diff --git a/util/policy.go b/util/policy.go
index 0b0c878..2b7b44e 100644
--- a/util/policy.go
+++ b/util/policy.go
@@ -17,6 +17,8 @@ import (
 // is that it is possible to compute digests for PolicySecret and PolicyNV assertions
 // without knowledge of the authorization value of the authorizing entities used for those
 // commands.
+//
+// Deprecated: Use [policyutil.PolicyBuilder].
 type TrialAuthPolicy struct {
 	alg    tpm2.HashAlgorithmId
 	digest tpm2.Digest
@@ -29,6 +31,8 @@ type TrialAuthPolicy struct {
 // ComputeAuthPolicy creates a new context for computing an authorization policy digest.
 // It will panic if the specified algorithm is not available. The caller should check
 // this beforehand.
+//
+// Deprecated: Use [policyutil.NewPolicyBuilder].
 func ComputeAuthPolicy(alg tpm2.HashAlgorithmId) *TrialAuthPolicy {
 	if !alg.Available() {
 		panic("unsupported digest algorithm or algorithm not linked in to binary")
diff --git a/util/signatures.go b/util/signatures.go
index cdd54e3..3c4bfc0 100644
--- a/util/signatures.go
+++ b/util/signatures.go
@@ -115,6 +115,8 @@ func SignPolicyAuthorization(key crypto.PrivateKey, scheme *tpm2.SigScheme, nonc
 // ComputePolicyAuthorizeDigest computes a digest to sign from the supplied authorization policy
 // digest and policy reference. The resulting digest can be signed to authorize the supplied policy
 // with the TPM2_PolicyAuthorize assertion, using the [tpm2.TPMContext.PolicyAuthorize] function.
+//
+// Deprecated: Use [policyutil.ComputePolicyAuthorizationTBSDigest].
 func ComputePolicyAuthorizeDigest(alg tpm2.HashAlgorithmId, approvedPolicy tpm2.Digest, policyRef tpm2.Nonce) (tpm2.Digest, error) {
 	if !alg.Available() {
 		return nil, errors.New("digest algorithm is not available")
@@ -133,6 +135,8 @@ func ComputePolicyAuthorizeDigest(alg tpm2.HashAlgorithmId, approvedPolicy tpm2.
 //
 // The digest algorithm used for the signature must match the name algorithm in the public area
 // associated with the supplied private key.
+//
+// Deprecated: Use [policyutil.SignPolicyAuthorize].
 func PolicyAuthorize(key crypto.PrivateKey, scheme *tpm2.SigScheme, approvedPolicy tpm2.Digest, policyRef tpm2.Nonce) (tpm2.Digest, *tpm2.Signature, error) {
 	hashAlg := scheme.AnyDetails().HashAlg
 	if !hashAlg.Available() {