I am trying to create a trusted key as per instructions from the following page
I have a machine with TPM
root@proj:/data/tpm# dmesg | grep -i tpm
[ 0.000000] ACPI: TPM2 0x000000008CD0D0C0 000034 (v03
Tpm2Tabl 00000001 AMI 00000000)
[ 1.397424] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
The kernel also has the required options enabled as listed by the wiki.
When I try to execute the command,
keyctl add trusted kmk-trusted "new 32" @u
I observe the error, "add_key: Invalid argument"
I am able to create user keys with the command
root@proj:/data/tpm# keyctl add user mykey "new 32" @u
I did try searching for answers on the web but was unable to
understand why the error occurs. I also have successfully taken
ownership of the tpm using the following instructions
root@proj:~# tpm2_takeownership -o 1234 -e 1234 -l 1234
root@proj:~# echo $?
The wiki also mentions that the following instruction needs to be
executed prior to creating the trusted key
# To create and save the kernel master key (trusted type):
$ su -c 'modprobe trusted encrypted'
$ su -c 'keyctl add trusted kmk-trusted "new 32" @u'
As I have the TRUSTED_KEYS and ENCRYPTED_KEYS as part of the kernel
and not as modules, I have not executed the command, modprobe trusted
Could someone please help me understand what I am missing?