As reported by Dave Challener:
Based on the spec, Tspi_Context_GetKeyByUUID should be used to query for an ownerevict key in the TPM. That API calls TCS, who checks disk, then needs to check its list of ownerevict uuids based on the loaded keys it should have seen at tcsd startup time. The issue is in the case that the ownerevict key requires auth -- the tcsd can't get its public key out of the TPM by itself. It could return just a handle back to Tspi, but that looks like its going to force a bunch of changes to tspi - tcs would return a handle with absolutely no info on what that handle's key's properties are. Right now, the trousers tspi layer can't handle that case without a lot of updates.