:
+	error_string = "The command was canceled.";
+	break;
+      case TBS_E_BUFFER_TOO_LARGE:
+	error_string = "The input or output buffer is too large.";
+	break;
+      case TBS_E_TPM_NOT_FOUND:
+	error_string = "A compatible Trusted Platform Module (TPM) Security Device cannot be found "
+		       "on this computer.";
+	break;
+      case TBS_E_SERVICE_DISABLED:
+	error_string = "The TBS service has been disabled.";
+	break;
+      case TBS_E_NO_EVENT_LOG:
+	error_string = "The TBS event log is not available.";
+	break;
+      case TBS_E_ACCESS_DENIED:
+	error_string = "The caller does not have the appropriate rights to perform the requested operation.";
+	break;
+      case TBS_E_PROVISIONING_NOT_ALLOWED:
+	error_string = "The TPM provisioning action is not allowed by the specified flags.";
+	break;
+      case TBS_E_PPI_FUNCTION_UNSUPPORTED:
+	error_string = "The Physical Presence Interface of this firmware does not support the "
+		       "requested method.";
+	break;
+      case TBS_E_OWNERAUTH_NOT_FOUND:
+	error_string = "The requested TPM OwnerAuth value was not found.";
+	break;
+
+	/* a few error codes from WinError.h */
+      case TPM_E_COMMAND_BLOCKED:
+	error_string = "The command was blocked.";
+	break;
+
+      default:
+	error_string = "unknown error type\n";
+	break;
+
+	
+    }
+    printf("%s %s\n", prefix, error_string);
+    return;
+}
+
+#endif	/* TPM_WINDOWS */
diff --git a/utils/tsstbsi.h b/utils/tsstbsi.h
new file mode 100644
index 000000000..fd13d49cd
--- /dev/null
+++ b/utils/tsstbsi.h
@@ -0,0 +1,64 @@
+/********************************************************************************/
+/*										*/
+/*		Windows Device Transmit and Receive Utilities  			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tsstbsi.h 1015 2017-06-07 13:16:34Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This is not a public header.  It should not be used by applications. */
+
+#ifndef TSSDEV_H
+#define TSSDEV_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC TSS_Tbsi_Transmit(TSS_CONTEXT *tssContext,
+			     uint8_t *responseBuffer, uint32_t *read,
+			     const uint8_t *commandBuffer, uint32_t written,
+			     const char *message);
+    TPM_RC TSS_Tbsi_Close(TSS_CONTEXT *tssContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+
diff --git a/utils/tsstransmit.c b/utils/tsstransmit.c
new file mode 100644
index 000000000..bd019bd35
--- /dev/null
+++ b/utils/tsstransmit.c
@@ -0,0 +1,234 @@
+/********************************************************************************/
+/*										*/
+/*			    Transmit and Receive Utility			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: tsstransmit.c 1257 2018-06-27 20:52:08Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015, 2017.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This file contains the interface that is not platform or interface specific
+ */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "tssproperties.h"
+#ifndef TPM_NOSOCKET
+#include "tsssocket.h"
+#endif
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+
+#ifndef TPM_NODEV
+#ifdef TPM_POSIX
+#include "tssdev.h"
+#endif
+#endif /* TPM_NODEV */
+
+#ifdef TPM_SKIBOOT
+#include "tssdevskiboot.h"
+#endif /* TPM_SKIBOOT */
+
+#ifdef TPM_WINDOWS
+#ifdef TPM_WINDOWS_TBSI
+#include "tsstbsi.h"
+#endif
+#endif
+
+#include <ibmtss/tsstransmit.h>
+
+extern int tssVverbose;
+extern int tssVerbose;
+
+/* local prototypes */
+
+/* TSS_TransmitPlatform() transmits an administrative out of band command to the TPM through the
+   platform port.
+
+   Supported by the simulator, not the TPM device.
+*/
+
+TPM_RC TSS_TransmitPlatform(TSS_CONTEXT *tssContext, uint32_t command, const char *message)
+{
+    TPM_RC rc = 0;
+
+#ifndef TPM_NOSOCKET
+    if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) {
+	rc = TSS_Socket_TransmitPlatform(tssContext, command, message);
+    }
+    else
+#else
+    command = command;
+    message = message;
+#endif
+    if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) {
+	if (tssVerbose) printf("TSS_TransmitPlatform: device %s unsupported\n",
+			       tssContext->tssInterfaceType);
+	rc = TSS_RC_INSUPPORTED_INTERFACE;	
+    }
+    else {
+	if (tssVerbose) printf("TSS_TransmitPlatform: device %s unsupported\n",
+			       tssContext->tssInterfaceType);
+	rc = TSS_RC_INSUPPORTED_INTERFACE;	
+    }
+    return rc;
+}
+
+/* TSS_TransmitCommand() transmits an administrative in band command to the TPM through the
+   command port.
+
+   Supported by the simulator, not the TPM device.
+*/
+
+TPM_RC TSS_TransmitCommand(TSS_CONTEXT *tssContext, uint32_t command, const char *message)
+{
+    TPM_RC rc = 0;
+
+#ifndef TPM_NOSOCKET
+    if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) {
+	rc = TSS_Socket_TransmitCommand(tssContext, command, message);
+    }
+    else
+#else
+    command = command;
+    message = message;
+#endif
+    if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) {
+	if (tssVerbose) printf("TSS_TransmitCommand: device %s unsupported\n",
+			       tssContext->tssInterfaceType);
+	rc = TSS_RC_INSUPPORTED_INTERFACE;	
+    }
+    else {
+	if (tssVerbose) printf("TSS_TransmitCommand: device %s unsupported\n",
+			       tssContext->tssInterfaceType);
+	rc = TSS_RC_INSUPPORTED_INTERFACE;	
+    }
+    return rc;
+}
+
+/* TSS_Transmit() transmits a TPM command packet and receives a response using the command port.
+   The command type is hard coded to TPM_SEND_COMMAND.
+
+*/
+
+TPM_RC TSS_Transmit(TSS_CONTEXT *tssContext,
+		    uint8_t *responseBuffer, uint32_t *read,
+		    const uint8_t *commandBuffer, uint32_t written,
+		    const char *message)
+{
+    TPM_RC rc = 0;
+
+#ifndef TPM_NOSOCKET
+    if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) {
+	rc = TSS_Socket_Transmit(tssContext,
+				 responseBuffer, read,
+				 commandBuffer, written,
+				 message);
+    }
+    else
+#endif /* TPM_NOSOCKET */
+       
+#ifndef TPM_NODEV
+    if ((strcmp(tssContext->tssInterfaceType, "dev") == 0) ||
+	(strcmp(tssContext->tssInterfaceType, "skiboot") == 0)) {
+#ifdef TPM_POSIX	/* transmit through Linux device driver */
+	rc = TSS_Dev_Transmit(tssContext,
+			      responseBuffer, read,
+			      commandBuffer, written,
+			      message);
+#endif /* TPM_POSIX */
+#endif /* TPM_NODEV */
+
+#ifdef TPM_WINDOWS	/* transmit through Windows TBSI */
+#ifdef TPM_WINDOWS_TBSI
+	rc = TSS_Tbsi_Transmit(tssContext,
+			       responseBuffer, read,
+			       commandBuffer, written,
+			       message);
+#else
+	if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n",
+			       tssContext->tssInterfaceType);
+	rc = TSS_RC_INSUPPORTED_INTERFACE;	
+#endif /* TPM_WINDOWS_TBSI */
+#endif /* TPM_WINDOWS */
+    }
+    else {
+	if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n",
+			       tssContext->tssInterfaceType);
+	rc = TSS_RC_INSUPPORTED_INTERFACE;	
+    }
+    return rc;
+}
+
+/* TSS_Close() closes the connection to the TPM */
+
+TPM_RC TSS_Close(TSS_CONTEXT *tssContext)
+{
+    TPM_RC rc = 0;
+
+    /* only close if there was an open */
+    if (!tssContext->tssFirstTransmit) {
+#ifndef TPM_NOSOCKET
+	if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) {
+	    rc = TSS_Socket_Close(tssContext);
+	}
+	else
+#endif /* TPM_NOSOCKET */
+#ifndef TPM_NODEV
+#ifdef TPM_POSIX	/* transmit through Linux device driver */
+        if ((strcmp(tssContext->tssInterfaceType, "dev") == 0) ||
+	    (strcmp(tssContext->tssInterfaceType, "skiboot") == 0)) {
+	    rc = TSS_Dev_Close(tssContext);
+#endif /* TPM_POSIX */
+#endif /* TPM_NODEV */
+
+#ifdef TPM_WINDOWS	/* transmit through Windows TBSI */
+#ifdef TPM_WINDOWS_TBSI
+	    rc = TSS_Tbsi_Close(tssContext);
+#else
+	    if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n",
+				   tssContext->tssInterfaceType);
+	    rc = TSS_RC_INSUPPORTED_INTERFACE;	
+#endif /* TPM_WINDOWS_TBSI */
+#endif /* TPM_WINDOWS */
+	}
+	else {
+	    if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n",
+				   tssContext->tssInterfaceType);
+	    rc = TSS_RC_INSUPPORTED_INTERFACE;	
+	}
+	tssContext->tssFirstTransmit = TRUE;
+    }
+    return rc;
+}
diff --git a/utils/tssutils.c b/utils/tssutils.c
new file mode 100644
index 000000000..c66c06146
--- /dev/null
+++ b/utils/tssutils.c
@@ -0,0 +1,322 @@
+/********************************************************************************/
+/*										*/
+/*			    TSS and Application Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*		$Id: tssutils.c 1294 2018-08-09 19:08:34Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2018					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsserror.h>
+#include <ibmtss/tssprint.h>
+
+/* the TSS context must be larger when files are not used, since TSS object and NV state is held in
+   the volatile context.  The major factor is the number of TSS_OBJECT_PUBLIC slots.  See
+   tssproperties.c */
+#ifdef TPM_TSS_NOFILE
+#define TSS_ALLOC_MAX  0x12000  /* 73k bytes */
+#else
+#define TSS_ALLOC_MAX  0x10000  /* 64k bytes */
+#endif
+
+extern int tssVerbose;
+extern int tssVverbose;
+
+/* TSS_Malloc() is a general purpose wrapper around malloc()
+ */
+
+TPM_RC TSS_Malloc(unsigned char **buffer, uint32_t size)
+{
+    TPM_RC          rc = 0;
+    
+    /* assertion test.  The coding style requires that all allocated pointers are initialized to
+       NULL.  A non-NULL value indicates either a missing initialization or a pointer reuse (a
+       memory leak). */
+    if (rc == 0) {
+        if (*buffer != NULL) {
+            if (tssVerbose)
+		printf("TSS_Malloc: Error (fatal), *buffer %p should be NULL before malloc\n",
+		       *buffer);
+            rc = TSS_RC_ALLOC_INPUT;
+        }
+    }
+    /* verify that the size is not "too large" */
+    if (rc == 0) {
+        if (size > TSS_ALLOC_MAX) {
+            if (tssVerbose) printf("TSS_Malloc: Error, size %u greater than maximum allowed\n",
+				   size);
+            rc = TSS_RC_MALLOC_SIZE;
+        }       
+    }
+    /* verify that the size is not 0, this would be implementation defined and should never occur */
+    if (rc == 0) {
+        if (size == 0) {
+            if (tssVerbose) printf("TSS_Malloc: Error (fatal), size is zero\n");
+            rc = TSS_RC_MALLOC_SIZE;
+        }       
+    }
+    if (rc == 0) {
+        *buffer = malloc(size);
+        if (*buffer == NULL) {
+            if (tssVerbose) printf("TSS_Malloc: Error allocating %u bytes\n", size);
+            rc = TSS_RC_OUT_OF_MEMORY;
+        }
+    }
+    return rc;
+}
+
+TPM_RC TSS_Realloc(unsigned char **buffer, uint32_t size)
+{
+    TPM_RC          	rc = 0;
+    unsigned char 	*tmpptr = NULL;
+    
+    /* verify that the size is not "too large" */
+    if (rc == 0) {
+        if (size > TSS_ALLOC_MAX) {
+            if (tssVerbose) printf("TSS_Realloc: Error, size %u greater than maximum allowed\n",
+				   size);
+            rc = TSS_RC_MALLOC_SIZE;
+        }       
+    }
+    /* verify that the size is not 0, this should never occur */
+    if (rc == 0) {
+        if (size == 0) {
+            if (tssVerbose) printf("TSS_Malloc: Error (fatal), size is zero\n");
+            rc = TSS_RC_MALLOC_SIZE;
+        }       
+    }
+    if (rc == 0) {
+	tmpptr = realloc(*buffer, size);
+	if (tmpptr == NULL) {
+            if (tssVerbose) printf("TSS_Realloc: Error reallocating %u bytes\n", size);
+	    rc = TSS_RC_OUT_OF_MEMORY;
+	}
+    }
+    if (rc == 0) {
+	*buffer = tmpptr;
+    }
+    return rc;
+}
+
+
+/* TSS_Structure_Marshal() is a general purpose "marshal a structure" function.
+   
+   It marshals the structure using "marshalFunction", and returns the malloc'ed stream.
+
+*/
+
+TPM_RC TSS_Structure_Marshal(uint8_t		**buffer,	/* freed by caller */
+			     uint16_t		*written,
+			     void 		*structure,
+			     MarshalFunction_t 	marshalFunction)
+{
+    TPM_RC 	rc = 0;
+    uint8_t	*buffer1 = NULL;	/* for marshaling, moves pointer */
+
+    /* marshal once to calculates the byte length */
+    if (rc == 0) {
+	*written = 0;
+	rc = marshalFunction(structure, written, NULL, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Malloc(buffer, *written);
+    }
+    if (rc == 0) {
+	buffer1 = *buffer;
+	*written = 0;
+	rc = marshalFunction(structure, written, &buffer1, NULL);
+    }
+    return rc;
+}
+
+/* TSS_TPM2B_Copy() copies source to target if the source fits the target size */
+
+TPM_RC TSS_TPM2B_Copy(TPM2B *target, TPM2B *source, uint16_t targetSize)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	if (source->size > targetSize) {
+	    if (tssVerbose) printf("TSS_TPM2B_Copy: size %u greater than target %u\n",
+				   source->size, targetSize);	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	memmove(target->buffer, source->buffer, source->size);
+	target->size = source->size;
+    }
+    return rc;
+}
+
+/* TSS_TPM2B_Append() appends the source TPM2B to the target TPM2B.
+   
+   It checks that the source fits the target size. The target size is the total size, not the size
+   remaining.
+*/
+
+TPM_RC TSS_TPM2B_Append(TPM2B *target, TPM2B *source, uint16_t targetSize)
+{
+    TPM_RC rc = 0;
+
+    if (rc == 0) {
+	if (target->size + source->size > targetSize) {
+	    if (tssVerbose) printf("TSS_TPM2B_Append: size %u greater than target %u\n",
+				   target->size + source->size, targetSize);	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	memmove(target->buffer + target->size, source->buffer, source->size);
+	target->size += source->size;
+    }
+    return rc;
+}
+
+/* TSS_TPM2B_Create() copies the buffer of 'size' into target, checking targetSize */
+
+TPM_RC TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size, uint16_t targetSize)
+{
+    TPM_RC rc = 0;
+    
+    if (rc == 0) {
+	if (size > targetSize) {
+	    if (tssVerbose) printf("TSS_TPM2B_Create: size %u greater than target %u\n",
+				   size, targetSize);	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	target->size = size;
+	if (size != 0) {	/* because buffer can be NULL if size os 0 */
+	    memmove(target->buffer, buffer, size);
+	}
+    }
+    return rc;
+}
+
+/* TSS_TPM2B_CreateUint32() creates a TPM2B from a uint32_t, typically a permanent handle */
+
+TPM_RC TSS_TPM2B_CreateUint32(TPM2B *target, uint32_t source, uint16_t targetSize)
+{
+    TPM_RC rc = 0;
+    
+    if (rc == 0) {
+	if (sizeof(uint32_t) > targetSize) {
+	    if (tssVerbose) printf("TSS_TPM2B_CreateUint32: size %u greater than target %u\n",
+				   (unsigned int)sizeof(uint32_t), targetSize);	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	uint32_t sourceNbo = htonl(source);
+	memmove(target->buffer, (uint8_t *)&sourceNbo, sizeof(uint32_t));
+	target->size = sizeof(uint32_t);
+    }
+    return rc;
+}
+
+/* TSS_TPM2B_StringCopy() copies a NUL terminated string (omitting the NUL) from source to target.
+   
+   It checks that the string will fit in targetSize.
+
+   If source is NULL, creates a TPM2B of size 0.
+*/
+
+TPM_RC TSS_TPM2B_StringCopy(TPM2B *target, const char *source, uint16_t targetSize)
+{
+    TPM_RC rc = 0;
+    size_t length;
+    uint16_t length16;
+
+    if (source != NULL) {
+	if (rc == 0) {
+	    length = strlen(source);
+	    if (length > 0xffff) {	/* overflow TPM2B uint16_t */
+		if (tssVerbose) printf("TSS_TPM2B_StringCopy: size %u greater than 0xffff\n",
+				       (unsigned int)length);	
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	if (rc == 0) {
+	    length16 = (uint16_t )length;	/* cast safe after range test */
+	    if (length16 > targetSize) {
+		if (tssVerbose) printf("TSS_TPM2B_StringCopy: size %u greater than target %u\n",
+				       length16, targetSize);	
+		rc = TSS_RC_INSUFFICIENT_BUFFER;
+	    }
+	}
+	if (rc == 0) {
+	    target->size = length16;
+	    memcpy(target->buffer, source, length);
+	}
+    }
+    else {
+	target->size = 0;
+    }
+    return rc;
+}
+
+int TSS_TPM2B_Compare(TPM2B *expect, TPM2B *actual)
+{
+    int 	irc;
+    int 	match = YES;
+
+    if (match == YES) {
+	if (expect->size != actual->size) {
+	    match = NO;
+	}
+    }
+    if (match == YES) {
+	irc = memcmp(expect->buffer, actual->buffer, expect->size);
+	if (irc != 0) {
+	    match = NO;
+	}
+    }
+    return match;
+}
+
diff --git a/utils/tssutilsverbose.c b/utils/tssutilsverbose.c
new file mode 100644
index 000000000..e7d1a328c
--- /dev/null
+++ b/utils/tssutilsverbose.c
@@ -0,0 +1,43 @@
+/********************************************************************************/
+/*										*/
+/*			tssUtilsVerbose Definition				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2019.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This file is used for a minimal TSS that does not include the sample utilities code. */
+
+/* verbose tracing flag shared by command line utilities */
+
+int tssUtilsVerbose;
diff --git a/utils/unseal.c b/utils/unseal.c
new file mode 100644
index 000000000..661f8b8c2
--- /dev/null
+++ b/utils/unseal.c
@@ -0,0 +1,253 @@
+/********************************************************************************/
+/*										*/
+/*			   Unseal 						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Unseal_In 			in;
+    Unseal_Out 			out;
+    TPMI_DH_OBJECT		itemHandle = 0;
+    const char			*outDataFilename = NULL;
+    const char			*password = NULL; 
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &itemHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		password = argv[i];
+	    }
+	    else {
+		printf("-pwd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outDataFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (itemHandle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.itemHandle = itemHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_Unseal,
+			 sessionHandle0, password, sessionAttributes0,
+			 sessionHandle1, NULL, sessionAttributes1,
+			 sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (outDataFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.outData.t.buffer,
+				      out.outData.t.size,
+				      outDataFilename); 
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("outData",
+				  out.outData.t.buffer,
+				  out.outData.t.size);
+	if (tssUtilsVerbose) printf("unseal: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("unseal: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("unseal\n");
+    printf("\n");
+    printf("Runs TPM2_Unseal\n");
+    printf("\n");
+    printf("\t-ha\tsealed data item handle\n");
+    printf("\t[-pwd\tpassword sealed data item (default empty)]\n");
+    printf("\t[-of\toutput data (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1);	
+}
diff --git a/utils/verifysignature.c b/utils/verifysignature.c
new file mode 100644
index 000000000..5f56ff753
--- /dev/null
+++ b/utils/verifysignature.c
@@ -0,0 +1,488 @@
+/********************************************************************************/
+/*										*/
+/*			    VerifySignature					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tssresponsecode.h>
+
+#include "cryptoutils.h"
+
+static void printUsage(void);
+TPM_RC rawUnmarshal(TPMT_SIGNATURE *target,
+		    TPMI_ALG_PUBLIC algPublic,
+		    TPMI_ALG_HASH halg,
+		    uint8_t *buffer, size_t length);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    VerifySignature_In 		in;
+    VerifySignature_Out 	out;
+    TPMI_DH_OBJECT		keyHandle = 0;
+    const char			*pemFilename = NULL;
+    const char			*hmacKeyFilename = NULL;
+    const char			*signatureFilename = NULL;
+    TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
+    TPMI_ALG_PUBLIC 		algPublic = TPM_ALG_RSA;
+    const char			*messageFilename = NULL;
+    int				doHash = TRUE;
+    const char			*ticketFilename = NULL;
+    int				raw = FALSE;	/* default TPMT_SIGNATURE */
+    unsigned char 		*data = NULL;	/* message */
+    size_t 			dataLength;
+    uint8_t			*buffer = NULL;		/* for the free */
+    uint8_t			*buffer1 = NULL;	/* for marshaling */
+    size_t 			length = 0;
+    uint32_t           		sizeInBytes;	/* hash algorithm mapped to size */
+    TPMT_HA 			digest;		/* digest of the message */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
+    unsigned int		sessionAttributes2 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); 
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ipem") == 0) {
+	    i++;
+	    if (i < argc) {
+		pemFilename = argv[i];
+	    }
+	    else {
+		printf("-ipem option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ihmac") == 0) {
+	    i++;
+	    if (i < argc) {
+		hmacKeyFilename = argv[i];
+	    }
+	    else {
+		printf("-ihmac option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    halg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    halg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    halg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    halg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("-halg option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-rsa") == 0) {
+	    algPublic = TPM_ALG_RSA;
+	}
+	else if (strcmp(argv[i], "-ecc") == 0) {
+	    algPublic = TPM_ALG_ECC;
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		messageFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ih") == 0) {
+	    i++;
+	    if (i < argc) {
+		messageFilename = argv[i];
+		doHash = FALSE;
+	    }
+	    else {
+		printf("-ih option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-is") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-is option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-raw") == 0) {
+	    raw = TRUE;
+	}
+	else if (strcmp(argv[i],"-tk") == 0) {
+	    i++;
+	    if (i < argc) {
+		ticketFilename = argv[i];
+	    }
+	    else {
+		printf("-tk option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se2") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle2);
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes2);
+		if (sessionAttributes2 > 0xff) {
+		    printf("Out of range session attributes for -se2\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se2\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((keyHandle == 0) && (pemFilename == NULL) && (hmacKeyFilename == NULL)) {
+	printf("Missing handle parameter -hk, PEM file name -ipem, or HMAC key file name -ihmac\n");
+	printUsage();
+    }
+    if (messageFilename == NULL) {
+	printf("Missing message file name -if or hash file name -ih\n");
+	printUsage();
+    }
+    if (signatureFilename == NULL) {
+	printf("Missing signature parameter -is\n");
+	printUsage();
+    }
+    if (rc == 0) {
+       rc = TSS_File_ReadBinaryFile(&data,     /* freed @1 */
+				    &dataLength,
+				    messageFilename);
+    }
+    /* hash the file */
+    if (rc == 0) {
+	if (doHash) {
+	    if (rc == 0) {
+		if (tssUtilsVerbose) printf("verifysignature: Hashing message file %s with halg %04x\n",
+				    messageFilename, halg);
+		digest.hashAlg = halg;
+		sizeInBytes = TSS_GetDigestSize(digest.hashAlg);
+		rc = TSS_Hash_Generate(&digest,
+				       dataLength, data,
+				       0, NULL);
+	    }
+	    if (rc == 0) {
+		if (tssUtilsVerbose) printf("verifysignature: Copying hash\n");
+		/* digest to be verified */
+		in.digest.t.size = sizeInBytes;
+		memcpy(&in.digest.t.buffer, (uint8_t *)&digest.digest, sizeInBytes);
+	    }
+	}
+	else {
+	    if (tssUtilsVerbose) printf("verifysignature: Using hash input file %s\n", messageFilename);
+	    in.digest.t.size = (uint16_t)dataLength;
+	    memcpy(&in.digest.t.buffer, (uint8_t *)data, dataLength);
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) TSS_PrintAll("verifysignature: hash",
+				      (uint8_t *)&in.digest.t.buffer, in.digest.t.size);
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&buffer,     /* freed @2 */
+				     &length,
+				     signatureFilename);
+    }
+    if (rc == 0) {
+	if (!raw) {
+	    uint32_t ilength = length;	/* values that can move during the unmarshal */
+	    buffer1 = buffer;
+	    /* input is TPMT_SIGNATURE */
+	    rc = TSS_TPMT_SIGNATURE_Unmarshalu(&in.signature, &buffer1, &ilength, NO);
+	}
+	else {
+	    /* input is raw bytes */
+	    rc = rawUnmarshal(&in.signature, algPublic, halg, buffer, length);
+	}
+    }
+    if (keyHandle != 0) {
+	if (rc == 0) {
+	    /* Handle of key that will perform verifying */
+	    in.keyHandle = keyHandle;
+	}
+	/* Start a TSS context */
+	if (rc == 0) {
+	    rc = TSS_Create(&tssContext);
+	}
+	/* call TSS to execute the command */
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_CC_VerifySignature,
+			     sessionHandle0, NULL, sessionAttributes0,
+			     sessionHandle1, NULL, sessionAttributes1,
+			     sessionHandle2, NULL, sessionAttributes2,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	{
+	    TPM_RC rc1 = TSS_Delete(tssContext);
+	    if (rc == 0) {
+		rc = rc1;
+	    }
+	}
+	if ((rc == 0) && (ticketFilename != NULL)) {
+	    rc = TSS_File_WriteStructure(&out.validation,
+					 (MarshalFunction_t)TSS_TPMT_TK_VERIFIED_Marshal,
+					 ticketFilename);
+	}
+    }
+    if (pemFilename != NULL) {
+	if (rc == 0) {
+	    rc = verifySignatureFromPem((uint8_t *)&in.digest.t.buffer,
+					in.digest.t.size,
+					&in.signature,
+					halg,
+					pemFilename);
+	}
+	if (tssUtilsVerbose) printf("verifysignature: verifySignatureFromPem rc %08x\n", rc);
+    }
+    if (hmacKeyFilename != NULL) {
+	if (rc == 0) {
+	    rc = verifySignatureFromHmacKey((uint8_t *)&in.digest.t.buffer,
+					    in.digest.t.size,
+					    &in.signature,
+					    halg,
+					    hmacKeyFilename); 
+	}
+	if (tssUtilsVerbose) printf("verifysignature: verifySignatureFromHmacKey rc %08x\n", rc);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("verifysignature: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("verifysignature: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(data);		/* @1 */
+    free(buffer);	/* @2 */
+    return rc;
+}
+
+/* rawUnmarshal() unmarshals a raw openssl signature 'buffer' into the TPMT_SIGNATURE structure.
+
+   It handles RSA and ECC P256.
