home  bbs  files  messages ]

      ZZLI4424             linux.debian.kernel             1332 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 235 of 1332 on ZZLI4424, Wednesday 9-09-25, 1:11  
  From: CLIFF KILBY  
  To: ALL  
  Subj: Bug#1114737: linux-image-6.12.43+deb13-a  
 XPost: linux.debian.bugs.dist 
 From: cliffjkilby@gmail.com 
  
 Package: src:linux 
 Version: 6.12.43-1 
 Severity: normal 
 X-Debbugs-Cc:cliffjkilby@gmail.com 
  
 Dear Maintainer, 
  
 I attempted to follow the instructions at 
 https://manpages.debian.org/trixie/ima-evm-utils/evmctl.1.en.html for TPM 
 backed IMA/EVM setup 
 It includes the command 
 # keyctl add trusted kmk "new 32" @u 
 add_key: No such device 
  
 Based on https://cateee.net/lkddb/web-lkddb/TRUSTED_KEYS.html 
 "trusted" is not available unless CONFIG_TRUSTED_KEYS is at least "m" if 
 not "y" 
 https://ima-doc.readthedocs.io/en/latest/ima-configuration.html# 
 onfig-trusted-keys 
 similarly mentions it for ima setup. 
 It appears that the required flags: 
 CONFIG_KEYS=y 
 CONFIG_ENCRYPTED_KEYS=y 
 (and older kernel/functionality) 
 CONFIG_TCG_TPM=y 
 CONFIG_TCG_TPM2_HMAC=y 
 are all set, so, this seems like a single config change to "m" enable 
 module build of masterkey_trusted, trusted. 
  
 <> 
  
 -- System Information: 
 Debian Release: 13.1 
   APT prefers stable-updates 
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
 'stable') 
 Architecture: amd64 (x86_64) 
 Foreign Architectures: i386 
  
 Kernel: Linux 6.12.43+deb13-amd64 (SMP w/24 CPU threads; PREEMPT) 
 Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE 
 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE 
 not set 
 Shell: /bin/sh linked to /usr/bin/dash 
 Init: systemd (via /run/systemd/system) 
 LSM: SELinux: enabled - Mode: Enforcing - Policy name: default 
  
 Versions of packages linux-image-6.12.43+deb13-amd64 depends on: 
 ii  dracut [linux-initramfs-tool]  106-6 
 ii  kmod                           34.2-2 
 ii  linux-base                     4.12 
  
 Versions of packages linux-image-6.12.43+deb13-amd64 recommends: 
 pn  apparmor   
  
 Versions of packages linux-image-6.12.43+deb13-amd64 suggests: 
 pn  debian-kernel-handbook   
 pn  firmware-linux-free      
 ii  grub-efi-amd64          2.12-9 
 pn  linux-doc-6.12           
  
 Versions of packages linux-image-6.12.43+deb13-amd64 is related to: 
 pn  firmware-amd-graphics       
 pn  firmware-atheros            
 pn  firmware-bnx2               
 pn  firmware-bnx2x              
 pn  firmware-brcm80211          
 pn  firmware-cavium             
 pn  firmware-cirrus             
 pn  firmware-intel-graphics     
 pn  firmware-intel-misc         
 pn  firmware-intel-sound        
 pn  firmware-ipw2x00            
 pn  firmware-ivtv               
 ii  firmware-iwlwifi           20250410-2 
 pn  firmware-libertas           
 pn  firmware-marvell-prestera   
 pn  firmware-mediatek           
 pn  firmware-misc-nonfree       
 pn  firmware-myricom            
 pn  firmware-netronome          
 pn  firmware-netxen             
 pn  firmware-nvidia-graphics    
 pn  firmware-qcom-soc           
 pn  firmware-qlogic             
 ii  firmware-realtek           20250410-2 
 pn  firmware-samsung            
 pn  firmware-siano              
 pn  firmware-ti-connectivity    
 pn  xen-hypervisor              
  
 -- no debconf information 
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,110 visits
(c) 1994,  bbs@darkrealms.ca