Dear TPM 2.0 Mailing List Community, I am currently facing an issue while attempting to utilize the TPM2 Encrypt/Decrypt functionality in conjunction with the TSS API integration. I have followed the steps outlined in the TPM2 Encrypt/Decrypt man page (https://tpm2-tools.readthedocs.io/en/latest/man/tpm2_encryptdecrypt.1/) to create primary and key contexts successfully. However, when I attempt to use the encrypt/decrypt functionality, I encounter the following errors: # tpm2_encryptdecrypt -c key.ctx -o secret.enc secret.dat WARN: Using a weak IV, try specifying an IV WARNING:esys:src/tss2-esys/api/Esys_EncryptDecrypt2.c:322:Esys_EncryptDecrypt2_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_EncryptDecrypt2.c:107:Esys_EncryptDecrypt2() Esys Finish ErrorCode (0x000b0143) WARNING:esys:src/tss2-esys/api/Esys_EncryptDecrypt.c:328:Esys_EncryptDecrypt_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_EncryptDecrypt.c:110:Esys_EncryptDecrypt() Esys Finish ErrorCode (0x000002c9) ERROR: Esys_EncryptDecrypt(0x2C9) - tpm:parameter(2):mode of operation not supported ERROR: Unable to run tpm2_encryptdecrypt Further investigation led me to the discovery that the TPM I am using does not support the TPM2_CC_Encryptdecrypt2 command, as confirmed by the output of # tpm2_getcap commands | grep -i Encryptdecrypt TPM2_CC_EncryptDecrypt: In an attempt to resolve this issue, I decided to explore utilizing the TSS API instead. However, I encountered a new error when attempting to create a primary context using the tsscreateprimary command: # tsscreateprimary -hi p -st -opu primary.pub TSS_Socket_Open: Error on connect to localhost:2321 TSS_Socket_Open: client connect: error 111 Connection refused createprimary: failed, rc 000b0008 TSS_RC_NO_CONNECTION - Failure connecting to lower layer For additional context, my system configuration is as follows: Kernel version: 6.6.8-g19a0c7318c79 Installed packages: tpm2-tools, tpm2-abrmd, tss2 Discrete TPM in use: ATTPM20P by Microchip I would greatly appreciate any insights, suggestions, or guidance on how to address this issue. Additionally, if there are alternative approaches or best practices for achieving the desired TPM functionality in my environment, I would be eager to learn about them. Thank you in advance for your time and assistance. Samuel Lee