Issues with TPM2 instructions in step-ca/cryptographic-protection.mdx

[udf2457]

Smallstep CLI/0.28.7 (linux/amd64)
step-kms-plugin/0.15.1 (linux/amd64)

according to [step-ca/cryptographic-protection.mdx]

step kms create --json 'tpmkms:name=my-intermediate-ca' is supposed to be sufficient.

The reality appears to be somewhat different:

$ step kms create --json 'tpmkms:name=foobar.example.com'
Error: failed to create key: failed creating key: failed creating key "foobar.example.com": failed to get SRK handle: EvictControl failed: error code 0x4c : NV Index or persistent object already defined

The user executing the command is a member of the tss group and /dev/tpmrm0 is present with the correct permissions:

$ ls -la /dev/tpmrm0
crw-rw---- 1 tss tss 254, 65536