I am trying to use the functions in Tpm2CommandLib to write data to TPM2 in EDK2. I have defined the index that I am going to write data to, using the DefineSpace function. I also did write the data to NVM but what I am curious is that if it is possible to encrypt data in TPM.
First I have done some research and found out that it isn't possible but in TPMA_SESSION structure there is encypt parameter. Does it mean that I can do encrypt data?
The TPMA_SESSION flags permit encryption on the connection (e.g. SPI bus) between the host and the TPM. They do not affect how the data is stored in TPM NV.
While you could encrypt the data before sending it to the TPM, applications generally trust the TPM to protect its NV.