Re: [opencryptoki-users] tpmtoken_init, set the SO PIN fail
Brought to you by:
ebarretto
From: Michal P. <mi...@ic...> - 2007-01-12 21:27:07
|
On 1/12/2007, "Tom Lendacky" <to...@us...> wrote: >mi...@ic...ni.c wrote on 01/12/2007 02:49:51 PM: > >> On 1/12/2007, "Tom Lendacky" <to...@us...> wrote: > >> >mi...@ic... wrote on 01/12/2007 01:20:41 PM: >> > >> >> On 1/12/2007, "Kent Yoder" <shp...@gm...> wrote: >> >> >Also, there is a known bug which may be affecting you in the 2.2.4 >> >> >tarball of openCryptoki, in the TPM code. If you're running against >> >> >trousers 0.2.8+, download the latest openCryptoki from CVS, which has >> >> >the fix. Let me know if you run into any problems with that code. >> > >> >> Hi, >> > >> >> thank you for your reply. Yes I'm using latest OpenCryptoki from CVS. >> >> Where can be found information like the intial SO PIN 87654321? I >> >> didn't know it. >> > >> >> I've tried the initial SO PIN but pkcsconf -c 0 -P returns me: Error >> >> setting PIN: 0x6 >> > >> >> What is the right order of commands? pkcsconf -I -c 0 -P and then >> >> tpmtoken_init or reverse? >> > >> >If you are using tpmtoken_init there is no need to use the pkcsconf >> >command at all (tpmtoken_init uses the default SO PIN and USER PIN >> >under the covers for you). One thing you can do to try and reset >> >everything and start fresh is to stop the pkcsslotd daemon, delete >> >the tpm token data for your user (either under /var/lib/opencryptoki/tpm >> >or /usr/local/var/lib/opencryptoki/tpm) and then restart the pkcsslotd >> >daemon. You should then be able to issue the tpmtoken_init command >> >and supply new passwords for the SO and USER. > >> Hi Tom, > >> I've built everything again. But without success. tpmtoken_init is still >> returning: C_SetPIN failed: 0x00000006 (6) >> And pkcsconf -c 0 -P is returning: Error setting PIN: 0x6 > >> And there is also one strange thing, after OpenCryptoki is built and >> installed I have to move directory /usr/local/lib/opencryptoki into >> /usr/local/lib64 because binaies from the OpenCryptoki are looking for >> libs in lib64 directory. But the configure script from the OpenCryptoki >> correctly recognize x86_64 architecture. > >You'll need to specify the libdir path on the configure command in order >to get the proper library installation path (automake and autoconf don't >automatically provide that support). ok. >Is your user a member of the pkcs11 group? You need to be a member of >that group in order to use the PKCS#11 functions. yes. Because it is test machine I'm trying it as a root. >Thanks >Tom > >> Michal > >> >> >On 1/12/07, Kent Yoder <shp...@gm...> wrote: >> >> >> Hi Michal, >> >> >> >> >> >> Did you use the initial default SO PIN, 87654321? >> >> >> >> >> >> Kent >> >> >> >> >> >> On 1/12/07, Michal Prochazka <mi...@ic...> wrote: >> >> >> > Hello, >> >> >> > >> >> >> > I'm new to this list and also to the TPM platform as well. I have >> >> >> > Intel motherboard DQ965GF with TPM STM 19 WP 18 and runs SuSE >10.2 >> >> >> > (64 bit) with Xen, Trousers 0.2.8 and OpenCryptoki 2.2.4. I've >> >> >> > already taken ownership. Pkcsslotd and tcsd are running but I >cannot >> >> >> > do tpmtoken_init. I was asked for SO and user PIN but this >operation >> >> >> > ends with C_InitToken failed: 0x000000a0 (160). Also using >pkcsconf >> >> >> > -c 0 -P fails it ends with Incorrect PIN Entered even if there >are >> >> >> > no PIN set before. >> >> >> > >> >> >> > Can someone help me? >> >> >> > >> >> >> > Michal >> >> >> > -- >> >> >> > Michal Prochazka // mi...@ic... >> >> >> > >> >> >> > Supercomputing Center Brno >> >> >> > Institute of Computer Science >> >> >> > Masaryk University >> >> >> > Botanicka 68a, 60200 Brno, CZ >> >> >> > >> >> >> > CESNET z.s.p.o. >> >> >> > Zikova 4, 16200 Praha 6, CZ >> >> >> > >> >> >> > >> >> >> > >> >>------------------------------------------------------------------------- >> >> >> > Take Surveys. Earn Cash. Influence the Future of IT >> >> >> > Join SourceForge.net's Techsay panel and you'll get the chance >> >> to share your >> >> >> > opinions on IT & business topics through brief surveys - and earn >> >cash >> >> >> > >> >>http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DDE= VDEV >> >> >> > >> >> >> > _______________________________________________ >> >> >> > opencryptoki-users mailing list >> >> >> > ope...@li... >> >> >> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> -- >> >> >> Kent Yoder >> >> >> IBM LTC Security Dev. >> >> >> >> >> > >> >> > >> >> >-- >> >> >Kent Yoder >> >> >IBM LTC Security Dev. >> > >> >> >------------------------------------------------------------------------- >> >> Take Surveys. Earn Cash. Influence the Future of IT >> >> Join SourceForge.net's Techsay panel and you'll get the chance to >share >> >your >> >> opinions on IT & business topics through brief surveys - and earn cash >> >> >http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DDEV= DEV >> >> _______________________________________________ >> >> opencryptoki-users mailing list >> >> ope...@li... >> >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users) > >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share >your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=3DD= EVDEV >> _______________________________________________ >> opencryptoki-users mailing list >> ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users) |