The purpose of tpm2_clear is for decommissioning so there is no way to recover.

You can call tpm2_clearcontrol to disable "owner-authorized" clearing, so that you cannot clear from OS anymore.
Then, the only way to clear the TPM is via BIOS which you can secure with a password.

That's as secure as it gets.
________________________________________
From: lester.corderio(a)ufomoviez.com [lester.corderio(a)ufomoviez.com]
Sent: Thursday, May 07, 2020 11:51
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2_clear

hi, i am complete newbie to TPM so please excuse me if my question is silly, i wanted to know if anyone uses tpm2_clear command is all the data and keys lost?? so what if a disgrunted employee takes access and clears the TPM how can we recover from this?
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s