[TrouSerS-users] re-initialization question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I used thinkpad's bios to clear the data of the token as documented in [1],=
 and I am not sure that I follow the right steps to properly initialize the=
 token.

here are the steps I followed. I hope you can tell me what I'm doing wrong.

# powerup + FN pressed + F1 -> BIOS token reset

peter ~ # rm -rf /var/lib/opencryptoki/*
peter ~ # /etc/init.d/tcsd start
peter ~ # /etc/init.d/pkcsslotd start
peter ~ # tpm_takeownership

peter ~ # tpmtoken_init
LOG_ERR TPM_STDLL tpm_specific.c:197 ERROR: key with ID=3D"PUBLIC ROOT KEY"=
 not found in the store!
LOG_ERR TPM_STDLL tpm_specific.c:197 ERROR: key with ID=3D"PUBLIC ROOT KEY"=
 not found in the store!
A new TPM security officer password is needed. The password must be between=
 6 and 127 characters in length.
Enter new password:
Confirm password:
LOG_ERR TPM_STDLL tpm_specific.c:197 ERROR: key with ID=3D"PRIVATE ROOT KEY=
" not found in the store!
A new TPM user password is needed. The password must be between 6 and 127 c=
haracters in length.
Enter new password:
Confirm password:

peter ~ # tpmtoken_import --name sunspire /etc/openvpn/sunspire/import.pem
Enter your TPM user password:
LOG_ERR TPM_STDLL tpm_specific.c:1313 ERROR: Private master key doesn't exi=
st, creating it...

peter ~ # tpmtoken_objects
Enter your TPM user password:
Private Key: Type: 0, Label: 'sunspire'
Public Key: Type: 0, Label: 'sunspire'
ERROR tpmtok ../common/object.c:773 Attribute Type Invalid
ERROR tpmtok ../common/obj_mgr.c:1603 Object Get Attribute Values Failed
ST MSG TPM_STDLL new_host.c:1928 whammy
ERROR tpmtok ../common/object.c:773 Attribute Type Invalid
ERROR tpmtok ../common/obj_mgr.c:1603 Object Get Attribute Values Failed
ST MSG TPM_STDLL new_host.c:1928 whammy
Certificate: Type: X509 Public Key, Label: 'sunspire'

before doing the hardware reset, the tpmtoken_import and tpmtoken_objects w=
orked without any errors.
if a software I'm interested in tries to call C_Sign, the following failure=
 pops up:

LOG_ERR TPM_STDLL tpm_specific.c:2365 ERROR: template_attribute_find failed.
LOG_ERR TPM_STDLL tpm_specific.c:2521 ERROR: token_rsa_load_key failed. rc=
=3D0x6
ST MSG TPM_STDLL mech_rsa.c:163 whammy
ST MSG TPM_STDLL mech_rsa.c:380 whammy
ST MSG TPM_STDLL new_host.c:3106 whammy

software used:

tpm-tools-1.2.3
trousers-0.2.6
libica-1.3.7
opencryptoki-2.2.4
2.6.16 kernel

cheers,
peter

[1] http://trousers.sourceforge.net/faq.html#5.1

--=20
petre rodan
<ka...@ge...>
Developer,
Hardened Gentoo Linux=20