On Mon, 2010-07-19 at 17:18 -0500, Alexander Loukissas (aloukiss) wrote: > Hello, > > I've been playing around with opencryptoki and I've been seeing some > issues initializing the TPM token (token #0) on my machine. When running > "pkcsconf -I -c 0", I enter "87654321" as the SO PIN but I get "Error > initializing token: 0xA4". Looking up the header files in the > opencryptoki package, I found that this error corresponds to a > "CKR_PIN_LOCKED" error in usr/include/pkcs11/pkcs11types.h > > In more detail, I do exactly what is described here: > http://www.mail-archive.com/linux-...@vm.marist.edu/msg53084.html > > When trying the exact same steps for the soft token (token #1), all > succeeds and I end up with the (correct) flags 0x44D on that token. > > Would anyone have an idea where this problem could be coming from? I've > tried to clear out the TPM entirely from the BIOS, reclaim ownership, > etc, but it didn't help. > > For reference, I'm using an Intel DQ57TM motherboard with an on-board > TPM and Fedora Core 13.
Hi Alexander. Thank you for your contact. Please try these instructions and let us know: http://trousers.sourceforge.net/pkcs11.html Basically, you'll need to set the SRK passphrase in your TPM to the "well-known password" (or something like it), that is, all zeros (there are switches for that in the tpm tools - see their man pages). After that, use "tpmtoken_init" to initialize token. We know it's counter-intuitive to not use the pkcsconf utility like we are able to in other tokens, but currently, due to the way the tpm token is built, we have no way of doing that relying solely on the PKCS#11 API. -Klaus > Thanks, > > Alexander Loukissas > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > opencryptoki-users mailing list > opencryptoki-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users -- Klaus Heinrich Kiwi | kla...@br.ibm.com IBM LTC Security Development | http://blog.klauskiwi.com http://www.ibm.com/linux/ltc | http://www.ratliff.net/blog ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ opencryptoki-users mailing list opencryptoki-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
