Provide random KMK example instead of fixed testing123

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
2025-04-27 14:22:31 +02:00 · 2014-02-17 16:06:28 +02:00 · 2014-02-17 16:06:28 +02:00 · bddbd31a15
commit bddbd31a15
parent c7042472e8
1 changed files with 11 additions and 1 deletions
--- a/12
+++ b/12
@ -82,6 +82,16 @@ or
    $ scp x509_evm.pem target:/etc/keys


+Generation of EVM keys
+
+    $ # create and save the kernel master key (user type)
+    $ keyctl add user kmk "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u
+    $ keyctl pipe `keyctl search @u user kmk` > /etc/keys/kmk
+    $ # create the EVM encrypted key
+    $ keyctl add encrypted evm-key "new user:kmk 32" @u
+    $ keyctl pipe `keyctl search @u encrypted evm-key` >/etc/keys/evm-key
+
+
 Initialization
 --------------

@ -92,7 +102,7 @@ Here is an example script /etc/initramfs-tools/scripts/local-top/ima.sh

    # import EVM HMAC key
    keyctl clear @u
-    keyctl add user kmk "testing123" @u
+    cat /etc/keys/kmk | keyctl padd user kmk @u
    keyctl add encrypted evm-key "load `cat /etc/keys/evm-key`" @u

    # import IMA public key