Create ECC keypair in NVM within Hyper-V with TSS.NET

[RussellGantman]

Hello.
I am wanting to create a ECC signing key and save it in the NVRAM area: Primary key index at 0x800001
I am attempting to do this in a Gen-2 Hyper-V system with a TPM.
I looked at the device manager and it indicates a TPM 2.0 is present and working

When I attempt to create the key with "CreatePrimary" I get the following error
Return Code: 134217730 TpmUtility.MfgException: Tpm2Lib.TpmException: Error {Hierarchy} was returned for command CreatePrimary. Details: [Code=TpmRc.Hierarchy],[RawCode=0x85,133] [ErrorEntity=Handle], [ParmNum=0] [[ParmName=Unknown]] at Tpm2Lib.Tpm2.ProcessError(TpmSt responseTag, UInt32 responseParamSize, TpmRc resultCode, TpmStructureBase inParms) at Tpm2Lib.Tpm2.DispatchMethod(TpmCc ordinal, TpmStructureBase inParms, Type expectedResponseType, TpmStructureBase& outParms, Int32 numInHandlesNotUsed, Int32 numOutHandlesNotUsed) at Tpm2Lib.Tpm2.CreatePrimary(TpmHandle primaryHandle, SensitiveCreate inSensitive, TpmPublic inPublic, Byte[] outsideInfo, PcrSelection[] creationPCR, TpmPublic& outPublic, CreationData& creationData, Byte[]& creationHash, TkCreation& creationTicket)

Here is the code I use to create the key:
`private TpmHandle CreatePlatformPrimaryKey(Tpm2 tpm, byte[] parentKeyAuth)
{
EccParms eccParams = new EccParms(new SymDefObject(TpmAlgId.Aes, 128, TpmAlgId.Cfb), new NullAsymScheme(), EccCurve.TpmEccNistP256, null);

        TpmPublic keyTemplate = new TpmPublic(
            TpmAlgId.Sha256,
            ObjectAttr.Restricted |
            ObjectAttr.Decrypt |
            ObjectAttr.FixedParent | ObjectAttr.FixedTPM |
            ObjectAttr.UserWithAuth | ObjectAttr.SensitiveDataOrigin,
            null,
            eccParams,
            new EccPoint()
            );

        TpmPublic keyPublic;
        CreationData creationData;
        TkCreation creationTicket;
        byte[] creationHash;

        // TPM2_StartAuthSession

        AuthSession s1 = tpm.StartAuthSessionEx(TpmSe.Hmac, TpmAlgId.Sha256,
                                SessionAttr.ContinueSession);

        // TPM2_CreatePrimary

        TpmHandle keyHandle = tpm[s1].CreatePrimary(
            TpmRh.Platform,                            // In the owner-hierarchy
            new SensitiveCreate(parentKeyAuth, null),     // With this auth-value
            keyTemplate,                            // Describes key
            null,                                   // Extra data for creation ticket
            new PcrSelection[0],                    // Non-PCR-bound
            out keyPublic,                          // PubKey and attributes
            out creationData, out creationHash, out creationTicket);    // Not used here

        return keyHandle;
    }`

When I run this on the TPM on my host system it works perfectly.
I figure I need to make a change to run within Hyper-V

Thanks for any assistance
Russell

--
It is our choices, that show what we truly are, far more than our abilities.

• JK Rowling