salrashid123
diff --git a/‎README.md
+11-3 b/‎README.md
+11-3
diff --git a/‎example/README.md
+21-11 b/‎example/README.md
+21-11
diff --git a/‎example/go.mod
+27-25 b/‎example/go.mod
+27-25
@@ -12,7 +12,9 @@ Use the signer to create a TLS session, sign CA/CSRs, generate signed url or jus
 Some implementations:
 
 - `kms/`:  Sample that implements `crypto.Signer` using Google Cloud KMS.
-- `tpm/`:  Sample that implements `crypto.Signer`  using `go-tpm` library for Trusted Platform Module    This internally uses [go-tpm-tools.client.GetSigner()](https://pkg.go.dev/github.com/google/go-tpm-tools/client#Key.GetSigner)
+- `tpm/`:  Sample that implements `crypto.Signer`  using `go-tpm` library for Trusted Platform Module.
+
+other stuff:
 
 - `util/certgen/`:  Library that generates a self-signed x509 certificate for the KMS and TPM based signers above
 - `util/csrgen/`:  Library that generates a CSR using the key in KMS or TPM 
@@ -80,7 +82,7 @@ If you just want to issue JWT's, see
 
   The TPM device is managed externally outside of the signer.  You have to instantiate the TPM device ReadWriteCloser and client.Key outside of the library and pass that in.
 
-  The advantage of this is you control it opening and closing.  You must close the key and closer before calling another signing operation.  
+  The advantage of this is you control it opening and closing.
 
   ```golang
 	rwc, err := OpenTPM(*tpmPath)
@@ -97,8 +99,14 @@ If you just want to issue JWT's, see
 			Name:   pub.Name,
 		},
 	})
-	// the tpm is opened and then closed after every sign operation
+
 	s, err := r.Sign(rand.Reader, digest, crypto.SHA256)
+
+	// close the TPM if you are done signing
+	rwc.Close()
+
+	// you need to reinitialize NewTPMCrypto if you 
+	// want to sign again after closing
   ```
 
 
 
@@ -134,28 +134,29 @@ type Session interface {
 }
 ```
 
-eg: 
+for example, for a PCR and [AuthPolicy](https://github.com/google/go-tpm/pull/359) enforcement (eg, a PCR and password), you can define a custom session callback
 
 ```golang
-// for pcr sessions
-type MyCustomSession struct {
-	rwr transport.TPM
-	sel []tpm2.TPMSPCRSelection
+type MyPCRAndPolicyAuthValueSession struct {
+	rwr      transport.TPM
+	sel      []tpm2.TPMSPCRSelection
+	password []byte
 }
 
-func NewMyCustomSession(rwr transport.TPM, sel []tpm2.TPMSPCRSelection) (MyCustomSession, error) {
-	return MyCustomSession{rwr, sel}, nil
+func NewPCRAndPolicyAuthValueSession(rwr transport.TPM, sel []tpm2.TPMSPCRSelection, password []byte) (MyPCRAndPolicyAuthValueSession, error) {
+	return MyPCRAndPolicyAuthValueSession{rwr, sel, password}, nil
 }
 
-func (p MyCustomSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
+func (p MyPCRAndPolicyAuthValueSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
 
-	sess, closer, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16)
+	var options []tpm2.AuthOption
+	options = append(options, tpm2.Auth(p.password))
+
+	sess, closer, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16, options...)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	// implement whatever you want here, i'm just using policypcr
-
 	_, err = tpm2.PolicyPCR{
 		PolicySession: sess.Handle(),
 		Pcrs: tpm2.TPMLPCRSelection{
@@ -165,8 +166,17 @@ func (p MyCustomSession) GetSession() (auth tpm2.Session, closer func() error, e
 	if err != nil {
 		return nil, nil, err
 	}
+
+	_, err = tpm2.PolicyAuthValue{
+		PolicySession: sess.Handle(),
+	}.Execute(p.rwr)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	return sess, closer, nil
 }
+
 ```
 ---
 
@@ -5,45 +5,47 @@ go 1.22
 toolchain go1.22.2
 
 require (
-	github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003
+	github.com/google/go-tpm v0.9.1
 	github.com/google/go-tpm-tools v0.4.4
 	github.com/salrashid123/signer/kms v0.0.0
 	github.com/salrashid123/signer/tpm v0.0.0
 )
 
 require (
-	cloud.google.com/go/compute v1.25.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.7 // indirect
-	cloud.google.com/go/kms v1.15.8 // indirect
+	cloud.google.com/go v0.114.0 // indirect
+	cloud.google.com/go/auth v0.5.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/iam v1.1.8 // indirect
+	cloud.google.com/go/kms v1.17.1 // indirect
+	cloud.google.com/go/longrunning v0.5.7 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.4 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/oauth2 v0.18.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
+	go.opentelemetry.io/otel v1.27.0 // indirect
+	go.opentelemetry.io/otel/metric v1.27.0 // indirect
+	go.opentelemetry.io/otel/trace v1.27.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/api v0.172.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240401170217-c3f982113cda // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
-	google.golang.org/grpc v1.63.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/api v0.183.0 // indirect
+	google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/grpc v1.64.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 )
 
 replace (