Is tpm2 supported via the kms plugin in the step cli?

[FatalCatharsis]

I asked a couple of AI search tools about how to use step cli to generate a CSR using a child key from a tpm2 module, and it said it should be supported with syntax like such

step certificate create \
  --csr \
  --key "tpm:name=my-tpm-key;storage-directory=/path/to/my/tpm/keys" \
  "my-csr-subject" \
  my-csr.csr

but it just says the key file path tpm:name=my-tpm-key;storage-directory=/path/to/my/tpm/keys doesn't exist, even though my priv and pub blobs are definitely in the target location. after some googling, it looks like the AI just hallucinated this being real. I've found some blog posts and documentation indicating that tpm's can be used with custom builds of step ca, but I'm looking to use the step cli to do it. Is this something that should work as is, am I missing a configuration, is there an easier way to use my tpm key to make a csr, or should I give up and just get openssl to do it?

[hslatman]

Hey @FatalCatharsis, the URI scheme we use for TPM keys is tpmkms, so you'll need to do something like "tpmkms:name=my-tpm-key;storage-directory=/path/to/my/tpm/keys"