+*/
+
+TPM_RC rawUnmarshal(TPMT_SIGNATURE *tSignature,
+		    TPMI_ALG_PUBLIC algPublic,
+		    TPMI_ALG_HASH halg,
+		    uint8_t *signatureBin, size_t signatureBinLen)
+{
+    TPM_RC			rc = 0;
+    switch (algPublic) {
+      case TPM_ALG_RSA:
+	rc = convertRsaBinToTSignature(tSignature,
+				       halg,
+				       signatureBin,
+				       signatureBinLen);
+	break;
+#ifndef TPM_TSS_NOECC
+      case TPM_ALG_ECC:
+	/* TPM_ALG_ECC, the raw signature is DER encoded R and S elements */
+	rc = convertEcBinToTSignature(tSignature,
+				      halg,
+				      signatureBin,
+				      signatureBinLen);
+	break;
+#endif	/* TPM_TSS_NOECC */
+      default:
+	printf("rawUnmarshal: algorithm %04x not supported\n", algPublic);
+	rc = TPM_RC_ASYMMETRIC;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("verifysignature\n");
+    printf("\n");
+    printf("Runs TPM2_VerifySignature and/or verifies using the PEM public key\n");
+    printf("\n");
+    printf("\t-if\tinput message file name\n");
+    printf("\t-ih\tinput hash file name\n");
+    printf("\n");
+    printf("\t\tOne of -if, -ih must be specified\n");
+    printf("\n");
+    printf("\t-is\tsignature file name\n");
+    printf("\t[-raw\tsignature specified by -is is in raw format]\n");
+    printf("\t\t(default TPMT_SIGNATURE)\n");
+    printf("\t-hk\tkey handle\n");
+    printf("\t-ipem\tpublic key PEM format file name to verify signature\n");
+    printf("\t-ihmac\tHMAC key in raw binary format file name to verify signature\n");
+    printf("\n");
+    printf("\t\tOne of -hk, -ipem, -ihmac must be specified\n");
+    printf("\n");
+    printf("\t[-tk\tticket file name (requires -hk)]\n");
+    printf("\n");
+    printf("\t[-halg\t(sha1, sha256, sha384 sha512) (default sha256)]\n");
+    printf("\n");
+    printf("\t[Asymmetric Key Algorithm]\n");
+    printf("\n");
+    printf("\t[-rsa\t(default)]\n");
+    printf("\t[-ecc\t]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default NULL)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t80\taudit\n");
+    exit(1);	
+}
diff --git a/utils/writeapp.c b/utils/writeapp.c
new file mode 100644
index 000000000..151a26301
--- /dev/null
+++ b/utils/writeapp.c
@@ -0,0 +1,416 @@
+/********************************************************************************/
+/*										*/
+/*			    NV Write Application				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   Demo application, and test of "no file TSS"
+
+   Create an EK for the salt
+
+   Start a session, salt with EK
+
+   Define an NV index, salted session
+
+   Flush the session
+
+   Start a session, salt with EK, bind to unwritten NV index
+
+   Write NV, changes the Name, bound, salt, encrypt session
+
+   Start a session, salt with EK, bind to written NV index
+   
+   Write NV, bound, salt, encrypt session
+
+   Undefine NV index
+
+   Flush EK
+*/
+
+#define NVINDEX 0x01000000
+#define NVPWD	"pwd" 
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssutils.h>
+#include "ekutils.h"
+#include "cryptoutils.h"
+
+static TPM_RC nvReadPublic(TSS_CONTEXT *tssContext);
+static TPM_RC startSession(TSS_CONTEXT *tssContext,
+			   TPMI_SH_AUTH_SESSION *sessionHandle,
+			   TPMI_DH_OBJECT tpmKey,
+			   TPMI_DH_ENTITY bind);
+static TPM_RC flush(TSS_CONTEXT *tssContext,
+		    TPMI_DH_CONTEXT flushHandle);
+static TPM_RC defineSpace(TSS_CONTEXT *tssContext,
+			  TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC nvWrite(TSS_CONTEXT *tssContext,
+		      TPMI_SH_AUTH_SESSION sessionHandle);
+static TPM_RC undefineSpace(TSS_CONTEXT *tssContext,
+			    TPMI_SH_AUTH_SESSION sessionHandle);
+			   
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    TSS_CONTEXT			*tssContext = NULL;
+    int 			pwSession = FALSE;		/* default HMAC session */
+    TPM_HANDLE 			ekKeyHandle = TPM_RH_NULL;	/* primary key handle */
+    TPMI_SH_AUTH_SESSION 	sessionHandle = TPM_RH_NULL;
+ 
+    int				i;    /* argc iterator */
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwsess") == 0) {
+	    pwSession = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+#ifdef TPM_TSS_NOCRYPTO
+    if (!pwSession) {
+	printf("\n-pwsess is required when compiled for no crypto\n");
+	printUsage();
+    }
+#endif
+    /* Start a TSS context */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Create a TSS context\n");
+	rc = TSS_Create(&tssContext);
+    }
+#ifndef TPM_TSS_NOCRYPTO
+    /* createprimary first for salt.  processPrimary() also reads the EK certificate and validates
+       it against the primary key.   It doesn't walk the certificate chain.  */
+    if (rc == 0) {
+	if (!pwSession) {
+	    if (tssUtilsVerbose) printf("INFO: Create a primary EK for the salt\n");
+	    rc = processPrimary(tssContext,
+				&ekKeyHandle,
+				EK_CERT_RSA_INDEX, EK_NONCE_RSA_INDEX, EK_TEMPLATE_RSA_INDEX,
+				TRUE, tssUtilsVerbose);		/* do not flush */
+	}
+    }
+#endif	/* TPM_TSS_NOCRYPTO */
+    /* start a session, salt with EK, unbound */
+    if (rc == 0) {
+	if (!pwSession) {
+	    if (tssUtilsVerbose) printf("INFO: Start a salt session\n");
+	    rc = startSession(tssContext,
+			      &sessionHandle,
+			      ekKeyHandle, TPM_RH_NULL);	/* salt, no bind */
+	}
+	else {
+	    sessionHandle = TPM_RS_PW;
+	}
+    }
+    /* Probe to see if the index already exists.  NOTE: A real application would test that the
+       NV metadata or Name was correct for the application. */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Read the NV index at %08x\n", NVINDEX);
+	rc = nvReadPublic(tssContext);
+	/* on failure, define the index */
+	if (rc != 0) {
+	    if (tssUtilsVerbose) printf("INFO: Create the NV index at %08x\n", NVINDEX);
+	    rc = defineSpace(tssContext, sessionHandle);
+	}
+    }
+    /* flush the salt session */
+    if (!pwSession) {
+	if (tssUtilsVerbose) printf("INFO: Flush the salt session\n");
+	flush(tssContext, sessionHandle);
+    }
+    /* start a session, salt with EK, bind with unwritten NV index */
+    if (rc == 0) {
+	if (!pwSession) {
+	    if (tssUtilsVerbose) printf("INFO: Start a salt and bind session\n");
+	    rc = startSession(tssContext,
+			      &sessionHandle,
+			      ekKeyHandle, NVINDEX);	/* salt, bind */
+	}
+	else {
+	    sessionHandle = TPM_RS_PW;
+	}
+    }
+    /* first write, changes the Name (flushes the session)*/
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Write the index and written bit\n");
+	rc = nvWrite(tssContext, sessionHandle);
+    }
+    /* start a session, salt, bind.  The previous session can't be used (with no password) since the
+       first write changed the Name.  Thus the session is no longer bound to the index.  The write
+       could specify a password, but the point is to test bind. */
+    if (rc == 0) {
+	if (!pwSession) {
+	    if (tssUtilsVerbose) printf("INFO: Start a salt and bind session\n");
+	    rc = startSession(tssContext,
+			      &sessionHandle,
+			      ekKeyHandle, NVINDEX);	/* salt, bind */
+	}
+	else {
+	    sessionHandle = TPM_RS_PW;
+	}
+    }
+    /* second write, note that the Name change is tracked */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("INFO: Write the index\n");
+	rc = nvWrite(tssContext, sessionHandle);
+    }
+    /* undefine NV index */
+    if (tssUtilsVerbose) printf("INFO: Undefine the index\n");
+    undefineSpace(tssContext, TPM_RS_PW);
+    /* flush the session */
+    if (!pwSession) {
+	if (tssUtilsVerbose) printf("INFO: Flush the session\n");
+	flush(tssContext, sessionHandle);
+	/* flush the primary key */
+	if (tssUtilsVerbose) printf("INFO: Flush the primary key\n");
+	flush(tssContext, ekKeyHandle);
+    }
+    {
+	TPM_RC rc1;
+	if (tssUtilsVerbose) printf("INFO: Delete the TSS context\n");
+	rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("writeapp: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("writeapp: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static TPM_RC nvReadPublic(TSS_CONTEXT *tssContext)
+{
+    TPM_RC			rc = 0;
+    NV_ReadPublic_In 		in;
+    NV_ReadPublic_Out		out;
+
+    if (rc == 0) {
+	in.nvIndex = NVINDEX;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_ReadPublic,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static TPM_RC startSession(TSS_CONTEXT *tssContext,
+			   TPMI_SH_AUTH_SESSION *sessionHandle,
+			   TPMI_DH_OBJECT tpmKey,		/* salt key */
+			   TPMI_DH_ENTITY bind)			/* bind object */
+{
+    TPM_RC			rc = 0;
+    StartAuthSession_In 	startAuthSessionIn;
+    StartAuthSession_Out 	startAuthSessionOut;
+    StartAuthSession_Extra	startAuthSessionExtra;
+     
+    /*	Start an authorization session */
+    if (rc == 0) {
+	startAuthSessionIn.tpmKey = tpmKey;		/* salt key */
+	startAuthSessionIn.bind = bind;			/* bind object */
+	startAuthSessionExtra.bindPassword = NVPWD;	/* bind password */
+	startAuthSessionIn.sessionType = TPM_SE_HMAC;	/* HMAC session */
+	startAuthSessionIn.authHash = TPM_ALG_SHA256;	/* HMAC SHA-256 */
+	startAuthSessionIn.symmetric.algorithm = TPM_ALG_AES;	/* parameter encryption */
+	startAuthSessionIn.symmetric.keyBits.aes = 128;
+	startAuthSessionIn.symmetric.mode.aes = TPM_ALG_CFB;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&startAuthSessionOut, 
+			 (COMMAND_PARAMETERS *)&startAuthSessionIn,
+			 (EXTRA_PARAMETERS *)&startAuthSessionExtra,
+			 TPM_CC_StartAuthSession,
+			 TPM_RH_NULL, NULL, 0);
+	*sessionHandle = startAuthSessionOut.sessionHandle;
+    }
+    return rc;
+}
+
+static TPM_RC flush(TSS_CONTEXT *tssContext,
+		    TPMI_DH_CONTEXT flushHandle)
+{
+    TPM_RC			rc = 0;
+    FlushContext_In 		in;
+
+    if (rc == 0) {
+	in.flushHandle = flushHandle;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_FlushContext,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static TPM_RC defineSpace(TSS_CONTEXT *tssContext,
+			  TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC			rc = 0;
+    NV_DefineSpace_In 		in;
+
+    if (rc == 0) {
+	rc = TSS_TPM2B_StringCopy(&in.auth.b,
+				  NVPWD, sizeof(in.auth.t.buffer));
+    }
+    if (rc == 0) {
+	in.authHandle = TPM_RH_OWNER;
+	in.publicInfo.nvPublic.authPolicy.t.size = 0;	/* default empty policy */
+	in.publicInfo.nvPublic.nvIndex = NVINDEX;	/* the handle of the data area */
+	in.publicInfo.nvPublic.nameAlg = TPM_ALG_SHA256;/* hash algorithm used to compute the name */
+	in.publicInfo.nvPublic.attributes.val = TPMA_NVA_NO_DA |
+						TPMA_NVA_AUTHWRITE | TPMA_NVA_AUTHREAD |
+						TPMA_NVA_ORDINARY;
+	in.publicInfo.nvPublic.dataSize = 1;
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_DefineSpace,
+			 /* Empty owner auth */
+			 sessionHandle, NULL, TPMA_SESSION_CONTINUESESSION,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    return rc;
+}
+
+static TPM_RC nvWrite(TSS_CONTEXT *tssContext,
+		      TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC			rc = 0;
+    NV_Write_In			nvWriteIn;
+    const char 			*pwd;
+
+    /* NV write */
+    if (rc == 0) {
+	nvWriteIn.authHandle = NVINDEX;		/* use index authorization */
+	nvWriteIn.nvIndex = NVINDEX;		/* NV index to write */
+	nvWriteIn.data.t.size = 1;		/* one byte */
+	nvWriteIn.data.t.buffer[0] = 0xff;	/* data */
+	nvWriteIn.offset = 0;
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	/* password session */
+	if (sessionHandle == TPM_RS_PW) {
+	    pwd = NVPWD;
+	}
+	/* NULL password, bound (password ignored), encrypt the data */
+	else {
+	    pwd = NULL;
+	}
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&nvWriteIn,	
+			 NULL,
+			 TPM_CC_NV_Write,
+			 sessionHandle, pwd, TPMA_SESSION_DECRYPT,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static TPM_RC undefineSpace(TSS_CONTEXT *tssContext,
+			    TPMI_SH_AUTH_SESSION sessionHandle)
+{
+    TPM_RC		rc = 0;
+    NV_UndefineSpace_In in;
+    
+    if (rc == 0) {
+	in.authHandle = TPM_RH_OWNER;
+	in.nvIndex = NVINDEX;
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_NV_UndefineSpace,
+			 sessionHandle, NULL, TPMA_SESSION_CONTINUESESSION,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("writeapp\n");
+    printf("\n");
+    printf("writeapp is a sample NV write application.  Provisions an NV location,\n");
+    printf("then does two writes with password 'pwd' using a bound, salted\n");
+    printf("HMAC session using AES CFB parameter encryption.\n");
+    printf("\n");
+    printf("Used to test minimal TSS build\n");
+    printf("\n");
+    printf("\t[-pwsess\tUse a password session, no HMAC or parameter encryption]\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils/zgen2phase.c b/utils/zgen2phase.c
new file mode 100644
index 000000000..a2cdbf816
--- /dev/null
+++ b/utils/zgen2phase.c
@@ -0,0 +1,366 @@
+/********************************************************************************/
+/*										*/
+/*			    ZGen_2Phase						*/
+/*	     		Written by Ken Goldman 					*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2017 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal_fp.h>
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 			rc = 0;
+    int 			i;    /* argc iterator */
+    TSS_CONTEXT 		*tssContext = NULL;
+    ZGen_2Phase_In   		in;
+    ZGen_2Phase_Out   		out;
+    TPMI_DH_OBJECT      	keyHandle = 0;
+    const char          	*qsbFilename = NULL;
+    const char          	*qebFilename = NULL;
+    const char                  *counterFilename = NULL;
+    const char       		*z1Filename = NULL;
+    const char          	*z2Filename = NULL;
+    const char          	*keyPassword = NULL;
+    TPMI_SH_AUTH_SESSION        sessionHandle0 = TPM_RS_PW;
+    unsigned int                sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION        sessionHandle1 = TPM_RH_NULL;
+    unsigned int                sessionAttributes1 = 0;
+    TPMI_SH_AUTH_SESSION        sessionHandle2 = TPM_RH_NULL;
+    unsigned int                sessionAttributes2 = 0;
+ 
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    in.inScheme = TPM_ALG_ECDH;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+        if (strcmp(argv[i], "-hk") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &keyHandle);
+            }
+            else {
+                printf("Missing parameter for -hk\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-qsb") == 0) {
+            i++;
+            if (i < argc) {
+                qsbFilename = argv[i];
+            }
+            else {
+                printf("-s2 option needs a value\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-qeb") == 0) {
+            i++;
+            if (i < argc) {
+                qebFilename = argv[i];
+            }
+            else {
+                printf("-qeb option needs a value\n");
+                printUsage();
+            }
+        }
+	else if (strcmp(argv[i],"-scheme") == 0) {
+            i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"ecdh") == 0) {
+		    in.inScheme = TPM_ALG_ECDH;
+		}
+#if 0
+		else if (strcmp(argv[i],"ecmqv") == 0) {
+		    in.inScheme = TPM_ALG_ECMQV;
+		}
+#endif
+		else if (strcmp(argv[i],"sm2") == 0) {
+		    in.inScheme = TPM_ALG_SM2;
+		}
+		else {
+		    printf("Bad parameter %s for -scheme\n", argv[i]);
+		    printUsage();
+		}
+	    }
+        }
+        else if (strcmp(argv[i], "-cf")  == 0) {
+	    i++;
+	    if (i < argc) {
+		counterFilename = argv[i];
+	    } else {
+		printf("-cf option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-z1")  == 0) {
+	    i++;
+	    if (i < argc) {
+		z1Filename = argv[i];
+	    } else {
+		printf("-z1 option needs a value\n");
+		printUsage();
+	    }	
+	}
+	else if (strcmp(argv[i], "-z2")  == 0) {
+	    i++;
+	    if (i < argc) {
+                z2Filename = argv[i];
+	    } else {
+		printf("-z2 option needs a value\n");
+		printUsage();
+	    }
+	}
+        else if (strcmp(argv[i],"-pwdk") == 0) {
+            i++;
+            if (i < argc) {
+                keyPassword = argv[i];
+            }
+            else {
+                printf("-pwdk option needs a value\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-se0") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionHandle0);
+            }
+            else {
+                printf("Missing parameter for -se0\n");
+                printUsage();
+            }
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionAttributes0);
+                if (sessionAttributes0 > 0xff) {
+                    printf("Out of range session attributes for -se0\n");
+                    printUsage();
+                }
+            }
+            else {
+                printf("Missing parameter for -se0\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-se1") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionHandle1);
+            }
+            else {
+                printf("Missing parameter for -se1\n");
+                printUsage();
+            }
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionAttributes1);
+                if (sessionAttributes1 > 0xff) {
+                    printf("Out of range session attributes for -se1\n");
+                    printUsage();
+                }
+            }
+            else {
+                printf("Missing parameter for -se1\n");
+                printUsage();
+            }
+        }
+        else if (strcmp(argv[i],"-se2") == 0) {
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionHandle2);
+            }
+            else {
+                printf("Missing parameter for -se2\n");
+                printUsage();
+            }
+            i++;
+            if (i < argc) {
+                sscanf(argv[i],"%x", &sessionAttributes2);
+                if (sessionAttributes2 > 0xff) {
+                    printf("Out of range session attributes for -se2\n");
+                    printUsage();
+                }
+            }
+            else {
+                printf("Missing parameter for -se2\n");
+                printUsage();
+            }
+        }
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (qsbFilename == NULL) {
+	printf("Missing handle parameter -qsb\n");
+	printUsage();
+    }	
+    if (qebFilename == NULL) {
+	printf("Missing handle parameter -qeb\n");
+	printUsage();
+    }	
+    if (counterFilename == NULL) {
+	printf("Missing handle parameter -cf\n");
+	printUsage();
+    }	
+    if (rc == 0) {
+	in.keyA = keyHandle;
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.inQsB,
+				    (UnmarshalFunction_t)TSS_TPM2B_ECC_POINT_Unmarshalu,
+				    qsbFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.inQeB,
+				    (UnmarshalFunction_t)TSS_TPM2B_ECC_POINT_Unmarshalu,
+				    qebFilename);
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.counter, 
+				    (UnmarshalFunction_t)TSS_UINT16_Unmarshalu,
+				    counterFilename);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_CC_ZGen_2Phase,
+                         sessionHandle0, keyPassword, sessionAttributes0,
+                         sessionHandle1, NULL, sessionAttributes1,
+                         sessionHandle2, NULL, sessionAttributes2,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (z1Filename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outZ1,
+				     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal,
+				     z1Filename);
+
+
+    }
+    if ((rc == 0) && (z2Filename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.outZ2,
+				     (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal,
+				     z2Filename);
+
+
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("zgen2phase: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("zgen2phase: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("zgen2phase\n");
+    printf("\n");
+    printf("Runs TPM2_ZGen_2Phase\n");
+    printf("\n");
+    printf("\t-hk\tunrestricted decryption key handle\n");
+    printf("\t[-pwdk\tpassword for key (default empty)]\n");
+    printf("\t-qsb\tQsB point input file name\n");
+    printf("\t-qeb\tQeB point input file name\n");
+    printf("\t-cf\tcounter file name\n");
+    printf("\t[-scheme\t(default ecdh)]\n");
+    printf("\t\tecdh\n");
+    printf("\t\tecmqv\n");
+    printf("\t\tsm2\n");
+    printf("\t[-z1\tZ1 output data file name (default do not save)]\n");
+    printf("\t[-z2\tZ2 output data file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
+    printf("\t01\tcontinue\n");
+    printf("\t20\tcommand decrypt\n");
+    printf("\t40\tresponse encrypt\n");
+    exit(1); 
+}
+
+
+
diff --git a/utils12/Makefile.am b/utils12/Makefile.am
new file mode 100644
index 000000000..911a9384e
--- /dev/null
+++ b/utils12/Makefile.am
@@ -0,0 +1,152 @@
+transform=s&^&tss1&
+
+if CONFIG_TPM12
+lib_LTLIBRARIES =libibmtssutils12.la
+
+libibmtssutils12_la_SOURCES = ekutils12.c
+libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
+# current[:revision[:age]]
+# result: [current-age].age.revision
+libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ -libmtss
+
+notrans_man_MANS = man/man1/*.1
+noinst_HEADERS = ekutils12.h
+
+bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
+
+activateidentity_SOURCES = activateidentity.c
+activateidentity_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+activateidentity_LDFLAGS = -L$(top_srcdir)/utils
+activateidentity_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+createendorsementkeypair_SOURCES = createendorsementkeypair.c
+createendorsementkeypair_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+createendorsementkeypair_LDFLAGS = -L$(top_srcdir)/utils
+createendorsementkeypair_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+createwrapkey_SOURCES = createwrapkey.c
+createwrapkey_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+createwrapkey_LDFLAGS = -L$(top_srcdir)/utils
+createwrapkey_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+extend_SOURCES = extend.c
+extend_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+extend_LDFLAGS = -L$(top_srcdir)/utils
+extend_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+flushspecific_SOURCES = flushspecific.c
+flushspecific_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+flushspecific_LDFLAGS = -L$(top_srcdir)/utils
+flushspecific_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+getcapability_SOURCES = getcapability.c
+getcapability_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+getcapability_LDFLAGS = -L$(top_srcdir)/utils
+getcapability_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+loadkey2_SOURCES = loadkey2.c
+loadkey2_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+loadkey2_LDFLAGS = -L$(top_srcdir)/utils
+loadkey2_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+makeidentity_SOURCES = makeidentity.c
+makeidentity_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+makeidentity_LDFLAGS = -L$(top_srcdir)/utils
+makeidentity_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+nvdefinespace_SOURCES = nvdefinespace.c
+nvdefinespace_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+nvdefinespace_LDFLAGS = -L$(top_srcdir)/utils
+nvdefinespace_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+nvreadvalueauth_SOURCES = nvreadvalueauth.c
+nvreadvalueauth_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+nvreadvalueauth_LDFLAGS = -L$(top_srcdir)/utils
+nvreadvalueauth_LDADD = libibmtssutils12.la ../utils/libibmtss.la $(LIBCRYPTO_LIBS)
+
+nvreadvalue_SOURCES = nvreadvalue.c
+nvreadvalue_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+nvreadvalue_LDFLAGS = -L$(top_srcdir)/utils
+nvreadvalue_LDADD = libibmtssutils12.la ../utils/libibmtss.la $(LIBCRYPTO_LIBS)
+
+nvwritevalueauth_SOURCES = nvwritevalueauth.c
+nvwritevalueauth_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+nvwritevalueauth_LDFLAGS = -L$(top_srcdir)/utils
+nvwritevalueauth_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+nvwritevalue_SOURCES = nvwritevalue.c
+nvwritevalue_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+nvwritevalue_LDFLAGS = -L$(top_srcdir)/utils
+nvwritevalue_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+oiap_SOURCES = oiap.c
+oiap_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+oiap_LDFLAGS = -L$(top_srcdir)/utils
+oiap_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+osap_SOURCES = osap.c
+osap_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+osap_LDFLAGS = -L$(top_srcdir)/utils
+osap_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+ownerreadinternalpub_SOURCES = ownerreadinternalpub.c
+ownerreadinternalpub_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+ownerreadinternalpub_LDFLAGS = -L$(top_srcdir)/utils
+ownerreadinternalpub_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+ownersetdisable_SOURCES = ownersetdisable.c
+ownersetdisable_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+ownersetdisable_LDFLAGS = -L$(top_srcdir)/utils
+ownersetdisable_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+pcrread_SOURCES = pcrread.c
+pcrread_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+pcrread_LDFLAGS = -L$(top_srcdir)/utils
+pcrread_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+quote2_SOURCES = quote2.c ../utils/cryptoutils.c
+quote2_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+quote2_LDFLAGS = -L$(top_srcdir)/utils
+quote2_LDADD = libibmtssutils12.la ../utils/libibmtss.la $(LIBCRYPTO_LIBS)
+
+sign_SOURCES = sign.c ../utils/cryptoutils.c
+sign_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+sign_LDFLAGS = -L$(top_srcdir)/utils
+sign_LDADD = libibmtssutils12.la ../utils/libibmtss.la $(LIBCRYPTO_LIBS)
+
+startup_SOURCES = startup.c
+startup_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+startup_LDFLAGS = -L$(top_srcdir)/utils
+startup_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+takeownership_SOURCES = takeownership.c
+takeownership_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+takeownership_LDFLAGS = -L$(top_srcdir)/utils
+takeownership_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+tpminit_SOURCES = tpminit.c
+tpminit_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+tpminit_LDFLAGS = -L$(top_srcdir)/utils
+tpminit_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+createekcert_SOURCES = createekcert.c ekutils12.c \
+		       ../utils/cryptoutils.c ../utils/ekutils.c
+createekcert_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+createekcert_LDFLAGS = -L$(top_srcdir)/utils
+createekcert_LDADD = libibmtssutils12.la ../utils/libibmtss.la $(LIBCRYPTO_LIBS)
+
+makeekblob_SOURCES = makeekblob.c
+makeekblob_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+makeekblob_LDFLAGS = -L$(top_srcdir)/utils
+makeekblob_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+eventextend_SOURCES = eventextend.c ../utils/eventlib.c
+eventextend_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+eventextend_LDFLAGS = -L$(top_srcdir)/utils
+eventextend_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+
+imaextend_SOURCES = imaextend.c ../utils/imalib.c
+imaextend_CFLAGS = -I$(top_srcdir)/utils -DTPM_TPM12
+imaextend_LDFLAGS = -L$(top_srcdir)/utils
+imaextend_LDADD = libibmtssutils12.la ../utils/libibmtss.la
+endif
diff --git a/utils12/activateidentity.c b/utils12/activateidentity.c
new file mode 100644
index 000000000..13500a654
--- /dev/null
+++ b/utils12/activateidentity.c
@@ -0,0 +1,300 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 ActivateIdentity				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    ActivateIdentity_In		in;
+    ActivateIdentity_Out	out;
+    TPM_KEY_HANDLE 		idKeyHandle;
+    const char 			*ownerPassword = NULL;
+    const char 			*ownerPasswordFilename = NULL;
+    unsigned char 		*ownerPasswordData = NULL;
+    const char 			*keyPassword = NULL;
+    const char 			*keyFilename = NULL;
+    const uint8_t		*ownerAuth;			/* either command line or file */
+    const char 			*blobFilename = NULL;
+    uint8_t			*blob = NULL;
+    size_t 			blobSize;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+    size_t 			length;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &idKeyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -pwdo\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdof") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPasswordFilename = argv[i];
+	    }
+	    else {
+		printf("-pwdof option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-pwdk",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdk\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-ib",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		blobFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -ib\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-ok",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -ok\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((ownerPassword == NULL) && (ownerPasswordFilename == NULL)) {
+	printf("\nMissing -pwdo or -pwdof argument\n");
+	printUsage();
+    }
+    if ((ownerPassword != NULL) && (ownerPasswordFilename != NULL)) {
+	printf("\nCannot have -pwdo and -pwdof arguments\n");
+	printUsage();
+    }
+    if (blobFilename == NULL) {
+	printf("\nMissing -ib argument\n");
+	printUsage();
+    }
+    /* get the owner password from a file */
+    if (ownerPasswordFilename != NULL) {
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&ownerPasswordData,     /* freed @1 */
+					 &length,
+					 ownerPasswordFilename);
+	}
+	ownerAuth = ownerPasswordData;
+    }
+    else {
+	ownerAuth = (uint8_t *)ownerPassword; 	/* can be NULL */
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&blob,     	/* freed @1 */
+				     &blobSize,
+				     blobFilename);
+    }
+    if (rc == 0) {
+	if (blobSize > sizeof(in.blob)) {
+	    printf("activateidentity: blob size %u greater than %u\n",
+		   (unsigned int)blobSize, (unsigned int)sizeof(in.blob));
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    if (rc == 0) {
+	in.idKeyHandle = idKeyHandle;
+	in.blobSize = blobSize;
+	memcpy(in.blob, blob, blobSize);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_ActivateIdentity,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 sessionHandle1, ownerAuth, sessionAttributes1,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the key */
+    if ((rc == 0) && (keyFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile((const unsigned char *)&out.symmetricKey.data,
+				      out.symmetricKey.size,
+				      keyFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("activateidentity: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("activateidentity: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(blob);	/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("activateidentity\n");
+    printf("\n");
+    printf("Runs TPM_ActivateIdentity\n");
+    printf("\n");
+    printf("\t-ha ID key handle\n");
+    printf("\t[-pwdo\t owner password (default zeros)]\n");
+    printf("\t[-pwdof\t owner authorization file name\n");
+    printf("\t[-pwdk\t password for key (default zeros)]\n");
+    printf("\t-ib encrypted blob file name\n");
+    printf("\t[-ok\t symmetric key file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se0 srk session handle / attributes\n");
+    printf("\t-se1 owner session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/createekcert.c b/utils12/createekcert.c
new file mode 100644
index 000000000..c7401ab32
--- /dev/null
+++ b/utils12/createekcert.c
@@ -0,0 +1,468 @@
+/********************************************************************************/
+/*										*/
+/*		TPM 2.0 Attestation - Client EK and EK certificate  		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* This program provisions an EK certificate.  It is required only for a SW TPM, which does not, of
+   course, come with a certificate.
+
+   Prerequisites - FIXME in the future, merge these into this program
+   -------------
+
+   ownerreadinternalpub to read the EK public key to a file
+
+   createendorsementkeypair to create the EK.
+   
+   nvdefinespace to create NV Index.
