I'm running rhel 6.2 on an ibm 3550m3
I installed the following packages: tpm-tools trousers tpm-tools-pkcs11
opencryptoki
I ran:
/etc/init.d/tcsd start
/etc/init.d/pkcsslotd start
tpm_takeownership ... I enterred passwords for the owner and srk
I then tried to run tpmtoken_init but got the error: C_Login failed: 0x00000006
(6)
I then tried to go back and rerun tpm_takeownership and set the srk password to
null but got the error:
Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008 (8), The TPM
target command has been disabled.
I then tried to run tpm_changeownerauth -s to set the srk password to null but
get the error:
Tspi_Context_LoadKeyByUUID failed: 0x00002020 - layer=tcs, code=0020 (32),
Key not found in persistent storage
I ran tpm_restrictsrk -a after seeing your last post but it didn't help.
Subject: RE: [opencryptoki-users] (no subject)
To: jpetkov...@hotmail.com
CC: opencryptoki-users@lists.sourceforge.net
From: lat...@us.ibm.com
Date: Tue, 7 Feb 2012 14:17:28 -0600
Hi John,
My apologies I thought you were using the well-known passwords and had maybe
not run
tpm_takeownership. If you already ran tpm_takeownership, then have you tried
tpm_restrictsrk -a ?
Did you run any other tpm commands? If you could give me an idea of what you
did to setup, it would help.
regards,
Joy
John Petkovsek Petkovsek <jpetkov...@hotmail.com> wrote on 02/07/2012 01:13:37
PM:
> John Petkovsek Petkovsek <jpetkov...@hotmail.com>
> 02/07/2012 01:13 PM
>
> To
>
> Joy Latten/Austin/IBM@IBMUS
>
> cc
>
> opencrypto <opencryptoki-users@lists.sourceforge.net>
>
> Subject
>
> RE: [opencryptoki-users] (no subject)
>
>
> Yes this is a new setup.
> I ran the tpm_takeownership command but not with the -y and -z
> options ..... I entered a user password when prompted.
> Now when I try to run tpm_takeownership -y -z I get the following error:
>
> [root@tpm2 ~]# tpm_takeownership -y -z
> Tspi_TPM_TakeOwnership failed: 0x00000008 - layer=tpm, code=0008
> (8), The TPM target command has been disabled
>
>
> Subject: Re: [opencryptoki-users] (no subject)
> To: jpetkov...@hotmail.com
> CC: opencryptoki-users@lists.sourceforge.net
> From: lat...@us.ibm.com
> Date: Tue, 7 Feb 2012 12:53:30 -0600
>
> Hi,
>
> Is this a new setup? Were these the only commands run?
> Did you take ownership of the tpm via tpm_takeownership -y -z?
> And allow SRK read access using SRK auth via tpm_restrictsrk -a -z ?
>
> Yes, currently, it is hardcoded in opencryptoki to expect a null SRK
> password, so you will also need to do tpm_changeownerauth -s --well-known.
> But you first must have ownership of the tpm.
>
> regards,
> Joy
>
> John Petkovsek Petkovsek <jpetkov...@hotmail.com> wrote on 02/07/
> 2012 10:18:04 AM:
>
> > John Petkovsek Petkovsek <jpetkov...@hotmail.com>
> > 02/07/2012 10:18 AM
> >
> > To
> >
> > <opencryptoki-users@lists.sourceforge.net>
> >
> > cc
> >
> > Subject
> >
> > [opencryptoki-users] (no subject)
> >
> >
> > I get the following error when I run tpmtoken_init:
> >
> > [root@tpm2 usr]# tpmtoken_init
> > Warning: The TPM token has already been initialized. Reinitializing
> > the TPM token will cause all TPM token data to be lost.
> > Clear the TPM token data? [y/N]: y
> > Enter the TPM security officer password:
> > C_Login failed: 0x00000006 (6)
> >
> >
> > I entered the default SO password 87654321
> >
> >
> > I tried to change the SO password using pkcsconf but that fails as well:
> >
> > [root@tpm2 usr]# pkcsconf -P -c 0
> > Enter the SO PIN:
> > Enter the new SO PIN:
> > Re-enter the new SO PIN:
> > Error logging in: 0x6 (CKR_FUNCTION_FAILED)
> >
> >
> > I read it another thread that I may need to change to SRK password
> > to null but that gives me yet another error:
> >
> > [root@tpm2 usr]# tpm_changeownerauth -s
> > Enter owner password:
> > Enter new SRK password:
> > Confirm password:
> > Tspi_Context_LoadKeyByUUID failed: 0x00002020 - layer=tcs, code=0020
> > (32), Key not found in persistent storage
> >
> >
> > pkcsconf -t shows that the PIN need to be changed:
> > [root@tpm2 usr]# pkcsconf -t
> > Token #0 Info:
> > Label: IBM PKCS#11 TPM Token
> > Manufacturer: IBM Corp.
> > Model: TPM v1.1 Token
> > Serial Number: 123
> > Flags: 0x880445 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|
> > TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED)
> > Sessions: 0/-2
> > R/W Sessions: -1/-2
> > PIN Length: 6-127
> > Public Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Private Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Hardware Version: 1.0
> > Firmware Version: 1.0
> > Time: 10:15:11 AM
> > Token #1 Info:
> > Label: IBM OS PKCS#11
> > Manufacturer: IBM Corp.
> > Model: IBM SoftTok
> > Serial Number: 123
> > Flags: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|
> > USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED)
> > Sessions: 0/-2
> > R/W Sessions: -1/-2
> > PIN Length: 4-8
> > Public Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Private Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Hardware Version: 1.0
> > Firmware Version: 1.0
> > Time: 10:15:11 AM
> >
> >
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > opencryptoki-users mailing list
> > opencryptoki-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
opencryptoki-users mailing list
opencryptoki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
