-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raspberry Pi CM4+ATECC608B issue with p11tool #331
Comments
Bus 10 would be: interface = i2c,0xC0,0x0A |
I did what you suggested and it worked. Thank you. pi@raspberrypi:~/cryptoauthlib/test/test_build $ p11tool --initialize "pkcs11:serial=23E4643E44467EEE" --label test --provider /usr/lib/arm-linux-gnueabihf/libcryptoauth.so This is what I get in list-all: pi@raspberrypi:~/cryptoauthlib/test/test_build $ p11tool --list-all --provider=/usr/lib/arm-linux-gnueabihf/libcryptoauth.so Object 1: Object 2: I don't know what trust chip I use, I think is TrustFLEX (TFLXTLS) because it shows: pi@raspberrypi:~/cryptoauthlib/test/test_build $ ./cryptoauth_test lockstat -d ecc608 -i i2c 10 -a 0xC0 Config Zone: unlocked I'am wrong? That's my chip. |
This issue has been marked as stale - please confirm the issue still exists with the latest version of the library and update the issue if it remains |
Hi,
For my project I used RaspberryPi CM4 with ATECC608B chip connected on I2C. I tried the latest cryptoauthlib library (v3.4.1) and I have configured:
After that I have used cmake to create the make file with this flags:
cmake -S cryptoauthlib -B cryptoauthlib/test/test_build -D ATCA_ATECC608A_SUPPORT=ON -D BUILD_TESTS=ON -D ATCA_PRINTF=ON -D ATCA_BUILD_SHARED_LIBS=ON -D ATCA_HAL_I2C=ON -D ATCA_PKCS11=ON -D ATCA_USE_ATCAB_FUNCTIONS=ON -D ATCA_OPENSSL=ON -D ATCA_TNGTLS_SUPPORT=ON -D ATCA_TNGLORA_SUPPORT=ON -D ATCA_TFLEX_SUPPORT=ON -D ATCA_TNG_LEGACY_SUPPORT=ON
Next steps I installed and run it with command: ./cryptoauth_test sernum -d ecc608 -i i2c 10 -a 0xC0 -> it gave good serial number from chip. So far it has worked well.
I am trying now to create a token and certificates with p11tool and for that I was inspired from this tutorial
I understood that 0.conf file must be created in this location /var/lib/cryptoauthlib/ ... so I created it with:
label = MCHP
interface = i2c,0xC0,10
freeslots = 1,2,3
device = ATECC608-TFLXTLS
#object = private,device,0
#object = certificate,device,10
#object = certificate,signer,12
#object = public,root,15
The results of what I tried:
pi@raspberrypi:~/cryptoauthlib/test $ p11tool --provider=/usr/lib/arm-linux-gnueabihf/libcryptoauth.so --list-all -d 999
Setting log level to 999
|<2>| p11: Initializing module: /usr/lib/arm-linux-gnueabihf/libcryptoauth.so
./calib/calib_read.c:98:f0:calib_read_zone - execution failed
./calib/calib_read.c:355:f0:calib_read_zone - falied
|<3>| ASSERT: ../../lib/pkcs11.c[scan_slots]:225
|<3>| ASSERT: ../../lib/pkcs11.c[_pkcs11_traverse_tokens]:1577
|<3>| ASSERT: ../../lib/pkcs11.c[_pkcs11_traverse_tokens]:1654
|<3>| ASSERT: ../../lib/pkcs11.c[_gnutls_pkcs11_token_get_url]:2449
warning: no token URL was provided for this operation; the available tokens are:
|<3>| ASSERT: ../../lib/pkcs11.c[scan_slots]:225
|<3>| ASSERT: ../../lib/pkcs11.c[_pkcs11_traverse_tokens]:1577
|<3>| ASSERT: ../../lib/pkcs11.c[_pkcs11_traverse_tokens]:1654
|<3>| ASSERT: ../../lib/pkcs11.c[_gnutls_pkcs11_token_get_url]:2449
pi@raspberrypi:~/cryptoauthlib/test $ p11tool --list-tokens
Token 0:
URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
Label: System Trust
Type: Trust module
Flags: uPIN uninitialized
Manufacturer: PKCS#11 Kit
Model: p11-kit-trust
Serial: 1
Module: p11-kit-trust.so
Some suggestions?
Thanks
The text was updated successfully, but these errors were encountered: