[UBUNTU 19.04] opencryptoki 3.11 - usr/lib/ep11_stdll/ep11_specific.c Warning: Adapter has a different API version than the previous CEX6P adapters: 2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Critical
|
Canonical Foundations Team | ||
opencryptoki (Ubuntu) |
Fix Released
|
Undecided
|
Skipper Bug Screeners | ||
Disco |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Skipper Bug Screeners |
Bug Description
Opencryptoki's EP11 token fails to initialize when CEX7P and CEX6P cards are available and thus do not show up with 'pkcsconf -t'. For CEX6P-only or CEX7P-only configurations the EP11 token is displayed as expected with 'pkcsconf'.
Root cause is that CEX7P uses a different API version and firmware version than CEX6P, but with CEX7 toleration support currently available in the distro only, a CEX7P card shows up as CEX6P. The EP11 token does not allow that 2 cards of the same generation use a different API version or firmware version. With CEX7P cards showing up as CEX6P cards this is the case, and opencryptoki rejects to initialize.
Machine Type = IBM Type: 8561 Model: 703 T01
---Steps to Reproduce---
1.) Install openCryptoki version 3.11 as delivered by the distribution
2.) Configure the EP11 token into the /etc/opencrypto
3.) run: systemctl restart pkcsslotd
4.) run: pkcsconf -t -c <N>, where N is the EP11 token number
The EP11 token is unexpectedly not available
Error getting token info: 0xE0 (CKR_TOKEN_
5.) run: journalctl -r and encounter
pkcsconf[73735]: usr/lib/
The EP11 token is not listed by pkcsconf -t.
Userspace tool common name: pkcsconf
Userspace rpm: openCryptoki-3.11
Patch should apply fine on top of Opencryptoki 3.11.
Upstream commit:
https:/
("EP11: Support tolerated new crypto cards")
tags: | added: architecture-s39064 bugnameltc-181793 severity-critical targetmilestone-inin1904 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → opencryptoki (Ubuntu) |
Changed in ubuntu-z-systems: | |
status: | Triaged → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
@IBM I strongly assume that the patch is needed for Eoan too, right? dfsg-0ubuntu2 | disco/universe | s390x dfsg-0ubuntu2 | eoan/universe | s390x
rmadison --arch=s390x opencryptoki | grep 3\.11
opencryptoki | 3.11.0+
opencryptoki | 3.11.1+