+
+   Steps implemented
+   -----------------
+
+   Read the EK public key
+
+   Create a certificate using the CA key cakey.pem
+
+   Write the certificate to NV.  Assumes the nv index has been defined and is of sufficient size.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "openssl/pem.h"
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/Unmarshal12_fp.h>
+#include "ekutils.h"
+#include "ekutils12.h"
+
+/* local function prototypes */
+
+static void printUsage(void);
+
+static TPM_RC storeEkCertificate(TSS_CONTEXT *tssContext,
+				 const char *ownerPassword,
+				 TPM_AUTHHANDLE sessionHandle,
+				 uint32_t certLength,
+				 unsigned char *certificate,	
+				 TPMI_RH_NV_INDEX nvIndex);
+static TPM_RC startOIAP(TSS_CONTEXT *tssContext,
+			TPM_AUTHHANDLE *sessionHandle);
+static TPM_RC flushSpecific(TSS_CONTEXT *tssContext,
+			    TPM_AUTHHANDLE sessionHandle);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    int 		rc = 0;
+    int			i;    /* argc iterator */
+    TSS_CONTEXT 	*tssContext = NULL;
+    const char		*certificateFilename = NULL;
+    TPMI_RH_NV_INDEX	ekCertIndex = TPM_NV_INDEX_EKCert;
+    const char 		*ekPubkeyFilename = NULL;
+    /* the CA for endorsement key certificates */
+    const char 		*caKeyFileName = NULL;
+    const char 		*caKeyPassword = "";
+    const char		*ownerPassword = NULL; 
+
+    /* FIXME may be better from command line or config file */
+    char *subjectEntries[] = {
+	"US",		/* 0 country */
+	"NY",		/* 1 state */
+	"Yorktown",	/* 2 locality*/
+	"IBM",		/* 3 organization */
+	NULL,		/* 4 organization unit */
+	"IBM SW TPM",	/* 5 common name */
+	NULL		/* 6 email */
+    };
+    /* FIXME should come from root certificate, cacert.pem, cacertec.pem */
+    char *rootIssuerEntriesRsa[] = {
+	"US"			,
+	"NY"			,
+	"Yorktown"		,
+	"IBM"			,
+	NULL			,
+	"EK CA"			,
+	NULL	
+    };
+    /* only RSA for TPM 1.2 */
+    char 		**issuerEntries = rootIssuerEntriesRsa;
+    size_t		issuerEntriesSize = sizeof(rootIssuerEntriesRsa)/sizeof(char *);
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		certificateFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-cakey") == 0) {
+	    i++;
+	    if (i < argc) {
+		caKeyFileName = argv[i];
+	    }
+	    else {
+		printf("ERROR: Missing parameter for -cakey\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-capwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		caKeyPassword = argv[i];
+	    }
+	    else {
+		printf("ERROR: Missing parameter for -capwd\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-iek",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		ekPubkeyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -iek\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	}
+	else if (strcmp(argv[i],"-vv") == 0) {
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");	/* trace entire TSS */
+	    tssUtilsVerbose = TRUE;
+	}
+	else {
+ 	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (caKeyFileName == NULL) {
+	printf("ERROR: Missing -cakey\n");
+	printUsage();
+    }
+    if (ekPubkeyFilename == NULL) {
+	printf("\nMissing -iek argument\n");
+	printUsage();
+    }
+   /* Precalculate the openssl nids, into global table */
+    if (rc == 0) {
+	rc = calculateNid();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* read the EK TPM_PUBKEY */
+    TPM_PUBKEY 	ekPubkey;			/* TPM_PUBKEY EK */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&ekPubkey,
+				    (UnmarshalFunction_t)TSS_TPM_PUBKEY_Unmarshalu,
+				    ekPubkeyFilename);
+    }
+    TPMT_PUBLIC 	tpmtPublicOut;		/* primary key public part */
+    /* construct the TPMT_PUBLIC from the EK public key */
+    if (rc == 0) {
+	tpmtPublicOut.type = TPM_ALG_RSA;
+	tpmtPublicOut.nameAlg = TPM_ALG_SHA1;
+	tpmtPublicOut.objectAttributes.val = TPMA_OBJECT_DECRYPT;
+	tpmtPublicOut.authPolicy.t.size = 0;
+	tpmtPublicOut.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;	
+	tpmtPublicOut.parameters.rsaDetail.symmetric.keyBits.aes = 128;	
+	tpmtPublicOut.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;	
+	tpmtPublicOut.parameters.rsaDetail.keyBits = 2048;	
+	tpmtPublicOut.parameters.rsaDetail.exponent = 0;
+	tpmtPublicOut.unique.rsa.t.size = ekPubkey.pubKey.keyLength;
+	/* FIXME range check */
+	memcpy(tpmtPublicOut.unique.rsa.t.buffer, ekPubkey.pubKey.key, ekPubkey.pubKey.keyLength);
+    }
+    /* create the EK certificate from the EK public key, using the above issuer and subject */
+    char *x509CertString = NULL;
+    char *pemCertString = NULL;
+    uint32_t certLength;
+    unsigned char *certificate = NULL;
+    if (rc == 0) {
+	rc = createCertificate(&x509CertString,			/* freed @3 */
+			       &pemCertString,			/* freed @2 */
+			       &certLength,
+			       &certificate,			/* output, freed @1 */
+			       &tpmtPublicOut,			/* public key to be certified */
+			       caKeyFileName,			/* CA signing key */
+			       issuerEntriesSize,
+			       issuerEntries,			/* certificate issuer */
+			       sizeof(subjectEntries)/sizeof(char *),
+			       subjectEntries,			/* certificate subject */
+			       caKeyPassword);			/* CA signing key password */
+    }
+    /* start an OIAP session */
+    TPM_AUTHHANDLE sessionHandle;
+    if (rc == 0) {
+	rc = startOIAP(tssContext,
+		       &sessionHandle);
+	if (tssUtilsVerbose) printf("createekcert: startOIAP %08x\n", sessionHandle);
+    }
+    /* store the EK certificate in NV */
+    if (rc == 0) {
+	rc = storeEkCertificate(tssContext,
+				ownerPassword,
+				sessionHandle,
+				certLength, certificate,	
+				ekCertIndex);
+    }
+    /* flush the OIAP session */
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("createekcert: flushSpecific %08x\n", sessionHandle);
+	rc = flushSpecific(tssContext,
+			   sessionHandle);
+    }
+    /* optionally store the certificate in DER format */
+    if ((rc == 0) && (certificateFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(certificate, certLength, certificateFilename);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    free(certificate);			/* @1 */
+    free(pemCertString);		/* @2 */
+    free(x509CertString);		/* @3 */
+    return rc;
+}
+
+/* storeEkCertificate() writes the EK certificate at the specified NV index.  It does not define the
+   NV index.  */
+
+static TPM_RC storeEkCertificate(TSS_CONTEXT *tssContext,
+				 const char *ownerPassword,
+				 TPM_AUTHHANDLE sessionHandle,
+				 uint32_t certLength,
+				 unsigned char *certificate,	
+				 TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC 			rc = 0;
+    NV_WriteValue_In 		nvWriteIn;
+    uint32_t 			nvBufferMax;		/* max write in one chunk */
+    uint32_t			certWritten = 0;
+    int				done = FALSE;
+
+    if (rc == 0) {
+	rc = readNvBufferMax12(tssContext,
+			       &nvBufferMax);
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("storeEkCertificate: certificate %u bytes to %08x\n",
+			    certLength, nvIndex);
+	nvWriteIn.nvIndex = nvIndex;
+	nvWriteIn.offset = 0;		/* offset is bytes written so far */
+    }
+    /* store the TPM 1.2 certificate header.  See the PC Client Implementation spec 1.21 Table 9 */
+    if (rc == 0) {
+	uint8_t *buffer = nvWriteIn.data+3;
+	uint16_t written = 0;
+	uint16_t certLength16 = certLength + 2;	/* add two bytes for the TCG_FULL_CERT tag */
+	nvWriteIn.data[0] = 0x10;		/* TCG_TAG_PCCLIENT_STORED_CERT	1001h */
+	nvWriteIn.data[1] = 0x01;
+	nvWriteIn.data[2] = 0x00;		/* TCG_FULL_CERT	0 */
+	nvWriteIn.data[5] = 0x10;		/* TCG_TAG_PCCLIENT_FULL_CERT	1002h */
+	nvWriteIn.data[6] = 0x02;
+	TSS_UINT16_Marshalu(&certLength16, &written, &buffer, NULL);
+	nvWriteIn.dataSize = 7;
+	if (tssUtilsVerbose)
+	    printf("storeEkCertificate: writing header %u bytes at offset %u to %08x\n",
+		   nvWriteIn.dataSize, nvWriteIn.offset, nvIndex);
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&nvWriteIn,
+			 NULL,
+			 TPM_ORD_NV_WriteValue,
+			 sessionHandle, ownerPassword, 1,
+			 TPM_RH_NULL, NULL, 0);
+	nvWriteIn.offset += nvWriteIn.dataSize;
+    }
+    while ((rc == 0) && !done) {
+	if (rc == 0) {
+	    /* calculate bytes to write in this pass */
+	    if ((certLength - certWritten) < nvBufferMax) {
+		nvWriteIn.dataSize = certLength - certWritten;	/* last chunk */
+	    }
+	    else {
+		nvWriteIn.dataSize = nvBufferMax;		/* next chunk */
+	    }
+	    memcpy(nvWriteIn.data, certificate + certWritten, nvWriteIn.dataSize);
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) printf("storeEkCertificate: "
+				"writing certificate %u bytes at offset %u to %08x\n",
+				nvWriteIn.dataSize, nvWriteIn.offset, nvIndex);
+	    rc = TSS_Execute(tssContext,
+			     NULL,
+			     (COMMAND_PARAMETERS *)&nvWriteIn,
+			     NULL,
+			     TPM_ORD_NV_WriteValue,
+			     sessionHandle, ownerPassword, 1,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    nvWriteIn.offset += nvWriteIn.dataSize;
+	    certWritten += nvWriteIn.dataSize;
+	    if (certWritten == certLength) {
+		done = TRUE;
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("storeEkCertificate: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("storeEkCertificate: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+TPM_RC startOIAP(TSS_CONTEXT *tssContext,
+		 TPM_AUTHHANDLE *sessionHandle)
+{
+    TPM_RC 			rc = 0;
+    OIAP_Out 			out;
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 NULL,
+			 NULL,
+			 TPM_ORD_OIAP,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startOIAP: Handle %08x\n", out.authHandle);
+	*sessionHandle = out.authHandle;
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("oiap: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static TPM_RC flushSpecific(TSS_CONTEXT *tssContext,
+			    TPM_AUTHHANDLE sessionHandle)
+{
+    TPM_RC			rc = 0;
+    FlushSpecific_In 		in;
+    if (rc == 0) {
+	in.handle = sessionHandle;
+	in.resourceType = TPM_RT_AUTH;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_FlushSpecific,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("flushspecific: handle %08x success\n",
+				    sessionHandle);
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("flushspecific: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createekcert\n");
+    printf("\n");
+    printf("Provisions an EK certificate\n");
+    printf("E.g.,\n");
+    printf("\n");
+    printf("createekcert -cakey cakey.pem -capwd rrrr -ip ekpub.bin\n");
+    printf("\n");
+    printf("\t[-pwdo\t owner password (default zeros)]\n");
+    printf("\t-iek\t TPM_PUBKEY EK file name\n");
+    printf("\t-cakey\t CA PEM key file name\n");
+    printf("\t[-capwd\t CA PEM key password (default empty)]\n");
+    printf("\t[-of\t DER certificate output file name]\n");
+    printf("\n");
+    printf("Currently:\n");
+    printf("\n");
+    printf("\tCertificate issuer, subject, and validity are hard coded.\n");
+    exit(1);	
+}
diff --git a/utils12/createendorsementkeypair.c b/utils12/createendorsementkeypair.c
new file mode 100644
index 000000000..2e2e09aa6
--- /dev/null
+++ b/utils12/createendorsementkeypair.c
@@ -0,0 +1,134 @@
+/********************************************************************************/
+/*										*/
+/*			    CreateEndorsementKeyPair 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tsscryptoh.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC				rc = 0;
+    int					i;    /* argc iterator */
+    TSS_CONTEXT				*tssContext = NULL;
+    CreateEndorsementKeyPair_In 	in;
+    CreateEndorsementKeyPair_Out 	out;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+     for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	 if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	memset(in.antiReplay, 0, SHA1_DIGEST_SIZE);
+	in.keyInfo.algorithmID = TPM_ALG_RSA;
+	in.keyInfo.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
+	in.keyInfo.sigScheme = 0;
+	in.keyInfo.parms.rsaParms.keyLength = 2048;
+	in.keyInfo.parms.rsaParms.numPrimes = 2;
+	in.keyInfo.parms.rsaParms.exponentSize = 0;
+   }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_CreateEndorsementKeyPair,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("createendorsementkeypair: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("createendorsementkeypair: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createendorsementkeypair\n");
+    printf("\n");
+    printf("Runs TPM_CreateEndorsementKeyPair\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils12/createwrapkey.c b/utils12/createwrapkey.c
new file mode 100644
index 000000000..448565d91
--- /dev/null
+++ b/utils12/createwrapkey.c
@@ -0,0 +1,312 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 CreateWrapKey				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    CreateWrapKey_In		in;
+    CreateWrapKey_Out		out;
+    TPM_KEY_HANDLE		parentHandle = TPM_RH_SRK;
+    int 			signing = FALSE;
+    int 			storage = FALSE;
+    const char 			*usagePassword = NULL;
+    const char 			*migrationPassword = NULL;
+    const char 			*parentPassword = NULL;
+    TPMT_HA 			usageHash;
+    TPMT_HA 			migrationHash;
+    const char 			*keyFilename = NULL;
+    const char 			*pubkeyFilename = NULL;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i], "srk") == 0) {
+		    parentHandle = TPM_RH_SRK;
+		}
+		else {
+		    sscanf(argv[i],"%x", &parentHandle);
+		}
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-si") == 0) {
+	    signing = TRUE;
+	}
+	else if (strcmp(argv[i],"-st") == 0) {
+	    storage = TRUE;
+	}
+	else if (!strcmp("-pwdk",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		usagePassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdk\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-pwdm",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		migrationPassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdm\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-pwdp",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdp\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-ok",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -ok\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-op",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		pubkeyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -op\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* must have exactly one set */
+    if (signing == storage) {
+	printf("One of -si -st must be set\n");
+    }
+    if (rc == 0) {
+	if (usagePassword == NULL) {
+	    memset(in.dataUsageAuth, 0, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    usageHash.hashAlg = TPM_ALG_SHA1; 
+	    rc = TSS_Hash_Generate(&usageHash,
+				   strlen(usagePassword), usagePassword,
+				   0, NULL);
+	    memcpy(in.dataUsageAuth, (uint8_t *)&usageHash.digest, SHA1_DIGEST_SIZE);
+	}
+    }
+    if (rc == 0) {
+	if (migrationPassword == NULL) {
+	    memset(in.dataMigrationAuth, 0, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    migrationHash.hashAlg = TPM_ALG_SHA1; 
+	    rc = TSS_Hash_Generate(&migrationHash,
+				   strlen(migrationPassword), migrationPassword,
+				   0, NULL);
+	    memcpy(in.dataMigrationAuth, (uint8_t *)&migrationHash.digest, SHA1_DIGEST_SIZE);
+	}
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+	/* storage key */
+	if (storage) {
+	    in.keyInfo.keyUsage = TPM_KEY_STORAGE;
+	    in.keyInfo.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;  
+	    in.keyInfo.algorithmParms.sigScheme = TPM_ES_NONE;  
+	}
+	/* signing key */
+	else {
+	    in.keyInfo.keyUsage = TPM_KEY_SIGNING;
+	    in.keyInfo.algorithmParms.encScheme = TPM_ES_NONE;  
+	    in.keyInfo.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1;  
+	}
+	in.keyInfo.algorithmParms.algorithmID = TPM_ALG_RSA;  
+	in.keyInfo.keyFlags = 0;
+	if (usagePassword == NULL) {
+	    in.keyInfo.authDataUsage = TPM_AUTH_NEVER;
+	}
+	else {
+	    in.keyInfo.authDataUsage = TPM_AUTH_ALWAYS;
+	}
+	in.keyInfo.algorithmParms.parms.rsaParms.keyLength = 2048;  
+	in.keyInfo.algorithmParms.parms.rsaParms.numPrimes = 2;  
+	in.keyInfo.algorithmParms.parms.rsaParms.exponentSize = 0;  
+	in.keyInfo.PCRInfo.localityAtCreation = TPM_LOC_ZERO;
+	in.keyInfo.PCRInfo.localityAtRelease = TPM_LOC_ALL;
+	in.keyInfo.PCRInfo.creationPCRSelection.sizeOfSelect = 3;
+	memset(in.keyInfo.PCRInfo.creationPCRSelection.pcrSelect, 0, 3);
+	in.keyInfo.PCRInfo.releasePCRSelection.sizeOfSelect = 3;
+	memset(in.keyInfo.PCRInfo.releasePCRSelection.pcrSelect, 0, 3);
+	memset(in.keyInfo.PCRInfo.digestAtCreation, 0, SHA1_DIGEST_SIZE);
+	memset(in.keyInfo.PCRInfo.digestAtRelease, 0, SHA1_DIGEST_SIZE);
+	in.keyInfo.pubKey.keyLength = 0;   
+	in.keyInfo.encData.keyLength = 0;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_CreateWrapKey,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the TPM_KEY12 key */
+    if ((rc == 0) && (keyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.wrappedKey,
+				     (MarshalFunction_t)TSS_TPM_KEY12_Marshalu,
+				     keyFilename);
+    }
+    /* save the TPM_PUBKEY key from the TPM_KEY12 idKey */
+    if ((rc == 0) && (pubkeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.wrappedKey,
+				     (MarshalFunction_t)TSS_TPM_KEY12_PUBKEY_Marshalu,
+				     pubkeyFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("createwrapkey: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("createwrapkey: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("createwrapkey\n");
+    printf("\n");
+    printf("Runs TPM_CreateWrapKey\n");
+    printf("\n");
+    printf("\t-st\tstorage key\n");
+    printf("\t-si\tsigning key\n");
+    printf("\t[-hp\tparent handle, can be srk (default srk)]\n");
+    printf("\t[-pwdp\tpassword for parent key (default empty)]\n");
+    printf("\t[-pwdk\tusage password for key (default zeros)]\n");
+    printf("\t[-pwdm\tmigration password for key (default zeros)]\n");
+    printf("\t[-ok\tTPM_KEY12 key file name (default do not save)]\n");
+    printf("\t[-op\tTPM_PUBKEY key file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se0\tOSAP session handle / attributes\n");
+    printf("\t01\tcontinue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/ekutils12.c b/utils12/ekutils12.c
new file mode 100644
index 000000000..5dc541852
--- /dev/null
+++ b/utils12/ekutils12.c
@@ -0,0 +1,284 @@
+/********************************************************************************/
+/*										*/
+/*			TPM 1.2 EK Index Parsing Utilities			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <limits.h>
+
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssprint.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/Unmarshal12_fp.h>
+#include <ibmtss/tssmarshal.h>
+
+#include "cryptoutils.h"
+#include "ekutils12.h"
+
+int tssUtilsVerbose;
+
+/* readNvBufferMax() determines the maximum NV read/write block size.  The limit is typically set by
+   the TPM property TPM_CAP_PROP_INPUT_BUFFER, munus the header and other read overhead. */
+
+TPM_RC readNvBufferMax12(TSS_CONTEXT *tssContext,
+			 uint32_t *nvBufferMax)
+{
+    TPM_RC			rc = 0;
+    GetCapability12_In 		in;
+    GetCapability12_Out		out;
+    uint32_t			scap32;
+    uint16_t 			written = 0;
+    uint8_t 			*buffer = in.subCap;
+    uint32_t			tpmBufferSize;
+
+    if (rc == 0) {
+	in.capArea = TPM_CAP_PROPERTY;
+	in.subCapSize = sizeof(uint32_t);
+	scap32 = TPM_CAP_PROP_INPUT_BUFFER;
+	TSS_UINT32_Marshalu(&scap32, &written, &buffer, NULL);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_GetCapability,
+			 TPM_RH_NULL, NULL, 0);
+	if (rc != 0) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("readNvBufferMax12: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	}
+    }
+    if (rc == 0) {
+	tpmBufferSize = ntohl(*(uint32_t *)(out.resp));
+	if (tssUtilsVerbose)
+	    printf("readNvBufferMax12: TPM_CAP_PROP_INPUT_BUFFER: %u\n", tpmBufferSize);
+	*nvBufferMax = tpmBufferSize -
+		       (sizeof(TPM_TAG) + sizeof(uint32_t) + sizeof(TPM_RESULT) +
+			sizeof(uint32_t) +
+			sizeof(TPM_NONCE) + sizeof(uint8_t) + sizeof(TPM_AUTHDATA));
+	/* the Infineon TPM 1.2 fails with the optimum value 1280-55 = 1225 */
+	if (*nvBufferMax > 512) {
+	    *nvBufferMax = 512;
+	}
+	if (tssUtilsVerbose) printf("readNvBufferMax12: nvBufferMax: %u\n", *nvBufferMax);
+    }
+    return rc;
+}
+
+/* getIndexSize() uses TPM_GetCapability() to return the NV index size */
+
+TPM_RC getIndexSize12(TSS_CONTEXT *tssContext,
+		      uint16_t *dataSize,
+		      TPMI_RH_NV_INDEX nvIndex)
+{
+    TPM_RC			rc = 0;
+    GetCapability12_In 		in;
+    GetCapability12_Out		out;
+    uint32_t			scap32;
+    uint16_t 			written = 0;
+    uint8_t 			*buffer = in.subCap;
+    TPM_NV_DATA_PUBLIC 		ndp;
+   
+    if (rc == 0) {
+	in.capArea = TPM_CAP_NV_INDEX;
+	in.subCapSize = sizeof(uint32_t);
+	scap32 = nvIndex;
+	TSS_UINT32_Marshalu(&scap32, &written, &buffer, NULL);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_GetCapability,
+			 TPM_RH_NULL, NULL, 0);
+	if ((rc != 0) && tssUtilsVerbose) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("getIndexSize12: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	}
+    }
+    if (rc == 0) {
+	uint8_t 	*buffer = out.resp;
+	uint32_t 	size = out.respSize;
+	rc = TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(&ndp, &buffer, &size);
+    }
+    if (rc == 0) {	/* FIXME range check */
+	*dataSize = ndp.dataSize;
+    }
+    return rc;
+}
+
+/* getIndexContents12() uses TPM_NV_ReadValueAuth() to return the NV index contents.  It assumes the
+   contents is a TPM 1.2 format certificate and returns the payload.
+
+   It assumes owner authorization with ownerPassword password - uses NV_ReadValue.
+*/
+
+TPM_RC getIndexContents12(TSS_CONTEXT *tssContext,
+			  unsigned char **ekCertificate,	/* freed by caller */	
+			  uint16_t *ekCertLength,
+			  TPMI_RH_NV_INDEX nvIndex,
+			  const char *ownerPassword,
+			  TPM_AUTHHANDLE sessionHandle,		/* OIAP session */
+			  unsigned int	sessionAttributes0)	/* continue */
+
+{
+    TPM_RC		rc = 0;
+    NV_ReadValue_In	in;
+    NV_ReadValue_Out	out;
+    uint32_t 		nvBufferMax;		/* max write in one chunk */
+    uint16_t		bytesRead;		/* bytes read so far */
+    int			done = FALSE;		/* done reading the certificate */
+    unsigned int	sessionAttr;		/* for this chunk */
+
+    /* maximum NV data that can be read in one chunk */
+    if (rc == 0) {
+	rc = readNvBufferMax12(tssContext,
+			       &nvBufferMax);
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("getIndexContents12: index %08x\n", nvIndex);
+	in.nvIndex = nvIndex;
+    }    
+    /* first read the header */
+    if (rc == 0) {
+	in.offset = 0;
+	in.dataSize = 7;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_NV_ReadValue,
+			 sessionHandle, ownerPassword, 1,
+			 TPM_RH_NULL, NULL, 0);
+	if ((rc != 0) && tssUtilsVerbose) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("getIndexContents12: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	}
+    }
+    /* validate the header and get the certificate length */
+    if (rc == 0) {
+	if (tssUtilsVerbose)
+	    TSS_PrintAll("getIndexContents12: header data", out.data, out.dataSize);
+	if ((out.data[0] != 0x10) ||	/* stored certificate, full certificate */
+	    (out.data[1] != 0x01) ||
+	    (out.data[2] != 0x00) ||	/* full certificate */
+	    (out.data[5] != 0x10) ||
+	    (out.data[6] != 0x02)) {
+	    if (tssUtilsVerbose) printf("getIndexContents12: certificate header error\n");
+	    rc = TSS_RC_X509_ERROR;
+	}
+	*ekCertLength = (out.data[3] << 8) +	/* msb */
+			out.data[4]
+			-2;		/* -2 for tag in bytes 5 and 6 */
+    }	
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("getIndexContents12: certificate length %u\n", *ekCertLength);
+	rc = TSS_Malloc(ekCertificate, *ekCertLength);
+	bytesRead = 0;			/* certificate bytes read so far */
+    }
+    while ((rc == 0) && !done) {
+	/* read a chunk */
+	if (rc == 0) {
+	    in.offset = 7 + bytesRead;
+	    /* subtract safe because bytesRead can never be > *ekCertLength */
+	    if ((uint32_t)(*ekCertLength - bytesRead) <= nvBufferMax) {
+		in.dataSize = *ekCertLength - bytesRead;
+		sessionAttr = sessionAttributes0;	/* last chunk, continue set by caller */
+	    }
+	    else {
+		in.dataSize = nvBufferMax;		/* next chunk */
+		sessionAttr = 1;			/* continue TRUE */
+	    }
+#if 0
+	    if (tssUtilsVerbose)
+		printf("getIndexContents12: read %u reading %u bytes at offset %u\n",
+		       bytesRead, in.dataSize, in.offset);
+#endif
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_ORD_NV_ReadValue,
+			     sessionHandle, ownerPassword, sessionAttr,
+			     TPM_RH_NULL, NULL, 0);
+	    if ((rc != 0) && tssUtilsVerbose) {
+		const char *msg;
+		const char *submsg;
+		const char *num;
+		printf("getIndexContents12: failed, rc %08x\n", rc);
+		TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+		printf("%s%s%s\n", msg, submsg, num);
+	    }
+	}
+	/* copy the results to the read buffer */
+	if (rc == 0) {
+	    memcpy(*ekCertificate + bytesRead, out.data, out.dataSize);
+	    bytesRead += out.dataSize;
+	    if (bytesRead == *ekCertLength) {
+		done = TRUE;
+	    }
+	}
+    }	
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("getIndexContents12: certificate",
+					  *ekCertificate, *ekCertLength);
+    }
+    return rc;
+}
+
diff --git a/utils12/ekutils12.h b/utils12/ekutils12.h
new file mode 100644
index 000000000..be1944cd1
--- /dev/null
+++ b/utils12/ekutils12.h
@@ -0,0 +1,67 @@
+/********************************************************************************/
+/*										*/
+/*			IWG EK Index Parsing Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*	      $Id: ekutils12.h 1258 2018-06-28 16:46:10Z kgoldman $		*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018.						*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef EKUTILS12_H
+#define EKUTILS12_H
+
+#include <ibmtss/tss.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    TPM_RC readNvBufferMax12(TSS_CONTEXT *tssContext,
+			     uint32_t *nvBufferMax);
+    TPM_RC getIndexSize12(TSS_CONTEXT *tssContext,
+			  uint16_t *dataSize,
+			  TPMI_RH_NV_INDEX nvIndex);
+    TPM_RC getIndexContents12(TSS_CONTEXT *tssContext,
+			      unsigned char **ekCertificate,
+			      uint16_t *ekCertLength,
+			      TPMI_RH_NV_INDEX nvIndex,
+			      const char *ownerPassword,
+			      TPM_AUTHHANDLE sessionHandle,
+			      unsigned int sessionAttributes0);
+
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/utils12/eventextend.c b/utils12/eventextend.c
new file mode 100644
index 000000000..2c439cc65
--- /dev/null
+++ b/utils12/eventextend.c
@@ -0,0 +1,317 @@
+/********************************************************************************/
+/*										*/
+/*		      Extend a TPM 1.2 EVENT measurement file into PCRs		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* eventextend is test/demo code.  It parses a TPM2 event log file and extends the measurements into
+   TPM PCRs or simulated PCRs.  This simulates the actions that would be performed by BIOS /
+   firmware in a hardware platform.  */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+
+#include "eventlib.h"
+
+/* local prototypes */
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int 			i = 0;
+    TSS_CONTEXT			*tssContext = NULL;
+    const char 			*infilename = NULL;
+    FILE 			*infile = NULL;
+    int				tpm = FALSE;	/* extend into TPM */
+    int				sim = FALSE;	/* extend into simulated PCRs */
+    int				noSpace = FALSE;
+    int 			pcrNum = 0;	/* PCR number iterator */
+    TPM_PCRINDEX 		pcrMax = 7;
+    TPMT_HA 			simPcrs[IMPLEMENTATION_PCR];
+    TPMT_HA 			bootAggregate;
+    TCG_PCR_EVENT 		event;			/* TPM 1.2 event log entry */
+    unsigned int 		lineNum;
+    int 			endOfFile = FALSE;
+	
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; i<argc ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		infilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+		exit(2);
+	    }
+	}
+	else if (strcmp(argv[i],"-tpm") == 0) {
+	    tpm = TRUE;
+	}
+	else if (strcmp(argv[i],"-sim") == 0) {
+	    sim = TRUE;
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-pcrmax") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrMax);
+	    }
+	    else {
+		printf("Missing parameter for -pcrmax");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (infilename == NULL) {
+	printf("Missing -if argument\n");
+	printUsage();
+    }
+    if (!tpm && !sim) {
+	printf("-tpm or -sim must be specified\n");
+	printUsage();
+    }
+    /*
+    ** read the event log file
+    */
+    infile = fopen(infilename,"rb");
+    if (infile == NULL) {
+	printf("Unable to open input file '%s'\n", infilename);
+	exit(-4);
+    }
+    /* Start a TSS context */
+    if ((rc == 0) && tpm) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* simulated BIOS PCRs start at zero at boot */
+    if ((rc == 0) && sim) {
+	bootAggregate.hashAlg = TPM_ALG_SHA1;
+	for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) {
+	    /* initialize each algorithm ID  */
+	    simPcrs[pcrNum].hashAlg = TPM_ALG_SHA1;
+	    memset(&simPcrs[pcrNum].digest.sha1, 0, SHA1_DIGEST_SIZE);
+	}
+    }
+    /* scan each measurement 'line' in the binary */
+    for (lineNum = 0 ; (rc == 0) && !endOfFile ; lineNum++) {
+
+	/* read a TPM 2.0 hash agile event line */
+	if (rc == 0) {
+	    rc = TSS_EVENT_Line_Read(&event, &endOfFile, infile);
+	}
+	/* debug tracing */
+	if ((rc == 0) && !endOfFile && tssUtilsVerbose) {
+	    printf("\neventextend: line %u\n", lineNum);
+	    TSS_EVENT_Line_Trace(&event);
+	}
+	/* don't extend no action events */
+	if ((rc == 0) && !endOfFile) {
+	    if (event.eventType == EV_NO_ACTION) {
+		continue;
+	    }
+	}
+	if ((rc == 0) && !endOfFile && tpm) {	/* extend TPM */
+	    Extend_In 			in;
+	    Extend_Out 			out;
+
+	    if (rc == 0) {
+		in.pcrNum = event.pcrIndex;
+		memcpy(in.inDigest, event.digest, SHA1_DIGEST_SIZE);
+		rc = TSS_Execute(tssContext,
+				 (RESPONSE_PARAMETERS *)&out, 
+				 (COMMAND_PARAMETERS *)&in,
+				 NULL,
+				 TPM_ORD_Extend,
+				 TPM_RH_NULL, NULL, 0);
+	    }
+	    if ((rc == 0) && tssUtilsVerbose) {
+		TSS_PrintAll("PCR digest", out.outDigest, SHA1_DIGEST_SIZE);
+	    }
+	}
+	if ((rc == 0) && !endOfFile && sim) {	/* extend simulated PCRs */
+	    rc = TSS_EVENT_PCR_Extend(simPcrs, &event);
+	}
+	if ((rc == 0) && tssUtilsVerbose && !endOfFile && sim) {
+	    TSS_PrintAll("eventextend: new PCR value",
+			 (uint8_t *)&simPcrs[event.pcrIndex].digest, SHA1_DIGEST_SIZE);
+	}
+    }
+    {
+	if (tpm) {
+	    TPM_RC rc1 = TSS_Delete(tssContext);
+	    if (rc == 0) {
+		rc = rc1;
+	    }
+	}
+    }
+    if ((rc == 0) && sim) {
+	/* trace the virtual PCRs */
+	if (rc == 0) {
+	    char pcrString[9];	/* PCR number */
+
+	    printf("\n");
+	    for (pcrNum = 0 ; pcrNum < IMPLEMENTATION_PCR ; pcrNum++) {
+		sprintf(pcrString, "PCR %02u:", pcrNum);
+		if (!noSpace) {
+		    /* TSS_PrintAllLogLevel() with a log level of LOGLEVEL_INFO to print the byte
+		       array on one line with no length */
+		    TSS_PrintAllLogLevel(LOGLEVEL_INFO, pcrString, 1,
+					 simPcrs[pcrNum].digest.sha1, SHA1_DIGEST_SIZE);
+		}
+		else {	/* print with no spaces */
+		    uint32_t bp;
+		    printf("PCR %02u: ", pcrNum);
+		    for (bp = 0 ; bp < SHA1_DIGEST_SIZE ; bp++) {
+			printf("%02x", simPcrs[pcrNum].digest.sha1[bp]);
+		    }
+		    printf("\n");
+		}
+	    }
+	}
+	/* calculate the boot aggregate, hash of PCR 0-7 */
+	if (rc == 0) {
+	    int length[IMPLEMENTATION_PCR];
+	    size_t j;
+	    for (j = 0 ; j < IMPLEMENTATION_PCR ; j++) {
+		if (j <= pcrMax) {	/* include PCRs up to here */
+		    length[j] = SHA1_DIGEST_SIZE;
+		}
+		else {
+		    length[j] = 0;	/* exclude PCRs after to here */
+		}
+	    }
+	    rc = TSS_Hash_Generate(&bootAggregate,
+				   length[0], &simPcrs[0].digest.sha1,
+				   length[1], &simPcrs[1].digest.sha1,
+				   length[2], &simPcrs[2].digest.sha1,
+				   length[3], &simPcrs[3].digest.sha1,
+				   length[4], &simPcrs[4].digest.sha1,
+				   length[5], &simPcrs[5].digest.sha1,
+				   length[6], &simPcrs[6].digest.sha1,
+				   length[7], &simPcrs[7].digest.sha1,
+				   length[8], &simPcrs[8].digest.sha1,
+				   length[9], &simPcrs[9].digest.sha1,
+				   length[10], &simPcrs[10].digest.sha1,
+				   length[11], &simPcrs[11].digest.sha1,
