Re: [opencryptoki-users] tpmtoken_init, set the SO PIN fail
Brought to you by:
ebarretto
From: Tom L. <to...@us...> - 2007-01-18 15:57:45
|
mi...@ic... wrote on 01/12/2007 03:27:02 PM: > On 1/12/2007, "Tom Lendacky" <to...@us...> wrote: > >mi...@ic...ni.c wrote on 01/12/2007 02:49:51 PM: > > > >> On 1/12/2007, "Tom Lendacky" <to...@us...> wrote: > > > >> >mi...@ic... wrote on 01/12/2007 01:20:41 PM: > >> > > >> >> On 1/12/2007, "Kent Yoder" <shp...@gm...> wrote: > >> >> >Also, there is a known bug which may be affecting you in the 2.2.4 > >> >> >tarball of openCryptoki, in the TPM code. If you're running against > >> >> >trousers 0.2.8+, download the latest openCryptoki from CVS, which has > >> >> >the fix. Let me know if you run into any problems with that code. > >> > > >> >> Hi, > >> > > >> >> thank you for your reply. Yes I'm using latest OpenCryptoki from CVS. > >> >> Where can be found information like the intial SO PIN 87654321? I > >> >> didn't know it. > >> > > >> >> I've tried the initial SO PIN but pkcsconf -c 0 -P returns me: Error > >> >> setting PIN: 0x6 > >> > > >> >> What is the right order of commands? pkcsconf -I -c 0 -P and then > >> >> tpmtoken_init or reverse? > >> > > >> >If you are using tpmtoken_init there is no need to use the pkcsconf > >> >command at all (tpmtoken_init uses the default SO PIN and USER PIN > >> >under the covers for you). One thing you can do to try and reset > >> >everything and start fresh is to stop the pkcsslotd daemon, delete > >> >the tpm token data for your user (either under /var/lib/opencryptoki/tpm > >> >or /usr/local/var/lib/opencryptoki/tpm) and then restart the pkcsslotd > >> >daemon. You should then be able to issue the tpmtoken_init command > >> >and supply new passwords for the SO and USER. > > > >> Hi Tom, > > > >> I've built everything again. But without success. tpmtoken_init is still > >> returning: C_SetPIN failed: 0x00000006 (6) > >> And pkcsconf -c 0 -P is returning: Error setting PIN: 0x6 > > > >> And there is also one strange thing, after OpenCryptoki is built and > >> installed I have to move directory /usr/local/lib/opencryptoki into > >> /usr/local/lib64 because binaies from the OpenCryptoki are looking for > >> libs in lib64 directory. But the configure script from the OpenCryptoki > >> correctly recognize x86_64 architecture. > > > >You'll need to specify the libdir path on the configure command in order > >to get the proper library installation path (automake and autoconf don't > >automatically provide that support). > ok. > >Is your user a member of the pkcs11 group? You need to be a member of > >that group in order to use the PKCS#11 functions. > yes. Because it is test machine I'm trying it as a root. I'm not sure what is going wrong. I pulled down the openCryptoki from CVS, trousers (cvs tag TROUSERS_0_2_8) and tpm-tools and rebuilt and installed each of them. I did a tpm_takeownership, specifying an owner password and NO srk password (just hit enter when prompted - this is a requirement). I did a tpmtoken_init and provided new SO and USER passwords. Everything finished successfully. Try building everything with debugging enabled (all the configure scripts should support the --enable-debug flag). Run the trousers daemon in the foreground (tcsd -f) and then set PKCS11_API_LOG_DEBUG=1 when executing the tpmtoken_init command (ie. at the command prompt enter PKCS11_API_LOG_DEBUG=1 tpmtoken_init). Be sure your syslog configuration will capture daemon facility debug messages. You may want to add a line at the top of the /etc/syslog.conf file like "daemon.debug /var/log/cryptoki" Post the contents and we'll see if we can't figure out what's going wrong. Thanks, Tom > >Thanks > >Tom > > > >> Michal > > > >> >> >On 1/12/07, Kent Yoder <shp...@gm...> wrote: > >> >> >> Hi Michal, > >> >> >> > >> >> >> Did you use the initial default SO PIN, 87654321? > >> >> >> > >> >> >> Kent > >> >> >> > >> >> >> On 1/12/07, Michal Prochazka <mi...@ic...> wrote: > >> >> >> > Hello, > >> >> >> > > >> >> >> > I'm new to this list and also to the TPM platform as well. I have > >> >> >> > Intel motherboard DQ965GF with TPM STM 19 WP 18 and runs SuSE > >10.2 > >> >> >> > (64 bit) with Xen, Trousers 0.2.8 and OpenCryptoki 2.2.4. I've > >> >> >> > already taken ownership. Pkcsslotd and tcsd are running but I > >cannot > >> >> >> > do tpmtoken_init. I was asked for SO and user PIN but this > >operation > >> >> >> > ends with C_InitToken failed: 0x000000a0 (160). Also using > >pkcsconf > >> >> >> > -c 0 -P fails it ends with Incorrect PIN Entered even if there > >are > >> >> >> > no PIN set before. > >> >> >> > > >> >> >> > Can someone help me? > >> >> >> > > >> >> >> > Michal > >> >> >> > -- > >> >> >> > Michal Prochazka // mi...@ic... > >> >> >> > > >> >> >> > Supercomputing Center Brno > >> >> >> > Institute of Computer Science > >> >> >> > Masaryk University > >> >> >> > Botanicka 68a, 60200 Brno, CZ > >> >> >> > > >> >> >> > CESNET z.s.p.o. > >> >> >> > Zikova 4, 16200 Praha 6, CZ > >> >> >> > > >> >> >> > > >> >> >> > > >> > >>------------------------------------------------------------------------- > >> >> >> > Take Surveys. Earn Cash. Influence the Future of IT > >> >> >> > Join SourceForge.net's Techsay panel and you'll get the chance > >> >> to share your > >> >> >> > opinions on IT & business topics through brief surveys - and earn > >> >cash > >> >> >> > > >> > >>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> >> >> > > >> >> >> > _______________________________________________ > >> >> >> > opencryptoki-users mailing list > >> >> >> > ope...@li... > >> >> >> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> Kent Yoder > >> >> >> IBM LTC Security Dev. > >> >> >> > >> >> > > >> >> > > >> >> >-- > >> >> >Kent Yoder > >> >> >IBM LTC Security Dev. > >> > > >> >> > >------------------------------------------------------------------------- > >> >> Take Surveys. Earn Cash. Influence the Future of IT > >> >> Join SourceForge.net's Techsay panel and you'll get the chance to > >share > >> >your > >> >> opinions on IT & business topics through brief surveys - and earn cash > >> >> > >http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> >> _______________________________________________ > >> >> opencryptoki-users mailing list > >> >> ope...@li... > >> >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users) > > > >> ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share > >your > >> opinions on IT & business topics through brief surveys - and earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> opencryptoki-users mailing list > >> ope...@li... > >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users) > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users |