diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
index 076760d0b..1828a44de 100644
--- a/src/tss2-esys/api/Esys_StartAuthSession.c
+++ b/src/tss2-esys/api/Esys_StartAuthSession.c
@@ -469,9 +469,20 @@ Esys_StartAuthSession_Finish(
                 LOG_ERROR("Out of memory.");
                 return TSS2_ESYS_RC_MEMORY;
             }
-            if  (bind != ESYS_TR_NONE && bindNode != NULL
-                 && bindNode->auth.size > 0)
-                memcpy(&secret[0], &bindNode->auth.buffer[0], bindNode->auth.size);
+
+            if  (bind != ESYS_TR_NONE && bindNode != NULL) {
+                /*
+                 * TPM2.0 Architecture 19.6.5 Note 2
+                 *
+                 * Remove tailing zeroes from the auth value
+                 */
+                while ((bindNode->auth.size > 0) &&
+                       (bindNode->auth.buffer[bindNode->auth.size - 1] == 0x00))
+                    bindNode->auth.size--;
+
+                if (bindNode->auth.size > 0)
+                    memcpy(&secret[0], &bindNode->auth.buffer[0], bindNode->auth.size);
+            }
             if (tpmKey != ESYS_TR_NONE)
                 memcpy(&secret[(bind == ESYS_TR_NONE || bindNode == NULL) ? 0
                                : bindNode->auth.size],