+				   length[12], &simPcrs[12].digest.sha1,
+				   length[13], &simPcrs[13].digest.sha1,
+				   length[14], &simPcrs[14].digest.sha1,
+				   length[15], &simPcrs[15].digest.sha1,
+				   length[16], &simPcrs[16].digest.sha1,
+				   length[17], &simPcrs[17].digest.sha1,
+				   length[18], &simPcrs[18].digest.sha1,
+				   length[19], &simPcrs[19].digest.sha1,
+				   length[20], &simPcrs[20].digest.sha1,
+				   length[21], &simPcrs[21].digest.sha1,
+				   length[22], &simPcrs[22].digest.sha1,
+				   length[23], &simPcrs[23].digest.sha1,
+				   0, NULL);
+	}
+	/* trace the boot aggregate */
+	if (rc == 0) {
+	    if (!noSpace) {
+		TSS_PrintAllLogLevel(LOGLEVEL_INFO, "\nboot aggregate:", 1,
+				     bootAggregate.digest.sha1, SHA1_DIGEST_SIZE);
+	    }
+	    else {	/* print with no spaces */
+		uint32_t bp;
+		printf("\nboot aggregate: ");
+		for (bp = 0 ; bp < SHA1_DIGEST_SIZE ; bp++) {
+		    printf("%02x", bootAggregate.digest.sha1[bp]);
+		}
+		printf("\n");
+	    }
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("eventextend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("eventextend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    if (infile != NULL) {
+	fclose(infile);
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("Usage: eventextend -if <measurement file> [-v]\n");
+    printf("\n");
+    printf("Extends a measurement file (binary) into a TPM or simulated PCRs\n");
+    printf("\n");
+    printf("\t-if\t <input file> is the file containing the data to be extended\n");
+    printf("\t[-tpm\textend TPM PCRs]\n");
+    printf("\t[-sim\tcalculate simulated PCRs and boot aggregate]\n");
+    printf("\t[-pcrmax\twith -sim, sets the highest PCR number to be used to calculate the\n"
+	   "\t\tboot aggregate (default 7)]\n");
+    printf("\t[-ns\tno space, no text, no newlines]\n");
+    printf("\n");
+    exit(-1);
+}
+
diff --git a/utils12/extend.c b/utils12/extend.c
new file mode 100644
index 000000000..59292ebd4
--- /dev/null
+++ b/utils12/extend.c
@@ -0,0 +1,206 @@
+/********************************************************************************/
+/*										*/
+/*			    Extend		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Extend_In 			in;
+    Extend_Out 			out;
+    TPM_PCRINDEX 		pcrNum = IMPLEMENTATION_PCR;
+    const char 			*dataString = NULL;
+    const char 			*datafilename = NULL;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrNum);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataString = argv[i];
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+	    } else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrNum >= IMPLEMENTATION_PCR) {
+	printf("Missing or bad PCR handle parameter -ha\n");
+	printUsage();
+    }
+    if ((dataString == NULL) && (datafilename == NULL)) {
+	printf("Data string or data file must be specified\n");
+	printUsage();
+    }
+    if ((dataString != NULL) && (datafilename != NULL)) {
+	printf("Data string and data file cannot both be specified\n");
+	printUsage();
+    }
+    if ((dataString != NULL) && (strlen(dataString) > SHA1_DIGEST_SIZE)) {
+	printf("Data length greater than maximum hash size %u bytes\n", SHA1_DIGEST_SIZE);
+	printUsage();
+    }
+    if (rc == 0) {
+	in.pcrNum = pcrNum;
+	/* append zero padding to maximum hash algorithm length */
+	memset((uint8_t *)&in.inDigest, 0, SHA1_DIGEST_SIZE);
+    }
+    if (rc == 0) {
+	if (dataString != NULL) {
+	    if (tssUtilsVerbose) printf("Extending %u bytes from stream\n",
+				(unsigned int)strlen(dataString));
+	    memcpy((uint8_t *)&in.inDigest, dataString, strlen(dataString));
+	}
+    }
+    if (datafilename != NULL) {
+	unsigned char 	*fileData = NULL;
+	size_t 		length;
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&fileData, &length, datafilename);
+	}
+	if (rc == 0) {
+	    if (length > SHA1_DIGEST_SIZE) {
+		printf("Data length greater than maximum hash size %u bytes\n", SHA1_DIGEST_SIZE);
+		rc = EXIT_FAILURE;
+	    } 
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) printf("Extending %u bytes from file\n", (unsigned int)length);
+	    memcpy((uint8_t *)&in.inDigest, fileData, length);
+	}
+	free(fileData);
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_Extend,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("PCR", out.outDigest, SHA1_DIGEST_SIZE);
+	if (tssUtilsVerbose) printf("extend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("extend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("extend\n");
+    printf("\n");
+    printf("Runs TPM_Extend\n");
+    printf("\n");
+    printf("\t-ha PCR handle\n");
+    printf("\t-ic data string, 0 pad appended to SHA-1 length\n");
+    printf("\t-if data file, 0 pad appended to SHA-1 length\n");
+    exit(1);	
+}
diff --git a/utils12/flushspecific.c b/utils12/flushspecific.c
new file mode 100644
index 000000000..5548edcbb
--- /dev/null
+++ b/utils12/flushspecific.c
@@ -0,0 +1,159 @@
+/********************************************************************************/
+/*										*/
+/*			    Flush Specific	 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    uint32_t 			handle = 0;
+    TPM_RESOURCE_TYPE 		resourceType;
+    FlushSpecific_In 		in;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x",&handle);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-rt") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &resourceType);
+	    }
+	    else {
+		printf("Missing parameter for -rt\n");
+		printUsage();
+	    }
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (handle == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.handle = handle;
+	in.resourceType = resourceType;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_FlushSpecific,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("flushspecific: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("flushspecific: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("flushspecific\n");
+    printf("\n");
+    printf("Runs TPM2_FlushSpecific\n");
+    printf("\n");
+    printf("\t-ha handle\n");
+    printf("\t-rt resource type of the handle\n");
+    printf("\t\t1 - key\n");
+    printf("\t\t2 - auth\n");
+    printf("\t\t4 - transport\n");
+    printf("\t\t5 - context\n");
+    exit(1);	
+}
diff --git a/utils12/getcapability.c b/utils12/getcapability.c
new file mode 100644
index 000000000..02cafc95c
--- /dev/null
+++ b/utils12/getcapability.c
@@ -0,0 +1,875 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 GetCapability				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal_fp.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+typedef void (* USAGE_FUNCTION)(void);
+typedef TPM_RC (* RESPONSE_FUNCTION)(GetCapability12_In *in, GetCapability12_Out *out);
+
+static void printUsage(uint32_t capability);
+static void usageCapability(void);
+static void usageAlg(void);
+static void usagePid(void);
+static void usageFlag(void);
+static void usageProperty(void);
+static void usageSymMode(void);
+static void usageKeyStatus(void);
+static void usageNvIndex(void);
+static void usageTransAlg(void);
+static void usageHandle(void);
+static void usageTransEs(void);
+static void usageAuthEncrypt(void);
+static void usageSelectSize(void);
+static void usageDaLogic(void);
+
+static TPM_RC printResponse(unsigned int idx, GetCapability12_In *in, GetCapability12_Out *out);
+
+static TPM_RC responseBool(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseFlag(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseVersion(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseProperty(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseNvList(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseNvIndex(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseHandleList(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseDaLogic(GetCapability12_In *in, GetCapability12_Out *out);
+static TPM_RC responseVersionVal(GetCapability12_In *in, GetCapability12_Out *out);
+
+typedef struct {
+    uint32_t capability;
+    uint32_t subCapSize;
+    USAGE_FUNCTION usageFunction;
+    RESPONSE_FUNCTION responseFunction;
+} CAPABILITY_TABLE;
+
+static const CAPABILITY_TABLE capabilityTable [] = {
+    {TPM_CAP_ORD              , 4, NULL, 		responseBool},
+    {TPM_CAP_ALG              , 4, usageAlg, 		responseBool},
+    {TPM_CAP_PID              , 2, usagePid, 		responseBool},
+    {TPM_CAP_FLAG             , 4, usageFlag, 		responseFlag},
+    {TPM_CAP_PROPERTY         , 4, usageProperty, 	responseProperty},
+    {TPM_CAP_VERSION          , 0, NULL, 		responseVersion},
+    {TPM_CAP_KEY_HANDLE       , 0, NULL, 		responseHandleList},
+#if 0
+    {TPM_CAP_CHECK_LOADED     , 4, usage, 		TYPE_BOOL},
+#endif
+    {TPM_CAP_SYM_MODE	  , 4, usageSymMode, 	responseBool},
+    {TPM_CAP_KEY_STATUS       , 4, usageKeyStatus, 	responseBool},
+    {TPM_CAP_NV_LIST          , 0, NULL, 		responseNvList},
+    {TPM_CAP_MFR              , 4, NULL, 		NULL},
+    {TPM_CAP_NV_INDEX         , 4, usageNvIndex, 	responseNvIndex},
+    {TPM_CAP_TRANS_ALG        , 4, usageTransAlg, 	responseBool},
+#if 0
+    {TPM_CAP_GPIO_CHANNEL     , 2, usage, TYPE_BOOL},
+#endif
+    {TPM_CAP_HANDLE           , 4, usageHandle, 	responseHandleList},
+    {TPM_CAP_TRANS_ES         , 2, usageTransEs, 	responseBool},
+#if 0
+    {TPM_CAP_MANUFACTURER_VER , 0, usage, 		TYPE_STRUCTURE},
+#endif
+    {TPM_CAP_AUTH_ENCRYPT     , 4, usageAuthEncrypt, 	responseBool},
+    {TPM_CAP_SELECT_SIZE      , 0, usageSelectSize,	responseBool},
+    {TPM_CAP_DA_LOGIC         , 2, usageDaLogic, 	responseDaLogic},
+    {TPM_CAP_VERSION_VAL      , 0, NULL, 		responseVersionVal},
+    {0xffffffff		      , 0, NULL, 		NULL}
+};
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    unsigned int		idx;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    GetCapability12_In		in;
+    GetCapability12_Out		out;
+    uint32_t			cap = 0;
+    uint32_t			scap32;
+    uint16_t			scap16;
+    int 			noScap = TRUE;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-cap") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &cap);
+	    }
+	    else {
+		printf("Missing parameter for -cap\n");
+		printUsage(cap);
+	    }
+	}
+	else if (strcmp(argv[i],"-scap") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &scap32);
+		scap16 = scap32;
+		noScap = FALSE;
+	    }
+	    else {
+		printf("Missing parameter for -scap\n");
+		printUsage(cap);
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage(cap);
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage(cap);
+	}
+    }
+    if (cap == 0) {
+	printf("Missing parameter -cap\n");
+	printUsage(cap);
+    }
+    /* get table entry */
+    if (rc == 0) {
+	for (idx = 0 ; capabilityTable[idx].capability != 0xffffffff ; idx++) {
+	    if (capabilityTable[idx].capability == cap) {
+		if (capabilityTable[idx].subCapSize > 0) {
+		    if (noScap) {
+			printf("Missing parameter -scap\n");
+			printUsage(cap);
+		    }
+		}
+		break;
+	    }
+	}
+	if (capabilityTable[idx].capability == 0xffffffff) {
+	    printf("Unknown or unsupported -cap %08x\n", cap);
+	    printUsage(cap);
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	uint16_t written = 0;
+	uint8_t *buffer = in.subCap;
+	in.capArea = cap;
+	in.subCapSize = capabilityTable[idx].subCapSize;
+	if (cap == TPM_CAP_SELECT_SIZE) {
+	    /* marshal a TPM_SELECT_SIZE */
+	    uint8_t b01 = 0x01;
+	    uint8_t b02 = 0x02;
+	    TSS_UINT8_Marshalu(&b01, &written, &buffer, NULL);	/* major */
+	    TSS_UINT8_Marshalu(&b02, &written, &buffer, NULL);	/* minor */
+	    TSS_UINT16_Marshalu(&scap16, &written, &buffer, NULL);
+	    in.subCapSize = sizeof(TPM_SELECT_SIZE);
+	}
+	else if (in.subCapSize == 2) {
+	    TSS_UINT16_Marshalu(&scap16, &written, &buffer, NULL);
+	}
+	else if (in.subCapSize == 4) {
+	    TSS_UINT32_Marshalu(&scap32, &written, &buffer, NULL);
+	}
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_GetCapability,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	rc = printResponse(idx, &in, &out);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("getcapability: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("getcapability: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(uint32_t capability)
+{
+    size_t i;
+    
+    printf("\n");
+    printf("getcapability\n");
+    printf("\n");
+    printf("Runs TPM_GetCapability\n");
+    printf("\n");
+    printf("\t-cap capability Part 2 21.1\n");
+    printf("\t[-subcap capability Part 2 21.2]\n");
+    printf("\n");
+    /* call the usage function in the capability table */
+    for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) {
+	if (capabilityTable[i].capability == capability) {
+	    if (capabilityTable[i].usageFunction != NULL) {
+		capabilityTable[i].usageFunction();
+	    }
+	    exit(1);
+	}
+    }
+    usageCapability();
+    exit(1);
+}
+
+static void usageCapability(void)
+{
+    printf("-cap values\n"
+	   "\n"
+	   "TPM_CAP_ORD             01 \n"
+	   "TPM_CAP_ALG             02 \n"
+	   "TPM_CAP_PID             03 \n"
+	   "TPM_CAP_FLAG            04 \n"
+	   "TPM_CAP_PROPERTY        05 \n"
+	   "TPM_CAP_VERSION         06 \n"
+	   "TPM_CAP_KEY_HANDLE      07 \n"
+	   "TPM_CAP_CHECK_LOADED    08 \n"
+	   "TPM_CAP_SYM_MODE        09 \n"
+	   "TPM_CAP_KEY_STATUS      0C \n"
+	   "TPM_CAP_NV_LIST         0D \n"
+	   "TPM_CAP_MFR             10 \n"
+	   "TPM_CAP_NV_INDEX        11 \n"
+	   "TPM_CAP_TRANS_ALG       12 \n"
+	   "TPM_CAP_HANDLE          14 \n"
+	   "TPM_CAP_TRANS_ES        15 \n"
+	   "TPM_CAP_AUTH_ENCRYPT    17 \n"
+	   "TPM_CAP_SELECT_SIZE     18 \n"
+	   "TPM_CAP_DA_LOGIC        19 \n"
+	   "TPM_CAP_VERSION_VAL     1A \n"
+	   "\n"
+	   );
+    return;
+}
+
+static void usageAlg(void)
+{
+    printf("TPM_CAP_ALGS -scap values\n"
+	   "\n"
+	   "TPM_ALG_RSA          1 \n"
+	   "TPM_ALG_DES          2 \n"
+	   "TPM_ALG_3DES         3 \n"
+	   "TPM_ALG_SHA          4 \n"
+	   "TPM_ALG_HMAC         5 \n"
+	   "TPM_ALG_AES128       6 \n"
+	   "TPM_ALG_MGF1         7 \n"
+	   "TPM_ALG_AES192       8 \n"
+	   "TPM_ALG_AES256       9 \n"
+	   "TPM_ALG_XOR          A \n"
+	   "\n"
+	   );
+   return;
+}
+
+static void usagePid(void)
+{
+    printf("TPM_CAP_PID -scap values\n"
+	   "\n"             
+	   "TPM_PID_NONE            0 \n"
+	   "TPM_PID_OIAP            1 \n"
+	   "TPM_PID_OSAP            2 \n"
+	   "TPM_PID_ADIP            3 \n"
+	   "TPM_PID_ADCP            4 \n"
+	   "TPM_PID_OWNER           5 \n"
+	   "TPM_PID_DSAP            6 \n"
+	   "TPM_PID_TRANSPORT       7 \n"
+	   );
+    return;
+}
+static void usageFlag(void)
+{
+    printf("TPM_CAP_FLAG -scap values\n"
+	   "\n"                        
+	   "TPM_CAP_FLAG_PERMANENT 	108 \n"
+	   "TPM_CAP_FLAG_VOLATILE	109 \n"
+	   );
+    return;
+}
+static void usageProperty(void)
+{
+    printf("TPM_CAP_PROPERTY -scap values\n"
+	   "\n"                    
+	   "TPM_CAP_PROP_PCR		101 \n"
+	   "TPM_CAP_PROP_DIR		102 \n"
+	   "TPM_CAP_PROP_MANUFACTURER	103 \n"
+	   "TPM_CAP_PROP_KEYS		104 \n"
+	   "TPM_CAP_PROP_MIN_COUNTER	107 \n"
+	   "TPM_CAP_PROP_AUTHSESS		10A \n"
+	   "TPM_CAP_PROP_TRANSESS		10B \n"
+	   "TPM_CAP_PROP_COUNTERS		10C \n"
+	   "TPM_CAP_PROP_MAX_AUTHSESS	10D \n"
+	   "TPM_CAP_PROP_MAX_TRANSESS	10E \n"
+	   "TPM_CAP_PROP_MAX_COUNTERS	10F \n"
+	   "TPM_CAP_PROP_MAX_KEYS		110 \n"
+	   "TPM_CAP_PROP_OWNER		111 \n"
+	   "TPM_CAP_PROP_CONTEXT		112 \n"
+	   "TPM_CAP_PROP_MAX_CONTEXT	113 \n"
+	   "TPM_CAP_PROP_FAMILYROWS		114 \n"
+	   "TPM_CAP_PROP_TIS_TIMEOUT	115 \n"
+	   "TPM_CAP_PROP_STARTUP_EFFECT	116 \n"
+	   "TPM_CAP_PROP_DELEGATE_ROW	117 \n"
+	   "TPM_CAP_PROP_MAX_DAASESS	119 \n"
+	   "TPM_CAP_PROP_DAASESS		11A \n"
+	   "TPM_CAP_PROP_CONTEXT_DIST	11B \n"
+	   "TPM_CAP_PROP_DAA_INTERRUPT	11C \n"
+	   "TPM_CAP_PROP_SESSIONS		11D \n"
+	   "TPM_CAP_PROP_MAX_SESSIONS	11E \n"
+	   "TPM_CAP_PROP_CMK_RESTRICTION	11F \n"
+	   "TPM_CAP_PROP_DURATION		120 \n"
+	   "TPM_CAP_PROP_ACTIVE_COUNTER	122 \n"
+	   "TPM_CAP_PROP_MAX_NV_AVAILABLE	123 \n"
+	   "TPM_CAP_PROP_INPUT_BUFFER	124 \n"
+	   );
+    return;
+}
+
+static void usageSymMode(void)
+{
+    printf("TPM_CAP_SYM_MODE -scap values\n"
+	   "\n"              	  
+	   "TPM_SYM_MODE_ECB	1 \n"
+	   "TPM_SYM_MODE_CBC	2 \n"
+	   "TPM_SYM_MODE_CFB	3 \n"
+	   );
+    return;
+}
+
+static void usageKeyStatus(void)
+{
+    printf("TPM_CAP_KEY_STATUS -scap value is key handle\n");
+    return;
+}
+
+static void usageNvIndex(void)
+{
+    printf("TPM_CAP_NV_INDEX -scap value is NV index handle\n");
+    return;
+}
+
+static void usageTransAlg(void)
+{
+    printf("TPM_CAP_TRANS_ALG -scap values\n"
+	   "\n"
+	   "TPM_ALG_RSA      1 \n"
+	   "TPM_ALG_DES      2 \n"
+	   "TPM_ALG_3DES     3 \n"
+	   "TPM_ALG_SHA      4 \n"
+	   "TPM_ALG_HMAC     5 \n"
+	   "TPM_ALG_AES128   6 \n"
+	   "TPM_ALG_MGF1     7 \n"
+	   "TPM_ALG_AES192   8 \n"
+	   "TPM_ALG_AES256   9 \n"
+	   "TPM_ALG_XOR      A \n"
+	   "\n"
+	   );
+    return;
+}
+
+static void usageHandle(void)
+{
+    printf("TPM_CAP_HANDLE -scap values\n"
+	   "\n"
+           "TPM_RT_KEY      1 \n"  
+	   "TPM_RT_AUTH     2 \n" 
+	   "TPM_RT_HASH     3 \n" 
+	   "TPM_RT_TRANS    4 \n"
+	   "TPM_RT_CONTEXT  5 \n"
+	   "TPM_RT_COUNTER  6 \n"
+	   "TPM_RT_DELEGATE 7 \n"
+	   "TPM_RT_DAA_TPM  8 \n"
+	   "TPM_RT_DAA_V0   9 \n"
+	   "TPM_RT_DAA_V1   A \n" 
+	   "\n"
+	   );
+   return;
+}
+
+static void usageTransEs(void)
+{
+    printf("TPM_CAP_TRANS_ES -scap values\n"
+	   "\n"
+	   "TPM_ES_NONE                     1 \n"  
+	   "TPM_ES_RSAESPKCSv15             2 \n" 
+	   "TPM_ES_RSAESOAEP_SHA1_MGF1      3 \n" 
+	   "TPM_ES_SYM_CTR                  4 \n" 
+	   "TPM_ES_SYM_OFB                  5 \n"
+	   );
+    return;
+}
+
+static void usageAuthEncrypt(void)
+{
+    printf("TPM_CAP_AUTH_ENCRYPT -scap values\n"
+	   "\n"
+	   "TPM_ALG_RSA     1 \n"
+	   "TPM_ALG_DES     2 \n"
+	   "TPM_ALG_3DES    3 \n"
+	   "TPM_ALG_SHA     4 \n"
+	   "TPM_ALG_HMAC    5 \n"
+	   "TPM_ALG_AES128  6 \n"
+	   "TPM_ALG_MGF1    7 \n"
+	   "TPM_ALG_AES192  8 \n"
+	   "TPM_ALG_AES256  9 \n"
+	   "TPM_ALG_XOR     A \n"
+	   "\n"
+	   );
+    return;
+}
+
+static void usageSelectSize(void)
+{
+    printf("TPM_CAP_SELECT_SIZE -scap value is select size\n");
+    return;
+}
+
+static void usageDaLogic(void)
+{
+    printf("TPM_CAP_DA_LOGIC -scap values\n"
+	   "\n"
+	   "TPM_ET_KEYHANDLE        0x01 \n"
+	   "TPM_ET_OWNER            0x02 \n"
+	   "TPM_ET_DATA             0x03 \n"
+	   "TPM_ET_SRK              0x04 \n"
+	   "TPM_ET_KEY              0x05 \n"
+	   "TPM_ET_REVOKE           0x06 \n"
+	   "TPM_ET_DEL_OWNER_BLOB   0x07 \n"
+	   "TPM_ET_DEL_ROW          0x08 \n"
+	   "TPM_ET_DEL_KEY_BLOB     0x09 \n"
+	   "TPM_ET_COUNTER          0x0A \n"
+	   "TPM_ET_NV               0x0B \n"
+	   "TPM_ET_OPERATOR         0x0C \n"
+	   );
+    return;
+}
+
+static TPM_RC printResponse(unsigned int idx, GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    RESPONSE_FUNCTION responseFunction = capabilityTable[idx].responseFunction;
+    if (responseFunction != NULL) {
+	rc = responseFunction(in, out);
+    }
+    else {
+	printf("printResponse: Unimplemented print\n");
+    }
+    return rc;
+}
+
+static TPM_RC responseBool(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    in = in;
+    out = out;
+    printf("boolean: %u\n", out->resp[0]);
+    return rc;
+}
+
+static TPM_RC responseFlag(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    uint32_t scapHbo;
+    scapHbo = ntohl(*(uint32_t *)(in->subCap));
+    TPM_PERMANENT_FLAGS *pf = (TPM_PERMANENT_FLAGS *)out->resp;
+    TPM_STCLEAR_FLAGS *sf = (TPM_STCLEAR_FLAGS *)out->resp;
+
+    switch(scapHbo) {
+      case TPM_CAP_FLAG_PERMANENT:
+	printf("Permanent flags:\n");
+	/* rev 62 + */
+	printf("\tDisabled: %s\n",(0 == pf->disable) ? "FALSE" : "TRUE");
+	printf("\tOwnership: %s\n",(0 == pf->ownership) ? "FALSE" : "TRUE");
+	printf("\tDeactivated: %s\n",(0 == pf->deactivated) ? "FALSE" : "TRUE");
+	printf("\tRead Pubek: %s\n",(0 == pf->readPubek) ? "FALSE" : "TRUE");
+	printf("\tDisable Owner Clear: %s\n", (0 == pf->disableOwnerClear) ? "FALSE" : "TRUE");
+	printf("\tAllow Maintenance: %s\n",(0 == pf->allowMaintenance) ? "FALSE" : "TRUE");
+	printf("\tPhysical Presence Lifetime Lock: %s\n",
+	       (0 == pf->physicalPresenceLifetimeLock) ? "FALSE" : "TRUE");
+	printf("\tPhysical Presence HW Enable: %s\n",
+	       (0 == pf->physicalPresenceHWEnable) ? "FALSE" : "TRUE");
+	printf("\tPhysical Presence CMD Enable: %s\n",
+	       (0 == pf->physicalPresenceCMDEnable) ? "FALSE" : "TRUE");
+	printf("\tCEKPUsed: %s\n", (0 == pf->CEKPUsed) ? "FALSE" : "TRUE");
+	printf("\tTPMpost: %s\n",(0 == pf->TPMpost) ? "FALSE" : "TRUE");
+	printf("\tTPMpost Lock: %s\n", (0 == pf->TPMpostLock) ? "FALSE" : "TRUE");
+	printf("\tFIPS: %s\n",(0 == pf->FIPS) ? "FALSE" : "TRUE");
+	printf("\tOperator: %s\n", (0 == pf->tpmOperator) ? "FALSE" : "TRUE");
+	printf("\tEnable Revoke EK: %s\n", (0 == pf->enableRevokeEK) ? "FALSE" : "TRUE");
+	/* Atmel rev 85 only returns 18 BOOLs */
+	if (out->respSize > 19) {
+	    printf("\tNV Locked: %s\n",( 0 == pf->nvLocked) ? "FALSE" : "TRUE");
+	    printf("\tRead SRK pub: %s\n",(0 == pf->readSRKPub) ? "FALSE" : "TRUE");
+	    printf("\tTPM established: %s\n",(0 == pf->tpmEstablished) ? "FALSE" : "TRUE");
+	}
+	/* rev 85 + */
+	if (out->respSize > 20) {
+	    printf("\tMaintenance done: %s\n",(0 == pf->maintenanceDone) ? "FALSE" : "TRUE");
+	}	    
+	/* rev 103 */
+	if (out->respSize > 21) {
+	    printf("\tDisable full DA logic info: %s\n",(0 == pf->disableFullDALogicInfo) ? "FALSE" : "TRUE");
+	}
+	break;
+      case TPM_CAP_FLAG_VOLATILE:
+	printf("Volatile flags:\n");
+	printf("\tDeactivated: %s\n",(0 == sf->deactivated) ? "FALSE" : "TRUE");
+	printf("\tDisable ForceClear: %s\n",(0 == sf->disableForceClear) ? "FALSE" : "TRUE");
+	printf("\tPhysical Presence: %s\n",(0 == sf->physicalPresence) ? "FALSE" : "TRUE");
+	printf("\tPhysical Presence Lock: %s\n",(0 == sf->physicalPresenceLock) ? "FALSE" : "TRUE");
+	printf("\tbGlobal Lock: %s\n",(0 == sf->bGlobalLock) ? "FALSE" : "TRUE");
+	break;
+      default:
+	printf("responseFlag: Subcap 08x %unknown\n", scapHbo);
+    }
+    return rc;
+}
+
+static TPM_RC responseVersion(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    in = in;
+    TPM_STRUCT_VER *sv = (TPM_STRUCT_VER *)out->resp;	/* just bytes */
+    printf("TPM_CAP_VERSION: major %02x\n", sv->major);
+    printf("TPM_CAP_VERSION: minor %02x\n", sv->minor);
+    printf("TPM_CAP_VERSION: revMajor %02x\n", sv->revMajor);
+    printf("TPM_CAP_VERSION: revMinor %02x\n", sv->revMinor);
+    return rc;
+}
+
+static TPM_RC responseProperty(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    uint32_t scapHbo;
+    scapHbo = ntohl(*(uint32_t *)(in->subCap));
+    switch(scapHbo) {
+      case TPM_CAP_PROP_PCR:
+	printf("TPM_CAP_PROP_PCR: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_DIR:
+	printf("TPM_CAP_PROP_DIR: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MANUFACTURER:
+	printf("TPM_CAP_PROP_MANUFACTURER: %c%c%c%c\n",
+	       out->resp[0], out->resp[1], out->resp[2], out->resp[3]);
+	break;
+      case TPM_CAP_PROP_KEYS:
+	printf("TPM_CAP_PROP_KEYS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MIN_COUNTER:
+	printf("TPM_CAP_PROP_MIN_COUNTER: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_AUTHSESS:
+	printf("TPM_CAP_PROP_AUTHSESS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_TRANSESS:
+	printf("TPM_CAP_PROP_TRANSESS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_COUNTERS:
+	printf("TPM_CAP_PROP_COUNTERS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_AUTHSESS:
+	printf("TPM_CAP_PROP_MAX_AUTHSESS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_TRANSESS:
+	printf("TPM_CAP_PROP_MAX_TRANSESS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_COUNTERS:
+	printf("TPM_CAP_PROP_MAX_COUNTERS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_KEYS:
+	printf("TPM_CAP_PROP_MAX_KEYS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_OWNER:
+	printf("TPM_CAP_PROP_OWNER: %u\n", out->resp[0]);
+	break;
+      case TPM_CAP_PROP_CONTEXT:
+	printf("TPM_CAP_PROP_CONTEXT: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_CONTEXT:
+	printf("TPM_CAP_PROP_MAX_CONTEXT: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_FAMILYROWS:
+	printf("TPM_CAP_PROP_FAMILYROWS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_TIS_TIMEOUT:
+	printf("TPM_CAP_PROP_TIS_TIMEOUT: %u %u %u %u\n",
+	       ntohl(*(uint32_t *)(out->resp + 0)),
+	       ntohl(*(uint32_t *)(out->resp + 4)),
+	       ntohl(*(uint32_t *)(out->resp + 8)),
+	       ntohl(*(uint32_t *)(out->resp +12))
+	       );
+	break;
+      case TPM_CAP_PROP_STARTUP_EFFECT:
+	printf("TPM_CAP_PROP_STARTUP_EFFECT: print unimplemented\n");
+	break;
+      case TPM_CAP_PROP_DELEGATE_ROW:
+	printf("TPM_CAP_PROP_DELEGATE_ROW: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_DAASESS:
+	printf("TPM_CAP_PROP_MAX_DAASESS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_DAASESS:
+	printf("TPM_CAP_PROP_DAASESS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_CONTEXT_DIST:
+	printf("TPM_CAP_PROP_CONTEXT_DIST: %08x\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_DAA_INTERRUPT:
+	printf("TPM_CAP_PROP_DAA_INTERRUPT: %u\n", out->resp[0]);
+	break;
+      case TPM_CAP_PROP_SESSIONS:
+	printf("TPM_CAP_PROP_SESSIONS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_MAX_SESSIONS:
+	printf("TPM_CAP_PROP_MAX_SESSIONS: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_CMK_RESTRICTION:
+	printf("TPM_CAP_PROP_CMK_RESTRICTION: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_DURATION:
+	printf("TPM_CAP_PROP_DURATION: %u %u %u\n", 
+	       ntohl(*(uint32_t *)(out->resp + 0)),
+	       ntohl(*(uint32_t *)(out->resp + 4)),
+	       ntohl(*(uint32_t *)(out->resp + 8))
+	       );
+	break;
+      case TPM_CAP_PROP_ACTIVE_COUNTER:
+	printf("TPM_CAP_PROP_ACTIVE_COUNTER: print not implemented yet\n");
+	break;
+      case TPM_CAP_PROP_MAX_NV_AVAILABLE:
+	printf("TPM_CAP_PROP_MAX_NV_AVAILABLE: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      case TPM_CAP_PROP_INPUT_BUFFER:
+	printf("TPM_CAP_PROP_INPUT_BUFFER: %u\n", ntohl(*(uint32_t *)(out->resp)));
+	break;
+      default:
+	printf("responseProperty: Subcap 08x %unknown\n", scapHbo);
+    }
+    return rc;
+}
+
+static TPM_RC responseNvList(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    uint16_t i;
+    uint32_t count = (out->respSize / sizeof(uint32_t));
+    in = in;
+
+    printf("responseNvList: count %u\n", count);
+    for (i = 0 ; i < count ; i++) {
+	uint32_t handle = ntohl(*(uint32_t *)(out->resp + (i * sizeof(uint32_t))));
+	printf("\tHandle %u %08x\n", i, handle);
+    }
+    return rc;
+}
+
+static TPM_RC responseNvIndex(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC 		rc = 0;
+    TPM_NV_DATA_PUBLIC 	ndp;
+    uint8_t 		*buffer = out->resp;
+    uint32_t 		size = out->respSize;
+    in = in;
+
+    if (rc == 0) {
+	rc = TSS_TPM_NV_DATA_PUBLIC_Unmarshalu(&ndp, &buffer, &size);
+    }
+    if (rc == 0) {
+	printf("\tnvIndex               : %08X\n", ndp.nvIndex);
+	printf("\tpermission.attributes : %08X\n", ndp.permission.attributes);
+	printf("\tReadSTClear           : %u\n", ndp.bReadSTClear);
+	printf("\tWriteSTClear          : %u\n", ndp.bWriteSTClear);
+	printf("\tWriteDefine           : %u\n", ndp.bWriteDefine);
+	printf("\tdataSize              : %08X = %u\n",
+	       (unsigned int)ndp.dataSize, (unsigned int)ndp.dataSize);
+    }
+    else {
+	printf("responseNvIndex: TPM_NV_DATA_PUBLIC unmarshal error\n");
+    }
+    return rc;
+}
+
+static TPM_RC responseHandleList(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    uint16_t i;
+    uint16_t count;
+    in = in;
+
+    count = ntohs(*(uint16_t *)(out->resp));
+    printf("responseHandleList: count %u\n", count);
+    for (i = 0 ; i < count ; i++) {
+	uint32_t handle = ntohl(*(uint32_t *)(out->resp + sizeof(uint16_t) +
+					      (i * sizeof(uint32_t))));
+	printf("\tHandle %u %08x\n", i, handle);
+    }
+    return rc;
+}
+
+static TPM_RC responseDaLogic(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    in = in;
+    uint8_t 		*buffer;
+    uint32_t 		size;
+
+    /* could be either structure depending on the tag */
+    TPM_STRUCTURE_TAG tag;
+    if (rc == 0) {
+	buffer = out->resp;
+	size = out->respSize;
+	rc = TSS_UINT16_Unmarshalu(&tag, &buffer, &size);
+    }
+    if (rc == 0) {
+	buffer = out->resp;
+	size = out->respSize;
+	switch (tag) {
+	  case TPM_TAG_DA_INFO:
+	      {
+		  TPM_DA_INFO da;
+		  if (rc == 0) {
+		      rc = TSS_TPM_DA_INFO_Unmarshalu(&da, &buffer, &size);
+		  }
+		  if (rc == 0) {
+		      printf("\tTPM_DA_STATE %s\n", da.state ? "inactive" : "active");
+		      printf("\tcurrentCount %u\n", da.currentCount);
+		      printf("\tthresholdCount %u \n", da.thresholdCount);
+		      printf("\tTPM_DA_ACTION_FAILURE_MODE %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_FAILURE_MODE)
+			     ? "TRUE" : "FALSE");
+		      printf("\tTPM_DA_ACTION_DEACTIVATE %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_DEACTIVATE)
+			     ? "TRUE" : "FALSE");
+		      printf("\tTPM_DA_ACTION_DISABLE %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_DISABLE)
+			     ? "TRUE" : "FALSE");
+		      printf("\tTPM_DA_ACTION_TIMEOUT %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_TIMEOUT)
+			     ? "TRUE" : "FALSE");
+		      printf("\tactionDependValue %u\n", da.actionDependValue);
+		      TSS_PrintAll("\tvendorData", da.vendorData, da.vendorDataSize);
+		  }
+		  break;
+	      }
+	  case TPM_TAG_DA_INFO_LIMITED:
+	      {
+		  TPM_DA_INFO_LIMITED da;
+		  if (rc == 0) {
+		      rc = TSS_TPM_DA_INFO_LIMITED_Unmarshalu(&da, &buffer, &size);
+		  }
+		  if (rc == 0) {
+		      printf("\tTPM_DA_STATE %s\n", da.state ? "inactive" : "active");
+		      printf("\tTPM_DA_ACTION_FAILURE_MODE %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_FAILURE_MODE)
+			     ? "TRUE" : "FALSE");
+		      printf("\tTPM_DA_ACTION_DEACTIVATE %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_DEACTIVATE)
+			     ? "TRUE" : "FALSE");
+		      printf("\tTPM_DA_ACTION_DISABLE %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_DISABLE)
+			     ? "TRUE" : "FALSE");
+		      printf("\tTPM_DA_ACTION_TIMEOUT %s\n",
+			     (da.actionAtThreshold.actions & TPM_DA_ACTION_TIMEOUT)
+			     ? "TRUE" : "FALSE");
+		      TSS_PrintAll("\tvendorData", da.vendorData, da.vendorDataSize);
+		  }
+		  break;
+	      }
+	  default:
+	    printf("responseDaLogic: unknown structure tag %04x\n", tag); 
+	}
+    }
+    else {
+	printf("responseDaLogic: response unmarshal error\n");
+    }
+    return rc;
+}
+
+static TPM_RC responseVersionVal(GetCapability12_In *in, GetCapability12_Out *out)
+{
+    TPM_RC rc = 0;
+    in = in;
+    TPM_CAP_VERSION_INFO vi;
+    if (rc == 0) {
+	uint8_t *buffer = out->resp;
+	uint32_t size = out->respSize;
+	rc = TSS_TPM_CAP_VERSION_INFO_Unmarshalu(&vi, &buffer, &size);
+    }
+    if (rc == 0) {
+	printf("\tmajor %02x\n", vi.version.major);
+	printf("\tminor %02x\n", vi.version.minor);
+	printf("\trevMajor %02x\n", vi.version.revMajor);
+	printf("\trevMinor %02x\n", vi.version.revMinor);
+	printf("\tspecLevel %u\n", vi.specLevel);
+	printf("\terrataRev %u\n", vi.errataRev);
+	printf("\ttpmVendorID %02x %02x %02x %02x %c%c%c%c\n",
+	       vi.tpmVendorID[0], vi.tpmVendorID[1], vi.tpmVendorID[2], vi.tpmVendorID[3],
+	       vi.tpmVendorID[0], vi.tpmVendorID[1], vi.tpmVendorID[2], vi.tpmVendorID[3]);
+	TSS_PrintAll("\tvendorSpecific", vi.vendorSpecific, vi.vendorSpecificSize);
+    }
+    return rc;
+}
+
diff --git a/utils12/imaextend.c b/utils12/imaextend.c
new file mode 100644
index 000000000..84065ad97
--- /dev/null
+++ b/utils12/imaextend.c
@@ -0,0 +1,312 @@
+/********************************************************************************/
+/*										*/
+/*		      Extend an IMA measurement list into PCR 10		*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* imaextend is test/demo code.  It parses a TPM 1.2 event log file and extends the measurements
+   into TPM PCRs.  This simulates the actions that would be performed the Limux kernel IMA in a
+   hardware platform.
