Hi Alex, Make sure pkcsslotd is running and that the user executing this command is a member of the pkcs11 group.
Kent On Tue, Jul 20, 2010 at 9:48 AM, Alexander Loukissas (aloukiss) <alouk...@cisco.com> wrote: > Thanks Klaus, > > I've actually tried doing what you've suggested but I still can't make it to > work. In more detail, I get an error message when running the tpmtoken_init: > C_Initialize failed: 0x00000002 (2). > > Any ideas on that? > > Thanks > Alex > > -----Original Message----- > From: Klaus Heinrich Kiwi [mailto:kla...@linux.vnet.ibm.com] > Sent: Monday, July 19, 2010 6:47 PM > To: Alexander Loukissas (aloukiss) > Cc: opencryptoki-users@lists.sourceforge.net > Subject: Re: [opencryptoki-users] error initializing token > > On Mon, 2010-07-19 at 17:18 -0500, Alexander Loukissas (aloukiss) wrote: >> Hello, >> >> I've been playing around with opencryptoki and I've been seeing some >> issues initializing the TPM token (token #0) on my machine. When running >> "pkcsconf -I -c 0", I enter "87654321" as the SO PIN but I get "Error >> initializing token: 0xA4". Looking up the header files in the >> opencryptoki package, I found that this error corresponds to a >> "CKR_PIN_LOCKED" error in usr/include/pkcs11/pkcs11types.h >> >> In more detail, I do exactly what is described here: >> http://www.mail-archive.com/linux-...@vm.marist.edu/msg53084.html >> >> When trying the exact same steps for the soft token (token #1), all >> succeeds and I end up with the (correct) flags 0x44D on that token. >> >> Would anyone have an idea where this problem could be coming from? I've >> tried to clear out the TPM entirely from the BIOS, reclaim ownership, >> etc, but it didn't help. >> >> For reference, I'm using an Intel DQ57TM motherboard with an on-board >> TPM and Fedora Core 13. > > Hi Alexander. Thank you for your contact. > > Please try these instructions and let us know: > http://trousers.sourceforge.net/pkcs11.html > > Basically, you'll need to set the SRK passphrase in your TPM to the > "well-known password" (or something like it), that is, all zeros (there > are switches for that in the tpm tools - see their man pages). > > After that, use "tpmtoken_init" to initialize token. > > We know it's counter-intuitive to not use the pkcsconf utility like we > are able to in other tokens, but currently, due to the way the tpm token > is built, we have no way of doing that relying solely on the PKCS#11 > API. > > -Klaus > >> Thanks, >> >> Alexander Loukissas >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Sprint >> What will you do first with EVO, the first 4G phone? >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >> _______________________________________________ >> opencryptoki-users mailing list >> opencryptoki-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > > > -- > Klaus Heinrich Kiwi | kla...@br.ibm.com > IBM LTC Security Development | http://blog.klauskiwi.com > http://www.ibm.com/linux/ltc | http://www.ratliff.net/blog > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > opencryptoki-users mailing list > opencryptoki-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ opencryptoki-users mailing list opencryptoki-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
