This flag controls whether the TPM should check use of the public key portion of the key in APIs like TPM_CertifyKey TPM_CertifyKey2 and TPM_GetPubKey. By default the flag should be 1, since users will not be expecting for instance that their PCR composite is checked on a key being certified.
Right now trousers leaves this bit as 0 in the keyFlags and therefore these checks are enabled.
Fixed and posted at:
https://github.com/srajiv/trousers/commit/fada4664eb0e1241d8ddfa0cea67e7dfd1a94ef7