+
+   To test incremental attestations, the caller can optionally specify a beginning event number and
+   ending event number.
+
+   To test a platform without a TPM or TPM device driver, but where IMA is creating an event log,
+   the caller can optionally specify a sleep time.  The program will then incrementally extend after
+   each sleep.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <unistd.h>
+
+#include <openssl/err.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+
+#include "imalib.h"
+
+/* local prototypes */
+
+static TPM_RC copyDigest(Extend_In 	*in,
+			 ImaEvent 	*imaEvent);
+static TPM_RC pcrread(TSS_CONTEXT *tssContext,
+		      TPMI_DH_PCR pcrHandle);
+static void printUsage(void);
+
+int tssUtilsVerbose = FALSE;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 		rc = 0;
+    int 		i = 0;
+    TSS_CONTEXT		*tssContext = NULL;
+    Extend_In 		in;
+    Extend_Out 		out;
+    const char 		*infilename = NULL;
+    FILE 		*infile = NULL;
+    int 		littleEndian = FALSE;
+    unsigned long	beginEvent = 0;			/* default beginning of log */
+    unsigned long	endEvent = 0xffffffff;		/* default end of log */
+    unsigned int	loopTime = 0;			/* default no loop */
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+	
+    for (i=1 ; i<argc ; i++) {
+	if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		infilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+		exit(2);
+	    }
+	}
+	else if (strcmp(argv[i],"-le") == 0) {
+	    littleEndian = TRUE; 
+	}
+	else if (strcmp(argv[i],"-b") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%lu", &beginEvent);
+	    }
+	    else {
+		printf("Missing parameter for -b\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-e") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%lu", &endEvent);
+	    }
+	    else {
+		printf("Missing parameter for -e\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-l") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &loopTime);
+	    }
+	    else {
+		printf("Missing parameter for -e\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (infilename == NULL) {
+	printf("Missing -if argument\n");
+	printUsage();
+    }
+     /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if ((rc == 0) && tssUtilsVerbose) {
+	printf("Initial PCR 10 value\n");
+	rc = pcrread(tssContext, 10);
+    }
+    ImaEvent imaEvent;
+    unsigned int lineNum;
+    /*
+      scan each measurement 'line' in the binary
+    */
+    do {
+	/* read the IMA event log file */
+	int endOfFile = FALSE;
+	if (rc == 0) {
+	    infile = fopen(infilename,"rb");
+	    if (infile == NULL) {
+		printf("Unable to open input file '%s'\n", infilename);
+		rc = TSS_RC_FILE_OPEN;
+	    }
+	}
+	for (lineNum = 0 ; (rc == 0) && !endOfFile ; lineNum++) {
+	    /* read an IMA event line */
+	    IMA_Event_Init(&imaEvent);
+	    if (rc == 0) {
+		rc = IMA_Event_ReadFile(&imaEvent, &endOfFile, infile,
+					littleEndian);
+	    }
+	    /*
+	      if the event line is in range
+	    */
+	    if ((rc == 0) && (lineNum >= beginEvent) && (lineNum <= endEvent) && !endOfFile) {
+		if (rc == 0) {
+		    /* debug tracing */
+		    if (tssUtilsVerbose) printf("\n");
+		    printf("imaextend: line %u\n", lineNum);
+		    if (tssUtilsVerbose) IMA_Event_Trace(&imaEvent, FALSE);
+		    in.pcrNum = imaEvent.pcrIndex;		/* normally PCR 10 */
+		}
+		/* copy the SHA-1 digest to be extended */
+		if (rc == 0) {
+		    rc = copyDigest(&in, &imaEvent);
+		}	
+		if (rc == 0) {
+		    rc = TSS_Execute(tssContext,
+				     (RESPONSE_PARAMETERS *)&out, 
+				     (COMMAND_PARAMETERS *)&in,
+				     NULL,
+				     TPM_ORD_Extend,
+				     TPM_RH_NULL, NULL, 0);
+		}
+		if (rc == 0 && tssUtilsVerbose) {
+		    TSS_PrintAll("PCR", out.outDigest, SHA1_DIGEST_SIZE);
+		}
+	    }	/* for each IMA event in range */
+	    IMA_Event_Free(&imaEvent);
+	}	/* for each IMA event line */
+	if (tssUtilsVerbose && (loopTime != 0)) printf("set beginEvent to %u\n", lineNum-1);
+	beginEvent = lineNum-1;		/* remove the last increment at EOF */
+	if (infile != NULL) {
+	    fclose(infile);
+	}
+	usleep(loopTime * 1000000);
+    } while ((rc == 0) && (loopTime != 0)); 		/* sleep loop */
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("imaextend: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("imaextend: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static TPM_RC copyDigest(Extend_In 	*in,
+			 ImaEvent	*imaEvent)
+{
+    TPM_RC 		rc = 0;
+    unsigned char 	zeroDigest[SHA1_DIGEST_SIZE];
+
+    if (rc == 0) {
+	memset(zeroDigest, 0, SHA1_DIGEST_SIZE);
+	int notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE);
+	/* IMA has a quirk where some measurements store a zero digest in the event log, but
+	   extend ones into PCR 10 */
+	if (notAllZero) {
+	    memcpy((uint8_t *)&in->inDigest, imaEvent->digest, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    memset((uint8_t *)&in->inDigest, 0xff, SHA1_DIGEST_SIZE);
+	}
+    }
+    return rc;
+}	
+
+static TPM_RC pcrread(TSS_CONTEXT *tssContext,
+		      TPMI_DH_PCR pcrHandle)
+{
+    TPM_RC 		rc = 0;
+    PcrRead12_In 	in;
+    PcrRead12_Out		out;
+
+    if (rc == 0) {
+	in.pcrIndex = pcrHandle;
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_PcrRead,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	TSS_PrintAll("PCR", out.outDigest, SHA1_DIGEST_SIZE);
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrread: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("imaextend\n");
+    printf("\n");
+    printf("Runs TPM2_PCR_Extend to Extends a SHA-1 IMA measurement file (binary) into TPM PCRs\n");
+    printf("It handles the case where a zero measurement extends ones into the IMA PCR\n");
+    printf("\n");
+    printf("\t-if\tIMA event log file name\n");
+    printf("\t[-le\tinput file is little endian (default big endian)]\n");
+    printf("\t[-b\tbeginning entry (default 0, beginning of log)]\n");
+    printf("\t\tA beginning entry after the end of the log becomes a noop\n");
+    printf("\t[-e\tending entry (default end of log)]\n");
+    printf("\t\tE.g., -b 0 -e 0 sends one entry\n");
+    printf("\t[-l\ttime - run in a continuous loop, with a sleep of 'time' seconds betwteen loops]\n");
+    printf("\t\tThe intent is that this be run without specifying -b and -e\n");
+    printf("\t\tAfer each pass, the next beginning entry is set to the last entry +1\n");
+    printf("\n");
+    exit(1);
+}
+
diff --git a/utils12/loadkey2.c b/utils12/loadkey2.c
new file mode 100644
index 000000000..158ae649f
--- /dev/null
+++ b/utils12/loadkey2.c
@@ -0,0 +1,231 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Load Key 2					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#if 0
+#ifdef TPM_POSIX
+#include <netinet/in.h>
+#endif
+#ifdef TPM_WINDOWS
+#include <winsock2.h>
+#endif
+
+#include <openssl/rsa.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#endif
+
+#if 0
+#include "tpm.h"
+#include "tpmutil.h"
+#include "tpmfunc.h"
+#include "tpm_constants.h"
+#include "tpm_structures.h"
+#include "tpm_error.h"
+
+#endif
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    LoadKey2_In			in;
+    LoadKey2_Out		out;
+    TPM_KEY_HANDLE		parentHandle = 0;
+    const char			*parentPassword = NULL; 
+    const char 			*keyFilename = NULL;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hp") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &parentHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hp\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdp") == 0) {
+	    i++;
+	    if (i < argc) {
+		parentPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdp option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ik") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyFilename = argv[i];
+	    }
+	    else {
+		printf("-ik option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (parentHandle == 0) {
+	printf("Missing handle parameter -hp\n");
+	printUsage();
+    }
+    if (keyFilename == NULL) {
+	printf("Missing private key parameter -ik\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&in.inKey,
+				    (UnmarshalFunction_t)TSS_TPM_KEY12_Unmarshalu,
+				    keyFilename);
+    }
+    if (rc == 0) {
+	in.parentHandle = parentHandle;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_LoadKey2,
+			 sessionHandle0, parentPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.inkeyHandle);
+	if (tssUtilsVerbose) printf("loadkey2: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("loadkey2: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("loadkey2\n");
+    printf("\n");
+    printf("Runs TPM_LoadKey2\n");
+    printf("\n");
+    printf("\t-hp parent handle\n");
+    printf("\t\tSRK 40000000\n");
+    printf("\t-pwdp password for parent key (default zeros)\n");
+    printf("\t-ik key file name\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/makeekblob.c b/utils12/makeekblob.c
new file mode 100644
index 000000000..4765056cd
--- /dev/null
+++ b/utils12/makeekblob.c
@@ -0,0 +1,286 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Make EK Blob				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+/* This is a test program to exercise the TPM 1.2 makeidentity / activateidentity protocol.  It can
+   serve as a sample program for an attestation server enrollment step */
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    const char 			*aikPubkeyFilename = NULL;
+    const char 			*ekPubkeyFilename = NULL;
+    const char 			*encBlobFilename = NULL;
+    const char 			*symKeyFilename = NULL;
+    TPM_EK_BLOB_ACTIVATE 	a1Activate;
+    TPM_EK_BLOB			b1Blob;
+    TPM_SYMMETRIC_KEY 		*k1SessionKey;
+    unsigned char 		*aikPubkey = NULL;		/* TPM_PUBKEY AIK */
+    size_t 			aikPubLength;
+    TPM_PUBKEY 			ekPubkey;			/* TPM_PUBKEY EK */
+    uint8_t 			decBlob[2048/8];
+    size_t			decBlobLength;
+    uint8_t 			encBlob[2048/8];
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i], "-iak") == 0) {
+	    i++;
+	    if (i < argc) {
+		aikPubkeyFilename = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -iak\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-iek") == 0) {
+	    i++;
+	    if (i < argc) {
+		ekPubkeyFilename = argv[i];
+	    }
+	    else {
+		printf("-iek option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-ob") == 0) {
+	    i++;
+	    if (i < argc) {
+		encBlobFilename = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -ob\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-ok") == 0) {
+	    i++;
+	    if (i < argc) {
+		symKeyFilename = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -ok\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (aikPubkeyFilename == NULL) {
+	printf("\nMissing -iak argument\n");
+	printUsage();
+    }
+    if (ekPubkeyFilename == NULL) {
+	printf("\nMissing -iek argument\n");
+	printUsage();
+    }
+    if (encBlobFilename == NULL) {
+	printf("\nMissing -ob argument\n");
+	printUsage();
+    }
+    if (symKeyFilename == NULL) {
+	printf("\nMissing -ok argument\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	memset(&b1Blob, 0, sizeof(b1Blob));
+	memset(&a1Activate, 0, sizeof(a1Activate));
+    }
+    /* create the TPM_SYMMETRIC_KEY sessionKey */
+    if (rc == 0) {
+	k1SessionKey = &a1Activate.sessionKey;	/* put directly in TPM_EK_BLOB_ACTIVATE */
+	k1SessionKey->algId = TPM_ALG_AES128;
+	k1SessionKey->encScheme = TPM_ES_SYM_CTR;
+	k1SessionKey->size = sizeof(k1SessionKey->data);
+	rc = TSS_RandBytes(k1SessionKey->data, k1SessionKey->size);
+	if (tssUtilsVerbose) TSS_PrintAll("makeekblob: TPM_SYMMETRIC_KEY sessionKey",
+					  k1SessionKey->data, k1SessionKey->size);
+    }
+    /* create the TPM_EK_BLOB_ACTIVATE */
+    /* read the AIK TPM_PUBKEY */
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&aikPubkey,     	/* freed @1 */
+				     &aikPubLength,
+				     aikPubkeyFilename);
+    }
+    /* hash the AIK TPM_PUBKEY and copy to idDigest */
+    if (rc == 0) {
+	TPMT_HA pubkeyHash;
+	pubkeyHash.hashAlg = TPM_ALG_SHA1; 
+	rc = TSS_Hash_Generate(&pubkeyHash,
+			       aikPubLength, aikPubkey,
+			       0, NULL);
+	memcpy(a1Activate.idDigest, (uint8_t *)&pubkeyHash.digest, SHA1_DIGEST_SIZE);
+	if (tssUtilsVerbose) TSS_PrintAll("makeekblob: TPM_EK_BLOB_ACTIVATE idDigest",
+					  (uint8_t *)&pubkeyHash.digest, SHA1_DIGEST_SIZE);
+    }
+    if (rc == 0) {
+	a1Activate.pcrInfo.pcrSelection.sizeOfSelect = 3;
+	memset(a1Activate.pcrInfo.pcrSelection.pcrSelect,
+	       0, a1Activate.pcrInfo.pcrSelection.sizeOfSelect);
+	a1Activate.pcrInfo.localityAtRelease = TPM_LOC_ZERO;
+    }
+    /* create the TPM_EK_BLOB */
+    if (rc == 0) {
+	uint16_t written = 0;
+	uint8_t *buffer = b1Blob.blob;
+	uint32_t size = sizeof(b1Blob.blob);	/* max size */
+	b1Blob.ekType = TPM_EK_TYPE_ACTIVATE;
+	b1Blob.blobSize = 0;
+	rc = TSS_TPM_EK_BLOB_ACTIVATE_Marshalu(&a1Activate, &written, &buffer, &size);
+	b1Blob.blobSize = written;
+    }
+    /* marshal the TPM_EK_BLOB */
+    if (rc == 0) {
+	uint16_t written = 0;
+	uint8_t *buffer = decBlob;
+	uint32_t size = sizeof(decBlob);	/* max size */
+	rc = TSS_TPM_EK_BLOB_Marshalu(&b1Blob, &written, &buffer, &size);
+	decBlobLength = written;
+    }
+    if (rc == 0) {
+	if (decBlobLength > sizeof(encBlob)) {
+	    printf("makeekblob: TPM_EK_BLOB length %u too large\n", (unsigned int)decBlobLength);
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+    }
+    /* read the EK TPM_PUBKEY */
+    if (rc == 0) {
+	rc = TSS_File_ReadStructure(&ekPubkey,
+				    (UnmarshalFunction_t)TSS_TPM_PUBKEY_Unmarshalu,
+				    ekPubkeyFilename);
+    }
+    /* sanity check, should always pass for TPM 1.2 */
+    if (ekPubkey.pubKey.keyLength != sizeof(encBlob)) {
+	printf("makeekblob: EK length %u not equal to %u\n",
+	       ekPubkey.pubKey.keyLength, (unsigned int)sizeof(encBlob));
+	rc = TSS_RC_INSUFFICIENT_BUFFER;
+    }
+    /* encrypt the TPM_EK_BLOB */
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("makeekblob: TPM_EK_BLOB",
+					  decBlob, decBlobLength);
+	/* public exponent */
+	unsigned char earr[3] = {0x01, 0x00, 0x01};
+	/* encrypt the salt with the tpmKey public key */
+	rc = TSS_RSAPublicEncrypt(encBlob,   		/* encrypted data */
+				  sizeof(encBlob),	/* size of encrypted data buffer */
+				  decBlob, 		/* decrypted data */
+				  decBlobLength,
+				  ekPubkey.pubKey.key,  /* public modulus */
+				  ekPubkey.pubKey.keyLength,
+				  earr, 		/* public exponent */
+				  sizeof(earr),
+				  (unsigned char *)"TCPA",	/* encoding parameter */
+				  sizeof("TCPA")-1,	/* TPM 1.2 does not include NUL */
+				  TPM_ALG_SHA1);	/* OAEP hash algorithm */
+	if (tssUtilsVerbose) TSS_PrintAll("makeekblob: TPM_EK_BLOB encrypted",
+					  encBlob, sizeof(encBlob));
+    }    
+    if (rc == 0) {
+	rc = TSS_File_WriteBinaryFile(encBlob,
+				      sizeof(encBlob),
+				      encBlobFilename);
+    }    
+    if (rc == 0) {
+	rc = TSS_File_WriteBinaryFile(k1SessionKey->data,
+				      k1SessionKey->size,
+				      symKeyFilename);
+    }    
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("makeekblob: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("makeekblob: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(aikPubkey);		/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("makeekblob\n");
+    printf("\n");
+    printf("Calculates the encrypted blob for TPM_ActivateIdentity\n");
+    printf("\n");
+    printf("\t-iak AIK TPM_PUBKEY key file name\n");
+    printf("\t-iek EK TPM_PUBKEY key file name\n");
+    printf("\t-ob encrypted blob file name\n");
+    printf("\t-ok symmetric key file name\n");
+    exit(1);
+}
+
+
diff --git a/utils12/makefile-common b/utils12/makefile-common
new file mode 100644
index 000000000..d75e6fd8c
--- /dev/null
+++ b/utils12/makefile-common
@@ -0,0 +1,85 @@
+#################################################################################
+#										#
+#										#
+#	TPM 1.2 Utilities makefile - Common to all variations			#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#	      $Id: makefile-common 1226 2018-05-22 21:14:25Z kgoldman $		#
+#										#
+# (c) Copyright IBM Corporation 2018						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 				\
+	-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
+	-Wformat=2 -Wold-style-definition -Wno-self-assign \
+	-ggdb -O0 -c
+
+# to compile with optimizations on (warnings will result)
+#	-O3 -c
+
+# link - common flags for Posix and Windows, for TSS library and applications
+
+#LNFLAGS += 	-ggdb
+
+
+ALL += 	activateidentity$(EXE)		\
+	createendorsementkeypair$(EXE)	\
+	createwrapkey$(EXE)		\
+	extend$(EXE)			\
+	flushspecific$(EXE)		\
+	getcapability$(EXE)		\
+	loadkey2$(EXE)			\
+	makeidentity$(EXE)		\
+	oiap$(EXE)			\
+	osap$(EXE)			\
+	nvdefinespace$(EXE)		\
+	nvreadvalueauth$(EXE)		\
+	nvreadvalue$(EXE)		\
+	nvwritevalueauth$(EXE)		\
+	nvwritevalue$(EXE)		\
+	ownersetdisable$(EXE)		\
+	ownerreadinternalpub$(EXE)	\
+	pcrread$(EXE)			\
+	quote2$(EXE)			\
+	sign$(EXE)			\
+	startup$(EXE)			\
+	takeownership$(EXE)		\
+	tpminit$(EXE)			\
+	createekcert$(EXE)		\
+	makeekblob$(EXE)		\
+	eventextend$(EXE)		\
+	imaextend$(EXE)
+
+
diff --git a/utils12/makefiletpmc b/utils12/makefiletpmc
new file mode 100644
index 000000000..afa2316b6
--- /dev/null
+++ b/utils12/makefiletpmc
@@ -0,0 +1,220 @@
+#################################################################################
+#										#
+#		Linux TPM 1.2 Utilities Makefile				#
+#			     Written by Ken Goldman				#
+#		       IBM Thomas J. Watson Research Center			#
+#										#
+# (c) Copyright IBM Corporation 2018						#
+# 										#
+# All rights reserved.								#
+# 										#
+# Redistribution and use in source and binary forms, with or without		#
+# modification, are permitted provided that the following conditions are	#
+# met:										#
+# 										#
+# Redistributions of source code must retain the above copyright notice,	#
+# this list of conditions and the following disclaimer.				#
+# 										#
+# Redistributions in binary form must reproduce the above copyright		#
+# notice, this list of conditions and the following disclaimer in the		#
+# documentation and/or other materials provided with the distribution.		#
+# 										#
+# Neither the names of the IBM Corporation nor the names of its			#
+# contributors may be used to endorse or promote products derived from		#
+# this software without specific prior written permission.			#
+# 										#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		#
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		#
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR		#
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		#
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	#
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		#
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,		#
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY		#
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		#
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE		#
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		#
+#										#
+#################################################################################
+
+# C compiler
+
+CC = /usr/bin/gcc
+
+# compile - common flags for TSS library and applications
+
+CCFLAGS += 	-DTPM_POSIX
+
+# example of pointing to a locally built openssl 1.1
+# CCFLAGS += 	-I/home/kgold/openssl/include
+
+# compile - for TSS 1.2 library
+
+# include the hardening flag PIC needed for compiling for dynamic
+# linking
+
+CCLFLAGS += 	-I. 		\
+		-I../utils	\
+		-fPIC		\
+		-DTPM_TPM12
+
+# compile - for applications
+
+# include the hardening flag PIE needed for compiling for
+# static linking
+
+CCAFLAGS += 	-I.		\
+		-I../utils	\
+		-fPIE		\
+		-DTPM_TPM12
+
+# link - common flags flags TSS library and applications
+
+LNFLAGS += 	-DTPM_POSIX		\
+		-L.			\
+		-L../utils
+
+# This seems to be required on some Ubuntu distros due to an issue with the gold linker
+#		-fuse-ld=bfd
+
+# example of pointing to a locally built openssl 1.1
+# LNFLAGS +=	 -L/home/kgold/openssl
+# This also requires setting the environment variable LD_LIBRARY_PATH.  E.g.,
+# setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl
+
+# link - for TSS library
+
+# hardening flags for linking shared objects
+LNLFLAGS += -shared -Wl,-z,now
+
+# link - for applications, TSS path, TSS and OpenSSl libraries
+
+# hardening flags for linking executables
+LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+
+LNALIBS +=  -libmtssutils12 -libmtss -lcrypto
+
+# TSS shared library
+
+LIBTSS=../utils/libibmtss.so
+
+# TSS 1.2 utilities shared library
+
+LIBTSSUTILS12VERSIONED=libibmtssutils12.so.0.1
+LIBTSSUTILS12SONAME=libibmtssutils12.so.0
+LIBTSSUTILS12=libibmtssutils12.so
+
+# executable extension
+
+EXE =
+
+# 
+
+ALL = $(LIBTSSUTILS12)
+TSS_HEADERS=
+
+# default TSS 1.2 utilities library
+
+TSSUTILS12_OBJS = ekutils12.o
+TSSUTILS12_HEADERS = ekutils12.h
+
+# common to all builds
+
+include makefile-common
+
+# default build target
+
+all:	$(ALL)
+
+# TSS 1.2 utilities shared library source
+
+ekutils12.o: 	$(TSSUTILS12_HEADERS) ekutils12.c
+		$(CC) $(CCFLAGS) $(CCLFLAGS) ekutils12.c
+
+# TSS 1.2 utilities shared library
+
+$(LIBTSSUTILS12):	$(TSSUTILS12_OBJS)
+		$(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSUTILS12SONAME) \
+			-o $(LIBTSSUTILS12VERSIONED) $(TSSUTILS12_OBJS) $(LNLLIBS)
+		rm -f $(LIBTSSSUTIL12SONAME)
+		ln -sf $(LIBTSSUTILS12VERSIONED) $(LIBTSSUTILS12SONAME)
+		rm -f $(LIBTSSUTILS12)
+		ln -sf $(LIBTSSUTILS12SONAME) $(LIBTSSUTILS12)
+
+.PHONY:		clean
+.PRECIOUS:	%.o
+
+clean:
+		rm -f *.o  *~ 			\
+		h*.bin				\
+		$(LIBTSSUTILS12SONAME) 		\
+		$(LIBTSSUTILS12VERSIONED)	\
+		$(ALL)
+
+# implemented utilities
+
+activateidentity:	../utils/ibmtss/tss.h activateidentity.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) activateidentity.o $(LNALIBS) -o activateidentity
+createendorsementkeypair: ../utils/ibmtss/tss.h createendorsementkeypair.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createendorsementkeypair.o $(LNALIBS) -o createendorsementkeypair
+createwrapkey:		../utils/ibmtss/tss.h createwrapkey.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createwrapkey.o $(LNALIBS) -o createwrapkey
+extend:			../utils/ibmtss/tss.h extend.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) extend.o $(LNALIBS) -o extend
+flushspecific:		../utils/ibmtss/tss.h flushspecific.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) flushspecific.o $(LNALIBS) -o flushspecific
+getcapability:		../utils/ibmtss/tss.h getcapability.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability
+loadkey2:		../utils/ibmtss/tss.h loadkey2.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) loadkey2.o $(LNALIBS) -o loadkey2
+makeidentity:		../utils/ibmtss/tss.h makeidentity.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) makeidentity.o $(LNALIBS) -o makeidentity
+nvdefinespace:		../utils/ibmtss/tss.h nvdefinespace.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace
+nvreadvalueauth:	../utils/ibmtss/tss.h nvreadvalueauth.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadvalueauth.o $(LNALIBS) -o nvreadvalueauth
+nvreadvalue:		../utils/ibmtss/tss.h nvreadvalue.o $(LIBTSS) $(LIBTSSUTILS12)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvreadvalue.o $(LNALIBS) -o nvreadvalue
+nvwritevalueauth:	../utils/ibmtss/tss.h nvwritevalueauth.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwritevalueauth.o $(LNALIBS) -o nvwritevalueauth
+nvwritevalue:		../utils/ibmtss/tss.h nvwritevalue.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) nvwritevalue.o $(LNALIBS) -o nvwritevalue
+oiap:			../utils/ibmtss/tss.h oiap.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) oiap.o $(LNALIBS) -o oiap
+osap:			../utils/ibmtss/tss.h osap.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) osap.o $(LNALIBS) -o osap
+ownerreadinternalpub:	../utils/ibmtss/tss.h ownerreadinternalpub.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ownerreadinternalpub.o $(LNALIBS) -o ownerreadinternalpub
+ownersetdisable:	../utils/ibmtss/tss.h ownersetdisable.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) ownersetdisable.o $(LNALIBS) -o ownersetdisable
+pcrread:		../utils/ibmtss/tss.h pcrread.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread
+quote2:			../utils/ibmtss/tss.h quote2.o ../utils/cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) quote2.o ../utils/cryptoutils.o $(LNALIBS) -o quote2
+sign:			../utils/ibmtss/tss.h sign.o ../utils/cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) sign.o ../utils/cryptoutils.o $(LNALIBS) -o sign
+startup:		../utils/ibmtss/tss.h startup.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup
+takeownership:		../utils/ibmtss/tss.h takeownership.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) takeownership.o $(LNALIBS) -o takeownership
+tpminit:		../utils/ibmtss/tss.h tpminit.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) tpminit.o $(LNALIBS) -o tpminit
+
+createekcert:		../utils/ibmtss/tss.h createekcert.o ekutils12.o \
+				../utils/ekutils.o ../utils/cryptoutils.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) createekcert.o ekutils12.o \
+				../utils/ekutils.o ../utils/cryptoutils.o $(LNALIBS) -o createekcert
+makeekblob:		../utils/ibmtss/tss.h makeekblob.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) makeekblob.o $(LNALIBS) -o makeekblob
+eventextend:		../utils/ibmtss/tss.h eventextend.o ../utils/eventlib.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o ../utils/eventlib.o \
+				$(LNALIBS) -o eventextend
+imaextend:		../utils/ibmtss/tss.h imaextend.o ../utils/imalib.o $(LIBTSS)
+			$(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o ../utils/imalib.o \
+				$(LNALIBS) -o imaextend
+
+# for applications, not for TSS library
+
+%.o:		%.c
+		$(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@
+
diff --git a/utils12/makeidentity.c b/utils12/makeidentity.c
new file mode 100644
index 000000000..3726616b5
--- /dev/null
+++ b/utils12/makeidentity.c
@@ -0,0 +1,289 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Make Identity				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    MakeIdentity_In		in;
+    MakeIdentity_Out		out;
+    const char 			*ownerPassword = NULL;
+    const char 			*srkPassword = NULL;  
+    const char 			*keyPassword = NULL;
+    const char 			*keyFilename = NULL;
+    const char 			*pubkeyFilename = NULL;
+    uint8_t			keyAuth[SHA1_DIGEST_SIZE];	/* either command line or zeros */
+    TPMT_HA 			keyHash;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
+    unsigned int		sessionAttributes1 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i], "-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -pwdo\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-pwds") == 0) {
+	    i++;
+	    if (i < argc) {
+		srkPassword = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -pwds\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-pwdk",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdk\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-ok",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -ok\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-op",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		pubkeyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -op\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se1") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle1);
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes1);
+		if (sessionAttributes1 > 0xff) {
+		    printf("Out of range session attributes for -se1\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se1\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (keyPassword == NULL) {
