Public bug reported: Opencryptoki's EP11 token fails to initialize when CEX7P and CEX6P cards are available and thus do not show up with 'pkcsconf -t'. For CEX6P-only or CEX7P-only configurations the EP11 token is displayed as expected with 'pkcsconf'.
Root cause is that CEX7P uses a different API version and firmware version than CEX6P, but with CEX7 toleration support currently available in the distro only, a CEX7P card shows up as CEX6P. The EP11 token does not allow that 2 cards of the same generation use a different API version or firmware version. With CEX7P cards showing up as CEX6P cards this is the case, and opencryptoki rejects to initialize. Machine Type = IBM Type: 8561 Model: 703 T01 ---Steps to Reproduce--- 1.) Install openCryptoki version 3.11 as delivered by the distribution 2.) Configure the EP11 token into the /etc/opencryptoki/opencryptoki.conf file as outlined in the Details section 3.) run: systemctl restart pkcsslotd 4.) run: pkcsconf -t -c <N>, where N is the EP11 token number The EP11 token is unexpectedly not available Error getting token info: 0xE0 (CKR_TOKEN_NOT_PRESENT) 5.) run: journalctl -r and encounter pkcsconf[73735]: usr/lib/ep11_stdll/ep11_specific.c Warning: Adapter 02.0016 has a different API version than the previous CEX6P adapters: 2. The EP11 token is not listed by pkcsconf -t. Userspace tool common name: pkcsconf Userspace rpm: openCryptoki-3.11 Patch should apply fine on top of Opencryptoki 3.11. Upstream commit: https://github.com/opencryptoki/opencryptoki/commit/d6ba9ff61743ce869a5a677f6f77339642efef4b ("EP11: Support tolerated new crypto cards") ** Affects: ubuntu-z-systems Importance: Critical Assignee: Canonical Foundations Team (canonical-foundations) Status: Triaged ** Affects: opencryptoki (Ubuntu) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: New ** Tags: architecture-s39064 bugnameltc-181793 severity-critical targetmilestone-inin1904 ** Tags added: architecture-s39064 bugnameltc-181793 severity-critical targetmilestone-inin1904 ** Changed in: ubuntu Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team) ** Package changed: ubuntu => opencryptoki (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847031 Title: [UBUNTU 19.04] opencryptoki 3.11 - usr/lib/ep11_stdll/ep11_specific.c Warning: Adapter has a different API version than the previous CEX6P adapters: 2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1847031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs