Re: [opencryptoki-users] error initializing token
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] error initializing token
|
From: Kent Y. <shp...@gm...> - 2010-07-20 16:11:52
|
Hmm, there are really only 2 reasons why that should fail... Does `id` show your user in the pkcs11 group? Sometimes that requires a logout/login to take effect? 2010/7/20 Alexander Loukissas (aloukiss) <alo...@ci...>: > Yup, there's a message saying: > > openCryptokiModule[2051]: api_interface.c:3397 Cannot Attach to Shared Memory > > This appears each time I run the tpmtoken_init command. > > Alex > > -----Original Message----- > From: Kent Yoder [mailto:shp...@gm...] > Sent: Tuesday, July 20, 2010 9:04 AM > To: Alexander Loukissas (aloukiss) > Cc: Klaus Heinrich Kiwi; ope...@li... > Subject: Re: [opencryptoki-users] error initializing token > > Are there any messages in /var/log/messages? > > If you've installed packages from a distro, can you install the > debugging rpms, export PKCS11_API_LOG_DEBUG=1, then try again and see > if anything is logged. > > If you've installed from source, you'd need to configure > --enable-debug, then make, make install and export the env var above. > > 2010/7/20 Alexander Loukissas (aloukiss) <alo...@ci...>: >> Both of these are true already, but still the error appears. >> >> Alex >> >> -----Original Message----- >> From: Kent Yoder [mailto:shp...@gm...] >> Sent: Tuesday, July 20, 2010 8:24 AM >> To: Alexander Loukissas (aloukiss) >> Cc: Klaus Heinrich Kiwi; ope...@li... >> Subject: Re: [opencryptoki-users] error initializing token >> >> Hi Alex, >> >> Make sure pkcsslotd is running and that the user executing this >> command is a member of the pkcs11 group. >> >> Kent >> >> On Tue, Jul 20, 2010 at 9:48 AM, Alexander Loukissas (aloukiss) >> <alo...@ci...> wrote: >>> Thanks Klaus, >>> >>> I've actually tried doing what you've suggested but I still can't make it to work. In more detail, I get an error message when running the tpmtoken_init: C_Initialize failed: 0x00000002 (2). >>> >>> Any ideas on that? >>> >>> Thanks >>> Alex >>> >>> -----Original Message----- >>> From: Klaus Heinrich Kiwi [mailto:kl...@li...] >>> Sent: Monday, July 19, 2010 6:47 PM >>> To: Alexander Loukissas (aloukiss) >>> Cc: ope...@li... >>> Subject: Re: [opencryptoki-users] error initializing token >>> >>> On Mon, 2010-07-19 at 17:18 -0500, Alexander Loukissas (aloukiss) wrote: >>>> Hello, >>>> >>>> I've been playing around with opencryptoki and I've been seeing some >>>> issues initializing the TPM token (token #0) on my machine. When running >>>> "pkcsconf -I -c 0", I enter "87654321" as the SO PIN but I get "Error >>>> initializing token: 0xA4". Looking up the header files in the >>>> opencryptoki package, I found that this error corresponds to a >>>> "CKR_PIN_LOCKED" error in usr/include/pkcs11/pkcs11types.h >>>> >>>> In more detail, I do exactly what is described here: >>>> http://www.mail-archive.com/lin...@vm.../msg53084.html >>>> >>>> When trying the exact same steps for the soft token (token #1), all >>>> succeeds and I end up with the (correct) flags 0x44D on that token. >>>> >>>> Would anyone have an idea where this problem could be coming from? I've >>>> tried to clear out the TPM entirely from the BIOS, reclaim ownership, >>>> etc, but it didn't help. >>>> >>>> For reference, I'm using an Intel DQ57TM motherboard with an on-board >>>> TPM and Fedora Core 13. >>> >>> Hi Alexander. Thank you for your contact. >>> >>> Please try these instructions and let us know: >>> http://trousers.sourceforge.net/pkcs11.html >>> >>> Basically, you'll need to set the SRK passphrase in your TPM to the >>> "well-known password" (or something like it), that is, all zeros (there >>> are switches for that in the tpm tools - see their man pages). >>> >>> After that, use "tpmtoken_init" to initialize token. >>> >>> We know it's counter-intuitive to not use the pkcsconf utility like we >>> are able to in other tokens, but currently, due to the way the tpm token >>> is built, we have no way of doing that relying solely on the PKCS#11 >>> API. >>> >>> -Klaus >>> >>>> Thanks, >>>> >>>> Alexander Loukissas >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.net email is sponsored by Sprint >>>> What will you do first with EVO, the first 4G phone? >>>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >>>> _______________________________________________ >>>> opencryptoki-users mailing list >>>> ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users >>> >>> >>> -- >>> Klaus Heinrich Kiwi | kl...@br... >>> IBM LTC Security Development | http://blog.klauskiwi.com >>> http://www.ibm.com/linux/ltc | http://www.ratliff.net/blog >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Sprint >>> What will you do first with EVO, the first 4G phone? >>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >>> _______________________________________________ >>> opencryptoki-users mailing list >>> ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users >>> >> > |
