How to verify that a key is loaded on a TPM 2.0 device

**Situation:** I'm learning how to use some of the basic commands in the tpm2-tools software package because I have to develop some high-level test cases to verify a TPM is handling keys per customer requirements. The computer I'm using to demo test methods is a Dell 7510 laptop with a TPM 2.0 chip and Ubuntu 22.04 LTS. Since I'm entirely unfamiliar with this technology and how to use it, I'm starting by following the examples in the help documentation . For now, I'm focused on understanding the tpm2_load command and the example documented in its help page . (I wrote out the process in the next section.) What I don't understand is why the key generated as a result of the tpm2_load command (

.ctx

in my process section) is stored on the hard drive of my computer. Shouldn't it be stored on the TPM? And how can I inspect the memory of the TPM to manually verify that the key is loaded on it? **Process:** Below is the sequence of commands I executed, which seem to have successful: $ sudo tpm2_createprimary -c key_prim.ctx $ sudo tpm2_create -C key_prim.ctx -u key.pub -r key.priv $ sudo tpm2_load -C key_prim.ctx -u key.pub -r key.priv -c key_load.ctx I can encrypt/decrypt messages using these keys, and I can seemingly certify that

.ctx

is valid using

(by seemingly, I mean that I can execute the command and it doesn't return an error message). Everything appears to be working normally, but I'm still baffled by the fact that the key I supposedly loaded also exists on my hard drive.