From bddbd31a151fb486886811f9ee17f5f9b627dd2c Mon Sep 17 00:00:00 2001
From: Dmitry Kasatkin <d.kasatkin@samsung.com>
Date: Mon, 17 Feb 2014 16:06:28 +0200
Subject: [PATCH] Provide random KMK example instead of fixed testing123

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---
 README | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/README b/README
index b9c5376..f460ec7 100644
--- a/README
+++ b/README
@@ -82,6 +82,16 @@ or
     $ scp x509_evm.pem target:/etc/keys
 
 
+Generation of EVM keys
+
+    $ # create and save the kernel master key (user type)
+    $ keyctl add user kmk "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u
+    $ keyctl pipe `keyctl search @u user kmk` > /etc/keys/kmk
+    $ # create the EVM encrypted key
+    $ keyctl add encrypted evm-key "new user:kmk 32" @u
+    $ keyctl pipe `keyctl search @u encrypted evm-key` >/etc/keys/evm-key
+
+
 Initialization
 --------------
 
@@ -92,7 +102,7 @@ Here is an example script /etc/initramfs-tools/scripts/local-top/ima.sh
 
     # import EVM HMAC key
     keyctl clear @u
-    keyctl add user kmk "testing123" @u
+    cat /etc/keys/kmk | keyctl padd user kmk @u
     keyctl add encrypted evm-key "load `cat /etc/keys/evm-key`" @u
 
     # import IMA public key