hi, I am trying to enable the evm hmac solution on my qemu arm64 virt platform running Debian. I am using the swtpm 2.0 implementation for the TPM trusted source. Before I get into trying out the evm hmac solution on the target system, I wanted to check creating the trusted and encrypted keys. Other details on my set up are as follows Distro - Debian 11 TPM - swtpm Linux kernel - Linux version 6.1.0-13032, commit 77856d911a8c [1] keyctl --version keyctl from keyutils-1.6.1 (Built 2020-02-10) When trying to follow the steps highlighted in the Documentation/security/keys/trusted-encrypted.rst, I can generate the trusted key. However, when I try to load the trusted key using the command shown in the document, it throws an error. Has there been a change in the code, or am I missing some step when trying to load the trusted key? Steps that I am following (after having created the SRK). # keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u # keyctl show Session Keyring 442944693 --alswrv 0 0 keyring: _ses 925986946 --alswrv 0 65534 \_ keyring: _uid.0 401286062 --alswrv 0 0 \_ trusted: kmk # keyctl pipe 401286062 > kmk.blob # keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001" @u add_key: Invalid argument -sughosh [1] - I enable trusted and encrypted keys above the said commit
