AMD Zen2 fTPM TPM_RC_SIZE error

[mhorst00]

When trying to use an ECDSA key generated with ssh-tpm-agent, I get the following error:

Oct 09 12:50:56 desktop systemd[2618]: Started ssh-tpm-agent service.
Oct 09 12:50:56 desktop ssh-tpm-agent[33140]: time=2025-10-09T12:50:56.217+02:00 level=INFO msg="Activated agent by socket"
Oct 09 12:50:57 desktop ssh-tpm-agent[33140]: time=2025-10-09T12:50:57.000+02:00 level=INFO msg="agent 13: failed to sign: TPM_RC_SIZE (parameter 1): structure is the wrong size"
Oct 09 12:50:57 desktop ssh-tpm-agent[33140]: time=2025-10-09T12:50:57.056+02:00 level=INFO msg="agent 13: agent: failed to sign challenge"

This on a AMD 3700X system using the integrated fTPM of that platform. On a notebook with a more recent hardware TPM and Microsoft Pluton TPM, everything works fine with the current build of ssh-tpm-agent.

I searched a bit on what could cause it and found this: tpm2-software/tpm2-tss#2601
It seems the size has to be limited depending on the platform the binary is running on as some TPM implementations can handle much larger data sizes than others.

Is this something that is fixable in ssh-tpm-agent?

I am happy to provide more logs or testing if required.

[Foxboron]

It might be a bug in the go-tpm library? It's a bit hard to debug without the appropriate hardware honestly. So would probably need to instrument a binary with some logs inside the library to figure out the issue.