The ESAPI specification is intended to make it simpler for developers to use the Roots of Trust provided by the TPM and build a command buffer manually. It explains how the interface is capable of providing all of the TPM’s functionality while reducing program complexity. By addressing a lot of the duties that have to be performed before talking to a TPM and taking the complexity out of manually building TPM command buffers, the new specification makes it easier for developers.
The simplified access to the TPM’s functionality allows manufacturers to implement the Roots of Trust, Storage and Reporting in a device in a secure manner, without requiring detailed knowledge of communication with the TPM itself.
Set directly above the System API, the interface enables applications to send commands to the TPM using a small number of function calls when using sessions. ESAPI also provides a cryptographic functionality for applications wishing to encrypt the data stream from TSS 2.0 to the TPM and provides an enhanced session management functionality on top of the base SAPI functionality.