Thanks for your feedback, Mimi. But the document of dracut can't solve my problem. I did more test these days and try to descript my question in more detail. In my scenario, the trusted key will be sealed into TPM with PCR policy. And there are some related options in manual like hash= hash algorithm name as a string. For TPM 1.x the only allowed value is sha1. For TPM 2.x the allowed values are sha1, sha256, sha384, sha512 and sm3-256. policydigest= digest for the authorization policy. must be calculated with the same hash algorithm as specified by the 'hash=' option. policyhandle= handle to an authorization policy session that defines the same policy and with the same hash algorithm as was used to seal the key. Here is my test step. Firstly, the pcr policy is generated as below: $ tpm2_createpolicy --policy-pcr --pcr-list sha256:7 --policy pcr7_bin.policy > pcr7.policy Pcr7.policy is the ascii hex of policy: $ cat pcr7.policy 321fbd28b60fcc23017d501b133bd5dbf2889814588e8a23510fe10105cb2cc9 Then generate the trusted key and configure policydigest and get the key ID: $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha256 policydigest=`cat pcr7.policy`" @u 874117045 Save the trusted key. $ keyctl pipe 874117045 > kmk.blob Reboot and load the key. Start a auth session to generate the policy: $ tpm2_startauthsession -S session.ctx session-handle: 0x3000000 $ tpm2_pcrlist -L sha256:7 -o pcr7.sha256 $ tpm2_policypcr -S session.ctx -L sha256:7 -F pcr7.sha256 -f pcr7.policy policy-digest: 0x321FBD28B60FCC23017D501B133BD5DBF2889814588E8A23510FE10105CB2CC9 Input the policy handle to load trusted key: $ keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001 policyhandle=0x3000000" @u add_key: Operation not permitted The error should be policy check failed, because I use TPM command to unseal directly with error of policy check failed. $ tpm2_unseal -c 0x81000001 -L sha256:7 ERROR on line: "81" in file: "./lib/log.h": Tss2_Sys_Unseal(0x99D) - tpm:session(1):a policy check failed ERROR on line: "213" in file: "tools/tpm2_unseal.c": Unseal failed! ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run tpm2_unseal So my question is: 1. How to use the option, policydigest, policyhandle?? Is there any example? 2. What's wrong with my test step? Thanks. - Shirley -----Original Message----- From: Mimi Zohar <zohar@xxxxxxxxxxxxx> Sent: Wednesday, November 13, 2019 11:46 PM To: Zhao, Shirley <shirley.zhao@xxxxxxxxx>; James Bottomley <jejb@xxxxxxxxxxxxx>; Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>; Jonathan Corbet <corbet@xxxxxxx> Cc: linux-integrity@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx; linux-doc@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; 'Mauro Carvalho Chehab' <mchehab+samsung@xxxxxxxxxx> Subject: Re: One question about trusted key of keyring in Linux kernel. On Wed, 2019-11-13 at 01:22 +0000, Zhao, Shirley wrote: > Hi, all, > > This is Shirley from Intel. I have one question about trusted key of > keyring in kernel. Please help. > > According the to description in https://github.com/torvalds/linux/bl > ob/master/Documentation/security/keys/trusted-encrypted.rst. > Trusted key will be saved in TPM with PCR policy protected. "Trusted Keys use a TPM both to generate and to seal the keys. Keys are sealed under a 2048 bit RSA key in the TPM, ..." Trusted keys are not TPM keys. They are not stored in the TPM. > > Then, I running the following command to create a trusted key. > keyctl add trusted test_trusted "new 32 keyhandle=0x81000001" @u > > I also tried the following command, it can add one trusted key, too. > keyctl add trusted test_trusted "new 32 keyhandle=0x81000001 > pcrinfo=`cat pcr7.blob`" @u > > But after reboot, this key will be removed. > I need to re-added during boot. Right, they need to be re-loaded on boot. Refer to the dracut module /modules.d/97masterkey for loading a trusted key during boot. > > Then the question is since this key is saved in TPM, how to get it > back from TPM? Trusted keys are not stored in the TPM. Refer to the ima-evm-utils README for examples of creating a trusted key (kmk) and an encrypted key (evm-key). > > From the document, I need to use "keyctl pipe" to save the key into a > blob, then load it. > But the blob contend key text, and this is a file on hard disk, it is > not safe to protect the key. > > So what can TPM do here? The hex ascii encoded trusted key is sealed under the TPM SRK. Mimi