Are there any messages in /var/log/messages? If you've installed packages from a distro, can you install the debugging rpms, export PKCS11_API_LOG_DEBUG=1, then try again and see if anything is logged.
If you've installed from source, you'd need to configure --enable-debug, then make, make install and export the env var above. 2010/7/20 Alexander Loukissas (aloukiss) <alouk...@cisco.com>: > Both of these are true already, but still the error appears. > > Alex > > -----Original Message----- > From: Kent Yoder [mailto:shpedoi...@gmail.com] > Sent: Tuesday, July 20, 2010 8:24 AM > To: Alexander Loukissas (aloukiss) > Cc: Klaus Heinrich Kiwi; opencryptoki-users@lists.sourceforge.net > Subject: Re: [opencryptoki-users] error initializing token > > Hi Alex, > > Make sure pkcsslotd is running and that the user executing this > command is a member of the pkcs11 group. > > Kent > > On Tue, Jul 20, 2010 at 9:48 AM, Alexander Loukissas (aloukiss) > <alouk...@cisco.com> wrote: >> Thanks Klaus, >> >> I've actually tried doing what you've suggested but I still can't make it to >> work. In more detail, I get an error message when running the tpmtoken_init: >> C_Initialize failed: 0x00000002 (2). >> >> Any ideas on that? >> >> Thanks >> Alex >> >> -----Original Message----- >> From: Klaus Heinrich Kiwi [mailto:kla...@linux.vnet.ibm.com] >> Sent: Monday, July 19, 2010 6:47 PM >> To: Alexander Loukissas (aloukiss) >> Cc: opencryptoki-users@lists.sourceforge.net >> Subject: Re: [opencryptoki-users] error initializing token >> >> On Mon, 2010-07-19 at 17:18 -0500, Alexander Loukissas (aloukiss) wrote: >>> Hello, >>> >>> I've been playing around with opencryptoki and I've been seeing some >>> issues initializing the TPM token (token #0) on my machine. When running >>> "pkcsconf -I -c 0", I enter "87654321" as the SO PIN but I get "Error >>> initializing token: 0xA4". Looking up the header files in the >>> opencryptoki package, I found that this error corresponds to a >>> "CKR_PIN_LOCKED" error in usr/include/pkcs11/pkcs11types.h >>> >>> In more detail, I do exactly what is described here: >>> http://www.mail-archive.com/linux-...@vm.marist.edu/msg53084.html >>> >>> When trying the exact same steps for the soft token (token #1), all >>> succeeds and I end up with the (correct) flags 0x44D on that token. >>> >>> Would anyone have an idea where this problem could be coming from? I've >>> tried to clear out the TPM entirely from the BIOS, reclaim ownership, >>> etc, but it didn't help. >>> >>> For reference, I'm using an Intel DQ57TM motherboard with an on-board >>> TPM and Fedora Core 13. >> >> Hi Alexander. Thank you for your contact. >> >> Please try these instructions and let us know: >> http://trousers.sourceforge.net/pkcs11.html >> >> Basically, you'll need to set the SRK passphrase in your TPM to the >> "well-known password" (or something like it), that is, all zeros (there >> are switches for that in the tpm tools - see their man pages). >> >> After that, use "tpmtoken_init" to initialize token. >> >> We know it's counter-intuitive to not use the pkcsconf utility like we >> are able to in other tokens, but currently, due to the way the tpm token >> is built, we have no way of doing that relying solely on the PKCS#11 >> API. >> >> -Klaus >> >>> Thanks, >>> >>> Alexander Loukissas >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Sprint >>> What will you do first with EVO, the first 4G phone? >>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >>> _______________________________________________ >>> opencryptoki-users mailing list >>> opencryptoki-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users >> >> >> -- >> Klaus Heinrich Kiwi | kla...@br.ibm.com >> IBM LTC Security Development | http://blog.klauskiwi.com >> http://www.ibm.com/linux/ltc | http://www.ratliff.net/blog >> >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Sprint >> What will you do first with EVO, the first 4G phone? >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >> _______________________________________________ >> opencryptoki-users mailing list >> opencryptoki-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users >> > ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ opencryptoki-users mailing list opencryptoki-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
