Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3244709pxj;
        Mon, 24 May 2021 02:04:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJztrAJbs2vBaJlVIVHHb8Pl1bPQjA/XFrFQdIZcR8wDrhnwOfT0FaU7PWq+RLgoUqh95UPI
X-Received: by 2002:aa7:cd16:: with SMTP id b22mr10982997edw.108.1621847043376;
        Mon, 24 May 2021 02:04:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1621847043; cv=none;
        d=google.com; s=arc-20160816;
        b=l7Pa/vB4WKRy5POzwiA5rQXzE9vEPF6Y1Qf2ERBhH9CxxgVdGKgywh1Aq8f2vBO0H8
         /kSxs4ENkNtdE/x8lw27iClPZ1dCWj9NRethZ7tpud3j/ZDINRU6TVulPAG8a5oRdc8t
         OI4FRsZ6xGPjFqcNEJXwT3PG2lx+4/7ZpRwwGNYdN4xwhdp+siq8NeBt6yW7tZZIQ2Pe
         xiTitqKja1Qgedqrv4s+x9T43TMcQSH8qF3dUkGdp8oJGyng4+lcFmYtZ4vQriX7X8Kx
         y5iAXC5SRu/kdju+4ngtHsw+A2Zvd3ArP6yy5fOiQhJCI+LMg/EQhM4QRDGq1022s/BN
         wBvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:cc:date:message-id:subject:mime-version
         :content-transfer-encoding:from:dkim-signature;
        bh=iPvQM7Ju1ffWKIo+8yldAlBUkBMS+sJNZu1vYtZK95Y=;
        b=HUPRk/vRulFq4i6z/0tcQSK3uqOBmf/qUm2/7kdvhoCT9gpluSSW69F/aWoSz22NAr
         0z2W0FkbirmypUo7eJJKkyIOLWhorP1hbDLmFEkqLANTrX/SzVjNQk4Y7Uu/J8DVDVyk
         uVNiWWIm5xuRBSzWehZ5M98LrQ/cdaQwnthOBarBtZuEPOTCZS8uSCjxeQ7pHNytJ3jw
         A/oOoBUDMWhfqr9puNIskaBadGEgV7QzbY+JtNLSRZoGt+bCTkEncBgf/zaiG+VvvMgj
         p0ASk/pbsxfoEdOUjH0+ESjC5i6gs6uRejqwriqQM/zpjWT/BVdwk//6x1+hCeWDgmYZ
         /Gvg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b=yIcCS+Cb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s13si13743507edr.28.2021.05.24.02.03.40;
        Mon, 24 May 2021 02:04:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b=yIcCS+Cb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232387AbhEXJDm (ORCPT <rfc822;lphwiki@gmail.com> + 99 others);
        Mon, 24 May 2021 05:03:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42854 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232318AbhEXJDl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 May 2021 05:03:41 -0400
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65478C061574
        for <linux-kernel@vger.kernel.org>; Mon, 24 May 2021 02:02:14 -0700 (PDT)
Received: by mail-pl1-x631.google.com with SMTP id s4so12746393plg.12
        for <linux-kernel@vger.kernel.org>; Mon, 24 May 2021 02:02:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bytedance-com.20150623.gappssmtp.com; s=20150623;
        h=from:content-transfer-encoding:mime-version:subject:message-id:date
         :cc:to;
        bh=iPvQM7Ju1ffWKIo+8yldAlBUkBMS+sJNZu1vYtZK95Y=;
        b=yIcCS+Cbcf4SQbB2ozxN/mlL7P4irXdIn7392izp1/M0hZPWyJmx5Mnf6JwadtddWU
         TCkMwGtLO+7KYH+JpjZjYgfdzdM8nRuV9dOaCvCOD4nO/LZjHdJ2SecQs69SNLfi65Y8
         bqJdj5C9wc1QwY/z+pVa3ItifpQ/iGqZ0y5ISArHIo6ecofDch0FIOAdoV2ETbmFhCXL
         7oqzcPtKdvDmjgYT4h/DHcjVNb4Rf1ViFcLzu52Jzm4/YXxT6r0sifDo2gEBf2pMjV2R
         O6mWqBwOZn3K/laIlYa3NqHNuXXF1xkkW3TdrA53cAsbE+6SaWovnRNyfniUnk2Q65oB
         dUxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:content-transfer-encoding:mime-version
         :subject:message-id:date:cc:to;
        bh=iPvQM7Ju1ffWKIo+8yldAlBUkBMS+sJNZu1vYtZK95Y=;
        b=eew1hZLF8+7UuuGS3GxqB/dSrxbn0qWbTwohWzUxs9JzYptf3CIj0sx07qZgyQvGdr
         V0IEUJ8BoxUN8hO+0EG98TWfrX7F9a0D7a7+qj1FzPfRYE6QLZCd2nXAcy/DOml6/twW
         SAgcyIJg7MZ+IUl/CyRcdkRRwOWbvViEbBrL0xNVwXGu7dJlxKfeiC5m1mutWx7jY8cT
         tGTtWVFaLMiGZOsJse/Q/PNubXkgKgTiZLSqQb96dBX3nw4pDgvDxdAUpfxMHGIdKj1U
         eZG9LANNvx5acXBc9sDLLSgDA0oUnAHTV09El0ELKQlybUbDlQj6vqtxQMSLRRw4uhvV
         a24A==
X-Gm-Message-State: AOAM530b8qBnH49p6rTYMGgXXWDVAk3nKYJqhYq97h+0GHE6o0+IiGiV
        /Zv5DZKKBELFUggpws/gXJaZ6Q==
X-Received: by 2002:a17:903:1cd:b029:f0:c1c2:9e75 with SMTP id e13-20020a17090301cdb02900f0c1c29e75mr24517969plh.54.1621846933651;
        Mon, 24 May 2021 02:02:13 -0700 (PDT)
Received: from smtpclient.apple ([139.177.225.224])
        by smtp.gmail.com with ESMTPSA id a65sm9098526pfb.177.2021.05.24.02.02.10
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 24 May 2021 02:02:13 -0700 (PDT)
From:   Chunxin Zang <zangchunxin@bytedance.com>
Content-Type: text/plain;
        charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
Subject: =?utf-8?Q?Documentation/admin-guide/module-signing=2Erst=3A_Does_?=
 =?utf-8?Q?the_function_of_adding_a_key_to_=E2=80=98Builtin=5Ftrusted=5Fke?=
 =?utf-8?Q?y=E2=80=99_work=3F?=
Message-Id: <49DB247F-F485-45D5-87F9-4FCB85CB7767@bytedance.com>
Date:   Mon, 24 May 2021 17:02:07 +0800
Cc:     keyrings@vger.kernel.org, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org
To:     dhowells@redhat.com, dwmw2@infradead.org, corbet@lwn.net
X-Mailer: Apple Mail (2.3654.80.0.2.43)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Recently, I am learning how to use module signature.
But I got 'Permission denied' when I trying to add a=20
public key to the 'builtin_trusted_keys' keyring.

root@:~# cat /proc/keys
3471e123 I------     1 perm 1f030000     0     0 asymmetri Build time =
autogenerated kernel key: xxxx: X509.rsa xxxx []
37e8db03 I------     1 perm 1f0b0000     0     0 keyring   =
.builtin_trusted_keys: 1
root@:~# keyctl padd asymmetric "" 0x37e8db03  < =
./signing_key_test_sign.x509
add_key: Permission denied

The reason is the 'builtin_trusted_keys'  keyring's perm was set=20
'1f0b0000' by below operate when kernel starting.=20

builtin_trusted_keys =3D
                keyring_alloc(".builtin_trusted_keys",
                              KUIDT_INIT(0), KGIDT_INIT(0), =
current_cred(),
                              ((KEY_POS_ALL & ~KEY_POS_SETATTR) |=20
                              KEY_USR_VIEW | KEY_USR_READ | =
KEY_USR_SEARCH),
                              KEY_ALLOC_NOT_IN_QUOTA,
                              NULL, NULL);

And,  'add_key' interface pass the KEY_NEED_WRITE
perm to lookup_user_key.=20
So -EACCES returned in key_task_permission check.

Is there something wrong in  module-signing.rst ?
Or I missed some information about it.

Best wishes
Chunxin=