Hi there, I was using your go-attestation package in our project to create EC keys with the TPM. I stumbled over these lines in file attest/wrapped_tpm20.go :

[...]
			tmpl.ECCParameters.Point = tpm2.ECPoint{
				XRaw: make([]byte, 65),
				YRaw: make([]byte, 65),
			}
[...]

From my understanding, a key on the Nist P521 elliptic curve has - as the name suggests - 521 bits (see here), which translates to 65 bytes and one bit. I've heard of implementations omitting the 66th byte (which contains the remaining bit and 7 bits of padding) in case this bit turns out to be 0, however, this is not the case in roughly 50% of the time. So I was wondering how this code is creating these keys, exactly, and how it works if the 521st bit is 1? Is it simply omitted in all cases? Does the command even go through? I am unable to test it myself right now, unfortunately.