Re: [opencryptoki-users] tpmtoken_init, set the SO PIN fail
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] tpmtoken_init, set the SO PIN fail
|
From: Tom L. <to...@us...> - 2007-01-12 21:10:33
|
mi...@ic...ni.c wrote on 01/12/2007 02:49:51 PM: > On 1/12/2007, "Tom Lendacky" <to...@us...> wrote: > >mi...@ic... wrote on 01/12/2007 01:20:41 PM: > > > >> On 1/12/2007, "Kent Yoder" <shp...@gm...> wrote: > >> >Also, there is a known bug which may be affecting you in the 2.2.4 > >> >tarball of openCryptoki, in the TPM code. If you're running against > >> >trousers 0.2.8+, download the latest openCryptoki from CVS, which has > >> >the fix. Let me know if you run into any problems with that code. > > > >> Hi, > > > >> thank you for your reply. Yes I'm using latest OpenCryptoki from CVS. > >> Where can be found information like the intial SO PIN 87654321? I > >> didn't know it. > > > >> I've tried the initial SO PIN but pkcsconf -c 0 -P returns me: Error > >> setting PIN: 0x6 > > > >> What is the right order of commands? pkcsconf -I -c 0 -P and then > >> tpmtoken_init or reverse? > > > >If you are using tpmtoken_init there is no need to use the pkcsconf > >command at all (tpmtoken_init uses the default SO PIN and USER PIN > >under the covers for you). One thing you can do to try and reset > >everything and start fresh is to stop the pkcsslotd daemon, delete > >the tpm token data for your user (either under /var/lib/opencryptoki/tpm > >or /usr/local/var/lib/opencryptoki/tpm) and then restart the pkcsslotd > >daemon. You should then be able to issue the tpmtoken_init command > >and supply new passwords for the SO and USER. > Hi Tom, > I've built everything again. But without success. tpmtoken_init is still > returning: C_SetPIN failed: 0x00000006 (6) > And pkcsconf -c 0 -P is returning: Error setting PIN: 0x6 > And there is also one strange thing, after OpenCryptoki is built and > installed I have to move directory /usr/local/lib/opencryptoki into > /usr/local/lib64 because binaies from the OpenCryptoki are looking for > libs in lib64 directory. But the configure script from the OpenCryptoki > correctly recognize x86_64 architecture. You'll need to specify the libdir path on the configure command in order to get the proper library installation path (automake and autoconf don't automatically provide that support). Is your user a member of the pkcs11 group? You need to be a member of that group in order to use the PKCS#11 functions. Thanks Tom > Michal > >> >On 1/12/07, Kent Yoder <shp...@gm...> wrote: > >> >> Hi Michal, > >> >> > >> >> Did you use the initial default SO PIN, 87654321? > >> >> > >> >> Kent > >> >> > >> >> On 1/12/07, Michal Prochazka <mi...@ic...> wrote: > >> >> > Hello, > >> >> > > >> >> > I'm new to this list and also to the TPM platform as well. I have > >> >> > Intel motherboard DQ965GF with TPM STM 19 WP 18 and runs SuSE 10.2 > >> >> > (64 bit) with Xen, Trousers 0.2.8 and OpenCryptoki 2.2.4. I've > >> >> > already taken ownership. Pkcsslotd and tcsd are running but I cannot > >> >> > do tpmtoken_init. I was asked for SO and user PIN but this operation > >> >> > ends with C_InitToken failed: 0x000000a0 (160). Also using pkcsconf > >> >> > -c 0 -P fails it ends with Incorrect PIN Entered even if there are > >> >> > no PIN set before. > >> >> > > >> >> > Can someone help me? > >> >> > > >> >> > Michal > >> >> > -- > >> >> > Michal Prochazka // mi...@ic... > >> >> > > >> >> > Supercomputing Center Brno > >> >> > Institute of Computer Science > >> >> > Masaryk University > >> >> > Botanicka 68a, 60200 Brno, CZ > >> >> > > >> >> > CESNET z.s.p.o. > >> >> > Zikova 4, 16200 Praha 6, CZ > >> >> > > >> >> > > >> >> > > >------------------------------------------------------------------------- > >> >> > Take Surveys. Earn Cash. Influence the Future of IT > >> >> > Join SourceForge.net's Techsay panel and you'll get the chance > >> to share your > >> >> > opinions on IT & business topics through brief surveys - and earn > >cash > >> >> > > >http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> >> > > >> >> > _______________________________________________ > >> >> > opencryptoki-users mailing list > >> >> > ope...@li... > >> >> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> >> > >> >> -- > >> >> Kent Yoder > >> >> IBM LTC Security Dev. > >> >> > >> > > >> > > >> >-- > >> >Kent Yoder > >> >IBM LTC Security Dev. > > > >> ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share > >your > >> opinions on IT & business topics through brief surveys - and earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> opencryptoki-users mailing list > >> ope...@li... > >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users) > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users |
