Thanks guys, I'll try this but i also wanted to know if there is a way to know if the TPM still has the EK and AK keys loaded? I have the EK handle and AK handle (not made it persistent) but I want to make sure it's present as these are necessary for ActivateCredential to succeed
ESys_ActivateCredential complaining about secret parameter doesn't make sense to me, I tested on server side, ak_name is same as that sent and so is EK_PUB object as well as EK_Cert in nvram, I call the same external_makecredential call that's in the GitHub to create secret and made sure secret,credblob matches on the client side when received from server.
Thanks,
Rahul