Hi Phani, • Does FAPI_createKey support symmetric key creation No it does not. Reason is that most TPMs do not support it. • Is there any Template for the crypto profile used in FAPI I don't know what you mean by this? By default, our implementation comes with two example profiles. RSA2kSHA256 and ECCP256SHA256 to be chosen in fapi-config file. • How to specify the Unique value in the profile while creating the SRK This is currently not forseen. Is this really necessary ? We're currently using the most-used template. • Can multiple profiles be used in FAPI and provisioned individually Yes, you can provision multiple profiles by changing the profile in the config and calling provision again. Just make sure that the persistent handles for the SRKs do not collide (inside the profile). Then you can always access all provisioned profiles. Hope this helps, Andreas

For the EK, we follow the Credential Profile (which includes the Unique value of 64/256 Zeros. We need to do so, because of the EK Cert. For the SRK we deviate, because most SRKs have a Unique value of 0 length; which is different from the Provisioning Guidance. That choice was made based on SRKs "in the wild" for which none set the Unique value (pkcs11 and both openssl-engines). Also should not matter too much, because you can retrieve the exact SRK that was used for the primary from the FAPI API or the SRK is even persistent.