From 0e7a2b19a5a1d7dc81a0db1a5c780467c60db6e6 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Thu, 13 Nov 2025 20:33:52 -0500
Subject: [PATCH 1/3] bug: mark some unused things as allowed, and comment them
 out

---
 .../tpm_commands/object_commands/create_command_output.rs      | 3 ++-
 tss-esapi/src/lib.rs                                           | 1 +
 tss-esapi/src/traits.rs                                        | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tss-esapi/src/context/tpm_commands/object_commands/create_command_output.rs b/tss-esapi/src/context/tpm_commands/object_commands/create_command_output.rs
index b36b649d3..1874d704f 100644
--- a/tss-esapi/src/context/tpm_commands/object_commands/create_command_output.rs
+++ b/tss-esapi/src/context/tpm_commands/object_commands/create_command_output.rs
@@ -82,7 +82,8 @@ impl TryFrom<CreateCommandOutputHandler> for CreateKeyResult {
 
         let creation_ticket_owned =
             unsafe { take_from_esys(ffi_data_handler.ffi_creation_ticket_ptr)? };
-        ffi_data_handler.ffi_creation_ticket_ptr = null_mut();
+        //#[allow(unused_assignments)]
+        //ffi_data_handler.ffi_creation_ticket_ptr = null_mut();
 
         Ok(CreateKeyResult {
             out_private: Private::try_from(out_private_owned)?,
diff --git a/tss-esapi/src/lib.rs b/tss-esapi/src/lib.rs
index 1fe9fea3c..41f81386d 100644
--- a/tss-esapi/src/lib.rs
+++ b/tss-esapi/src/lib.rs
@@ -29,6 +29,7 @@
     missing_copy_implementations,
     rustdoc::broken_intra_doc_links,
 )]
+#![feature(stmt_expr_attributes)]
 
 //! # TSS 2.0 Rust Wrapper over Enhanced System API
 //! This crate exposes the functionality of the TCG Software Stack Enhanced System API to
diff --git a/tss-esapi/src/traits.rs b/tss-esapi/src/traits.rs
index 0d8febae8..21568e346 100644
--- a/tss-esapi/src/traits.rs
+++ b/tss-esapi/src/traits.rs
@@ -179,6 +179,7 @@ macro_rules! impl_mu_complex {
 
 // Make the macros usable outside of the module.
 pub(crate) use impl_marshall_trait;
+#[allow(unused_imports)]
 pub(crate) use impl_mu_aliases;
 pub(crate) use impl_mu_complex;
 pub(crate) use impl_mu_simple;

From bdd2e39aae685763a13f7d8574fc05b69eeabe6d Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Fri, 30 May 2025 21:56:32 +0000
Subject: [PATCH 2/3] feat: ignore fake/nonsense prerelease info from tss
 version, the rest of the version still has to match

---
 tss-esapi/build.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tss-esapi/build.rs b/tss-esapi/build.rs
index 39c3a0a18..fd3c220d4 100644
--- a/tss-esapi/build.rs
+++ b/tss-esapi/build.rs
@@ -1,6 +1,6 @@
 // Copyright 2021 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
-use semver::{Version, VersionReq};
+use semver::{Version, VersionReq, Prerelease};
 
 const TPM2_TSS_MINIMUM_VERSION: Version = Version::new(4, 1, 3);
 
@@ -13,7 +13,7 @@ fn main() {
 
     // If documentation for Docs.rs is being built then the version is set
     // to the minimum supported tpm2-tss version.
-    let tss_version = if std::env::var("DOCS_RS").is_ok() {
+    let mut tss_version = if std::env::var("DOCS_RS").is_ok() {
         TPM2_TSS_MINIMUM_VERSION
     } else {
         let tss_version_string = std::env::var("DEP_TSS2_ESYS_VERSION")
@@ -23,9 +23,14 @@ fn main() {
             .expect("Failed to parse the DEP_TSS2_ESYS_VERSION variable as a semver version")
     };
 
+    // nuke any prerelease info, which probably is just a git repo/dirty flag
+    // like: 4.0.1-67-gb7bad346
+    tss_version.pre = Prerelease::EMPTY;
+
     let supported_tss_version =
         VersionReq::parse("<5.0.0, >=2.3.3").expect("Failed to parse supported TSS version");
 
+    //eprintln!("tss version: {} / {:?}", supported_tss_version, tss_version);
     assert!(
         supported_tss_version.matches(&tss_version),
         "Unsupported TSS version {tss_version}"

From 556bf724ac9a4a8c95d859f341603453134f5331 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Wed, 17 Dec 2025 23:03:47 -0500
Subject: [PATCH 3/3] wip: this patches property_tag.rs so that new TPM2_PT_
 values that come from a TPM do not Err out This gets certify.rs some steps
 further: it then runs into an authorization error

---
 tss-esapi/src/abstraction/nv.rs         |  4 ++--
 tss-esapi/src/constants/mod.rs          |  2 +-
 tss-esapi/src/constants/property_tag.rs | 25 +++++++++++++++++--------
 tss-esapi/src/utils/mod.rs              | 10 +++++-----
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/tss-esapi/src/abstraction/nv.rs b/tss-esapi/src/abstraction/nv.rs
index 76646fc72..060e2a24d 100644
--- a/tss-esapi/src/abstraction/nv.rs
+++ b/tss-esapi/src/abstraction/nv.rs
@@ -7,7 +7,7 @@ use std::{
 };
 
