I went out on a ledge and tried to rebuild the kernel with the single change proposed. # uname -a Linux debian 6.12.43 #2 SMP PREEMPT_DYNAMIC Tue Sep 9 09:24:23 EDT 2025 x86_64 GNU/Linux # grep TRUSTED /boot/config-6.12.43 CONFIG_TRUSTED_KEYS=m # dmesg | grep 'Linux version' [ 0.000000] Linux version 6.12.43 (buildlocal@debian) (gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #2 SMP PREEMPT_DYNAMIC Tue Sep 9 09:24:23 EDT 2025 #modinfo trusted filename: /lib/modules/6.12.43/kernel/security/keys/trusted-keys/trusted.ko.xz license: GPL # lsmod | grep trusted trusted 45056 1 dm_crypt asn1_encoder 12288 1 trusted tee 49152 1 trusted # keyctl add trusted kmk "new 32" @u add_key: Invalid argument
Ooops. It appears that even with the module, the instruction is wrong. But, at least "trusted" is a type now. So, I can do this. # keyctl add trusted kmk-trusted "new 32 keyhandle=0x81000001" @u 964692806 # keyctl describe 964692806 964692806: alswrv-----v------------ 0 0 trusted: kmk-trusted I do not believe that building a local kernel is a long term fix for a security feature that should be available by default. I would still ask that you enable the module build of this module. On Mon, Sep 8, 2025 at 11:19 PM Debian Bug Tracking System < [email protected]> wrote: > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 1114737: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114737. > > This is an automatically generated reply to let you know your message > has been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > As you requested using X-Debbugs-CC, your message was also forwarded to > [email protected] > (after having been given a Bug report number, if it did not have one). > > Your message has been sent to the package maintainer(s): > [email protected] > > If you wish to submit further information on this problem, please > send it to [email protected]. > > Please do not send mail to [email protected] unless you wish > to report a problem with the Bug-tracking system. > > -- > 1114737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114737 > Debian Bug Tracking System > Contact [email protected] with problems >
