"error code 0x1f : integrity check failed" while loading an AK created with the ECC ParentKeyConfig.

[immutableT]

I am getting error code 0x1f : integrity check failed while loading an AK which was created with an ECC ParentKeyConfig.

To reproduce:

func TestECCIssue(t *testing.T) {
	keyID := "agent-svid-A"
	keyFile := filepath.Join(t.TempDir(), keyID)

	tpm, err := attest.OpenTPM(
		&attest.OpenConfig{
			TPMVersion: attest.TPMVersion20,
		})
	require.NoError(t, err)
	defer tpm.Close()

	akECCConfig = &attest.AKConfig{
		Parent: &attest.ParentKeyConfig{
			Algorithm: attest.ECDSA,
			Handle:    0x81010002,
		},
	}

	// When passing nil (which implies RSA) the test passes.
	// ak, err := tpm.NewAK(nil)
	ak, err := tpm.NewAK(akECCConfig)
	require.NoError(t, err)
	handleBytes, err := ak.Marshal()
	require.NoError(t, err)
	err = os.WriteFile(keyFile, handleBytes, 0600)
	require.NoError(t, err)

	bytes, err := os.ReadFile(keyFile)
	require.NoError(t, err)

	_, err = tpm.LoadAK(bytes)
	require.NoError(t, err)
}

cannot load attestation key: Load() failed: parameter 1, error code 0x1f : integrity check failed

TPM Info: OPTIGA TPM SLB 9670

tpm2_getcap properties-fixed
TPM2_PT_FAMILY_INDICATOR:
  raw: 0x322E3000
  value: "2.0"
TPM2_PT_LEVEL:
  raw: 0
TPM2_PT_REVISION:
  value: 1.38
TPM2_PT_DAY_OF_YEAR:
  raw: 0x8
TPM2_PT_YEAR:
  raw: 0x7E2
TPM2_PT_MANUFACTURER:
  raw: 0x49465800
  value: "IFX"
TPM2_PT_VENDOR_STRING_1:
  raw: 0x534C4239
  value: "SLB9"
TPM2_PT_VENDOR_STRING_2:
  raw: 0x36373000
  value: "670"
TPM2_PT_VENDOR_STRING_3:
  raw: 0x0
  value: ""
TPM2_PT_VENDOR_STRING_4:
  raw: 0x0
  value: ""
TPM2_PT_VENDOR_TPM_TYPE:
  raw: 0x0
TPM2_PT_FIRMWARE_VERSION_1:
  raw: 0x70055
TPM2_PT_FIRMWARE_VERSION_2:
  raw: 0x11D700
TPM2_PT_INPUT_BUFFER:
  raw: 0x400
TPM2_PT_HR_TRANSIENT_MIN:
  raw: 0x4
TPM2_PT_HR_PERSISTENT_MIN:
  raw: 0x7
TPM2_PT_HR_LOADED_MIN:
  raw: 0x3
TPM2_PT_ACTIVE_SESSIONS_MAX:
  raw: 0x40
TPM2_PT_PCR_COUNT:
  raw: 0x18
TPM2_PT_PCR_SELECT_MIN:
  raw: 0x3
TPM2_PT_CONTEXT_GAP_MAX:
  raw: 0xFFFF
TPM2_PT_NV_COUNTERS_MAX:
  raw: 0x8
TPM2_PT_NV_INDEX_MAX:
  raw: 0x800
TPM2_PT_MEMORY:
  raw: 0x6
TPM2_PT_CLOCK_UPDATE:
  raw: 0x4000
TPM2_PT_CONTEXT_HASH:
  raw: 0xB
TPM2_PT_CONTEXT_SYM:
  raw: 0x6
TPM2_PT_CONTEXT_SYM_SIZE:
  raw: 0x80
TPM2_PT_ORDERLY_COUNT:
  raw: 0xFF
TPM2_PT_MAX_COMMAND_SIZE:
  raw: 0x58C
TPM2_PT_MAX_RESPONSE_SIZE:
  raw: 0x58C
TPM2_PT_MAX_DIGEST:
  raw: 0x20
TPM2_PT_MAX_OBJECT_CONTEXT:
  raw: 0x38F
TPM2_PT_MAX_SESSION_CONTEXT:
  raw: 0x1EE
TPM2_PT_PS_FAMILY_INDICATOR:
  raw: 0x1
TPM2_PT_PS_LEVEL:
  raw: 0x0
TPM2_PT_PS_REVISION:
  raw: 0x103
TPM2_PT_PS_DAY_OF_YEAR:
  raw: 0x0
TPM2_PT_PS_YEAR:
  raw: 0x0
TPM2_PT_SPLIT_MAX:
  raw: 0x80
TPM2_PT_TOTAL_COMMANDS:
  raw: 0x61
TPM2_PT_LIBRARY_COMMANDS:
  raw: 0x60
TPM2_PT_VENDOR_COMMANDS:
  raw: 0x1
TPM2_PT_NV_BUFFER_MAX:
  raw: 0x300
TPM2_PT_MODES:
  raw: 0x1
  value: TPMA_MODES_FIPS_140_2

[zhsh]

Could you try tpm.LoadAKWithParent() instead of tpm.LoadAK()?