-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting up cryptoauthlib as a PKCS11 Provider - module failed to initialize #50
Comments
Rename slot.conf to 0.conf which means the pkcs11 slot 0 (or device0) Pkcs11 defines each installed device as a slot which gets confusing with each memory location in a cryptoauth device being called a slot as well. The bus number is not in the text configuration files yet so to change that you have to change the default in atca_cfgs.c It will be available in the next update for pkcs11 as it has been requested as an addition to the configuration files. |
With adding your proposed changes the issue could be solved. But with further p11tool --export-pubkey testing, I get another issue "Error in pkcs11_export_pubkey:821:" p11tool --export-pubkey "pkcs11:token=0123EE;object=device;type=private" What might be the issue here? |
What happens when you do a list-all or list-tokens? There are some troubleshooting tips on this page: https://github.com/MicrochipTech/cryptoauthlib/wiki/Greengrass-HSI |
For p11tool --list-all I get a long list with 1718 Objects |
If you’re not using p11-kit you have to specify the provider with every command. So list-all and list-tokens with the provider set produces? |
O.K I see. Thank you for your comment. Unfortunately, it seems I cannot connect to the device anymore via p11tool. p11tool --provider=/usr/lib/libcryptoauth.so What I did to get a clean start I was running successfully |
model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust is a software token from p11-kit and does not indicate that p11tool was able to communicate with the cryptoauth device. See https://github.com/MicrochipTech/cryptoauthlib/wiki/PKCS11-Linux-Setup#using-p11-kit-proxy for how to set up p11-kit to see the library and interact with it. Did you change the bus number in atca_cfgs.c for your platform, rebuild, and reinstall the .so? |
Yes I changed the bus number to .atcai2c.bus = 0 and .devtype = ATECC508A, in atca_cfgs.c for my platform, rebuild, and reinstalled the .so p11tool One hint - I see some warnings when compiling [ 75%] Building C object lib/CMakeFiles/cryptoauth.dir/pkcs11/pkcs11_cert.c.o |
Problem solved after reinstallation and modification of atca_cfgs.c |
I was following the manual "Setting up cryptoauthlib as a PKCS11 Provider"
I got stuck with the following error
sudo p11tool --provider=/usr/lib/libcryptoauth.so
p11-kit: (unknown): module failed to initialize: Internal error
pkcs11_add_provider: PKCS #11 error.
One guess was the issue might be caused by a wrong slot config file. I defined
/var/lib/cryptoauthlib/slot.conf as
interface = i2c,0xB0
# freeslots = 1,2,3
# Slot 0 is the primary private key
object = private,device,0
what I was missing in the config file was a bus number for the i2c interface like e.g.
atcai2c.bus = 0
Where can I configure the bus setting?
Any other hint of the error I see?
The text was updated successfully, but these errors were encountered: