Public bug reported:
Only root can find IBM PKCS#11 TPM token with the command "pkcsconf -t"
Consequently only root can create a datastore using tpmtoken_init command
(tpm-tool package)
The error comes from owner and permission of the folder
/var/lib/opencryptoki/tpm
It is owned by root:root whereas it has to be owned by root:pkcs11
So to have access to IBM PKCS#11 TPM token with other users of pkcs11 group, I
have to do these commands manually :
chown root:pkcs11 /var/lib/opencryptoki/tpm
chmod 770 /var/lib/opencryptoki/tpm/
The error probably comes from package creation because I found these commands
in a makefile, opencryptoki-3.4.1+dfsg/usr/lib/pkcs11/tpm_stdll/Makefile.am :
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
ln -sf libpkcs11_tpm.so PKCS11_TPM.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
** Affects: opencryptoki (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1597658
Title:
Only root can find IBM PKCS#11 TPM token
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1597658/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
