Package: src:linux Version: 6.12.43-1 Severity: normal X-Debbugs-Cc:[email protected]
Dear Maintainer, I attempted to follow the instructions at https://manpages.debian.org/trixie/ima-evm-utils/evmctl.1.en.html for TPM backed IMA/EVM setup It includes the command # keyctl add trusted kmk "new 32" @u add_key: No such device Based on https://cateee.net/lkddb/web-lkddb/TRUSTED_KEYS.html "trusted" is not available unless CONFIG_TRUSTED_KEYS is at least "m" if not "y" https://ima-doc.readthedocs.io/en/latest/ima-configuration.html#config-trusted-keys similarly mentions it for ima setup. It appears that the required flags: CONFIG_KEYS=y CONFIG_ENCRYPTED_KEYS=y (and older kernel/functionality) CONFIG_TCG_TPM=y CONFIG_TCG_TPM2_HMAC=y are all set, so, this seems like a single config change to "m" enable module build of masterkey_trusted, trusted. <<PCI DEVICE INFORMATION ELIDED BY SUBMITTER>> -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.43+deb13-amd64 (SMP w/24 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: default Versions of packages linux-image-6.12.43+deb13-amd64 depends on: ii dracut [linux-initramfs-tool] 106-6 ii kmod 34.2-2 ii linux-base 4.12 Versions of packages linux-image-6.12.43+deb13-amd64 recommends: pn apparmor <none> Versions of packages linux-image-6.12.43+deb13-amd64 suggests: pn debian-kernel-handbook <none> pn firmware-linux-free <none> ii grub-efi-amd64 2.12-9 pn linux-doc-6.12 <none> Versions of packages linux-image-6.12.43+deb13-amd64 is related to: pn firmware-amd-graphics <none> pn firmware-atheros <none> pn firmware-bnx2 <none> pn firmware-bnx2x <none> pn firmware-brcm80211 <none> pn firmware-cavium <none> pn firmware-cirrus <none> pn firmware-intel-graphics <none> pn firmware-intel-misc <none> pn firmware-intel-sound <none> pn firmware-ipw2x00 <none> pn firmware-ivtv <none> ii firmware-iwlwifi 20250410-2 pn firmware-libertas <none> pn firmware-marvell-prestera <none> pn firmware-mediatek <none> pn firmware-misc-nonfree <none> pn firmware-myricom <none> pn firmware-netronome <none> pn firmware-netxen <none> pn firmware-nvidia-graphics <none> pn firmware-qcom-soc <none> pn firmware-qlogic <none> ii firmware-realtek 20250410-2 pn firmware-samsung <none> pn firmware-siano <none> pn firmware-ti-connectivity <none> pn xen-hypervisor <none> -- no debconf information