+	    memset(keyAuth, 0, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    keyHash.hashAlg = TPM_ALG_SHA1; 
+	    rc = TSS_Hash_Generate(&keyHash,
+				   strlen(keyPassword), keyPassword,
+				   0, NULL);
+	    memcpy(keyAuth, (uint8_t *)&keyHash.digest, SHA1_DIGEST_SIZE);
+	}
+    }
+    if (rc == 0) {
+	memcpy(in.identityAuth, keyAuth, SHA1_DIGEST_SIZE);
+	memset(in.labelPrivCADigest, 0, SHA1_DIGEST_SIZE);
+	in.idKeyParams.keyUsage = TPM_KEY_IDENTITY; 
+	in.idKeyParams.keyFlags = 0;
+	if (keyPassword == NULL) {
+	    in.idKeyParams.authDataUsage = TPM_AUTH_NEVER;
+	}
+	else {
+	    in.idKeyParams.authDataUsage = TPM_AUTH_ALWAYS;
+	}
+	in.idKeyParams.algorithmParms.algorithmID = TPM_ALG_RSA;  
+	in.idKeyParams.algorithmParms.encScheme = TPM_ES_NONE;  
+	in.idKeyParams.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1;  
+	in.idKeyParams.algorithmParms.parms.rsaParms.keyLength = 2048;  
+	in.idKeyParams.algorithmParms.parms.rsaParms.numPrimes = 2;  
+	in.idKeyParams.algorithmParms.parms.rsaParms.exponentSize = 0;  
+	in.idKeyParams.PCRInfo.localityAtCreation = TPM_LOC_ZERO;
+	in.idKeyParams.PCRInfo.localityAtRelease = TPM_LOC_ALL;
+	in.idKeyParams.PCRInfo.creationPCRSelection.sizeOfSelect = 0; 
+	/* in.idKeyParams.PCRInfo.creationPCRSelection;  */
+	in.idKeyParams.PCRInfo.releasePCRSelection.sizeOfSelect = 0;
+	/* in.idKeyParams.PCRInfo.releasePCRSelection; */
+	/* in.idKeyParams.PCRInfo.digestAtCreation;  */
+	/* in.idKeyParams.PCRInfo.digestAtRelease; */
+	in.idKeyParams.pubKey.keyLength = 0;   
+	in.idKeyParams.encData.keyLength = 0;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_MakeIdentity,
+			 sessionHandle0, srkPassword, sessionAttributes0,
+			 sessionHandle1, ownerPassword, sessionAttributes1,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the TPM_KEY12 key */
+    if ((rc == 0) && (keyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.idKey,
+				     (MarshalFunction_t)TSS_TPM_KEY12_Marshalu,
+				     keyFilename);
+    }
+    /* save the TPM_PUBKEY key from the TPM_KEY12 idKey */
+    if ((rc == 0) && (pubkeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.idKey,
+				     (MarshalFunction_t)TSS_TPM_KEY12_PUBKEY_Marshalu,
+				     pubkeyFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("makeidentity: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("makeidentity: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("makeidentity\n");
+    printf("\n");
+    printf("Runs TPM_MakeIdentity\n");
+    printf("\n");
+    printf("\t[-pwdo\towner password (default zeros)]\n");
+    printf("\t[-pwds\tSRK password (default zeros)]\n");
+    printf("\t[-pwdk\tpassword for key (default zeros)]\n");
+    printf("\t[-ok\tTPM_KEY12 key file name (default do not save)]\n");
+    printf("\t[-op\tTPM_PUBKEY key file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se0 srk session handle / attributes\n");
+    printf("\t-se1 owner session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/man/man1/tss1activateidentity.1 b/utils12/man/man1/tss1activateidentity.1
new file mode 100644
index 000000000..11cf0b77a
--- /dev/null
+++ b/utils12/man/man1/tss1activateidentity.1
@@ -0,0 +1,30 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH ACTIVATEIDENTITY "1" "November 2019" "activateidentity 1517" "User Commands"
+.SH NAME
+activateidentity \- Runs TPM activateidentity
+.SH DESCRIPTION
+activateidentity
+.PP
+Runs TPM_ActivateIdentity
+.HP
+\fB\-ha\fR ID key handle
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+[\-pwdof
+owner authorization file name
+.TP
+[\-pwdk
+password for key (default zeros)]
+.HP
+\fB\-ib\fR encrypted blob file name
+.TP
+[\-ok
+symmetric key file name (default do not save)]
+.HP
+\fB\-se0\fR srk session handle / attributes
+.HP
+\fB\-se1\fR owner session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1createekcert.1 b/utils12/man/man1/tss1createekcert.1
new file mode 100644
index 000000000..c599580b8
--- /dev/null
+++ b/utils12/man/man1/tss1createekcert.1
@@ -0,0 +1,30 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATEEKCERT "1" "November 2019" "createekcert 1517" "User Commands"
+.SH NAME
+createekcert \- Runs TPM createekcert
+.SH DESCRIPTION
+createekcert
+.PP
+Provisions an EK certificate
+E.g.,
+.PP
+createekcert \fB\-cakey\fR cakey.pem \fB\-capwd\fR rrrr \fB\-ip\fR ekpub.bin
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+\fB\-iek\fR
+TPM_PUBKEY EK file name
+.TP
+\fB\-cakey\fR
+CA PEM key file name
+.TP
+[\-capwd
+CA PEM key password (default empty)]
+.TP
+[\-of
+DER certificate output file name]
+.PP
+Currently:
+.IP
+Certificate issuer, subject, and validity are hard coded.
diff --git a/utils12/man/man1/tss1createendorsementkeypair.1 b/utils12/man/man1/tss1createendorsementkeypair.1
new file mode 100644
index 000000000..add47938b
--- /dev/null
+++ b/utils12/man/man1/tss1createendorsementkeypair.1
@@ -0,0 +1,8 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATEENDORSEMENTKEYPAIR "1" "November 2019" "createendorsementkeypair 1517" "User Commands"
+.SH NAME
+createendorsementkeypair \- Runs TPM createendorsementkeypair
+.SH DESCRIPTION
+createendorsementkeypair
+.PP
+Runs TPM_CreateEndorsementKeyPair
diff --git a/utils12/man/man1/tss1createwrapkey.1 b/utils12/man/man1/tss1createwrapkey.1
new file mode 100644
index 000000000..9cbf733a7
--- /dev/null
+++ b/utils12/man/man1/tss1createwrapkey.1
@@ -0,0 +1,38 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH CREATEWRAPKEY "1" "November 2019" "createwrapkey 1517" "User Commands"
+.SH NAME
+createwrapkey \- Runs TPM createwrapkey
+.SH DESCRIPTION
+createwrapkey
+.PP
+Runs TPM_CreateWrapKey
+.TP
+\fB\-st\fR
+storage key
+.TP
+\fB\-si\fR
+signing key
+.TP
+[\-hp
+parent handle, can be srk (default srk)]
+.TP
+[\-pwdp
+password for parent key (default empty)]
+.TP
+[\-pwdk
+usage password for key (default zeros)]
+.TP
+[\-pwdm
+migration password for key (default zeros)]
+.TP
+[\-ok
+TPM_KEY12 key file name (default do not save)]
+.TP
+[\-op
+TPM_PUBKEY key file name (default do not save)]
+.TP
+\fB\-se0\fR
+OSAP session handle / attributes
+.TP
+01
+continue
diff --git a/utils12/man/man1/tss1eventextend.1 b/utils12/man/man1/tss1eventextend.1
new file mode 100644
index 000000000..60f90d855
--- /dev/null
+++ b/utils12/man/man1/tss1eventextend.1
@@ -0,0 +1,26 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH EVENTEXTEND "1" "November 2019" "eventextend 1517" "User Commands"
+.SH NAME
+eventextend \- Runs TPM eventextend
+.SH SYNOPSIS
+.B eventextend
+\fI\,-if <measurement file> \/\fR[\fI\,-v\/\fR]
+.SH DESCRIPTION
+Extends a measurement file (binary) into a TPM or simulated PCRs
+.TP
+\fB\-if\fR
+<input file> is the file containing the data to be extended
+.TP
+[\-tpm
+extend TPM PCRs]
+.TP
+[\-sim
+calculate simulated PCRs and boot aggregate]
+.TP
+[\-pcrmax
+with \fB\-sim\fR, sets the highest PCR number to be used to calculate the
+.IP
+boot aggregate (default 7)]
+.TP
+[\-ns
+no space, no text, no newlines]
diff --git a/utils12/man/man1/tss1extend.1 b/utils12/man/man1/tss1extend.1
new file mode 100644
index 000000000..407dbba6c
--- /dev/null
+++ b/utils12/man/man1/tss1extend.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH EXTEND "1" "November 2019" "extend 1517" "User Commands"
+.SH NAME
+extend \- Runs TPM extend
+.SH DESCRIPTION
+extend
+.PP
+Runs TPM_Extend
+.HP
+\fB\-ha\fR PCR handle
+.HP
+\fB\-ic\fR data string, 0 pad appended to SHA\-1 length
+.HP
+\fB\-if\fR data file, 0 pad appended to SHA\-1 length
diff --git a/utils12/man/man1/tss1flushspecific.1 b/utils12/man/man1/tss1flushspecific.1
new file mode 100644
index 000000000..2476c3d30
--- /dev/null
+++ b/utils12/man/man1/tss1flushspecific.1
@@ -0,0 +1,17 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH FLUSHSPECIFIC "1" "November 2019" "flushspecific 1517" "User Commands"
+.SH NAME
+flushspecific \- Runs TPM flushspecific
+.SH DESCRIPTION
+flushspecific
+.PP
+Runs TPM2_FlushSpecific
+.HP
+\fB\-ha\fR handle
+.HP
+\fB\-rt\fR resource type of the handle
+.IP
+1 \- key
+2 \- auth
+4 \- transport
+5 \- context
diff --git a/utils12/man/man1/tss1getcapability.1 b/utils12/man/man1/tss1getcapability.1
new file mode 100644
index 000000000..bfe7e74e1
--- /dev/null
+++ b/utils12/man/man1/tss1getcapability.1
@@ -0,0 +1,35 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH GETCAPABILITY "1" "November 2019" "getcapability 1517" "User Commands"
+.SH NAME
+getcapability \- Runs TPM getcapability
+.SH DESCRIPTION
+getcapability
+.PP
+Runs TPM_GetCapability
+.HP
+\fB\-cap\fR capability Part 2 21.1
+.IP
+[\-subcap capability Part 2 21.2]
+.PP
+\fB\-cap\fR values
+.PP
+TPM_CAP_ORD             01
+TPM_CAP_ALG             02
+TPM_CAP_PID             03
+TPM_CAP_FLAG            04
+TPM_CAP_PROPERTY        05
+TPM_CAP_VERSION         06
+TPM_CAP_KEY_HANDLE      07
+TPM_CAP_CHECK_LOADED    08
+TPM_CAP_SYM_MODE        09
+TPM_CAP_KEY_STATUS      0C
+TPM_CAP_NV_LIST         0D
+TPM_CAP_MFR             10
+TPM_CAP_NV_INDEX        11
+TPM_CAP_TRANS_ALG       12
+TPM_CAP_HANDLE          14
+TPM_CAP_TRANS_ES        15
+TPM_CAP_AUTH_ENCRYPT    17
+TPM_CAP_SELECT_SIZE     18
+TPM_CAP_DA_LOGIC        19
+TPM_CAP_VERSION_VAL     1A
diff --git a/utils12/man/man1/tss1imaextend.1 b/utils12/man/man1/tss1imaextend.1
new file mode 100644
index 000000000..015a15135
--- /dev/null
+++ b/utils12/man/man1/tss1imaextend.1
@@ -0,0 +1,28 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH IMAEXTEND "1" "November 2019" "imaextend 1517" "User Commands"
+.SH NAME
+imaextend \- Runs TPM imaextend
+.SH DESCRIPTION
+imaextend
+.PP
+Runs TPM2_PCR_Extend to Extends a SHA\-1 IMA measurement file (binary) into TPM PCRs
+It handles the case where a zero measurement extends ones into the IMA PCR
+.TP
+\fB\-if\fR
+IMA event log file name
+.TP
+[\-le
+input file is little endian (default big endian)]
+.TP
+[\-b
+beginning entry (default 0, beginning of log)]
+A beginning entry after the end of the log becomes a noop
+.TP
+[\-e
+ending entry (default end of log)]
+E.g., \fB\-b\fR 0 \fB\-e\fR 0 sends one entry
+.TP
+[\-l
+time \- run in a continuous loop, with a sleep of 'time' seconds betwteen loops]
+The intent is that this be run without specifying \fB\-b\fR and \fB\-e\fR
+Afer each pass, the next beginning entry is set to the last entry +1
diff --git a/utils12/man/man1/tss1loadkey2.1 b/utils12/man/man1/tss1loadkey2.1
new file mode 100644
index 000000000..a3e1247bd
--- /dev/null
+++ b/utils12/man/man1/tss1loadkey2.1
@@ -0,0 +1,20 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH LOADKEY2 "1" "November 2019" "loadkey2 1517" "User Commands"
+.SH NAME
+loadkey2 \- Runs TPM loadkey2
+.SH DESCRIPTION
+loadkey2
+.PP
+Runs TPM_LoadKey2
+.HP
+\fB\-hp\fR parent handle
+.IP
+SRK 40000000
+.HP
+\fB\-pwdp\fR password for parent key (default zeros)
+.HP
+\fB\-ik\fR key file name
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1makeekblob.1 b/utils12/man/man1/tss1makeekblob.1
new file mode 100644
index 000000000..db1c0cfaf
--- /dev/null
+++ b/utils12/man/man1/tss1makeekblob.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH MAKEEKBLOB "1" "November 2019" "makeekblob 1517" "User Commands"
+.SH NAME
+makeekblob \- Runs TPM makeekblob
+.SH DESCRIPTION
+makeekblob
+.PP
+Calculates the encrypted blob for TPM_ActivateIdentity
+.HP
+\fB\-iak\fR AIK TPM_PUBKEY key file name
+.HP
+\fB\-iek\fR EK TPM_PUBKEY key file name
+.HP
+\fB\-ob\fR encrypted blob file name
+.HP
+\fB\-ok\fR symmetric key file name
diff --git a/utils12/man/man1/tss1makeidentity.1 b/utils12/man/man1/tss1makeidentity.1
new file mode 100644
index 000000000..0eea5e27f
--- /dev/null
+++ b/utils12/man/man1/tss1makeidentity.1
@@ -0,0 +1,29 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH MAKEIDENTITY "1" "November 2019" "makeidentity 1517" "User Commands"
+.SH NAME
+makeidentity \- Runs TPM makeidentity
+.SH DESCRIPTION
+makeidentity
+.PP
+Runs TPM_MakeIdentity
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+[\-pwds
+SRK password (default zeros)]
+.TP
+[\-pwdk
+password for key (default zeros)]
+.TP
+[\-ok
+TPM_KEY12 key file name (default do not save)]
+.TP
+[\-op
+TPM_PUBKEY key file name (default do not save)]
+.HP
+\fB\-se0\fR srk session handle / attributes
+.HP
+\fB\-se1\fR owner session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1nvdefinespace.1 b/utils12/man/man1/tss1nvdefinespace.1
new file mode 100644
index 000000000..3db4f7267
--- /dev/null
+++ b/utils12/man/man1/tss1nvdefinespace.1
@@ -0,0 +1,31 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVDEFINESPACE "1" "November 2019" "nvdefinespace 1517" "User Commands"
+.SH NAME
+nvdefinespace \- Runs TPM nvdefinespace
+.SH DESCRIPTION
+nvdefinespace
+.PP
+Runs TPM_NV_DefineSpace
+.HP
+\fB\-ha\fR NV index handle
+.IP
+ffffffff sets NV lock
+.TP
+\fB\-sz\fR
+data size in decimal
+size 0 undefines the index
+.TP
+[\-per2
+permission: A hex number that defines the permission attributes]
+Default 40004 TPM_NV_PER_AUTHREAD | TPM_NV_PER_AUTHWRITE if \fB\-pwdn\fR is set
+Default 20002 TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE if \fB\-pwdn\fR is not set
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+[\-pwdn
+password for NV index (default zeros)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1nvreadvalue.1 b/utils12/man/man1/tss1nvreadvalue.1
new file mode 100644
index 000000000..09d3ec7f6
--- /dev/null
+++ b/utils12/man/man1/tss1nvreadvalue.1
@@ -0,0 +1,30 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVREADVALUE "1" "November 2019" "nvreadvalue 1517" "User Commands"
+.SH NAME
+nvreadvalue \- Runs TPM nvreadvalue
+.SH DESCRIPTION
+nvreadvalue
+.PP
+Runs TPM_NV_ReadValue
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+\fB\-sz\fR
+data size
+.TP
+\fB\-cert\fR
+dumps the certificate, the number of bytes is embedded in the prefix
+.TP
+[\-off
+offset (default 0)]
+.TP
+[\-of
+data file (default do not save)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1nvreadvalueauth.1 b/utils12/man/man1/tss1nvreadvalueauth.1
new file mode 100644
index 000000000..c6ea7e2ca
--- /dev/null
+++ b/utils12/man/man1/tss1nvreadvalueauth.1
@@ -0,0 +1,30 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVREADVALUEAUTH "1" "November 2019" "nvreadvalueauth 1517" "User Commands"
+.SH NAME
+nvreadvalueauth \- Runs TPM nvreadvalueauth
+.SH DESCRIPTION
+nvreadvalueauth
+.PP
+Runs TPM_NV_ReadValueAuth
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdn
+password for NV index (default zeros)]
+.TP
+\fB\-sz\fR
+data size
+.TP
+\fB\-cert\fR
+dumps the certificate, the number of bytes is embedded in the prefix
+.TP
+[\-off
+offset (default 0)]
+.TP
+[\-of
+data file (default do not save)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1nvwritevalue.1 b/utils12/man/man1/tss1nvwritevalue.1
new file mode 100644
index 000000000..a2fc9ba84
--- /dev/null
+++ b/utils12/man/man1/tss1nvwritevalue.1
@@ -0,0 +1,27 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVWRITEVALUE "1" "November 2019" "nvwritevalue 1517" "User Commands"
+.SH NAME
+nvwritevalue \- Runs TPM nvwritevalue
+.SH DESCRIPTION
+nvwritevalue
+.PP
+Runs TPM_NV_WriteValue
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+[\-ic
+data string]
+.TP
+[\-if
+data file]
+.TP
+[\-off
+offset (default 0)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1nvwritevalueauth.1 b/utils12/man/man1/tss1nvwritevalueauth.1
new file mode 100644
index 000000000..c558ba7cb
--- /dev/null
+++ b/utils12/man/man1/tss1nvwritevalueauth.1
@@ -0,0 +1,27 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH NVWRITEVALUEAUTH "1" "November 2019" "nvwritevalueauth 1517" "User Commands"
+.SH NAME
+nvwritevalueauth \- Runs TPM nvwritevalueauth
+.SH DESCRIPTION
+nvwritevalueauth
+.PP
+Runs TPM_NV_WriteValueAuth
+.TP
+\fB\-ha\fR
+NV index handle
+.TP
+[\-pwdn
+password for NV index (default zeros)]
+.TP
+[\-ic
+data string]
+.TP
+[\-if
+data file]
+.TP
+[\-off
+offset (default 0)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1oiap.1 b/utils12/man/man1/tss1oiap.1
new file mode 100644
index 000000000..e793fb878
--- /dev/null
+++ b/utils12/man/man1/tss1oiap.1
@@ -0,0 +1,8 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH OIAP "1" "November 2019" "oiap 1517" "User Commands"
+.SH NAME
+oiap \- Runs TPM oiap
+.SH DESCRIPTION
+oiap
+.PP
+Runs TPM_OIAP
diff --git a/utils12/man/man1/tss1osap.1 b/utils12/man/man1/tss1osap.1
new file mode 100644
index 000000000..96fd708cf
--- /dev/null
+++ b/utils12/man/man1/tss1osap.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH OSAP "1" "November 2019" "osap 1517" "User Commands"
+.SH NAME
+osap \- Runs TPM osap
+.SH DESCRIPTION
+osap
+.PP
+Runs TPM_OSAP
+.TP
+\fB\-ha\fR
+entity value
+Owner 40000001
+SRK 40000000
+.TP
+[\-pwd
+entity password (default zeros)]
diff --git a/utils12/man/man1/tss1ownerreadinternalpub.1 b/utils12/man/man1/tss1ownerreadinternalpub.1
new file mode 100644
index 000000000..284b226a3
--- /dev/null
+++ b/utils12/man/man1/tss1ownerreadinternalpub.1
@@ -0,0 +1,21 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH OWNERREADINTERNALPUB "1" "November 2019" "ownerreadinternalpub 1517" "User Commands"
+.SH NAME
+ownerreadinternalpub \- Runs TPM ownerreadinternalpub
+.SH DESCRIPTION
+ownerreadinternalpub
+.PP
+Runs TPM_OwnerReadInternalPub
+.TP
+\fB\-ha\fR
+key handle type [ek, srk]
+.TP
+[\-pwdo
+wner password (default zeros)]
+.TP
+[\-op
+TPM_PUBKEY key file name (default do not save)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1ownersetdisable.1 b/utils12/man/man1/tss1ownersetdisable.1
new file mode 100644
index 000000000..5fab67944
--- /dev/null
+++ b/utils12/man/man1/tss1ownersetdisable.1
@@ -0,0 +1,21 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH OWNERSETDISABLE "1" "November 2019" "ownersetdisable 1517" "User Commands"
+.SH NAME
+ownersetdisable \- Runs TPM ownersetdisable
+.SH DESCRIPTION
+ownersetdisable
+.PP
+Runs TPM_OwnerSetDisable
+.TP
+[\-pwdo
+owner password]
+.TP
+[\-pwdof
+owner authorization file name
+.TP
+\fB\-en\fR
+enable the TPM (default disable)
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1pcrread.1 b/utils12/man/man1/tss1pcrread.1
new file mode 100644
index 000000000..7a60223bd
--- /dev/null
+++ b/utils12/man/man1/tss1pcrread.1
@@ -0,0 +1,14 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH PCRREAD "1" "November 2019" "pcrread 1517" "User Commands"
+.SH NAME
+pcrread \- Runs TPM pcrread
+.SH DESCRIPTION
+pcrread
+.PP
+Runs TPM_PcrRead
+.TP
+\fB\-ha\fR
+PCR index
+.TP
+[\-ns
+no space, no text, no newlines
diff --git a/utils12/man/man1/tss1quote2.1 b/utils12/man/man1/tss1quote2.1
new file mode 100644
index 000000000..8f59e55da
--- /dev/null
+++ b/utils12/man/man1/tss1quote2.1
@@ -0,0 +1,27 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH QUOTE2 "1" "November 2019" "quote2 1517" "User Commands"
+.SH NAME
+quote2 \- Runs TPM quote2
+.SH DESCRIPTION
+quote2
+.PP
+Runs TPM_Quote2
+.TP
+\fB\-hk\fR
+quoting key handle
+.TP
+[\-pwdk
+password for quoting key (default zeros)]
+.TP
+[\-ed
+external data file name (default zeros)]
+.TP
+[\-os
+quote signature file name (default do not save)]
+.TP
+[\-ik
+key file name for verify (default do not verify)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1sign.1 b/utils12/man/man1/tss1sign.1
new file mode 100644
index 000000000..0fc5b1e1c
--- /dev/null
+++ b/utils12/man/man1/tss1sign.1
@@ -0,0 +1,27 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH SIGN "1" "November 2019" "sign 1517" "User Commands"
+.SH NAME
+sign \- Runs TPM sign
+.SH DESCRIPTION
+sign
+.PP
+Runs TPM_Sign
+.TP
+\fB\-hk\fR
+signing key handle
+.TP
+[\-pwdk
+password for signing key (default zeros)]
+.TP
+\fB\-if\fR
+input area to hash and sign
+.TP
+[\-os
+sign signature file name (default do not save)]
+.TP
+[\-ik
+key file name to verify signature (default no verify)]
+.HP
+\fB\-se0\fR session handle / attributes
+.IP
+01 continue
diff --git a/utils12/man/man1/tss1startup.1 b/utils12/man/man1/tss1startup.1
new file mode 100644
index 000000000..078272913
--- /dev/null
+++ b/utils12/man/man1/tss1startup.1
@@ -0,0 +1,23 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH STARTUP "1" "November 2019" "startup 1517" "User Commands"
+.SH NAME
+startup \- Runs TPM startup
+.SH DESCRIPTION
+startup
+.PP
+Runs TPM_Startup
+.TP
+[\-c
+startup clear (default)]
+.TP
+[\-s
+startup state]
+.TP
+[\-d
+startup deactivated]
+.TP
+[\-st
+run TPM_ContinueSelfTest]
+.TP
+[\-sto
+run only TPM_ContinueSelfTest (no startup)]
diff --git a/utils12/man/man1/tss1takeownership.1 b/utils12/man/man1/tss1takeownership.1
new file mode 100644
index 000000000..8269fdc47
--- /dev/null
+++ b/utils12/man/man1/tss1takeownership.1
@@ -0,0 +1,16 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH TAKEOWNERSHIP "1" "November 2019" "takeownership 1517" "User Commands"
+.SH NAME
+takeownership \- Runs TPM takeownership
+.SH DESCRIPTION
+takeownership
+.PP
+Runs TPM_TakeOwnership
+.TP
+[\-pwdo
+owner password (default zeros)]
+.TP
+[\-pwds
+SRK password (default zeros)]
+.HP
+\fB\-se0\fR session handle / attributes
diff --git a/utils12/man/man1/tss1tpminit.1 b/utils12/man/man1/tss1tpminit.1
new file mode 100644
index 000000000..afabf1137
--- /dev/null
+++ b/utils12/man/man1/tss1tpminit.1
@@ -0,0 +1,8 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
+.TH TPMINIT "1" "November 2019" "tpminit 1517" "User Commands"
+.SH NAME
+tpminit \- Runs TPM tpminit
+.SH DESCRIPTION
+tpminit
+.PP
+Runs TPM_Init \- simulates reboot
diff --git a/utils12/nvdefinespace.c b/utils12/nvdefinespace.c
new file mode 100644
index 000000000..5cf25f358
--- /dev/null
+++ b/utils12/nvdefinespace.c
@@ -0,0 +1,267 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_DefineSpace				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_DefineSpace12_In		in;
+    TPM12_NV_INDEX		nvIndex = 0;
+    uint32_t 			dataSize = 0xffffffff;
+    uint32_t 			permission = 0;
+    const char			*ownerPassword = NULL; 
+    const char			*nvPassword = NULL; 
+    uint8_t			nvAuth[SHA1_DIGEST_SIZE];	/* either command line or zeros */
+    TPMT_HA 			nvAuthHash;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sz") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataSize = atoi(argv[i]);
+	    }
+	    else {
+		printf("-sz option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-per") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &permission);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (dataSize == 0xffffffff) {
+	printf("Missing handle parameter -sz\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvdefinespace: index password %s\n", nvPassword);
+	if (nvPassword == NULL) {
+	    memset(nvAuth, 0, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    nvAuthHash.hashAlg = TPM_ALG_SHA1; 
+	    rc = TSS_Hash_Generate(&nvAuthHash,
+				   strlen(nvPassword), nvPassword,
+				   0, NULL);
+	    memcpy(nvAuth, (uint8_t *)&nvAuthHash.digest, SHA1_DIGEST_SIZE);
+	}
+ 	if (tssUtilsVerbose) TSS_PrintAll("Plaintext pwd", nvAuth, SHA1_DIGEST_SIZE);
+   }
+    if (rc == 0) {
+	memcpy(in.encAuth, nvAuth, SHA1_DIGEST_SIZE);
+	in.pubInfo.nvIndex = nvIndex;
+
+	in.pubInfo.pcrInfoRead.pcrSelection.sizeOfSelect = 3;
+	memset(in.pubInfo.pcrInfoRead.pcrSelection.pcrSelect, 0, 3);
+	in.pubInfo.pcrInfoRead.localityAtRelease = TPM_LOC_ALL;
+	memset(in.pubInfo.pcrInfoRead.digestAtRelease, 0, SHA1_DIGEST_SIZE);
+
+	in.pubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = 3;
+	memset(in.pubInfo.pcrInfoWrite.pcrSelection.pcrSelect, 0, 3);
+	in.pubInfo.pcrInfoWrite.localityAtRelease = TPM_LOC_ALL;
+	memset(in.pubInfo.pcrInfoWrite.digestAtRelease, 0, SHA1_DIGEST_SIZE);
+	
+	if (permission != 0) {	/* if permssion was specified on the command line */
+	    in.pubInfo.permission.attributes = permission;
+	}
+	else if (nvPassword != NULL) {		/* if index auth */
+	    in.pubInfo.permission.attributes = TPM_NV_PER_AUTHREAD | TPM_NV_PER_AUTHWRITE;
+	}
+	else {					/* if owner auth */
+	    in.pubInfo.permission.attributes = TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE;
+	}
+	in.pubInfo.bReadSTClear = 0;
+	in.pubInfo.bWriteSTClear = 0;
+	in.pubInfo.bWriteDefine = 0;
+	in.pubInfo.dataSize = dataSize;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_NV_DefineSpace,
+			 sessionHandle0, ownerPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvdefinespace: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvdefinespace: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvdefinespace\n");
+    printf("\n");
+    printf("Runs TPM_NV_DefineSpace\n");
+    printf("\n");
+    printf("\t-ha NV index handle\n");
+    printf("\t\tffffffff sets NV lock\n");
+    printf("\t-sz\tdata size in decimal\n");
+    printf("\t\tsize 0 undefines the index\n");
+    printf("\t[-per2\tpermission: A hex number that defines the permission attributes]\n");
+    printf("\t\tDefault 40004 TPM_NV_PER_AUTHREAD | TPM_NV_PER_AUTHWRITE if -pwdn is set\n");
+    printf("\t\tDefault 20002 TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE if -pwdn is not set\n");
+    printf("\t[-pwdo\towner password (default zeros)]\n");
+    printf("\t[-pwdn\tpassword for NV index (default zeros)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
diff --git a/utils12/nvreadvalue.c b/utils12/nvreadvalue.c
new file mode 100644
index 000000000..cf8be4944
--- /dev/null
+++ b/utils12/nvreadvalue.c
@@ -0,0 +1,287 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_ReadValue				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/x509.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+#include "ekutils12.h"
+
+static void printUsage(void);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_ReadValue_In		in;
+    NV_ReadValue_Out		out;
+    TPM12_NV_INDEX		nvIndex = 0xfffffffe;
+    const char			*ownerPassword = NULL; 
+    uint16_t 			dataSize = 0;			/* bytes to read */
+    int 			cert = FALSE;			/* boolean, read certificate */
+    uint16_t 			x509CertificateDerLength;
+    uint8_t 			*x509CertificateDer = NULL;
+    uint16_t 			offset = 0;			/* default 0 */
+    const char 			*dataFilename = NULL;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sz") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataSize = atoi(argv[i]);
+	    }
+	    else {
+		printf("-sz option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-cert",argv[i])) {
+	    cert = TRUE;
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of")  == 0) {
+	    i++;
+	    if (i < argc) {
+		dataFilename = argv[i];
+	    } else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0xfffffffe) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (((dataSize == 0) && !cert) ||
+	((dataSize != 0) && cert)) {
+	printf("One of -sz or -cert must be specified!\n");
+	printUsage();
+    }
+    if (cert && (offset != 0)) {
+	printf("-off must not be specified with -cert!\n");
+	printUsage();
+    }
+    if (dataSize > sizeof(out.data)) {
+	printf("nvreadvalue: size %u greater than %u\n",
+	       dataSize, (unsigned int)sizeof(out.data));	
+	rc = TSS_RC_INSUFFICIENT_BUFFER;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+	rc = TSS_Create(&tssContext);
+    }
+    if (!cert) {
+	if (rc == 0) {
+	    in.offset = offset;
+	    in.dataSize = dataSize;
+	}
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_ORD_NV_ReadValue,
+			     sessionHandle0, ownerPassword, sessionAttributes0,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    TSS_PrintAll("nvreadvalue: data", out.data, out.dataSize);
+	}
+    }
+    else {
+	X509 		*x509Certificate = NULL;
+	if (rc == 0) {
+	    rc = getIndexContents12(tssContext,
+				    &x509CertificateDer,	/* freed @2 */	
