TkVerified SignApproval(Tpm2 tpm, byte[] approvedPolicy, byte[] policyRef,
TpmHandle hSigKey, ISigSchemeUnion scheme = null)
{
byte[] name, qname;
TpmPublic pub = tpm.ReadPublic(hSigKey, out name, out qname);
byte[] dataToSign = Globs.Concatenate(approvedPolicy, policyRef);
byte[] aHash = CryptoLib.HashData(pub.nameAlg, dataToSign);
// Create an authorization certificate for the "approvedPolicy"
var sig = tpm.Sign(hSigKey, aHash, scheme, new TkHashcheck());
return(tpm.VerifySignature(hSigKey, aHash, sig));
}