Only root can find IBM PKCS#11 TPM token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opencryptoki (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Only root can find IBM PKCS#11 TPM token with the command "pkcsconf -t"
Consequently only root can create a datastore using tpmtoken_init command (tpm-tool package)
The error comes from owner and permission of the folder /var/lib/
It is owned by root:root whereas it has to be owned by root:pkcs11
So to have access to IBM PKCS#11 TPM token with other users of pkcs11 group, I have to do these commands manually :
chown root:pkcs11 /var/lib/
chmod 770 /var/lib/
The error probably comes from package creation because I found these commands in a makefile, opencryptoki-
$(MKDIR_P) $(DESTDIR)
ln -sf libpkcs11_tpm.so PKCS11_TPM.so
$(MKDIR_P) $(DESTDIR)
$(CHGRP) pkcs11 $(DESTDIR)
$(CHMOD) 0770 $(DESTDIR)
$(MKDIR_P) $(DESTDIR)
$(CHGRP) pkcs11 $(DESTDIR)
$(CHMOD) 0770 $(DESTDIR)