+				    &x509CertificateDerLength,
+				    nvIndex,
+				    ownerPassword,
+				    sessionHandle0,
+				    sessionAttributes0);
+	}
+	if (rc == 0) {
+	    if (tssUtilsVerbose) TSS_PrintAll("nvreadvalue: certificate",
+					      x509CertificateDer, x509CertificateDerLength);
+	    const uint8_t *tmpData = x509CertificateDer;
+	    x509Certificate = d2i_X509(NULL,	/* freed @2 */
+				       (const unsigned char **)&tmpData, x509CertificateDerLength);
+	    if (x509Certificate == NULL) {
+		printf("nvreadvalue: Could not parse X509 certificate\n");
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	if (rc == 0) {
+	    X509_print_fp(stdout, x509Certificate);
+	}
+	if (x509Certificate != NULL) {
+	    X509_free(x509Certificate);   	/* @2 */
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (dataFilename != NULL)) {
+	if (!cert) {
+	    rc = TSS_File_WriteBinaryFile(out.data, out.dataSize, dataFilename);
+	}
+	else {
+	    rc = TSS_File_WriteBinaryFile(x509CertificateDer,
+					  x509CertificateDerLength, dataFilename);
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvreadvalue: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvreadvalue: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(x509CertificateDer);			/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvreadvalue\n");
+    printf("\n");
+    printf("Runs TPM_NV_ReadValue\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdo\towner password (default zeros)]\n");
+    printf("\t-sz\tdata size\n");
+    printf("\t-cert\tdumps the certificate, the number of bytes is embedded in the prefix\n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\t[-of\tdata file (default do not save)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
diff --git a/utils12/nvreadvalueauth.c b/utils12/nvreadvalueauth.c
new file mode 100644
index 000000000..aac75c2d4
--- /dev/null
+++ b/utils12/nvreadvalueauth.c
@@ -0,0 +1,307 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_ReadValueAuth				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/x509.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_ReadValueAuth_In		in;
+    NV_ReadValueAuth_Out	out;
+    TPM12_NV_INDEX		nvIndex = 0xfffffffe;
+    const char			*nvPassword = NULL; 
+    uint16_t 			dataSize = 0;			/* bytes to read */
+    int 			cert = FALSE;			/* boolean, read certificate */
+    uint16_t 			offset = 0;			/* default 0 */
+    const char 			*dataFilename = NULL;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-sz") == 0) {
+	    i++;
+	    if (i < argc) {
+		dataSize = atoi(argv[i]);
+	    }
+	    else {
+		printf("-sz option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-cert",argv[i])) {
+	    cert = TRUE;
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-of")  == 0) {
+	    i++;
+	    if (i < argc) {
+		dataFilename = argv[i];
+	    } else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0xfffffffe) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (((dataSize == 0) && !cert) ||
+	((dataSize != 0) && cert)) {
+	printf("One of -sz or -cert must be specified!\n");
+	printUsage();
+    }
+    if (cert && (offset != 0)) {
+	printf("-off must not be specified with -cert!\n");
+	printUsage();
+    }
+    if (dataSize > sizeof(out.data)) {
+	printf("nvreadvalueauth: size %u greater than %u\n",
+	       dataSize, (unsigned int)sizeof(out.data));	
+	rc = TSS_RC_INSUFFICIENT_BUFFER;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	in.nvIndex = nvIndex;
+	rc = TSS_Create(&tssContext);
+    }
+    if (!cert) {
+	if (rc == 0) {
+	    in.offset = offset;
+	    in.dataSize = dataSize;
+	}
+	if (rc == 0) {
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_ORD_NV_ReadValueAuth,
+			     sessionHandle0, nvPassword, sessionAttributes0,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	if (rc == 0) {
+	    TSS_PrintAll("nvreadvalueauth: data", out.data, out.dataSize);
+	}
+    }
+    else {
+	X509 *x509Certificate = NULL;
+	long certSize;
+	/* first read the header */
+	if (rc == 0) {
+	    in.offset = 0;
+	    in.dataSize = 7;
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_ORD_NV_ReadValueAuth,
+			     sessionHandle0, nvPassword, 1,
+			     TPM_RH_NULL, NULL, 0);
+	}
+	/* validate the header and get the certificate length */
+	if (rc == 0) {
+	    TSS_PrintAll("nvreadvalueauth: header data", out.data, out.dataSize);
+	    if ((out.data[0] != 0x10) ||	/* stored certificate, full certificate */
+		(out.data[1] != 0x01) ||
+		(out.data[2] != 0x00) ||	/* full certificate */
+		(out.data[5] != 0x10) ||
+		(out.data[6] != 0x02)) {
+		if (tssUtilsVerbose) printf("nvreadvalueauth: certificate header error\n");
+		rc = TSS_RC_X509_ERROR;
+	    }
+	    certSize = (out.data[3] << 8) +	/* msb */
+		       out.data[4]
+			       -2;		/* -2 for tag in bytes 5 and 6 */
+	    
+	}	
+	if (rc == 0) {
+	    in.offset = 7;
+	    in.dataSize = certSize;
+	    rc = TSS_Execute(tssContext,
+			     (RESPONSE_PARAMETERS *)&out,
+			     (COMMAND_PARAMETERS *)&in,
+			     NULL,
+			     TPM_ORD_NV_ReadValueAuth,
+			     sessionHandle0, nvPassword, sessionAttributes0,
+			     TPM_RH_NULL, NULL, 0);
+	}	
+	if (rc == 0) {
+	    TSS_PrintAll("nvreadvalueauth: certificate", out.data, out.dataSize);
+	    const uint8_t *tmpData = out.data;
+	    x509Certificate = d2i_X509(NULL,	/* freed @1 */
+				       (const unsigned char **)&tmpData, out.dataSize);
+	    if (x509Certificate == NULL) {
+		printf("nvreadvalueauth: Could not parse X509 certificate\n");
+		rc = TSS_RC_X509_ERROR;
+	    }
+	}
+	if (rc == 0) {
+	    X509_print_fp(stdout, x509Certificate);
+	}	
+	if (x509Certificate != NULL) {
+	    X509_free(x509Certificate);   	/* @1 */
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (dataFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile(out.data, out.dataSize, dataFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvreadvalueauth: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvreadvalueauth: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvreadvalueauth\n");
+    printf("\n");
+    printf("Runs TPM_NV_ReadValueAuth\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdn\tpassword for NV index (default zeros)]\n");
+    printf("\t-sz\tdata size\n");
+    printf("\t-cert\tdumps the certificate, the number of bytes is embedded in the prefix\n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\t[-of\tdata file (default do not save)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
diff --git a/utils12/nvwritevalue.c b/utils12/nvwritevalue.c
new file mode 100644
index 000000000..71b6f0ac0
--- /dev/null
+++ b/utils12/nvwritevalue.c
@@ -0,0 +1,260 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_WriteValue				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_WriteValue_In		in;
+    TPM12_NV_INDEX		nvIndex = 0xfffffffe;
+    const char			*ownerPassword = NULL; 
+    unsigned int		dataSource = 0;
+    const char 			*commandData = NULL;
+    const char 			*datafilename = NULL;
+    uint16_t 			offset = 0;			/* default 0 */
+    size_t 			writeLength;		/* file bytes to write */
+    unsigned char 		*writeBuffer = NULL; 	/* file buffer to write */
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		commandData = argv[i];
+		dataSource++;
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+		dataSource++;
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0xfffffffe) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (dataSource > 1) {
+	printf("More than one input data source (-if, -ic)\n");
+	printUsage();
+    }
+    /* if there is no input data source, default to 0 byte write */
+    if ((rc == 0) && (dataSource == 0)) {
+	in.dataSize = 0;
+    }
+    /* -if, file data can be written in chunks */
+    if ((rc == 0) && (datafilename != NULL)) {
+	rc = TSS_File_ReadBinaryFile(&writeBuffer,     /* freed @1 */
+				     &writeLength,
+				     datafilename);
+    }
+    if ((rc == 0) && (datafilename != NULL)) {
+	if (writeLength > sizeof(in.data)) {
+	    printf("nvwritevalue: size %u greater than %u\n",
+		   (unsigned int)writeLength, (unsigned int)sizeof(in.data));	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    in.dataSize = writeLength;
+	    memcpy(in.data, writeBuffer, writeLength);
+	}
+    }
+    if ((rc == 0) && (commandData != NULL)) {
+	if (strlen(commandData) >  sizeof(in.data)) {
+	    printf("nvwritevalue: size %u greater than %u\n",
+		   (unsigned int)strlen(commandData), (unsigned int)sizeof(in.data));	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    in.dataSize = strlen(commandData);
+	    memcpy(in.data, commandData, strlen(commandData));
+	}
+    }
+    if (rc == 0) {
+       in.nvIndex = nvIndex;
+       in.offset = offset;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_NV_WriteValue,
+			 sessionHandle0, ownerPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvwritevalue: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvwritevalue: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(writeBuffer);	/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvwritevalue\n");
+    printf("\n");
+    printf("Runs TPM_NV_WriteValue\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdo\towner password (default zeros)]\n");
+    printf("\t[-ic\tdata string]\n");
+    printf("\t[-if\tdata file]\n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
diff --git a/utils12/nvwritevalueauth.c b/utils12/nvwritevalueauth.c
new file mode 100644
index 000000000..bee0481d2
--- /dev/null
+++ b/utils12/nvwritevalueauth.c
@@ -0,0 +1,260 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 NV_WriteValueAuth				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    NV_WriteValueAuth_In	in;
+    TPM12_NV_INDEX		nvIndex = 0xfffffffe;
+    const char			*nvPassword = NULL; 
+    unsigned int		dataSource = 0;
+    const char 			*commandData = NULL;
+    const char 			*datafilename = NULL;
+    uint16_t 			offset = 0;			/* default 0 */
+    size_t 			writeLength;		/* file bytes to write */
+    unsigned char 		*writeBuffer = NULL; 	/* file buffer to write */
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &nvIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdn") == 0) {
+	    i++;
+	    if (i < argc) {
+		nvPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdn option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ic") == 0) {
+	    i++;
+	    if (i < argc) {
+		commandData = argv[i];
+		dataSource++;
+	    }
+	    else {
+		printf("-ic option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i], "-if")  == 0) {
+	    i++;
+	    if (i < argc) {
+		datafilename = argv[i];
+		dataSource++;
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-off") == 0) {
+	    i++;
+	    if (i < argc) {
+		offset = atoi(argv[i]);
+	    }
+	    else {
+		printf("-off option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (nvIndex == 0xfffffffe) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (dataSource > 1) {
+	printf("More than one input data source (-if, -ic)\n");
+	printUsage();
+    }
+    /* if there is no input data source, default to 0 byte write */
+    if ((rc == 0) && (dataSource == 0)) {
+	in.dataSize = 0;
+    }
+    /* -if, file data can be written in chunks */
+    if ((rc == 0) && (datafilename != NULL)) {
+	rc = TSS_File_ReadBinaryFile(&writeBuffer,     /* freed @1 */
+				     &writeLength,
+				     datafilename);
+    }
+    if ((rc == 0) && (datafilename != NULL)) {
+	if (writeLength > sizeof(in.data)) {
+	    printf("nvwritevalueauth: size %u greater than %u\n",
+		   (unsigned int)writeLength, (unsigned int)sizeof(in.data));	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    in.dataSize = writeLength;
+	    memcpy(in.data, writeBuffer, writeLength);
+	}
+    }
+    if ((rc == 0) && (commandData != NULL)) {
+	if (strlen(commandData) >  sizeof(in.data)) {
+	    printf("nvwritevalueauth: size %u greater than %u\n",
+		   (unsigned int)strlen(commandData), (unsigned int)sizeof(in.data));	
+	    rc = TSS_RC_INSUFFICIENT_BUFFER;
+	}
+	else {
+	    in.dataSize = strlen(commandData);
+	    memcpy(in.data, commandData, strlen(commandData));
+	}
+    }
+    if (rc == 0) {
+       in.nvIndex = nvIndex;
+       in.offset = offset;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_NV_WriteValueAuth,
+			 sessionHandle0, nvPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("nvwritevalueauth: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("nvwritevalueauth: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(writeBuffer);	/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("nvwritevalueauth\n");
+    printf("\n");
+    printf("Runs TPM_NV_WriteValueAuth\n");
+    printf("\n");
+    printf("\t-ha\tNV index handle\n");
+    printf("\t[-pwdn\tpassword for NV index (default zeros)]\n");
+    printf("\t[-ic\tdata string]\n");
+    printf("\t[-if\tdata file]\n");
+    printf("\t[-off\toffset (default 0)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
diff --git a/utils12/oiap.c b/utils12/oiap.c
new file mode 100644
index 000000000..3614b898c
--- /dev/null
+++ b/utils12/oiap.c
@@ -0,0 +1,125 @@
+/********************************************************************************/
+/*										*/
+/*			    OIAP		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    OIAP_Out 			out;
+    /* const char			*nonceEvenFilename = NULL; */
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 NULL,
+			 NULL,
+			 TPM_ORD_OIAP,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.authHandle);
+	if (tssUtilsVerbose) printf("oiap: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("oiap: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("oiap\n");
+    printf("\n");
+    printf("Runs TPM_OIAP\n");
+    printf("\n");
+    exit(1);	
+}
diff --git a/utils12/osap.c b/utils12/osap.c
new file mode 100644
index 000000000..669e04504
--- /dev/null
+++ b/utils12/osap.c
@@ -0,0 +1,172 @@
+/********************************************************************************/
+/*										*/
+/*			    OSAP		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#if 0
+#include <ibmtss/tss12.h>
+#endif
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    OSAP_In 			in ;
+    OSAP_Out 			out;
+    OSAP_Extra			extra;
+    /* const char			*nonceEvenFilename = NULL; */
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    in.entityValue = TPM_RH_NULL;
+    extra.usagePassword = NULL;	/* default */
+    
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i], "%x", &in.entityValue);
+	    }
+	    else {
+		printf("Bad parameter %s for -ha\n", argv[i]);
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwd") == 0) {
+	    i++;
+	    if (i < argc) {
+		extra.usagePassword = argv[i];
+	    }
+	    else {
+		printf("-pwd option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (in.entityValue == TPM_RH_NULL) {
+	printf("Missing or invalid value for -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (in.entityValue == TPM_RH_SRK) {	/* TPM_EK_SRK */
+	    in.entityType = 0x0004;		/* XOR */
+	}
+	else if (in.entityValue == TPM_RH_OWNER) { /* TPM_ET_OWNER */
+	    in.entityType = 0x0002;		/* XOR */
+	}
+	else {					/* TPM_ET_KEYHANDLE */
+	    in.entityType = 0x0001;		/* XOR */
+	}
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 (EXTRA_PARAMETERS *)&extra,
+			 TPM_ORD_OSAP,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	printf("Handle %08x\n", out.authHandle);
+	if (tssUtilsVerbose) printf("osap: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("osap: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("osap\n");
+    printf("\n");
+    printf("Runs TPM_OSAP\n");
+    printf("\n");
+    printf("\t-ha\tentity value\n");
+    printf("\t\tOwner 40000001\n");
+    printf("\t\tSRK 40000000\n");
+    printf("\t[-pwd\tentity password (default zeros)]\n");
+    exit(1);	
+}
diff --git a/utils12/ownerreadinternalpub.c b/utils12/ownerreadinternalpub.c
new file mode 100644
index 000000000..ee699d81e
--- /dev/null
+++ b/utils12/ownerreadinternalpub.c
@@ -0,0 +1,211 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 OwnerReadInternalPub			*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    OwnerReadInternalPub_In	in;
+    OwnerReadInternalPub_Out	out;
+    const char			*keyHandleType = NULL;
+    const char			*ownerPassword = NULL; 
+    const char 			*pubkeyFilename = NULL;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyHandleType = argv[i];	
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-op",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		pubkeyFilename = argv[i];
+	    } else {
+		printf("Missing parameter for -op\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandleType == NULL) {
+	printf("Missing handle parameter -ha\n");
+	printUsage();
+    }
+    if (strcmp(keyHandleType, "ek") == 0) {
+	in.keyHandle = TPM_RH_EK;
+    }
+    else if (strcmp(keyHandleType, "srk") == 0) {
+	in.keyHandle = TPM_RH_SRK;
+    }
+    else {
+	printf("Bad parameter parameter %s for -ha\n", keyHandleType);
+	printUsage();
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_OwnerReadInternalPub,
+			 sessionHandle0, ownerPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+	
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    /* save the TPM_PUBKEY key */
+    if ((rc == 0) && (pubkeyFilename != NULL)) {
+	rc = TSS_File_WriteStructure(&out.publicPortion,
+				     (MarshalFunction_t)TSS_TPM_PUBKEY_Marshalu,
+				     pubkeyFilename);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("public key",
+					  out.publicPortion.pubKey.key,
+					  out.publicPortion.pubKey.keyLength);
+	if (tssUtilsVerbose) printf("ownerreadinternalpub: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("ownerreadinternalpub: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("ownerreadinternalpub\n");
+    printf("\n");
+    printf("Runs TPM_OwnerReadInternalPub\n");
+    printf("\n");
+    printf("\t-ha\tkey handle type [ek, srk]\n");
+    printf("\t[-pwdo \twner password (default zeros)]\n");
+    printf("\t[-op\tTPM_PUBKEY key file name (default do not save)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/ownersetdisable.c b/utils12/ownersetdisable.c
new file mode 100644
index 000000000..13ae6f74d
--- /dev/null
+++ b/utils12/ownersetdisable.c
@@ -0,0 +1,200 @@
+/********************************************************************************/
+/*										*/
+/*			     	TPM OwnerSetDisable                      	*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tpmstructures12.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    OwnerSetDisable_In 		in;
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+    const char 			*ownerPassword = NULL;
+    const char 			*ownerAuthFilename = NULL;
+    const uint8_t		*ownerAuth;			/* either command line or file */
+    int				disableState = TRUE;		/* default enable */
+    unsigned char 		*data = NULL;			/* ownerAuth */
+    size_t 			length;
+	
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i], "-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("Missing parameter to -pwdo\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwdof") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerAuthFilename = argv[i];
+	    }
+	    else {
+		printf("-pwdof option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-en")) {
+	    disableState = FALSE;
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((ownerPassword != NULL) && (ownerAuthFilename != NULL)) {
+	printf("\nCannot have -pwdo and -pwdof arguments\n");
+	printUsage();
+    }
+    /* get the owner password from a file */
+    if (ownerAuthFilename != NULL) {
+	if (rc == 0) {
+	    rc = TSS_File_ReadBinaryFile(&data,     /* freed @1 */
+					 &length,
+					 ownerAuthFilename);
+	}
+	if (rc == 0) {
+	    ownerAuth = data;
+	}
+    }
+    else {
+	ownerAuth = (uint8_t *)ownerPassword; 	/* can be NULL */
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	in.disableState = disableState;
+	rc = TSS_Execute(tssContext,
+			 NULL,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_OwnerSetDisable,
+			 sessionHandle0, ownerAuth, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("ownersetdisable: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("ownersetdisable: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(data);				/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("ownersetdisable\n");
+    printf("\n");
+    printf("Runs TPM_OwnerSetDisable\n");
+    printf("\n");
+    printf("\t[-pwdo\t owner password]\n");
+    printf("\t[-pwdof\t owner authorization file name\n");
+    printf("\t-en\tenable the TPM (default disable)\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/pcrread.c b/utils12/pcrread.c
new file mode 100644
index 000000000..ed07d21a6
--- /dev/null
+++ b/utils12/pcrread.c
@@ -0,0 +1,160 @@
+/********************************************************************************/
+/*										*/
+/*			    PcrRead		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC			rc = 0;
+    int				i;    /* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    PcrRead12_In 		in;
+    PcrRead12_Out 		out;
+    TPM_PCRINDEX 		pcrIndex = IMPLEMENTATION_PCR;
+    int				noSpace = FALSE;
+    
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-ha") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%u", &pcrIndex);
+	    }
+	    else {
+		printf("Missing parameter for -ha\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+ 	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (pcrIndex >= IMPLEMENTATION_PCR) {
+	printf("Missing or bad PCR handle parameter -ha\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	in.pcrIndex = pcrIndex;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_PcrRead,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if (rc == 0) {
+	/* machine readable format */
+	if (noSpace) {
+	    uint32_t bp;
+	    for (bp = 0 ; bp < SHA1_DIGEST_SIZE ; bp++) {
+		printf("%02x", out.outDigest[bp]);
+	    }
+	    printf("\n");
+	}
+	/* human readable format */
+	else {
+	    TSS_PrintAll("PCR", out.outDigest, SHA1_DIGEST_SIZE);
+	    if (tssUtilsVerbose) printf("pcrread: success\n");
+	}
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("pcrread: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("pcrread\n");
+    printf("\n");
+    printf("Runs TPM_PcrRead\n");
+    printf("\n");
+    printf("\t-ha\tPCR index\n");
+    printf("\t[-ns\tno space, no text, no newlines\n");
+    exit(1);	
+}
diff --git a/utils12/quote2.c b/utils12/quote2.c
new file mode 100644
index 000000000..ac2821d26
--- /dev/null
+++ b/utils12/quote2.c
@@ -0,0 +1,327 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Quote2					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Quote2_In			in;
+    Quote2_Out			out;
+    TPM_KEY_HANDLE		keyHandle = 0;
+    const char			*keyPassword = NULL; 
+    const char			*signatureFilename = NULL;
+    const char			*externalDataFilename = NULL;
+    unsigned char 		*externalData = NULL;
+    size_t 			externalDatalength;
+    const char 			*keyFilename = NULL;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+	
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-pwdk",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ed") == 0) {
+	    i++;
+	    if (i < argc) {
+		externalDataFilename = argv[i];
+	    }
+	    else {
+		printf("-ed option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ik") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyFilename = argv[i];
+	    }
+	    else {
+		printf("-ik option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	if (externalDataFilename != NULL) {
+	    if (rc == 0) {
+		rc = TSS_File_ReadBinaryFile(&externalData ,     /* freed @1*/
+					     &externalDatalength,
+					     externalDataFilename);
+	    }
+	    if (rc == 0) {
+		if (externalDatalength != TPM_NONCE_SIZE) {
+		    printf("externalData %s must contain %u bytes, is %u\n",
+			   externalDataFilename, TPM_NONCE_SIZE,
+			   (unsigned int)externalDatalength);
+		    rc = TSS_RC_INSUFFICIENT_BUFFER;
+		}
+	    }
+	    if (rc == 0) {
+		memcpy(in.externalData, externalData, TPM_NONCE_SIZE);
+	    }
+	}
+	else {
+	    memset(in.externalData, 0, TPM_NONCE_SIZE);
+	}
+    }
+    if (rc == 0) {
+	in.keyHandle = keyHandle;
+	in.targetPCR.sizeOfSelect = 3;
+	in.targetPCR.pcrSelect[0] = 0;
+	in.targetPCR.pcrSelect[1] = 0;
+	in.targetPCR.pcrSelect[2] = 0;
+	in.addVersion = 1;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_Quote2,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile((uint8_t *)out.sig, out.sigSize, signatureFilename) ;
+    }
+    /* if a key file was specified, verify the signature */
+    if (keyFilename != NULL) {
+	TPM_QUOTE_INFO2 q1;
+	uint8_t		*q1Buffer = NULL;		/* freed @1 */
+	uint16_t	q1Written;
+	uint8_t		*vBuffer = NULL;		/* freed @2 */
+	uint16_t	vWritten;
+	TPMT_HA		q1Digest;
+	TPM_KEY12 	quoteKey;
+	RSA         	*rsaPubKey = NULL;
+	TPMT_SIGNATURE 	tSignature;
+
+	/* construct marshaled TPM_QUOTE_INFO2 */
+	if (rc == 0) {
+	    memcpy(&q1.fixed, "QUT2", 4);
+	    memcpy(&(q1.externalData), &in.externalData, TPM_NONCE_SIZE);
+	    q1.infoShort = out.pcrData;
+	    rc = TSS_Structure_Marshal(&q1Buffer,	/* freed @1 */
+				       &q1Written,
+				       &q1,
+				       (MarshalFunction_t)TSS_TPM_QUOTE_INFO2_Marshalu);
+	}
+	/* construct marshaled TPM_CAP_VERSION_INFO */
+	if (rc == 0) {
+	    rc = TSS_Structure_Marshal(&vBuffer,	/* freed @2 */
+				       &vWritten,
+				       &out.versionInfo,
+				       (MarshalFunction_t)TSS_TPM_CAP_VERSION_INFO_Marshalu);
+	}
+	/* recalculate the signed hash */
+	if (rc == 0) {
+	    q1Digest.hashAlg = TPM_ALG_SHA1;
+	    rc = TSS_Hash_Generate(&q1Digest,	
+				   q1Written, q1Buffer,	/* TPM_QUOTE_INFO2 */
+				   vWritten, vBuffer,	/* TPM_CAP_VERSION_INFO */
+				   0, NULL);
+	}
+	/* get the signing (quote public) key */
+	if (rc == 0) {
+	    rc = TSS_File_ReadStructure(&quoteKey,
+					(UnmarshalFunction_t)TSS_TPM_KEY12_Unmarshalu,
+					keyFilename);
+	}
+	/* construct the OpenSSL RSA public key token */
+	if (rc == 0) {
+	    unsigned char earr[3] = {0x01, 0x00, 0x01};
+	    rc = TSS_RSAGeneratePublicToken
+		 (&rsaPubKey,			/* freed @3 */
+		  quoteKey.pubKey.key,	 	/* public modulus */
+		  quoteKey.pubKey.keyLength,
+		  earr,      			/* public exponent */
+		  sizeof(earr));
+	}
+	if (rc == 0) {
+	    rc = convertRsaBinToTSignature(&tSignature,
+					   TPM_ALG_SHA1,
+					   out.sig,
+					   out.sigSize);
+	}
+	/* verify the TPM signature */
+	if (rc == 0) {
+	    rc = verifyRSASignatureFromRSA((uint8_t *)&q1Digest.digest,
+					   SHA1_DIGEST_SIZE,
+					   &tSignature,
+					   TPM_ALG_SHA1,
+					   rsaPubKey);
+	}
+	free(q1Buffer);		/* @1 */
+	free(vBuffer);		/* @2 */
+	if (rsaPubKey != NULL) {
+	    RSA_free(rsaPubKey); 	/* @3 */
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("quote2: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("quote2: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    free(externalData);
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("quote2\n");
+    printf("\n");
+    printf("Runs TPM_Quote2\n");
+    printf("\n");
+    printf("\t-hk\tquoting key handle\n");
+    printf("\t[-pwdk\tpassword for quoting key (default zeros)]\n");
+    printf("\t[-ed\texternal data file name (default zeros)]\n");
+    printf("\t[-os\tquote signature file name (default do not save)]\n");
+    printf("\t[-ik\tkey file name for verify (default do not verify)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/reg.sh b/utils12/reg.sh
new file mode 100755
index 000000000..36e4dc624
--- /dev/null
+++ b/utils12/reg.sh
@@ -0,0 +1,393 @@
+#!/bin/bash
+#
+
+# for rapid prototyping with scripts
+export TPM_ENCRYPT_SESSIONS=0
+export TPM_DATA_DIR=.
