Hello,
I've been trying to play with the PKCS#11 interface in TrouSerS but I've
been running into some issues, similar to the one described here:
http://blog.gmane.org/gmane.comp.encryption.trousers.user/month=20100201
My system is an Intel DQ57TM board with an on-board Infineon TPM,
running FC13-i686
The steps I've done are described below:
1. erased the data on the TPM from my BIOS.
2. ran tpm_takeownership -z (and also ran tpm_changeownerauth -s -r just
to make sure SRK is all zeroes), both successfully 3. ran pkcsslotd 4.
ran pkcs11_startup 5. ran tpmtoken_init -l debug, which gave me the
following output:
# tpmtoken_init -l debug
C_GetFunctionList success
C_Initialize success
C_GetSlotList success
Slots present: 2
C_GetSlotList success
Retrieving slot information for SlotID 0 C_GetSlotInfo success Slot
description: Linux 2.6.33.6 Linux (TPM) Slot manufacturer: Linux
2.6.33.6 Token is present Retrieving token information for SlotID 0
C_GetTokenInfo success
Token Label: IBM PKCS#11 TPM Token
Token manufacturer: IBM Corp.
Token model: TPM v1.1 Token
Token is not initialized
C_InitToken success
C_OpenSession success
C_Login success
A new TPM security officer password is needed. The password must be
between 6 and 127 characters in length.
Enter new password:
Confirm password:
C_SetPIN failed: 0x00000006 (6)
C_CloseSession success
C_Finalize success
tpmtoken_init failed
6. ran pkcsconf and got the following output (where both user pin and SO
pin are set to be changed):
# pkcsconf -i -t
PKCS#11 Info
Version 2.11
Manufacturer: IBM
Flags: 0x0
Library Description: Meta PKCS11 LIBRARY
Library Version 2.3
Token #0 Info:
Label: IBM PKCS#11 TPM Token
Manufacturer: IBM Corp.
Model: TPM v1.1 Token
Serial Number: 123
Flags: 0x880445
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHAN
GED|SO_PIN_TO_BE_CHANGED)
Sessions: -1/-1
R/W Sessions: -1/-1
PIN Length: 6-127
Public Memory: 0xFFFFFFFF/0xFFFFFFFF
Private Memory: 0xFFFFFFFF/0xFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 03:36:42 PM
Token #1 Info:
Label: IBM OS PKCS#11
Manufacturer: IBM Corp.
Model: IBM SoftTok
Serial Number: 123
Flags: 0x880045
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_C
HANGED)
Sessions: -1/-1
R/W Sessions: -1/-1
PIN Length: 4-8
Public Memory: 0xFFFFFFFF/0xFFFFFFFF
Private Memory: 0xFFFFFFFF/0xFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 03:36:42 PM
7. When I ran tpmtoken_init -l debug again, I got a different error
code:
# tpmtoken_init -l debug
C_GetFunctionList success
C_Initialize success
C_GetSlotList success
Slots present: 2
C_GetSlotList success
Retrieving slot information for SlotID 0 C_GetSlotInfo success Slot
description: Linux 2.6.33.6 Linux (TPM) Slot manufacturer: Linux
2.6.33.6 Token is present Retrieving token information for SlotID 0
C_GetTokenInfo success
Token Label: IBM PKCS#11 TPM Token
Token manufacturer: IBM Corp.
Token model: TPM v1.1 Token
Token is initialized
Warning: The TPM token has already been initialized. Reinitializing the
TPM token will cause all TPM token data to be lost.
Clear the TPM token data? [y/N]: y
Enter the TPM security officer password:
C_InitToken failed: 0x000000a0 (160)
C_Finalize success
tpmtoken_init failed
Does anyone have any ideas on what I may be doing wrong or what I could
try in order to debug this?
Thanks
Alex
Alexander Loukissas
Software Engineer
Adv Arch & Research
Cisco Systems, Inc.
170 West Tasman Drive
Mail Stop SJC07/3
San Jose, CA 95134
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
