TPM2 - Create a persistent primary key under Windows with Tbsip_Submit_Command

Playing with my TPM chip using Tbsip_Submit_Command I can see that Windows analyses the frames I'm sending to it.

To make this simple I'm using the shutdown command.

For instance I tried to send a TPM_CC_Shutdown with TPM_SU_CLEAR in argument. So the frame is => 80 01 00 00 00 0C 00 00 01 45 00 00

To make it more detailled and explained :

80 01         is TPM_ST_NO_SESSIONS
00 00 00 0C   size of the frame
00 00 01 45   TPM_CC_Shutdown
00 00         is TPM_SU_CLEAR

Windows responds to me => 80 01 00 00 00 0A 80 28 04 00
Again to make it more detailled:

80 01         is TPM_ST_NO_SESSIONS
00 00 00 0A   size of the command
80 28 04 00   error code 0x80280400 => TPM_E_COMMAND_BLOCKED

I found that error code here. So apparentlty Windows cuts me off and drops my command. I can understand it doesn't want the TPM to be powerred down, but I get the same result for a command where I want to create a primary key and save it inside the chip.

So I have a chip but if I want to use it directly I can't, I'm forced to use the Cryptography API: Next Generation but in my case I can't.

Anyone has anything to help me? May be I can directly communicate with the chip coding a driver and bypass Windows layers (If anyone has an idea on how to do this) ? Or may be it is possible to configure a value in registry to have windows let me do what I want with my TPM chip ?

As explained here commands are blocked or not depending on your configuration. It is possible to unlock commands, but I can't get it to work.