+PREFIX=./
+
+checkSuccess()
+{
+    if [ $1 -ne 0 ]; then
+	echo " ERROR:"
+	cat run.out
+	exit 255
+    else
+	echo " INFO:"
+    fi
+}
+
+checkFailure()
+{
+    if [ $1 -eq 0 ]; then
+	echo " ERROR:"
+	cat run.out
+	exit 255
+    else
+	echo " INFO:"
+    fi
+}
+
+# just for the prototype, start with basic keys
+
+
+# ./reg.sh -0
+
+echo -n 123 > wtmp.txt
+
+echo ""
+echo "TPM 1.2"
+echo ""
+
+echo "Reboot"
+${PREFIX}tpminit -v > run.out
+checkSuccess $?
+
+echo "Startup"
+${PREFIX}startup -c -st -v > run.out
+checkSuccess $?
+
+echo "Create Endorsement Key"
+${PREFIX}createendorsementkeypair -v > run.out
+checkSuccess $?
+
+echo "OIAP session for Take Ownership"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle $OIAP"
+
+echo "Take Ownership"
+${PREFIX}takeownership -pwdo ooo -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "OIAP and OSAP"
+echo ""
+
+echo "Start OSAP session using owner auth"
+${PREFIX}osap -ha 40000001 -pwd ooo > run.out
+checkSuccess $?
+
+OSAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle $OSAP"
+
+echo "ownersetdisable enable"
+${PREFIX}ownersetdisable -en -pwdo ooo -se0 $OSAP 0 -v > run.out
+checkSuccess $?
+
+echo "Start OIAP"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle $OIAP"
+
+echo "ownersetdisable enable"
+${PREFIX}ownersetdisable -en -pwdo ooo -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "OwnerReadInternalPub"
+echo ""
+
+echo "Start OIAP session for owner auth"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP"
+
+echo "Read EK"
+${PREFIX}ownerreadinternalpub -ha ek -pwdo ooo -op ekpub.bin -se0 $OIAP 1 -v > run.out
+checkSuccess $?
+
+echo "Read SRK"
+${PREFIX}ownerreadinternalpub -ha srk -pwdo ooo -op srkpub.bin -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "Quote with AIK"
+echo ""
+
+echo "Start OIAP session for SRK auth"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP0=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP0"
+
+echo "Start OSAP for owner auth"
+${PREFIX}osap -ha 40000001 -pwd ooo > run.out
+checkSuccess $?
+
+OSAP1=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle 1 $OSAP1"
+
+echo "makeidentity -pwdo ooo -ok idkey.bin -op idpub.bin -v -se0 $OIAP0 0 -se1 $OSAP1 0"
+${PREFIX}makeidentity -pwdo ooo -ok idkey.bin -op idpub.bin -v -se0 $OIAP0 0 -se1 $OSAP1 0 > run.out
+checkSuccess $?
+
+echo "Start OIAP session for SRK auth"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP0=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP0"
+
+echo "loadkey2 -hp 40000000 -ik idkey.bin -se0 $OIAP0 1 -v >! run.out"
+${PREFIX}loadkey2 -hp 40000000 -ik idkey.bin -se0 $OIAP0 0 -v > run.out
+checkSuccess $?
+
+KEY0=`grep Handle run.out | gawk '{ print $2 }'`
+echo "Key handle 0 $KEY0"
+
+echo "Start OSAP for quote key null auth"
+${PREFIX}osap -ha $KEY0 > run.out
+checkSuccess $?
+
+OSAP0=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle 1 $OSAP0"
+
+echo "quote2 -hk $KEY0 -os sig.bin -ik idkey.bin -se0 $OSAP0 0 -v >! run.out"
+${PREFIX}quote2 -hk $KEY0 -os sig.bin -ik idkey.bin -se0 $OSAP0 0 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "ActivateIdentity"
+echo ""
+
+echo "Calculate the EK blob"
+${PREFIX}makeekblob -iak idpub.bin -iek ekpub.bin -ob encblob.bin -ok symkey1.bin -v > run.out
+checkSuccess $?
+
+echo "Start OIAP session for AIK auth"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP0=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP0"
+
+echo "Start OIAP session for owner auth"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP1=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 1 $OIAP1"
+
+echo "Activate the EK blob"
+${PREFIX}activateidentity -ha $KEY0 -pwdo ooo -ib encblob.bin -ok symkey2.bin -se0 $OIAP0 0 -se1 $OIAP1 0 -v > run.out
+checkSuccess $?
+
+echo "Verify the recovered key"
+diff symkey1.bin symkey2.bin > run.out
+checkSuccess $?
+
+echo "Flush key $KEY0"
+${PREFIX}flushspecific -ha $KEY0 -rt 1 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "PCR"
+echo ""
+
+echo "Extend PCR 16"
+${PREFIX}extend -ha 16 -ic aaa > run.out
+checkSuccess $?
+
+echo "Read PCR 16"
+${PREFIX}pcrread -ha 16 > run.out
+checkSuccess $?
+
+echo ""
+echo "NV"
+echo ""
+
+echo "Start OSAP session using owner auth"
+${PREFIX}osap -ha 40000001 -pwd ooo > run.out
+checkSuccess $?
+
+OSAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle $OSAP"
+
+echo "NV Define Space for EK Certificate - D bit set, must be done before NV lock"
+${PREFIX}nvdefinespace -ha 1000f000 -sz 1400 -per 00020002 -v -se0 $OSAP 0 > run.out
+checkSuccess $?
+
+echo "Set NV Lock"
+${PREFIX}nvdefinespace -ha ffffffff -sz 0 -v > run.out
+checkSuccess $?
+
+echo "Start OSAP session using owner auth"
+${PREFIX}osap -ha 40000001 -pwd ooo > run.out
+checkSuccess $?
+
+OSAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle $OSAP"
+
+echo "NV Define Space"
+${PREFIX}nvdefinespace -ha 10 -sz 20 -pwdn nnn -v -se0 $OSAP 0 > run.out
+checkSuccess $?
+
+echo "Start OIAP session"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP"
+
+echo "NV Write"
+${PREFIX}nvwritevalueauth -ha 10 -pwdn nnn -if wtmp.txt -se0 $OIAP 1 -v > run.out
+checkSuccess $?
+
+echo "NV Read"
+${PREFIX}nvreadvalueauth -ha 10 -pwdn nnn -of rtmp.txt -sz 3 -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+echo "Verify the NV write / read result"
+diff wtmp.txt rtmp.txt > run.out
+checkSuccess $?
+
+echo "Start OSAP session using owner auth"
+${PREFIX}osap -ha 40000001 -pwd ooo > run.out
+checkSuccess $?
+
+OSAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle $OSAP"
+
+echo "NV Undefine space"
+${PREFIX}nvdefinespace -ha 10 -sz 0 -v  -se0 $OSAP 0 > run.out
+checkSuccess $?
+
+echo ""
+echo "EK Certificate Provisioning"
+echo ""
+
+echo "Start OIAP session"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle $OIAP"
+
+echo "NV Write with owner auth"
+${PREFIX}nvwritevalue -ha 1000f000 -pwdo ooo -if wtmp.txt -se0 $OIAP 1 -v > run.out
+checkSuccess $?
+
+echo "NV Read with owner auth"
+${PREFIX}nvreadvalue -ha 1000f000 -pwdo ooo -of rtmp.txt -sz 3 -se0 $OIAP 1 -v > run.out
+checkSuccess $?
+
+echo "Verify the NV write / read result"
+diff wtmp.txt rtmp.txt > run.out
+checkSuccess $?
+
+echo "Read EK public key"
+${PREFIX}ownerreadinternalpub -ha ek -pwdo ooo -op ekpub.bin -se0 $OIAP 1 -v > run.out
+checkSuccess $?
+
+echo "Create the EK Certificate"
+${PREFIX}createekcert -pwdo ooo -iek ekpub.bin -of ekcert.der -cakey ../utils/cakey.pem -capwd rrrr -vv > run.out
+checkSuccess $?
+
+echo "Read the EK Certificate"
+${PREFIX}nvreadvalue -pwdo ooo -ha 1000f000 -cert -of ekcert.der -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "Storage Key"
+echo ""
+
+echo "Start OSAP session using SRK auth"
+${PREFIX}osap -ha 40000000 > run.out
+checkSuccess $?
+
+OSAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle $OSAP"
+
+echo "Create a child storage key"
+${PREFIX}createwrapkey -st -hp 40000000 -pwdk kkk -ok tmpstk.bin -se0 $OSAP 0 -v > run.out
+checkSuccess $?
+
+echo "Start OIAP session"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP"
+
+echo "Load the child storage key"
+${PREFIX}loadkey2 -hp 40000000 -ik tmpstk.bin -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+KEYS=`grep Handle run.out | gawk '{ print $2 }'`
+echo "Key handle 0 $KEYS"
+
+echo "Start OSAP session using SRK auth"
+${PREFIX}osap -ha $KEYS -pwd kkk > run.out
+checkSuccess $?
+
+OSAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OSAP handle $OSAP"
+
+echo "Create a child signing key under the child storage key $KEYS"
+${PREFIX}createwrapkey -si -hp $KEYS -pwdk sii -ok tmpsik.bin -se0 $OSAP 0 -v > run.out
+checkSuccess $?
+
+echo "Start OIAP session"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle 0 $OIAP"
+
+echo "Load the child signing key under the child storage key $KEYS"
+${PREFIX}loadkey2 -hp $KEYS -pwdp kkk -ik tmpsik.bin -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+KEYI=`grep Handle run.out | gawk '{ print $2 }'`
+echo "Key handle 0 $KEYI"
+
+echo "Flush child storage key $KEYS"
+${PREFIX}flushspecific -ha $KEYS -rt 1 -v > run.out
+checkSuccess $?
+
+echo ""
+echo "Signing Key"
+echo ""
+
+echo "Start OIAP"
+${PREFIX}oiap > run.out
+checkSuccess $?
+
+OIAP=`grep Handle run.out | gawk '{ print $2 }'`
+echo "OIAP handle $OIAP"
+
+echo "Sign and Verify"
+${PREFIX}sign -hk $KEYI -pwdk sii -if wtmp.txt -os tmpsig.bin -ik tmpsik.bin -se0 $OIAP 0 -v > run.out
+checkSuccess $?
+
+echo "Flush storage key $KEYS"
+${PREFIX}flushspecific -ha $KEYI -rt 1 -v > run.out
+checkSuccess $?
+
+# cleanup
+
+rm -f wtmp.txt
+rm -f rtmp.txt
+rm -f idkey.bin
+rm -f sig.bin
+rm -f ekpub.bin
+rm -f srkpub.bin
+rm -f idpub.bin
+rm -f encblob.bin
+rm -f symkey1.bin
+rm -f symkey2.bin
+rm -f ekcert.der
+rm -f tmpstk.bin
+rm -f tmpsik.bin
+rm -f tmpsig.bin
+rm -f run.out
+
+exit
diff --git a/utils12/sign.c b/utils12/sign.c
new file mode 100644
index 000000000..1c831db68
--- /dev/null
+++ b/utils12/sign.c
@@ -0,0 +1,282 @@
+/********************************************************************************/
+/*										*/
+/*			    TPM 1.2 Sign					*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tpmstructures12.h>
+#include <ibmtss/tssmarshal12.h>
+#include <ibmtss/Unmarshal12_fp.h>
+#include "cryptoutils.h"
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char * argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    Sign12_In			in;
+    Sign12_Out			out;
+    TPM_KEY_HANDLE		keyHandle = 0;
+    const char			*keyPassword = NULL; 
+    const char			*signatureFilename = NULL;
+    const char			*inputFilename = NULL;
+    unsigned char 		*input = NULL;
+    size_t 			inputlength;
+    TPMT_HA 			areaToSign;
+    const char 			*keyFilename = NULL;
+    TPM_AUTHHANDLE 		sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+	
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-hk") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &keyHandle);
+	    }
+	    else {
+		printf("Missing parameter for -hk\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp("-pwdk",argv[i])) {
+	    i++;
+	    if (i < argc) {
+		keyPassword = argv[i];
+	    } else {
+		printf("Missing parameter for -pwdk\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inputFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-os") == 0) {
+	    i++;
+	    if (i < argc) {
+		signatureFilename = argv[i];
+	    }
+	    else {
+		printf("-os option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-ik") == 0) {
+	    i++;
+	    if (i < argc) {
+		keyFilename = argv[i];
+	    }
+	    else {
+		printf("-ik option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (keyHandle == 0) {
+	printf("Missing handle parameter -hk\n");
+	printUsage();
+    }
+    if (inputFilename == NULL) {
+	printf("Missing input filename -if\n");
+	printUsage();
+    }
+    if (rc == 0) {
+	rc = TSS_File_ReadBinaryFile(&input,     	/* freed @1*/
+				     &inputlength,
+				     inputFilename);
+    }
+    if (rc == 0) {
+	in.keyHandle = keyHandle;
+	areaToSign.hashAlg = TPM_ALG_SHA1; 
+	rc = TSS_Hash_Generate(&areaToSign,
+			       inputlength, input,
+			       0, NULL);
+	memcpy(in.areaToSign, (uint8_t *)&areaToSign.digest, SHA1_DIGEST_SIZE);
+	in.areaToSignSize = SHA1_DIGEST_SIZE;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_Sign,
+			 sessionHandle0, keyPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    if ((rc == 0) && (signatureFilename != NULL)) {
+	rc = TSS_File_WriteBinaryFile((uint8_t *)out.sig, out.sigSize, signatureFilename) ;
+    }
+    /* if a key file was specified, verify the signature */
+    if (keyFilename != NULL) {
+	TPM_KEY12 	signingKey;
+	RSA         	*rsaPubKey = NULL;
+	TPMT_SIGNATURE 	tSignature;
+
+	/* get the signing key */
+	if (rc == 0) {
+	    rc = TSS_File_ReadStructure(&signingKey,
+					(UnmarshalFunction_t)TSS_TPM_KEY12_Unmarshalu,
+					keyFilename);
+	}
+	/* construct the OpenSSL RSA public key token */
+	if (rc == 0) {
+	    unsigned char earr[3] = {0x01, 0x00, 0x01};
+	    rc = TSS_RSAGeneratePublicToken
+		 (&rsaPubKey,			/* freed @3 */
+		  signingKey.pubKey.key,	 	/* public modulus */
+		  signingKey.pubKey.keyLength,
+		  earr,      			/* public exponent */
+		  sizeof(earr));
+	}
+	if (rc == 0) {
+	    rc = convertRsaBinToTSignature(&tSignature,
+					   TPM_ALG_SHA1,
+					   out.sig,
+					   out.sigSize);
+	}
+	/* verify the TPM signature */
+	if (rc == 0) {
+	    rc = verifyRSASignatureFromRSA((uint8_t *)&areaToSign.digest,
+					   SHA1_DIGEST_SIZE,
+					   &tSignature,
+					   TPM_ALG_SHA1,
+					   rsaPubKey);
+	}
+	if (rsaPubKey != NULL) {
+	    RSA_free(rsaPubKey); 	/* @3 */
+	}
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("sign: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("sign: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+free(input);		/* @1 */
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("sign\n");
+    printf("\n");
+    printf("Runs TPM_Sign\n");
+    printf("\n");
+    printf("\t-hk\tsigning key handle\n");
+    printf("\t[-pwdk\tpassword for signing key (default zeros)]\n");
+    printf("\t-if\tinput area to hash and sign\n");
+    printf("\t[-os\tsign signature file name (default do not save)]\n");
+    printf("\t[-ik\tkey file name to verify signature (default no verify)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    printf("\t\t01 continue\n");
+    exit(1);
+}
+
+
diff --git a/utils12/startup.c b/utils12/startup.c
new file mode 100644
index 000000000..8b5261a98
--- /dev/null
+++ b/utils12/startup.c
@@ -0,0 +1,192 @@
+/********************************************************************************/
+/*										*/
+/*			    Startup		 				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tpmstructures12.h>
+
+static void printUsage(void);
+TPM_RC selftestCommand(void);
+TPM_RC startupCommand(TPM_SU startupType);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 		rc = 0;
+    int			i;				/* argc iterator */
+    int                 doStartup = TRUE;		/* default startup */
+    int                 doSelftest = FALSE;		/* default no self test */
+    TPM_STARTUP_TYPE	startupType = TPM_ST_CLEAR;
+   
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-c") == 0) {
+	    startupType = TPM_ST_CLEAR;
+	    doStartup = TRUE;
+	}
+	else if (strcmp(argv[i],"-s") == 0) {
+	    doStartup = TRUE;
+	    startupType = TPM_ST_STATE;
+	}
+	else if (strcmp(argv[i],"-d") == 0) {
+	    doStartup = TRUE;
+	    startupType = TPM_ST_DEACTIVATED;
+	}
+	else if (strcmp(argv[i],"-st") == 0) {
+	    doSelftest = TRUE;
+	}
+	else if (strcmp(argv[i],"-sto") == 0) {
+	    doStartup = FALSE;
+	    doSelftest = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if ((rc == 0) && doStartup) {
+	rc = startupCommand(startupType);
+    }
+    if ((rc == 0) && doSelftest) {
+	rc = selftestCommand();
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("startup: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("startup: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+TPM_RC startupCommand(TPM_SU startupType)
+{
+    TPM_RC 		rc = 0;
+    TSS_CONTEXT		*tssContext = NULL;
+    Startup12_In 	in;
+
+    /*
+      Start a TSS context
+    */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	in.startupType = startupType;
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_Startup,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    return rc;
+}
+
+TPM_RC selftestCommand(void)
+{
+    TPM_RC 		rc = 0;
+    TSS_CONTEXT		*tssContext = NULL;
+
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /* call TSS to execute the command */
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 NULL,
+			 NULL,
+			 TPM_ORD_ContinueSelfTest,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    /* Delete the TSS context */
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("startup\n");
+    printf("\n");
+    printf("Runs TPM_Startup\n");
+    printf("\n");
+    printf("\t[-c\tstartup clear (default)]\n");
+    printf("\t[-s\tstartup state]\n");
+    printf("\t[-d\tstartup deactivated]\n");
+    printf("\t[-st\trun TPM_ContinueSelfTest]\n");
+    printf("\t[-sto\trun only TPM_ContinueSelfTest (no startup)]\n");
+    exit(1);	
+}
+
diff --git a/utils12/takeownership.c b/utils12/takeownership.c
new file mode 100644
index 000000000..9b78bac46
--- /dev/null
+++ b/utils12/takeownership.c
@@ -0,0 +1,347 @@
+/********************************************************************************/
+/*										*/
+/*			     	TPM 1.2 TakeOwnership				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tpmstructures12.h>
+
+TPM_RC readPubek(TSS_CONTEXT	*tssContext,
+		 ReadPubek_Out	*readPubekOut,
+		 ReadPubek_In	*readPubekIn);
+
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 			rc = 0;
+    int				i;				/* argc iterator */
+    TSS_CONTEXT			*tssContext = NULL;
+    TakeOwnership_In		in;
+    TakeOwnership_Out		out;
+    ReadPubek_In		readPubekIn;
+    ReadPubek_Out		readPubekOut;
+    const char			*ownerPassword = NULL; 
+    const char			*srkPassword = NULL; 
+    TPMT_HA 			ownerAuth;
+    TPMT_HA 			srkAuth;
+    unsigned char 		earr[3] = {0x01, 0x00, 0x01}; /* public exponent */
+    TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RH_NULL;
+    unsigned int		sessionAttributes0 = 0;
+     
+#if 0
+    RSA *rsa = NULL;       	/* OpenSSL format Public Key */
+    FILE *keyfile;    	/* output file for public key */
+    EVP_PKEY *pkey = NULL;  /* OpenSSL public key */
+    int i;
+    unsigned char future_hash[TPM_HASH_SIZE];	/* hash argument in binary */
+
+#endif
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    tssUtilsVerbose = FALSE;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-pwdo") == 0) {
+	    i++;
+	    if (i < argc) {
+		ownerPassword = argv[i];
+	    }
+	    else {
+		printf("-pwdo option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pwds") == 0) {
+	    i++;
+	    if (i < argc) {
+		srkPassword = argv[i];
+	    }
+	    else {
+		printf("-pwds option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-se0") == 0) {
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionHandle0);
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	    i++;
+	    if (i < argc) {
+		sscanf(argv[i],"%x", &sessionAttributes0);
+		if (sessionAttributes0 > 0xff) {
+		    printf("Out of range session attributes for -se0\n");
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -se0\n");
+		printUsage();
+	    }
+	}
+	else if (!strcmp(argv[i], "-h")) {
+	    printUsage();
+	}
+	else if (!strcmp(argv[i], "-v")) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	if (ownerPassword == NULL) {
+	    memset((uint8_t *)&ownerAuth.digest, 0, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    ownerAuth.hashAlg = TPM_ALG_SHA1; 
+	    rc = TSS_Hash_Generate(&ownerAuth,
+				   strlen(ownerPassword), ownerPassword,
+				   0, NULL);
+	}
+    }
+    if (rc == 0) {
+	if (srkPassword == NULL) {
+	    memset((uint8_t *)&srkAuth.digest, 0, SHA1_DIGEST_SIZE);
+	}
+	else {
+	    srkAuth.hashAlg = TPM_ALG_SHA1; 
+	    rc = TSS_Hash_Generate(&srkAuth,
+				   strlen(srkPassword), srkPassword,
+				   0, NULL);
+	}
+    }
+    if (rc == 0) {
+	in.protocolID = TPM_PID_OWNER;
+	in.srkParams.keyUsage = TPM_KEY_STORAGE;
+	in.srkParams.keyFlags = 0;
+	in.srkParams.authDataUsage = TPM_AUTH_ALWAYS;
+	in.srkParams.algorithmParms.algorithmID = TPM_ALG_RSA;  
+	in.srkParams.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; 
+	in.srkParams.algorithmParms.sigScheme = TPM_ES_NONE;
+	in.srkParams.algorithmParms.parms.rsaParms.keyLength = 2048;  
+	in.srkParams.algorithmParms.parms.rsaParms.numPrimes = 2;  
+	in.srkParams.algorithmParms.parms.rsaParms.exponentSize = 0;  
+	in.srkParams.PCRInfo.localityAtCreation = TPM_LOC_ZERO;
+	in.srkParams.PCRInfo.localityAtRelease = TPM_LOC_ALL;
+	in.srkParams.PCRInfo.creationPCRSelection.sizeOfSelect = 3;
+	memset(in.srkParams.PCRInfo.creationPCRSelection.pcrSelect, 0, 3);
+	in.srkParams.PCRInfo.releasePCRSelection.sizeOfSelect = 3;
+	memset(in.srkParams.PCRInfo.releasePCRSelection.pcrSelect, 0, 3);
+	memset(in.srkParams.PCRInfo.digestAtCreation, 0, SHA1_DIGEST_SIZE);
+	memset(in.srkParams.PCRInfo.digestAtRelease, 0, SHA1_DIGEST_SIZE);
+	in.srkParams.pubKey.keyLength = 0;   
+	in.srkParams.encData.keyLength = 0;
+    }
+    /* Start a TSS context */
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    /*
+      encrypt the authorizations with the EK
+     */
+    /* read the EK public key */
+    if (rc == 0) {
+	rc = readPubek(tssContext,
+		       &readPubekOut,
+		       &readPubekIn);
+	if (tssUtilsVerbose) TSS_PrintAll("EK public key",
+				  readPubekOut.pubEndorsementKey.pubKey.key,
+				  readPubekOut.pubEndorsementKey.pubKey.keyLength);
+
+    }
+    /* encrypt the owner Auth */
+    if (rc == 0) {
+	if (tssUtilsVerbose) TSS_PrintAll("Owner Auth",
+				  (uint8_t *)&ownerAuth.digest,
+				  SHA1_DIGEST_SIZE);
+
+	in.encOwnerAuthSize = 256;
+	rc = TSS_RSAPublicEncrypt((uint8_t *)&in.encOwnerAuth,	/* encrypted data */
+				  /* size of encrypted data buffer */
+				  readPubekOut.pubEndorsementKey.pubKey.keyLength,   
+				  (uint8_t *)&ownerAuth.digest, /* decrypted data */
+				  SHA1_DIGEST_SIZE,
+				  readPubekOut.pubEndorsementKey.pubKey.key,	/* pub modulus */
+				  readPubekOut.pubEndorsementKey.pubKey.keyLength,
+				  earr, 			/* public exponent */
+				  sizeof(earr),
+				  (unsigned char *)"TCPA",	/* OAEP encoding parameter */
+				  4,				/* TCPA not null perminated */
+				  TPM_ALG_SHA1);
+	if (tssUtilsVerbose) TSS_PrintAll("Encrypted Owner Auth",
+				  in.encOwnerAuth,
+				  in.encOwnerAuthSize);
+
+    }
+    /* encrypt the SRK Auth */
+    if (rc == 0) {
+	in.encSrkAuthSize = 256;
+	rc = TSS_RSAPublicEncrypt((uint8_t *)&in.encSrkAuth,   	/* encrypted data */
+				  /* size of encrypted data buffer */
+				  readPubekOut.pubEndorsementKey.pubKey.keyLength,
+				  (uint8_t *)&srkAuth.digest, 	/* decrypted data */
+				  SHA1_DIGEST_SIZE,
+				  readPubekOut.pubEndorsementKey.pubKey.key,	/* pub modulus */
+				  readPubekOut.pubEndorsementKey.pubKey.keyLength,
+				  earr, 			/* public exponent */
+				  sizeof(earr),
+				  (unsigned char *)"TCPA",	/* OAEP encoding parameter */
+				  4,				/* TCPA not null perminated */
+				  TPM_ALG_SHA1);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)&out,
+			 (COMMAND_PARAMETERS *)&in,
+			 NULL,
+			 TPM_ORD_TakeOwnership,
+			 sessionHandle0, ownerPassword, sessionAttributes0,
+			 TPM_RH_NULL, NULL, 0);
+	
+	if (rc != 0) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("TPM_TakeOwnership: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+#if 0	/* FIXME save SRK public key */
+
+	/* convert the returned public key to OpenSSL format and */
+	/* export it to a file */
+    rsa = TSS_convpubkey(&(srk.pub));
+    if (rsa == NULL) {
+	printf("Error from TSS_convpubkey\n");
+	exit(-3);
+    }
+    pkey = EVP_PKEY_new();
+    if (pkey == NULL) {
+	printf("Unable to create EVP_PKEY\n");
+	exit(-4);
+    }
+    ret = EVP_PKEY_assign_RSA(pkey,rsa);
+    if (ret == 0) {
+	printf("Unable to assign public key to EVP_PKEY\n");
+	exit(-5);
+    }
+    keyfile = fopen("srk.pem","wb");
+    if (keyfile == NULL) {
+	printf("Unable to create public key file\n");
+	exit(-6);
+    }
+    ret = PEM_write_PUBKEY(keyfile,pkey);
+    if (ret == 0) {
+	printf("Unable to write public key file\n");
+	exit(-7);
+    }
+    fclose(keyfile);
+    EVP_PKEY_free(pkey);
+    exit(0);
+#endif
+    return rc;
+
+}
+
+TPM_RC readPubek(TSS_CONTEXT	*tssContext,
+		 ReadPubek_Out	*readPubekOut,
+		 ReadPubek_In	*readPubekIn)
+{
+    TPM_RC 	rc = 0;
+
+    if (rc == 0) {
+	memset(readPubekIn->antiReplay, 0, sizeof(readPubekIn->antiReplay));
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 (RESPONSE_PARAMETERS *)readPubekOut,
+			 (COMMAND_PARAMETERS *)readPubekIn,
+			 NULL,
+			 TPM_ORD_ReadPubek,
+			 TPM_RH_NULL, NULL, 0);
+	
+	if (rc != 0) {
+	    const char *msg;
+	    const char *submsg;
+	    const char *num;
+	    printf("TPM_ReadPubek: failed, rc %08x\n", rc);
+	    TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	    printf("%s%s%s\n", msg, submsg, num);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("takeownership\n");
+    printf("\n");
+    printf("Runs TPM_TakeOwnership\n");
+    printf("\n");
+    printf("\t[-pwdo\towner password (default zeros)]\n");
+    printf("\t[-pwds\tSRK password (default zeros)]\n");
+    printf("\n");
+    printf("\t-se0 session handle / attributes\n");
+    exit(1);
+}
diff --git a/utils12/tpminit.c b/utils12/tpminit.c
new file mode 100644
index 000000000..c1692e734
--- /dev/null
+++ b/utils12/tpminit.c
@@ -0,0 +1,117 @@
+/********************************************************************************/
+/*										*/
+/*			     Cause the SW TPM to reboot				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2018 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssresponsecode.h>
+#include <ibmtss/tpmstructures12.h>
+
+/* local prototypes */
+static void printUsage(void);
+
+int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC 		rc = 0;
+    int			i;				/* argc iterator */
+    TSS_CONTEXT		*tssContext = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+
+    /* command line argument defaults */
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (rc == 0) {
+	rc = TSS_Create(&tssContext);
+    }
+    if (rc == 0) {
+	rc = TSS_Execute(tssContext,
+			 NULL, 
+			 NULL,
+			 NULL,
+			 TPM_ORD_Init,
+			 TPM_RH_NULL, NULL, 0);
+    }
+    if (rc == 0) {
+	if (tssUtilsVerbose) printf("tpminit: success\n");
+    }
+    else {
+	const char *msg;
+	const char *submsg;
+	const char *num;
+	printf("tpminit: failed, rc %08x\n", rc);
+	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
+	printf("%s%s%s\n", msg, submsg, num);
+	rc = EXIT_FAILURE;
+    }
+    {
+	TPM_RC rc1 = TSS_Delete(tssContext);
+	if (rc == 0) {
+	    rc = rc1;
+	}
+    }
+    return rc;
+}
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("tpminit\n");
+    printf("\n");
+    printf("Runs TPM_Init - simulates reboot\n");
+    printf("\n");
+    exit(1);	
+    return;
+}
-- 
2.24.1



More information about the Skiboot mailing list