Now that I can actually clean up tpm2sh as I reached "zero known relevant bugs" state couple of days ago, some cool features will spun from that.
E.g., most of the time you don't have to specify parent key, the tool will discover it for you.
I'll also implement virtual persistent handles by retaining in cache TPMKey ASN.1 file in addition to context and that enables to implement fake evict operation to 0x81-range.
And already now management of TPM2 sessions is mostly transparent like it should be, and implicitly created HMAC sessions will gain parameter encryption soon.
In pre-existing TPM2 stacks (e.g., tpm2-tool) having sessions exposed out naked to the user is like having a TLS stack where you would need manually implement session key exchange dance. It's just plain fucking wrong imho :-)
#tpm2sh