 use crate::{
-    constants::{tss::*, CapabilityType, PropertyTag},
+    constants::{tss::*, CapabilityType, PropertyTag, PrimitivePropertyTag},
     handles::{AuthHandle, NvIndexHandle, NvIndexTpmHandle, TpmHandle},
     interface_types::reserved_handles::NvAuth,
     structures::{CapabilityData, MaxNvBuffer, Name, NvPublic},
@@ -155,7 +155,7 @@ impl NvOpenOptions {
 /// Get the maximum buffer size for an NV space.
 pub fn max_nv_buffer_size(ctx: &mut Context) -> Result<usize> {
     Ok(ctx
-        .get_tpm_property(PropertyTag::NvBufferMax)?
+        .get_tpm_property(PropertyTag::PrimitivePropertyTag(PrimitivePropertyTag::NvBufferMax))?
         .map(usize::try_from)
         .transpose()
         .map_err(|_| {
diff --git a/tss-esapi/src/constants/mod.rs b/tss-esapi/src/constants/mod.rs
index f1ada1a78..299fb7096 100644
--- a/tss-esapi/src/constants/mod.rs
+++ b/tss-esapi/src/constants/mod.rs
@@ -64,7 +64,7 @@ pub use command_code::CommandCode;
 pub use ecc::EccCurveIdentifier;
 pub use nv_index_type::NvIndexType;
 pub use pcr_property_tag::PcrPropertyTag;
-pub use property_tag::PropertyTag;
+pub use property_tag::{PropertyTag,PrimitivePropertyTag};
 pub use return_code::{
     BaseError, ReturnCodeLayer, TpmFormatOneError, TpmFormatZeroError, TpmFormatZeroWarning,
 };
diff --git a/tss-esapi/src/constants/property_tag.rs b/tss-esapi/src/constants/property_tag.rs
index ec8eca1da..1321b9afa 100644
--- a/tss-esapi/src/constants/property_tag.rs
+++ b/tss-esapi/src/constants/property_tag.rs
@@ -1,14 +1,13 @@
 // Copyright 2020 Contributors to the Parsec project.
 // SPDX-License-Identifier: Apache-2.0
-use crate::{constants::tss::*, tss2_esys::TPM2_PT, Error, Result, WrapperErrorKind};
-use log::error;
+use crate::{constants::tss::*, tss2_esys::TPM2_PT, Error, Result};
 use num_derive::{FromPrimitive, ToPrimitive};
 use num_traits::{FromPrimitive, ToPrimitive};
 use std::convert::TryFrom;
 
 #[derive(FromPrimitive, ToPrimitive, Debug, Clone, Copy, PartialEq, Eq, Hash)]
 #[repr(u32)]
-pub enum PropertyTag {
+pub enum PrimitivePropertyTag {
     None = TPM2_PT_NONE,
     // Fixed
     FamilyIndicator = TPM2_PT_FAMILY_INDICATOR,
@@ -81,19 +80,29 @@ pub enum PropertyTag {
     AuditCounter1 = TPM2_PT_AUDIT_COUNTER_1,
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+pub enum PropertyTag {
+    PrimitivePropertyTag(PrimitivePropertyTag),
+    Other(u32),
+}
+
+
 impl From<PropertyTag> for TPM2_PT {
     fn from(property_tag: PropertyTag) -> TPM2_PT {
         // The values are well defined so this cannot fail.
-        property_tag.to_u32().unwrap()
+        match property_tag {
+            PropertyTag::PrimitivePropertyTag(base) => { base.to_u32().unwrap() },
+            PropertyTag::Other(value) => { value },
+        }
     }
 }
 
 impl TryFrom<TPM2_PT> for PropertyTag {
     type Error = Error;
     fn try_from(tpm_pt: TPM2_PT) -> Result<PropertyTag> {
-        PropertyTag::from_u32(tpm_pt).ok_or_else(|| {
-            error!("value = {} did not match any PropertyTag.", tpm_pt);
-            Error::local_error(WrapperErrorKind::InvalidParam)
-        })
+        match PrimitivePropertyTag::from_u32(tpm_pt) {
+            Some(x) => { Ok(PropertyTag::PrimitivePropertyTag(x)) },
+            None    => { Ok(PropertyTag::Other(tpm_pt)) },
+        }
     }
 }
diff --git a/tss-esapi/src/utils/mod.rs b/tss-esapi/src/utils/mod.rs
index 3bce90967..854a61154 100644
--- a/tss-esapi/src/utils/mod.rs
+++ b/tss-esapi/src/utils/mod.rs
@@ -9,7 +9,7 @@
 //! type name. Unions are converted to Rust `enum`s by dropping the `TPMU` qualifier and appending
 //! `Union`.
 use crate::attributes::ObjectAttributesBuilder;
-use crate::constants::PropertyTag;
+use crate::constants::{PropertyTag,PrimitivePropertyTag};
 use crate::interface_types::{
     algorithm::{HashingAlgorithm, PublicAlgorithm},
     ecc::EccCurve,
@@ -248,10 +248,10 @@ fn tpm_int_to_string(num: u32) -> String {
 pub fn get_tpm_vendor(context: &mut Context) -> Result<String> {
     // Retrieve the TPM property values
     Ok([
-        PropertyTag::VendorString1,
-        PropertyTag::VendorString2,
-        PropertyTag::VendorString3,
-        PropertyTag::VendorString4,
+        PropertyTag::PrimitivePropertyTag(PrimitivePropertyTag::VendorString1),
+        PropertyTag::PrimitivePropertyTag(PrimitivePropertyTag::VendorString2),
+        PropertyTag::PrimitivePropertyTag(PrimitivePropertyTag::VendorString3),
+        PropertyTag::PrimitivePropertyTag(PrimitivePropertyTag::VendorString4),
     ]
     .iter()
     // Retrieve property values