Lenovo X201, T410, T410s, W510: After suspend/resume any pkcs11 operation on the TPM token requiring the User PIN fails with CKR_USER_PIN_NOT_INITIALIZED
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Expired
|
Medium
|
Unassigned |
Bug Description
This seems similar to the USB issues after suspend resume (https:/
jeremy@
Linux ubuntu-t410s 2.6.32-
Steps to reproduce:
Cold boot into the BIOS utility, under "security", activate and clear the security chip
install opensc, opencryptoki, tpm-tools
$ sudo tpm_takeownership (enter anything for the owner password, leave the SRK password blank)
$ sudo pkcs11-tool --module /usr/lib/
$ sudo pkcsconf -c 0 -P -S 87654321 -n <choose a new SO PIN>
$ sudo pkcsconf -c 0 -p -U 12345678 -n <choose a new User PIN>
$ sudo pkcs11-tool --module /usr/lib/
(Enter the user PIN you chose above when prompted, which won't produce additional output, but the command will exit 0)
...suspend/resume the laptop...
$ sudo pkcs11-tool --module /usr/lib/
(Enter the user PIN again, this time it will exit 1, showing "CKR_USER_
...hibernate/thaw the laptop...
$ sudo pkcs11-tool --module /usr/lib/
(Enter the user PIN, and it works again, exiting 0)
tags: | added: kernel-suspend |
tags: | added: kj-triage |
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
Another data point:
On the Lenovo T61, which also uses the TPM 1.1, I see the same error directly after resume, but about 45-60 seconds later, logins (with the user PIN) start working again.