Hello; sorry for the previous confusing email, it was sent unintentionally:
I am trying to use opencryptoki with TPM, but after configuring and
building opencryptoki-3.5 with TrouSers running on my linux Centos7
machine; I was not able to have my TPM token (slot 0) recognized?
Here is what I did
1- First I verified trousers is running, and TPM hardware is OK. I have
prior initialized and set the TPM ownership.
>>ps -A | grep tcsd
13582 ? 00:00:00 tcsd
I also ran
>> tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.5.81
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: WEC
Vendor Specific data: 0000
TPM Version: 01010000
Manufacturer Info: 57454300
I have successfully taken ownership of TPM and SRK is already setup in the
TPM hardware
2- I configured and make opencryoki on my centos7 machine using, the
following commands
A)
>>sh bootstrap.sh
:
:
There was no erros
>>./configure --enable-debug --enable-testcases
--enable-tpmtok --disable-ccatok
:
:
Enabled features:
Debug build: yes
Testcases: yes
Daemon build: yes
Library build: yes
Systemd service: no
Enabled token types:
ICA token: no
CCA token: no
Software token: yes
EP11 token: no
TPM token: yes
ICSF token: no
Token-specific features:
pkcsep11migrate build: no
CFLAGS=-g -O2 -gdwarf-2 -g3 -O0 -DDEBUG -DPKCS64 -D_XOPEN_SOURCE=600
-Wall -Wno-pointer-sign
-DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\"
-DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"
-DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\"
-DOCK_LOGDIR=\"$(logdir)\"
B)
>> make clean
C)
>> make
D)
>> sudo make install
3- I checked the contents of the openCryptoKi configuration file; there
are two locations where I find this file
>> vi /usr/local/etc/opencryptoki/opencryptoki.conf
And
>> vi /etc/opencryptoki/opencryptoki.conf
Both files have the same contents
version opencryptoki-3.1
# The following defaults are defined:
# hwversion = 0.0
# firmwareversion = 0.0
# description = Linux
# manufacturer = IBM
#
# The slot definitions below may be overriden and/or customized.
# For example:
# slot 0
# {
# stdll = libpkcs11_cca.so
# description = "OCK CCA Token"
# manufacturer = "MyCompany Inc."
# hwversion = 2.32
# firmwareversion = 1.0
# }
#
# See man(5) opencryptoki.conf for further information.
#
slot 0
{
stdll = libpkcs11_tpm.so
}
slot 1
{
stdll = libpkcs11_ica.so
}
slot 2
{
stdll = libpkcs11_cca.so
}
slot 3
{
stdll = libpkcs11_sw.so
}
slot 4
{
stdll = libpkcs11_ep11.so
confname = ep11tok.conf
}
The build generated the TPM library, because I am able to see these
/usr/local/lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0
/usr/local/lib/opencryptoki/stdll/libpkcs11_tpm.so.0
/usr/local/lib/opencryptoki/stdll/libpkcs11_tpm.so
4- I started the deamon
>> sudo pkcsslotd start
5- Verified it is running
>> ps -A | grep pkcsslotd
3500 ? 00:00:00 pkcsslotd
6- But when I used pkcsconf -t & pkcsconf -s to verify that TPM token is
present
>> sudo pkcsconf -t
Token #3 Info:
Label: IBM OS PKCS#11
Manufacturer: IBM Corp.
Model: IBM SoftTok
Serial Number: 123
Flags: 0x880045
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHAN
GED)
Sessions: 0/-2
R/W Sessions: -1/-2
PIN Length: 4-8
Public Memory: 0xFFFFFFFF/0xFFFFFFFF
Private Memory: 0xFFFFFFFF/0xFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 23:41:05
>> sudo pkcsconf -s
Slot #3 Info
Description: Linux
Manufacturer: IBM
Flags: 0x1 (TOKEN_PRESENT)
Hardware Version: 0.0
Firmware Version: 0.0
Only libpkcs11_sw token#3 is present? Why TPM is TOKEN is not recognized.
I appreciate any help
O. farrag
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
opencryptoki-users mailing list
opencryptoki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
