After a heavy load (full smart card populating) the serial number for the device presented in the USB descriptor is different than the HSM smart card's serial number. E.g. instead of DENK00123123, the returned one is 00001010101.
Possible Cause
This is probably caused by the HSM smart card not replying to Nitrokey HSM's request for the serial number due to internal cleanup operations, similarly to #78.
Workaround
Wait until internal processing is finished and reinsert the device. Subsequent boot should result in the proper serial number.
Possible solution
On timeout / invalid serial number prefix use the previously stored serial number. On success, compare the resulting serial number with the one stored, and update the latter on change (e.g. after HSM smart card firmware update, where the serial number is changed).
Summary
After a heavy load (full smart card populating) the serial number for the device presented in the USB descriptor is different than the HSM smart card's serial number. E.g. instead of
DENK00123123, the returned one is00001010101.Possible Cause
This is probably caused by the HSM smart card not replying to Nitrokey HSM's request for the serial number due to internal cleanup operations, similarly to #78.
Workaround
Wait until internal processing is finished and reinsert the device. Subsequent boot should result in the proper serial number.
Possible solution
On timeout / invalid serial number prefix use the previously stored serial number. On success, compare the resulting serial number with the one stored, and update the latter on change (e.g. after HSM smart card firmware update, where the serial number is changed).
Details
Frequency: 1/5 HSM smart card firmware: v3.4
Scenario
See #78.