diff --git a/examples/boot/README.md b/examples/boot/README.md
index 36d86eb..9dea259 100644
--- a/examples/boot/README.md
+++ b/examples/boot/README.md
@@ -68,7 +68,8 @@ Example for creating a sealed secret using that signed policy based on public ke
 
 ```sh
 # Create a keyed hash sealed object using the policy authorization for the public key
-./examples/boot/secret_seal -policy=policyauth.bin -out=sealblob.bin
+./examples/boot/secret_seal -rsa -policy=policyauth.bin -out=sealblob.bin
+./examples/boot/secret_seal -ecc -policy=policyauth.bin -out=sealblob.bin
 # OR
 # Provide the public key for policy authorization (instead of -policy=)
 ./examples/boot/secret_seal -rsa -publickey=./certs/example-rsa2048-key-pub.der -out=sealblob.bin
diff --git a/examples/boot/secret_seal.c b/examples/boot/secret_seal.c
index 5929f95..f01a69a 100644
--- a/examples/boot/secret_seal.c
+++ b/examples/boot/secret_seal.c
@@ -49,7 +49,7 @@ static void usage(void)
     printf("Expected usage:\n");
     printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-policy=] [-out=]\n");
     printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-ecc/-rsa] [-publickey=] [-out=]\n");
-    printf("* -secret=value: Secret to seal (default=random)\n");
+    printf("* -secretstr=string/-secrethex=hex: Secret to seal (default=random)\n");
     printf("* -policy=file: Policy authorization digest for the public key used to sign the policy (default policyauth.bin)\n");
     printf("* -ecc/-rsa: Public key is RSA or ECC (default is RSA)\n");
     printf("* -publickey=file: Public key file (PEM or DER) for the policy signing key used\n");
@@ -138,6 +138,8 @@ int TPM2_Boot_SecretSeal_Example(void* userCtx, int argc, char *argv[])
         else if (XSTRNCMP(argv[argc-1], "-secretstr=", XSTRLEN("-secretstr=")) == 0) {
             const char* secretStr = argv[argc-1] + XSTRLEN("-secretstr=");
             secretSz = (int)XSTRLEN(secretStr);
+            if (secretSz > (word32)sizeof(secret))
+                secretSz = (word32)sizeof(secret);
             XMEMCPY(secret, secretStr, secretSz);
         }
         else if (XSTRNCMP(argv[argc-1], "-secrethex=", XSTRLEN("-secrethex=")) == 0) {
diff --git a/examples/boot/secret_unseal.c b/examples/boot/secret_unseal.c
index 0800156..339d2f0 100644
--- a/examples/boot/secret_unseal.c
+++ b/examples/boot/secret_unseal.c
@@ -127,6 +127,8 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
     Unseal_Out unsealOut;
     byte* policyRef = NULL; /* optional nonce */
     word32 policyRefSz = 0;
+    byte secret[MAX_SYM_DATA+1]; /* room for NULL term */
+    word32 secretSz = 0;
 
     XMEMSET(&dev, 0, sizeof(WOLFTPM2_DEV));
     XMEMSET(&storage, 0, sizeof(WOLFTPM2_KEY));
@@ -331,8 +333,11 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
         goto exit;
     }
 
-    printf("Secret (%d bytes):\n", unsealOut.outData.size);
-    printHexString(unsealOut.outData.buffer, unsealOut.outData.size, 32);
+    secretSz = unsealOut.outData.size;
+    XMEMSET(secret, 0, sizeof(secret));
+    XMEMCPY(secret, unsealOut.outData.buffer, secretSz);
+    printf("Secret (%d bytes): %s\n", secretSz, secret);
+    printHexString(secret, secretSz, 32);
 
 exit:
     if (rc != 0) {
diff --git a/examples/boot/secure_rot.c b/examples/boot/secure_rot.c
index 683695b..3bb0bb3 100644
--- a/examples/boot/secure_rot.c
+++ b/examples/boot/secure_rot.c
@@ -43,12 +43,12 @@
 static void usage(void)
 {
     printf("Expected usage:\n");
-    printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-auth] [-sha384] [-lock]\n");
+    printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-authhex=/-authstr=] [-sha384] [-lock]\n");
     printf("* -nvindex=[handle] (default 0x%x)\n",
         TPM2_DEMO_NV_SECURE_ROT_INDEX);
     printf("* -hash=hash: Hex string digest to write\n");
     printf("* -write=filename: DER formatted public key to write\n");
-    printf("* -auth=password: Optional password for NV\n");
+    printf("* -authstr=password/-authhex=hexstring: Optional password for NV\n");
     printf("* -sha384: Use SHA2-384 (default is SHA2-256)\n");
     printf("* -lock: Lock the write\n");
     printf("\nExamples:\n");
@@ -135,8 +135,15 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[])
             }
             doWrite = 1;
         }
-        else if (XSTRNCMP(argv[argc-1], "-auth=", XSTRLEN("-auth=")) == 0) {
-            const char* authHexStr = argv[argc-1] + XSTRLEN("-auth=");
+        else if (XSTRNCMP(argv[argc-1], "-authstr=", XSTRLEN("-authstr=")) == 0) {
+            const char* authHexStr = argv[argc-1] + XSTRLEN("-authstr=");
+            authBufSz = (int)XSTRLEN(authHexStr);
+            if (authBufSz > (int)sizeof(authBuf))
+                authBufSz = (word32)sizeof(authBuf);
+            XMEMCPY(authBuf, authHexStr, authBufSz);
+        }
+        else if (XSTRNCMP(argv[argc-1], "-authhex=", XSTRLEN("-authhex=")) == 0) {
+            const char* authHexStr = argv[argc-1] + XSTRLEN("-authhex=");
             int authHexStrLen = (int)XSTRLEN(authHexStr);
             if (authHexStrLen > (int)sizeof(authBuf)*2+1)
                 authBufSz = -1;