[timmattison]

In this case it was a Zymbit Zymkey 4i which contains a secure element with a bunch of additional functionality (tamper detection, etc) and works with a Raspberry Pi. Now I’m wondering how easily it could be adapted for use on a laptop with a TPM…

[psanford]

If you are looking for some references besides my linked code, this comment[0] on the tpm2-tools repo will probably be useful. FWIW, I've moved my workflow over to having long lived aws keys protected by my TPM and then I generate session credentials from that for normal aws cli usage.

[0]: https://github.com/tpm2-software/tpm2-tools/issues/1597#issu...