In general, we don’t prevent things unless there is a good reason for that. Put another way, we try to allow anything that doesn’t cause a security problem.
During an e-mail exchange about context management
TPMs, for all their tremendous capability, are very limited in their memory, largely to reduce cost. This means objects, sessions, and sequences must be swapped in and out of the TPM as needed, much like a virtual memory manager swaps memory pages to and from disk drives. In both cases, the calling application thinks it has access to many more objects and sessions (in the TPM case) or much more ...