TCG documentation for TPM 2.0 defines weak key rejection for DES and AES in the [section 11.4.10.4](https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82). I understand why the check exists for DES, but AFAIK AES does not have a similar cryptographic vulnerability. So what is rationale behind the check? Is it just defense in depth to reject badly generated keys (e.g. if KDF implementation has failed for some reason)?