This procedure will transfer an HMAC key created inside TPM-A to TPM-B but prevent TPM-B to transfer it to TPM-C.
Basically, and extension of As an end-to-end example, the following will transfer an RSA key generated on TPM-A to TPM-B but
using tpm2_policyduplicationselect
tp prevent further duplication
Step 1 below will transfer a key from A->B, step 2 attempts B->C but is prevented duplication on B by policy