diff --git a/src/tss2-fapi/api/Fapi_ChangeAuth.c b/src/tss2-fapi/api/Fapi_ChangeAuth.c
index 253b81fbf..479e1e544 100644
--- a/src/tss2-fapi/api/Fapi_ChangeAuth.c
+++ b/src/tss2-fapi/api/Fapi_ChangeAuth.c
@@ -419,10 +419,19 @@ Fapi_ChangeAuth_Finish(
                empty authorization or an actual password. */
             object = command->key_object;
 
-            if (strlen(command->authValue) > 0)
+            if (strlen(command->authValue) > 0) {
+                if (object->misc.key.with_auth == TPM2_YES) {
+                     context->state = ENTITY_CHANGE_AUTH_CLEANUP;
+                     return TSS2_FAPI_RC_TRY_AGAIN;
+                }
                 object->misc.key.with_auth = TPM2_YES;
-            else
+            } else {
+                if (object->misc.key.with_auth == TPM2_NO) {
+                     context->state = ENTITY_CHANGE_AUTH_CLEANUP;
+                     return TSS2_FAPI_RC_TRY_AGAIN;
+                }
                 object->misc.key.with_auth = TPM2_NO;
+            }
             fallthrough;
 
         statecase(context->state, ENTITY_CHANGE_AUTH_WRITE_PREPARE)
@@ -502,10 +511,19 @@ Fapi_ChangeAuth_Finish(
 
             /* Update the information about whether the new Auth is an empty
                authorization or an actual password. */
-            if (strlen(command->authValue) > 0)
+            if (strlen(command->authValue) > 0) {
+                if (object->misc.key.with_auth == TPM2_YES) {
+                     context->state = ENTITY_CHANGE_AUTH_CLEANUP;
+                     return TSS2_FAPI_RC_TRY_AGAIN;
+                }
                 object->misc.nv.with_auth = TPM2_YES;
-            else
+            } else {
+                if (object->misc.key.with_auth == TPM2_NO) {
+                     context->state = ENTITY_CHANGE_AUTH_CLEANUP;
+                     return TSS2_FAPI_RC_TRY_AGAIN;
+                }
                 object->misc.nv.with_auth = TPM2_NO;
+            }
 
             /* Jump over to the AUTH_WRITE_PREPARE state for storing the
                new metadata to the keystore. */
diff --git a/src/tss2-fapi/api/Fapi_NvWrite.c b/src/tss2-fapi/api/Fapi_NvWrite.c
index 77236428e..6f5bf9491 100644
--- a/src/tss2-fapi/api/Fapi_NvWrite.c
+++ b/src/tss2-fapi/api/Fapi_NvWrite.c
@@ -256,10 +256,6 @@ Fapi_NvWrite_Finish(
 
     switch (context->state) {
     statecase(context->state, NV_WRITE_READ);
-        /* First check whether the file in object store can be updated. */
-        r = ifapi_keystore_check_writeable(&context->keystore, command->nvPath);
-        goto_if_error_reset_state(r, "Check whether update object store is possible.", error_cleanup);
-
         /* Write to the NV index. */
         r = ifapi_nv_write(context, command->nvPath, command->offset,
                            command->data, command->numBytes);
@@ -267,26 +263,6 @@ Fapi_NvWrite_Finish(
         return_try_again(r);
         goto_if_error_reset_state(r, " FAPI NV Write", error_cleanup);
 
-
-        /* Perform esys serialization if necessary */
-        r = ifapi_esys_serialize_object(context->esys, &command->nv_object);
-        goto_if_error(r, "Prepare serialization", error_cleanup);
-
-        /* Start writing the NV object to the key store */
-        r = ifapi_keystore_store_async(&context->keystore, &context->io,
-                                       command->nvPath,
-                                       &command->nv_object);
-        goto_if_error_reset_state(r, "Could not open: %sh", error_cleanup,
-                                  command->nvPath);
-
-        fallthrough;
-
-    statecase(context->state, NV_WRITE_WRITE);
-        /* Finish writing the NV object to the key store */
-        r = ifapi_keystore_store_finish(&context->io);
-        return_try_again(r);
-        return_if_error_reset_state(r, "write_finish failed");
-
         fallthrough;
 
     statecase(context->state, NV_WRITE_CLEANUP)
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index 30161a674..96e54f348 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -2316,6 +2316,13 @@ ifapi_nv_write(
         context->nv_cmd.esys_handle = nv_index;
         context->nv_cmd.nv_obj = object->misc.nv;
 
+        /* Check whether the file in object store can be updated if necessary */
+        if (!(context->nv_cmd.nv_object.misc.nv.public.nvPublic.attributes &
+              TPMA_NV_WRITTEN) ){
+            r = ifapi_keystore_check_writeable(&context->keystore, nvPath);
+            goto_if_error_reset_state(r, "Check whether update object store is possible.", error_cleanup);
+        }
+
         /* Determine the object which will be uses for authorization. */
         if (object->misc.nv.public.nvPublic.attributes & TPMA_NV_PPWRITE) {
             ifapi_init_hierarchy_object(auth_object, ESYS_TR_RH_PLATFORM);
@@ -2437,6 +2444,12 @@ ifapi_nv_write(
             return TSS2_FAPI_RC_TRY_AGAIN;
 
         }
+        if (context->nv_cmd.nv_object.misc.nv.public.nvPublic.attributes &
+            TPMA_NV_WRITTEN) {
+            LOG_DEBUG("success");
+            r = TSS2_RC_SUCCESS;
+            break;
+        }
         fallthrough;
 
     statecase(context->nv_cmd.nv_write_state, NV2_WRITE_WRITE_PREPARE);