On Mon, 2022-12-19 at 15:50 +0530, Sughosh Ganu wrote: > hi, > I am trying to enable the evm hmac solution on my qemu arm64 virt > platform running Debian. I am using the swtpm 2.0 implementation for > the TPM trusted source. Before I get into trying out the evm hmac > solution on the target system, I wanted to check creating the trusted > and encrypted keys. Other details on my set up are as follows > > Distro - Debian 11 > TPM - swtpm > Linux kernel - Linux version 6.1.0-13032, commit 77856d911a8c [1] > keyctl --version > keyctl from keyutils-1.6.1 (Built 2020-02-10) > > When trying to follow the steps highlighted in the > Documentation/security/keys/trusted-encrypted.rst, I can generate the > trusted key. However, when I try to load the trusted key using the > command shown in the document, it throws an error. Has there been a > change in the code, or am I missing some step when trying to load the > trusted key? > > Steps that I am following (after having created the SRK). > > # keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u > # keyctl show > Session Keyring > 442944693 --alswrv 0 0 keyring: _ses > 925986946 --alswrv 0 65534 \_ keyring: _uid.0 > 401286062 --alswrv 0 0 \_ trusted: kmk > # keyctl pipe 401286062 > kmk.blob > # keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001" @u > add_key: Invalid argument > > -sughosh > > [1] - I enable trusted and encrypted keys above the said commit Try deleting/unlinking the existing kmk key before re-loading it. -- thanks, Mimi