Ubuntu
opencryptoki package

Only root can find IBM PKCS#11 TPM token

Bug #1597658 reported by Thomas Richard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
opencryptoki (Ubuntu)
New
Undecided
Unassigned

Bug Description

Only root can find IBM PKCS#11 TPM token with the command "pkcsconf -t"
Consequently only root can create a datastore using tpmtoken_init command (tpm-tool package)
The error comes from owner and permission of the folder /var/lib/opencryptoki/tpm
It is owned by root:root whereas it has to be owned by root:pkcs11

So to have access to IBM PKCS#11 TPM token with other users of pkcs11 group, I have to do these commands manually :
chown root:pkcs11 /var/lib/opencryptoki/tpm
chmod 770 /var/lib/opencryptoki/tpm/

The error probably comes from package creation because I found these commands in a makefile, opencryptoki-3.4.1+dfsg/usr/lib/pkcs11/tpm_stdll/Makefile.am :
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
                ln -sf libpkcs11_tpm.so PKCS11_TPM.so
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
        $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
        $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
        $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
        $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm
        $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.